prober/tls: adding metric to expose certificate fingerprint info #678
Conversation
prober/tcp.go
Outdated
| @@ -98,6 +98,13 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry | |||
| Name: "probe_ssl_last_chain_expiry_timestamp_seconds", | |||
| Help: "Returns last SSL chain expiry in unixtime", | |||
| }) | |||
| probeSSLFingerprint := prometheus.NewGaugeVec( | |||
| prometheus.GaugeOpts{ | |||
| Name: "probe_ssl_fingerprint_info", | |||
There was a problem hiding this comment.
This should mention that it's the leaf. Also you generally want to avoid an info metric per label name, so I'd not put fingerprint in the name.
There was a problem hiding this comment.
@brian-brazil thanks for the hint on the first part, going to change it. Could you please elaborate a bit more what you mean by "info metric per label name" as I'm unable to follow you?
There was a problem hiding this comment.
Don't put the word fingerprint into the metric name, as that prevents us putting other leaf cert information in here too.
There was a problem hiding this comment.
Okay got you. Going to change it to probe_ssl_leaf_info or do you have a better idea?
There was a problem hiding this comment.
probe_ssl_last_chain_info would be consistent with other metrics.
There was a problem hiding this comment.
Is implemeted in 84d73fc.
prober/tcp.go
Outdated
| Name: "probe_ssl_last_chain_info", | ||
| Help: "Contains SSL leaf certificate information", | ||
| }, | ||
| []string{"sha256"}, |
There was a problem hiding this comment.
sha256 is a bit vague
There was a problem hiding this comment.
Going to change it to fingerprint_sha256 or do you got something better in mind?
There was a problem hiding this comment.
That sounds good to me.
There was a problem hiding this comment.
Changed it in 92dfa8f
this change adds a new metric `probe_ssl_fingerprint_info` to both tcp and http probes. the metric always returns 1 similar to the tls version metric and contains the leaf certificates sha256 fingerprint (hex) as a label value. this change allows users to validate in prometheus if a particular certificate is being served. Signed-off-by: xinau <[email protected]>
|
Thanks! |
|
Thank you too. |
this change adds a new metric
probe_ssl_fingerprint_infoto both tcpand http probes. the metric always returns 1 similar to the tls version
metric and contains the leaf certificates sha256 fingerprint (hex) as a
label value.
this change allows users to validate in prometheus if a particular
certificate is being served.