Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add exclude_root_certs option to x509_cert plugin #9822

Merged
merged 4 commits into from
Dec 22, 2021
Merged

feat: add exclude_root_certs option to x509_cert plugin #9822

merged 4 commits into from
Dec 22, 2021

Conversation

jjh74
Copy link
Contributor

@jjh74 jjh74 commented Sep 26, 2021

Required for all PRs:

  • Updated associated README.md.
  • Wrote appropriate unit tests.
  • Pull request title or commits are in conventional commit format (e.g. feat: or fix:)

resolves #9427

This PR adds exclude_root_certs configuration option(defaults to false) to x509_cert plugin. When exclude_root_certs is true then x509_cert doesn't add metrics for root (and intermediate) certs.

[[inputs.x509_cert]]
  sources = [ "https://www.influxdata.com:443" ]
  exclude_root_certs = false

outputs:

> x509_cert,common_name=sni.cloudflaressl.com,country=US,host=hidden,issuer_common_name=Cloudflare\ Inc\ ECC\ CA-3,locality=San\ Francisco,organization=Cloudflare\,\ Inc.,province=California,public_key_algorithm=ECDSA,san=www.influxdata.com\,sni.cloudflaressl.com,serial_number=f0e13e9cfe14710ee2e23d4f7255351,signature_algorithm=ECDSA-SHA256,source=https://www.influxdata.com:443,verification=valid age=13523310i,enddate=1650671999i,expiry=18012688i,startdate=1619136000i,verification_code=0i 1632659310000000000
> x509_cert,common_name=Cloudflare\ Inc\ ECC\ CA-3,country=US,host=hidden,issuer_common_name=Baltimore\ CyberTrust\ Root,organization=Cloudflare\,\ Inc.,public_key_algorithm=ECDSA,serial_number=a3787645e5fb48c224efd1bed140c3c,signature_algorithm=SHA256-RSA,source=https://www.influxdata.com:443,verification=valid age=52530022i,enddate=1735689599i,expiry=103030288i,startdate=1580129288i,verification_code=0i 1632659310000000000

and with exclude_root_certs = true:

> x509_cert,common_name=sni.cloudflaressl.com,country=US,host=hidden,issuer_common_name=Cloudflare\ Inc\ ECC\ CA-3,locality=San\ Francisco,organization=Cloudflare\,\ Inc.,province=California,public_key_algorithm=ECDSA,san=www.influxdata.com\,sni.cloudflaressl.com,serial_number=f0e13e9cfe14710ee2e23d4f7255351,signature_algorithm=ECDSA-SHA256,source=https://www.influxdata.com:443,verification=valid age=13523402i,enddate=1650671999i,expiry=18012596i,startdate=1619136000i,verification_code=0i 1632659402000000000

@telegraf-tiger telegraf-tiger bot added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Sep 26, 2021
@jjh74 jjh74 mentioned this pull request Sep 26, 2021
Closed
@jjh74 jjh74 changed the title feat: add exclude_toot_certs option to x509_cert plugin feat: add exclude_root_certs option to x509_cert plugin Dec 17, 2021
@jjh74
Copy link
Contributor Author

jjh74 commented Dec 17, 2021

Hi,
@srebhan do you have time to take a look if this PR is ok ?

srebhan
srebhan reviewed Dec 20, 2021
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jjh74 I'm not an expert in x509 and cannot judge if your approach is sound. I only checked the code style/structure...
I have one comment regarding your test. Furthermore, please resolve the merge conflict.

@sspaink or @powersj can you maybe take a look at this PR?

plugins/inputs/x509_cert/x509_cert_test.go Outdated Show resolved Hide resolved
srebhan
srebhan approved these changes Dec 22, 2021
View reviewed changes
Copy link
Member

@srebhan srebhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Thanks for contributing this PR @jjh74!

@srebhan srebhan self-assigned this Dec 22, 2021
@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label Dec 22, 2021
@telegraf-tiger
Copy link
Contributor

☺️ This pull request doesn't significantly change the Telegraf binary size (less than 1%)

📦 Looks like new artifacts were built from this PR.

Expand this list to get them here ! 🐯

Artifact URLs

DEB RPM TAR GZ ZIP
amd64.deb aarch64.rpm darwin_amd64.tar.gz windows_amd64.zip
arm64.deb armel.rpm darwin_arm64.tar.gz windows_i386.zip
armel.deb armv6hl.rpm freebsd_amd64.tar.gz
armhf.deb i386.rpm freebsd_armv7.tar.gz
i386.deb ppc64le.rpm freebsd_i386.tar.gz
mips.deb s390x.rpm linux_amd64.tar.gz
mipsel.deb x86_64.rpm linux_arm64.tar.gz
ppc64el.deb linux_armel.tar.gz
s390x.deb linux_armhf.tar.gz
linux_i386.tar.gz
linux_mips.tar.gz
linux_mipsel.tar.gz
linux_ppc64le.tar.gz
linux_s390x.tar.gz
static_linux_amd64.tar.gz

@powersj powersj merged commit e906698 into influxdata:master Dec 22, 2021
powersj pushed a commit to powersj/telegraf that referenced this pull request Jan 21, 2022
@jjh74 @powersj
feat: add exclude_root_certs option to x509_cert plugin (influxdata#9822
c80c2be 
)
This was referenced Nov 16, 2022
Closed
Closed
@jjh74 jjh74 deleted the issue_9427 branch February 9, 2023 18:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srebhan srebhan srebhan approved these changes

@powersj powersj powersj approved these changes

Assignees

@srebhan srebhan

Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

x509 do not gather information about cross-certs and root-certs
3 participants
@jjh74 @powersj @srebhan