Add Zabbix SSL checker

This commit is contained in:
2026-05-21 19:20:49 +02:00
commit 76f1f36d97
9 changed files with 1829 additions and 0 deletions
+107
View File
@@ -0,0 +1,107 @@
from __future__ import annotations
import json
import sys
from pathlib import Path
import pytest
ROOT = Path(__file__).resolve().parents[1]
sys.path.insert(0, str(ROOT / "scripts"))
from ssl_check import ConfigError, load_targets # noqa: E402
from ssl_discovery import build_lld # noqa: E402
def write_config(tmp_path: Path, data: object) -> Path:
config = tmp_path / "ssl_targets.json"
config.write_text(json.dumps(data), encoding="utf-8")
return config
def test_valid_config_is_normalized_and_deduplicated(tmp_path: Path) -> None:
config = write_config(
tmp_path,
[
{
"name": "Example",
"host": "example.test",
"port": 443,
"owner": "ops",
"profile": "relaxed",
},
{
"name": "Duplicate",
"host": "example.test",
"port": 443,
"owner": "ops",
"profile": "relaxed",
},
],
)
targets = load_targets(config)
assert len(targets) == 1
assert targets[0]["expected_hostname"] == "example.test"
assert targets[0]["timeout"] == 10.0
def test_invalid_profile_fails(tmp_path: Path) -> None:
config = write_config(
tmp_path,
[
{
"name": "Example",
"host": "example.test",
"port": 443,
"owner": "ops",
"profile": "wild-west",
}
],
)
with pytest.raises(ConfigError):
load_targets(config)
def test_invalid_port_fails(tmp_path: Path) -> None:
config = write_config(
tmp_path,
[
{
"name": "Example",
"host": "example.test",
"port": 70000,
"owner": "ops",
"profile": "relaxed",
}
],
)
with pytest.raises(ConfigError):
load_targets(config)
def test_discovery_output_contains_lld_macros(tmp_path: Path) -> None:
config = write_config(
tmp_path,
[
{
"name": "Example",
"host": "example.test",
"port": 443,
"owner": "ops",
"profile": "internal",
}
],
)
discovery = build_lld(load_targets(config))
assert "data" in discovery
assert discovery["data"][0]["{#SSL_NAME}"] == "Example"
assert discovery["data"][0]["{#SSL_HOST}"] == "example.test"
assert discovery["data"][0]["{#SSL_PORT}"] == "443"
assert discovery["data"][0]["{#SSL_OWNER}"] == "ops"
assert discovery["data"][0]["{#SSL_PROFILE}"] == "internal"
+62
View File
@@ -0,0 +1,62 @@
from __future__ import annotations
import json
import socket
import sys
from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
sys.path.insert(0, str(ROOT / "scripts"))
from ssl_check import Target, main, run_check # noqa: E402
def unused_local_port() -> int:
sock = socket.socket()
sock.bind(("127.0.0.1", 0))
port = int(sock.getsockname()[1])
sock.close()
return port
def test_ssl_check_unreachable_returns_stable_json() -> None:
target = Target(
name="Unreachable",
host="127.0.0.1",
port=unused_local_port(),
owner="tests",
profile="relaxed",
expected_hostname="127.0.0.1",
timeout=0.5,
)
result = run_check(target)
assert result["reachable"] is False
assert result["error"]
assert result["target"] == "127.0.0.1"
assert "warnings" in result
def test_main_prints_json_for_unreachable_target(capsys) -> None: # type: ignore[no-untyped-def]
port = unused_local_port()
exit_code = main(
[
"--host",
"127.0.0.1",
"--port",
str(port),
"--expected-hostname",
"127.0.0.1",
"--timeout",
"0.5",
]
)
captured = capsys.readouterr()
payload = json.loads(captured.out)
assert exit_code == 0
assert payload["reachable"] is False
assert payload["error"]