-
Notifications
You must be signed in to change notification settings - Fork 32
/
Copy pathmonitor.go
151 lines (130 loc) · 4.11 KB
/
monitor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package main
import (
"encoding/base64"
"fmt"
"net/http"
"sync"
"time"
"github.com/DataDog/datadog-go/v5/statsd"
"github.com/mozilla-services/autograph/formats"
"github.com/mozilla-services/autograph/signer"
log "github.com/sirupsen/logrus"
)
// A monitor of signer health
type monitor struct {
// Read-only.
signers []signer.Signer
// Results from checking signers.
sigerrstrs []string
sigresps []formats.SignatureResponse
// Protects sigerrstrs and sigresps.
sync.RWMutex
// Used to signal, by closing it, that the results
// have been populated with an initial check
initialized chan interface{}
// Proxy to autographer.authorize.
authorize func(r *http.Request, body []byte) (userid string, err error)
// Copy of autographer.debug.
debug bool
// Closed on exit of the autographer instance.
exit chan interface{}
stats statsd.ClientInterface
}
// The monitor loop, should run in a separate goroutine.
func (m *monitor) start(duration time.Duration) {
if duration.Nanoseconds() <= 0 {
duration = 5 * time.Minute
log.Infof("monitor: using 5m instead of invalid interval %q", duration)
}
ticker := time.NewTicker(duration)
defer ticker.Stop()
// Perform an initial check.
m.checkSigners()
close(m.initialized)
for {
select {
case <-ticker.C:
m.checkSigners()
case <-m.exit:
return
}
}
}
func (m *monitor) checkSigners() {
m.Lock()
defer m.Unlock()
for i, s := range m.signers {
// First try the DataSigner interface. If the signer doesn't
// implement it, try the FileSigner interface. If that's still
// not implemented, return an error.
if _, ok := s.(signer.DataSigner); ok {
// sign with data set to the base64 of the string 'AUTOGRAPH MONITORING'
sig, err := s.(signer.DataSigner).SignData(MonitoringInputData, s.(signer.DataSigner).GetDefaultOptions())
if err != nil {
m.sigerrstrs[i] = fmt.Sprintf("data signing for %s failed with error: %v", s.Config().ID, err)
continue
}
encodedsig, err := sig.Marshal()
if err != nil {
m.sigerrstrs[i] = fmt.Sprintf("encoding failed for %s with error: %v", s.Config().ID, err)
continue
}
m.sigerrstrs[i] = ""
m.sigresps[i] = formats.SignatureResponse{
Ref: id(),
Type: s.Config().Type,
Mode: s.Config().Mode,
SignerID: s.Config().ID,
PublicKey: s.Config().PublicKey,
Signature: encodedsig,
X5U: s.Config().X5U,
SignerOpts: s.Config().SignerOpts,
}
continue
}
if _, ok := s.(signer.FileSigner); ok {
// Signers that only implement the FileSigner interface must
// also implement the TestFileGetter interface to return a valid
// test file that can be used here to monitor the signer.
if _, ok := s.(signer.TestFileGetter); !ok {
m.sigerrstrs[i] = fmt.Sprintf("signer %q implements FileSigner but not the TestFileGetter interface", s.Config().ID)
continue
}
output, err := s.(signer.FileSigner).SignFile(s.(signer.TestFileGetter).GetTestFile(), s.(signer.FileSigner).GetDefaultOptions())
if err != nil {
m.sigerrstrs[i] = fmt.Sprintf("file signing failed for %s with error: %v", s.Config().ID, err)
continue
}
signedfile := base64.StdEncoding.EncodeToString(output)
m.sigerrstrs[i] = ""
m.sigresps[i] = formats.SignatureResponse{
Ref: id(),
Type: s.Config().Type,
Mode: s.Config().Mode,
SignerID: s.Config().ID,
PublicKey: s.Config().PublicKey,
SignedFile: signedfile,
X5U: s.Config().X5U,
SignerOpts: s.Config().SignerOpts,
}
continue
}
m.sigerrstrs[i] = fmt.Sprintf("signer %q does not implement DataSigner or FileSigner interfaces", s.Config().ID)
}
}
func newMonitor(ag *autographer, duration time.Duration) *monitor {
m := new(monitor)
m.authorize = func(r *http.Request, body []byte) (userid string, err error) {
return ag.authorize(r, body)
}
signers := ag.getSigners()
m.signers = signers
m.sigerrstrs = make([]string, len(signers))
m.sigresps = make([]formats.SignatureResponse, len(signers))
m.initialized = make(chan interface{})
m.exit = ag.exit
m.debug = ag.debug
m.stats = ag.stats
go m.start(duration)
return m
}