From 45630b5c2f2ee3f6d7fb58b1ce9e81b0cd109239 Mon Sep 17 00:00:00 2001 From: Elfranne Date: Tue, 6 Feb 2024 12:06:07 +0100 Subject: [PATCH] add certificate authentication --- go.mod | 4 ++-- go.sum | 4 ++++ main.go | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 3 files changed, 70 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 8c5435a..3efaacd 100644 --- a/go.mod +++ b/go.mod @@ -1,10 +1,11 @@ module github.com/elfranne/sensu-etcd-check -go 1.19 +go 1.21 require ( github.com/sensu/core/v2 v2.19.0 github.com/sensu/sensu-plugin-sdk v0.18.0 + go.etcd.io/etcd/client/pkg/v3 v3.5.10 go.etcd.io/etcd/client/v3 v3.5.10 ) @@ -37,7 +38,6 @@ require ( github.com/spf13/viper v1.7.0 // indirect github.com/subosito/gotenv v1.2.0 // indirect go.etcd.io/etcd/api/v3 v3.5.10 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect go.uber.org/atomic v1.7.0 // indirect go.uber.org/multierr v1.6.0 // indirect go.uber.org/zap v1.17.0 // indirect diff --git a/go.sum b/go.sum index 8da8214..a759800 100644 --- a/go.sum +++ b/go.sum @@ -45,6 +45,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/echlebek/crock v1.0.1 h1:KbzamClMIfVIkkjq/GTXf+N16KylYBpiaTitO3f1ujg= +github.com/echlebek/crock v1.0.1/go.mod h1:/kvwHRX3ZXHj/kHWJkjXDmzzRow54EJuHtQ/PapL/HI= github.com/echlebek/timeproxy v1.0.0 h1:V41/v8tmmMDNMA2GrBPI45nlXb3F7+OY+nJz1BqKsCk= github.com/echlebek/timeproxy v1.0.0/go.mod h1:0dg2Lnb8no/jFwoMQKMTU6iAivgoMptGqSTprhnrRtk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -184,6 +185,7 @@ github.com/sensu/core/v2 v2.19.0/go.mod h1:2etWGsa+nx5G2Q3CKiSJY9kSg8VhCgGzgp1Vy github.com/sensu/sensu-api-tools v0.1.0 h1:ctEyFIY1aKis1KqL7wOo+Apg/5t9X6vBVLzrqUUuBkQ= github.com/sensu/sensu-api-tools v0.1.0/go.mod h1:SNISS4OhwNSZI9/YKTQr1bghOEwed9ZT4v+ztKk1Mq0= github.com/sensu/sensu-go/types v0.12.0 h1:t8gupS1QhkuA/b9LzTaF0h6DBGHX2UzKHyuBPhj/PoA= +github.com/sensu/sensu-go/types v0.12.0/go.mod h1:PHk3pUJHCsFzoXnKmm9ERfnHnerzaG2rjISWGcZq3os= github.com/sensu/sensu-licensing/v2 v2.2.1 h1:9JI4iVm4ujWN4etI/Kdper6Q2lOn3HIEaGe234N8j40= github.com/sensu/sensu-licensing/v2 v2.2.1/go.mod h1:53lwddwN4XwZUld5KtnWQduSH6F8rBOsWuEk2EUeooI= github.com/sensu/sensu-plugin-sdk v0.18.0 h1:aR5N9SsqRm1NqiJo7k8GeLEPwGQIfeY4bbePPByUdnI= @@ -216,6 +218,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -397,6 +400,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/main.go b/main.go index e7f2272..8f3d841 100644 --- a/main.go +++ b/main.go @@ -2,19 +2,27 @@ package main import ( "context" + "crypto/tls" + "errors" "fmt" + "os" "time" corev2 "github.com/sensu/core/v2" "github.com/sensu/sensu-plugin-sdk/sensu" + "go.etcd.io/etcd/client/pkg/v3/transport" clientv3 "go.etcd.io/etcd/client/v3" ) // Config represents the check plugin config. type Config struct { sensu.PluginConfig - Url []string - Size int64 + Url []string + Size int64 + CertFile string + KeyFile string + TrustedCAFile string + Timeout int64 } var ( @@ -37,10 +45,35 @@ var ( &sensu.PluginConfigOption[int64]{ Path: "size", Argument: "size", - Default: 3_000_000_000, // Alarm at 3G, default DB is set to 4G + Default: 1_500_000_000, // Alarm at 1.5G, default DB is set to 2G Usage: "Maximum aatabase Size", Value: &plugin.Size, }, + &sensu.PluginConfigOption[string]{ + Path: "cert-file", + Argument: "cert-file", + Usage: "Path to the cert", + Value: &plugin.CertFile, + }, + &sensu.PluginConfigOption[string]{ + Path: "key-file", + Argument: "key-file", + Usage: "Path to the key", + Value: &plugin.KeyFile, + }, + &sensu.PluginConfigOption[string]{ + Path: "trusted-ca-file", + Argument: "trusted-ca-file", + Usage: "Path to the CA file", + Value: &plugin.TrustedCAFile, + }, + &sensu.PluginConfigOption[int64]{ + Path: "timeout", + Argument: "timeout", + Usage: "Request timeout", + Default: 5, + Value: &plugin.Timeout, + }, } ) @@ -50,15 +83,42 @@ func main() { } func checkArgs(event *corev2.Event) (int, error) { + + if _, err := os.Stat(plugin.CertFile); errors.Is(err, os.ErrNotExist) { + fmt.Printf("could not load certificate(%s): %v", plugin.CertFile, err) + return sensu.CheckStateCritical, nil + } + + if _, err := os.Stat(plugin.KeyFile); errors.Is(err, os.ErrNotExist) { + fmt.Printf("could not load certificate key(%s): %v", plugin.KeyFile, err) + return sensu.CheckStateCritical, nil + } + + if _, err := os.Stat(plugin.TrustedCAFile); errors.Is(err, os.ErrNotExist) { + fmt.Printf("could not load CA(%s): %v", plugin.TrustedCAFile, err) + return sensu.CheckStateCritical, nil + } + return sensu.CheckStateOK, nil } func executeCheck(event *corev2.Event) (int, error) { + tlsConfig := &tls.Config{} + if len(plugin.CertFile) > 0 && len(plugin.KeyFile) > 0 && len(plugin.TrustedCAFile) > 0 { + tlsInfo := transport.TLSInfo{ + CertFile: plugin.CertFile, + KeyFile: plugin.KeyFile, + TrustedCAFile: plugin.TrustedCAFile, + } + tlsConfig, _ = tlsInfo.ClientConfig() + } cli, err := clientv3.New(clientv3.Config{ Endpoints: plugin.Url, - DialTimeout: 5 * time.Second, + DialTimeout: time.Duration(plugin.Timeout) * time.Second, + TLS: tlsConfig, }) + if err != nil { fmt.Printf("could not connect: %s", err) return sensu.CheckStateCritical, nil