checker-tls/checker/rules_reachability.go

package checker

import (
	"context"
	"fmt"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

// reachabilityRule flags endpoints that did not accept a TCP connection.
type reachabilityRule struct{}

func (r *reachabilityRule) Name() string { return "tls.reachability" }
func (r *reachabilityRule) Description() string {
	return "Verifies that every discovered TLS endpoint accepts a TCP connection."
}

func (r *reachabilityRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, _ sdk.CheckerOptions) []sdk.CheckState {
	data, errSt := loadData(ctx, obs)
	if errSt != nil {
		return []sdk.CheckState{*errSt}
	}
	if len(data.Probes) == 0 {
		return []sdk.CheckState{emptyCaseState("tls.reachability.no_endpoints")}
	}

	var out []sdk.CheckState
	for _, ref := range sortedRefs(data) {
		p := data.Probes[ref]
		if p.TCPError == "" {
			continue
		}
		out = append(out, sdk.CheckState{
			Status:  sdk.StatusCrit,
			Code:    "tls.reachability.tcp_unreachable",
			Subject: subjectOf(p),
			Message: fmt.Sprintf("Cannot open TCP connection to %s: %s", p.Endpoint, p.TCPError),
			Meta:    metaOf(p),
		})
	}
	if len(out) == 0 {
		return []sdk.CheckState{passState(
			"tls.reachability.ok",
			"All discovered endpoints accepted a TCP connection.",
		)}
	}
	return out
}