sensu-plugins-http-boutetnico 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c22c8bb8150663fdf2082b42d8d7b8d5b61ede28
+  data.tar.gz: 1b2f55ad0743f8d0465f88733960d9a42f9e14d3
+SHA512:
+  metadata.gz: 3bf4f6d7289710cec3a60bd7af3871677371f6a80f478e2c5ddebeb191d7ee2ffa4d49063048531a5f732a52506b33ad729dd69bbe39f0f82ab03e86cc41f950
+  data.tar.gz: 4ce3378f60ef16b33191ec6ec0f76a056cd4538712259a626e923483034252c2df1903f8cb86cd4b52e6eff9926d2ef9fce5dd5f79145ef35838f63ccf2182b4

data/CHANGELOG.md

@@ -0,0 +1 @@
+Can be found at [https://github.com/boutetnico/sensu-plugins-http/releases](https://github.com/boutetnico/sensu-plugins-http/releases).

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Sensu-Plugins
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,211 @@
+## Sensu-Plugins-http
+
+[![Gem Version](https://badge.fury.io/rb/sensu-plugins-http-boutetnico.svg)](https://badge.fury.io/rb/sensu-plugins-http-boutetnico.svg)
+[![Sensu Bonsai Asset](https://img.shields.io/badge/Bonsai-Download%20Me-brightgreen.svg?colorB=89C967&logo=sensu)](https://bonsai.sensu.io/assets/boutetnico/sensu-plugins-http)
+
+## This is an unofficial fork
+
+This fork is automatically tested, built and published to [RubyGems](https://rubygems.org/gems/sensu-plugins-http-boutetnico/) and [Bonsai](https://bonsai.sensu.io/assets/boutetnico/sensu-plugins-http).
+
+## Sensu HTTP Plugin
+
+- [Overview](#overview)
+- [Usage examples](#usage-examples)
+- [Configuration](#configuration)
+  - [Sensu Go](#sensu-go)
+    - [Asset definition](#asset-definition)
+    - [Check definition](#check-definition)
+  - [Sensu Core](#sensu-core)
+    - [Check definition](#check-definition)
+- [Functionality](#functionality)
+- [Additional information](#additional-information)
+- [Installation](#installation)
+
+### Overview 
+
+This plugin provides native HTTP instrumentation for monitoring and metrics collection, including: response code, JSON response, HTTP last modified, SSL expiry, and metrics via `curl`.
+
+The Sensu assets packaged from this repository are built against the Sensu ruby runtime environment. When using these assets as part of a Sensu Go resource (check, mutator or handler), make sure you include the corresponding Sensu ruby runtime asset in the list of assets needed by the resource.  The current ruby-runtime assets can be found [here](https://bonsai.sensu.io/assets/sensu/sensu-ruby-runtime) in the [Bonsai Asset Index](bonsai.sensu.io)
+
+#### Files
+ * bin/check-head-redirect.rb
+ * bin/check-http-cors.rb
+ * bin/check-http-json.rb
+ * bin/check-http.rb
+ * bin/check-https-cert.rb
+ * bin/check-last-modified.rb
+ * bin/metrics-curl.rb
+ * bin/metrics-http-json-deep.rb
+ * bin/metrics-http-json.rb
+ * bin/metrics-libcurl.rb
+
+## Usage examples
+
+**check-http.rb**
+```
+Usage: check-http.rb (options)
+        --aws-v4                     Sign http request with AWS v4 signature
+        --aws-v4-region REGION       Region to use for AWS v4 signing.  Defaults to AWS_REGION or AWS_DEFAULT_REGION
+        --aws-v4-service SERVICE     Service name to use when building the v4 signature
+    -d, --body BODY                  Send a data body string with the request
+    -C, --cacert FILE                A CA Cert to use
+    -c, --cert FILE                  Cert to use
+        --dns-timeout SECS           Number of seconds to allow for DNS resolution. Accepts decimal number.
+    -e, --expiry EXPIRY              Warn EXPIRE days before cert expires
+    -H, --header HEADER              Send one or more comma-separated headers with the request
+    -h, --hostname HOSTNAME          A HOSTNAME to connect to
+    -k                               Enabling insecure connections
+     -m, --method GET|HEAD|POST|PUT   Specify a GET, HEAD, POST, or PUT operation; defaults to GET (included in ['GET', 'HEAD', 'POST', 'PUT'])
+    -g, --min-bytes BYTES            Check the response contains at least BYTES bytes
+    -n, --negquery PAT               Query for a specific pattern that must be absent
+        --noproxy                    Do not use proxy server even from environment http_proxy setting
+        --open-timeout SECS          Number of seconds to wait for the connection to open
+    -a, --password PASS              A password to use for the username
+    -q, --query PAT                  Query for a specific pattern that must exist
+    -P, --port PORT                  Select another port
+        --proxy-url PROXY_URL        Use a proxy server to connect
+        --read-timeout SECS          Number of seconds to wait for one block to be read
+    -r                               Check if a redirect is ok
+    -R, --redirect-to URL            Redirect to another page
+    -p, --request-uri PATH           Specify a uri path
+    -B, --require-bytes BYTES        Check the response contains exactly BYTES bytes
+    -b, --response-bytes BYTES       Print BYTES of the output
+        --response-code REGEX        Critical if HTTP response code does not match REGEX
+    -S, --checksum CHECKSUM          SHA-256 checksum
+    -s                               Enabling SSL connections
+    -t, --timeout SECS               Set the total execution timeout in seconds
+    -x, --user-agent USER-AGENT      Specify a USER-AGENT
+    -u, --url URL                    A URL to connect to
+    -U, --username USER              A username to connect as
+    -w, --whole-response             Print whole output when check fails
+
+```
+
+**metrics-curl.rb**
+```
+Usage: metrics-curl.rb (options)
+    -a, --curl_args "CURL ARGS"      Additional arguments to pass to curl
+    -s, --scheme SCHEME              Metric naming scheme, text to prepend to metric (required)
+    -u, --url URL                    valid cUrl url to connect
+
+```
+
+### Configuration
+#### Sensu Go
+##### Asset registration
+
+Assets are the best way to make use of this plugin. If you're not using an asset, please consider doing so! If you're using sensuctl 5.13 or later, you can use the following command to add the asset: 
+
+`sensuctl asset add sensu-plugins/sensu-plugins-http`
+
+If you're using an earlier version of sensuctl, you can download the asset definition from [this project's Bonsai Asset Index page](https://bonsai.sensu.io/assets/sensu-plugins/sensu-plugins-http).
+
+##### Asset definition
+
+```yaml
+---
+type: Asset
+api_version: core/v2
+metadata:
+  name: sensu-plugins-http
+spec:
+  url: https://assets.bonsai.sensu.io/30d8361243af8c7806e2d6db4a6dc576dab02966/sensu-plugins-http_5.1.1_centos_linux_amd64.tar.gz
+  sha512: 642643d00c6af177d2e159b9152c0a513c1b193622c1e6dc2735b7518ce57a1522186dcbf62d6cfbdf1c79c45215f1142d362276815c31aa6071d49735bf1d35
+```
+
+##### Check definition
+
+```yaml
+---
+type: CheckConfig
+spec:
+  command: "metrics-curl.rb -u https://google.com"
+  handlers: []
+  high_flap_threshold: 0
+  interval: 10
+  low_flap_threshold: 0
+  publish: true
+  runtime_assets:
+  - sensu-plugins-http
+  - sensu-ruby-runtime
+  subscriptions:
+  - linux
+  output_metric_format: graphite_plaintext
+  output_metric_handlers:
+  - influx-db
+```
+#### Sensu Core
+##### Check definition
+```json
+{
+  "checks": {
+    "check-http": {
+    "command": "check-http.rb -u https://google.com",
+    "subscribers": [
+      "webservers"
+    ],
+    "interval": 60
+    }
+  }
+}
+```
+
+### Additional information
+
+`check-head-redirect.rb` and `check-last-modified.rb` can be used in conjunction with AWS to pull configuration from a specific bucket and file.
+
+This is helpful if you do not want to configure connection information as an argument to the sensu checks. If a bucket and key are specified that the environment the sensu check executes in has access to, or you provide an AWS key and token, the checks will pull the specified JSON file from S3 and merge the JSON config in to the current check configuration.
+
+`check-https-cert.rb` can be used to test for valid and successfully expired certs, amongst other things.
+
+## Installation
+
+### Sensu Go
+
+See the instructions above for [asset registration](#asset-registration)
+
+### Sensu Core
+Install and setup plugins on [Sensu Core](https://docs.sensu.io/sensu-core/latest/installation/installing-plugins/)
+
+## Notes
+### check-curl.rb and check-libcurl.rb
+These metrics checks output equivalent metrics in graphite plaintext format. 
+check-curl.rb operates by calling the curl executable with arbitrary arguments
+```
+metrics-curl.rb --help
+Usage: metrics-curl.rb (options)
+    -a, --curl_args "CURL ARGS"      Additional arguments to pass to curl
+    -s, --scheme SCHEME              Metric naming scheme, text to prepend to metric (required)
+    -u, --url URL                    valid cUrl url to connect
+
+```
+
+check-curllub.rb operators by calling into the libcurl library with arbitrary arguments.
+```
+metrics-libcurl.rb --help
+Usage: metrics-libcurl.rb (options)
+    -d, --debug                      Include debug output, should not use in production.
+    -H, --headers  JSON              HTTP Request Headers as key/value JSON string
+    -P, --params  JSON               HTTP Request Parameters as key/value JSON string
+    -w, --warn_redirect              return warning status (1) if http response redirect status encountered (3xx)
+    -c, --critical_http_error        return critical status (2) if http response error status encountered (>= 400)
+    -o, --options  JSON              Libcurl Options as a key/value JSON string
+    -s, --scheme SCHEME              Metric naming scheme, text to prepend to metric
+    -u, --url URL                    valid cUrl url to connect (default: http://127.0.0.1:80/)
+    -h, --help                       Show this message
+Detailed Info:
+  This wrapper makes use of libcurl directly instead of the curl executable by way of the Typhoeus RubyGem.
+  You can provide additional libcurl options via the commandline using the --options argument.
+
+Options Examples:
+  Follow Redirects: --options '{"followlocation": true}'
+  Use Proxy: --options '{proxy: "http://proxyurl.com", proxyuserpwd: "user:password"}'
+  Disable TLS Verification: '{"ssl_verifypeer": false}'
+
+References:
+  Typhoeus Docs: https://www.rubydoc.info/gems/typhoeus/1.3.1
+  Libcurl Options: https://curl.haxx.se/libcurl/c/curl_easy_setopt.html
+```
+
+### check-http.rb and check-https-cert.rb
+This check is not really geared to check all of the complexities of ssl which is why there is a separate repo and set of checks for that: https://github.com/sensu-plugins/sensu-plugins-ssl. If you are trying to verify cert expiration you will notice that in some cases it does not do what you always expect it to do. For example it might appear that when using using `-k` option you see different expiration times. This is due to the fact that when using `-k` it does not check expiration of all of the certs in the chain. Rather than duplicate this behavior in this check use the other repo where we handle those more complicated ssl checks better. For more information see: https://github.com/sensu-plugins/sensu-plugins-http/issues/67

data/bin/check-head-redirect.rb

@@ -0,0 +1,151 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-head-redirect
+#
+# DESCRIPTION:
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#
+# USAGE:
+#
+# NOTES:
+#
+# LICENSE:
+#   Leon Gibat <brendan.gibat@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+require 'sensu-plugin/check/cli'
+require 'net/https'
+require 'time'
+require 'aws-sdk'
+require 'json'
+require 'sensu-plugins-http'
+
+#
+# Checks that redirection links can be followed in a set number of requests.
+#
+class CheckHeadRedirect < Sensu::Plugin::Check::CLI
+  include Common
+  option :aws_access_key_id,
+         short: '-a AWS_ACCESS_KEY_ID',
+         long: '--aws-access-key-id AWS_ACCESS_KEY_ID',
+         description: 'AWS Access Key. Either set ENV["AWS_ACCESS_KEY_ID"] or provide it as an option',
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-k AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: 'AWS Secret Access Key. Either set ENV["AWS_SECRET_ACCESS_KEY"] or provide it as an option',
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1)',
+         default: 'us-east-1'
+
+  option :s3_config_bucket,
+         short: '-s S3_CONFIG_BUCKET',
+         long: '--s3-config-bucket S3_CONFIG_BUCKET',
+         description: 'S3 config bucket'
+
+  option :s3_config_key,
+         short: '-k S3_CONFIG_KEY',
+         long: '--s3-config-key S3_CONFIG_KEY',
+         description: 'S3 config key'
+
+  option :url,
+         short: '-u URL',
+         long: '--url URL',
+         description: 'The URL of the file to be checked'
+
+  option :user,
+         short: '-U USER',
+         long: '--username USER',
+         description: 'A username to connect as'
+
+  option :password,
+         short: '-a PASS',
+         long: '--password PASS',
+         description: 'A password to use for the username'
+
+  option :follow_redirects,
+         short: '-R FOLLOW_REDIRECTS',
+         long: '--redirect FOLLOW_REDIRECTS',
+         proc: proc(&:to_i),
+         default: 0,
+         description: 'Follow first <N> redirects'
+
+  option :follow_redirects_with_get,
+         short: '-g GET_REDIRECTS',
+         long: '--get-redirects GET_REDIRECTS',
+         proc: proc(&:to_i),
+         default: 0,
+         description: 'Follow first <N> redirects with GET requests'
+
+  option :auth_first_only,
+         short: '-A',
+         long: '--auth-first-only',
+         default: true,
+         description: 'Use basic auth on first request only'
+
+  def follow_uri(uri, total_redirects, get_redirects, auth_count)
+    location = URI(uri)
+    http = Net::HTTP.new(location.host, location.port)
+
+    if location.port == 443
+      http.use_ssl = true
+    end
+
+    request = if get_redirects > 0
+                Net::HTTP::Get.new(location.request_uri)
+              else
+                Net::HTTP::Head.new(location.request_uri)
+              end
+
+    if auth_count > 0 && config[:user] && config[:password] && total_redirects == config[:follow_redirects]
+      http.use_ssl = true
+      request.basic_auth(config[:user], config[:password])
+      auth_count -= 1
+    end
+
+    response = http.request(request)
+    if total_redirects > 0
+      case response
+      when Net::HTTPSuccess     then ok
+      when Net::HTTPRedirection then follow_uri(response['location'], total_redirects - 1, get_redirects - 1, auth_count)
+      else
+        critical 'Http Error'
+      end
+    else
+      case response
+      when Net::HTTPSuccess then ok
+      else
+        critical 'Http Error'
+      end
+    end
+  end
+
+  def run
+    merge_s3_config
+
+    url = config[:url]
+
+    # Validate arguments
+    unless url
+      unknown 'No URL specified'
+    end
+
+    follow_uri(url, config[:follow_redirects], config[:follow_redirects_with_get], config[:auth_first_only] ? 1 : config[:follow_redirects])
+  end
+end

data/bin/check-http-cors.rb

@@ -0,0 +1,145 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: false
+
+#
+#   check-http-cors
+#
+# DESCRIPTION:
+#   Takes either a URL or a combination of host/path/query/port/ssl, and checks
+#   for valid JSON output in the response. Can also optionally validate simple
+#   string key/value pairs.
+#
+# OUTPUT:
+#   plain text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: sensu-plugin
+#   gem: json
+#   gem: net/http
+#
+# USAGE:
+#   #YELLOW
+#
+# EXAMPLE:
+#   # simple key access
+#     $ ruby plugins/http/check-http-json.rb -u https://example.com/cors_resource -O "Origin:http://dummy"
+#
+# NOTES:
+#   Based on Check HTTP by Sonian Inc.
+#
+# LICENSE:
+#   Copyright 2015 Alexander Paz <alexjpaz@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'json'
+require 'net/http'
+require 'net/https'
+
+class CheckCORS < Sensu::Plugin::Check::CLI
+  option :url, short: '-u URL'
+  option :host, short: '-h HOST'
+  option :path, short: '-p PATH'
+  option :query, short: '-q QUERY'
+  option :port, short: '-P PORT', proc: proc(&:to_i)
+  option :header, short: '-H HEADER', long: '--header HEADER'
+  option :ssl, short: '-s', boolean: true, default: false
+  option :insecure, short: '-k', boolean: true, default: false
+  option :user, short: '-U', long: '--username USER'
+  option :password, short: '-a', long: '--password PASS'
+  option :cert, short: '-c FILE'
+  option :cacert, short: '-C FILE'
+  option :timeout, short: '-t SECS', proc: proc(&:to_i), default: 15
+  option :key, short: '-K KEY', long: '--key KEY'
+  option :value, short: '-v VALUE', long: '--value VALUE'
+
+  def run
+    if config[:url]
+      uri = URI.parse(config[:url])
+      config[:host] = uri.host
+      config[:path] = uri.path
+      config[:query] = uri.query
+      config[:port] = uri.port
+      config[:ssl] = uri.scheme == 'https'
+    else
+      # #YELLOW
+      unless config[:host] && config[:path]
+        unknown 'No URL specified'
+      end
+      config[:port] ||= config[:ssl] ? 443 : 80
+    end
+
+    begin
+      timeout(config[:timeout]) do
+        acquire_resource
+      end
+    rescue Timeout::Error
+      critical 'Connection timed out'
+    rescue StandardError => e
+      critical "Connection error: #{e.message}"
+    end
+  end
+
+  def cors?(res)
+    headers = {}
+
+    if config[:header]
+      config[:header].split(',').each do |header|
+        h, v = header.split(':', 2)
+        headers[h] = v.strip
+      end
+    end
+
+    res['Access-Control-Allow-Origin'] == headers['Origin']
+  end
+
+  def acquire_resource
+    res = request_http
+
+    case res.code
+    when /^2/
+      if cors?(res)
+        ok 'Request has matching CORS headers'
+      else
+        critical 'Response does not have valid CORS headers'
+      end
+    else
+      critical res.code
+    end
+  end
+
+  def request_http
+    http = Net::HTTP.new(config[:host], config[:port])
+
+    if config[:ssl]
+      http.use_ssl = true
+      if config[:cert]
+        cert_data = File.read(config[:cert])
+        http.cert = OpenSSL::X509::Certificate.new(cert_data)
+        http.key = OpenSSL::PKey::RSA.new(cert_data, nil)
+      end
+      http.ca_file = config[:cacert] if config[:cacert]
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE if config[:insecure]
+    end
+
+    req = Net::HTTP::Get.new([config[:path], config[:query]].compact.join('?'))
+    unless config[:user].nil? && config[:password].nil?
+      req.basic_auth config[:user], config[:password]
+    end
+
+    if config[:header]
+      config[:header].split(',').each do |header|
+        h, v = header.split(':', 2)
+        req[h] = v.strip
+      end
+    end
+
+    http.request(req)
+  end
+end