fluent-plugin-ssl-check 1.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +5 -6
- data/fluent-plugin-ssl-check.gemspec +1 -1
- data/lib/fluent/plugin/in_ssl_check.rb +32 -26
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b2f7b5486c0f7706d4894b8095fdb61bae4ef4c13f737c50b0bd27c84f38d53d
|
|
4
|
+
data.tar.gz: '0186c6d987c747656417d61517e49d45de4a871e2a58dbb27c39aefedd0f1760'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6001e67a1e89cfad9cb37cc826e21b7af532c4ec12d2966fe3e0a3c790cec50ec5d028cd103b7bf105f0f38060db2e8de6f1eb285714d597b01dfe2e47f00a4d
|
|
7
|
+
data.tar.gz: c61103f0171fda24ef6f8323a018f7c012795e258993e46132940b69bcb152e1fdba80ec416105eec93debfe542895a8d1211da006cbaab5d0a28eb3bd4ca233
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -15,8 +15,7 @@ Example:
|
|
|
15
15
|
@type ssl_check
|
|
16
16
|
tag ssl_check
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
port 443
|
|
18
|
+
hosts my-service.com:4443
|
|
20
19
|
|
|
21
20
|
interval 600
|
|
22
21
|
|
|
@@ -27,12 +26,12 @@ Example:
|
|
|
27
26
|
|
|
28
27
|
Options are:
|
|
29
28
|
* tag: Tag to emit events on
|
|
30
|
-
*
|
|
31
|
-
* port: port of the service to check
|
|
29
|
+
* hosts: list of <host>:<port> to check
|
|
32
30
|
* interval: check every X seconds
|
|
33
31
|
* ca_path: directory that contains CA files
|
|
34
32
|
* ca_file: specify a CA file directly
|
|
35
33
|
|
|
34
|
+
If no port is specified with host, default port is 443.
|
|
36
35
|
|
|
37
36
|
## Installation
|
|
38
37
|
|
|
@@ -48,8 +47,8 @@ Add to Gemfile with:
|
|
|
48
47
|
## Compatibility
|
|
49
48
|
|
|
50
49
|
plugin in 1.x.x will work with:
|
|
51
|
-
- ruby >= 2.
|
|
52
|
-
- td-agent >=
|
|
50
|
+
- ruby >= 2.7.7
|
|
51
|
+
- td-agent >= 4.0.0
|
|
53
52
|
|
|
54
53
|
|
|
55
54
|
## Copyright
|
|
@@ -45,9 +45,7 @@ module Fluent
|
|
|
45
45
|
config_param :tag, :string, default: DEFAULT_TAG
|
|
46
46
|
|
|
47
47
|
desc 'Host of the service to check'
|
|
48
|
-
config_param :
|
|
49
|
-
desc 'Port of the service to check'
|
|
50
|
-
config_param :port, :integer, default: DEFAULT_PORT
|
|
48
|
+
config_param :hosts, :array, default: [], value_type: :string
|
|
51
49
|
desc 'Interval for the check execution'
|
|
52
50
|
config_param :interval, :time, default: DEFAULT_TIME
|
|
53
51
|
desc 'CA path to load'
|
|
@@ -74,17 +72,10 @@ module Fluent
|
|
|
74
72
|
super
|
|
75
73
|
|
|
76
74
|
raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
|
|
77
|
-
raise Fluent::ConfigError, '
|
|
78
|
-
raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
|
|
75
|
+
raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
|
|
79
76
|
raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
|
|
80
77
|
raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
|
|
81
78
|
raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
|
|
82
|
-
|
|
83
|
-
@ssl_client = SslClient.new(
|
|
84
|
-
host: host, port: port,
|
|
85
|
-
ca_path: ca_path, ca_file: ca_file,
|
|
86
|
-
timeout: timeout
|
|
87
|
-
)
|
|
88
79
|
end
|
|
89
80
|
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
90
81
|
|
|
@@ -94,23 +85,34 @@ module Fluent
|
|
|
94
85
|
timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
|
|
95
86
|
end
|
|
96
87
|
|
|
88
|
+
# rubocop:disable Lint/SuppressedException
|
|
97
89
|
def check
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
90
|
+
hosts.each do |host_full|
|
|
91
|
+
host, port = host_full.split(':')
|
|
92
|
+
port = (port || DEFAULT_PORT).to_i
|
|
93
|
+
ssl_info = fetch_ssl_info(host, port)
|
|
94
|
+
emit_logs(ssl_info) if log_events
|
|
95
|
+
emit_metrics(ssl_info) if metric_events
|
|
96
|
+
rescue StandardError
|
|
97
|
+
end
|
|
102
98
|
end
|
|
99
|
+
# rubocop:enable Lint/SuppressedException
|
|
103
100
|
|
|
104
|
-
def fetch_ssl_info
|
|
105
|
-
|
|
101
|
+
def fetch_ssl_info(host, port)
|
|
102
|
+
ssl_client = SslClient.new(
|
|
103
|
+
host: host, port: port,
|
|
104
|
+
ca_path: ca_path, ca_file: ca_file,
|
|
105
|
+
timeout: timeout
|
|
106
|
+
)
|
|
107
|
+
ssl_client.ssl_info
|
|
106
108
|
end
|
|
107
109
|
|
|
108
110
|
def emit_logs(ssl_info)
|
|
109
111
|
record = {
|
|
110
112
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
111
113
|
'status' => ssl_info.status,
|
|
112
|
-
'host' => host,
|
|
113
|
-
'port' => port,
|
|
114
|
+
'host' => ssl_info.host,
|
|
115
|
+
'port' => ssl_info.port,
|
|
114
116
|
'ssl_version' => ssl_info.ssl_version,
|
|
115
117
|
'ssl_dn' => ssl_info.subject_s,
|
|
116
118
|
'ssl_not_after' => ssl_info.not_after,
|
|
@@ -130,8 +132,8 @@ module Fluent
|
|
|
130
132
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
131
133
|
'metric_name' => 'ssl_status',
|
|
132
134
|
'metric_value' => ssl_info.status,
|
|
133
|
-
"#{event_prefix}host" => host,
|
|
134
|
-
"#{event_prefix}port" => port,
|
|
135
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
136
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
135
137
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s,
|
|
136
138
|
"#{event_prefix}ssl_version" => ssl_info.ssl_version,
|
|
137
139
|
"#{event_prefix}ssl_not_after" => ssl_info.not_after
|
|
@@ -146,8 +148,8 @@ module Fluent
|
|
|
146
148
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
147
149
|
'metric_name' => 'ssl_expirency',
|
|
148
150
|
'metric_value' => ssl_info.expire_in_days,
|
|
149
|
-
"#{event_prefix}host" => host,
|
|
150
|
-
"#{event_prefix}port" => port,
|
|
151
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
152
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
151
153
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s
|
|
152
154
|
}
|
|
153
155
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
|
@@ -160,15 +162,19 @@ module Fluent
|
|
|
160
162
|
KO = 0
|
|
161
163
|
|
|
162
164
|
attr_reader :time
|
|
163
|
-
attr_accessor :cert, :cert_chain, :ssl_version, :error
|
|
165
|
+
attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
|
|
164
166
|
|
|
165
|
-
|
|
167
|
+
# rubocop:disable Metrics/ParameterLists
|
|
168
|
+
def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
|
|
169
|
+
@host = host
|
|
170
|
+
@port = port
|
|
166
171
|
@cert = cert
|
|
167
172
|
@cert_chain = cert_chain
|
|
168
173
|
@ssl_version = ssl_version
|
|
169
174
|
@error = error
|
|
170
175
|
@time = time
|
|
171
176
|
end
|
|
177
|
+
# rubocop:enable Metrics/ParameterLists
|
|
172
178
|
|
|
173
179
|
def subject_s
|
|
174
180
|
cert.subject.to_s if cert&.subject
|
|
@@ -214,7 +220,7 @@ module Fluent
|
|
|
214
220
|
end
|
|
215
221
|
|
|
216
222
|
def ssl_info
|
|
217
|
-
info = SslInfo.new
|
|
223
|
+
info = SslInfo.new(host: host, port: port)
|
|
218
224
|
begin
|
|
219
225
|
Timeout.timeout(timeout) do
|
|
220
226
|
tcp_socket = TCPSocket.open(host, port)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-ssl-check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Tych
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-08-
|
|
11
|
+
date: 2023-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bump
|