portertech-sensu 1.10.0

data/lib/sensu/api/http_handler.rb

@@ -0,0 +1,434 @@
+require "sensu/utilities"
+require "sensu/api/routes"
+require "sensu/api/utilities/filter_response_content"
+
+gem "em-http-server", "0.1.8"
+
+require "em-http-server"
+require "base64"
+
+module Sensu
+  module API
+    class HTTPHandler < EM::HttpServer::Server
+      include Routes
+      include Utilities::FilterResponseContent
+
+      attr_accessor :logger, :settings, :redis, :transport
+
+      # Create a hash containing the HTTP request details. This method
+      # determines the remote address for the HTTP client (using
+      # EventMachine Connection `get_peername()`).
+      #
+      # @result [Hash]
+      def request_details
+        return @request_details if @request_details
+        @request_id = @http.fetch(:x_request_id, random_uuid)
+        @request_start_time = Time.now.to_f
+        _, remote_address = Socket.unpack_sockaddr_in(get_peername)
+        @request_details = {
+          :request_id => @request_id,
+          :remote_address => remote_address,
+          :user_agent => @http[:user_agent],
+          :method => @http_request_method,
+          :uri => @http_request_uri,
+          :query_string => @http_query_string,
+          :body => @http_content
+        }
+        if @http[:x_forwarded_for]
+          @request_details[:x_forwarded_for] = @http[:x_forwarded_for]
+        end
+        @request_details
+      end
+
+      # Log the HTTP request. The debug log level is used for requests
+      # as response logging includes the same information.
+      def log_request
+        @logger.debug("api request", request_details)
+      end
+
+      # Log the HTTP response. This method calculates the
+      # request/response time. The debug log level is used for the
+      # response body log event, as it is generally very verbose and
+      # unnecessary in most cases.
+      def log_response
+        @logger.info("api response", {
+          :request => request_details,
+          :status => @response.status,
+          :content_length => @response.content.to_s.bytesize,
+          :time => (Time.now.to_f - @request_start_time).round(3)
+        })
+      end
+
+      # Parse the HTTP request URI using a regular expression,
+      # returning the URI unescaped match data values.
+      #
+      # @param regex [Regexp]
+      # @return [Array] URI unescaped match data values.
+      def parse_uri(regex)
+        uri_match = regex.match(@http_request_uri)[1..-1]
+        uri_match.map { |s| URI.decode_www_form_component(s) }
+      end
+
+      # Parse the HTTP request query string for parameters. This
+      # method creates `@params`, a hash of parsed query parameters,
+      # used by the API routes. This method also creates
+      # `@filter_params`, a hash of parsed response content filter
+      # parameters.
+      def parse_parameters
+        @params = {}
+        if @http_query_string
+          @http_query_string.split("&").each do |pair|
+            key, value = pair.split("=")
+            @params[key.to_sym] = value
+            if key.start_with?("filter.")
+              filter_param = key.sub(/^filter\./, "")
+              @filter_params ||= {}
+              @filter_params[filter_param] = value
+            end
+          end
+        end
+      end
+
+      # Determine if a parameter has an integer value and if so return
+      # it as one. This method will return `nil` if the parameter
+      # value is not an integer.
+      #
+      # @param value [String]
+      # @return [Integer, nil]
+      def integer_parameter(value)
+        value =~ /\A[0-9]+\z/ ? value.to_i : nil
+      end
+
+      # Read JSON data from the HTTP request content and validate it
+      # with the provided rules. If the HTTP request content does not
+      # contain valid JSON or it does not pass validation, this method
+      # returns a `400` (Bad Request) HTTP response.
+      #
+      # @param rules [Hash] containing the validation rules.
+      # @yield [Object] the callback/block called with the data after successfully
+      #   parsing and validating the the HTTP request content.
+      def read_data(rules={})
+        begin
+          data = Sensu::JSON.load(@http_content)
+          valid = data.is_a?(Hash) && rules.all? do |key, rule|
+            value = data[key]
+            (Array(rule[:type]).any? {|type| value.is_a?(type)} ||
+              (rule[:nil_ok] && value.nil?)) && (value.nil? || rule[:regex].nil?) ||
+              (rule[:regex] && value.is_a?(String) && (value =~ rule[:regex]) == 0)
+          end
+          if valid
+            yield(data)
+          else
+            bad_request!
+          end
+        rescue Sensu::JSON::ParseError
+          bad_request!
+        end
+      end
+
+      # Create an EM HTTP Server HTTP response object, `@response`.
+      # The response object is use to build up the response status,
+      # status string, content type, and content. The response object
+      # is responsible for sending the HTTP response to the HTTP
+      # client and closing the connection afterwards.
+      #
+      # @return [Object]
+      def create_response
+        @response = EM::DelegatedHttpResponse.new(self)
+      end
+
+      # Set the cors (Cross-origin resource sharing) HTTP headers.
+      def set_cors_headers
+        api = @settings[:api] || {}
+        api[:cors] ||= {
+          "Origin" => "*",
+          "Methods" => "GET, POST, PUT, DELETE, OPTIONS",
+          "Credentials" => "true",
+          "Headers" => "Origin, X-Requested-With, Content-Type, Accept, Authorization"
+        }
+        if api[:cors].is_a?(Hash)
+          api[:cors].each do |header, value|
+            @response.headers["Access-Control-Allow-#{header}"] = value
+          end
+        end
+      end
+
+      # Set the HTTP response headers, including the request ID and
+      # cors headers (via `set_cores_headers()`).
+      def set_headers
+        @response.headers["X-Request-ID"] = @request_id
+        set_cors_headers
+      end
+
+      # Paginate the provided items. This method uses two HTTP query
+      # parameters to determine how to paginate the items, `limit` and
+      # `offset`. The parameter `limit` specifies how many items are
+      # to be returned in the response. The parameter `offset`
+      # specifies the items array index, skipping a number of items.
+      # This method sets the "X-Pagination" HTTP response header to a
+      # JSON object containing the `limit`, `offset` and `total`
+      # number of items that are being paginated.
+      #
+      # @param items [Array]
+      # @return [Array] paginated items.
+      def pagination(items)
+        limit = integer_parameter(@params[:limit])
+        offset = integer_parameter(@params[:offset]) || 0
+        unless limit.nil?
+          @response.headers["X-Pagination"] = Sensu::JSON.dump(
+            :limit => limit,
+            :offset => offset,
+            :total => items.length
+          )
+          paginated = items.slice(offset, limit)
+          Array(paginated)
+        else
+          items
+        end
+      end
+
+      # Respond to an HTTP request. The routes set `@response_status`,
+      # `@response_status_string`, and `@response_content`
+      # appropriately. The HTTP response status defaults to `200` with
+      # the status string `OK`. If filter params were provided,
+      # `@response_content` is filtered (mutated). The Sensu API only
+      # returns JSON response content, `@response_content` is assumed
+      # to be a Ruby object that can be serialized as JSON.
+      def respond
+        @response.status = @response_status || 200
+        @response.status_string = @response_status_string || "OK"
+        if @response_content && @http_request_method != HEAD_METHOD
+          if @http_request_method == GET_METHOD && @filter_params
+            filter_response_content!
+          end
+          @response.content_type "application/json"
+          @response.content = Sensu::JSON.dump(@response_content)
+        end
+        @response.headers["Connection"] = "close"
+        log_response
+        @response.send_response
+      end
+
+      # Determine if an HTTP request is authorized. This method
+      # compares the configured API user and password (if any) with
+      # the HTTP request basic authentication credentials. No
+      # authentication is done if the API user and password are not
+      # configured. OPTIONS HTTP requests bypass authentication.
+      #
+      # @return [TrueClass, FalseClass]
+      def authorized?
+        api = @settings[:api]
+        if api && api[:user] && api[:password]
+          if @http_request_method == OPTIONS_METHOD
+            true
+          elsif @http[:authorization]
+            scheme, base64 = @http[:authorization].split("\s")
+            if scheme == "Basic"
+              user, password = Base64.decode64(base64).split(":")
+              user == api[:user] && password == api[:password]
+            else
+              false
+            end
+          else
+            false
+          end
+        else
+          true
+        end
+      end
+
+      # Determine if the API is connected to Redis and the Transport.
+      # This method sets the `@response_content` if the API is not
+      # connected or it has not yet initialized the connection
+      # objects. The `/info` and `/health` routes are excluded from
+      # the connectivity checks.
+      def connected?
+        connected = true
+        if @redis && @transport
+          unless @http_request_uri =~ INFO_URI || @http_request_uri =~ HEALTH_URI
+            unless @redis.connected?
+              @response_content = {:error => "not connected to redis"}
+              connected = false
+            end
+            unless @transport.connected?
+              @response_content = {:error => "not connected to transport"}
+              connected = false
+            end
+          end
+        else
+          @response_content = {:error => "redis and transport connections not initialized"}
+          connected = false
+        end
+        connected
+      end
+
+      # Respond to the HTTP request with a `201` (Created) response.
+      def created!
+        @response_status = 201
+        @response_status_string = "Created"
+        respond
+      end
+
+      # Respond to the HTTP request with a `202` (Accepted) response.
+      def accepted!
+        @response_status = 202
+        @response_status_string = "Accepted"
+        respond
+      end
+
+      # Respond to the HTTP request with a `204` (No Content)
+      # response.
+      def no_content!
+        @response_status = 204
+        @response_status_string = "No Content"
+        @response_content = nil
+        respond
+      end
+
+      # Respond to the HTTP request with a `400` (Bad Request)
+      # response.
+      def bad_request!
+        @response_status = 400
+        @response_status_string = "Bad Request"
+        respond
+      end
+
+      # Respond to the HTTP request with a `401` (Unauthroized)
+      # response. This method sets the "WWW-Autenticate" HTTP response
+      # header.
+      def unauthorized!
+        @response.headers["WWW-Authenticate"] = 'Basic realm="Restricted Area"'
+        @response_status = 401
+        @response_status_string = "Unauthorized"
+        respond
+      end
+
+      # Respond to the HTTP request with a `404` (Not Found) response.
+      def not_found!
+        @response_status = 404
+        @response_status_string = "Not Found"
+        respond
+      end
+
+      # Respond to the HTTP request with a `405` (Method Not Allowed) response.
+      def method_not_allowed!(allowed_http_methods=[])
+        @response.headers["Allow"] = allowed_http_methods.join(", ")
+        @response_status = 405
+        @response_status_string = "Method Not Allowed"
+        respond
+      end
+
+      # Respond to the HTTP request with a `412` (Precondition Failed)
+      # response.
+      def precondition_failed!
+        @response_status = 412
+        @response_status_string = "Precondition Failed"
+        respond
+      end
+
+      # Respond to the HTTP request with a `500` (Internal Server
+      # Error) response.
+      def error!
+        @response_status = 500
+        @response_status_string = "Internal Server Error"
+        respond
+      end
+
+      # Determine the allowed HTTP methods for a route. The route
+      # regular expressions and associated route method calls are
+      # provided by `ROUTES`. This method returns an array of HTTP
+      # methods that have a route that matches the HTTP request URI.
+      #
+      # @return [Array]
+      def allowed_http_methods?
+        ROUTES.map { |http_method, routes|
+          match = routes.detect do |route|
+            @http_request_uri =~ route[0]
+          end
+          match ? http_method : nil
+        }.flatten.compact
+      end
+
+      # Determine the route method for the HTTP request method and
+      # URI. The route regular expressions and associated route method
+      # calls are provided by `ROUTES`. This method will return the
+      # first route method name (Ruby symbol) that has matching URI
+      # regular expression. If an HTTP method is not supported, or
+      # there is not a matching regular expression, `nil` will be
+      # returned.
+      #
+      # @return [Symbol]
+      def determine_route_method
+        if ROUTES.has_key?(@http_request_method)
+          route = ROUTES[@http_request_method].detect do |route|
+            @http_request_uri =~ route[0]
+          end
+          route ? route[1] : nil
+        else
+          nil
+        end
+      end
+
+      # Route the HTTP request. OPTIONS HTTP requests will always
+      # return a `200` with no response content. This method uses
+      # `determine_route_method()` to determine the symbolized route
+      # method to send/call. If a route method does not exist for the
+      # HTTP request method and URI, this method uses
+      # `allowed_http_methods?()` to determine if a 404 (Not Found) or
+      # 405 (Method Not Allowed) HTTP response should be used.
+      def route_request
+        if @http_request_method == OPTIONS_METHOD
+          respond
+        else
+          route_method = determine_route_method
+          if route_method
+            send(route_method)
+          else
+            allowed_http_methods = allowed_http_methods?
+            if allowed_http_methods.empty?
+              not_found!
+            else
+              method_not_allowed!(allowed_http_methods)
+            end
+          end
+        end
+      end
+
+      # Process a HTTP request. Log the request, parse the HTTP query
+      # parameters, create the HTTP response object, set the cors HTTP
+      # response headers, determine if the request is authorized,
+      # determine if the API is connected to Redis and the Transport,
+      # and then route the HTTP request (responding to the request).
+      # This method is called by EM HTTP Server when handling a new
+      # connection.
+      def process_http_request
+        log_request
+        parse_parameters
+        create_response
+        set_headers
+        if authorized?
+          if connected?
+            route_request
+          else
+            error!
+          end
+        else
+          unauthorized!
+        end
+      end
+
+      # Catch uncaught/unexpected errors, log them, and attempt to
+      # respond with a `500` (Internal Server Error) HTTP response.
+      # This method is called by EM HTTP Server.
+      #
+      # @param error [Object]
+      def http_request_errback(error)
+        @logger.error("unexpected api error", {
+          :error => error.to_s,
+          :backtrace => error.backtrace.join("\n")
+        })
+        error! rescue nil
+      end
+    end
+  end
+end

data/lib/sensu/api/process.rb

@@ -0,0 +1,79 @@
+require "sensu/daemon"
+require "sensu/api/http_handler"
+
+module Sensu
+  module API
+    class Process
+      include Daemon
+
+      # Create an instance of the Sensu API process, setup the Redis
+      # and Transport connections, start the API HTTP server, set up
+      # API process signal traps (for stopping), within the
+      # EventMachine event loop.
+      #
+      # @param options [Hash]
+      def self.run(options={})
+        api = self.new(options)
+        EM::run do
+          api.setup_redis
+          api.setup_transport
+          api.start
+          api.setup_signal_traps
+        end
+      end
+
+      # Start the API HTTP server. This method sets `@http_server`.
+      #
+      # @param bind [String] address to listen on.
+      # @param port [Integer] to listen on.
+      def start_http_server(bind, port)
+        @logger.info("api listening", {
+          :protocol => "http",
+          :bind => bind,
+          :port => port
+        })
+        @http_server = EM::start_server(bind, port, HTTPHandler) do |handler|
+          handler.logger = @logger
+          handler.settings = @settings
+          handler.redis = @redis
+          handler.transport = @transport
+        end
+      end
+
+      # Start the Sensu API HTTP server. This method sets the service
+      # state to `:running`.
+      def start
+        api = @settings[:api] || {}
+        bind = api[:bind] || "0.0.0.0"
+        port = api[:port] || 4567
+        start_http_server(bind, port)
+        super
+      end
+
+      # Stop the Sensu API process. This method stops the HTTP server,
+      # closes the Redis and transport connections, sets the service
+      # state to `:stopped`, and stops the EventMachine event loop.
+      def stop
+        @logger.warn("stopping")
+        EM::stop_server(@http_server)
+        @redis.close if @redis
+        @transport.close if @transport
+        super
+      end
+
+      # Create an instance of the Sensu API with initialized
+      # connections for running test specs.
+      #
+      # @param options [Hash]
+      def self.test(options={})
+        api = self.new(options)
+        api.setup_redis do
+          api.setup_transport do
+            api.start
+            yield
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sensu/api/routes/aggregates.rb

@@ -0,0 +1,196 @@
+module Sensu
+  module API
+    module Routes
+      module Aggregates
+        AGGREGATES_URI = /^\/aggregates$/
+        AGGREGATE_URI = /^\/aggregates\/([\w\.-]+)$/
+        AGGREGATE_CLIENTS_URI = /^\/aggregates\/([\w\.-]+)\/clients$/
+        AGGREGATE_CHECKS_URI = /^\/aggregates\/([\w\.-]+)\/checks$/
+        AGGREGATE_RESULTS_SEVERITY_URI = /^\/aggregates\/([\w\.-]+)\/results\/([\w\.-]+)$/
+
+        # GET /aggregates
+        def get_aggregates
+          @redis.smembers("aggregates") do |aggregates|
+            aggregates = pagination(aggregates)
+            aggregates.map! do |aggregate|
+              {:name => aggregate}
+            end
+            @response_content = aggregates
+            respond
+          end
+        end
+
+        # GET /aggregates/:aggregate
+        def get_aggregate
+          aggregate = parse_uri(AGGREGATE_URI).first
+          @redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+            unless aggregate_members.empty?
+              @response_content = {
+                :clients => 0,
+                :checks => 0,
+                :results => {
+                  :ok => 0,
+                  :warning => 0,
+                  :critical => 0,
+                  :unknown => 0,
+                  :total => 0,
+                  :stale => 0
+                }
+              }
+              clients = []
+              checks = []
+              results = []
+              aggregate_members.each_with_index do |member, index|
+                client_name, check_name = member.split(":")
+                clients << client_name
+                checks << check_name
+                result_key = "result:#{client_name}:#{check_name}"
+                @redis.get(result_key) do |result_json|
+                  unless result_json.nil?
+                    results << Sensu::JSON.load(result_json)
+                  else
+                    @redis.srem("aggregates:#{aggregate}", member)
+                  end
+                  if index == aggregate_members.length - 1
+                    @response_content[:clients] = clients.uniq.length
+                    @response_content[:checks] = checks.uniq.length
+                    max_age = integer_parameter(@params[:max_age])
+                    if max_age
+                      result_count = results.length
+                      timestamp = Time.now.to_i - max_age
+                      results.reject! do |result|
+                        result[:executed] && result[:executed] < timestamp
+                      end
+                      @response_content[:results][:stale] = result_count - results.length
+                    end
+                    @response_content[:results][:total] = results.length
+                    results.each do |result|
+                      severity = (SEVERITIES[result[:status]] || "unknown")
+                      @response_content[:results][severity.to_sym] += 1
+                    end
+                    respond
+                  end
+                end
+              end
+            else
+              not_found!
+            end
+          end
+        end
+
+        # DELETE /aggregates/:aggregate
+        def delete_aggregate
+          aggregate = parse_uri(AGGREGATE_URI).first
+          @redis.smembers("aggregates") do |aggregates|
+            if aggregates.include?(aggregate)
+              @redis.srem("aggregates", aggregate) do
+                @redis.del("aggregates:#{aggregate}") do
+                  no_content!
+                end
+              end
+            else
+              not_found!
+            end
+          end
+        end
+
+        # GET /aggregates/:aggregate/clients
+        def get_aggregate_clients
+          aggregate = parse_uri(AGGREGATE_CLIENTS_URI).first
+          @response_content = []
+          @redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+            unless aggregate_members.empty?
+              clients = {}
+              aggregate_members.each do |member|
+                client_name, check_name = member.split(":")
+                clients[client_name] ||= []
+                clients[client_name] << check_name
+              end
+              clients.each do |client_name, checks|
+                @response_content << {
+                  :name => client_name,
+                  :checks => checks
+                }
+              end
+              respond
+            else
+              not_found!
+            end
+          end
+        end
+
+        # GET /aggregates/:aggregate/checks
+        def get_aggregate_checks
+          aggregate = parse_uri(AGGREGATE_CHECKS_URI).first
+          @response_content = []
+          @redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+            unless aggregate_members.empty?
+              checks = {}
+              aggregate_members.each do |member|
+                client_name, check_name = member.split(":")
+                checks[check_name] ||= []
+                checks[check_name] << client_name
+              end
+              checks.each do |check_name, clients|
+                @response_content << {
+                  :name => check_name,
+                  :clients => clients
+                }
+              end
+              respond
+            else
+              not_found!
+            end
+          end
+        end
+
+        # GET /aggregates/:aggregate/results/:severity
+        def get_aggregate_results_severity
+          aggregate, severity = parse_uri(AGGREGATE_RESULTS_SEVERITY_URI)
+          if SEVERITIES.include?(severity)
+            @redis.smembers("aggregates:#{aggregate}") do |aggregate_members|
+              unless aggregate_members.empty?
+                @response_content = []
+                summaries = Hash.new
+                max_age = integer_parameter(@params[:max_age])
+                current_timestamp = Time.now.to_i
+                aggregate_members.each_with_index do |member, index|
+                  client_name, check_name = member.split(":")
+                  result_key = "result:#{client_name}:#{check_name}"
+                  @redis.get(result_key) do |result_json|
+                    unless result_json.nil?
+                      result = Sensu::JSON.load(result_json)
+                      if SEVERITIES[result[:status]] == severity &&
+                          (max_age.nil? || result[:executed].nil? || result[:executed] >= (current_timestamp - max_age))
+                        summaries[check_name] ||= {}
+                        summaries[check_name][result[:output]] ||= {:total => 0, :clients => []}
+                        summaries[check_name][result[:output]][:total] += 1
+                        summaries[check_name][result[:output]][:clients] << client_name
+                      end
+                    end
+                    if index == aggregate_members.length - 1
+                      summaries.each do |check_name, outputs|
+                        summary = outputs.map do |output, output_summary|
+                          {:output => output}.merge(output_summary)
+                        end
+                        @response_content << {
+                          :check => check_name,
+                          :summary => summary
+                        }
+                      end
+                      respond
+                    end
+                  end
+                end
+              else
+                not_found!
+              end
+            end
+          else
+            bad_request!
+          end
+        end
+      end
+    end
+  end
+end