| Age | Commit message (Collapse) | Author |
|---|
|
When a failure occurs in looking up IPv4 addresses we confirm
that, similarly when/if IPv6 lookups fail we confirm that before
raising the alert.
|
|
That is then tested when resolve-errors are handled.
|
|
We've had a problem for the past few weeks (?) where we see
false DNS errors when making http/https requests with `curb`/`libcurl`.
To resolve these issues properly we're going to have to rewrite
the code to avoid the current gem. However that is considerable work
because of the hole we've back ourself into - wanting to test both
IPv4 and IPv6 "properly". We'll have to duplicate that work if
we use `net/http`, or even mroe so if we use `open3` and exec
`curl -4|-6 ..`
For the moment this commit changes how things are handled to deal
with the issue we see - which doesn't solve the problem but will
mask it.
When custodian runs a test it will return a status-code:
* Custodian::TestResult::TEST_FAILED
* The test failed, such that an alert should be raised.
* Custodian::TestResult::TEST_PASSED
* The test succeeded, such that any previous alert should be cleared.
* Custodian::TestResult::TEST_SKIPPED
* Nothing should be done.
As the failure we see is very very specific - an exception is thrown
of the type `Curl::Err::HostResolutionError` - we can catch that
and return `TEST_SKIPPED`. That means that there will be no
(urgent) alert.
Obviously the potential risk of swallowing all DNS-failures is that
a domain might expire and we'd never know. So we'll do a little
better than merely skipping the test if there are DNS failures:
* If we see a DNS failure.
* Then we try to lookup the host as an A & AAAA record.
* If that succeeds we decide the issue was bogus.
* If that fails then the host legitimately doesn't resolve so we raise an alert.
To recap:
* If a host fails normally - bogus status-code, or missing text - we behave as we did in the past.
* Only in the case of a DNS-error from curb/curl do we go down this horrid path.
* Where we try to confirm the error, and swallow it if false.
This closes #13.
|
|
|
|
This is part of #13.
|
|
|
|
Rather than:
with auth 'username:password'
We use:
http://user:pass@example.com/
|
|
Supply this like so:
http://example.com/ must run http with auth 'username:passw0rd' with status 200 otherwise 'failure'
|
|
These warnings were largely whitespace-based.
|
|
We cannot allow HTTP/HTTPS to be limited by protocol,
such as IPv4-only or IPv6-only. Raise an error in the
parser if this is attempted.
Added test-case to confirm, and this closes #12488.
|
|
It should match the next occurrence of the opening quote type, not the
last.
|
|
It now matches "can't match" and 'he said "ha!"'.
Added tests.
|
|
This changes the parser from only allowing this:
http://example.com/ must run http with content 'reserved'.
To allowing both of these:
http://example.com/ must run http with content "reservered".
http://example.com/ must run http with content 'reserved'.
|
|
This prevents a slightly ugly backtrace instead of a genuinely
useful report.
|
|
This update consists of two changes:
* No longer return "true" or "false" instead return "TEST_FAILED", or "TEST_SUCCEEDED".
* Removed the testing of test-inversion from the class, now it lives in the base-class where it should have done all along.
|
|
|
|
These were all identified and suggested by rubocop.
|
|
|
|
So "foo" is less good than 'foo'.
|
|
|
|
The last expression of a method is the return value. So:
def foo; false ; end
Is the same as:
def foo; return false; end
|
|
|
|
This is neater. Flagged by rubocop
|
|
|
|
These are not required if the argument is string already, or has
a _to_s method which will be automatically invoked by magic.
|
|
|
|
|
|
|
|
|
|
|
|
appending ?ctime=XX to HTTP/HTTPS-requests.
|
|
The global configuration file, /etc/custodian/custodian.cfg, has a
timeout=XX setting in it. Until now we've ignored it and used a
fixed timeout of 20/30 seconds.
Now we fully honour the specified value.
|
|
are followed.
Added test-cases to match.
|
|
|
|
|
|
scheme of the URL.
e.g. This is wrong:
https://example.com/ must run http ..
("https" != "http").
|
|
|
|
incorrectly.
Fixed this now, based on the URL and added a test case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
