Skip to content

Commit 84e7ff5

Browse files
committed
chore(multirootca): replace deprecated go-metrics with prometheus
This _is_ a breaking change.
1 parent 6eb1640 commit 84e7ff5

File tree

672 files changed

+237544
-16385
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

672 files changed

+237544
-16385
lines changed

cmd/multirootca/api.go

Lines changed: 32 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,8 @@ import (
1313
"github.com/cloudflare/cfssl/log"
1414
"github.com/cloudflare/cfssl/signer"
1515
"github.com/cloudflare/cfssl/whitelist"
16-
metrics "github.com/cloudflare/go-metrics"
16+
"github.com/prometheus/client_golang/prometheus"
17+
"github.com/prometheus/client_golang/prometheus/promauto"
1718
)
1819

1920
// A SignatureResponse contains only a certificate, as there is no other
@@ -25,56 +26,36 @@ type SignatureResponse struct {
2526
type filter func(string, *signer.SignRequest) bool
2627

2728
var filters = map[string][]filter{}
29+
var (
30+
requests = promauto.NewCounterVec(
31+
prometheus.CounterOpts{
32+
Name: "requests_total",
33+
Help: "How many requests for each operation type and signer were succesfully processed.",
34+
},
35+
[]string{"operation", "signer"},
36+
)
37+
erroredRequests = promauto.NewCounterVec(
38+
prometheus.CounterOpts{
39+
Name: "requests_errored_total",
40+
Help: "How many requests for each operation type resulted in an error.",
41+
},
42+
[]string{"operation", "signer"},
43+
)
44+
badInputs = promauto.NewCounterVec(
45+
prometheus.CounterOpts{
46+
Name: "bad_inputs_total",
47+
Help: "How many times the input was malformed or not allowed.",
48+
},
49+
[]string{"operation"},
50+
)
51+
)
2852

29-
type signerStats struct {
30-
Counter metrics.Counter
31-
Rate metrics.Meter
32-
}
33-
34-
var stats struct {
35-
Registry metrics.Registry
36-
Requests map[string]signerStats
37-
TotalRequestRate metrics.Meter
38-
ErrorPercent metrics.GaugeFloat64
39-
ErrorRate metrics.Meter
40-
}
41-
42-
func initStats() {
43-
stats.Registry = metrics.NewRegistry()
44-
45-
stats.Requests = map[string]signerStats{}
46-
47-
// signers is defined in ca.go
48-
for k := range signers {
49-
stats.Requests[k] = signerStats{
50-
Counter: metrics.NewRegisteredCounter("requests:"+k, stats.Registry),
51-
Rate: metrics.NewRegisteredMeter("request-rate:"+k, stats.Registry),
52-
}
53-
}
54-
55-
stats.TotalRequestRate = metrics.NewRegisteredMeter("total-request-rate", stats.Registry)
56-
stats.ErrorPercent = metrics.NewRegisteredGaugeFloat64("error-percent", stats.Registry)
57-
stats.ErrorRate = metrics.NewRegisteredMeter("error-rate", stats.Registry)
58-
}
59-
60-
// incError increments the error count and updates the error percentage.
61-
func incErrors() {
62-
stats.ErrorRate.Mark(1)
63-
eCtr := float64(stats.ErrorRate.Count())
64-
rCtr := float64(stats.TotalRequestRate.Count())
65-
stats.ErrorPercent.Update(eCtr / rCtr * 100)
66-
}
67-
68-
// incRequests increments the request count and updates the error percentage.
69-
func incRequests() {
70-
stats.TotalRequestRate.Mark(1)
71-
eCtr := float64(stats.ErrorRate.Count())
72-
rCtr := float64(stats.TotalRequestRate.Count())
73-
stats.ErrorPercent.Update(eCtr / rCtr * 100)
74-
}
53+
const (
54+
signOperation = "sign"
55+
)
7556

7657
func fail(w http.ResponseWriter, req *http.Request, status, code int, msg, ad string) {
77-
incErrors()
58+
badInputs.WithLabelValues(signOperation).Inc()
7859

7960
if ad != "" {
8061
ad = " (" + ad + ")"
@@ -95,8 +76,6 @@ func fail(w http.ResponseWriter, req *http.Request, status, code int, msg, ad st
9576
}
9677

9778
func dispatchRequest(w http.ResponseWriter, req *http.Request) {
98-
incRequests()
99-
10079
if req.Method != "POST" {
10180
fail(w, req, http.StatusMethodNotAllowed, 1, "only POST is permitted", "")
10281
return
@@ -146,10 +125,7 @@ func dispatchRequest(w http.ResponseWriter, req *http.Request) {
146125
fail(w, req, http.StatusBadRequest, 1, "bad request", "request is for non-existent label "+sigRequest.Label)
147126
return
148127
}
149-
150-
stats.Requests[sigRequest.Label].Counter.Inc(1)
151-
stats.Requests[sigRequest.Label].Rate.Mark(1)
152-
128+
requests.WithLabelValues(signOperation, sigRequest.Label).Inc()
153129
// Sanity checks to ensure that we have a valid policy. This
154130
// should have been checked in NewAuthSignHandler.
155131
policy := s.Policy()
@@ -195,12 +171,14 @@ func dispatchRequest(w http.ResponseWriter, req *http.Request) {
195171

196172
cert, err := s.Sign(sigRequest)
197173
if err != nil {
174+
erroredRequests.WithLabelValues(signOperation, sigRequest.Label).Inc()
198175
fail(w, req, http.StatusBadRequest, 1, "bad request", "signature failed: "+err.Error())
199176
return
200177
}
201178

202179
x509Cert, err := helpers.ParseCertificatePEM(cert)
203180
if err != nil {
181+
erroredRequests.WithLabelValues(signOperation, sigRequest.Label).Inc()
204182
fail(w, req, http.StatusInternalServerError, 1, "bad certificate", err.Error())
205183
}
206184

@@ -219,22 +197,3 @@ func metricsDisallowed(w http.ResponseWriter, req *http.Request) {
219197
log.Warning("attempt to access metrics endpoint from external address ", req.RemoteAddr)
220198
http.NotFound(w, req)
221199
}
222-
223-
func dumpMetrics(w http.ResponseWriter, req *http.Request) {
224-
log.Info("whitelisted requested for metrics endpoint")
225-
var statsOut = struct {
226-
Metrics metrics.Registry `json:"metrics"`
227-
Signers []string `json:"signers"`
228-
}{stats.Registry, make([]string, 0, len(signers))}
229-
230-
for signer := range signers {
231-
statsOut.Signers = append(statsOut.Signers, signer)
232-
}
233-
234-
out, err := json.Marshal(statsOut)
235-
if err != nil {
236-
log.Errorf("failed to dump metrics: %v", err)
237-
}
238-
239-
w.Write(out)
240-
}

cmd/multirootca/ca.go

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ import (
1515
"github.com/cloudflare/cfssl/signer"
1616
"github.com/cloudflare/cfssl/signer/local"
1717
"github.com/cloudflare/cfssl/whitelist"
18+
"github.com/prometheus/client_golang/prometheus/promhttp"
1819

1920
_ "github.com/go-sql-driver/mysql" // import to support MySQL
2021
_ "github.com/lib/pq" // import to support Postgres
@@ -76,7 +77,6 @@ func main() {
7677
}
7778

7879
defaultLabel = *flagDefaultLabel
79-
initStats()
8080

8181
infoHandler, err := info.NewMultiHandler(signers, defaultLabel)
8282
if err != nil {
@@ -86,14 +86,10 @@ func main() {
8686
var localhost = whitelist.NewBasic()
8787
localhost.Add(net.ParseIP("127.0.0.1"))
8888
localhost.Add(net.ParseIP("::1"))
89-
metrics, err := whitelist.NewHandlerFunc(dumpMetrics, metricsDisallowed, localhost)
90-
if err != nil {
91-
log.Criticalf("failed to set up the metrics whitelist: %v", err)
92-
}
9389

9490
http.HandleFunc("/api/v1/cfssl/authsign", dispatchRequest)
9591
http.Handle("/api/v1/cfssl/info", infoHandler)
96-
http.Handle("/api/v1/cfssl/metrics", metrics)
92+
http.Handle("/metrics", promhttp.Handler())
9793

9894
if *flagEndpointCert == "" && *flagEndpointKey == "" {
9995
log.Info("Now listening on ", *flagAddr)

go.mod

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,6 @@ require (
77
github.com/GeertJohan/go.rice v1.0.0
88
github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261 // indirect
99
github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a
10-
github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41
1110
github.com/cloudflare/redoctober v0.0.0-20171127175943-746a508df14c
1211
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7 // indirect
1312
github.com/go-sql-driver/mysql v1.4.0
@@ -19,9 +18,8 @@ require (
1918
github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28 // indirect
2019
github.com/lib/pq v1.3.0
2120
github.com/mattn/go-sqlite3 v1.10.0
22-
github.com/pkg/errors v0.8.0 // indirect
21+
github.com/prometheus/client_golang v1.9.0
2322
github.com/stretchr/testify v1.4.0
24-
github.com/weppos/publicsuffix-go v0.13.0 // indirect
2523
github.com/ziutek/mymysql v1.5.4 // indirect
2624
github.com/zmap/zcrypto v0.0.0-20201128221613-3719af1573cf
2725
github.com/zmap/zlint/v3 v3.0.0

0 commit comments

Comments
 (0)