Add Zabbix SSL checker
This commit is contained in:
@@ -0,0 +1,107 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
import pytest
|
||||
|
||||
ROOT = Path(__file__).resolve().parents[1]
|
||||
sys.path.insert(0, str(ROOT / "scripts"))
|
||||
|
||||
from ssl_check import ConfigError, load_targets # noqa: E402
|
||||
from ssl_discovery import build_lld # noqa: E402
|
||||
|
||||
|
||||
def write_config(tmp_path: Path, data: object) -> Path:
|
||||
config = tmp_path / "ssl_targets.json"
|
||||
config.write_text(json.dumps(data), encoding="utf-8")
|
||||
return config
|
||||
|
||||
|
||||
def test_valid_config_is_normalized_and_deduplicated(tmp_path: Path) -> None:
|
||||
config = write_config(
|
||||
tmp_path,
|
||||
[
|
||||
{
|
||||
"name": "Example",
|
||||
"host": "example.test",
|
||||
"port": 443,
|
||||
"owner": "ops",
|
||||
"profile": "relaxed",
|
||||
},
|
||||
{
|
||||
"name": "Duplicate",
|
||||
"host": "example.test",
|
||||
"port": 443,
|
||||
"owner": "ops",
|
||||
"profile": "relaxed",
|
||||
},
|
||||
],
|
||||
)
|
||||
|
||||
targets = load_targets(config)
|
||||
|
||||
assert len(targets) == 1
|
||||
assert targets[0]["expected_hostname"] == "example.test"
|
||||
assert targets[0]["timeout"] == 10.0
|
||||
|
||||
|
||||
def test_invalid_profile_fails(tmp_path: Path) -> None:
|
||||
config = write_config(
|
||||
tmp_path,
|
||||
[
|
||||
{
|
||||
"name": "Example",
|
||||
"host": "example.test",
|
||||
"port": 443,
|
||||
"owner": "ops",
|
||||
"profile": "wild-west",
|
||||
}
|
||||
],
|
||||
)
|
||||
|
||||
with pytest.raises(ConfigError):
|
||||
load_targets(config)
|
||||
|
||||
|
||||
def test_invalid_port_fails(tmp_path: Path) -> None:
|
||||
config = write_config(
|
||||
tmp_path,
|
||||
[
|
||||
{
|
||||
"name": "Example",
|
||||
"host": "example.test",
|
||||
"port": 70000,
|
||||
"owner": "ops",
|
||||
"profile": "relaxed",
|
||||
}
|
||||
],
|
||||
)
|
||||
|
||||
with pytest.raises(ConfigError):
|
||||
load_targets(config)
|
||||
|
||||
|
||||
def test_discovery_output_contains_lld_macros(tmp_path: Path) -> None:
|
||||
config = write_config(
|
||||
tmp_path,
|
||||
[
|
||||
{
|
||||
"name": "Example",
|
||||
"host": "example.test",
|
||||
"port": 443,
|
||||
"owner": "ops",
|
||||
"profile": "internal",
|
||||
}
|
||||
],
|
||||
)
|
||||
|
||||
discovery = build_lld(load_targets(config))
|
||||
|
||||
assert "data" in discovery
|
||||
assert discovery["data"][0]["{#SSL_NAME}"] == "Example"
|
||||
assert discovery["data"][0]["{#SSL_HOST}"] == "example.test"
|
||||
assert discovery["data"][0]["{#SSL_PORT}"] == "443"
|
||||
assert discovery["data"][0]["{#SSL_OWNER}"] == "ops"
|
||||
assert discovery["data"][0]["{#SSL_PROFILE}"] == "internal"
|
||||
@@ -0,0 +1,62 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import socket
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
ROOT = Path(__file__).resolve().parents[1]
|
||||
sys.path.insert(0, str(ROOT / "scripts"))
|
||||
|
||||
from ssl_check import Target, main, run_check # noqa: E402
|
||||
|
||||
|
||||
def unused_local_port() -> int:
|
||||
sock = socket.socket()
|
||||
sock.bind(("127.0.0.1", 0))
|
||||
port = int(sock.getsockname()[1])
|
||||
sock.close()
|
||||
return port
|
||||
|
||||
|
||||
def test_ssl_check_unreachable_returns_stable_json() -> None:
|
||||
target = Target(
|
||||
name="Unreachable",
|
||||
host="127.0.0.1",
|
||||
port=unused_local_port(),
|
||||
owner="tests",
|
||||
profile="relaxed",
|
||||
expected_hostname="127.0.0.1",
|
||||
timeout=0.5,
|
||||
)
|
||||
|
||||
result = run_check(target)
|
||||
|
||||
assert result["reachable"] is False
|
||||
assert result["error"]
|
||||
assert result["target"] == "127.0.0.1"
|
||||
assert "warnings" in result
|
||||
|
||||
|
||||
def test_main_prints_json_for_unreachable_target(capsys) -> None: # type: ignore[no-untyped-def]
|
||||
port = unused_local_port()
|
||||
|
||||
exit_code = main(
|
||||
[
|
||||
"--host",
|
||||
"127.0.0.1",
|
||||
"--port",
|
||||
str(port),
|
||||
"--expected-hostname",
|
||||
"127.0.0.1",
|
||||
"--timeout",
|
||||
"0.5",
|
||||
]
|
||||
)
|
||||
|
||||
captured = capsys.readouterr()
|
||||
payload = json.loads(captured.out)
|
||||
|
||||
assert exit_code == 0
|
||||
assert payload["reachable"] is False
|
||||
assert payload["error"]
|
||||
Reference in New Issue
Block a user