From 4351f2ca5f1564b433ed1fe173d3a4db98c4b8c9 Mon Sep 17 00:00:00 2001 From: Colin Darie Date: Thu, 5 Jul 2018 16:04:17 +0200 Subject: [PATCH] SSL: default command with -C 0 argument. --- app/services/ssl.rb | 16 ++++++++++++++-- app/services/ssl/errors.rb | 1 + config/chexpire.example.yml | 4 ++-- config/chexpire.test.yml | 4 ++-- test/jobs/ssl_sync_job_test.rb | 2 +- test/services/check_ssl_processor_test.rb | 2 +- test/services/ssl_test.rb | 22 ++++++++++++++++------ 7 files changed, 37 insertions(+), 14 deletions(-) diff --git a/app/services/ssl.rb b/app/services/ssl.rb index 95af40f..ee1d8d2 100644 --- a/app/services/ssl.rb +++ b/app/services/ssl.rb @@ -34,6 +34,7 @@ module SSL def run_command command = system_klass.new(check_http_path, check_http_args, logger: logger) + result = command.execute unless result.exit_status.zero? @@ -54,11 +55,22 @@ module SSL def check_http_args [ - configuration.check_http_args.presence, - "-H '#{domain}'", + "-C 0", # enable SSL mode without any delay warning + "-H", # check_http does not works with fully quoted arg (check_http "-H myhost.org") + domain, + *custom_check_http_args, ].compact end + def custom_check_http_args + return nil unless configuration.check_http_args.present? + + fail SSLConfigurationError, "check_http_args option must be an array of argument." \ + unless configuration.check_http_args.is_a?(Array) + + configuration.check_http_args + end + def default_configuration OpenStruct.new(Rails.configuration.chexpire.fetch("checks_ssl") { {} }) end diff --git a/app/services/ssl/errors.rb b/app/services/ssl/errors.rb index 6982c62..fe100c9 100644 --- a/app/services/ssl/errors.rb +++ b/app/services/ssl/errors.rb @@ -2,6 +2,7 @@ module SSL class Error < StandardError; end class SSLCommandError < Error; end + class SSLConfigurationError < Error; end class ParserError < Error; end class DomainNotMatchError < ParserError; end diff --git a/config/chexpire.example.yml b/config/chexpire.example.yml index b322b96..324a5d7 100644 --- a/config/chexpire.example.yml +++ b/config/chexpire.example.yml @@ -8,8 +8,8 @@ default: &default long_term: 60 long_term_frequency: 10 checks_ssl: - check_http_path: "" - check_http_args: "" + check_http_path: # default to check_http in $PATH) + check_http_args: # array of arguments appended to defaults: -C 0 -H $HOSTNAME. development: <<: *default diff --git a/config/chexpire.test.yml b/config/chexpire.test.yml index 2a72a7b..6af09a8 100644 --- a/config/chexpire.test.yml +++ b/config/chexpire.test.yml @@ -9,5 +9,5 @@ test: long_term: 60 long_term_frequency: 10 checks_ssl: - check_http_path: "" - check_http_args: "" + check_http_path: + check_http_args: diff --git a/test/jobs/ssl_sync_job_test.rb b/test/jobs/ssl_sync_job_test.rb index 0a55cdb..30b66a4 100644 --- a/test/jobs/ssl_sync_job_test.rb +++ b/test/jobs/ssl_sync_job_test.rb @@ -63,6 +63,6 @@ class SSLSyncJobTest < ActiveJob::TestCase end def expected_command_arg(domain) - ["-H '#{domain}'"] + ["-C 0", "-H", domain] end end diff --git a/test/services/check_ssl_processor_test.rb b/test/services/check_ssl_processor_test.rb index db6fa3c..b294a7c 100644 --- a/test/services/check_ssl_processor_test.rb +++ b/test/services/check_ssl_processor_test.rb @@ -10,7 +10,7 @@ class CheckSSLProcessorTest < ActiveSupport::TestCase check = create(:check, :ssl, :nil_dates, domain: domain) response = file_fixture("ssl/ssl0.domain.org.txt").read - mock_system_command("check_http", ["-H '#{domain}'"], stdout: response) do + mock_system_command("check_http", ["-C 0", "-H", domain], stdout: response) do @processor.send(:process, check) end diff --git a/test/services/ssl_test.rb b/test/services/ssl_test.rb index 5b98396..b544781 100644 --- a/test/services/ssl_test.rb +++ b/test/services/ssl_test.rb @@ -7,7 +7,7 @@ module SSL test "should run the command, return the result" do result = OpenStruct.new(exit_status: 0) - mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass| + mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass| service = Service.new("example.org", system_klass: system_klass) assert_equal result, service.run_command end @@ -16,7 +16,7 @@ module SSL test "should raise an exception if exit status > 0" do result = OpenStruct.new(exit_status: 1) - mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass| + mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass| service = Service.new("example.org", system_klass: system_klass) assert_raises SSLCommandError do @@ -37,21 +37,31 @@ module SSL test "should uses the command line arguments of the configuration" do result = OpenStruct.new(exit_status: 0) - config = OpenStruct.new(check_http_args: "-f follow -I 127.0.0.1") + config = OpenStruct.new(check_http_args: ["-f", "-I 127.0.0.1"]) - expected_args = ["-f follow -I 127.0.0.1", "-H 'example.org'"] + expected_args = ["-C 0", "-H", "example.org", "-f", "-I 127.0.0.1"] mock_system_klass("check_http", expected_args, result) do |system_klass| service = Service.new("example.org", configuration: config, system_klass: system_klass) assert_equal result, service.run_command end end + test "should raise an error when check_http_args is not an array" do + black_hole = Naught.build(&:black_hole) + config = OpenStruct.new(check_http_args: "-f") + + assert_raises SSLConfigurationError do + service = Service.new("example.org", configuration: config, system_klass: black_hole) + service.run_command + end + end + test "should uses the program path from the configuration" do result = OpenStruct.new(exit_status: 0) config = OpenStruct.new(check_http_path: "/usr/local/custom/path") - mock_system_klass("/usr/local/custom/path", ["-H 'example.org'"], result) do |system_klass| - service = Service.new("example.org", configuration: config, system_klass: system_klass) + mock_system_klass("/usr/local/custom/path", ["-C 0", "-H", "example.org"], result) do |sys| + service = Service.new("example.org", configuration: config, system_klass: sys) assert_equal result, service.run_command end end