ssl certificate expiery check added to nagios relation

see https://bugs.launchpad.net/vault-charm/+bug/1998174 Change-Id: Ie56cd9b49f13bd2cd323c440a0e1a7f6d7d499b2
2022-12-14 14:23:26 +11:00 · 2022-12-14 14:23:26 +11:00 · 1ea06f6819
parent 5bae2979e5
commit 1ea06f6819
2 changed files with 55 additions and 0 deletions
--- a/src/reactive/vault_handlers.py
+++ b/src/reactive/vault_handlers.py
@ -457,6 +457,14 @@ def update_nagios(svc):
        'Check running vault server version and health',
        '/usr/lib/nagios/plugins/check_vault_health.py',
    )
+    c = config()
+    if ssl_available(c):
+        nrpe.add_check(
+            'vault_cert',
+            'Check for expiration of vault certificate',
+            '/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -p 8200 \
+-u /healthcheck -S -C 30,14'
+        )
    nrpe.write()
    set_state('vault.nrpe.configured')

--- a/unit_tests/test_reactive_vault_handlers.py
+++ b/unit_tests/test_reactive_vault_handlers.py
@ -1251,3 +1251,50 @@ class TestHandlers(unit_tests.test_utils.CharmTestCase):
        get_local_client.return_value.ha_status = {'ha_enabled': True}
        handlers._assess_status()
        self.assertIn('Unit is ready', self.status_set.call_args[0][1])
+
+    @mock.patch.object(handlers, 'NRPE')
+    @mock.patch.object(handlers, 'get_nagios_hostname')
+    @mock.patch.object(handlers, 'get_nagios_unit_name')
+    @mock.patch.object(handlers, 'write_file')
+    @mock.patch.object(handlers, 'add_init_service_checks')
+    @mock.patch("builtins.open")
+    def test_update_nagios_with_ssl(self,
+                                    open,
+                                    add_init_service_checks,
+                                    write_file,
+                                    get_nagios_unit_name,
+                                    get_nagios_hostname,
+                                    mock_nrpe):
+
+        get_nagios_hostname.return_value = "testunit"
+        get_nagios_unit_name.return_value = "my_vault/0"
+        self.config.return_value = {
+            'ssl-cert': '',
+            'ssl-key': '',
+        }
+        nrpe_add_check_calls = [
+            mock.call(hostname="testunit"),
+            mock.call().remove_check(shortname='vault_version'),
+            mock.call().add_check(
+                'vault_health',
+                'Check running vault server version and health',
+                '/usr/lib/nagios/plugins/check_vault_health.py',),
+            mock.call().write(),
+        ]
+        handlers.update_nagios(None)
+        mock_nrpe.assert_has_calls(nrpe_add_check_calls)
+        self.config.return_value = {
+            'ssl-cert': 'test-cert',
+            'ssl-key': 'test-key',
+        }
+        nrpe_add_check_calls.insert(
+            3,
+            mock.call().add_check(
+                'vault_cert',
+                'Check for expiration of vault certificate',
+                '/usr/lib/nagios/plugins/check_http -I 127.0.0.1 -p 8200 \
+-u /healthcheck -S -C 30,14'
+            )
+        )
+        handlers.update_nagios(None)
+        mock_nrpe.assert_has_calls(nrpe_add_check_calls)