Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New component: X.509 Certificate Monitoring #33215

Open
2 tasks
LucaLanziani opened this issue May 24, 2024 · 5 comments
Open
2 tasks

New component: X.509 Certificate Monitoring #33215

LucaLanziani opened this issue May 24, 2024 · 5 comments
Labels
Accepted Component New component has been sponsored

Comments

@LucaLanziani
Copy link
Contributor

LucaLanziani commented May 24, 2024

The purpose and use-cases of the new component

This will be a receiver based on the telegraf x509cert plugin code following their license requirement and build and interface on top of it to match the collector interface.

Example configuration for the component

receivers:
  x509cert:
    sources:
      - "tcp://example.org:443"
      - "/etc/kubernetes/pki/etcd/peer.crt"
    timeout: "5s"
    exclude_root_certs: false
    use_proxy: true
    proxy_url: "http://localhost:8888"
    server_name: "myname.example.com"
    # tls:
    #   insecure: false
    #   ca_file: server.crt
    #   cert_file: client.crt
    #   key_file: client.key
    #   min_version: "1.1"
    #   max_version: "1.2"

Telemetry data types supported

For each certificate in the sources list we will extract all properties of the certificate and use the remaining validity duration in seconds as value.

Metric #0
Descriptor:
     -> Name: x509_cert
     -> Description: 
     -> Unit: 
     -> DataType: Gauge
NumberDataPoints #0
Data point attributes:
     -> startdate: Str(1706572800)
     -> serial_number: Str(75bcef30689c8addf13e51af4afe187)
     -> signature_algorithm: Str(SHA256-RSA)
     -> organization: Str(Internet Corporation for Assigned Names and Numbers)
     -> province: Str(California)
     -> locality: Str(Los Angeles)
     -> ocsp_verified: Str(yes)
     -> ocsp_produced_at: Str(1716394018)
     -> issuer_serial_number: Str()
     -> san: Str(www.example.org,example.net,example.edu,example.com,example.org,www.example.com,www.example.edu,www.example.net)
     -> verification: Str(valid)
     -> ocsp_stapled: Str(yes)
     -> ocsp_status: Str(good)
     -> ocsp_this_update: Str(1716393062)
     -> verification_code: Str(0)
     -> enddate: Str(1740873599)
     -> source: Str(tcp://example.org:443)
     -> common_name: Str(www.example.org)
     -> country: Str(US)
     -> type: Str(leaf)
     -> ocsp_status_code: Str(0)
     -> issuer_common_name: Str(DigiCert Global G2 TLS RSA SHA256 2020 CA1)
     -> ocsp_next_update: Str(1716994262)
     -> public_key_algorithm: Str(RSA)
StartTimestamp: 1970-01-01 00:00:00 +0000 UTC
Timestamp: 2024-05-24 09:48:58.247835279 +0000 UTC
Value: 24329460

Is this a vendor-specific component?

  • This is a vendor-specific component
  • If this is a vendor-specific component, I am proposing to contribute and support it as a representative of the vendor.

Code Owner(s)

LucaLanziani, zimny

Sponsor (optional)

@atoulme

Additional context

No response

@LucaLanziani LucaLanziani added needs triage New item requiring triage Sponsor Needed New component seeking sponsor labels May 24, 2024
@atoulme
Copy link
Contributor

atoulme commented May 30, 2024

Will you be using a scraper approach for this? Did you build a metadata.yaml? Would you please share it?

Which attributes do you want always enabled? Are attributes based off the fields of the cert?

@LucaLanziani
Copy link
Contributor Author

Yes the software will scrape, the implementation is pretty much the same of telegraf and you can find it here.

The plan as I said is to wrap their code and include their license, we have a first implementation ready but it's not based on this repo but built following https://opentelemetry.io/docs/collector/building/receiver/.

If there is interest we will change the code and add the metadata.yaml

Copy link
Contributor

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

@zimny
Copy link

zimny commented Aug 23, 2024

We're still looking for sponsors here!

@atoulme
Copy link
Contributor

atoulme commented Oct 11, 2024

alright, happy to be the sponsor.

@atoulme atoulme added Accepted Component New component has been sponsored and removed Sponsor Needed New component seeking sponsor needs triage New item requiring triage labels Oct 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Accepted Component New component has been sponsored
Projects
None yet
Development

No branches or pull requests

3 participants