fluent-plugin-ssl-check 1.1.0 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +10 -6
- data/fluent-plugin-ssl-check.gemspec +1 -1
- data/lib/fluent/plugin/in_ssl_check.rb +34 -26
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f02f38e91d229dc73544825292eac6c885e1720ce93cc9a5c121746204437442
|
4
|
+
data.tar.gz: 42f3a3d2369f699db149e92eeb93e0660bc95e4eb925fefdd6f7dc77e84e141b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 786757380f973b13d7f220a0c32759b57f28e2ae449ef55f51f639bf79c8a360b05afadf84521292c006a02ba408e8bb63cc50dd9e4a9a64a3436c95390a95ce
|
7
|
+
data.tar.gz: 027f9042684d4114b3a18a12af0a29b629a7b7954c7f8c8b61726c51ba70c620b13617828c32a0df8120dc0f9e6a99dedc3c186e9b1a324e894f2ee7779ea732
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -15,8 +15,7 @@ Example:
|
|
15
15
|
@type ssl_check
|
16
16
|
tag ssl_check
|
17
17
|
|
18
|
-
|
19
|
-
port 443
|
18
|
+
hosts my-service.com:4443
|
20
19
|
|
21
20
|
interval 600
|
22
21
|
|
@@ -27,12 +26,17 @@ Example:
|
|
27
26
|
|
28
27
|
Options are:
|
29
28
|
* tag: Tag to emit events on
|
30
|
-
*
|
31
|
-
* port: port of the service to check
|
29
|
+
* hosts: list of <host>:<port> to check
|
32
30
|
* interval: check every X seconds
|
33
31
|
* ca_path: directory that contains CA files
|
34
32
|
* ca_file: specify a CA file directly
|
33
|
+
* timeout: timeout for ssl check execution (5sec)
|
34
|
+
* log_events: emit log format (true)
|
35
|
+
* metric_events: emit metric format (false)
|
36
|
+
* event_prefix: metric event prefix for extra dimension
|
37
|
+
* timestamp_format: iso, epochmillis timestamp format (iso)
|
35
38
|
|
39
|
+
If no port is specified with host, default port is 443.
|
36
40
|
|
37
41
|
## Installation
|
38
42
|
|
@@ -48,8 +52,8 @@ Add to Gemfile with:
|
|
48
52
|
## Compatibility
|
49
53
|
|
50
54
|
plugin in 1.x.x will work with:
|
51
|
-
- ruby >= 2.
|
52
|
-
- td-agent >=
|
55
|
+
- ruby >= 2.7.7
|
56
|
+
- td-agent >= 4.0.0
|
53
57
|
|
54
58
|
|
55
59
|
## Copyright
|
@@ -45,9 +45,7 @@ module Fluent
|
|
45
45
|
config_param :tag, :string, default: DEFAULT_TAG
|
46
46
|
|
47
47
|
desc 'Host of the service to check'
|
48
|
-
config_param :
|
49
|
-
desc 'Port of the service to check'
|
50
|
-
config_param :port, :integer, default: DEFAULT_PORT
|
48
|
+
config_param :hosts, :array, default: [], value_type: :string
|
51
49
|
desc 'Interval for the check execution'
|
52
50
|
config_param :interval, :time, default: DEFAULT_TIME
|
53
51
|
desc 'CA path to load'
|
@@ -74,43 +72,49 @@ module Fluent
|
|
74
72
|
super
|
75
73
|
|
76
74
|
raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
|
77
|
-
raise Fluent::ConfigError, '
|
78
|
-
raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
|
75
|
+
raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
|
79
76
|
raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
|
80
77
|
raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
|
81
78
|
raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
|
82
|
-
|
83
|
-
@ssl_client = SslClient.new(
|
84
|
-
host: host, port: port,
|
85
|
-
ca_path: ca_path, ca_file: ca_file,
|
86
|
-
timeout: timeout
|
87
|
-
)
|
88
79
|
end
|
89
80
|
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
90
81
|
|
91
82
|
def start
|
92
83
|
super
|
93
84
|
|
85
|
+
timer_execute(:ssl_check_timer, 1, repeat: false, &method(:check)) if interval > 60
|
86
|
+
|
94
87
|
timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
|
95
88
|
end
|
96
89
|
|
90
|
+
# rubocop:disable Lint/SuppressedException
|
97
91
|
def check
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
92
|
+
hosts.each do |host_full|
|
93
|
+
host, port = host_full.split(':')
|
94
|
+
port = (port || DEFAULT_PORT).to_i
|
95
|
+
ssl_info = fetch_ssl_info(host, port)
|
96
|
+
emit_logs(ssl_info) if log_events
|
97
|
+
emit_metrics(ssl_info) if metric_events
|
98
|
+
rescue StandardError
|
99
|
+
end
|
102
100
|
end
|
101
|
+
# rubocop:enable Lint/SuppressedException
|
103
102
|
|
104
|
-
def fetch_ssl_info
|
105
|
-
|
103
|
+
def fetch_ssl_info(host, port)
|
104
|
+
ssl_client = SslClient.new(
|
105
|
+
host: host, port: port,
|
106
|
+
ca_path: ca_path, ca_file: ca_file,
|
107
|
+
timeout: timeout
|
108
|
+
)
|
109
|
+
ssl_client.ssl_info
|
106
110
|
end
|
107
111
|
|
108
112
|
def emit_logs(ssl_info)
|
109
113
|
record = {
|
110
114
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
111
115
|
'status' => ssl_info.status,
|
112
|
-
'host' => host,
|
113
|
-
'port' => port,
|
116
|
+
'host' => ssl_info.host,
|
117
|
+
'port' => ssl_info.port,
|
114
118
|
'ssl_version' => ssl_info.ssl_version,
|
115
119
|
'ssl_dn' => ssl_info.subject_s,
|
116
120
|
'ssl_not_after' => ssl_info.not_after,
|
@@ -130,8 +134,8 @@ module Fluent
|
|
130
134
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
131
135
|
'metric_name' => 'ssl_status',
|
132
136
|
'metric_value' => ssl_info.status,
|
133
|
-
"#{event_prefix}host" => host,
|
134
|
-
"#{event_prefix}port" => port,
|
137
|
+
"#{event_prefix}host" => ssl_info.host,
|
138
|
+
"#{event_prefix}port" => ssl_info.port,
|
135
139
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s,
|
136
140
|
"#{event_prefix}ssl_version" => ssl_info.ssl_version,
|
137
141
|
"#{event_prefix}ssl_not_after" => ssl_info.not_after
|
@@ -146,8 +150,8 @@ module Fluent
|
|
146
150
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
147
151
|
'metric_name' => 'ssl_expirency',
|
148
152
|
'metric_value' => ssl_info.expire_in_days,
|
149
|
-
"#{event_prefix}host" => host,
|
150
|
-
"#{event_prefix}port" => port,
|
153
|
+
"#{event_prefix}host" => ssl_info.host,
|
154
|
+
"#{event_prefix}port" => ssl_info.port,
|
151
155
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s
|
152
156
|
}
|
153
157
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
@@ -160,15 +164,19 @@ module Fluent
|
|
160
164
|
KO = 0
|
161
165
|
|
162
166
|
attr_reader :time
|
163
|
-
attr_accessor :cert, :cert_chain, :ssl_version, :error
|
167
|
+
attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
|
164
168
|
|
165
|
-
|
169
|
+
# rubocop:disable Metrics/ParameterLists
|
170
|
+
def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
|
171
|
+
@host = host
|
172
|
+
@port = port
|
166
173
|
@cert = cert
|
167
174
|
@cert_chain = cert_chain
|
168
175
|
@ssl_version = ssl_version
|
169
176
|
@error = error
|
170
177
|
@time = time
|
171
178
|
end
|
179
|
+
# rubocop:enable Metrics/ParameterLists
|
172
180
|
|
173
181
|
def subject_s
|
174
182
|
cert.subject.to_s if cert&.subject
|
@@ -214,7 +222,7 @@ module Fluent
|
|
214
222
|
end
|
215
223
|
|
216
224
|
def ssl_info
|
217
|
-
info = SslInfo.new
|
225
|
+
info = SslInfo.new(host: host, port: port)
|
218
226
|
begin
|
219
227
|
Timeout.timeout(timeout) do
|
220
228
|
tcp_socket = TCPSocket.open(host, port)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-ssl-check
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Thomas Tych
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-08-
|
11
|
+
date: 2023-08-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bump
|