Created
May 24, 2017 18:10
-
-
Save tf/4d71c4689fe7acd57c1d2ce552f633f3 to your computer and use it in GitHub Desktop.
Nagios Checks with specs for CertWatch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'nagios_check' | |
module CertWatch | |
module NagiosChecks | |
# Ensure installed certifcates are renewed regularly | |
class ExpiringCertificatesCheck | |
include NagiosCheck | |
enable_warning | |
enable_critical | |
enable_timeout | |
def check | |
store_value(:max_installed_certificate_age_in_days, max_installed_certificate_age_in_days) | |
store_value(:expiring_certificates_count, expiring_certificates_count) | |
store_message('Oldest certificate has been renewed ' \ | |
"#{max_installed_certificate_age_in_days} days ago " \ | |
"(#{expiring_certificates_count} certificates waiting to be renewed)") | |
end | |
private | |
def max_installed_certificate_age_in_days | |
oldest_installed_certificate ? days_since(oldest_installed_certificate.last_renewed_at) : 0 | |
end | |
def oldest_installed_certificate | |
@oldest_installed_certificate ||= | |
CertWatch::Certificate.installed.order('last_renewed_at ASC').first | |
end | |
def days_since(time) | |
((Time.now - time) / 1.day).floor | |
end | |
def expiring_certificates_count | |
CertWatch::Certificate.installed.expiring.count | |
end | |
end | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
module CertWatch | |
module NagiosChecks | |
describe ExpiringCertificatesCheck do | |
it 'is warning when an installed certificate has not been renewed for more than w days' do | |
check = ExpiringCertificatesCheck.new | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'installed', | |
last_renewed_at: 31.days.ago, | |
last_installed_at: 31.days.ago) | |
result = check.perform(%w(-w 30 -c 40)) | |
expect(result).to be_warning | |
end | |
it 'is critical when an installed certificate has not been renewed for more than c days' do | |
check = ExpiringCertificatesCheck.new | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'installed', | |
last_renewed_at: 41.days.ago, | |
last_installed_at: 41.days.ago) | |
result = check.perform(%w(-w 30 -c 40)) | |
expect(result).to be_critical | |
end | |
it 'is ok when all installed certificates have recently been renewed' do | |
check = ExpiringCertificatesCheck.new | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'installed', | |
last_renewed_at: 2.days.ago, | |
last_installed_at: 2.days.ago) | |
result = check.perform(%w(-w 30 -c 40)) | |
expect(result).to be_ok | |
end | |
it 'ignores abandoned certificates' do | |
check = ExpiringCertificatesCheck.new | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'abandoned', | |
last_renewed_at: 100.days.ago, | |
last_installed_at: 100.days.ago) | |
result = check.perform(%w(-w 30 -c 40)) | |
expect(result).to be_ok | |
end | |
it 'reports number of exiring installed certificates' do | |
check = ExpiringCertificatesCheck.new | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'installed', | |
last_renewed_at: 1.days.ago, | |
last_installed_at: 1.days.ago) | |
CertWatch::Certificate.create!(domain: 'some.example.com', | |
state: 'installed', | |
last_renewed_at: 100.days.ago, | |
last_installed_at: 100.days.ago) | |
result = check.perform(%w(-w 30 -c 40)) | |
expect(result.values[:expiring_certificates_count]).to eq(1) | |
end | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment