healthcheck

package
v1.14.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 7, 2023 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var HiddenReqParams = []string{
	"private_key",
	"pem_bundle",
}
View Source 
var HiddenRespParams = []string{
	"private_key",
	"pem_bundle",
}
View Source 
var NameResultStatusMap = map[string]ResultStatus{
	"not_applicable":           ResultNotApplicable,
	"ok":                       ResultOK,
	"informational":            ResultInformational,
	"warning":                  ResultWarning,
	"critical":                 ResultCritical,
	"invalid_version":          ResultInvalidVersion,
	"insufficient_permissions": ResultInsufficientPermissions,
}
View Source 
var ResultStatusNameMap = map[ResultStatus]string{
	ResultNotApplicable:           "not_applicable",
	ResultOK:                      "ok",
	ResultInformational:           "informational",
	ResultWarning:                 "warning",
	ResultCritical:                "critical",
	ResultInvalidVersion:          "invalid_version",
	ResultInsufficientPermissions: "insufficient_permissions",
}
View Source 
var VisibleReqParams = []string{
	"csr",
	"certificate",
	"issuer_ref",
	"common_name",
	"alt_names",
	"other_sans",
	"ip_sans",
	"uri_sans",
	"ttl",
	"not_after",
	"serial_number",
	"key_type",
	"private_key_format",
	"managed_key_name",
	"managed_key_id",
	"ou",
	"organization",
	"country",
	"locality",
	"province",
	"street_address",
	"postal_code",
	"permitted_dns_domains",
	"policy_identifiers",
	"ext_key_usage_oids",
}
View Source 
var VisibleRespParams = []string{
	"certificate",
	"issuing_ca",
	"serial_number",
	"error",
	"ca_chain",
}

Functions

func FormatDuration 

func FormatDuration(d time.Duration) string

func ParsePEMCert 

func ParsePEMCert(contents string) (*x509.Certificate, error)

func StringList 

func StringList(source interface{}) ([]string, error)

Types

type AllowAcmeHeaders added in v1.14.0 

type AllowAcmeHeaders struct {
	Enabled            bool
	UnsupportedVersion bool

	TuneFetcher *PathFetch
	TuneData    map[string]interface{}

	AcmeConfigFetcher *PathFetch
}

func (*AllowAcmeHeaders) DefaultConfig added in v1.14.0 

func (h *AllowAcmeHeaders) DefaultConfig() map[string]interface{}

func (*AllowAcmeHeaders) Evaluate added in v1.14.0 

func (h *AllowAcmeHeaders) Evaluate(e *Executor) ([]*Result, error)

func (*AllowAcmeHeaders) FetchResources added in v1.14.0 

func (h *AllowAcmeHeaders) FetchResources(e *Executor) error

func (*AllowAcmeHeaders) IsEnabled added in v1.14.0 

func (h *AllowAcmeHeaders) IsEnabled() bool

func (*AllowAcmeHeaders) LoadConfig added in v1.14.0 

func (h *AllowAcmeHeaders) LoadConfig(config map[string]interface{}) error

func (*AllowAcmeHeaders) Name added in v1.14.0 

func (h *AllowAcmeHeaders) Name() string

type AllowIfModifiedSince 

type AllowIfModifiedSince struct {
	Enabled            bool
	UnsupportedVersion bool

	TuneData map[string]interface{}
	Fetcher  *PathFetch
}

func (*AllowIfModifiedSince) DefaultConfig 

func (h *AllowIfModifiedSince) DefaultConfig() map[string]interface{}

func (*AllowIfModifiedSince) Evaluate 

func (h *AllowIfModifiedSince) Evaluate(e *Executor) (results []*Result, err error)

func (*AllowIfModifiedSince) FetchResources 

func (h *AllowIfModifiedSince) FetchResources(e *Executor) error

func (*AllowIfModifiedSince) IsEnabled 

func (h *AllowIfModifiedSince) IsEnabled() bool

func (*AllowIfModifiedSince) LoadConfig 

func (h *AllowIfModifiedSince) LoadConfig(config map[string]interface{}) error

func (*AllowIfModifiedSince) Name 

func (h *AllowIfModifiedSince) Name() string

type AuditVisibility 

type AuditVisibility struct {
	Enabled            bool
	UnsupportedVersion bool

	IgnoredParameters map[string]bool
	TuneData          map[string]interface{}
	Fetcher           *PathFetch
}

func (*AuditVisibility) DefaultConfig 

func (h *AuditVisibility) DefaultConfig() map[string]interface{}

func (*AuditVisibility) Evaluate 

func (h *AuditVisibility) Evaluate(e *Executor) (results []*Result, err error)

func (*AuditVisibility) FetchResources 

func (h *AuditVisibility) FetchResources(e *Executor) error

func (*AuditVisibility) IsEnabled 

func (h *AuditVisibility) IsEnabled() bool

func (*AuditVisibility) LoadConfig 

func (h *AuditVisibility) LoadConfig(config map[string]interface{}) error

func (*AuditVisibility) Name 

func (h *AuditVisibility) Name() string

type CAValidityPeriod 

type CAValidityPeriod struct {
	Enabled bool

	RootExpiries          map[ResultStatus]time.Duration
	IntermediateExpieries map[ResultStatus]time.Duration

	UnsupportedVersion bool

	Issuers map[string]*x509.Certificate
}

func (*CAValidityPeriod) DefaultConfig 

func (h *CAValidityPeriod) DefaultConfig() map[string]interface{}

func (*CAValidityPeriod) Evaluate 

func (h *CAValidityPeriod) Evaluate(e *Executor) (results []*Result, err error)

func (*CAValidityPeriod) FetchResources 

func (h *CAValidityPeriod) FetchResources(e *Executor) error

func (*CAValidityPeriod) IsEnabled 

func (h *CAValidityPeriod) IsEnabled() bool

func (*CAValidityPeriod) LoadConfig 

func (h *CAValidityPeriod) LoadConfig(config map[string]interface{}) error

func (*CAValidityPeriod) Name 

func (h *CAValidityPeriod) Name() string

type CRLValidityPeriod 

type CRLValidityPeriod struct {
	Enabled bool

	CRLExpiryPercentage      int
	DeltaCRLExpiryPercentage int

	UnsupportedVersion bool
	NoDeltas           bool

	CRLs      map[string]*x509.RevocationList
	DeltaCRLs map[string]*x509.RevocationList

	CRLConfig *PathFetch
}

func (*CRLValidityPeriod) DefaultConfig 

func (h *CRLValidityPeriod) DefaultConfig() map[string]interface{}

func (*CRLValidityPeriod) Evaluate 

func (h *CRLValidityPeriod) Evaluate(e *Executor) (results []*Result, err error)

func (*CRLValidityPeriod) FetchResources 

func (h *CRLValidityPeriod) FetchResources(e *Executor) error

func (*CRLValidityPeriod) IsEnabled 

func (h *CRLValidityPeriod) IsEnabled() bool

func (*CRLValidityPeriod) LoadConfig 

func (h *CRLValidityPeriod) LoadConfig(config map[string]interface{}) error

func (*CRLValidityPeriod) Name 

func (h *CRLValidityPeriod) Name() string

type Check 

type Check interface {
	Name() string
	IsEnabled() bool

	DefaultConfig() map[string]interface{}
	LoadConfig(config map[string]interface{}) error

	FetchResources(e *Executor) error

	Evaluate(e *Executor) ([]*Result, error)
}

func NewAllowAcmeHeaders added in v1.14.0 

func NewAllowAcmeHeaders() Check

func NewAllowIfModifiedSinceCheck 

func NewAllowIfModifiedSinceCheck() Check

func NewAuditVisibilityCheck 

func NewAuditVisibilityCheck() Check

func NewCAValidityPeriodCheck 

func NewCAValidityPeriodCheck() Check

func NewCRLValidityPeriodCheck 

func NewCRLValidityPeriodCheck() Check

func NewEnableAcmeIssuance added in v1.14.0 

func NewEnableAcmeIssuance() Check

func NewEnableAutoTidyCheck 

func NewEnableAutoTidyCheck() Check

func NewHardwareBackedRootCheck 

func NewHardwareBackedRootCheck() Check

func NewRoleAllowsGlobWildcardsCheck 

func NewRoleAllowsGlobWildcardsCheck() Check

func NewRoleAllowsLocalhostCheck 

func NewRoleAllowsLocalhostCheck() Check

func NewRoleNoStoreFalseCheck 

func NewRoleNoStoreFalseCheck() Check

func NewRootIssuedLeavesCheck 

func NewRootIssuedLeavesCheck() Check

func NewTidyLastRunCheck 

func NewTidyLastRunCheck() Check

func NewTooManyCertsCheck 

func NewTooManyCertsCheck() Check

type EnableAcmeIssuance added in v1.14.0 

type EnableAcmeIssuance struct {
	Enabled            bool
	UnsupportedVersion bool

	AcmeConfigFetcher    *PathFetch
	ClusterConfigFetcher *PathFetch
	TotalIssuers         int
	RootIssuers          int
}

func (*EnableAcmeIssuance) DefaultConfig added in v1.14.0 

func (h *EnableAcmeIssuance) DefaultConfig() map[string]interface{}

func (*EnableAcmeIssuance) Evaluate added in v1.14.0 

func (h *EnableAcmeIssuance) Evaluate(e *Executor) (results []*Result, err error)

func (*EnableAcmeIssuance) FetchResources added in v1.14.0 

func (h *EnableAcmeIssuance) FetchResources(e *Executor) error

func (*EnableAcmeIssuance) IsEnabled added in v1.14.0 

func (h *EnableAcmeIssuance) IsEnabled() bool

func (*EnableAcmeIssuance) LoadConfig added in v1.14.0 

func (h *EnableAcmeIssuance) LoadConfig(config map[string]interface{}) error

func (*EnableAcmeIssuance) Name added in v1.14.0 

func (h *EnableAcmeIssuance) Name() string

type EnableAutoTidy 

type EnableAutoTidy struct {
	Enabled            bool
	UnsupportedVersion bool

	IntervalDurationCritical time.Duration
	IntervalDurationWarning  time.Duration
	PauseDurationCritical    time.Duration
	PauseDurationWarning     time.Duration

	TidyConfig *PathFetch
}

func (*EnableAutoTidy) DefaultConfig 

func (h *EnableAutoTidy) DefaultConfig() map[string]interface{}

func (*EnableAutoTidy) Evaluate 

func (h *EnableAutoTidy) Evaluate(e *Executor) (results []*Result, err error)

func (*EnableAutoTidy) FetchResources 

func (h *EnableAutoTidy) FetchResources(e *Executor) error

func (*EnableAutoTidy) IsEnabled 

func (h *EnableAutoTidy) IsEnabled() bool

func (*EnableAutoTidy) LoadConfig 

func (h *EnableAutoTidy) LoadConfig(config map[string]interface{}) error

func (*EnableAutoTidy) Name 

func (h *EnableAutoTidy) Name() string

type Executor 

type Executor struct {
	Client         *api.Client
	Mount          string
	DefaultEnabled bool

	Config map[string]map[string]interface{}

	Resources map[string]map[logical.Operation]*PathFetch

	Checkers []Check
}

func NewExecutor 

func NewExecutor(client *api.Client, mount string) *Executor

func (*Executor) AddCheck 

func (e *Executor) AddCheck(c Check)

func (*Executor) BuildConfig 

func (e *Executor) BuildConfig(external map[string]interface{}) error

func (*Executor) Execute 

func (e *Executor) Execute() (map[string][]*Result, error)

func (*Executor) FetchIfNotFetched 

func (e *Executor) FetchIfNotFetched(op logical.Operation, rawPath string) (*PathFetch, error)

type HardwareBackedRoot 

type HardwareBackedRoot struct {
	Enabled bool

	UnsupportedVersion bool

	FetchIssues  map[string]*PathFetch
	IssuerKeyMap map[string]string
	KeyIsManaged map[string]string
}

func (*HardwareBackedRoot) DefaultConfig 

func (h *HardwareBackedRoot) DefaultConfig() map[string]interface{}

func (*HardwareBackedRoot) Evaluate 

func (h *HardwareBackedRoot) Evaluate(e *Executor) (results []*Result, err error)

func (*HardwareBackedRoot) FetchResources 

func (h *HardwareBackedRoot) FetchResources(e *Executor) error

func (*HardwareBackedRoot) IsEnabled 

func (h *HardwareBackedRoot) IsEnabled() bool

func (*HardwareBackedRoot) LoadConfig 

func (h *HardwareBackedRoot) LoadConfig(config map[string]interface{}) error

func (*HardwareBackedRoot) Name 

func (h *HardwareBackedRoot) Name() string

type PathFetch 

type PathFetch struct {
	Operation        logical.Operation
	Path             string
	Response         *api.Response
	FetchError       error
	Secret           *api.Secret
	SecretParseError error
	ParsedCache      map[string]interface{}
}

func (*PathFetch) FetchSurfaceError 

func (p *PathFetch) FetchSurfaceError() error

func (*PathFetch) Is404NotFound 

func (p *PathFetch) Is404NotFound() bool

func (*PathFetch) IsMissingResource 

func (p *PathFetch) IsMissingResource() bool

func (*PathFetch) IsOK 

func (p *PathFetch) IsOK() bool

func (*PathFetch) IsSecretOK 

func (p *PathFetch) IsSecretOK() bool

func (*PathFetch) IsSecretPermissionsError 

func (p *PathFetch) IsSecretPermissionsError() bool

func (*PathFetch) IsUnsupportedPathError 

func (p *PathFetch) IsUnsupportedPathError() bool

type Result 

type Result struct {
	Status        ResultStatus `json:"status_code"`
	StatusDisplay string       `json:"status"`
	Endpoint      string       `json:"endpoint,omitempty"`
	Message       string       `json:"message,omitempty"`
}

type ResultStatus 

type ResultStatus int
const (
	ResultNotApplicable ResultStatus = iota
	ResultOK
	ResultInformational
	ResultWarning
	ResultCritical
	ResultInvalidVersion
	ResultInsufficientPermissions
)

type RoleAllowsGlobWildcards 

type RoleAllowsGlobWildcards struct {
	Enabled            bool
	UnsupportedVersion bool

	RoleListFetchIssue *PathFetch
	RoleFetchIssues    map[string]*PathFetch
	RoleEntryMap       map[string]map[string]interface{}
}

func (*RoleAllowsGlobWildcards) DefaultConfig 

func (h *RoleAllowsGlobWildcards) DefaultConfig() map[string]interface{}

func (*RoleAllowsGlobWildcards) Evaluate 

func (h *RoleAllowsGlobWildcards) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleAllowsGlobWildcards) FetchResources 

func (h *RoleAllowsGlobWildcards) FetchResources(e *Executor) error

func (*RoleAllowsGlobWildcards) IsEnabled 

func (h *RoleAllowsGlobWildcards) IsEnabled() bool

func (*RoleAllowsGlobWildcards) LoadConfig 

func (h *RoleAllowsGlobWildcards) LoadConfig(config map[string]interface{}) error

func (*RoleAllowsGlobWildcards) Name 

func (h *RoleAllowsGlobWildcards) Name() string

type RoleAllowsLocalhost 

type RoleAllowsLocalhost struct {
	Enabled            bool
	UnsupportedVersion bool

	RoleListFetchIssue *PathFetch
	RoleFetchIssues    map[string]*PathFetch
	RoleEntryMap       map[string]map[string]interface{}
}

func (*RoleAllowsLocalhost) DefaultConfig 

func (h *RoleAllowsLocalhost) DefaultConfig() map[string]interface{}

func (*RoleAllowsLocalhost) Evaluate 

func (h *RoleAllowsLocalhost) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleAllowsLocalhost) FetchResources 

func (h *RoleAllowsLocalhost) FetchResources(e *Executor) error

func (*RoleAllowsLocalhost) IsEnabled 

func (h *RoleAllowsLocalhost) IsEnabled() bool

func (*RoleAllowsLocalhost) LoadConfig 

func (h *RoleAllowsLocalhost) LoadConfig(config map[string]interface{}) error

func (*RoleAllowsLocalhost) Name 

func (h *RoleAllowsLocalhost) Name() string

type RoleNoStoreFalse 

type RoleNoStoreFalse struct {
	Enabled            bool
	UnsupportedVersion bool

	AllowedRoles map[string]bool

	RoleListFetchIssue *PathFetch
	RoleFetchIssues    map[string]*PathFetch
	RoleEntryMap       map[string]map[string]interface{}
	CRLConfig          *PathFetch
}

func (*RoleNoStoreFalse) DefaultConfig 

func (h *RoleNoStoreFalse) DefaultConfig() map[string]interface{}

func (*RoleNoStoreFalse) Evaluate 

func (h *RoleNoStoreFalse) Evaluate(e *Executor) (results []*Result, err error)

func (*RoleNoStoreFalse) FetchResources 

func (h *RoleNoStoreFalse) FetchResources(e *Executor) error

func (*RoleNoStoreFalse) IsEnabled 

func (h *RoleNoStoreFalse) IsEnabled() bool

func (*RoleNoStoreFalse) LoadConfig 

func (h *RoleNoStoreFalse) LoadConfig(config map[string]interface{}) error

func (*RoleNoStoreFalse) Name 

func (h *RoleNoStoreFalse) Name() string

type RootIssuedLeaves 

type RootIssuedLeaves struct {
	Enabled            bool
	UnsupportedVersion bool

	CertsToFetch int

	FetchIssues map[string]*PathFetch
	RootCertMap map[string]*x509.Certificate
	LeafCertMap map[string]*x509.Certificate
}

func (*RootIssuedLeaves) DefaultConfig 

func (h *RootIssuedLeaves) DefaultConfig() map[string]interface{}

func (*RootIssuedLeaves) Evaluate 

func (h *RootIssuedLeaves) Evaluate(e *Executor) (results []*Result, err error)

func (*RootIssuedLeaves) FetchResources 

func (h *RootIssuedLeaves) FetchResources(e *Executor) error

func (*RootIssuedLeaves) IsEnabled 

func (h *RootIssuedLeaves) IsEnabled() bool

func (*RootIssuedLeaves) LoadConfig 

func (h *RootIssuedLeaves) LoadConfig(config map[string]interface{}) error

func (*RootIssuedLeaves) Name 

func (h *RootIssuedLeaves) Name() string

type TidyLastRun 

type TidyLastRun struct {
	Enabled            bool
	UnsupportedVersion bool

	LastRunCritical time.Duration
	LastRunWarning  time.Duration

	TidyStatus *PathFetch
}

func (*TidyLastRun) DefaultConfig 

func (h *TidyLastRun) DefaultConfig() map[string]interface{}

func (*TidyLastRun) Evaluate 

func (h *TidyLastRun) Evaluate(e *Executor) (results []*Result, err error)

func (*TidyLastRun) FetchResources 

func (h *TidyLastRun) FetchResources(e *Executor) error

func (*TidyLastRun) IsEnabled 

func (h *TidyLastRun) IsEnabled() bool

func (*TidyLastRun) LoadConfig 

func (h *TidyLastRun) LoadConfig(config map[string]interface{}) error

func (*TidyLastRun) Name 

func (h *TidyLastRun) Name() string

type TooManyCerts 

type TooManyCerts struct {
	Enabled            bool
	UnsupportedVersion bool

	CountCritical int
	CountWarning  int

	CertCounts int
	FetchIssue *PathFetch
}

func (*TooManyCerts) DefaultConfig 

func (h *TooManyCerts) DefaultConfig() map[string]interface{}

func (*TooManyCerts) Evaluate 

func (h *TooManyCerts) Evaluate(e *Executor) (results []*Result, err error)

func (*TooManyCerts) FetchResources 

func (h *TooManyCerts) FetchResources(e *Executor) error

func (*TooManyCerts) IsEnabled 

func (h *TooManyCerts) IsEnabled() bool

func (*TooManyCerts) LoadConfig 

func (h *TooManyCerts) LoadConfig(config map[string]interface{}) error

func (*TooManyCerts) Name 

func (h *TooManyCerts) Name() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.