mirror of
https://github.com/Luzifer/promcertcheck.git
synced 2024-11-09 16:30:04 +00:00
Minor refactorings
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
f33bab0447
commit
1a6262c51f
3 changed files with 36 additions and 31 deletions
3
Makefile
3
Makefile
|
@ -10,7 +10,8 @@ test:
|
||||||
--probe="https://gobuilder.me/" \
|
--probe="https://gobuilder.me/" \
|
||||||
--probe="https://pwd.luzifer.io/" \
|
--probe="https://pwd.luzifer.io/" \
|
||||||
--probe="https://www.itpad.de/" \
|
--probe="https://www.itpad.de/" \
|
||||||
--probe="https://mondash.org/"
|
--probe="https://mondash.org/" \
|
||||||
|
--log-level debug
|
||||||
|
|
||||||
container:
|
container:
|
||||||
docker build -t luzifer/promcertcheck .
|
docker build -t luzifer/promcertcheck .
|
||||||
|
|
4
cert.go
4
cert.go
|
@ -26,7 +26,7 @@ func (p probeResult) String() string {
|
||||||
case certificateOK:
|
case certificateOK:
|
||||||
return "Certificate OK"
|
return "Certificate OK"
|
||||||
case certificateExpiresSoon:
|
case certificateExpiresSoon:
|
||||||
return fmt.Sprintf("Certificate expires within %s", config.ExpireWarning)
|
return fmt.Sprintf("Certificate expires within %s", cfg.ExpireWarning)
|
||||||
case certificateInvalid:
|
case certificateInvalid:
|
||||||
return "Certificate invalid / intermediate certificates not present"
|
return "Certificate invalid / intermediate certificates not present"
|
||||||
case certificateNotFound:
|
case certificateNotFound:
|
||||||
|
@ -91,7 +91,7 @@ func checkCertificate(probeURL *url.URL) (probeResult, *x509.Certificate) {
|
||||||
return certificateInvalid, verifyCert
|
return certificateInvalid, verifyCert
|
||||||
}
|
}
|
||||||
|
|
||||||
if verifyCert.NotAfter.Sub(time.Now()) < config.ExpireWarning {
|
if verifyCert.NotAfter.Sub(time.Now()) < cfg.ExpireWarning {
|
||||||
checkLogger.Debug("Certificate expires soon")
|
checkLogger.Debug("Certificate expires soon")
|
||||||
return certificateExpiresSoon, verifyCert
|
return certificateExpiresSoon, verifyCert
|
||||||
}
|
}
|
||||||
|
|
60
main.go
60
main.go
|
@ -21,13 +21,13 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
config = struct {
|
cfg struct {
|
||||||
Debug bool `flag:"debug" default:"false" description:"Output debugging data"`
|
ExpireWarning time.Duration `flag:"expire-warning" default:"744h" description:"When to warn about a soon expiring certificate"`
|
||||||
ExpireWarning time.Duration `flag:"expire-warning" default:"744h" description:"When to warn about a soon expiring certificate"`
|
RootsDir string `flag:"roots-dir" default:"" description:"Directory to load custom RootCA certs from to be trusted (*.pem)"`
|
||||||
RootsDir string `flag:"roots-dir" default:"" description:"Directory to load custom RootCA certs from to be trusted (*.pem)"`
|
LogLevel string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"`
|
||||||
LogLevel string `flag:"log-level" default:"info" description:"Verbosity of logs to use (debug, info, warning, error, ...)"`
|
Probes []string `flag:"probe" default:"" description:"URLs to check for certificate issues"`
|
||||||
Probes []string `flag:"probe" default:"" description:"URLs to check for certificate issues"`
|
VersionAndExit bool `flag:"version" default:"false" description:"Print program version and exit"`
|
||||||
}{}
|
}
|
||||||
|
|
||||||
version = "dev"
|
version = "dev"
|
||||||
|
|
||||||
|
@ -45,11 +45,16 @@ type probeMonitor struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
if err := rconfig.Parse(&config); err != nil {
|
if err := rconfig.Parse(&cfg); err != nil {
|
||||||
log.Fatalf("Unable to parse CLI parameters: %s", err)
|
log.Fatalf("Unable to parse CLI parameters: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if logLevel, err := log.ParseLevel(config.LogLevel); err == nil {
|
if cfg.VersionAndExit {
|
||||||
|
fmt.Printf("promcertcheck %s\n", version)
|
||||||
|
os.Exit(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
if logLevel, err := log.ParseLevel(cfg.LogLevel); err == nil {
|
||||||
log.SetLevel(logLevel)
|
log.SetLevel(logLevel)
|
||||||
} else {
|
} else {
|
||||||
log.Fatalf("Unable to parse log level: %s", err)
|
log.Fatalf("Unable to parse log level: %s", err)
|
||||||
|
@ -91,12 +96,12 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func loadAdditionalRootCAPool() error {
|
func loadAdditionalRootCAPool() error {
|
||||||
if config.RootsDir == "" {
|
if cfg.RootsDir == "" {
|
||||||
// Nothing specified, not loading anything but sys certs
|
// Nothing specified, not loading anything but sys certs
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
return filepath.Walk(config.RootsDir, func(path string, info os.FileInfo, err error) error {
|
return filepath.Walk(cfg.RootsDir, func(path string, info os.FileInfo, err error) error {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -122,7 +127,7 @@ func loadAdditionalRootCAPool() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func registerProbes() {
|
func registerProbes() {
|
||||||
for _, probe := range config.Probes {
|
for _, probe := range cfg.Probes {
|
||||||
probeURL, _ := url.Parse(probe)
|
probeURL, _ := url.Parse(probe)
|
||||||
|
|
||||||
monitors := &probeMonitor{}
|
monitors := &probeMonitor{}
|
||||||
|
@ -149,26 +154,25 @@ func registerProbes() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func refreshCertificateStatus() {
|
func refreshCertificateStatus() {
|
||||||
for _, probe := range config.Probes {
|
for _, probe := range cfg.Probes {
|
||||||
probeURL, _ := url.Parse(probe)
|
probeURL, _ := url.Parse(probe)
|
||||||
verificationResult, verifyCert := checkCertificate(probeURL)
|
verificationResult, verifyCert := checkCertificate(probeURL)
|
||||||
|
|
||||||
if config.Debug {
|
probeLog := log.WithFields(log.Fields{
|
||||||
fmt.Printf("---\nProbe: %s\nResult: %s\n",
|
"host": probeURL.Host,
|
||||||
probeURL.Host,
|
"result": verificationResult,
|
||||||
verificationResult,
|
})
|
||||||
)
|
if verifyCert != nil {
|
||||||
if verifyCert != nil {
|
probeLog = probeLog.WithFields(log.Fields{
|
||||||
fmt.Printf("Version: %d\nSerial: %d\nSubject: %s\nExpires: %s\nIssuer: %s\nAlt Names: %s\n",
|
"version": verifyCert.Version,
|
||||||
verifyCert.Version,
|
"serial": verifyCert.SerialNumber,
|
||||||
verifyCert.SerialNumber,
|
"subject": verifyCert.Subject.CommonName,
|
||||||
verifyCert.Subject.CommonName,
|
"expires": verifyCert.NotAfter,
|
||||||
verifyCert.NotAfter,
|
"issuer": verifyCert.Issuer.CommonName,
|
||||||
verifyCert.Issuer.CommonName,
|
"alt_names": strings.Join(verifyCert.DNSNames, ", "),
|
||||||
strings.Join(verifyCert.DNSNames, ", "),
|
})
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
probeLog.Debug("Probe finished")
|
||||||
|
|
||||||
if verifyCert != nil {
|
if verifyCert != nil {
|
||||||
probeMonitors[probeURL.Host].Expires.Set(float64(verifyCert.NotAfter.UTC().Unix()))
|
probeMonitors[probeURL.Host].Expires.Set(float64(verifyCert.NotAfter.UTC().Unix()))
|
||||||
|
|
Loading…
Reference in a new issue