def test_cert_warning_seconds(aggregator,
instance_remote_cert_warning_seconds):
c = TLSCheck('tls', {}, [instance_remote_cert_warning_seconds])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION,
status=c.WARNING,
tags=c._tags,
count=1)
aggregator.assert_metric('tls.days_left', count=1)
aggregator.assert_metric('tls.seconds_left', count=1)
aggregator.assert_all_metrics_covered()
def test_version_init_config_default(aggregator,
instance_remote_version_default_1_1):
c = TLSCheck('tls', {'allowed_versions': ['1.1']},
[instance_remote_version_default_1_1])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_metric('tls.days_left', count=1)
aggregator.assert_metric('tls.seconds_left', count=1)
aggregator.assert_all_metrics_covered()
def test_config(extra_config, expected_http_kwargs):
instance = {
'name': 'foo',
}
instance.update(extra_config)
c = TLSCheck('tls', {}, [instance])
c.get_tls_context() # need to call this for config values to be saved by _tls_context_wrapper
actual_options = {k: v for k, v in c._tls_context_wrapper.config.items() if k in expected_http_kwargs}
assert expected_http_kwargs == actual_options
def test_cert_bad(aggregator, instance_local_cert_bad):
c = TLSCheck('tls', {}, [instance_local_cert_bad])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0)
aggregator.assert_all_metrics_covered()
def test_hostname_mismatch(aggregator, instance_local_hostname_mismatch):
c = TLSCheck('tls', {}, [instance_local_hostname_mismatch])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, status=c.OK, tags=c._tags, count=1)
aggregator.assert_metric('tls.days_left', count=1)
aggregator.assert_metric('tls.seconds_left', count=1)
aggregator.assert_all_metrics_covered()
def test_no_connect_port_in_host(aggregator, instance_remote_no_connect_port_in_host):
c = TLSCheck('tls', {}, [instance_remote_no_connect_port_in_host])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.CRITICAL, tags=c._tags, count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0)
message = 'Unable to resolve host, check your DNS'
assert message not in aggregator.service_checks(c.SERVICE_CHECK_CAN_CONNECT)[0].message
aggregator.assert_all_metrics_covered()
def test_cert_expired(aggregator, mock_dns, instance_remote_cert_expired):
c = TLSCheck('tls', {}, [instance_remote_cert_expired])
c.check(None)
aggregator.assert_service_check(c.SERVICE_CHECK_CAN_CONNECT, status=c.OK, tags=c._tags, count=1)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, status=c.CRITICAL, tags=c._tags, count=1)
if PY2:
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0)
else:
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(
c.SERVICE_CHECK_EXPIRATION, status=c.CRITICAL, tags=c._tags, message='Certificate has expired', count=1
)
aggregator.assert_all_metrics_covered()
def test_tags_remote():
instance = {'name': 'foo', 'server': 'https://www.google.com'}
c = TLSCheck('tls', {}, [instance])
assert c._tags == [
'name:foo', 'server_hostname:www.google.com', 'server:www.google.com',
'port:443'
]
def test_no_connect_ipv6(aggregator, instance_remote_no_connect):
c = TLSCheck('tls', {}, [instance_remote_no_connect])
with mock.patch('socket.getaddrinfo', return_value=()):
c.check(None)
aggregator.assert_service_check(
c.SERVICE_CHECK_CAN_CONNECT,
status=c.CRITICAL,
tags=c._tags,
message='No valid addresses found, try checking your IPv6 connectivity',
count=1,
)
aggregator.assert_service_check(c.SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_VALIDATION, count=0)
aggregator.assert_service_check(c.SERVICE_CHECK_EXPIRATION, count=0)
aggregator.assert_all_metrics_covered()
def test_tags_local_hostname():
instance = {
'name': 'foo',
'local_cert_path': 'cert.pem',
'server_hostname': 'www.google.com'
}
c = TLSCheck('tls', {}, [instance])
assert c._tags == ['name:foo', 'server_hostname:www.google.com']
def test_ok_der(aggregator, instance_local_ok_der):
c = TLSCheck('tls', {}, [instance_local_ok_der])
c.check(None)
aggregator.assert_service_check(SERVICE_CHECK_CAN_CONNECT, count=0)
aggregator.assert_service_check(SERVICE_CHECK_VERSION, count=0)
aggregator.assert_service_check(SERVICE_CHECK_VALIDATION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_service_check(SERVICE_CHECK_EXPIRATION,
status=c.OK,
tags=c._tags,
count=1)
aggregator.assert_metric('tls.days_left', count=1)
aggregator.assert_metric('tls.seconds_left', count=1)
aggregator.assert_all_metrics_covered()
def test_tags_local_hostname_no_validation():
instance = {
'name': 'foo',
'local_cert_path': 'cert.pem',
'server_hostname': 'www.google.com',
'tls_validate_hostname': False,
}
c = TLSCheck('tls', {}, [instance])
assert c._tags == ['name:foo']
def test_no_server_hostname(instance_local_no_server_hostname):
c = TLSCheck('tls', {}, [instance_local_no_server_hostname])
with pytest.raises(ConfigurationError):
c.check(None)
def test_cert():
instance = {'cert': 'cert'}
c = TLSCheck('tls', {}, [instance])
assert c._cert == os.path.expanduser(instance['cert'])
def test_private_key():
instance = {'private_key': 'private_key'}
c = TLSCheck('tls', {}, [instance])
assert c._private_key == os.path.expanduser(instance['private_key'])
def test_validation_data():
c = TLSCheck('tls', {}, [{}])
assert c._validation_data is None
assert c.validation_data == c._validation_data
assert isinstance(c.validation_data, tuple)
def test_tags_local():
instance = {'name': 'foo', 'local_cert_path': 'cert.pem'}
c = TLSCheck('tls', {}, [instance])
assert c._tags == ['name:foo']
def test_right_class(instance_local_no_server_hostname):
c = TLSCheck('tls', {}, [instance_local_no_server_hostname])
assert isinstance(c, TLSLocalCheck)
def test_local_cert_loader():
c = TLSCheck('tls', {}, [{}])
assert c._local_cert_loader is None
assert c.local_cert_loader == c._local_cert_loader
assert callable(c.local_cert_loader)
def test_no_server(instance_remote_no_server):
c = TLSCheck('tls', {}, [instance_remote_no_server])
with pytest.raises(ConfigurationError):
c.check(None)
def test_tls_context():
c = TLSCheck('tls', {}, [{}])
assert c._tls_context is None
assert c.tls_context == c._tls_context
assert isinstance(c.tls_context, ssl.SSLContext)
def test_ca_cert_dir():
instance = {'ca_cert': '~'}
c = TLSCheck('tls', {}, [instance])
assert c._cafile is None
assert c._capath == os.path.expanduser(instance['ca_cert'])
