Documentation ¶
Index ¶
- Constants
- Variables
- func Advice(message string) trace.EventOption
- func Advise(ctx context.Context, message string)
- func CapitalizeFirstLetter(msg string) string
- func CheckFilePerms(info fs.FileInfo) (bool, []string)
- func ConsulDirectAccess(config map[string]string) string
- func Context(ctx context.Context, sess *Session) context.Context
- func EndToEndLatencyCheckDelete(ctx context.Context, uuid string, b physical.Backend) (time.Duration, error)
- func EndToEndLatencyCheckRead(ctx context.Context, uuid string, b physical.Backend) (time.Duration, error)
- func EndToEndLatencyCheckWrite(ctx context.Context, uuid string, b physical.Backend) (time.Duration, error)
- func Error(ctx context.Context, err error, options ...trace.EventOption) error
- func Fail(ctx context.Context, message string)
- func HasDB(path string) bool
- func IsDir(info fs.FileInfo) bool
- func IsOwnedByRoot(info fs.FileInfo) bool
- func ListenerChecks(ctx context.Context, listeners []*configutil.Listener) ([]string, []error)
- func NearExpiration(c *x509.Certificate) (bool, time.Duration)
- func OSChecks(ctx context.Context)
- func ParseTLSInformation(certFilePath string) ([]*x509.Certificate, []*x509.Certificate, []*x509.Certificate, error)
- func RaftFileChecks(ctx context.Context, path string)
- func RaftStorageQuorum(ctx context.Context, b RaftConfigurableStorageBackend) string
- func Skipped(ctx context.Context, message string)
- func SpotCheck(ctx context.Context, checkName string, f func() error) error
- func SpotError(ctx context.Context, checkName string, err error, options ...trace.EventOption) error
- func SpotOk(ctx context.Context, checkName, message string, options ...trace.EventOption)
- func SpotSkipped(ctx context.Context, checkName, message string, options ...trace.EventOption)
- func SpotWarn(ctx context.Context, checkName, message string, options ...trace.EventOption)
- func StartSpan(ctx context.Context, spanName string, options ...trace.SpanStartOption) (context.Context, trace.Span)
- func Success(ctx context.Context, message string)
- func TLSCAFileCheck(CAFilePath string) ([]string, error)
- func TLSCertCheck(certpath string) ([]string, error)
- func TLSClientCAFileCheck(l *configutil.Listener) ([]string, error)
- func TLSErrorChecks(leafCerts, interCerts, rootCerts []*x509.Certificate) error
- func TLSFileChecks(certpath, keypath string) ([]string, error)
- func TLSFileWarningChecks(leafCerts, interCerts, rootCerts []*x509.Certificate) ([]string, error)
- func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string)
- func Test(ctx context.Context, spanName string, function testFunction, ...) error
- func Warn(ctx context.Context, msg string)
- func WithTimeout(d time.Duration, f testFunction) testFunction
- type RaftConfigurableStorageBackend
- type Result
- type Session
- type TelemetryCollector
Constants ¶
const ( AutoLoadedLicenseValidatorError = "Autoloaded license could not be validated: " AutoloadedLicenseValidationError = "Autoloaded license validation failed due to error: " LicenseAutoloadingError = "License could not be autoloaded: " StoredLicenseNoAutoloadingWarning = "Vault is using a stored license, which is deprecated! Vault should use autoloaded licenses instead." NoStoredOrAutoloadedLicenseWarning = "No autoloaded or stored license could be detected." LicenseExpiredError = "Autoloaded license is expired." LicenseExpiryThresholdWarning = "Autoloaded license will expire " LicenseTerminatedError = "Autoloaded license is terminated." LicenseTerminationThresholdWarning = "Autoloaded license will be terminated " )
const ( FileIsSymlinkWarning = "raft storage backend file is a symlink" FileTooPermissiveWarning = "too many permissions" FilePermissionsMissingWarning = "owner or group needs read and write permissions" )
const ( ErrorStatus = 2 WarningStatus = 1 OkStatus = 0 SkippedStatus = -1 )
const ( LatencyWarning string = "Latency above 100 ms: " DirAccessErr string = "Vault storage is directly connected to a Consul server." DirAccessAdvice string = "We recommend connecting to a local agent." AddrDNExistErr string = "Storage config address does not exist: 127.0.0.1:8500 will be used." )
const (
DatabaseFilename = "vault.db"
)
Variables ¶
var MainSection = trace.WithAttributes(attribute.Key("diagnose").String("main-section"))
Functions ¶
func Advice ¶
func Advice(message string) trace.EventOption
Advice builds an EventOption containing advice message. Use to add to spot results.
func CapitalizeFirstLetter ¶
CapitalizeFirstLetter returns a string with the first letter capitalized
func CheckFilePerms ¶
CheckFilePerms checks if the specified file does not have other permissions, and whether the specified file just has owner rw permissions.
func ConsulDirectAccess ¶
ConsulDirectAccess verifies that consul is connecting to local agent, versus directly to a remote server. We can only assume that the local address is a server, not a client.
func Error ¶
Error records an error in the current span (but unlike Fail, doesn't set the overall span status to Error)
func IsOwnedByRoot ¶
IsOwnedByRoot checks if a file is owned by root
func ListenerChecks ¶
ListenerChecks diagnoses warnings and the first encountered error for the listener configuration stanzas.
func NearExpiration ¶
func NearExpiration(c *x509.Certificate) (bool, time.Duration)
NearExpiration returns a true if a certficate will expire in a month and false otherwise
func ParseTLSInformation ¶
func ParseTLSInformation(certFilePath string) ([]*x509.Certificate, []*x509.Certificate, []*x509.Certificate, error)
ParseTLSInformation parses certficate information and returns it from a cert path.
func RaftFileChecks ¶
func RaftStorageQuorum ¶
func RaftStorageQuorum(ctx context.Context, b RaftConfigurableStorageBackend) string
RaftStorageQuorum checks that there is an odd number of voters present It returns the status message for testing purposes
func SpotError ¶
func SpotError(ctx context.Context, checkName string, err error, options ...trace.EventOption) error
SpotError adds an Error result without adding a new Span. This should be used for instantaneous checks with no possible sub-spans
func SpotOk ¶
func SpotOk(ctx context.Context, checkName, message string, options ...trace.EventOption)
SpotOk adds an Ok result without adding a new Span. This should be used for instantaneous checks with no possible sub-spans
func SpotSkipped ¶
func SpotSkipped(ctx context.Context, checkName, message string, options ...trace.EventOption)
SpotSkipped adds a Skipped result without adding a new Span.
func SpotWarn ¶
func SpotWarn(ctx context.Context, checkName, message string, options ...trace.EventOption)
SpotWarn adds a Warning result without adding a new Span. This should be used for instantaneous checks with no possible sub-spans
func StartSpan ¶
func StartSpan(ctx context.Context, spanName string, options ...trace.SpanStartOption) (context.Context, trace.Span)
StartSpan starts a "diagnose" span, which is really just an OpenTelemetry Tracing span.
func Success ¶
Success sets the span to Successful (overriding any previous status) and sets the message to the input.
func TLSCAFileCheck ¶
TLSCAFileCheck checks the validity of a TLS CA file
func TLSCertCheck ¶
TLSCertCheck returns an error and warning after checking TLS information on the given cert
func TLSClientCAFileCheck ¶
func TLSClientCAFileCheck(l *configutil.Listener) ([]string, error)
TLSClientCAFileCheck Checks the validity of a client CA file
func TLSErrorChecks ¶
func TLSErrorChecks(leafCerts, interCerts, rootCerts []*x509.Certificate) error
TLSErrorChecks contains manual error checks against the TLS configuration
func TLSFileChecks ¶
TLSFileChecks returns an error and warnings after checking TLS information
func TLSFileWarningChecks ¶
func TLSFileWarningChecks(leafCerts, interCerts, rootCerts []*x509.Certificate) ([]string, error)
TLSFileWarningChecks returns warnings based on the leaf certificates, intermediate certificates, and root certificates provided.
func TLSMutualExclusionCertCheck ¶
func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string)
TLSMutualExclusionCertCheck returns error if both TLSDisableClientCerts and TLSRequireAndVerifyClientCert are set
func Test ¶
func Test(ctx context.Context, spanName string, function testFunction, options ...trace.SpanStartOption) error
Test creates a new named span, and executes the provided function within it. If the function returns an error, the span is considered to have failed.
func WithTimeout ¶
WithTimeout wraps a context consuming function, and when called, returns an error if the sub-function does not complete within the timeout, e.g.
diagnose.Test(ctx, "my-span", diagnose.WithTimeout(5 * time.Second, myTestFunc))
Types ¶
type RaftConfigurableStorageBackend ¶
type RaftConfigurableStorageBackend interface {
GetConfigurationOffline() (*raft.RaftConfigurationResponse, error)
}
Don't have this in test file
type Result ¶
type Result struct { Time time.Time `json:"time"` Name string `json:"name"` Status status `json:"status"` Warnings []string `json:"warnings,omitempty"` Message string `json:"message,omitempty"` Advice string Children []*Result `json:"children,omitempty"` }
func (*Result) StringWrapped ¶
type Session ¶
type Session struct { SkipFilters []string // contains filtered or unexported fields }
func CurrentSession ¶
CurrentSession retrieves the active diagnose session from the context, or nil if none.
func New ¶
New initializes a Diagnose tracing session. In particular this wires a TelemetryCollector, which synchronously receives and tracks OpenTelemetry spans in order to provide a tree structure of results when the outermost span ends.
type TelemetryCollector ¶
type TelemetryCollector struct { RootResult *Result // contains filtered or unexported fields }
TelemetryCollector is an otel SpanProcessor that gathers spans and once the outermost span ends, walks the otel traces in order to produce a top-down tree of Diagnose results.
func NewTelemetryCollector ¶
func NewTelemetryCollector(w io.Writer) *TelemetryCollector
NewTelemetryCollector creates a SpanProcessor that collects OpenTelemetry spans and aggregates them into a tree structure for use by Diagnose. It also outputs the status of main sections to that writer.
func (*TelemetryCollector) ForceFlush ¶
func (t *TelemetryCollector) ForceFlush(_ context.Context) error
required to implement SpanProcessor, but noops for our purposes
func (*TelemetryCollector) OnEnd ¶
func (t *TelemetryCollector) OnEnd(e sdktrace.ReadOnlySpan)
func (*TelemetryCollector) OnStart ¶
func (t *TelemetryCollector) OnStart(_ context.Context, s sdktrace.ReadWriteSpan)
OnStart tracks spans by id for later retrieval