From cf54a544e459f6c366c1d0ac0ee86744fee4e028 Mon Sep 17 00:00:00 2001 From: Daniel Jolly Date: Thu, 21 Jul 2022 23:57:45 -0400 Subject: [PATCH] Moved "probe_tls_certificate_info" labels into "probe_ssl_last_chain_info" metric --- prober/grpc.go | 15 ++++++++------- prober/http.go | 15 +++------------ prober/tcp.go | 19 +++++-------------- prober/tls.go | 4 ++-- 4 files changed, 18 insertions(+), 35 deletions(-) diff --git a/prober/grpc.go b/prober/grpc.go index aea373be5..e24f51002 100644 --- a/prober/grpc.go +++ b/prober/grpc.go @@ -109,11 +109,12 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr []string{"version"}, ) - probeTLSCertInformation = prometheus.NewGaugeVec(prometheus.GaugeOpts{ - Name: "probe_tls_certificate_info", - Help: "Returns the information about the certificate", - }, - []string{"subject", "issuer", "subjectalternative"}, + probeSSLLastInformation = prometheus.NewGaugeVec( + prometheus.GaugeOpts{ + Name: "probe_ssl_last_chain_info", + Help: "Contains SSL leaf certificate information", + }, + []string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"}, ) ) @@ -127,7 +128,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr registry.MustRegister(healthCheckResponseGaugeVec) registry.MustRegister(probeSSLEarliestCertExpiryGauge) registry.MustRegister(probeTLSVersion) - registry.MustRegister(probeTLSCertInformation) + registry.MustRegister(probeSSLLastInformation) if !strings.HasPrefix(target, "http://") && !strings.HasPrefix(target, "https://") { target = "http://" + target @@ -210,7 +211,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr isSSLGauge.Set(float64(1)) probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(&tlsInfo.State).Unix())) probeTLSVersion.WithLabelValues(getTLSVersion(&tlsInfo.State)).Set(1) - probeTLSCertInformation.WithLabelValues(getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State)).Set(1) + probeSSLLastInformation.WithLabelValues(getFingerprint(&tlsInfo.State), getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State)).Set(1) } else { isSSLGauge.Set(float64(0)) } diff --git a/prober/http.go b/prober/http.go index c3681053f..8d6c71b55 100644 --- a/prober/http.go +++ b/prober/http.go @@ -282,7 +282,7 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr Name: "probe_ssl_last_chain_info", Help: "Contains SSL leaf certificate information", }, - []string{"fingerprint_sha256"}, + []string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"}, ) probeTLSVersion = prometheus.NewGaugeVec( @@ -293,14 +293,6 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr []string{"version"}, ) - probeTLSCertInformation = prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "probe_tls_certificate_info", - Help: "Returns the information about the certificate", - }, - []string{"subject", "issuer", "subjectalternative"}, - ) - probeHTTPVersionGauge = prometheus.NewGauge(prometheus.GaugeOpts{ Name: "probe_http_version", Help: "Returns the version of HTTP of the probe response", @@ -656,12 +648,11 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr if resp.TLS != nil { isSSLGauge.Set(float64(1)) - registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeTLSCertInformation, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) + registry.MustRegister(probeSSLEarliestCertExpiryGauge, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(resp.TLS).Unix())) probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1) - probeTLSCertInformation.WithLabelValues(getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1) probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix())) - probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS)).Set(1) + probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1) if httpConfig.FailIfSSL { level.Error(logger).Log("msg", "Final request was over SSL") success = false diff --git a/prober/tcp.go b/prober/tcp.go index 71e152161..8f2db40d0 100644 --- a/prober/tcp.go +++ b/prober/tcp.go @@ -102,7 +102,7 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry Name: "probe_ssl_last_chain_info", Help: "Contains SSL leaf certificate information", }, - []string{"fingerprint_sha256"}, + []string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"}, ) probeTLSVersion := prometheus.NewGaugeVec( prometheus.GaugeOpts{ @@ -111,13 +111,6 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry }, []string{"version"}, ) - probeTLSCertInformation := prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "probe_tls_certificate_info", - Help: "Returns the information about the certificate", - }, - []string{"subject", "issuer", "subjectalternative"}, - ) probeFailedDueToRegex := prometheus.NewGauge(prometheus.GaugeOpts{ Name: "probe_failed_due_to_regex", Help: "Indicates if probe failed due to regex", @@ -142,12 +135,11 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry } if module.TCP.TLS { state := conn.(*tls.Conn).ConnectionState() - registry.MustRegister(probeSSLEarliestCertExpiry, probeTLSVersion, probeTLSCertInformation, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) + registry.MustRegister(probeSSLEarliestCertExpiry, probeTLSVersion, probeSSLLastChainExpiryTimestampSeconds, probeSSLLastInformation) probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix())) probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1) - probeTLSCertInformation.WithLabelValues(getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1) probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix())) - probeSSLLastInformation.WithLabelValues(getFingerprint(&state)).Set(1) + probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1) } scanner := bufio.NewScanner(conn) for i, qr := range module.TCP.QueryResponse { @@ -209,12 +201,11 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry // Get certificate expiry. state := tlsConn.ConnectionState() - registry.MustRegister(probeSSLEarliestCertExpiry, probeSSLLastChainExpiryTimestampSeconds, probeTLSCertInformation) + registry.MustRegister(probeSSLEarliestCertExpiry, probeSSLLastChainExpiryTimestampSeconds) probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix())) probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1) - probeTLSCertInformation.WithLabelValues(getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1) probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix())) - probeSSLLastInformation.WithLabelValues(getFingerprint(&state)).Set(1) + probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1) } } return true diff --git a/prober/tls.go b/prober/tls.go index 5b07482d9..7df8e5758 100644 --- a/prober/tls.go +++ b/prober/tls.go @@ -39,12 +39,12 @@ func getFingerprint(state *tls.ConnectionState) string { func getSubject(state *tls.ConnectionState) string { cert := state.PeerCertificates[0] - return cert.Subject.CommonName + return cert.Subject.String() } func getIssuer(state *tls.ConnectionState) string { cert := state.PeerCertificates[0] - return cert.Issuer.CommonName + return cert.Issuer.String() } func getDNSNames(state *tls.ConnectionState) string {