feat(fortinet-fortigate-restapi): add certificates mode + tests (#5515)

Refs: CTOR-1451
2025-07-24 22:25:02 +02:00 · 2025-03-28 11:07:44 +01:00 · 2025-03-28 11:07:44 +01:00 · 7baab38df6
commit 7baab38df6
parent 08e0e04099
4 changed files with 328 additions and 1 deletions
--- a/src/network/fortinet/fortigate/restapi/mode/certificates.pm
+++ b/src/network/fortinet/fortigate/restapi/mode/certificates.pm
@ -0,0 +1,199 @@
+#
+# Copyright 2025 Centreon (http://www.centreon.com/)
+#
+# Centreon is a full-fledged industry-strength solution that meets
+# the needs in IT infrastructure and application monitoring for
+# service performance.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package network::fortinet::fortigate::restapi::mode::certificates;
+
+use base qw(centreon::plugins::templates::counter);
+
+use strict;
+use warnings;
+use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng);
+use centreon::plugins::misc;
+use POSIX;
+
+my $unitdiv = { s => 1, w => 604800, d => 86400, h => 3600, m => 60 };
+my $unitdiv_long = { s => 'seconds', w => 'weeks', d => 'days', h => 'hours', m => 'minutes' };
+
+sub custom_expires_perfdata {
+    my ($self, %options) = @_;
+
+    $self->{output}->perfdata_add(
+        nlabel => $self->{nlabel} . '.' . $unitdiv_long->{ $self->{instance_mode}->{option_results}->{unit} },
+        unit => $self->{instance_mode}->{option_results}->{unit},
+        instances => $self->{result_values}->{name},
+        value => floor($self->{result_values}->{expires_seconds} / $unitdiv->{ $self->{instance_mode}->{option_results}->{unit} }),
+        warning => $self->{perfdata}->get_perfdata_for_output(label => 'warning-' . $self->{thlabel}),
+        critical => $self->{perfdata}->get_perfdata_for_output(label => 'critical-' . $self->{thlabel}),
+        min => 0
+    );
+}
+
+sub custom_expires_threshold {
+    my ($self, %options) = @_;
+
+    return $self->{perfdata}->threshold_check(
+        value => floor($self->{result_values}->{expires_seconds} / $unitdiv->{ $self->{instance_mode}->{option_results}->{unit} }),
+        threshold => [
+            { label => 'critical-' . $self->{thlabel}, exit_litteral => 'critical' },
+            { label => 'warning-'. $self->{thlabel}, exit_litteral => 'warning' },
+            { label => 'unknown-'. $self->{thlabel}, exit_litteral => 'unknown' }
+        ]
+    );
+}
+
+sub custom_status_output {
+    my ($self, %options) = @_;
+
+    return 'status: ' . $self->{result_values}->{status};
+}
+
+sub prefix_certificate_output {
+    my ($self, %options) = @_;
+
+    return sprintf(
+        "Certificate '%s' ",
+        $options{instance_value}->{name}
+    );
+}
+
+sub set_counters {
+    my ($self, %options) = @_;
+
+    $self->{maps_counters_type} = [
+        { name => 'certificates', type => 1, cb_prefix_output => 'prefix_certificate_output', message_multiple => 'All certificates are ok', skipped_code => { -10 => 1 } }
+    ];
+
+    $self->{maps_counters}->{certificates} = [
+        { label => 'status', type => 2, critical_default => '%{status} =~ /expired/i', set => {
+                key_values => [ { name => 'name' }, { name => 'status' } ],
+                closure_custom_output => $self->can('custom_status_output'),
+                closure_custom_perfdata => sub { return 0; },
+                closure_custom_threshold_check => \&catalog_status_threshold_ng
+            }
+        },
+        { label => 'expires', nlabel => 'certificate.expires', set => {
+                key_values      => [ { name => 'expires_seconds' }, { name => 'expires_human' }, { name => 'name' } ],
+                output_template => 'expires in %s',
+                output_use => 'expires_human',
+                closure_custom_perfdata => $self->can('custom_expires_perfdata'),
+                closure_custom_threshold_check => $self->can('custom_expires_threshold')
+            }
+        }
+    ];
+}
+
+sub new {
+    my ($class, %options) = @_;
+    my $self = $class->SUPER::new(package => __PACKAGE__, %options, force_new_perfdata => 1);
+    bless $self, $class;
+
+    $options{options}->add_options(arguments => {
+        'filter-name:s' => { name => 'filter_name' },
+        'unit:s'        => { name => 'unit', default => 's' }
+    });
+
+    return $self;
+}
+
+sub check_options {
+    my ($self, %options) = @_;
+    $self->SUPER::check_options(%options);
+
+    if ($self->{option_results}->{unit} eq '' || !defined($unitdiv->{$self->{option_results}->{unit}})) {
+        $self->{option_results}->{unit} = 's';
+    }
+}
+
+sub add_certificate {
+    my ($self, %options) = @_;
+
+    return if (!defined($options{entry}->{status}));
+    return if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' &&
+        $options{name} !~ /$self->{option_results}->{filter_name}/);
+
+    $self->{certificates}->{ $options{name} } = {
+        name => $options{name},
+        status => $options{entry}->{status}
+    };
+    if (defined($options{entry}->{valid_to})) {
+        $self->{certificates}->{ $options{name} }->{expires_seconds} = $options{entry}->{valid_to} - time();
+        $self->{certificates}->{ $options{name} }->{expires_seconds} = 0 if ($self->{certificates}->{ $options{name} }->{expires_seconds} < 0);
+        $self->{certificates}->{ $options{name} }->{expires_human} = centreon::plugins::misc::change_seconds(
+            value => $self->{certificates}->{ $options{name} }->{expires_seconds}
+        );
+    }
+}
+
+sub manage_selection {
+    my ($self, %options) = @_;
+
+    my $certificates = $options{custom}->request_api(
+        endpoint => '/api/v2/monitor/system/available-certificates'
+    );
+
+    $self->{certificates} = {};
+
+    foreach my $certificate (@{ $certificates->{results} }) {
+          if (defined($certificate->{name}) and defined($certificate->{valid_to}) and defined($certificate->{status})) {
+                $self->add_certificate(name => $certificate->{name}, entry => $certificate);
+          }
+    }
+}
+
+1;
+
+__END__
+
+=head1 MODE
+
+Check certificates.
+
+=over 8
+
+=item B<--filter-name>
+
+Filter certificates by name (can be a regexp).
+
+=item B<--warning-status>
+
+Define the conditions to match for the status to be WARNING.
+You can use the following variables: %{name}, %{status}.
+
+=item B<--critical-status>
+
+Define the conditions to match for the status to be CRITICAL (Default: '%{status} =~ /expired/i').
+You can use the following variables: %{name}, %{status}.
+
+=item B<--unit>
+
+Select the unit for expires threshold. May be 's' for seconds, 'm' for minutes,
+'h' for hours, 'd' for days, 'w' for weeks. Default is seconds.
+
+=item B<--warning-expires>
+
+Thresholds.
+
+=item B<--critical-expires>
+
+Thresholds.
+
+=back
+
+=cut
--- a/src/network/fortinet/fortigate/restapi/plugin.pm
+++ b/src/network/fortinet/fortigate/restapi/plugin.pm
@ -1,5 +1,5 @@
 #
-# Copyright 2024 Centreon (http://www.centreon.com/)
+# Copyright 2025 Centreon (http://www.centreon.com/)
 #
 # Centreon is a full-fledged industry-strength solution that meets
 # the needs in IT infrastructure and application monitoring for
@ -33,6 +33,7 @@ sub new {
        'ha'       => 'network::fortinet::fortigate::restapi::mode::ha',
        'health'   => 'network::fortinet::fortigate::restapi::mode::health',
        'licenses' => 'network::fortinet::fortigate::restapi::mode::licenses',
+        'certificates' => 'network::fortinet::fortigate::restapi::mode::certificates',
        'system'   => 'network::fortinet::fortigate::restapi::mode::system'
    };

--- a/tests/network/fortinet/fortigate/restapi/certificates.json
+++ b/tests/network/fortinet/fortigate/restapi/certificates.json
--- a/tests/network/fortinet/fortigate/restapi/certificates.robot
+++ b/tests/network/fortinet/fortigate/restapi/certificates.robot
@ -0,0 +1,35 @@
+*** Settings ***
+
+Resource            ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource
+
+Suite Setup         Start Mockoon    ${MOCKOON_JSON}
+Suite Teardown      Stop Mockoon
+Test Timeout        120s
+
+** Variables ***
+${MOCKOON_JSON}     ${CURDIR}${/}certificates.json
+
+${CMD}              ${CENTREON_PLUGINS}
+...                 --plugin=network::fortinet::fortigate::restapi::plugin
+...                 --mode=certificates
+...                 --hostname=${HOSTNAME}
+...                 --proto='http'
+...                 --access-token=mokoon-token
+...                 --port=${APIPORT}
+
+*** Test Cases ***
+certificates ${tc}
+    [Tags]    network    fortinet    fortigate    restapi
+    ${command}    Catenate
+    ...    ${CMD}
+    ...    ${extra_options}
+ 
+
+    Ctn Run Command And Check Result As Regexp    ${command}    ${expected_result}
+
+    Examples:         tc      extra_options                                                                    expected_result    --
+            ...       1       --filter-name='Fortinet_CA_SSL'                                                  OK: All certificates are ok \\\| 'Fortinet_CA_SSL#certificate.expires.seconds=\\\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds=\\\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds=\\\d+;;;0;
+            ...       2       --warning-status='\\\%{status} =~ /valid/i'                                      WARNING: Certificate 'Fortinet_CA_SSL' status: valid - Certificate 'Fortinet_CA_SSL1' status: valid - Certificate 'Fortinet_CA_SSL2' status: valid \\\| 'Fortinet_CA_SSL#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds'=\d+;;;0;
+            ...       3       --critical-status='\\\%{status} =~ /valid/i'                                     CRITICAL: Certificate 'Fortinet_CA_SSL' status: valid - Certificate 'Fortinet_CA_SSL1' status: valid - Certificate 'Fortinet_CA_SSL2' status: valid \\\| 'Fortinet_CA_SSL#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds'=\d+;;;0;
+            ...       4       --unit='m'                                                                       OK: All certificates are ok \\\| 'Fortinet_CA_SSL#certificate.expires.minutes'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.minutes'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.minutes'=\d+;;;0;
+            ...       5       --warning-expires='60' --critical-expires='30' --unit='d'                        CRITICAL: Certificate 'Fortinet_CA_SSL' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? - Certificate 'Fortinet_CA_SSL1' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? - Certificate 'Fortinet_CA_SSL2' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? \\\| 'Fortinet_CA_SSL#certificate.expires.days'=\d+;0:60;0:30;0; 'Fortinet_CA_SSL1#certificate.expires.days'=\d+;0:60;0:30;0; 'Fortinet_CA_SSL2#certificate.expires.days'=\d+;0:60;0:30;0;