mirror of
https://github.com/Evolix/chexpire.git
synced 2024-04-29 23:40:49 +02:00
commit
60f99a6373
|
@ -101,6 +101,7 @@ class Check < ApplicationRecord
|
||||||
return unless saved_changes.key?("domain")
|
return unless saved_changes.key?("domain")
|
||||||
|
|
||||||
WhoisSyncJob.perform_later(id) if domain?
|
WhoisSyncJob.perform_later(id) if domain?
|
||||||
|
SSLSyncJob.perform_later(id) if ssl?
|
||||||
end
|
end
|
||||||
|
|
||||||
def reset_notifications
|
def reset_notifications
|
||||||
|
|
|
@ -34,6 +34,7 @@ module SSL
|
||||||
|
|
||||||
def run_command
|
def run_command
|
||||||
command = system_klass.new(check_http_path, check_http_args, logger: logger)
|
command = system_klass.new(check_http_path, check_http_args, logger: logger)
|
||||||
|
|
||||||
result = command.execute
|
result = command.execute
|
||||||
|
|
||||||
unless result.exit_status.zero?
|
unless result.exit_status.zero?
|
||||||
|
@ -54,11 +55,22 @@ module SSL
|
||||||
|
|
||||||
def check_http_args
|
def check_http_args
|
||||||
[
|
[
|
||||||
configuration.check_http_args.presence,
|
"-C 0", # enable SSL mode without any delay warning
|
||||||
"-H '#{domain}'",
|
"-H", # check_http does not works with fully quoted arg (check_http "-H myhost.org")
|
||||||
|
domain,
|
||||||
|
*custom_check_http_args,
|
||||||
].compact
|
].compact
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def custom_check_http_args
|
||||||
|
return nil unless configuration.check_http_args.present?
|
||||||
|
|
||||||
|
fail SSLConfigurationError, "check_http_args option must be an array of argument." \
|
||||||
|
unless configuration.check_http_args.is_a?(Array)
|
||||||
|
|
||||||
|
configuration.check_http_args
|
||||||
|
end
|
||||||
|
|
||||||
def default_configuration
|
def default_configuration
|
||||||
OpenStruct.new(Rails.configuration.chexpire.fetch("checks_ssl") { {} })
|
OpenStruct.new(Rails.configuration.chexpire.fetch("checks_ssl") { {} })
|
||||||
end
|
end
|
||||||
|
|
|
@ -2,6 +2,7 @@ module SSL
|
||||||
class Error < StandardError; end
|
class Error < StandardError; end
|
||||||
|
|
||||||
class SSLCommandError < Error; end
|
class SSLCommandError < Error; end
|
||||||
|
class SSLConfigurationError < Error; end
|
||||||
|
|
||||||
class ParserError < Error; end
|
class ParserError < Error; end
|
||||||
class DomainNotMatchError < ParserError; end
|
class DomainNotMatchError < ParserError; end
|
||||||
|
|
|
@ -17,7 +17,7 @@ module SSL
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse(raw)
|
def parse(raw)
|
||||||
fail DomainNotMatchError unless match_domain?(raw)
|
# fail DomainNotMatchError unless match_domain?(raw) # currently disabled
|
||||||
|
|
||||||
match = raw.match(DATE_REGEX)
|
match = raw.match(DATE_REGEX)
|
||||||
|
|
||||||
|
@ -33,8 +33,14 @@ module SSL
|
||||||
raise
|
raise
|
||||||
end
|
end
|
||||||
|
|
||||||
def match_domain?(raw)
|
def match_domain?(raw, tested_domain = domain)
|
||||||
raw.match(/\b#{domain}\b/).present?
|
return true if raw.match(/\b#{tested_domain}\b/).present?
|
||||||
|
parts = tested_domain.split(".")
|
||||||
|
|
||||||
|
return false if parts.count <= 2
|
||||||
|
|
||||||
|
parts.shift
|
||||||
|
match_domain?(raw, parts.join("."))
|
||||||
end
|
end
|
||||||
|
|
||||||
def build_response(match)
|
def build_response(match)
|
||||||
|
|
|
@ -8,8 +8,8 @@ default: &default
|
||||||
long_term: 60
|
long_term: 60
|
||||||
long_term_frequency: 10
|
long_term_frequency: 10
|
||||||
checks_ssl:
|
checks_ssl:
|
||||||
check_http_path: ""
|
check_http_path: # default to check_http in $PATH)
|
||||||
check_http_args: ""
|
check_http_args: # array of arguments appended to defaults: -C 0 -H $HOSTNAME.
|
||||||
|
|
||||||
development:
|
development:
|
||||||
<<: *default
|
<<: *default
|
||||||
|
|
|
@ -9,5 +9,5 @@ test:
|
||||||
long_term: 60
|
long_term: 60
|
||||||
long_term_frequency: 10
|
long_term_frequency: 10
|
||||||
checks_ssl:
|
checks_ssl:
|
||||||
check_http_path: ""
|
check_http_path:
|
||||||
check_http_args: ""
|
check_http_args:
|
||||||
|
|
1
test/fixtures/files/ssl/wildcard.domain.org.txt
vendored
Normal file
1
test/fixtures/files/ssl/wildcard.domain.org.txt
vendored
Normal file
|
@ -0,0 +1 @@
|
||||||
|
OK - Certificate 'domain.org' will expire on Sat 10 Jun 2028 09:14:18 AM GMT +0000.
|
|
@ -63,6 +63,6 @@ class SSLSyncJobTest < ActiveJob::TestCase
|
||||||
end
|
end
|
||||||
|
|
||||||
def expected_command_arg(domain)
|
def expected_command_arg(domain)
|
||||||
["-H '#{domain}'"]
|
["-C 0", "-H", domain]
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,7 +10,7 @@ class CheckSSLProcessorTest < ActiveSupport::TestCase
|
||||||
check = create(:check, :ssl, :nil_dates, domain: domain)
|
check = create(:check, :ssl, :nil_dates, domain: domain)
|
||||||
|
|
||||||
response = file_fixture("ssl/ssl0.domain.org.txt").read
|
response = file_fixture("ssl/ssl0.domain.org.txt").read
|
||||||
mock_system_command("check_http", ["-H '#{domain}'"], stdout: response) do
|
mock_system_command("check_http", ["-C 0", "-H", domain], stdout: response) do
|
||||||
@processor.send(:process, check)
|
@processor.send(:process, check)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -24,14 +24,32 @@ module SSL
|
||||||
assert response.expire_at.utc?
|
assert response.expire_at.utc?
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should raises DomainNotMatchError when parsed text does not match the domain" do
|
# test "should raises DomainNotMatchError when parsed text does not match the domain" do
|
||||||
parser = Parser.new("anotherdomain.fr")
|
# parser = Parser.new("anotherdomain.fr")
|
||||||
output = file_fixture("ssl/ssl1.domain.org.txt").read
|
# output = file_fixture("ssl/ssl1.domain.org.txt").read
|
||||||
|
#
|
||||||
|
# assert_raises DomainNotMatchError do
|
||||||
|
# parser.parse(output)
|
||||||
|
# end
|
||||||
|
# end
|
||||||
|
|
||||||
assert_raises DomainNotMatchError do
|
test "should accept responses for wildcard certificates" do
|
||||||
parser.parse(output)
|
parser = Parser.new("ssl1.domain.org")
|
||||||
end
|
output = file_fixture("ssl/wildcard.domain.org.txt").read
|
||||||
|
|
||||||
|
response = parser.parse(output)
|
||||||
|
|
||||||
|
assert_equal Time.new(2028, 6, 10, 9, 14, 18, 0), response.expire_at
|
||||||
|
assert response.expire_at.utc?
|
||||||
|
|
||||||
|
parser = Parser.new("deep.ssl1.domain.org")
|
||||||
|
output = file_fixture("ssl/wildcard.domain.org.txt").read
|
||||||
|
|
||||||
|
response = parser.parse(output)
|
||||||
|
|
||||||
|
assert_equal Time.new(2028, 6, 10, 9, 14, 18, 0), response.expire_at
|
||||||
end
|
end
|
||||||
|
|
||||||
test "should raises InvalidResponseError when check response is not matched" do
|
test "should raises InvalidResponseError when check response is not matched" do
|
||||||
parser = Parser.new("ssl100.invalid.org")
|
parser = Parser.new("ssl100.invalid.org")
|
||||||
output = file_fixture("ssl/ssl100.invalid.org.txt").read
|
output = file_fixture("ssl/ssl100.invalid.org.txt").read
|
||||||
|
|
|
@ -7,7 +7,7 @@ module SSL
|
||||||
test "should run the command, return the result" do
|
test "should run the command, return the result" do
|
||||||
result = OpenStruct.new(exit_status: 0)
|
result = OpenStruct.new(exit_status: 0)
|
||||||
|
|
||||||
mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass|
|
mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
|
||||||
service = Service.new("example.org", system_klass: system_klass)
|
service = Service.new("example.org", system_klass: system_klass)
|
||||||
assert_equal result, service.run_command
|
assert_equal result, service.run_command
|
||||||
end
|
end
|
||||||
|
@ -16,7 +16,7 @@ module SSL
|
||||||
test "should raise an exception if exit status > 0" do
|
test "should raise an exception if exit status > 0" do
|
||||||
result = OpenStruct.new(exit_status: 1)
|
result = OpenStruct.new(exit_status: 1)
|
||||||
|
|
||||||
mock_system_klass("check_http", ["-H 'example.org'"], result) do |system_klass|
|
mock_system_klass("check_http", ["-C 0", "-H", "example.org"], result) do |system_klass|
|
||||||
service = Service.new("example.org", system_klass: system_klass)
|
service = Service.new("example.org", system_klass: system_klass)
|
||||||
|
|
||||||
assert_raises SSLCommandError do
|
assert_raises SSLCommandError do
|
||||||
|
@ -37,21 +37,31 @@ module SSL
|
||||||
|
|
||||||
test "should uses the command line arguments of the configuration" do
|
test "should uses the command line arguments of the configuration" do
|
||||||
result = OpenStruct.new(exit_status: 0)
|
result = OpenStruct.new(exit_status: 0)
|
||||||
config = OpenStruct.new(check_http_args: "-f follow -I 127.0.0.1")
|
config = OpenStruct.new(check_http_args: ["-f", "-I 127.0.0.1"])
|
||||||
|
|
||||||
expected_args = ["-f follow -I 127.0.0.1", "-H 'example.org'"]
|
expected_args = ["-C 0", "-H", "example.org", "-f", "-I 127.0.0.1"]
|
||||||
mock_system_klass("check_http", expected_args, result) do |system_klass|
|
mock_system_klass("check_http", expected_args, result) do |system_klass|
|
||||||
service = Service.new("example.org", configuration: config, system_klass: system_klass)
|
service = Service.new("example.org", configuration: config, system_klass: system_klass)
|
||||||
assert_equal result, service.run_command
|
assert_equal result, service.run_command
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "should raise an error when check_http_args is not an array" do
|
||||||
|
black_hole = Naught.build(&:black_hole)
|
||||||
|
config = OpenStruct.new(check_http_args: "-f")
|
||||||
|
|
||||||
|
assert_raises SSLConfigurationError do
|
||||||
|
service = Service.new("example.org", configuration: config, system_klass: black_hole)
|
||||||
|
service.run_command
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
test "should uses the program path from the configuration" do
|
test "should uses the program path from the configuration" do
|
||||||
result = OpenStruct.new(exit_status: 0)
|
result = OpenStruct.new(exit_status: 0)
|
||||||
config = OpenStruct.new(check_http_path: "/usr/local/custom/path")
|
config = OpenStruct.new(check_http_path: "/usr/local/custom/path")
|
||||||
|
|
||||||
mock_system_klass("/usr/local/custom/path", ["-H 'example.org'"], result) do |system_klass|
|
mock_system_klass("/usr/local/custom/path", ["-C 0", "-H", "example.org"], result) do |sys|
|
||||||
service = Service.new("example.org", configuration: config, system_klass: system_klass)
|
service = Service.new("example.org", configuration: config, system_klass: sys)
|
||||||
assert_equal result, service.run_command
|
assert_equal result, service.run_command
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue