fluent-plugin-ssl-check 1.1.0 → 2.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: acb92c3a49bddffabb4e0c3a18903f4d1e4ebabb0a4bde9e4822fd4726c86bc7
-  data.tar.gz: a4490494cc312a493be34012b70ec1f0d584bc3461d969f7b4c22711a1f57727
+  metadata.gz: f02f38e91d229dc73544825292eac6c885e1720ce93cc9a5c121746204437442
+  data.tar.gz: 42f3a3d2369f699db149e92eeb93e0660bc95e4eb925fefdd6f7dc77e84e141b
 SHA512:
-  metadata.gz: 0c7eb0483748e41e824eceb5cdbeae2e6ec911b5ced44f3b3748bec530f095eee01a9ee2028731d6b80d2c7cedd2b57b831b7fc77ac2abc89c761a8bebe41aa8
-  data.tar.gz: 0b50f77e08b75158651b553f18c9acb1497bf4ced4d0b95862fd1f034fb67fa10b4df5cd261b1c2f15bdde2d3d300ff5712182b89115a2b897124910bcebedc1
+  metadata.gz: 786757380f973b13d7f220a0c32759b57f28e2ae449ef55f51f639bf79c8a360b05afadf84521292c006a02ba408e8bb63cc50dd9e4a9a64a3436c95390a95ce
+  data.tar.gz: 027f9042684d4114b3a18a12af0a29b629a7b7954c7f8c8b61726c51ba70c620b13617828c32a0df8120dc0f9e6a99dedc3c186e9b1a324e894f2ee7779ea732

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-ssl-check (1.1.0)
+    fluent-plugin-ssl-check (2.0.1)
       fluentd (>= 0.14.10, < 2)
 
 GEM

data/README.md

@@ -15,8 +15,7 @@ Example:
   @type ssl_check
   tag ssl_check
 
-  host my-service.com
-  port 443
+  hosts my-service.com:4443
 
   interval 600
 
@@ -27,12 +26,17 @@ Example:
 
 Options are:
 * tag: Tag to emit events on
-* host: host of the service to check
-* port: port of the service to check
+* hosts: list of <host>:<port> to check
 * interval: check every X seconds
 * ca_path: directory that contains CA files
 * ca_file: specify a CA file directly
+* timeout: timeout for ssl check execution (5sec)
+* log_events: emit log format (true)
+* metric_events: emit metric format (false)
+* event_prefix: metric event prefix for extra dimension
+* timestamp_format: iso, epochmillis timestamp format (iso)
 
+If no port is specified with host, default port is 443.
 
 ## Installation
 
@@ -48,8 +52,8 @@ Add to Gemfile with:
 ## Compatibility
 
 plugin in 1.x.x will work with:
-- ruby >= 2.4.10
-- td-agent >= 3.8.1-0
+- ruby >= 2.7.7
+- td-agent >= 4.0.0
 
 
 ## Copyright

data/fluent-plugin-ssl-check.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = 'fluent-plugin-ssl-check'
-  spec.version = '1.1.0'
+  spec.version = '2.0.1'
   spec.authors = ['Thomas Tych']
   spec.email   = ['thomas.tych@gmail.com']
 

data/lib/fluent/plugin/in_ssl_check.rb

@@ -45,9 +45,7 @@ module Fluent
       config_param :tag, :string, default: DEFAULT_TAG
 
       desc 'Host of the service to check'
-      config_param :host, :string, default: DEFAULT_HOST
-      desc 'Port of the service to check'
-      config_param :port, :integer, default: DEFAULT_PORT
+      config_param :hosts, :array, default: [], value_type: :string
       desc 'Interval for the check execution'
       config_param :interval, :time, default: DEFAULT_TIME
       desc 'CA path to load'
@@ -74,43 +72,49 @@ module Fluent
         super
 
         raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
-        raise Fluent::ConfigError, 'host can not be empty.' if !host || host.empty?
-        raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
+        raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
         raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
         raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
         raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
-
-        @ssl_client = SslClient.new(
-          host: host, port: port,
-          ca_path: ca_path, ca_file: ca_file,
-          timeout: timeout
-        )
       end
       # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
 
       def start
         super
 
+        timer_execute(:ssl_check_timer, 1, repeat: false, &method(:check)) if interval > 60
+
         timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
       end
 
+      # rubocop:disable Lint/SuppressedException
       def check
-        ssl_info = fetch_ssl_info
-
-        emit_logs(ssl_info) if log_events
-        emit_metrics(ssl_info) if metric_events
+        hosts.each do |host_full|
+          host, port = host_full.split(':')
+          port = (port || DEFAULT_PORT).to_i
+          ssl_info = fetch_ssl_info(host, port)
+          emit_logs(ssl_info) if log_events
+          emit_metrics(ssl_info) if metric_events
+        rescue StandardError
+        end
       end
+      # rubocop:enable Lint/SuppressedException
 
-      def fetch_ssl_info
-        @ssl_client.ssl_info
+      def fetch_ssl_info(host, port)
+        ssl_client = SslClient.new(
+          host: host, port: port,
+          ca_path: ca_path, ca_file: ca_file,
+          timeout: timeout
+        )
+        ssl_client.ssl_info
       end
 
       def emit_logs(ssl_info)
         record = {
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'status' => ssl_info.status,
-          'host' => host,
-          'port' => port,
+          'host' => ssl_info.host,
+          'port' => ssl_info.port,
           'ssl_version' => ssl_info.ssl_version,
           'ssl_dn' => ssl_info.subject_s,
           'ssl_not_after' => ssl_info.not_after,
@@ -130,8 +134,8 @@ module Fluent
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'metric_name' => 'ssl_status',
           'metric_value' => ssl_info.status,
-          "#{event_prefix}host" => host,
-          "#{event_prefix}port" => port,
+          "#{event_prefix}host" => ssl_info.host,
+          "#{event_prefix}port" => ssl_info.port,
           "#{event_prefix}ssl_dn" => ssl_info.subject_s,
           "#{event_prefix}ssl_version" => ssl_info.ssl_version,
           "#{event_prefix}ssl_not_after" => ssl_info.not_after
@@ -146,8 +150,8 @@ module Fluent
           'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
           'metric_name' => 'ssl_expirency',
           'metric_value' => ssl_info.expire_in_days,
-          "#{event_prefix}host" => host,
-          "#{event_prefix}port" => port,
+          "#{event_prefix}host" => ssl_info.host,
+          "#{event_prefix}port" => ssl_info.port,
           "#{event_prefix}ssl_dn" => ssl_info.subject_s
         }
         router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
@@ -160,15 +164,19 @@ module Fluent
         KO = 0
 
         attr_reader :time
-        attr_accessor :cert, :cert_chain, :ssl_version, :error
+        attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
 
-        def initialize(cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
+        # rubocop:disable Metrics/ParameterLists
+        def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
+          @host = host
+          @port = port
           @cert = cert
           @cert_chain = cert_chain
           @ssl_version = ssl_version
           @error = error
           @time = time
         end
+        # rubocop:enable Metrics/ParameterLists
 
         def subject_s
           cert.subject.to_s if cert&.subject
@@ -214,7 +222,7 @@ module Fluent
         end
 
         def ssl_info
-          info = SslInfo.new
+          info = SslInfo.new(host: host, port: port)
           begin
             Timeout.timeout(timeout) do
               tcp_socket = TCPSocket.open(host, port)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-ssl-check
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.1
 platform: ruby
 authors:
 - Thomas Tych
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-08-12 00:00:00.000000000 Z
+date: 2023-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bump