Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] possible repackaging of audit checks #1050

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

[DRAFT] possible repackaging of audit checks #1050

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0877db5
Draft possible repackaging of audit checks
mprimi Apr 26, 2024
42067c3
fixup! Draft possible repackaging of audit checks
mprimi Apr 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
83 changes: 83 additions & 0 deletions audit/checks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
package audit

import (
"fmt"

"github.com/nats-io/natscli/archive"
)

type Check struct {
Name string
Description string
fun checkFunc
}

type Outcome int
type checkFunc func(reader *archive.Reader) (Outcome, error)

const (
Pass Outcome = iota
PassWithIssues Outcome = iota
Fail Outcome = iota
Skipped Outcome = iota
)

func (o Outcome) String() string {
switch o {
case Fail:
return "FAIL"
case Pass:
return "PASS"
case PassWithIssues:
return "WARN"
case Skipped:
return "SKIP"
default:
panic(fmt.Sprintf("Uknown outcome code: %d", o))
}
}

func (c *Check) Run(reader *archive.Reader) (Outcome, error) {
outcome, err := c.fun(reader)
if err != nil {
return Skipped, fmt.Errorf("check %s failed: %w", c.Name, err)
}
return outcome, nil
}

func GetDefaultChecks() []Check {

// Defaults
const (
cpuThreshold = 0.9 // Warn using >90% CPU
)

return []Check{
{
Name: "Server version",
Description: "Verify that the entire fleet is running the same nats-server version",
fun: checkServerVersion,
},
{
Name: "CPU Usage",
Description: "Verify that aggregate CPU usage for each server is below a given threshold",
fun: makeCheckCPUUsage(cpuThreshold),
},
}
}

// This is an example of non-parametrized check
func checkServerVersion(reader *archive.Reader) (Outcome, error) {
// TODO for each server VARZ in archive, save version
// if de-duplicated list of versions > 1, fail
return Pass, nil
}

// This is an example of a parametrized check
func makeCheckCPUUsage(threshold float64) checkFunc {
return func(reader *archive.Reader) (Outcome, error) {
// TODO for each server VARZ in archive, ...
// if usage > threshold ...
return Pass, nil
}
}
11 changes: 11 additions & 0 deletions cli/audit_analyze_command.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
"github.com/choria-io/fisk"
"github.com/nats-io/nats-server/v2/server"
"github.com/nats-io/natscli/archive"
"github.com/nats-io/natscli/audit"
)

type auditAnalyzeCmd struct {
Expand Down Expand Up @@ -144,6 +145,16 @@ func (cmd *auditAnalyzeCmd) analyze(_ *fisk.ParseContext) error {
}
}()

// What command might look like using the new package:

for _, check := range audit.GetDefaultChecks() {
outcome, err := check.Run(ar)
if err != nil {
return err
}
fmt.Printf("%s - %s\n%s\n\n", check.Name, outcome, check.Description)
}

// Prepare table of check and their outcome
type checkSummary struct {
name string
Expand Down