Merge pull request #2 from elfranne/cert

add certificate authentication
elfranne · Feb 6, 2024 · c0653ee · c0653ee
2 parents 02760c3 + 45630b5
commit c0653ee
Show file tree

Hide file tree

Showing 3 changed files with 70 additions and 6 deletions.
diff --git a/go.mod b/go.mod
@@ -1,10 +1,11 @@
 module github.com/elfranne/sensu-etcd-check
 
-go 1.19
+go 1.21
 
 require (
 	github.com/sensu/core/v2 v2.19.0
 	github.com/sensu/sensu-plugin-sdk v0.18.0
+	go.etcd.io/etcd/client/pkg/v3 v3.5.10
 	go.etcd.io/etcd/client/v3 v3.5.10
 )
 
@@ -37,7 +38,6 @@ require (
 	github.com/spf13/viper v1.7.0 // indirect
 	github.com/subosito/gotenv v1.2.0 // indirect
 	go.etcd.io/etcd/api/v3 v3.5.10 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.5.10 // indirect
 	go.uber.org/atomic v1.7.0 // indirect
 	go.uber.org/multierr v1.6.0 // indirect
 	go.uber.org/zap v1.17.0 // indirect

diff --git a/go.sum b/go.sum
@@ -45,6 +45,7 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
 github.com/echlebek/crock v1.0.1 h1:KbzamClMIfVIkkjq/GTXf+N16KylYBpiaTitO3f1ujg=
+github.com/echlebek/crock v1.0.1/go.mod h1:/kvwHRX3ZXHj/kHWJkjXDmzzRow54EJuHtQ/PapL/HI=
 github.com/echlebek/timeproxy v1.0.0 h1:V41/v8tmmMDNMA2GrBPI45nlXb3F7+OY+nJz1BqKsCk=
 github.com/echlebek/timeproxy v1.0.0/go.mod h1:0dg2Lnb8no/jFwoMQKMTU6iAivgoMptGqSTprhnrRtk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -184,6 +185,7 @@ github.com/sensu/core/v2 v2.19.0/go.mod h1:2etWGsa+nx5G2Q3CKiSJY9kSg8VhCgGzgp1Vy
 github.com/sensu/sensu-api-tools v0.1.0 h1:ctEyFIY1aKis1KqL7wOo+Apg/5t9X6vBVLzrqUUuBkQ=
 github.com/sensu/sensu-api-tools v0.1.0/go.mod h1:SNISS4OhwNSZI9/YKTQr1bghOEwed9ZT4v+ztKk1Mq0=
 github.com/sensu/sensu-go/types v0.12.0 h1:t8gupS1QhkuA/b9LzTaF0h6DBGHX2UzKHyuBPhj/PoA=
+github.com/sensu/sensu-go/types v0.12.0/go.mod h1:PHk3pUJHCsFzoXnKmm9ERfnHnerzaG2rjISWGcZq3os=
 github.com/sensu/sensu-licensing/v2 v2.2.1 h1:9JI4iVm4ujWN4etI/Kdper6Q2lOn3HIEaGe234N8j40=
 github.com/sensu/sensu-licensing/v2 v2.2.1/go.mod h1:53lwddwN4XwZUld5KtnWQduSH6F8rBOsWuEk2EUeooI=
 github.com/sensu/sensu-plugin-sdk v0.18.0 h1:aR5N9SsqRm1NqiJo7k8GeLEPwGQIfeY4bbePPByUdnI=
@@ -216,6 +218,7 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -397,6 +400,7 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

diff --git a/main.go b/main.go
@@ -2,19 +2,27 @@ package main
 
 import (
 	"context"
+	"crypto/tls"
+	"errors"
 	"fmt"
+	"os"
 	"time"
 
 	corev2 "github.com/sensu/core/v2"
 	"github.com/sensu/sensu-plugin-sdk/sensu"
+	"go.etcd.io/etcd/client/pkg/v3/transport"
 	clientv3 "go.etcd.io/etcd/client/v3"
 )
 
 // Config represents the check plugin config.
 type Config struct {
 	sensu.PluginConfig
-	Url    []string
-	Size   int64
+	Url           []string
+	Size          int64
+	CertFile      string
+	KeyFile       string
+	TrustedCAFile string
+	Timeout       int64
 }
 
 var (
@@ -37,10 +45,35 @@ var (
 		&sensu.PluginConfigOption[int64]{
 			Path:     "size",
 			Argument: "size",
-			Default:  3_000_000_000, // Alarm at 3G, default DB is set to 4G 
+			Default:  1_500_000_000, // Alarm at 1.5G, default DB is set to 2G
 			Usage:    "Maximum aatabase Size",
 			Value:    &plugin.Size,
 		},
+		&sensu.PluginConfigOption[string]{
+			Path:     "cert-file",
+			Argument: "cert-file",
+			Usage:    "Path to the cert",
+			Value:    &plugin.CertFile,
+		},
+		&sensu.PluginConfigOption[string]{
+			Path:     "key-file",
+			Argument: "key-file",
+			Usage:    "Path to the key",
+			Value:    &plugin.KeyFile,
+		},
+		&sensu.PluginConfigOption[string]{
+			Path:     "trusted-ca-file",
+			Argument: "trusted-ca-file",
+			Usage:    "Path to the CA file",
+			Value:    &plugin.TrustedCAFile,
+		},
+		&sensu.PluginConfigOption[int64]{
+			Path:     "timeout",
+			Argument: "timeout",
+			Usage:    "Request timeout",
+			Default:  5,
+			Value:    &plugin.Timeout,
+		},
 	}
 )
 
@@ -50,15 +83,42 @@ func main() {
 }
 
 func checkArgs(event *corev2.Event) (int, error) {
+
+	if _, err := os.Stat(plugin.CertFile); errors.Is(err, os.ErrNotExist) {
+		fmt.Printf("could not load certificate(%s): %v", plugin.CertFile, err)
+		return sensu.CheckStateCritical, nil
+	}
+
+	if _, err := os.Stat(plugin.KeyFile); errors.Is(err, os.ErrNotExist) {
+		fmt.Printf("could not load certificate key(%s): %v", plugin.KeyFile, err)
+		return sensu.CheckStateCritical, nil
+	}
+
+	if _, err := os.Stat(plugin.TrustedCAFile); errors.Is(err, os.ErrNotExist) {
+		fmt.Printf("could not load CA(%s): %v", plugin.TrustedCAFile, err)
+		return sensu.CheckStateCritical, nil
+	}
+
 	return sensu.CheckStateOK, nil
 }
 
 func executeCheck(event *corev2.Event) (int, error) {
+	tlsConfig := &tls.Config{}
+	if len(plugin.CertFile) > 0 && len(plugin.KeyFile) > 0 && len(plugin.TrustedCAFile) > 0 {
+		tlsInfo := transport.TLSInfo{
+			CertFile:      plugin.CertFile,
+			KeyFile:       plugin.KeyFile,
+			TrustedCAFile: plugin.TrustedCAFile,
+		}
+		tlsConfig, _ = tlsInfo.ClientConfig()
+	}
 
 	cli, err := clientv3.New(clientv3.Config{
 		Endpoints:   plugin.Url,
-		DialTimeout: 5 * time.Second,
+		DialTimeout: time.Duration(plugin.Timeout) * time.Second,
+		TLS:         tlsConfig,
 	})
+
 	if err != nil {
 		fmt.Printf("could not connect: %s", err)
 		return sensu.CheckStateCritical, nil