healthcheck

package
v1.13.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 13, 2023 License: MPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var HiddenReqParams = []string{
	"private_key",
	"pem_bundle",
}
View Source
var HiddenRespParams = []string{
	"private_key",
	"pem_bundle",
}
View Source
var NameResultStatusMap = map[string]ResultStatus{
	"not_applicable":           ResultNotApplicable,
	"ok":                       ResultOK,
	"informational":            ResultInformational,
	"warning":                  ResultWarning,
	"critical":                 ResultCritical,
	"invalid_version":          ResultInvalidVersion,
	"insufficient_permissions": ResultInsufficientPermissions,
}
View Source
var ResultStatusNameMap = map[ResultStatus]string{
	ResultNotApplicable:           "not_applicable",
	ResultOK:                      "ok",
	ResultInformational:           "informational",
	ResultWarning:                 "warning",
	ResultCritical:                "critical",
	ResultInvalidVersion:          "invalid_version",
	ResultInsufficientPermissions: "insufficient_permissions",
}
View Source
var VisibleReqParams = []string{
	"csr",
	"certificate",
	"issuer_ref",
	"common_name",
	"alt_names",
	"other_sans",
	"ip_sans",
	"uri_sans",
	"ttl",
	"not_after",
	"serial_number",
	"key_type",
	"private_key_format",
	"managed_key_name",
	"managed_key_id",
	"ou",
	"organization",
	"country",
	"locality",
	"province",
	"street_address",
	"postal_code",
	"permitted_dns_domains",
	"policy_identifiers",
	"ext_key_usage_oids",
}
View Source
var VisibleRespParams = []string{
	"certificate",
	"issuing_ca",
	"serial_number",
	"error",
	"ca_chain",
}

Functions

func FormatDuration

func FormatDuration(d time.Duration) string

Types

type AllowIfModifiedSince

type AllowIfModifiedSince struct {
	Enabled            bool
	UnsupportedVersion bool

	TuneData map[string]interface{}
}

func (*AllowIfModifiedSince) DefaultConfig

func (h *AllowIfModifiedSince) DefaultConfig() map[string]interface{}

func (*AllowIfModifiedSince) Evaluate

func (h *AllowIfModifiedSince) Evaluate(e *Executor) (results []*Result, err error)

func (*AllowIfModifiedSince) FetchResources

func (h *AllowIfModifiedSince) FetchResources(e *Executor) error

func (*AllowIfModifiedSince) IsEnabled

func (h *AllowIfModifiedSince) IsEnabled() bool

func (*AllowIfModifiedSince) LoadConfig

func (h *AllowIfModifiedSince) LoadConfig(config map[string]interface{}) error

func (*AllowIfModifiedSince) Name

func (h *AllowIfModifiedSince) Name() string

type AuditVisibility

type AuditVisibility struct {
	Enabled            bool
	UnsupportedVersion bool

	IgnoredParameters map[string]bool
	TuneData          map[string]interface{}
}

func (*AuditVisibility) DefaultConfig

func (h *AuditVisibility) DefaultConfig() map[string]interface{}

func (*AuditVisibility) Evaluate

func (h *AuditVisibility) Evaluate(e *Executor) (results []*Result, err error)

func (*AuditVisibility) FetchResources

func (h *AuditVisibility) FetchResources(e *Executor) error

func (*AuditVisibility) IsEnabled

func (h *AuditVisibility) IsEnabled() bool

func (*AuditVisibility) LoadConfig

func (h *AuditVisibility) LoadConfig(config map[string]interface{}) error

func (*AuditVisibility) Name

func (h *AuditVisibility) Name() string

type CAValidityPeriod

type CAValidityPeriod struct {
	Enabled bool

	RootExpiries          map[ResultStatus]time.Duration
	IntermediateExpieries map[ResultStatus]time.Duration

	UnsupportedVersion bool

	Issuers map[string]*x509.Certificate
}

func (*CAValidityPeriod) DefaultConfig

func (h *CAValidityPeriod) DefaultConfig() map[string]interface{}

func (*CAValidityPeriod) Evaluate

func (h *CAValidityPeriod) Evaluate(e *Executor) (results []*Result, err error)

func (*CAValidityPeriod) FetchResources

func (h *CAValidityPeriod) FetchResources(e *Executor) error

func (*CAValidityPeriod) IsEnabled

func (h *CAValidityPeriod) IsEnabled() bool

func (*CAValidityPeriod) LoadConfig

func (h *CAValidityPeriod) LoadConfig(config map[string]interface{}) error

func (*CAValidityPeriod) Name

func (h *CAValidityPeriod) Name() string

type CRLValidityPeriod

type CRLValidityPeriod struct {
	Enabled bool

	CRLExpiryPercentage      int
	DeltaCRLExpiryPercentage int

	UnsupportedVersion bool
	NoDeltas           bool

	CRLs      map[string]*x509.RevocationList
	DeltaCRLs map[string]*x509.RevocationList

	CRLConfig *PathFetch
}

func (*CRLValidityPeriod) DefaultConfig

func (h *CRLValidityPeriod) DefaultConfig() map[string]interface{}

func (*CRLValidityPeriod) Evaluate

func (h *CRLValidityPeriod) Evaluate(e *Executor) (results []*Result, err error)

func (*CRLValidityPeriod) FetchResources

func (h *CRLValidityPeriod) FetchResources(e *Executor) error

func (*CRLValidityPeriod) IsEnabled

func (h *CRLValidityPeriod) IsEnabled() bool

func (*CRLValidityPeriod) LoadConfig

func (h *CRLValidityPeriod) LoadConfig(config map[string]interface{}) error

func (*CRLValidityPeriod) Name

func (h *CRLValidityPeriod) Name() string

type Check

type Check interface {
	Name() string
	IsEnabled() bool

	DefaultConfig() map[string]interface{}
	LoadConfig(config map[string]interface{}) error

	FetchResources(e *Executor) error

	Evaluate(e *Executor) ([]*Result, error)
}

func NewAllowIfModifiedSinceCheck

func NewAllowIfModifiedSinceCheck() Check

func NewAuditVisibilityCheck

func NewAuditVisibilityCheck() Check

func NewCAValidityPeriodCheck

func NewCAValidityPeriodCheck() Check

func NewCRLValidityPeriodCheck

func NewCRLValidityPeriodCheck() Check

func NewEnableAutoTidyCheck

func NewEnableAutoTidyCheck() Check

func NewHardwareBackedRootCheck

func NewHardwareBackedRootCheck() Check

func NewRoleAllowsGlobWildcardsCheck

func NewRoleAllowsGlobWildcardsCheck() Check

func NewRoleAllowsLocalhostCheck

func NewRoleAllowsLocalhostCheck() Check

func NewRoleNoStoreFalseCheck

func NewRoleNoStoreFalseCheck() Check

func NewRootIssuedLeavesCheck

func NewRootIssuedLeavesCheck() Check

func NewTidyLastRunCheck

func NewTidyLastRunCheck() Check

func NewTooManyCertsCheck

func NewTooManyCertsCheck() Check

type EnableAutoTidy

type EnableAutoTidy struct {
	Enabled            bool
	UnsupportedVersion bool

	IntervalDurationCritical time.Duration
	IntervalDurationWarning  time.Duration
	PauseDurationCritical    time.Duration
	PauseDurationWarning     time.Duration

	TidyConfig *PathFetch
}

func (*EnableAutoTidy) DefaultConfig

func (h *EnableAutoTidy) DefaultConfig() map[string]interface{}

func (*EnableAutoTidy) Evaluate

func (h *EnableAutoTidy) Evaluate(e *Executor) (results []*Result, err error)

func (*EnableAutoTidy) FetchResources

func (h *EnableAutoTidy) FetchResources(e *Executor) error

func (*EnableAutoTidy) IsEnabled

func (h *EnableAutoTidy) IsEnabled() bool

func (*EnableAutoTidy) LoadConfig

func (h *EnableAutoTidy) LoadConfig(config map[string]interface{}) error

func (*EnableAutoTidy) Name

func (h *EnableAutoTidy) Name() string

type Executor

type Executor struct {
	Client         *api.Client
	Mount          string
	DefaultEnabled bool

	Config map[string]map[string]interface{}

	Resources map[string]map[logical.Operation]*PathFetch

	Checkers []Check
}

func NewExecutor

func NewExecutor(client *api.Client, mount string) *Executor

func (*Executor) AddCheck

func (e *Executor) AddCheck(c Check)

func (*Executor) BuildConfig

func (e *Executor) BuildConfig(external map[string]interface{}) error

func (*Executor) Execute

func (e *Executor) Execute() (map[string][]*Result, error)

func (*Executor) FetchIfNotFetched

func (e *Executor) FetchIfNotFetched(op logical.Operation, rawPath string) (*PathFetch, error)

type HardwareBackedRoot

type HardwareBackedRoot struct {
	Enabled bool

	UnsupportedVersion bool

	IssuerKeyMap map[string]string
	KeyIsManaged map[string]string
}

func (*HardwareBackedRoot) DefaultConfig

func (h *HardwareBackedRoot) DefaultConfig() map[string]interface{}

func (*HardwareBackedRoot) Evaluate

func (h *HardwareBackedRoot) Evaluate(e *Executor) (results []*Result, err error)

func (*HardwareBackedRoot) FetchResources

func (h *HardwareBackedRoot) FetchResources(e *Executor) error

func (*HardwareBackedRoot) IsEnabled

func (h *HardwareBackedRoot) IsEnabled() bool

func (*HardwareBackedRoot) LoadConfig

func (h *HardwareBackedRoot) LoadConfig(config map[string]interface{}) error

func (*HardwareBackedRoot) Name

func (h *HardwareBackedRoot) Name() string

type PathFetch

type PathFetch struct {
	Operation        logical.Operation
	Path             string
	Response         *api.Response
	FetchError       error
	Secret           *api.Secret
	SecretParseError error
	ParsedCache      map[string]interface{}
}

func (*PathFetch) FetchSurfaceError

func (p *PathFetch) FetchSurfaceError() error

func (*PathFetch) Is404NotFound

func (p *PathFetch) Is404NotFound() bool

func (*PathFetch) IsMissingResource

func (p *PathFetch) IsMissingResource() bool

func (*PathFetch) IsOK

func (p *PathFetch) IsOK() bool

func (*PathFetch) IsSecretOK

func (p *PathFetch) IsSecretOK() bool

func (*PathFetch) IsSecretPermissionsError

func (p *PathFetch) IsSecretPermissionsError() bool

func (*PathFetch) IsUnsupportedPathError

func (p *PathFetch) IsUnsupportedPathError() bool

type Result

type Result struct {
	Status        ResultStatus `json:"status_code"`
	StatusDisplay string       `json:"status"`
	Endpoint      string       `json:"endpoint,omitempty"`
	Message       string       `json:"message,omitempty"`
}

type ResultStatus

type ResultStatus int
const (
	ResultNotApplicable ResultStatus = iota
	ResultOK
	ResultInformational
	ResultWarning
	ResultCritical
	ResultInvalidVersion
	ResultInsufficientPermissions
)

type RoleAllowsGlobWildcards

type RoleAllowsGlobWildcards struct {
	Enabled            bool
	UnsupportedVersion bool
	NoPerms            bool

	RoleEntryMap map[string]map[string]interface{}
}

func (*RoleAllowsGlobWildcards) DefaultConfig

func (h *RoleAllowsGlobWildcards) DefaultConfig() map[string]interface{}

func (*RoleAllowsGlobWildcards) Evaluate

func (h *RoleAllowsGlobWildcards) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleAllowsGlobWildcards) FetchResources

func (h *RoleAllowsGlobWildcards) FetchResources(e *Executor) error

func (*RoleAllowsGlobWildcards) IsEnabled

func (h *RoleAllowsGlobWildcards) IsEnabled() bool

func (*RoleAllowsGlobWildcards) LoadConfig

func (h *RoleAllowsGlobWildcards) LoadConfig(config map[string]interface{}) error

func (*RoleAllowsGlobWildcards) Name

func (h *RoleAllowsGlobWildcards) Name() string

type RoleAllowsLocalhost

type RoleAllowsLocalhost struct {
	Enabled            bool
	UnsupportedVersion bool
	NoPerms            bool

	RoleEntryMap map[string]map[string]interface{}
}

func (*RoleAllowsLocalhost) DefaultConfig

func (h *RoleAllowsLocalhost) DefaultConfig() map[string]interface{}

func (*RoleAllowsLocalhost) Evaluate

func (h *RoleAllowsLocalhost) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleAllowsLocalhost) FetchResources

func (h *RoleAllowsLocalhost) FetchResources(e *Executor) error

func (*RoleAllowsLocalhost) IsEnabled

func (h *RoleAllowsLocalhost) IsEnabled() bool

func (*RoleAllowsLocalhost) LoadConfig

func (h *RoleAllowsLocalhost) LoadConfig(config map[string]interface{}) error

func (*RoleAllowsLocalhost) Name

func (h *RoleAllowsLocalhost) Name() string

type RoleNoStoreFalse

type RoleNoStoreFalse struct {
	Enabled            bool
	UnsupportedVersion bool
	NoPerms            bool

	AllowedRoles map[string]bool

	CertCounts   int
	RoleEntryMap map[string]map[string]interface{}
	CRLConfig    *PathFetch
}

func (*RoleNoStoreFalse) DefaultConfig

func (h *RoleNoStoreFalse) DefaultConfig() map[string]interface{}

func (*RoleNoStoreFalse) Evaluate

func (h *RoleNoStoreFalse) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleNoStoreFalse) FetchResources

func (h *RoleNoStoreFalse) FetchResources(e *Executor) error

func (*RoleNoStoreFalse) IsEnabled

func (h *RoleNoStoreFalse) IsEnabled() bool

func (*RoleNoStoreFalse) LoadConfig

func (h *RoleNoStoreFalse) LoadConfig(config map[string]interface{}) error

func (*RoleNoStoreFalse) Name

func (h *RoleNoStoreFalse) Name() string

type RootIssuedLeaves

type RootIssuedLeaves struct {
	Enabled            bool
	UnsupportedVersion bool

	CertsToFetch int

	RootCertMap map[string]*x509.Certificate
	LeafCertMap map[string]*x509.Certificate
}

func (*RootIssuedLeaves) DefaultConfig

func (h *RootIssuedLeaves) DefaultConfig() map[string]interface{}

func (*RootIssuedLeaves) Evaluate

func (h *RootIssuedLeaves) Evaluate(e *Executor) (results []*Result, err error)

func (*RootIssuedLeaves) FetchResources

func (h *RootIssuedLeaves) FetchResources(e *Executor) error

func (*RootIssuedLeaves) IsEnabled

func (h *RootIssuedLeaves) IsEnabled() bool

func (*RootIssuedLeaves) LoadConfig

func (h *RootIssuedLeaves) LoadConfig(config map[string]interface{}) error

func (*RootIssuedLeaves) Name

func (h *RootIssuedLeaves) Name() string

type TidyLastRun

type TidyLastRun struct {
	Enabled            bool
	UnsupportedVersion bool

	LastRunCritical time.Duration
	LastRunWarning  time.Duration

	TidyStatus *PathFetch
}

func (*TidyLastRun) DefaultConfig

func (h *TidyLastRun) DefaultConfig() map[string]interface{}

func (*TidyLastRun) Evaluate

func (h *TidyLastRun) Evaluate(e *Executor) (results []*Result, err error)

func (*TidyLastRun) FetchResources

func (h *TidyLastRun) FetchResources(e *Executor) error

func (*TidyLastRun) IsEnabled

func (h *TidyLastRun) IsEnabled() bool

func (*TidyLastRun) LoadConfig

func (h *TidyLastRun) LoadConfig(config map[string]interface{}) error

func (*TidyLastRun) Name

func (h *TidyLastRun) Name() string

type TooManyCerts

type TooManyCerts struct {
	Enabled            bool
	UnsupportedVersion bool

	CountCritical int
	CountWarning  int

	CertCounts int
}

func (*TooManyCerts) DefaultConfig

func (h *TooManyCerts) DefaultConfig() map[string]interface{}

func (*TooManyCerts) Evaluate

func (h *TooManyCerts) Evaluate(e *Executor) (results []*Result, err error)

func (*TooManyCerts) FetchResources

func (h *TooManyCerts) FetchResources(e *Executor) error

func (*TooManyCerts) IsEnabled

func (h *TooManyCerts) IsEnabled() bool

func (*TooManyCerts) LoadConfig

func (h *TooManyCerts) LoadConfig(config map[string]interface{}) error

func (*TooManyCerts) Name

func (h *TooManyCerts) Name() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL