sensu-plugins-gpg 1.0.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c0456aed1eca4374ff9898da07296a6816611c4d
-  data.tar.gz: f9618f65ae3440a06d16e0672dddb56b1ac7f4ac
+  metadata.gz: d594885aab80d8b32b1ec588e3d7f987cd827877
+  data.tar.gz: 4637fe51fb38b00a4ef90269c553d4ca596f2398
 SHA512:
-  metadata.gz: d792729823a0be858d8bd8afdd9650c45e4627f8de496110c7b8abe33d80c1a9fca976e37fd9bee7902c19fb492873edfc69b5d641cbdd744237fd7b309f7df1
-  data.tar.gz: 8b6709f89521c374199d3df2b1469f510abbed0ec9a46035127b65cb967b7a80b165e3e6e12b902b19c6a6f4262be16c5e77ae2068d05913c119ee6cb94d1470
+  metadata.gz: e4086313ec0258c21cac7a6166ac2ac76b96c999d8aee81da8aefb09f71cd1c1e3d28ba2df9e6fcb7e62f686e7bc97aa6b3aa84de6c55126d7c1ad76438698b5
+  data.tar.gz: aa21be0217563fa2cc56592258ec75e117a768a33ef45590a13e1b5ae91acd8dae0ebcba54be9ccf4aa1337115a49270d862d77b03090453d08fb20d071aed63

data/CHANGELOG.md

@@ -5,6 +5,20 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 
 ## [Unreleased]
 
+## [2.0.0]
+### Breaking Change
+- bumped requirement of `sensu-plugin` to [2.0](https://github.com/sensu-plugins/sensu-plugin/blob/master/CHANGELOG.md#v200---2017-03-29) (@majormoses)
+
+### Added
+- added scripts `check-all-gpg-keys-for-expiry.rb` and its spec script `check_all_gpg_keys_for_expiry_spec.rb`. (@adityapahuja)
+
+### Changed
+- moved spec_helper.rb from test to spec folder for consistency. (@adityapahuja)
+- updated spec_helper.rb to provide classes and tools for testing check-all-gpg-keys-for-expiry. (@adityapahuja)
+- updated license to include Crown Copyright. (@adityapahuja)
+- updated readme to provide details on newly added scripts. (@adityapahuja)
+- updated version.rb to include comments. (@adityapahuja)
+
 ## [1.0.0] -  2017-07-15
 ### Added
 - Ruby 2.3.0 support
@@ -37,7 +51,8 @@ This CHANGELOG follows the format listed at [Keep A Changelog](http://keepachang
 ### Added
 - initial release
 
-[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/1.0.0...HEAD
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/2.0.0...HEAD
+[2.0.0]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/1.0.0...2.0.0
 [1.0.0]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/0.0.4...1.0.0
 [0.0.4]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/0.0.3...0.0.4
 [0.0.3]: https://github.com/sensu-plugins/sensu-plugins-gpg/compare/0.0.2...0.0.3

data/LICENSE

@@ -1,22 +1,22 @@
 Copyright (c) 2015 Sensu-Plugins
+Copyright (c) 2016 Crown Copyright
 
-MIT License
+The MIT License (MIT)
 
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-"Software"), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -1,21 +1,32 @@
-Sensu-Plugins-gpg
+# Sensu Plugins GPG
 
-[ ![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-gpg.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-gpg)
+[![Build Status](https://travis-ci.org/sensu-plugins/sensu-plugins-gpg.svg?branch=master)](https://travis-ci.org/sensu-plugins/sensu-plugins-gpg)
 [![Gem Version](https://badge.fury.io/rb/sensu-plugins-gpg.svg)](http://badge.fury.io/rb/sensu-plugins-gpg)
 [![Code Climate](https://codeclimate.com/github/sensu-plugins/sensu-plugins-gpg/badges/gpa.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-gpg)
 [![Test Coverage](https://codeclimate.com/github/sensu-plugins/sensu-plugins-gpg/badges/coverage.svg)](https://codeclimate.com/github/sensu-plugins/sensu-plugins-gpg)
 [![Dependency Status](https://gemnasium.com/sensu-plugins/sensu-plugins-gpg.svg)](https://gemnasium.com/sensu-plugins/sensu-plugins-gpg)
 
-## Functionality
+This plugin is used for monitoring GPG keys.
 
 ## Files
- * bin/check-gpg-expiration.rb
+
+* bin/check-gpg-expiration.rb
+* bin/check-all-gpg-keys-for-expiry.rb
 
 ## Usage
 
-## Installation
+In a proper gem environment, plugins can be executed directly from the command line. If you want to check GPG keys' expiry dates, you can use the 'check-all-gpg-keys-for-expiry' plugin. This will only work for Ruby scripts. Scripts in other languages will still need to be called directly due to binstubs not being automatically created.
+
+```
+check-all-gpg-keys-for-expiry.rb -w 7 -c 2 -h ~/.gnupg --do-not-display-json-message
+```
+
+Depending on Ruby environment, you may need to call Ruby directly.
 
-[Installation and Setup](http://sensu-plugins.io/docs/installation_instructions.html)
+```
+/opt/sensu/embedded/bin/ruby check-all-gpg-keys-for-expiry.rb -w 7 -c 2 -h ~/.gnupg --do-not-display-json-message
+```
 
-## Notes
+## Contributing
 
+Bug reports and pull requests are welcome on GitHub at https://github.com/sensu-plugins/sensu-plugins-gpg.

data/bin/check-all-gpg-keys-for-expiry.rb

@@ -0,0 +1,263 @@
+#! /usr/bin/env ruby
+#
+# check-all-gpg-keys-for-expiry
+#
+# DESCRIPTION:
+#   This script will check all keys' expiry dates and generate JSON message or output
+#   the string "CheckAllGpgKeysForExpiry OK: ..." (like a Nagios plugin). JSON message can be
+#   sent to Sensu client.
+#
+# OUTPUT:
+#   plain text
+#   Defaults: CRITICAL if a key is about to expire in 5 days
+#             WARNING if a key is about expire in 14 days
+#             GPG home directory is /root/.gnupg
+#             GPG executable binary is located under /usr/bin/gpg
+#             It checks secret keys
+#             It displays JSON message
+#
+# PLATFORMS:
+#   Linux, Mac OS X
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin, csv, open3, date, time
+#   GPG package
+#
+# USAGE:
+#   check-all-gpg-keys-for-expiry.rb -w 7 -c 2 -h ~/.gnupg -e /usr/local/bin/gpg
+#    --do-not-display-json-message --use-secret-key
+#
+# LICENSE:
+#   Aditya Pahuja aditya.s.pahuja@gmail.com
+#   Copyright (c) 2016 Crown Copyright
+#   Released under the same terms as Crown (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-gpg'
+require 'sensu-plugin/check/cli'
+require 'csv'
+require 'open3'
+require 'date'
+require 'time'
+
+# == Description
+#
+# The CheckAllGpgKeysForExpiry class fetches all GPG keys, check their expiry dates and send
+# appropriate alerts to Sensu
+class CheckAllGpgKeysForExpiry < Sensu::Plugin::Check::CLI
+  option :warning,
+         short: '-w NUMBER_OF_DAYS_LEFT_TO_TRIGGER_ALERT',
+         long: '--warning NUMBER_OF_DAYS_LEFT_TO_TRIGGER_ALERT',
+         proc: proc(&:to_i),
+         default: 14,
+         description: 'The minimum number of days left to trigger a warning alert'
+
+  option :critical,
+         short: '-c NUMBER_OF_DAYS_LEFT_TO_TRIGGER_ALERT',
+         long: '--critical NUMBER_OF_DAYS_LEFT_TO_TRIGGER_ALERT',
+         proc: proc(&:to_i),
+         default: 5,
+         description: 'Minimum number of days left to trigger a critical alert'
+
+  option :home_directory,
+         short: '-h GPG_HOME_DIR',
+         long: '--home-directory GPG_HOME_DIR',
+         default: '/root/.gnupg',
+         description: 'Location of GPG home directory',
+         required: true
+
+  option :gpg,
+         short: '-e GPG_EXECUTABLE_PATH',
+         long: '--execute GPG_EXECUTABLE_PATH',
+         default: '/usr/bin/gpg',
+         description: 'Location of binary executable file (gpg)'
+
+  option :use_secret_key,
+         short: '-s',
+         long: '--use-secret-key',
+         description: 'Check secret key instead of public key',
+         boolean: true
+
+  option :do_not_display_json_message,
+         short: '-d',
+         long: '--do-not-display-json-message',
+         description: 'Display JSON message instead of sending it to Sensu',
+         boolean: true
+
+  def initialize
+    super
+  end
+
+  # Return the number of days since epoch from a given epoch
+  def self.days_since_epoch(e)
+    epoch = Date.new(1970, 1, 1)
+    d = Time.at(e).to_date
+    (d - epoch).to_i
+  end
+
+  # Return --list-key if 'use_secret_key' is false otherwise
+  # return --list-secret-key
+  def key_type_option
+    if !config[:use_secret_key]
+      '--list-key'
+    else
+      '--list-secret-key'
+    end
+  end
+
+  # Return all GPG keys' details by executing the GPG command
+  def fetch_all_gpg_keys
+    args = ['--with-colons', '--fixed-list-mode', '--lock-never', key_type_option]
+    gpg_cmd = [config[:gpg] + " --homedir #{config[:home_directory]}"] + args
+
+    _cmd_out, _cmd_err, _status = Open3.capture3 gpg_cmd.join(' ')
+  end
+
+  # Set the key's level to the appropriate level by checking its number of days left
+  def update_key_level(key)
+    num_of_days_left = key.num_of_days_left
+    case num_of_days_left.to_s
+    when /^-\d+$/
+      key.level = 2
+    when /^\d+$/
+      return key.level = 0 if num_of_days_left > config[:warning]
+      return key.level = 2 if num_of_days_left <= config[:critical]
+      return key.level = 1
+    else
+      return key.level = 3
+    end
+  end
+
+  # Return the number of days left using key's expiry date and today date
+  def calculate_num_of_days_left(key, today_epoch)
+    CheckAllGpgKeysForExpiry.days_since_epoch(key.expiry.to_i) - CheckAllGpgKeysForExpiry.days_since_epoch(today_epoch)
+  end
+
+  # Populate key's num of days left and its level
+  def populate_key_num_of_days_left_and_level(key, today_epoch)
+    if !key.expiry.nil?
+      key.num_of_days_left = calculate_num_of_days_left(key, today_epoch)
+      update_key_level(key)
+    else
+      key.num_of_days_left = Integer::MAX
+      key.level = 0
+    end
+  end
+
+  # Return pub if 'use_secret_key' is false otherwise
+  # return sec
+  def choose_key_type
+    if !config[:use_secret_key]
+      'pub'
+    else
+      'sec'
+    end
+  end
+
+  # Return a collection of keys
+  def create_a_collection_of_keys(keys_details)
+    today_epoch = Date.today.to_time.to_i
+    keys = []
+    found_key = false
+    key = nil
+    key_type = choose_key_type
+    CSV.parse(keys_details, col_sep: ':') do |row|
+      current_key_type = row[0]
+      if current_key_type == key_type
+        key = Key.new(row[4], row[6])
+        populate_key_num_of_days_left_and_level(key, today_epoch)
+        found_key = true
+      elsif found_key && current_key_type == 'uid'
+        key.description = row[9]
+        keys.push key
+        found_key = false
+      end
+    end
+    keys
+  end
+
+  # Run the GPG command to fetch all keys
+  def fetch_collection_of_keys
+    cmd_out, cmd_err, status = fetch_all_gpg_keys
+    if status.success?
+      [true, create_a_collection_of_keys(cmd_out)]
+    else
+      [false, cmd_err]
+    end
+  end
+
+  # Return a generated JSON message using note and status
+  def generate_json_message(note, status)
+    hash = {
+      name: self.class.name,
+      output: (note.nil? ? 'Unknown, Empty Message?' : note),
+      status: status
+    }
+    JSON.generate(hash)
+  end
+
+  # Return a note and an appropriate alert level after sorting keys using
+  # their number of days left in ascending order
+  def sort_keys
+    success, output = fetch_collection_of_keys
+    if success && output.count > 0
+      note = ''
+      output.sort! { |key1, key2| key1.num_of_days_left <=> key2.num_of_days_left }
+      output.each do |key|
+        note += key.to_s + "\n"
+      end
+      return note, output[0].level
+    elsif success && output.count == 0
+      return 'There are no keys.', 0
+    elsif output.nil?
+      return 'There are no keys.', 0
+    else
+      return output, 3
+    end
+  end
+
+  # Return false with error message and its level if GPG executable binary file or its
+  # home directory does not exist otherwise return true
+  def validate_gpg_and_home_directory
+    unless File.exist?(config[:gpg])
+      return false, 'GPG executable binary file [' + config[:gpg] + '] does not exist.', 2
+    end
+    unless File.exist?(config[:home_directory])
+      return false, 'GPG home directory [' + config[:home_directory] + '] does not exist.', 2
+    end
+    [true, '', 0]
+  end
+
+  # Send an appropriate alert level to Sensu using a specified level
+  def select_appropriate_alert_level(level)
+    if level == 0
+      ok
+    elsif level == 1
+      warning
+    elsif level == 2
+      critical
+    else
+      unknown
+    end
+  end
+
+  # Get all keys, sort them using their number of days left in ascending order
+  # and then display JSON message or send the message to Sensu
+  def run
+    success, note, level = validate_gpg_and_home_directory
+    note, level = sort_keys if success
+    if !config[:do_not_display_json_message]
+      puts generate_json_message(note, level)
+    else
+      message note
+      select_appropriate_alert_level(level)
+    end
+    exit
+  end
+
+  # Provide an option to disable autorun
+  def self.disable_autorun
+    @@autorun = false
+  end
+end

data/lib/sensu-plugins-gpg.rb

@@ -1 +1,3 @@
 require 'sensu-plugins-gpg/version'
+require 'sensu-plugins-gpg/integer'
+require 'sensu-plugins-gpg/key'

data/lib/sensu-plugins-gpg/integer.rb

@@ -0,0 +1,26 @@
+#! /usr/bin/env ruby
+#
+# check-all-gpg-keys-for-expiry
+#
+# DESCRIPTION:
+#   The Integer class provides maximum and minimum integer.
+#
+# LICENSE:
+#   Aditya Pahuja aditya.s.pahuja@gmail.com
+#   Copyright (c) 2016 Crown Copyright
+#   Released under the same terms as Crown (the MIT license); see LICENSE
+#   for details.
+#
+class Integer
+  # Number of bytes
+  N_BYTES = [42].pack('i').size
+
+  # Number of bits
+  N_BITS = N_BYTES * 8
+
+  # Maximum number for integer
+  MAX = 2**(N_BITS - 2) - 1
+
+  # Minimum number for integer
+  MIN = -MAX - 1
+end

data/lib/sensu-plugins-gpg/key.rb

@@ -0,0 +1,68 @@
+#! /usr/bin/env ruby
+#
+# check-all-gpg-keys-for-expiry
+#
+# DESCRIPTION:
+#   The Key class stores information about the key. It has id, expiry date,
+#   description, level and number of days left
+#
+# LICENSE:
+#   Aditya Pahuja aditya.s.pahuja@gmail.com
+#   Copyright (c) 2016 Crown Copyright
+#   Released under the same terms as Crown (the MIT license); see LICENSE
+#   for details.
+#
+class Key
+  attr_accessor :id, :expiry, :description, :level, :num_of_days_left
+
+  def initialize(id, expiry)
+    @id = id
+    @expiry = expiry
+  end
+
+  # Return the expiry date if @expiry is specified otherwise return
+  # 'N/A'
+  def display_expiry_date
+    @expiry.nil? ? 'N/A' : Time.at(@expiry.to_i).to_datetime.to_s
+  end
+
+  # Return the number of days left if @num_of_days_left is specified
+  # otherwise return 'N/A'
+  def display_num_of_days_left
+    @num_of_days_left == Integer::MAX ? 'N/A' : @num_of_days_left.to_s
+  end
+
+  # Return the meaningful information about the instance of Key
+  def inspect
+    'Id: ' + @id.to_s +
+      ', Expires on: ' + display_expiry_date +
+      ', Level: ' + map_number_to_word_level(@level) +
+      ', Number of days left to expire: ' + display_num_of_days_left +
+      ', Description: ' + @description % self
+  end
+
+  # Print the instance of Key's details in a nice format
+  def to_s
+    'Id: ' + @id.to_s +
+      ', Expires on: ' + display_expiry_date +
+      ', Level: ' + map_number_to_word_level(@level) +
+      ', Number of days left to expire: ' + display_num_of_days_left +
+      ', Description: ' + @description % self
+  end
+
+  private
+
+  # Return the meaningful word for a specified level
+  def map_number_to_word_level(level)
+    case level
+    when 0
+      'OK'
+    when 1
+      'WARNING'
+    when 2
+      'CRITICAL'
+    when 3
+      'UNKNOWN'
+    end
+  end
+end

data/lib/sensu-plugins-gpg/version.rb

@@ -1,9 +1,15 @@
+# SensuPluginsGpg is the main module
 module SensuPluginsGpg
+  # Version holds details about version number. It consists of
+  # three elements which are major, minor and patch number.
   module Version
-    MAJOR = 1
+    # Major version number (X.0.0)
+    MAJOR = 2
+    # Minor version number (0.X.0)
     MINOR = 0
+    # Patch version number (0.0.X)
     PATCH = 0
-
+    # Version number (X.X.X)
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-gpg
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Sensu Plugins and contributors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-15 00:00:00.000000000 Z
+date: 2017-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: ruby-enum
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.5'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -153,6 +167,7 @@ dependencies:
 description: Sensu plugins for gpg
 email: "<sensu-users@googlegroups.com>"
 executables:
+- check-all-gpg-keys-for-expiry.rb
 - check-gpg-expiration.rb
 extensions: []
 extra_rdoc_files: []
@@ -160,8 +175,11 @@ files:
 - CHANGELOG.md
 - LICENSE
 - README.md
+- bin/check-all-gpg-keys-for-expiry.rb
 - bin/check-gpg-expiration.rb
 - lib/sensu-plugins-gpg.rb
+- lib/sensu-plugins-gpg/integer.rb
+- lib/sensu-plugins-gpg/key.rb
 - lib/sensu-plugins-gpg/version.rb
 homepage: https://github.com/sensu-plugins/sensu-plugins-gpg
 licenses:
@@ -189,7 +207,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.6.14
 signing_key: 
 specification_version: 4
 summary: Sensu plugins for gpg