Rename project to OrbitalWard
Add optional TLS certificate expiry checks for website monitors and update product, package, environment, Docker, and documentation naming.
This commit is contained in:
Keith Smith
@@ -1 +1 @@
|
||||
"""InfraPulse worker package."""
|
||||
"""OrbitalWard worker package."""
|
||||
|
||||
@@ -1,7 +1,13 @@
|
||||
from dataclasses import dataclass
|
||||
from datetime import UTC, datetime
|
||||
import asyncio
|
||||
import socket
|
||||
import ssl
|
||||
from time import perf_counter
|
||||
from urllib.parse import urlparse
|
||||
|
||||
import httpx
|
||||
from cryptography import x509
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
@@ -11,6 +17,8 @@ class WebsiteCheckConfig:
|
||||
expected_text: str | None = None
|
||||
unexpected_text: str | None = None
|
||||
timeout_seconds: float = 10.0
|
||||
check_tls_expiry: bool = False
|
||||
tls_warning_days: int = 30
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
@@ -22,6 +30,12 @@ class WebsiteCheckResult:
|
||||
|
||||
async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
|
||||
started = perf_counter()
|
||||
|
||||
if config.check_tls_expiry:
|
||||
tls_result = await check_tls_expiry(config.url, config.tls_warning_days, config.timeout_seconds)
|
||||
if tls_result is not None:
|
||||
return tls_result
|
||||
|
||||
try:
|
||||
async with httpx.AsyncClient(follow_redirects=True, timeout=config.timeout_seconds) as client:
|
||||
response = await client.get(config.url)
|
||||
@@ -48,3 +62,52 @@ async def run_website_check(config: WebsiteCheckConfig) -> WebsiteCheckResult:
|
||||
message="Unexpected text was present",
|
||||
)
|
||||
return WebsiteCheckResult(status="up", response_time_ms=response_time_ms, message="Website check passed")
|
||||
|
||||
|
||||
async def check_tls_expiry(url: str, warning_days: int, timeout_seconds: float) -> WebsiteCheckResult | None:
|
||||
parsed_url = urlparse(url)
|
||||
if parsed_url.scheme != "https":
|
||||
return None
|
||||
if not parsed_url.hostname:
|
||||
return WebsiteCheckResult(status="down", response_time_ms=None, message="TLS check could not determine the hostname")
|
||||
|
||||
started = perf_counter()
|
||||
try:
|
||||
expires_at = await _get_certificate_expiry(parsed_url.hostname, parsed_url.port or 443, timeout_seconds)
|
||||
except (OSError, ssl.SSLError, ValueError) as exc:
|
||||
return WebsiteCheckResult(status="down", response_time_ms=None, message=f"TLS certificate check failed: {exc}")
|
||||
|
||||
response_time_ms = int((perf_counter() - started) * 1000)
|
||||
now = datetime.now(UTC)
|
||||
days_remaining = (expires_at - now).total_seconds() / 86400
|
||||
if days_remaining < 0:
|
||||
return WebsiteCheckResult(
|
||||
status="down",
|
||||
response_time_ms=response_time_ms,
|
||||
message=f"TLS certificate expired on {expires_at.date().isoformat()}",
|
||||
)
|
||||
if days_remaining <= warning_days:
|
||||
return WebsiteCheckResult(
|
||||
status="warning",
|
||||
response_time_ms=response_time_ms,
|
||||
message=f"TLS certificate expires in {int(days_remaining)} days on {expires_at.date().isoformat()}",
|
||||
)
|
||||
return None
|
||||
|
||||
|
||||
async def _get_certificate_expiry(hostname: str, port: int, timeout_seconds: float) -> datetime:
|
||||
return await asyncio.to_thread(_get_certificate_expiry_sync, hostname, port, timeout_seconds)
|
||||
|
||||
|
||||
def _get_certificate_expiry_sync(hostname: str, port: int, timeout_seconds: float) -> datetime:
|
||||
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
with socket.create_connection((hostname, port), timeout=timeout_seconds) as sock:
|
||||
with context.wrap_socket(sock, server_hostname=hostname) as tls_sock:
|
||||
certificate_bytes = tls_sock.getpeercert(binary_form=True)
|
||||
|
||||
if not certificate_bytes:
|
||||
raise ValueError("certificate did not include an expiry date")
|
||||
certificate = x509.load_der_x509_certificate(certificate_bytes)
|
||||
return certificate.not_valid_after_utc
|
||||
|
||||
@@ -6,9 +6,9 @@ from pydantic_settings import BaseSettings, SettingsConfigDict
|
||||
class Settings(BaseSettings):
|
||||
model_config = SettingsConfigDict(env_file=".env", extra="ignore")
|
||||
|
||||
infrapulse_env: str = "development"
|
||||
infrapulse_secret_key: str = "change-me"
|
||||
database_url: str = "postgresql+psycopg://infrapulse:infrapulse@postgres:5432/infrapulse"
|
||||
orbitalward_env: str = "development"
|
||||
orbitalward_secret_key: str = "change-me"
|
||||
database_url: str = "postgresql+psycopg://orbitalward:orbitalward@postgres:5432/orbitalward"
|
||||
redis_url: str = "redis://redis:6379/0"
|
||||
frontend_url: str = "http://localhost:5173"
|
||||
backend_url: str = "http://localhost:8000"
|
||||
|
||||
@@ -22,7 +22,7 @@ class Scheduler:
|
||||
self._stopped = asyncio.Event()
|
||||
|
||||
async def run(self) -> None:
|
||||
logger.info("InfraPulse worker started for %s", settings.infrapulse_env)
|
||||
logger.info("OrbitalWard worker started for %s", settings.orbitalward_env)
|
||||
while not self._stopped.is_set():
|
||||
await self.tick()
|
||||
try:
|
||||
@@ -63,6 +63,8 @@ class Scheduler:
|
||||
expected_text=monitor.config.get("expected_text") or None,
|
||||
unexpected_text=monitor.config.get("unexpected_text") or None,
|
||||
timeout_seconds=float(monitor.config.get("timeout_seconds", 10)),
|
||||
check_tls_expiry=bool(monitor.config.get("check_tls_expiry", False)),
|
||||
tls_warning_days=int(monitor.config.get("tls_warning_days", 30)),
|
||||
)
|
||||
result = await run_website_check(config)
|
||||
now = datetime.now(UTC)
|
||||
@@ -164,7 +166,7 @@ class Scheduler:
|
||||
await self._post_webhook(
|
||||
url,
|
||||
self._format_incident_message(incident, monitor, event_type),
|
||||
str((channel.settings or {}).get("username") or "InfraPulse"),
|
||||
str((channel.settings or {}).get("username") or "OrbitalWard"),
|
||||
)
|
||||
except httpx.HTTPError:
|
||||
logger.exception("Notification delivery failed for channel %s", channel.id)
|
||||
@@ -205,5 +207,5 @@ class Scheduler:
|
||||
last_message = (incident.details or {}).get("last_message")
|
||||
if last_message:
|
||||
body.append(f"Last response: {last_message}")
|
||||
body.extend(["", f"View in InfraPulse: {settings.frontend_url}/incidents/{incident.id}"])
|
||||
body.extend(["", f"View in OrbitalWard: {settings.frontend_url}/incidents/{incident.id}"])
|
||||
return "\n".join(str(line) for line in body)
|
||||
|
||||
@@ -7,7 +7,7 @@ from app.config import settings
|
||||
|
||||
|
||||
def _fernet() -> Fernet:
|
||||
digest = hashlib.sha256(settings.infrapulse_secret_key.encode("utf-8")).digest()
|
||||
digest = hashlib.sha256(settings.orbitalward_secret_key.encode("utf-8")).digest()
|
||||
return Fernet(base64.urlsafe_b64encode(digest))
|
||||
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
[project]
|
||||
name = "infrapulse-worker"
|
||||
name = "orbitalward-worker"
|
||||
version = "0.1.0"
|
||||
description = "InfraPulse background worker"
|
||||
description = "OrbitalWard background worker"
|
||||
requires-python = ">=3.12"
|
||||
dependencies = [
|
||||
"cryptography>=48.0.0",
|
||||
|
||||
Reference in New Issue
Block a user