From beff0ab1096500e111b3fb0cadd473e4b83d90eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Onur=20G=C3=BCzel?= Date: Fri, 19 Oct 2018 09:32:43 +0300 Subject: [PATCH] Add certificate distinguished name as a tags in x509_cert input (#4873) --- plugins/inputs/x509_cert/x509_cert.go | 31 ++++++++++++-- plugins/inputs/x509_cert/x509_cert_test.go | 50 ++++++++++++++++++++++ 2 files changed, 77 insertions(+), 4 deletions(-) diff --git a/plugins/inputs/x509_cert/x509_cert.go b/plugins/inputs/x509_cert/x509_cert.go index 45eddf3aab4d1..ba4708ea28d8d 100644 --- a/plugins/inputs/x509_cert/x509_cert.go +++ b/plugins/inputs/x509_cert/x509_cert.go @@ -4,6 +4,7 @@ package x509_cert import ( "crypto/tls" "crypto/x509" + "crypto/x509/pkix" "encoding/pem" "fmt" "io/ioutil" @@ -133,6 +134,31 @@ func getFields(cert *x509.Certificate, now time.Time) map[string]interface{} { return fields } +func getTags(subject pkix.Name, location string) map[string]string { + tags := map[string]string{ + "source": location, + "common_name": subject.CommonName, + } + + if len(subject.Organization) > 0 { + tags["organization"] = subject.Organization[0] + } + if len(subject.OrganizationalUnit) > 0 { + tags["organizational_unit"] = subject.OrganizationalUnit[0] + } + if len(subject.Country) > 0 { + tags["country"] = subject.Country[0] + } + if len(subject.Province) > 0 { + tags["province"] = subject.Province[0] + } + if len(subject.Locality) > 0 { + tags["locality"] = subject.Locality[0] + } + + return tags +} + // Gather adds metrics into the accumulator. func (c *X509Cert) Gather(acc telegraf.Accumulator) error { now := time.Now() @@ -143,12 +169,9 @@ func (c *X509Cert) Gather(acc telegraf.Accumulator) error { return fmt.Errorf("cannot get SSL cert '%s': %s", location, err.Error()) } - tags := map[string]string{ - "source": location, - } - for _, cert := range certs { fields := getFields(cert, now) + tags := getTags(cert.Subject, location) acc.AddFields("x509_cert", fields, tags) } diff --git a/plugins/inputs/x509_cert/x509_cert_test.go b/plugins/inputs/x509_cert/x509_cert_test.go index fc75bc8254003..a9bd805683e28 100644 --- a/plugins/inputs/x509_cert/x509_cert_test.go +++ b/plugins/inputs/x509_cert/x509_cert_test.go @@ -184,6 +184,56 @@ func TestGatherLocal(t *testing.T) { } } +func TestGatherChain(t *testing.T) { + cert := fmt.Sprintf("%s\n%s", pki.ReadServerCert(), pki.ReadCACert()) + + tests := []struct { + name string + content string + error bool + }{ + {name: "chain certificate", content: cert}, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + f, err := ioutil.TempFile("", "x509_cert") + if err != nil { + t.Fatal(err) + } + + _, err = f.Write([]byte(test.content)) + if err != nil { + t.Fatal(err) + } + + err = f.Close() + if err != nil { + t.Fatal(err) + } + + defer os.Remove(f.Name()) + + sc := X509Cert{ + Sources: []string{f.Name()}, + } + + error := false + + acc := testutil.Accumulator{} + err = sc.Gather(&acc) + if err != nil { + error = true + } + + if error != test.error { + t.Errorf("%s", err) + } + }) + } + +} + func TestStrings(t *testing.T) { sc := X509Cert{}