From a86c84ecd3df3fc998f7a762e8bf4e0ecc6ec7a6 Mon Sep 17 00:00:00 2001 From: Dennis Stritzke Date: Mon, 30 Jul 2018 15:31:23 +0200 Subject: [PATCH] Reporting connections set to auto=ignore as ignored. Closes #4 --- README.md | 3 +- ipsecexporter/ipsec.go | 40 +++++++++++++++++++------ ipsecexporter/ipsec_test.go | 60 +++++++++++++++++++++++++++++-------- 3 files changed, 81 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 17fc012..a6688f6 100644 --- a/README.md +++ b/README.md @@ -23,4 +23,5 @@ connection. The output is parsed. | ipsec_status | 0 | The connection is established and tunnel is installed. The tunnel is up and running. | | ipsec_status | 1 | The connection is established, but the tunnel is not up. | | ipsec_status | 2 | The tunnel is down. | -| ipsec_status | 3 | The tunnel is in an unknown state. | \ No newline at end of file +| ipsec_status | 3 | The tunnel is in an unknown state. | +| ipsec_status | 4 | The tunnel is ignored. | \ No newline at end of file diff --git a/ipsecexporter/ipsec.go b/ipsecexporter/ipsec.go index 84113e7..f5dfb41 100644 --- a/ipsecexporter/ipsec.go +++ b/ipsecexporter/ipsec.go @@ -8,10 +8,15 @@ import ( "strconv" "io/ioutil" "github.com/prometheus/common/log" -) + ) + +type IpSecConnection struct { + name string + ignored bool +} type IpSecConfiguration struct { - tunnel []string + tunnel []IpSecConnection } type IpSecStatus struct { @@ -23,6 +28,7 @@ const ( connectionEstablished int = 1 down int = 2 unknown int = 3 + ignored int = 4 ) func FetchIpSecConfiguration(fileName string) (IpSecConfiguration, error) { @@ -40,13 +46,18 @@ func (c IpSecConfiguration) QueryStatus() IpSecStatus { } for _, connection := range c.tunnel { - cmd := exec.Command("ipsec", "status", connection) + if connection.ignored { + s.status[connection.name] = ignored + continue + } + + cmd := exec.Command("ipsec", "status", connection.name) if out, err := cmd.Output(); err != nil { log.Warnf("Were not able to execute 'ipsec status %s'. %v", connection, err) - continue + s.status[connection.name] = unknown } else { status := getStatus(out) - s.status[connection] = status + s.status[connection.name] = status } } @@ -93,18 +104,29 @@ func loadConfig(fileName string) (string, error) { return s, nil } -func getConfiguredIpSecConnection(ipsecConfigLines []string) []string { - connectionNames := []string{} +func getConfiguredIpSecConnection(ipsecConfigLines []string) []IpSecConnection { + connections := []IpSecConnection{} for _, line := range ipsecConfigLines { + // Match connection definition lines re := regexp.MustCompile(`conn\s([a-zA-Z0-9_-]+)`) match := re.FindStringSubmatch(line) if len(match) >= 2 { - connectionNames = append(connectionNames, match[1]) + connections = append(connections, IpSecConnection{name: match[1], ignored: false}) + } + + // Match auto=ignore lines + reAutoIgnore := regexp.MustCompile(`auto=ignore`) + matchAutoIgnore := reAutoIgnore.FindStringSubmatch(line) + if len(matchAutoIgnore) >= 1 { + connectionIndex := len(connections) - 1 + if len(connections) > connectionIndex { + connections[connectionIndex].ignored = true + } } } - return connectionNames + return connections } func extractLines(ipsecConfig string) []string { diff --git a/ipsecexporter/ipsec_test.go b/ipsecexporter/ipsec_test.go index 3fe5088..eaee89c 100644 --- a/ipsecexporter/ipsec_test.go +++ b/ipsecexporter/ipsec_test.go @@ -13,8 +13,8 @@ func TestGetConfiguredIpSecConnections_simpleLine(t *testing.T) { return } - if connections[0] != "fancy_dc" { - t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0]) + if connections[0].name != "fancy_dc" { + t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0].name) } } @@ -27,8 +27,8 @@ func TestGetConfiguredIpSecConnections_connectionIncludingNumber(t *testing.T) { return } - if connections[0] != "fancy_345" { - t.Errorf("Should have found connection 'fancy_345', but found %s", connections[0]) + if connections[0].name != "fancy_345" { + t.Errorf("Should have found connection 'fancy_345', but found %s", connections[0].name) } } @@ -41,8 +41,8 @@ func TestGetConfiguredIpSecConnections_simpleLineAndComment(t *testing.T) { return } - if connections[0] != "fancy_dc" { - t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0]) + if connections[0].name != "fancy_dc" { + t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0].name) } } @@ -55,8 +55,8 @@ func TestGetConfiguredIpSecConnections_withDefault(t *testing.T) { return } - if connections[0] != "fancy_dc" { - t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0]) + if connections[0].name != "fancy_dc" { + t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0].name) } } @@ -69,12 +69,48 @@ func TestGetConfiguredIpSecConnections_withNewLines(t *testing.T) { return } - if connections[0] != "fancy_dc" { - t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0]) + if connections[0].name != "fancy_dc" { + t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0].name) } - if connections[1] != "second_dc" { - t.Errorf("Should have found connection 'second_dc', but found %s", connections[1]) + if connections[1].name != "second_dc" { + t.Errorf("Should have found connection 'second_dc', but found %s", connections[1].name) + } +} + +func TestGetConfiguredIpSecConnections_autoIgnore(t *testing.T) { + input := []string{"conn fancy_dc", " auto=ignore"} + connections := getConfiguredIpSecConnection(input) + + if len(connections) != 1 { + t.Errorf("Expected to have found 1 connection, but has found %d", len(connections)) + return + } + + if connections[0].name != "fancy_dc" { + t.Errorf("Should have found connection 'fancy_dc', but found %s", connections[0].name) + } + + if !connections[0].ignored { + t.Errorf("Expected connection to be ignored") + } +} + +func TestGetConfiguredIpSecConnections_autoIgnoreMultipleTunnels(t *testing.T) { + input := []string{"conn fancy_dc", " esp=aes256-sha256-modp2048!", "", " left=10.0.0.7", "", "conn second_dc", " auto=ignore"} + connections := getConfiguredIpSecConnection(input) + + if len(connections) != 2 { + t.Errorf("Expected to have found 2 connection, but has found %d", len(connections)) + return + } + + if connections[0].ignored { + t.Errorf("Expected connection '%s' not to be ignored", connections[0].name) + } + + if !connections[1].ignored { + t.Errorf("Expected connection '%s' to be ignored", connections[1].name) } }