istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/server/ca/monitoring.go

istio.io/istio@v0.0.0-20240520182934-d79c90f27776/security/pkg/server/ca/monitoring.go (about)

     1  // Copyright Istio Authors
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package ca
    16  
    17  import (
    18  	"istio.io/istio/pkg/monitoring"
    19  )
    20  
    21  const (
    22  	errorlabel = "error"
    23  )
    24  
    25  var (
    26  	errorTag = monitoring.CreateLabel(errorlabel)
    27  
    28  	csrCounts = monitoring.NewSum(
    29  		"citadel_server_csr_count",
    30  		"The number of CSRs received by Citadel server.",
    31  	)
    32  
    33  	authnErrorCounts = monitoring.NewSum(
    34  		"citadel_server_authentication_failure_count",
    35  		"The number of authentication failures.",
    36  	)
    37  
    38  	csrParsingErrorCounts = monitoring.NewSum(
    39  		"citadel_server_csr_parsing_err_count",
    40  		"The number of errors occurred when parsing the CSR.",
    41  	)
    42  
    43  	idExtractionErrorCounts = monitoring.NewSum(
    44  		"citadel_server_id_extraction_err_count",
    45  		"The number of errors occurred when extracting the ID from CSR.",
    46  	)
    47  
    48  	certSignErrorCounts = monitoring.NewSum(
    49  		"citadel_server_csr_sign_err_count",
    50  		"The number of errors occurred when signing the CSR.",
    51  	)
    52  
    53  	successCounts = monitoring.NewSum(
    54  		"citadel_server_success_cert_issuance_count",
    55  		"The number of certificates issuances that have succeeded.",
    56  	)
    57  
    58  	rootCertExpiryTimestamp = monitoring.NewGauge(
    59  		"citadel_server_root_cert_expiry_timestamp",
    60  		"The unix timestamp, in seconds, when Citadel root cert will expire. "+
    61  			"A negative time indicates the cert is expired.",
    62  	)
    63  	certChainExpiryTimestamp = monitoring.NewGauge(
    64  		"citadel_server_cert_chain_expiry_timestamp",
    65  		"The unix timestamp, in seconds, when Citadel cert chain will expire. "+
    66  			"A negative time indicates the cert is expired.",
    67  	)
    68  )
    69  
    70  // monitoringMetrics are counters for certificate signing related operations.
    71  type monitoringMetrics struct {
    72  	CSR               monitoring.Metric
    73  	AuthnError        monitoring.Metric
    74  	Success           monitoring.Metric
    75  	CSRError          monitoring.Metric
    76  	IDExtractionError monitoring.Metric
    77  	certSignErrors    monitoring.Metric
    78  }
    79  
    80  // newMonitoringMetrics creates a new monitoringMetrics.
    81  func newMonitoringMetrics() monitoringMetrics {
    82  	return monitoringMetrics{
    83  		CSR:               csrCounts,
    84  		AuthnError:        authnErrorCounts,
    85  		Success:           successCounts,
    86  		CSRError:          csrParsingErrorCounts,
    87  		IDExtractionError: idExtractionErrorCounts,
    88  		certSignErrors:    certSignErrorCounts,
    89  	}
    90  }
    91  
    92  func (m *monitoringMetrics) GetCertSignError(err string) monitoring.Metric {
    93  	return m.certSignErrors.With(errorTag.Value(err))
    94  }