git Move to go module and add ingress-proxy-addr option

.github/workflows/release.yaml

@@ -0,0 +1,32 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "*"
+
+jobs:
+  goreleaser:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install curl
+        run: sudo apt-get update && sudo apt-get install -y libcurl4 libcurl4-openssl-dev
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: "1.18"
+
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v3
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --rm-dist
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.goreleaser.yaml

@@ -0,0 +1,6 @@
+builds:
+  - id: "squid-auth-healthcheck"
+    goos:
+      - linux
+    goarch:
+      - amd64

Makefile

@@ -0,0 +1,4 @@
+.PHONY: build
+
+build:
+	go build -o squid-auth-healthcheck

README.md

@@ -16,21 +16,28 @@ The user name must be entered in the UPN(User principal name) format. The domain
 
 ```
 squid-auth-healthcheck --proxy-addr 127.0.0.1 --proxy-username [email protected] --proxy-password test --url https://google.com --strict-url --strict-auth --auth-type ntlm --auth-type kerberos --verbose
+```
+
+You can also check the availability of a resource on the Internet by accessing a separate node of the proxy server cluster using the address of the proxy server cluster
 
+```
+squid-auth-healthcheck --cluster-check --ingress-proxy-addr proxy.contoso.com --proxy-addr proxy-node01.contoso.com --proxy-username [email protected] --proxy-password test --url https://google.com --strict-url --strict-auth --auth-type ntlm --auth-type kerberos --verbose
 ```
 
 ## Parameters
 
 ```
 Application Options:
-  -u, --url=            url to check for availability (required)
-      --auth-type=      type of used proxy authentication mechanism. [ntlm, kerberos, no, all] (required)
-      --proxy-addr=     proxy server address (required)
-      --proxy-port=     proxy server port (default: 3128) (default: 3128)
-      --proxy-username= proxy user login
-      --proxy-password= proxy user password
-      --timeout=        healthcheck connection timeout in seconds (default: 2) (default: 2)
-      --strict-url      the check returns a positive result only if all URLs are available
-      --strict-auth     the check returns a positive result only if url are available with all auth method
-  -v, --verbose         output verbose healthcheck information
-```
+  -u, --url=                url to check for availability (required)
+      --auth-type=          type of used proxy authentication mechanism. [ntlm, kerberos, no, all] (required)
+      --proxy-addr=         proxy server address (required)
+      --proxy-port=         proxy server port (default: 3128)
+      --proxy-username=     proxy user login
+      --proxy-password=     proxy user password
+      --timeout=            healthcheck connection timeout in seconds (default: 2)
+      --strict-url          the check returns a positive result only if all URLs are available
+      --strict-auth         the check returns a positive result only if url are available with all auth method
+      --cluster-check       check through proxy cluster node instead standalone proxy server
+      --ingress-proxy-addr= ingress proxy address. It will be used for kerberos verification. This FQDN will be used when forming the request, but the IP address of the node of the proxy server cluster will be used as the IP address
+  -v, --verbose             output verbose healthcheck information
+```

go.mod

@@ -0,0 +1,10 @@
+module github.com/verdel/squid-auth-healthcheck
+
+go 1.18
+
+require (
+	github.com/andelf/go-curl v0.0.0-20200630032108-fd49ff24ed97
+	github.com/jessevdk/go-flags v1.5.0
+)
+
+require golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4 // indirect

go.sum

@@ -0,0 +1,6 @@
+github.com/andelf/go-curl v0.0.0-20200630032108-fd49ff24ed97 h1:Nyfs+rh56aORy2tGMI9GCYEqTfePwL1v47qOzebfv/o=
+github.com/andelf/go-curl v0.0.0-20200630032108-fd49ff24ed97/go.mod h1:WO1d2m1QDzkoPcgn9lgHVMi7qQR5j3jxYjIIvMTHpC0=
+github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
+github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4 h1:EZ2mChiOa8udjfp6rRmswTbtZN/QzUQp4ptM4rnjHvc=
+golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=

app/main.go → main.go

@@ -7,12 +7,12 @@ import (
 	"sync"
 
 	flags "github.com/jessevdk/go-flags"
-	"github.com/verdel/squid-auth-healthcheck/app/checker"
-	"github.com/verdel/squid-auth-healthcheck/app/slice"
+	"github.com/verdel/squid-auth-healthcheck/pkg/checker"
+	"github.com/verdel/squid-auth-healthcheck/pkg/slice"
 )
 
 const (
-	version = "0.0.3"
+	version = "0.0.4"
 )
 
 var opts struct {
@@ -25,6 +25,8 @@ var opts struct {
 	ConnectionTimeout int      `long:"timeout" description:"healthcheck connection timeout in seconds (default: 2)" default:"2"`
 	StrictURL         bool     `long:"strict-url" description:"the check returns a positive result only if all URLs are available"`
 	StrictAuth        bool     `long:"strict-auth" description:"the check returns a positive result only if url are available with all auth method"`
+	ClusterCheck      bool     `long:"cluster-check" description:"check through proxy cluster node instead standalone proxy server"`
+	IngressProxyAddr  string   `long:"ingress-proxy-addr" description:"ingress proxy address. It will be used for kerberos verification. This FQDN will be used when forming the request, but the IP address of the node of the proxy server cluster will be used as the IP address" required:"false"`
 	Verbose           bool     `short:"v" long:"verbose" description:"output verbose healthcheck information"`
 }
 var allowAuthType = []string{"ntlm", "kerberos", "no", "all"}
@@ -64,6 +66,11 @@ func main() {
 		}
 	}
 
+	if opts.ClusterCheck && opts.IngressProxyAddr == "" {
+		fmt.Println("the required flags `--ingress-proxy-addr' were not specified")
+		os.Exit(1)
+	}
+
 	var authType []string
 	if slice.StringInSlice("all", opts.AuthType) {
 		for _, v := range allowAuthType {
@@ -98,7 +105,15 @@ func main() {
 		go ntlm.Check(opts.URL, ch, &wg)
 	}
 	if slice.StringInSlice("kerberos", authType) {
-		kerberos, err := checker.NewAuthKerberos(opts.ProxyAddr, opts.ProxyPort, opts.ProxyUsername, opts.ProxyPassword, opts.ConnectionTimeout)
+		var IngressProxyAddr string
+
+		if opts.ClusterCheck {
+			IngressProxyAddr = opts.IngressProxyAddr
+		} else {
+			IngressProxyAddr = opts.ProxyAddr
+		}
+
+		kerberos, err := checker.NewAuthKerberos(IngressProxyAddr, opts.ProxyAddr, opts.ProxyPort, opts.ProxyUsername, opts.ProxyPassword, opts.ConnectionTimeout)
 		if err != nil {
 			fmt.Println(err)
 			os.Exit(1)

app/checker/kerberos.go → pkg/checker/kerberos.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"io"
+	"net"
 	"os/exec"
 	"sync"
 
@@ -18,16 +19,18 @@ const (
 type AuthKerberos struct {
 	authType          string
 	ProxyAddr         string
+	ProxyNodeAddr     string
 	ProxyPort         int
 	ProxyUsername     string
 	ProxyPassword     string
 	ConnectionTimeout int
 }
 
-func NewAuthKerberos(ProxyAddr string, ProxyPort int, ProxyUsername string, ProxyPassword string, ConnectionTimeout int) (*AuthKerberos, error) {
+func NewAuthKerberos(ProxyAddr string, ProxyNodeAddr string, ProxyPort int, ProxyUsername string, ProxyPassword string, ConnectionTimeout int) (*AuthKerberos, error) {
 	var a AuthKerberos
 	a.authType = "kerberos"
 	a.ProxyAddr = ProxyAddr
+	a.ProxyNodeAddr = ProxyNodeAddr
 	a.ProxyPort = ProxyPort
 	a.ProxyUsername = ProxyUsername
 	a.ProxyPassword = ProxyPassword
@@ -38,7 +41,6 @@ func NewAuthKerberos(ProxyAddr string, ProxyPort int, ProxyUsername string, Prox
 	} else {
 		return &a, nil
 	}
-
 }
 
 func (a *AuthKerberos) loginKRB(username, password string) error {
@@ -66,7 +68,7 @@ func (a *AuthKerberos) loginKRB(username, password string) error {
 
 	err = cmd.Wait()
 	if err != nil {
-		return fmt.Errorf("%s did not run successfully: %v stderr: %s", kinitCmd, err, string(errBuf.Bytes()))
+		return fmt.Errorf("%s did not run successfully: %v stderr: %s", kinitCmd, err, string(errBuf.String()))
 	}
 	return nil
 }
@@ -89,15 +91,22 @@ func (a *AuthKerberos) destroyKRB() error {
 
 	err = cmd.Wait()
 	if err != nil {
-		return fmt.Errorf("%s did not run successfully: %v stderr: %s", kinitCmd, err, string(errBuf.Bytes()))
+		return fmt.Errorf("%s did not run successfully: %v stderr: %s", kinitCmd, err, string(errBuf.String()))
 	}
 	return nil
 }
 
 func (a *AuthKerberos) Check(urls []string, ch chan HealthResponse, wg *sync.WaitGroup) {
+
 	defer a.destroyKRB()
 	var innerWg sync.WaitGroup
 	innerWg.Add(len(urls))
+
+	var proxyNodeIP string
+	if a.ProxyAddr != a.ProxyNodeAddr {
+		proxyNodeIP = getNodeIP(a.ProxyNodeAddr)
+	}
+
 	for _, url := range urls {
 		go func(u string) {
 			conn := curl.EasyInit()
@@ -112,6 +121,9 @@ func (a *AuthKerberos) Check(urls []string, ch chan HealthResponse, wg *sync.Wai
 			conn.Setopt(curl.OPT_TIMEOUT, a.ConnectionTimeout)
 			conn.Setopt(curl.OPT_WRITEFUNCTION, nullHandler)
 			conn.Setopt(curl.OPT_URL, u)
+			if a.ProxyAddr != a.ProxyNodeAddr {
+				conn.Setopt(curl.OPT_RESOLVE, []string{fmt.Sprintf("%s:%d:%s", a.ProxyAddr, a.ProxyPort, proxyNodeIP)})
+			}
 			if err := conn.Perform(); err != nil {
 				ch <- HealthResponse{u, a.authType, 0, 0}
 			} else {
@@ -130,3 +142,8 @@ func (a *AuthKerberos) Check(urls []string, ch chan HealthResponse, wg *sync.Wai
 	innerWg.Wait()
 	wg.Done()
 }
+
+func getNodeIP(ProxyAddr string) string {
+	ips, _ := net.LookupIP(ProxyAddr)
+	return ips[0].String()
+}