Initial commit
This commit is contained in:
commit
9b128d22ed
18 changed files with 2364 additions and 0 deletions
99
checker/rule.go
Normal file
99
checker/rule.go
Normal file
|
|
@ -0,0 +1,99 @@
|
|||
package checker
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
sdk "git.happydns.org/checker-sdk-go/checker"
|
||||
)
|
||||
|
||||
func Rule() sdk.CheckRule {
|
||||
return &ldapRule{}
|
||||
}
|
||||
|
||||
type ldapRule struct{}
|
||||
|
||||
func (r *ldapRule) Name() string {
|
||||
return "ldap_server"
|
||||
}
|
||||
|
||||
func (r *ldapRule) Description() string {
|
||||
return "Checks discovery, transport security (StartTLS / LDAPS), RootDSE, SASL posture and (optionally) bind credentials of an LDAP directory."
|
||||
}
|
||||
|
||||
func (r *ldapRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts sdk.CheckerOptions) []sdk.CheckState {
|
||||
var data LDAPData
|
||||
if err := obs.Get(ctx, ObservationKeyLDAP, &data); err != nil {
|
||||
return []sdk.CheckState{{
|
||||
Status: sdk.StatusError,
|
||||
Message: fmt.Sprintf("failed to load LDAP observation: %v", err),
|
||||
Code: "ldap.observation_error",
|
||||
}}
|
||||
}
|
||||
|
||||
issues := append([]Issue(nil), data.Issues...)
|
||||
|
||||
// Fold related TLS observations (from a downstream TLS checker, if any)
|
||||
// into the LDAP issue list so cert/chain problems show up on the LDAP
|
||||
// service page without requiring a separate glance at the TLS checker.
|
||||
related, _ := obs.GetRelated(ctx, TLSRelatedKey)
|
||||
issues = append(issues, tlsIssuesFromRelated(related)...)
|
||||
|
||||
withIssue := make(map[string]bool, len(issues))
|
||||
out := make([]sdk.CheckState, 0, len(issues)+len(data.Endpoints))
|
||||
|
||||
for _, is := range issues {
|
||||
st := sdk.CheckState{
|
||||
Status: severityToStatus(is.Severity),
|
||||
Message: is.Message,
|
||||
Code: is.Code,
|
||||
Subject: is.Endpoint,
|
||||
}
|
||||
if is.Fix != "" {
|
||||
st.Meta = map[string]any{"fix": is.Fix}
|
||||
}
|
||||
out = append(out, st)
|
||||
if is.Endpoint != "" {
|
||||
withIssue[is.Endpoint] = true
|
||||
}
|
||||
}
|
||||
|
||||
for _, ep := range data.Endpoints {
|
||||
if withIssue[ep.Address] || !ep.TCPConnected {
|
||||
continue
|
||||
}
|
||||
out = append(out, sdk.CheckState{
|
||||
Status: sdk.StatusOK,
|
||||
Message: fmt.Sprintf("%s endpoint operational (TLS=%v)", ep.Mode, ep.TLSEstablished),
|
||||
Code: "ldap.ok",
|
||||
Subject: ep.Address,
|
||||
Meta: map[string]any{
|
||||
"mode": string(ep.Mode),
|
||||
"tls_established": ep.TLSEstablished,
|
||||
"rootdse_read": ep.RootDSERead,
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
if len(out) == 0 {
|
||||
return []sdk.CheckState{{
|
||||
Status: sdk.StatusInfo,
|
||||
Message: "no LDAP endpoint discovered",
|
||||
Code: "ldap.nothing_to_evaluate",
|
||||
}}
|
||||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func severityToStatus(sev string) sdk.Status {
|
||||
switch sev {
|
||||
case SeverityCrit:
|
||||
return sdk.StatusCrit
|
||||
case SeverityWarn:
|
||||
return sdk.StatusWarn
|
||||
case SeverityInfo:
|
||||
return sdk.StatusInfo
|
||||
default:
|
||||
return sdk.StatusOK
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue