SSL: default command with -C 0 argument.

2024-04-25 13:33:04 +02:00 · 2018-07-05 16:04:17 +02:00 · 2018-07-05 16:04:17 +02:00 · 4351f2ca5f
parent 6f7a36a38e
commit 4351f2ca5f
7 changed files with 37 additions and 14 deletions
--- a/app/services/ssl.rb
+++ b/app/services/ssl.rb
@ -34,6 +34,7 @@ module SSL

    def run_command
      command = system_klass.new(check_http_path, check_http_args, logger: logger)
+
      result = command.execute

      unless result.exit_status.zero?
@ -54,11 +55,22 @@ module SSL

    def check_http_args
      [
-        configuration.check_http_args.presence,
-        "-H '#{domain}'",
+        "-C 0", # enable SSL mode without any delay warning
+        "-H",   # check_http does not works with fully quoted arg (check_http "-H myhost.org")
+        domain,
+        *custom_check_http_args,
      ].compact
    end

+    def custom_check_http_args
+      return nil unless configuration.check_http_args.present?
+
+      fail SSLConfigurationError, "check_http_args option must be an array of argument." \
+        unless configuration.check_http_args.is_a?(Array)
+
+      configuration.check_http_args
+    end
+
    def default_configuration
      OpenStruct.new(Rails.configuration.chexpire.fetch("checks_ssl") { {} })
    end
--- a/app/services/ssl/errors.rb
+++ b/app/services/ssl/errors.rb
@ -2,6 +2,7 @@ module SSL
  class Error < StandardError; end

  class SSLCommandError < Error; end
+  class SSLConfigurationError < Error; end

  class ParserError < Error; end
  class DomainNotMatchError < ParserError; end
--- a/config/chexpire.example.yml
+++ b/config/chexpire.example.yml
@ -8,8 +8,8 @@ default: &default
    long_term: 60
    long_term_frequency: 10
  checks_ssl:
-    check_http_path: ""
-    check_http_args: ""
+    check_http_path: # default to check_http in $PATH)
+    check_http_args: # array of arguments appended to defaults: -C 0 -H $HOSTNAME.

 development:
  <<: *default
--- a/config/chexpire.test.yml
+++ b/config/chexpire.test.yml
@ -9,5 +9,5 @@ test:
    long_term: 60
    long_term_frequency: 10
  checks_ssl:
-    check_http_path: ""
-    check_http_args: ""
+    check_http_path:
+    check_http_args:
--- a/test/jobs/ssl_sync_job_test.rb
+++ b/test/jobs/ssl_sync_job_test.rb
@ -63,6 +63,6 @@ class SSLSyncJobTest < ActiveJob::TestCase
  end

  def expected_command_arg(domain)
-    ["-H '#{domain}'"]
+    ["-C 0", "-H", domain]
  end
 end
--- a/test/services/check_ssl_processor_test.rb
+++ b/test/services/check_ssl_processor_test.rb
@ -10,7 +10,7 @@ class CheckSSLProcessorTest < ActiveSupport::TestCase
    check = create(:check, :ssl, :nil_dates, domain: domain)

    response = file_fixture("ssl/ssl0.domain.org.txt").read
-    mock_system_command("check_http", ["-H '#{domain}'"], stdout: response) do
+    mock_system_command("check_http", ["-C 0", "-H", domain], stdout: response) do
      @processor.send(:process, check)
    end

--- a/test/services/ssl_test.rb
+++ b/test/services/ssl_test.rb
@ -7,7 +7,7 @@ module SSL
    test "should run the command, return the result" do
      result = OpenStruct.new(exit_status: 0)

-      mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass|
+      mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
        service = Service.new("example.org", system_klass: system_klass)
        assert_equal result, service.run_command
      end
@ -16,7 +16,7 @@ module SSL
    test "should raise an exception if exit status > 0" do
      result = OpenStruct.new(exit_status: 1)

-      mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass|
+      mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
        service = Service.new("example.org", system_klass: system_klass)

        assert_raises SSLCommandError do
@ -37,21 +37,31 @@ module SSL

    test "should uses the command line arguments of the configuration" do
      result = OpenStruct.new(exit_status: 0)
-      config = OpenStruct.new(check_http_args: "-f follow -I 127.0.0.1")
+      config = OpenStruct.new(check_http_args: ["-f", "-I 127.0.0.1"])

-      expected_args = ["-f follow -I 127.0.0.1", "-H 'example.org'"]
+      expected_args = ["-C 0", "-H", "example.org", "-f", "-I 127.0.0.1"]
      mock_system_klass("check_http", expected_args, result) do |system_klass|
        service = Service.new("example.org", configuration: config, system_klass: system_klass)
        assert_equal result, service.run_command
      end
    end

+    test "should raise an error when check_http_args is not an array" do
+      black_hole = Naught.build(&:black_hole)
+      config = OpenStruct.new(check_http_args: "-f")
+
+      assert_raises SSLConfigurationError do
+        service = Service.new("example.org", configuration: config, system_klass: black_hole)
+        service.run_command
+      end
+    end
+
    test "should uses the program path from the configuration" do
      result = OpenStruct.new(exit_status: 0)
      config = OpenStruct.new(check_http_path: "/usr/local/custom/path")

-      mock_system_klass("/usr/local/custom/path", ["-H 'example.org'"], result) do |system_klass|
-        service = Service.new("example.org", configuration: config, system_klass: system_klass)
+      mock_system_klass("/usr/local/custom/path", ["-C 0", "-H", "example.org"], result) do |sys|
+        service = Service.new("example.org", configuration: config, system_klass: sys)
        assert_equal result, service.run_command
      end
    end