Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add additional tags for x509 Input Plugin #6686

Merged
merged 5 commits into from
Nov 26, 2019
Merged

Add additional tags for x509 Input Plugin #6686

merged 5 commits into from
Nov 26, 2019

Conversation

lawliet89
Copy link
Contributor

@lawliet89 lawliet89 commented Nov 20, 2019
edited
Loading

Required for all PRs:

  • Signed CLA.
  • Associated README.md updated.
  • Has appropriate unit tests.

Fixes #6685

danielnelson
danielnelson suggested changes Nov 22, 2019
View reviewed changes
plugins/inputs/x509_cert/x509_cert.go Outdated
@@ -129,10 +139,15 @@ func getFields(cert *x509.Certificate, now time.Time) map[string]interface{} {
return fields
}

func getTags(subject pkix.Name, location string) map[string]string {
func (c *X509Cert) getTags(cert *x509.Certificate, location string) map[string]string {
subject := cert.Subject
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick, just get cert.Subject.CommonName on line 147 without creating a local variable.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

subject is used in more than one place, but I've removed the local variable.

plugins/inputs/x509_cert/x509_cert.go
"common_name": subject.CommonName,
"source": location,
"common_name": subject.CommonName,
"serial_number": cert.SerialNumber.Text(16),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How large is the serial_number? Can you add unit tests with examples of all the data used by these changes?

Also, how does this compare to the cert.Subject.SerialNumber?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The certificate serial number is at most 20 bytes and this will be at most 40 Hex characters. This is supposed to be unique per CA.

On the other hand, based on what I know, cert.Subject.SerialNumber is an optional serial number that the public key owner can include. It's probably not as useful to disambiguate certificates than the certificate serial.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added a new test.

etc/telegraf.conf Outdated
# # include_san = false
# ## Separator between each SAN in tag
# # san_separator = ","
#
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you undo this file, we will take care of it afterwards. We usually just update this once before release to avoid conflicts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

plugins/inputs/x509_cert/x509_cert.go Outdated
## Include Certificate SAN in tag
# include_san = false
## Separator between each SAN in tag
# san_separator = ","
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's remove all of these options, the plugin user can use tagexclude/taginclude instead. On the SAN separator we can just always use ,, I think there is little reason to modify it but I suppose it could be done with a processor, and comma is consistent with our other uses.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. I have removed them.

@danielnelson danielnelson added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Nov 22, 2019
@danielnelson danielnelson merged commit 6eb2197 into influxdata:master Nov 26, 2019
@lawliet89 lawliet89 deleted the x509-tags branch November 27, 2019 03:15
athoune pushed a commit to bearstech/telegraf that referenced this pull request Apr 17, 2020
@lawliet89
Add additional tags for x509 Input Plugin (influxdata#6686)
359c4f6
idohalevi pushed a commit to idohalevi/telegraf that referenced this pull request Sep 29, 2020
@lawliet89
Add additional tags for x509 Input Plugin (influxdata#6686)
b6f719d
arstercz pushed a commit to arstercz/telegraf that referenced this pull request Mar 5, 2023
@lawliet89 @danielnelson
Add additional tags for x509 Input Plugin (influxdata#6686)
bb25704
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danielnelson danielnelson danielnelson approved these changes

Assignees
No one assigned
Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add additional tags/labels for x509 input metrics
2 participants
@lawliet89 @danielnelson