diff --git a/internal/cert/cert.go b/internal/cert/cert.go index 5b27873..46b37ee 100644 --- a/internal/cert/cert.go +++ b/internal/cert/cert.go @@ -21,7 +21,6 @@ type Metrics struct { EvaluatedAt time.Time SecondsSinceIssued int SecondsUntilExpires int - CaName string Tags map[string]string } @@ -31,27 +30,27 @@ func (m Metrics) Output() string { if len(m.Tags) > 0 { buf := bytes.Buffer{} separator := "" - for _, value := range m.Tags { - fmt.Fprintf(&buf, "%s", value) + for tag, value := range m.Tags { + fmt.Fprintf(&buf, "%s%s=\"%s\"", separator, tag, value) if separator == "" { separator = ", " } } - tags = fmt.Sprintf(".%s", buf.String()) + tags = fmt.Sprintf("{%s}", buf.String()) } lines := []string{ "# HELP cert_days_left number of days until certificate expires. Expired certificates produce negative numbers.", "# TYPE cert_days_left gauge", - fmt.Sprintf("cert_days_left%s;ca=\"%s\" %f %d", tags, m.CaName, float64(m.SecondsUntilExpires)/secondsToDays, epoch), + fmt.Sprintf("cert_days_left%s %f %d", tags, float64(m.SecondsUntilExpires)/secondsToDays, epoch), "# HELP cert_seconds_left number of seconds until certificate expires. Expired certificates produce negative numbers.", "# TYPE cert_seconds_left gauge", - fmt.Sprintf("cert_seconds_left%s;ca=\"%s\" %d %d", tags, m.CaName, m.SecondsUntilExpires, epoch), + fmt.Sprintf("cert_seconds_left%s %d %d", tags, m.SecondsUntilExpires, epoch), "# HELP cert_issued_days total number of days since certificate was issued.", "# TYPE cert_issued_days counter", - fmt.Sprintf("cert_issued_days%s;ca=\"%s\" %f %d", tags, m.CaName, float64(m.SecondsSinceIssued)/secondsToDays, epoch), + fmt.Sprintf("cert_issued_days%s %f %d", tags, float64(m.SecondsSinceIssued)/secondsToDays, epoch), "# HELP cert_issued_seconds total number of seconds since the certificate was issued.", "# TYPE cert_issued_seconds counter", - fmt.Sprintf("cert_issued_seconds%s;ca=\"%s\" %d %d", tags, m.CaName, m.SecondsSinceIssued, epoch), + fmt.Sprintf("cert_issued_seconds%s %d %d", tags, m.SecondsSinceIssued, epoch), } return strings.Join(lines, "\n") } @@ -61,7 +60,6 @@ type Config struct { // Now provider defaults to time.Now() when not provided Now func() time.Time ServerName string - Influx bool } // CollectMetrics Loads a certificate at a particular location and @@ -78,15 +76,7 @@ func CollectMetrics(ctx context.Context, path string, cfg Config) (Metrics, erro if err != nil { return metrics, err } - - if cfg.Influx { - // InfluxDB does not support * and . in metrics - fixStar := strings.Replace(cert.Subject.CommonName, "*", "STAR", 1) - fixDot := strings.ReplaceAll(fixStar, ".", "_") - metrics.Tags = map[string]string{"subject": fixDot} - } else { - metrics.Tags = map[string]string{"subject": cert.Subject.CommonName} - } + metrics.Tags = map[string]string{"subject": cert.Subject.CommonName, "ca": strings.Join(cert.Issuer.Organization, "")} if cfg.ServerName != "" { if err := cert.VerifyHostname(cfg.ServerName); err != nil { @@ -98,7 +88,6 @@ func CollectMetrics(ctx context.Context, path string, cfg Config) (Metrics, erro metrics.EvaluatedAt = now metrics.SecondsSinceIssued = int(now.Sub(cert.NotBefore).Seconds()) metrics.SecondsUntilExpires = int(cert.NotAfter.Sub(now).Seconds()) - metrics.CaName = strings.Join(cert.Issuer.Organization, "") return metrics, nil } diff --git a/internal/cert/cert_test.go b/internal/cert/cert_test.go index 1993e10..6cc27a3 100644 --- a/internal/cert/cert_test.go +++ b/internal/cert/cert_test.go @@ -64,6 +64,7 @@ func TestCollectMetricsFromFile(t *testing.T) { SecondsUntilExpires: int(duration.Seconds()), Tags: map[string]string{ "subject": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, { @@ -85,6 +86,7 @@ func TestCollectMetricsFromFile(t *testing.T) { Tags: map[string]string{ "subject": "imposter.sensu.io", "servername": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, { @@ -107,6 +109,7 @@ func TestCollectMetricsFromFile(t *testing.T) { SecondsUntilExpires: int((-1 * time.Hour).Seconds()), Tags: map[string]string{ "subject": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, @@ -221,6 +224,7 @@ func TestCollectMetricsFromTLS(t *testing.T) { SecondsUntilExpires: int(duration.Seconds()), Tags: map[string]string{ "subject": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, { @@ -234,6 +238,7 @@ func TestCollectMetricsFromTLS(t *testing.T) { SecondsUntilExpires: int(-1 * time.Hour.Seconds()), Tags: map[string]string{ "subject": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, { @@ -255,6 +260,7 @@ func TestCollectMetricsFromTLS(t *testing.T) { Tags: map[string]string{ "subject": "imposter.sensu.io", "servername": "imposter.sensu.io", + "ca": "Sumo Logic Inc", }, }, }, { @@ -279,6 +285,7 @@ func TestCollectMetricsFromTLS(t *testing.T) { Tags: map[string]string{ "servername": "local.test", "subject": "local.test", + "ca": "Sumo Logic Inc", }, }, }, { diff --git a/internal/cert/metrics_test.go b/internal/cert/metrics_test.go index b5620ed..3be5966 100644 --- a/internal/cert/metrics_test.go +++ b/internal/cert/metrics_test.go @@ -19,16 +19,16 @@ func TestMetricsOutput(t *testing.T) { expected := `# HELP cert_days_left number of days until certificate expires. Expired certificates produce negative numbers. # TYPE cert_days_left gauge -cert_days_left;ca="" 0.023148 42000 +cert_days_left 0.023148 42000 # HELP cert_seconds_left number of seconds until certificate expires. Expired certificates produce negative numbers. # TYPE cert_seconds_left gauge -cert_seconds_left;ca="" 2000 42000 +cert_seconds_left 2000 42000 # HELP cert_issued_days total number of days since certificate was issued. # TYPE cert_issued_days counter -cert_issued_days;ca="" 0.001157 42000 +cert_issued_days 0.001157 42000 # HELP cert_issued_seconds total number of seconds since the certificate was issued. # TYPE cert_issued_seconds counter -cert_issued_seconds;ca="" 100 42000` +cert_issued_seconds 100 42000` if actual != expected { t.Errorf("Unexpected output. Wanted:\n%s\n Got:\n%s", expected, actual) } @@ -45,16 +45,16 @@ func TestMetricsOutputServerName(t *testing.T) { expected := `# HELP cert_days_left number of days until certificate expires. Expired certificates produce negative numbers. # TYPE cert_days_left gauge -cert_days_left.sensu.io;ca="" 0.023148 42000 +cert_days_left{servername="sensu.io"} 0.023148 42000 # HELP cert_seconds_left number of seconds until certificate expires. Expired certificates produce negative numbers. # TYPE cert_seconds_left gauge -cert_seconds_left.sensu.io;ca="" 2000 42000 +cert_seconds_left{servername="sensu.io"} 2000 42000 # HELP cert_issued_days total number of days since certificate was issued. # TYPE cert_issued_days counter -cert_issued_days.sensu.io;ca="" 0.001157 42000 +cert_issued_days{servername="sensu.io"} 0.001157 42000 # HELP cert_issued_seconds total number of seconds since the certificate was issued. # TYPE cert_issued_seconds counter -cert_issued_seconds.sensu.io;ca="" 100 42000` +cert_issued_seconds{servername="sensu.io"} 100 42000` if actual != expected { t.Errorf("Unexpected output. Wanted:\n%s\n Got:\n%s", expected, actual) } diff --git a/main.go b/main.go index aca9b4e..bbcc389 100644 --- a/main.go +++ b/main.go @@ -16,7 +16,6 @@ type Config struct { sensu.PluginConfig Cert string ServerName string - Influx bool } var ( @@ -45,15 +44,6 @@ var ( Usage: "optional TLS servername extension argument", Value: &plugin.ServerName, }, - &sensu.PluginConfigOption[bool]{ - Path: "influx", - Env: "INFLUX_FORMAT", - Argument: "influx", - Shorthand: "i", - Default: false, - Usage: "optional Influx format output", - Value: &plugin.Influx, - }, } ) @@ -87,7 +77,7 @@ func executeCheck(event *corev2.Event) (int, error) { ctx, cancel = context.WithTimeout(ctx, time.Second*time.Duration(plugin.Timeout)) defer cancel() } - metrics, err := cert.CollectMetrics(ctx, plugin.Cert, cert.Config{ServerName: plugin.ServerName, Influx: plugin.Influx}) + metrics, err := cert.CollectMetrics(ctx, plugin.Cert, cert.Config{ServerName: plugin.ServerName}) if err != nil { fmt.Printf("cert-checks failed with error: %s\n", err.Error()) return sensu.CheckStateCritical, nil