From 896d4a172efaa3fec28f7b1dda9244d7c5ba9d82 Mon Sep 17 00:00:00 2001 From: Foivos Filippopoulos Date: Tue, 12 Jan 2021 14:51:20 +0000 Subject: [PATCH] Remove endpoint address from metrics due to security concerns --- metrics.go | 9 ++------- metrics_test.go | 6 +++--- 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/metrics.go b/metrics.go index fb50838..9b32501 100644 --- a/metrics.go +++ b/metrics.go @@ -38,7 +38,7 @@ func newMetricsCollector(devices func() ([]*wgtypes.Device, error), lm *FileLeas PeerInfo: prometheus.NewDesc( "wiresteward_wg_peer_info", "Metadata about a peer. The public_key label on peer metrics refers to the peer's public key; not the device's public key.", - append(labels, []string{"endpoint", "username"}...), + append(labels, []string{"username"}...), nil, ), PeerAllowedIPsInfo: prometheus.NewDesc( @@ -112,18 +112,13 @@ func (c *collector) Collect(ch chan<- prometheus.Metric) { for _, p := range d.Peers { pub := p.PublicKey.String() - // Use empty string instead of special Go syntax for no endpoint. - var endpoint string - if p.Endpoint != nil { - endpoint = p.Endpoint.String() - } username := c.getUserFromPubKey(pub) ch <- prometheus.MustNewConstMetric( c.PeerInfo, prometheus.GaugeValue, 1, - d.Name, pub, endpoint, username, + d.Name, pub, username, ) for _, ip := range p.AllowedIPs { diff --git a/metrics_test.go b/metrics_test.go index 467cf22..4d8691d 100644 --- a/metrics_test.go +++ b/metrics_test.go @@ -98,9 +98,9 @@ func TestCollector(t *testing.T) { metrics: []string{ fmt.Sprintf(`wiresteward_wg_device_info{device="wg0",public_key="%v"} 1`, pubDevA.String()), fmt.Sprintf(`wiresteward_wg_device_info{device="wg1",public_key="%v"} 1`, pubDevB.String()), - fmt.Sprintf(`wiresteward_wg_peer_info{device="wg0",endpoint="1.1.1.1:51820",public_key="%v",username="%s"} 1`, pubPeerA.String(), userA), - fmt.Sprintf(`wiresteward_wg_peer_info{device="wg1",endpoint="",public_key="%v",username="%s"} 1`, pubPeerB.String(), userB), - fmt.Sprintf(`wiresteward_wg_peer_info{device="wg1",endpoint="",public_key="%v",username=""} 1`, pubPeerC.String()), + fmt.Sprintf(`wiresteward_wg_peer_info{device="wg0",public_key="%v",username="%s"} 1`, pubPeerA.String(), userA), + fmt.Sprintf(`wiresteward_wg_peer_info{device="wg1",public_key="%v",username="%s"} 1`, pubPeerB.String(), userB), + fmt.Sprintf(`wiresteward_wg_peer_info{device="wg1",public_key="%v",username=""} 1`, pubPeerC.String()), fmt.Sprintf(`wiresteward_wg_peer_allowed_ips_info{allowed_ips="10.0.0.1/32",device="wg0",public_key="%v",username="%s"} 1`, pubPeerA.String(), userA), fmt.Sprintf(`wiresteward_wg_peer_allowed_ips_info{allowed_ips="10.0.0.2/32",device="wg0",public_key="%v",username="%s"} 1`, pubPeerA.String(), userA), fmt.Sprintf(`wiresteward_wg_peer_allowed_ips_info{allowed_ips="10.0.0.3/32",device="wg1",public_key="%v",username="%s"} 1`, pubPeerB.String(), userB),