def test_cert_warning_seconds(aggregator, instance_remote_cert_warning_seconds): c = TLSCheck('tls', {}, [instance_remote_cert_warning_seconds]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, status=c.WARNING, tags=c._tags, count=1) aggregator.assert_metric('tls.days_left', count=1) aggregator.assert_metric('tls.seconds_left', count=1) aggregator.assert_all_metrics_covered()
def test_version_init_config_default(aggregator, instance_remote_version_default_1_1): c = TLSCheck('tls', {'allowed_versions': ['1.1']}, [instance_remote_version_default_1_1]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_metric('tls.days_left', count=1) aggregator.assert_metric('tls.seconds_left', count=1) aggregator.assert_all_metrics_covered()
def test_tags_remote(): instance = {'name': 'foo', 'server': 'https://www.google.com'} c = TLSCheck('tls', {}, [instance]) assert c._tags == [ 'name:foo', 'server_hostname:www.google.com', 'server:www.google.com', 'port:443' ]
def test_tags_local_hostname(): instance = { 'name': 'foo', 'local_cert_path': 'cert.pem', 'server_hostname': 'www.google.com' } c = TLSCheck('tls', {}, [instance]) assert c._tags == ['name:foo', 'server_hostname:www.google.com']
def test_config(extra_config, expected_http_kwargs): instance = { 'name': 'foo', } instance.update(extra_config) c = TLSCheck('tls', {}, [instance]) c.get_tls_context() # need to call this for config values to be saved by _tls_context_wrapper actual_options = {k: v for k, v in c._tls_context_wrapper.config.items() if k in expected_http_kwargs} assert expected_http_kwargs == actual_options
def test_tags_local_hostname_no_validation(): instance = { 'name': 'foo', 'local_cert_path': 'cert.pem', 'server_hostname': 'www.google.com', 'tls_validate_hostname': False, } c = TLSCheck('tls', {}, [instance]) assert c._tags == ['name:foo']
def test_cert_bad(aggregator, instance_local_cert_bad): c = TLSCheck('tls', {}, [instance_local_cert_bad]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0) aggregator.assert_all_metrics_covered()
def test_hostname_mismatch(aggregator, instance_local_hostname_mismatch): c = TLSCheck('tls', {}, [instance_local_hostname_mismatch]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_metric('tls.days_left', count=1) aggregator.assert_metric('tls.seconds_left', count=1) aggregator.assert_all_metrics_covered()
def test_no_connect_port_in_host(aggregator, instance_remote_no_connect_port_in_host): c = TLSCheck('tls', {}, [instance_remote_no_connect_port_in_host]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.CRITICAL, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0) message = 'Unable to resolve host, check your DNS' assert message not in aggregator.service_checks(c.SERVICE_CHECK_CAN_CONNECT)[0].message aggregator.assert_all_metrics_covered()
def test_cert_expired(aggregator, mock_dns, instance_remote_cert_expired): c = TLSCheck('tls', {}, [instance_remote_cert_expired]) c.check(None) aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1) if PY2: aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0) else: aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check( c.SERVICE_CHECK_EXPIRATION, status=c.CRITICAL, tags=c._tags, message='Certificate has expired', count=1 ) aggregator.assert_all_metrics_covered()
def test_no_connect_ipv6(aggregator, instance_remote_no_connect): c = TLSCheck('tls', {}, [instance_remote_no_connect]) with mock.patch('socket.getaddrinfo', return_value=()): c.check(None) aggregator.assert_service_check( c.SERVICE_CHECK_CAN_CONNECT, status=c.CRITICAL, tags=c._tags, message='No valid addresses found, try checking your IPv6 connectivity', count=1, ) aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, count=0) aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0) aggregator.assert_all_metrics_covered()
def test_ok_der(aggregator, instance_local_ok_der): c = TLSCheck('tls', {}, [instance_local_ok_der]) c.check(None) aggregator.assert_service_check(SERVICE_CHECK_CAN_CONNECT, count=0) aggregator.assert_service_check(SERVICE_CHECK_VERSION, count=0) aggregator.assert_service_check(SERVICE_CHECK_VALIDATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_service_check(SERVICE_CHECK_EXPIRATION, status=c.OK, tags=c._tags, count=1) aggregator.assert_metric('tls.days_left', count=1) aggregator.assert_metric('tls.seconds_left', count=1) aggregator.assert_all_metrics_covered()
def test_no_server_hostname(instance_local_no_server_hostname): c = TLSCheck('tls', {}, [instance_local_no_server_hostname]) with pytest.raises(ConfigurationError): c.check(None)
def test_cert(): instance = {'cert': 'cert'} c = TLSCheck('tls', {}, [instance]) assert c._cert == os.path.expanduser(instance['cert'])
def test_private_key(): instance = {'private_key': 'private_key'} c = TLSCheck('tls', {}, [instance]) assert c._private_key == os.path.expanduser(instance['private_key'])
def test_validation_data(): c = TLSCheck('tls', {}, [{}]) assert c._validation_data is None assert c.validation_data == c._validation_data assert isinstance(c.validation_data, tuple)
def test_ca_cert_dir(): instance = {'ca_cert': '~'} c = TLSCheck('tls', {}, [instance]) assert c._cafile is None assert c._capath == os.path.expanduser(instance['ca_cert'])
def test_tls_context(): c = TLSCheck('tls', {}, [{}]) assert c._tls_context is None assert c.tls_context == c._tls_context assert isinstance(c.tls_context, ssl.SSLContext)
def test_tags_local(): instance = {'name': 'foo', 'local_cert_path': 'cert.pem'} c = TLSCheck('tls', {}, [instance]) assert c._tags == ['name:foo']
def test_right_class(instance_local_no_server_hostname): c = TLSCheck('tls', {}, [instance_local_no_server_hostname]) assert isinstance(c, TLSLocalCheck)
def test_local_cert_loader(): c = TLSCheck('tls', {}, [{}]) assert c._local_cert_loader is None assert c.local_cert_loader == c._local_cert_loader assert callable(c.local_cert_loader)
def test_no_server(instance_remote_no_server): c = TLSCheck('tls', {}, [instance_remote_no_server]) with pytest.raises(ConfigurationError): c.check(None)