refactor: reorganize project in order to include automation (#1)

Reviewed-on: #1 Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net> Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-07-19 22:01:34 +02:00 · 2024-07-19 22:01:34 +02:00 · 2fa0e37900
commit 2fa0e37900
parent 8feb34bbe6
21 changed files with 2496 additions and 195 deletions
--- a/cmd/check_ssl_certificate/main.go
+++ b/cmd/check_ssl_certificate/main.go
@ -1,21 +1,22 @@
-package main
+package sslcert // import nocternity.net/gomonop/cmd/sslcert

 import (
 	"bufio"
 	"crypto/tls"
 	"crypto/x509"
-	"errors"
 	"fmt"
 	"net"
 	"net/textproto"
 	"os"
+	"strconv"
 	"strings"
 	"time"

-	"nocternity.net/go/monitoring/perfdata"
-	"nocternity.net/go/monitoring/plugin"
-
 	"github.com/karrick/golf"
+
+	"nocternity.net/gomonop/pkg/perfdata"
+	"nocternity.net/gomonop/pkg/plugin"
+	"nocternity.net/gomonop/pkg/program"
 )

 //--------------------------------------------------------------------------------------------------------
@ -25,7 +26,7 @@ type certGetter interface {
 	getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error)
 }

-// Full TLS certificate fetcher
+// Full TLS certificate fetcher.
 type fullTLSGetter struct{}

 func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
@ -40,17 +41,18 @@ func (f fullTLSGetter) getCertificate(tlsConfig *tls.Config, address string) (*x
 	return conn.ConnectionState().PeerCertificates[0], nil
 }

-// SMTP+STARTTLS certificate getter
+// SMTP+STARTTLS certificate getter.
 type smtpGetter struct{}

-func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) (int, string, error) {
+func (f smtpGetter) cmd(tcon *textproto.Conn, expectCode int, text string) error {
 	id, err := tcon.Cmd("%s", text)
 	if err != nil {
-		return 0, "", err
+		return err
 	}
 	tcon.StartResponse(id)
 	defer tcon.EndResponse(id)
-	return tcon.ReadResponse(expectCode)
+	_, _, err = tcon.ReadResponse(expectCode)
+	return err
 }

 func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509.Certificate, error) {
@ -63,10 +65,10 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
 	if _, _, err := text.ReadResponse(220); err != nil {
 		return nil, err
 	}
-	if _, _, err := f.cmd(text, 250, "HELO localhost"); err != nil {
+	if err := f.cmd(text, 250, "HELO localhost"); err != nil {
 		return nil, err
 	}
-	if _, _, err := f.cmd(text, 220, "STARTTLS"); err != nil {
+	if err := f.cmd(text, 220, "STARTTLS"); err != nil {
 		return nil, err
 	}
 	t := tls.Client(conn, tlsConfig)
@ -76,9 +78,17 @@ func (f smtpGetter) getCertificate(tlsConfig *tls.Config, address string) (*x509
 	return t.ConnectionState().PeerCertificates[0], nil
 }

-// ManageSieve STARTTLS certificate getter
+// ManageSieve STARTTLS certificate getter.
 type sieveGetter struct{}

+type sieveError struct {
+	msg string
+}
+
+func (e sieveError) Error() string {
+	return "Sieve error: " + e.msg
+}
+
 func (f sieveGetter) waitOK(conn net.Conn) error {
 	scanner := bufio.NewScanner(conn)
 	for scanner.Scan() {
@ -87,10 +97,10 @@ func (f sieveGetter) waitOK(conn net.Conn) error {
 			return nil
 		}
 		if strings.HasPrefix(line, "NO ") {
-			return errors.New(line[3:])
+			return sieveError{msg: line[3:]}
 		}
 		if strings.HasPrefix(line, "BYE ") {
-			return errors.New(line[4:])
+			return sieveError{msg: line[4:]}
 		}
 	}
 	return scanner.Err()
@ -122,23 +132,23 @@ func (f sieveGetter) getCertificate(tlsConfig *tls.Config, address string) (*x50
 	return t.ConnectionState().PeerCertificates[0], nil
 }

-// Supported StartTLS protocols
-var certGetters map[string]certGetter = map[string]certGetter{
+// Supported StartTLS protocols.
+var certGetters = map[string]certGetter{
 	"":      fullTLSGetter{},
 	"smtp":  &smtpGetter{},
 	"sieve": &sieveGetter{},
 }

-// Get a string that represents supported StartTLS protocols
+// Get a string that represents supported StartTLS protocols.
 func listSupportedGetters() string {
-	sb := strings.Builder{}
+	strBuilder := strings.Builder{}
 	for key := range certGetters {
-		if sb.Len() != 0 {
-			sb.WriteString(", ")
+		if strBuilder.Len() != 0 {
+			strBuilder.WriteString(", ")
 		}
-		sb.WriteString(key)
+		strBuilder.WriteString(key)
 	}
-	return sb.String()
+	return strBuilder.String()
 }

 //--------------------------------------------------------------------------------------------------------
@ -158,7 +168,6 @@ type programFlags struct {
 type checkProgram struct {
 	programFlags                   // Flags from the command line
 	plugin       *plugin.Plugin    // Plugin output state
-	getter       certGetter        // Certificate getter
 	certificate  *x509.Certificate // X.509 certificate from the server
 }

@ -198,7 +207,7 @@ func (flags *programFlags) parseArguments() {
 }

 // Initialise the monitoring check program.
-func newProgram() *checkProgram {
+func NewProgram() program.Program {
 	program := &checkProgram{
 		plugin: plugin.New("Certificate check"),
 	}
@ -207,13 +216,13 @@ func newProgram() *checkProgram {
 }

 // Terminate the monitoring check program.
-func (program *checkProgram) close() {
+func (program *checkProgram) Done() {
 	program.plugin.Done()
 }

 // Check the values that were specified from the command line. Returns true
 // if the arguments made sense.
-func (program *checkProgram) checkFlags() bool {
+func (program *checkProgram) CheckArguments() bool {
 	if program.hostname == "" {
 		program.plugin.SetState(plugin.UNKNOWN, "no hostname specified")
 		return false
@ -227,7 +236,7 @@ func (program *checkProgram) checkFlags() bool {
 		return false
 	}
 	if _, ok := certGetters[program.startTLS]; !ok {
-		errstr := fmt.Sprintf("unsupported StartTLS protocol %s", program.startTLS)
+		errstr := "unsupported StartTLS protocol " + program.startTLS
 		program.plugin.SetState(plugin.UNKNOWN, errstr)
 		return false
 	}
@ -239,6 +248,7 @@ func (program *checkProgram) checkFlags() bool {
 // if connecting or performing the TLS handshake fail.
 func (program *checkProgram) getCertificate() error {
 	tlsConfig := &tls.Config{
+		//nolint:gosec // The whole point is to read the certificate.
 		InsecureSkipVerify: true,
 		MinVersion:         tls.VersionTLS10,
 	}
@ -273,7 +283,7 @@ func (program *checkProgram) checkHostName(name string) bool {
 			return true
 		}
 	}
-	program.plugin.AddLine(fmt.Sprintf("missing DNS name %s in certificate", name))
+	program.plugin.AddLine("missing DNS name " + name + " in certificate")
 	return false
 }

@ -283,35 +293,41 @@ func (program *checkProgram) checkNames() bool {
 	if len(program.certificate.DNSNames) == 0 {
 		return program.checkSANlessCertificate()
 	}
-	ok := program.checkHostName(program.hostname)
+	certificateIsOk := program.checkHostName(program.hostname)
 	for _, name := range program.extraNames {
-		ok = program.checkHostName(name) && ok
+		certificateIsOk = program.checkHostName(name) && certificateIsOk
 	}
-	if !ok {
+	if !certificateIsOk {
 		program.plugin.SetState(plugin.CRITICAL, "names missing from SAN domain names")
 	}
-	return ok
+	return certificateIsOk
 }

-// Check a certificate's time to expiry agains the warning and critical
+// Check a certificate's time to expiry against the warning and critical
 // thresholds, returning a status code and description based on these
 // values.
 func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status, string) {
 	if tlDays <= 0 {
 		return plugin.CRITICAL, "certificate expired"
 	}
+
 	var limitStr string
 	var state plugin.Status
-	if program.crit > 0 && tlDays <= program.crit {
+
+	switch {
+	case program.crit > 0 && tlDays <= program.crit:
 		limitStr = fmt.Sprintf(" (<= %d)", program.crit)
 		state = plugin.CRITICAL
-	} else if program.warn > 0 && tlDays <= program.warn {
+
+	case program.warn > 0 && tlDays <= program.warn:
 		limitStr = fmt.Sprintf(" (<= %d)", program.warn)
 		state = plugin.WARNING
-	} else {
+
+	default:
 		limitStr = ""
 		state = plugin.OK
 	}
+
 	statusString := fmt.Sprintf("certificate will expire in %d days%s",
 		tlDays, limitStr)
 	return state, statusString
@ -320,34 +336,26 @@ func (program *checkProgram) checkCertificateExpiry(tlDays int) (plugin.Status,
 // Set the plugin's performance data based on the time left before the
 // certificate expires and the thresholds.
 func (program *checkProgram) setPerfData(tlDays int) {
-	pdat := perfdata.New("validity", perfdata.UOM_NONE, fmt.Sprintf("%d", tlDays))
+	pdat := perfdata.New("validity", perfdata.UomNone, strconv.Itoa(tlDays))
 	if program.crit > 0 {
-		pdat.SetCrit(perfdata.PDRMax(fmt.Sprint(program.crit)))
+		pdat.SetCrit(perfdata.PDRMax(strconv.Itoa(program.crit)))
 	}
 	if program.warn > 0 {
-		pdat.SetWarn(perfdata.PDRMax(fmt.Sprint(program.warn)))
+		pdat.SetWarn(perfdata.PDRMax(strconv.Itoa(program.warn)))
 	}
 	program.plugin.AddPerfData(pdat)
 }

 // Run the check: fetch the certificate, check its names then check its time
 // to expiry and update the plugin's performance data.
-func (program *checkProgram) runCheck() {
+func (program *checkProgram) RunCheck() {
 	err := program.getCertificate()
 	if err != nil {
 		program.plugin.SetState(plugin.UNKNOWN, err.Error())
 	} else if program.checkNames() {
-		timeLeft := program.certificate.NotAfter.Sub(time.Now())
+		timeLeft := time.Until(program.certificate.NotAfter)
 		tlDays := int((timeLeft + 86399*time.Second) / (24 * time.Hour))
 		program.plugin.SetState(program.checkCertificateExpiry(tlDays))
 		program.setPerfData(tlDays)
 	}
 }
-
-func main() {
-	program := newProgram()
-	defer program.close()
-	if program.checkFlags() {
-		program.runCheck()
-	}
-}
--- a/cmd/check_zone_serial/main.go
+++ b/cmd/check_zone_serial/main.go
@ -1,18 +1,20 @@
-package main
+package zoneserial // import nocternity.net/gomonop/cmd/zoneserial

 import (
 	"fmt"
 	"net"
 	"os"
 	"reflect"
+	"strconv"
 	"strings"
 	"time"

-	"nocternity.net/go/monitoring/perfdata"
-	"nocternity.net/go/monitoring/plugin"
-
 	"github.com/karrick/golf"
 	"github.com/miekg/dns"
+
+	"nocternity.net/gomonop/pkg/perfdata"
+	"nocternity.net/gomonop/pkg/plugin"
+	"nocternity.net/gomonop/pkg/program"
 )

 //-------------------------------------------------------------------------------------------------------
@ -32,7 +34,7 @@ type (
 // Query a zone's SOA record through a given DNS and return the response using the channel.
 func queryZoneSOA(dnsq *dns.Msg, hostname string, port int, output responseChannel) {
 	dnsc := new(dns.Client)
-	in, rtt, err := dnsc.Exchange(dnsq, net.JoinHostPort(hostname, fmt.Sprintf("%d", port)))
+	in, rtt, err := dnsc.Exchange(dnsq, net.JoinHostPort(hostname, strconv.Itoa(port)))
 	output <- queryResponse{
 		data: in,
 		rtt:  rtt,
@ -75,7 +77,7 @@ func (flags *programFlags) parseArguments() {
 }

 // Initialise the monitoring check program.
-func newProgram() *checkProgram {
+func NewProgram() program.Program {
 	program := &checkProgram{
 		plugin: plugin.New("DNS zone serial match check"),
 	}
@ -84,16 +86,16 @@ func newProgram() *checkProgram {
 }

 // Terminate the monitoring check program.
-func (program *checkProgram) close() {
+func (program *checkProgram) Done() {
 	if r := recover(); r != nil {
 		program.plugin.SetState(plugin.UNKNOWN, "Internal error")
-		program.plugin.AddLine("Error info: %v", r)
+		program.plugin.AddLinef("Error info: %v", r)
 	}
 	program.plugin.Done()
 }

 // Check the values that were specified from the command line. Returns true if the arguments made sense.
-func (program *checkProgram) checkFlags() bool {
+func (program *checkProgram) CheckArguments() bool {
 	if program.hostname == "" {
 		program.plugin.SetState(plugin.UNKNOWN, "no DNS hostname specified")
 		return false
@ -130,7 +132,7 @@ func (program *checkProgram) queryServers() (queryResponse, queryResponse) {
 	go queryZoneSOA(dnsq, program.hostname, program.port, checkOut)
 	go queryZoneSOA(dnsq, program.rsHostname, program.rsPort, refOut)
 	var checkResponse, refResponse queryResponse
-	for i := 0; i < 2; i++ {
+	for range 2 {
 		select {
 		case m := <-checkOut:
 			checkResponse = m
@ -144,39 +146,36 @@ func (program *checkProgram) queryServers() (queryResponse, queryResponse) {
 // Add a server's RTT to the performance data.
 func (program *checkProgram) addRttPerf(name string, value time.Duration) {
 	s := fmt.Sprintf("%f", value.Seconds())
-	pd := perfdata.New(name, perfdata.UOM_SECONDS, s)
+	pd := perfdata.New(name, perfdata.UomSeconds, s)
 	program.plugin.AddPerfData(pd)
 }

-func (program *checkProgram) addResponseInfo(server string, response queryResponse) {
-}
-
 // Add information about one of the servers' response to the plugin output. This includes
 // the error message if the query failed or the RTT performance data if it succeeded. It
 // then attempts to extract the serial from a server's response and returns it if
 // successful.
 func (program *checkProgram) getSerial(server string, response queryResponse) (ok bool, serial uint32) {
 	if response.err != nil {
-		program.plugin.AddLine("%s server error : %s", server, response.err)
+		program.plugin.AddLinef("%s server error : %s", server, response.err)
 		return false, 0
 	}
-	program.addRttPerf(fmt.Sprintf("%s_rtt", server), response.rtt)
+	program.addRttPerf(server+"_rtt", response.rtt)
 	if len(response.data.Answer) != 1 {
-		program.plugin.AddLine("%s server did not return exactly one record", server)
+		program.plugin.AddLine(server + " server did not return exactly one record")
 		return false, 0
 	}
 	if soa, ok := response.data.Answer[0].(*dns.SOA); ok {
-		program.plugin.AddLine("serial on %s server: %d", server, soa.Serial)
+		program.plugin.AddLinef("serial on %s server: %d", server, soa.Serial)
 		return true, soa.Serial
 	}
 	t := reflect.TypeOf(response.data.Answer[0])
-	program.plugin.AddLine("%s server did not return SOA record; record type: %v", server, t)
+	program.plugin.AddLinef("%s server did not return SOA record; record type: %v", server, t)
 	return false, 0
 }

 // Run the monitoring check. This implies querying both servers, extracting the serial from
 // their responses, then comparing the serials.
-func (program *checkProgram) runCheck() {
+func (program *checkProgram) RunCheck() {
 	checkResponse, refResponse := program.queryServers()
 	cOk, cSerial := program.getSerial("checked", checkResponse)
 	rOk, rSerial := program.getSerial("reference", refResponse)
@ -190,11 +189,3 @@ func (program *checkProgram) runCheck() {
 		program.plugin.SetState(plugin.CRITICAL, "serials mismatch")
 	}
 }
-
-func main() {
-	program := newProgram()
-	defer program.close()
-	if program.checkFlags() {
-		program.runCheck()
-	}
-}