From a0deb020f044fed9104732f92ebda0e2b962098f Mon Sep 17 00:00:00 2001 From: Arondondon Date: Thu, 16 Jan 2025 16:51:28 +0300 Subject: [PATCH 1/3] Fixed monitor certificate lambda --- service_status/monitor_service.py | 1 + 1 file changed, 1 insertion(+) diff --git a/service_status/monitor_service.py b/service_status/monitor_service.py index c1a74761..b99f9097 100644 --- a/service_status/monitor_service.py +++ b/service_status/monitor_service.py @@ -152,6 +152,7 @@ def _get_certification_expiration_date_for_given_service(self, endpoint): endpoint = self.obj_util.remove_http_https_prefix(url=endpoint) hostname = endpoint.split(":")[0] port = endpoint.split(":")[1] + port = port.rstrip("/") context = ssl.create_default_context() with socket.create_connection((hostname, port)) as sock: with context.wrap_socket(sock, server_hostname=hostname) as ssock: From 26e57dc71ee034625539ee669623a86f3f05c17e Mon Sep 17 00:00:00 2001 From: Arondondon Date: Thu, 16 Jan 2025 17:17:14 +0300 Subject: [PATCH 2/3] Fixed monitor certificate lambda x2 --- service_status/monitor_service.py | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/service_status/monitor_service.py b/service_status/monitor_service.py index b99f9097..7febc2eb 100644 --- a/service_status/monitor_service.py +++ b/service_status/monitor_service.py @@ -3,6 +3,7 @@ import datetime as dt import ssl import socket +from urllib.parse import urlparse from service_status.config import REGION_NAME, NOTIFICATION_ARN, SLACK_HOOK, NETWORKS, NETWORK_ID, \ CERTIFICATION_EXPIRATION_THRESHOLD from common.boto_utils import BotoUtils @@ -146,19 +147,22 @@ def _send_notification_for_certificate_expiration(self, org_id, service_id, endp self._send_slack_notification(slack_message=slack_message) def _get_certification_expiration_date_for_given_service(self, endpoint): - endpoint = endpoint.lstrip() - if self._valid_url(url=endpoint): - if self._is_https_endpoint(endpoint): - endpoint = self.obj_util.remove_http_https_prefix(url=endpoint) - hostname = endpoint.split(":")[0] - port = endpoint.split(":")[1] - port = port.rstrip("/") - context = ssl.create_default_context() - with socket.create_connection((hostname, port)) as sock: - with context.wrap_socket(sock, server_hostname=hostname) as ssock: - data = json.dumps(ssock.getpeercert()) - expiration_date = json.loads(data)["notAfter"] - return dt.datetime.strptime(expiration_date, "%b %d %H:%M:%S %Y %Z") + try: + endpoint = endpoint.lstrip() + if self._valid_url(url=endpoint): + if self._is_https_endpoint(endpoint): + url = urlparse(endpoint).netloc + hostname, port = url.split(":") + port = int(port) + context = ssl.create_default_context() + with socket.create_connection((hostname, port)) as sock: + with context.wrap_socket(sock, server_hostname=hostname) as ssock: + data = json.dumps(ssock.getpeercert()) + expiration_date = json.loads(data)["notAfter"] + return dt.datetime.strptime(expiration_date, "%b %d %H:%M:%S %Y %Z") + except Exception as e: + logger.exception(e) + return None @staticmethod def _get_certificate_expiration_email_notification_subject(org_id, service_id, endpoint): From 315e8af676ed435433fb4c58ead346593a6a522d Mon Sep 17 00:00:00 2001 From: Arondondon Date: Thu, 16 Jan 2025 17:40:48 +0300 Subject: [PATCH 3/3] Fixed monitor certificate lambda x3 --- service_status/monitor_service.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/service_status/monitor_service.py b/service_status/monitor_service.py index 7febc2eb..e7580b91 100644 --- a/service_status/monitor_service.py +++ b/service_status/monitor_service.py @@ -151,9 +151,9 @@ def _get_certification_expiration_date_for_given_service(self, endpoint): endpoint = endpoint.lstrip() if self._valid_url(url=endpoint): if self._is_https_endpoint(endpoint): - url = urlparse(endpoint).netloc - hostname, port = url.split(":") - port = int(port) + url = urlparse(endpoint) + hostname = url.hostname + port = url.port context = ssl.create_default_context() with socket.create_connection((hostname, port)) as sock: with context.wrap_socket(sock, server_hostname=hostname) as ssock: