mirror of
https://github.com/centreon/centreon-plugins.git
synced 2025-07-23 21:55:16 +02:00
feat(fortinet-fortigate-restapi): add certificates mode + tests (#5515)
Refs: CTOR-1451
This commit is contained in:
parent
08e0e04099
commit
7baab38df6
199
src/network/fortinet/fortigate/restapi/mode/certificates.pm
Normal file
199
src/network/fortinet/fortigate/restapi/mode/certificates.pm
Normal file
@ -0,0 +1,199 @@
|
||||
#
|
||||
# Copyright 2025 Centreon (http://www.centreon.com/)
|
||||
#
|
||||
# Centreon is a full-fledged industry-strength solution that meets
|
||||
# the needs in IT infrastructure and application monitoring for
|
||||
# service performance.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
package network::fortinet::fortigate::restapi::mode::certificates;
|
||||
|
||||
use base qw(centreon::plugins::templates::counter);
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use centreon::plugins::templates::catalog_functions qw(catalog_status_threshold_ng);
|
||||
use centreon::plugins::misc;
|
||||
use POSIX;
|
||||
|
||||
my $unitdiv = { s => 1, w => 604800, d => 86400, h => 3600, m => 60 };
|
||||
my $unitdiv_long = { s => 'seconds', w => 'weeks', d => 'days', h => 'hours', m => 'minutes' };
|
||||
|
||||
sub custom_expires_perfdata {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
$self->{output}->perfdata_add(
|
||||
nlabel => $self->{nlabel} . '.' . $unitdiv_long->{ $self->{instance_mode}->{option_results}->{unit} },
|
||||
unit => $self->{instance_mode}->{option_results}->{unit},
|
||||
instances => $self->{result_values}->{name},
|
||||
value => floor($self->{result_values}->{expires_seconds} / $unitdiv->{ $self->{instance_mode}->{option_results}->{unit} }),
|
||||
warning => $self->{perfdata}->get_perfdata_for_output(label => 'warning-' . $self->{thlabel}),
|
||||
critical => $self->{perfdata}->get_perfdata_for_output(label => 'critical-' . $self->{thlabel}),
|
||||
min => 0
|
||||
);
|
||||
}
|
||||
|
||||
sub custom_expires_threshold {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
return $self->{perfdata}->threshold_check(
|
||||
value => floor($self->{result_values}->{expires_seconds} / $unitdiv->{ $self->{instance_mode}->{option_results}->{unit} }),
|
||||
threshold => [
|
||||
{ label => 'critical-' . $self->{thlabel}, exit_litteral => 'critical' },
|
||||
{ label => 'warning-'. $self->{thlabel}, exit_litteral => 'warning' },
|
||||
{ label => 'unknown-'. $self->{thlabel}, exit_litteral => 'unknown' }
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
sub custom_status_output {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
return 'status: ' . $self->{result_values}->{status};
|
||||
}
|
||||
|
||||
sub prefix_certificate_output {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
return sprintf(
|
||||
"Certificate '%s' ",
|
||||
$options{instance_value}->{name}
|
||||
);
|
||||
}
|
||||
|
||||
sub set_counters {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
$self->{maps_counters_type} = [
|
||||
{ name => 'certificates', type => 1, cb_prefix_output => 'prefix_certificate_output', message_multiple => 'All certificates are ok', skipped_code => { -10 => 1 } }
|
||||
];
|
||||
|
||||
$self->{maps_counters}->{certificates} = [
|
||||
{ label => 'status', type => 2, critical_default => '%{status} =~ /expired/i', set => {
|
||||
key_values => [ { name => 'name' }, { name => 'status' } ],
|
||||
closure_custom_output => $self->can('custom_status_output'),
|
||||
closure_custom_perfdata => sub { return 0; },
|
||||
closure_custom_threshold_check => \&catalog_status_threshold_ng
|
||||
}
|
||||
},
|
||||
{ label => 'expires', nlabel => 'certificate.expires', set => {
|
||||
key_values => [ { name => 'expires_seconds' }, { name => 'expires_human' }, { name => 'name' } ],
|
||||
output_template => 'expires in %s',
|
||||
output_use => 'expires_human',
|
||||
closure_custom_perfdata => $self->can('custom_expires_perfdata'),
|
||||
closure_custom_threshold_check => $self->can('custom_expires_threshold')
|
||||
}
|
||||
}
|
||||
];
|
||||
}
|
||||
|
||||
sub new {
|
||||
my ($class, %options) = @_;
|
||||
my $self = $class->SUPER::new(package => __PACKAGE__, %options, force_new_perfdata => 1);
|
||||
bless $self, $class;
|
||||
|
||||
$options{options}->add_options(arguments => {
|
||||
'filter-name:s' => { name => 'filter_name' },
|
||||
'unit:s' => { name => 'unit', default => 's' }
|
||||
});
|
||||
|
||||
return $self;
|
||||
}
|
||||
|
||||
sub check_options {
|
||||
my ($self, %options) = @_;
|
||||
$self->SUPER::check_options(%options);
|
||||
|
||||
if ($self->{option_results}->{unit} eq '' || !defined($unitdiv->{$self->{option_results}->{unit}})) {
|
||||
$self->{option_results}->{unit} = 's';
|
||||
}
|
||||
}
|
||||
|
||||
sub add_certificate {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
return if (!defined($options{entry}->{status}));
|
||||
return if (defined($self->{option_results}->{filter_name}) && $self->{option_results}->{filter_name} ne '' &&
|
||||
$options{name} !~ /$self->{option_results}->{filter_name}/);
|
||||
|
||||
$self->{certificates}->{ $options{name} } = {
|
||||
name => $options{name},
|
||||
status => $options{entry}->{status}
|
||||
};
|
||||
if (defined($options{entry}->{valid_to})) {
|
||||
$self->{certificates}->{ $options{name} }->{expires_seconds} = $options{entry}->{valid_to} - time();
|
||||
$self->{certificates}->{ $options{name} }->{expires_seconds} = 0 if ($self->{certificates}->{ $options{name} }->{expires_seconds} < 0);
|
||||
$self->{certificates}->{ $options{name} }->{expires_human} = centreon::plugins::misc::change_seconds(
|
||||
value => $self->{certificates}->{ $options{name} }->{expires_seconds}
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
sub manage_selection {
|
||||
my ($self, %options) = @_;
|
||||
|
||||
my $certificates = $options{custom}->request_api(
|
||||
endpoint => '/api/v2/monitor/system/available-certificates'
|
||||
);
|
||||
|
||||
$self->{certificates} = {};
|
||||
|
||||
foreach my $certificate (@{ $certificates->{results} }) {
|
||||
if (defined($certificate->{name}) and defined($certificate->{valid_to}) and defined($certificate->{status})) {
|
||||
$self->add_certificate(name => $certificate->{name}, entry => $certificate);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
|
||||
=head1 MODE
|
||||
|
||||
Check certificates.
|
||||
|
||||
=over 8
|
||||
|
||||
=item B<--filter-name>
|
||||
|
||||
Filter certificates by name (can be a regexp).
|
||||
|
||||
=item B<--warning-status>
|
||||
|
||||
Define the conditions to match for the status to be WARNING.
|
||||
You can use the following variables: %{name}, %{status}.
|
||||
|
||||
=item B<--critical-status>
|
||||
|
||||
Define the conditions to match for the status to be CRITICAL (Default: '%{status} =~ /expired/i').
|
||||
You can use the following variables: %{name}, %{status}.
|
||||
|
||||
=item B<--unit>
|
||||
|
||||
Select the unit for expires threshold. May be 's' for seconds, 'm' for minutes,
|
||||
'h' for hours, 'd' for days, 'w' for weeks. Default is seconds.
|
||||
|
||||
=item B<--warning-expires>
|
||||
|
||||
Thresholds.
|
||||
|
||||
=item B<--critical-expires>
|
||||
|
||||
Thresholds.
|
||||
|
||||
=back
|
||||
|
||||
=cut
|
@ -1,5 +1,5 @@
|
||||
#
|
||||
# Copyright 2024 Centreon (http://www.centreon.com/)
|
||||
# Copyright 2025 Centreon (http://www.centreon.com/)
|
||||
#
|
||||
# Centreon is a full-fledged industry-strength solution that meets
|
||||
# the needs in IT infrastructure and application monitoring for
|
||||
@ -33,6 +33,7 @@ sub new {
|
||||
'ha' => 'network::fortinet::fortigate::restapi::mode::ha',
|
||||
'health' => 'network::fortinet::fortigate::restapi::mode::health',
|
||||
'licenses' => 'network::fortinet::fortigate::restapi::mode::licenses',
|
||||
'certificates' => 'network::fortinet::fortigate::restapi::mode::certificates',
|
||||
'system' => 'network::fortinet::fortigate::restapi::mode::system'
|
||||
};
|
||||
|
||||
|
92
tests/network/fortinet/fortigate/restapi/certificates.json
Normal file
92
tests/network/fortinet/fortigate/restapi/certificates.json
Normal file
File diff suppressed because one or more lines are too long
35
tests/network/fortinet/fortigate/restapi/certificates.robot
Normal file
35
tests/network/fortinet/fortigate/restapi/certificates.robot
Normal file
@ -0,0 +1,35 @@
|
||||
*** Settings ***
|
||||
|
||||
Resource ${CURDIR}${/}..${/}..${/}..${/}..${/}resources/import.resource
|
||||
|
||||
Suite Setup Start Mockoon ${MOCKOON_JSON}
|
||||
Suite Teardown Stop Mockoon
|
||||
Test Timeout 120s
|
||||
|
||||
** Variables ***
|
||||
${MOCKOON_JSON} ${CURDIR}${/}certificates.json
|
||||
|
||||
${CMD} ${CENTREON_PLUGINS}
|
||||
... --plugin=network::fortinet::fortigate::restapi::plugin
|
||||
... --mode=certificates
|
||||
... --hostname=${HOSTNAME}
|
||||
... --proto='http'
|
||||
... --access-token=mokoon-token
|
||||
... --port=${APIPORT}
|
||||
|
||||
*** Test Cases ***
|
||||
certificates ${tc}
|
||||
[Tags] network fortinet fortigate restapi
|
||||
${command} Catenate
|
||||
... ${CMD}
|
||||
... ${extra_options}
|
||||
|
||||
|
||||
Ctn Run Command And Check Result As Regexp ${command} ${expected_result}
|
||||
|
||||
Examples: tc extra_options expected_result --
|
||||
... 1 --filter-name='Fortinet_CA_SSL' OK: All certificates are ok \\\| 'Fortinet_CA_SSL#certificate.expires.seconds=\\\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds=\\\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds=\\\d+;;;0;
|
||||
... 2 --warning-status='\\\%{status} =~ /valid/i' WARNING: Certificate 'Fortinet_CA_SSL' status: valid - Certificate 'Fortinet_CA_SSL1' status: valid - Certificate 'Fortinet_CA_SSL2' status: valid \\\| 'Fortinet_CA_SSL#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds'=\d+;;;0;
|
||||
... 3 --critical-status='\\\%{status} =~ /valid/i' CRITICAL: Certificate 'Fortinet_CA_SSL' status: valid - Certificate 'Fortinet_CA_SSL1' status: valid - Certificate 'Fortinet_CA_SSL2' status: valid \\\| 'Fortinet_CA_SSL#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.seconds'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.seconds'=\d+;;;0;
|
||||
... 4 --unit='m' OK: All certificates are ok \\\| 'Fortinet_CA_SSL#certificate.expires.minutes'=\d+;;;0; 'Fortinet_CA_SSL1#certificate.expires.minutes'=\d+;;;0; 'Fortinet_CA_SSL2#certificate.expires.minutes'=\d+;;;0;
|
||||
... 5 --warning-expires='60' --critical-expires='30' --unit='d' CRITICAL: Certificate 'Fortinet_CA_SSL' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? - Certificate 'Fortinet_CA_SSL1' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? - Certificate 'Fortinet_CA_SSL2' expires in (\\\\d+y)?\\\\s?(\\\\d+M)?\\\\s?(\\\\d+w)?\\\\s?(\\\\d+d)?\\\\s?(\\\\d+h)?\\\\s?(\\\\d+m)?\\\\s?(\\\\d+s)? \\\| 'Fortinet_CA_SSL#certificate.expires.days'=\d+;0:60;0:30;0; 'Fortinet_CA_SSL1#certificate.expires.days'=\d+;0:60;0:30;0; 'Fortinet_CA_SSL2#certificate.expires.days'=\d+;0:60;0:30;0;
|
Loading…
x
Reference in New Issue
Block a user