fluent-plugin-ssl-check 1.1.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +5 -6
- data/fluent-plugin-ssl-check.gemspec +1 -1
- data/lib/fluent/plugin/in_ssl_check.rb +32 -26
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b2f7b5486c0f7706d4894b8095fdb61bae4ef4c13f737c50b0bd27c84f38d53d
|
|
4
|
+
data.tar.gz: '0186c6d987c747656417d61517e49d45de4a871e2a58dbb27c39aefedd0f1760'
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6001e67a1e89cfad9cb37cc826e21b7af532c4ec12d2966fe3e0a3c790cec50ec5d028cd103b7bf105f0f38060db2e8de6f1eb285714d597b01dfe2e47f00a4d
|
|
7
|
+
data.tar.gz: c61103f0171fda24ef6f8323a018f7c012795e258993e46132940b69bcb152e1fdba80ec416105eec93debfe542895a8d1211da006cbaab5d0a28eb3bd4ca233
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
|
@@ -15,8 +15,7 @@ Example:
|
|
|
15
15
|
@type ssl_check
|
|
16
16
|
tag ssl_check
|
|
17
17
|
|
|
18
|
-
|
|
19
|
-
port 443
|
|
18
|
+
hosts my-service.com:4443
|
|
20
19
|
|
|
21
20
|
interval 600
|
|
22
21
|
|
|
@@ -27,12 +26,12 @@ Example:
|
|
|
27
26
|
|
|
28
27
|
Options are:
|
|
29
28
|
* tag: Tag to emit events on
|
|
30
|
-
*
|
|
31
|
-
* port: port of the service to check
|
|
29
|
+
* hosts: list of <host>:<port> to check
|
|
32
30
|
* interval: check every X seconds
|
|
33
31
|
* ca_path: directory that contains CA files
|
|
34
32
|
* ca_file: specify a CA file directly
|
|
35
33
|
|
|
34
|
+
If no port is specified with host, default port is 443.
|
|
36
35
|
|
|
37
36
|
## Installation
|
|
38
37
|
|
|
@@ -48,8 +47,8 @@ Add to Gemfile with:
|
|
|
48
47
|
## Compatibility
|
|
49
48
|
|
|
50
49
|
plugin in 1.x.x will work with:
|
|
51
|
-
- ruby >= 2.
|
|
52
|
-
- td-agent >=
|
|
50
|
+
- ruby >= 2.7.7
|
|
51
|
+
- td-agent >= 4.0.0
|
|
53
52
|
|
|
54
53
|
|
|
55
54
|
## Copyright
|
|
@@ -45,9 +45,7 @@ module Fluent
|
|
|
45
45
|
config_param :tag, :string, default: DEFAULT_TAG
|
|
46
46
|
|
|
47
47
|
desc 'Host of the service to check'
|
|
48
|
-
config_param :
|
|
49
|
-
desc 'Port of the service to check'
|
|
50
|
-
config_param :port, :integer, default: DEFAULT_PORT
|
|
48
|
+
config_param :hosts, :array, default: [], value_type: :string
|
|
51
49
|
desc 'Interval for the check execution'
|
|
52
50
|
config_param :interval, :time, default: DEFAULT_TIME
|
|
53
51
|
desc 'CA path to load'
|
|
@@ -74,17 +72,10 @@ module Fluent
|
|
|
74
72
|
super
|
|
75
73
|
|
|
76
74
|
raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
|
|
77
|
-
raise Fluent::ConfigError, '
|
|
78
|
-
raise Fluent::ConfigError, 'port can not be < 1' if !port || port < 1
|
|
75
|
+
raise Fluent::ConfigError, 'hosts can not be empty.' if !hosts || hosts.empty?
|
|
79
76
|
raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
|
|
80
77
|
raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
|
|
81
78
|
raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
|
|
82
|
-
|
|
83
|
-
@ssl_client = SslClient.new(
|
|
84
|
-
host: host, port: port,
|
|
85
|
-
ca_path: ca_path, ca_file: ca_file,
|
|
86
|
-
timeout: timeout
|
|
87
|
-
)
|
|
88
79
|
end
|
|
89
80
|
# rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
90
81
|
|
|
@@ -94,23 +85,34 @@ module Fluent
|
|
|
94
85
|
timer_execute(:ssl_check_timer, interval, repeat: true, &method(:check))
|
|
95
86
|
end
|
|
96
87
|
|
|
88
|
+
# rubocop:disable Lint/SuppressedException
|
|
97
89
|
def check
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
90
|
+
hosts.each do |host_full|
|
|
91
|
+
host, port = host_full.split(':')
|
|
92
|
+
port = (port || DEFAULT_PORT).to_i
|
|
93
|
+
ssl_info = fetch_ssl_info(host, port)
|
|
94
|
+
emit_logs(ssl_info) if log_events
|
|
95
|
+
emit_metrics(ssl_info) if metric_events
|
|
96
|
+
rescue StandardError
|
|
97
|
+
end
|
|
102
98
|
end
|
|
99
|
+
# rubocop:enable Lint/SuppressedException
|
|
103
100
|
|
|
104
|
-
def fetch_ssl_info
|
|
105
|
-
|
|
101
|
+
def fetch_ssl_info(host, port)
|
|
102
|
+
ssl_client = SslClient.new(
|
|
103
|
+
host: host, port: port,
|
|
104
|
+
ca_path: ca_path, ca_file: ca_file,
|
|
105
|
+
timeout: timeout
|
|
106
|
+
)
|
|
107
|
+
ssl_client.ssl_info
|
|
106
108
|
end
|
|
107
109
|
|
|
108
110
|
def emit_logs(ssl_info)
|
|
109
111
|
record = {
|
|
110
112
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
111
113
|
'status' => ssl_info.status,
|
|
112
|
-
'host' => host,
|
|
113
|
-
'port' => port,
|
|
114
|
+
'host' => ssl_info.host,
|
|
115
|
+
'port' => ssl_info.port,
|
|
114
116
|
'ssl_version' => ssl_info.ssl_version,
|
|
115
117
|
'ssl_dn' => ssl_info.subject_s,
|
|
116
118
|
'ssl_not_after' => ssl_info.not_after,
|
|
@@ -130,8 +132,8 @@ module Fluent
|
|
|
130
132
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
131
133
|
'metric_name' => 'ssl_status',
|
|
132
134
|
'metric_value' => ssl_info.status,
|
|
133
|
-
"#{event_prefix}host" => host,
|
|
134
|
-
"#{event_prefix}port" => port,
|
|
135
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
136
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
135
137
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s,
|
|
136
138
|
"#{event_prefix}ssl_version" => ssl_info.ssl_version,
|
|
137
139
|
"#{event_prefix}ssl_not_after" => ssl_info.not_after
|
|
@@ -146,8 +148,8 @@ module Fluent
|
|
|
146
148
|
'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
|
|
147
149
|
'metric_name' => 'ssl_expirency',
|
|
148
150
|
'metric_value' => ssl_info.expire_in_days,
|
|
149
|
-
"#{event_prefix}host" => host,
|
|
150
|
-
"#{event_prefix}port" => port,
|
|
151
|
+
"#{event_prefix}host" => ssl_info.host,
|
|
152
|
+
"#{event_prefix}port" => ssl_info.port,
|
|
151
153
|
"#{event_prefix}ssl_dn" => ssl_info.subject_s
|
|
152
154
|
}
|
|
153
155
|
router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
|
|
@@ -160,15 +162,19 @@ module Fluent
|
|
|
160
162
|
KO = 0
|
|
161
163
|
|
|
162
164
|
attr_reader :time
|
|
163
|
-
attr_accessor :cert, :cert_chain, :ssl_version, :error
|
|
165
|
+
attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
|
|
164
166
|
|
|
165
|
-
|
|
167
|
+
# rubocop:disable Metrics/ParameterLists
|
|
168
|
+
def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
|
|
169
|
+
@host = host
|
|
170
|
+
@port = port
|
|
166
171
|
@cert = cert
|
|
167
172
|
@cert_chain = cert_chain
|
|
168
173
|
@ssl_version = ssl_version
|
|
169
174
|
@error = error
|
|
170
175
|
@time = time
|
|
171
176
|
end
|
|
177
|
+
# rubocop:enable Metrics/ParameterLists
|
|
172
178
|
|
|
173
179
|
def subject_s
|
|
174
180
|
cert.subject.to_s if cert&.subject
|
|
@@ -214,7 +220,7 @@ module Fluent
|
|
|
214
220
|
end
|
|
215
221
|
|
|
216
222
|
def ssl_info
|
|
217
|
-
info = SslInfo.new
|
|
223
|
+
info = SslInfo.new(host: host, port: port)
|
|
218
224
|
begin
|
|
219
225
|
Timeout.timeout(timeout) do
|
|
220
226
|
tcp_socket = TCPSocket.open(host, port)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-ssl-check
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 2.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Thomas Tych
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-08-
|
|
11
|
+
date: 2023-08-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bump
|