Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report the certificate expiration as a prometheus metric. #106

Merged
merged 11 commits into from
Apr 29, 2020
Merged

Report the certificate expiration as a prometheus metric. #106

merged 11 commits into from
Apr 29, 2020

Conversation

clokep
Copy link
Member

@clokep clokep commented Apr 22, 2020
edited
Loading

This reports the epoch time (in seconds) of the APNs certificate expiry as a prometheus metric. The metric is updated each time the certificate is loaded (so each time sygnal is started).

pyOpenSSL becomes a direct dependency instead of just a transient one via aioapns.

Fixes #103

@clokep
Copy link
Member Author

clokep commented Apr 22, 2020

I think this is ready, but leaving as a draft until I get confirmation that seconds-until-expiration is the proper way to report this.

clokep
clokep commented Apr 23, 2020
View reviewed changes
sygnal/apnspushkin.py Outdated Show resolved Hide resolved
@clokep clokep marked this pull request as ready for review April 23, 2020 17:37
@clokep clokep requested a review from a team April 23, 2020 17:37
@clokep
Copy link
Member Author

clokep commented Apr 23, 2020
edited
Loading

Updated this based on discussion on the issue. This should be ready to go now! I should note that I wasn't fully able to test this since I don't have a valid certificate for Sygnal.

richvdh
richvdh reviewed Apr 28, 2020
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks generally sensible, but a couple of thoughts

sygnal/apnspushkin.py Outdated Show resolved Hide resolved
sygnal/apnspushkin.py Outdated Show resolved Hide resolved
@clokep clokep requested a review from richvdh April 28, 2020 18:51
@clokep
Copy link
Member Author

clokep commented Apr 28, 2020

Thanks @richvdh! I made some updates from your feedback. The timezone handling is a bit weird, but cryptography says:

A naïve datetime representing the end of the validity period for the certificate in UTC. This value is inclusive.

And the timestamp() docs say:

Note:
There is no method to obtain the POSIX timestamp directly from a naive datetime instance representing UTC time. If your application uses this convention and your system timezone is not set to UTC, you can obtain the POSIX timestamp by supplying tzinfo=timezone.utc:

timestamp = dt.replace(tzinfo=timezone.utc).timestamp()

or by calculating the timestamp directly:

timestamp = (dt - datetime(1970, 1, 1)) / timedelta(seconds=1)

I believe I've combined these two pieces of info correctly! :)

richvdh
richvdh approved these changes Apr 28, 2020
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@clokep clokep merged commit 40826b2 into master Apr 29, 2020
@clokep clokep deleted the clokep/report-cert-expiry branch April 29, 2020 10:48
@clokep clokep mentioned this pull request Apr 29, 2020
Merged
clokep added a commit that referenced this pull request Apr 30, 2020
@clokep
Fix unit tests after merge of #106 (#112)
35895fe
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Certificate expiry monitoring
2 participants
@clokep @richvdh