initial commit of tlscheckreceiver

open-telemetry · Sep 26, 2024 · 2ebf9ee · 2ebf9ee
1 parent 568ada3
commit 2ebf9ee
Show file tree

Hide file tree

Showing 27 changed files with 1,178 additions and 2 deletions.
diff --git a/.chloggen/tlscheckreceiver-addition.yaml b/.chloggen/tlscheckreceiver-addition.yaml
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: new_component
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: tlscheckreceiver
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add TLS Check Receiver component to monitor x.509 certificate expiry
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [35423]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -289,6 +289,7 @@ body:
       - receiver/statsd
       - receiver/syslog
       - receiver/tcplog
+      - receiver/tlscheck
       - receiver/udplog
       - receiver/vcenter
       - receiver/wavefront

diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml
@@ -283,6 +283,7 @@ body:
       - receiver/statsd
       - receiver/syslog
       - receiver/tcplog
+      - receiver/tlscheck
       - receiver/udplog
       - receiver/vcenter
       - receiver/wavefront

diff --git a/.github/ISSUE_TEMPLATE/other.yaml b/.github/ISSUE_TEMPLATE/other.yaml
@@ -283,6 +283,7 @@ body:
       - receiver/statsd
       - receiver/syslog
       - receiver/tcplog
+      - receiver/tlscheck
       - receiver/udplog
       - receiver/vcenter
       - receiver/wavefront

diff --git a/.github/ISSUE_TEMPLATE/unmaintained.yaml b/.github/ISSUE_TEMPLATE/unmaintained.yaml
@@ -288,6 +288,7 @@ body:
       - receiver/statsd
       - receiver/syslog
       - receiver/tcplog
+      - receiver/tlscheck
       - receiver/udplog
       - receiver/vcenter
       - receiver/wavefront

diff --git a/cmd/otelcontribcol/go.mod b/cmd/otelcontribcol/go.mod
@@ -4,7 +4,7 @@ module github.com/open-telemetry/opentelemetry-collector-contrib/cmd/otelcontrib
 
 go 1.22.0
 
-toolchain go1.22.7
+toolchain go1.23.1
 
 require (
 	github.com/open-telemetry/opentelemetry-collector-contrib/confmap/provider/s3provider v0.110.0

diff --git a/cmd/oteltestbedcol/go.mod b/cmd/oteltestbedcol/go.mod
@@ -4,7 +4,7 @@ module github.com/open-telemetry/opentelemetry-collector-contrib/cmd/oteltestbed
 
 go 1.22.0
 
-toolchain go1.22.7
+toolchain go1.23.1
 
 require (
 	github.com/open-telemetry/opentelemetry-collector-contrib/exporter/carbonexporter v0.110.0

diff --git a/receiver/tlscheckreceiver/Makefile b/receiver/tlscheckreceiver/Makefile
@@ -0,0 +1 @@
+include ../../Makefile.Common
diff --git a/receiver/tlscheckreceiver/README.md b/receiver/tlscheckreceiver/README.md
@@ -0,0 +1,39 @@
+# TLS Check Receiver
+
+<!-- status autogenerated section -->
+| Status        |           |
+| ------------- |-----------|
+| Stability     | [development]: metrics   |
+| Distributions | [contrib] |
+| Issues        | [![Open issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aopen%20label%3Areceiver%2Ftlscheck%20&label=open&color=orange&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aopen+is%3Aissue+label%3Areceiver%2Ftlscheck) [![Closed issues](https://img.shields.io/github/issues-search/open-telemetry/opentelemetry-collector-contrib?query=is%3Aissue%20is%3Aclosed%20label%3Areceiver%2Ftlscheck%20&label=closed&color=blue&logo=opentelemetry)](https://github.com/open-telemetry/opentelemetry-collector-contrib/issues?q=is%3Aclosed+is%3Aissue+label%3Areceiver%2Ftlscheck) |
+| [Code Owners](https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/CONTRIBUTING.md#becoming-a-code-owner)    | [@michael-burt](https://www.github.com/michael-burt) |
+
+[development]: https://github.com/open-telemetry/opentelemetry-collector#development
+[contrib]: https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-contrib
+<!-- end autogenerated section -->
+
+Emit metrics about x.509 certificates.
+
+## Getting Started
+
+By default, the TLS Check Receiver will emit a single metric, `tlscheck.time_left`, per target. This is measured in seconds until the date and time specified in the `NotAfter` field of the x.509 certificate. 
+
+## Example Configuration
+
+```yaml
+receivers:
+  tlscheck:
+    targets:
+      - url: https://example.com
+      - url: https://foobar.com:8080
+```
+
+## Invalid Certificates and `tlscheck.time_left`
+
+If the certificate is expired, `tlscheck.time_left` will be `0` and the `tlscheck.x509_isvalid` attribute will be `false`.
+
+If the date and time specified in the `NotBefore` field of the x.509 certificate has not yet occurred, `tlscheck.time_left` will be reported as a positive integer and `tlscheck.x509_isvalid` attribute will be `false`.
+
+## Metrics
+
+Details about the metrics produced by this receiver can be found in [metadata.yaml](./metadata.yaml).
diff --git a/receiver/tlscheckreceiver/config.go b/receiver/tlscheckreceiver/config.go
@@ -0,0 +1,63 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver"
+
+import (
+	"errors"
+	"fmt"
+	"net/url"
+
+	"go.opentelemetry.io/collector/receiver/scraperhelper"
+	"go.uber.org/multierr"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver/internal/metadata"
+)
+
+// Predefined error responses for configuration validation failures
+var (
+	errMissingUrl = errors.New(`"url" must be specified`)
+	errInvalidUrl = errors.New(`"url" must be in the form of <scheme>://<hostname>[:<port>]`)
+)
+
+// Config defines the configuration for the various elements of the receiver agent.
+type Config struct {
+	scraperhelper.ControllerConfig `mapstructure:",squash"`
+	metadata.MetricsBuilderConfig  `mapstructure:",squash"`
+	Targets                        []*targetConfig `mapstructure:"targets"`
+}
+
+type targetConfig struct {
+	Url string `mapstructure:"url"`
+}
+
+// Validate validates the configuration by checking for missing or invalid fields
+func (cfg *targetConfig) Validate() error {
+	var err error
+
+	if cfg.Url == "" {
+		err = multierr.Append(err, errMissingUrl)
+	} else {
+		_, parseErr := url.ParseRequestURI(cfg.Url)
+		if parseErr != nil {
+			err = multierr.Append(err, fmt.Errorf("%s: %w", errInvalidUrl.Error(), parseErr))
+		}
+	}
+
+	return err
+}
+
+// Validate validates the configuration by checking for missing or invalid fields
+func (cfg *Config) Validate() error {
+	var err error
+
+	if len(cfg.Targets) == 0 {
+		err = multierr.Append(err, errors.New("no urls configured"))
+	}
+
+	for _, target := range cfg.Targets {
+		err = multierr.Append(err, target.Validate())
+	}
+
+	return err
+}
diff --git a/receiver/tlscheckreceiver/config_test.go b/receiver/tlscheckreceiver/config_test.go
@@ -0,0 +1,106 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver"
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+	"go.opentelemetry.io/collector/receiver/scraperhelper"
+	"go.uber.org/multierr"
+)
+
+func TestValidate(t *testing.T) {
+	testCases := []struct {
+		desc        string
+		cfg         *Config
+		expectedErr error
+	}{
+		{
+			desc: "missing url",
+			cfg: &Config{
+				Targets:          []*targetConfig{},
+				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
+			},
+			expectedErr: multierr.Combine(
+				errMissingEndpoint,
+			),
+		},
+		{
+			desc: "invalid url",
+			cfg: &Config{
+				Targets: []*targetConfig{
+					{
+						Url: "invalid://endpoint:  12efg",
+					},
+				},
+				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
+			},
+			expectedErr: multierr.Combine(
+				fmt.Errorf("%w: %s", errInvalidEndpoint, `parse "invalid://endpoint:  12efg": invalid port ":  12efg" after host`),
+			),
+		},
+		{
+			desc: "invalid config with multiple targets",
+			cfg: &Config{
+				Targets: []*targetConfig{
+					{
+						Url: "invalid://endpoint:  12efg",
+					},
+					{
+						Url: "https://example.com",
+					},
+				},
+				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
+			},
+			expectedErr: multierr.Combine(
+				fmt.Errorf("%w: %s", errInvalidEndpoint, `parse "invalid://endpoint:  12efg": invalid port ":  12efg" after host`),
+			),
+		},
+		{
+			desc: "missing scheme",
+			cfg: &Config{
+				Targets: []*targetConfig{
+					{
+						{
+							Url: "www.opentelemetry.io/docs",
+						},
+					},
+				},
+				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
+			},
+			expectedErr: multierr.Combine(
+				fmt.Errorf("%w: %s", errInvalidEndpoint, `parse "www.opentelemetry.io/docs": invalid URI for request`),
+			),
+		},
+		{
+			desc: "valid config",
+			cfg: &Config{
+				Targets: []*targetConfig{
+					{
+						Url: "https://opentelemetry.io",
+					},
+					{
+						Url: "https://opentelemetry.io:80/docs",
+					},
+				},
+				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
+			},
+			expectedErr: nil,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.desc, func(t *testing.T) {
+			actualErr := tc.cfg.Validate()
+			if tc.expectedErr != nil {
+				require.EqualError(t, actualErr, tc.expectedErr.Error())
+			} else {
+				require.NoError(t, actualErr)
+			}
+
+		})
+	}
+}
diff --git a/receiver/tlscheckreceiver/doc.go b/receiver/tlscheckreceiver/doc.go
@@ -0,0 +1,6 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+//go:generate mdatagen metadata.yaml
+
+package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver"
diff --git a/receiver/tlscheckreceiver/documentation.md b/receiver/tlscheckreceiver/documentation.md
@@ -0,0 +1,30 @@
+[comment]: <> (Code generated by mdatagen. DO NOT EDIT.)
+
+# tlscheck
+
+## Default Metrics
+
+The following metrics are emitted by default. Each of them can be disabled by applying the following configuration:
+
+```yaml
+metrics:
+  <metric_name>:
+    enabled: false
+```
+
+### tlscheck.time_left
+
+Time in seconds until certificate expiry, as specified by `NotAfter` field in the x.509 certificate.
+
+| Unit | Metric Type | Value Type |
+| ---- | ----------- | ---------- |
+| s | Gauge | Int |
+
+#### Attributes
+
+| Name | Description | Values |
+| ---- | ----------- | ------ |
+| tlscheck.x509_subject | The entity that the certificate belongs to. | Any Str |
+| tlscheck.x509_issuer | The entity that issued the certificate, typically a Certificate Authority (CA). | Any Str |
+| tlscheck.x509_isvalid | Is the certificate chain valid. | Any Bool |
+| tlscheck.url | Url at which the certificate was accessed. | Any Str |
diff --git a/receiver/tlscheckreceiver/factory.go b/receiver/tlscheckreceiver/factory.go
@@ -0,0 +1,54 @@
+// Copyright The OpenTelemetry Authors
+// SPDX-License-Identifier: Apache-2.0
+
+package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver"
+
+import (
+	"context"
+
+	"go.opentelemetry.io/collector/component"
+	"go.opentelemetry.io/collector/consumer"
+	"go.opentelemetry.io/collector/receiver"
+	"go.opentelemetry.io/collector/receiver/scraperhelper"
+
+	"github.com/open-telemetry/opentelemetry-collector-contrib/receiver/tlscheckreceiver/internal/metadata"
+)
+
+// NewFactory creates a new filestats receiver factory.
+func NewFactory() receiver.Factory {
+	return receiver.NewFactory(
+		metadata.Type,
+		newDefaultConfig,
+		receiver.WithMetrics(newReceiver, metadata.MetricsStability))
+}
+
+func newDefaultConfig() component.Config {
+	return &Config{
+		ControllerConfig:     scraperhelper.NewDefaultControllerConfig(),
+		MetricsBuilderConfig: metadata.DefaultMetricsBuilderConfig(),
+		Targets:              []*targetConfig{},
+	}
+}
+
+func newReceiver(
+	_ context.Context,
+	settings receiver.Settings,
+	cfg component.Config,
+	consumer consumer.Metrics,
+) (receiver.Metrics, error) {
+	tlsCheckConfig := cfg.(*Config)
+
+	mp := newScraper(tlsCheckConfig, settings)
+	s, err := scraperhelper.NewScraper(metadata.Type, mp.scrape)
+	if err != nil {
+		return nil, err
+	}
+	opt := scraperhelper.AddScraper(s)
+
+	return scraperhelper.NewScraperControllerReceiver(
+		&tlsCheckConfig.ControllerConfig,
+		settings,
+		consumer,
+		opt,
+	)
+}