mirror of https://github.com/hashicorp/consul
49 lines
1.3 KiB
Go
49 lines
1.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package agent
|
|
|
|
import (
|
|
"crypto/x509"
|
|
"fmt"
|
|
"time"
|
|
|
|
"github.com/armon/go-metrics/prometheus"
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/hashicorp/consul/agent/consul"
|
|
"github.com/hashicorp/consul/tlsutil"
|
|
)
|
|
|
|
var CertExpirationGauges = []prometheus.GaugeDefinition{
|
|
{
|
|
Name: metricsKeyAgentTLSCertExpiry,
|
|
Help: "Seconds until the agent tls certificate expires. Updated every hour",
|
|
},
|
|
}
|
|
|
|
var metricsKeyAgentTLSCertExpiry = []string{"agent", "tls", "cert", "expiry"}
|
|
|
|
// tlsCertExpirationMonitor returns a CertExpirationMonitor which will
|
|
// monitor the expiration of the certificate used for agent TLS.
|
|
func tlsCertExpirationMonitor(c *tlsutil.Configurator, logger hclog.Logger) consul.CertExpirationMonitor {
|
|
return consul.CertExpirationMonitor{
|
|
Key: metricsKeyAgentTLSCertExpiry,
|
|
Logger: logger,
|
|
Query: func() (time.Duration, time.Duration, error) {
|
|
raw := c.Cert()
|
|
if raw == nil {
|
|
return 0, 0, fmt.Errorf("tls not enabled")
|
|
}
|
|
|
|
cert, err := x509.ParseCertificate(raw.Certificate[0])
|
|
if err != nil {
|
|
return 0, 0, fmt.Errorf("failed to parse agent tls cert: %w", err)
|
|
}
|
|
|
|
lifetime := time.Since(cert.NotBefore) + time.Until(cert.NotAfter)
|
|
return lifetime, time.Until(cert.NotAfter), nil
|
|
},
|
|
}
|
|
}
|