LITE-34406 Add Prometheus metrics for certificate renewal#125
Open
jonatrios wants to merge 2 commits into
Open
LITE-34406 Add Prometheus metrics for certificate renewal#125jonatrios wants to merge 2 commits into
jonatrios wants to merge 2 commits into
Conversation
jonatrios
changed the title
jonatrios
changed the base branch from
LITE-34405-renewal-http-handlers
to
master
- Extract const namespace = "chaperone" in metrics.go to satisfy goconst linter; replace all Namespace: "chaperone" occurrences - CertExpirySeconds gauge: seeded on startup (after cert load) and updated in HandleInstall after each hot-swap; Leaf parsed in NewTLSConfig so NotAfter is accessible without a second parse - CertRenewalsTotal counter (status: success|failure): incremented in HandleInstall on success and on Install error - docs/reference/http-api.md: document both new metrics
Reword the persistPair doc comment and the mTLS integration test comment to accurately describe the best-effort rollback: after a key-rename failure the cert file may be absent (not the old pair restored), avoiding only the new-cert + old-key mismatch. Add TestHandler_Install_PersistPair_KeyRenameFails which forces the second rename to fail (keyPath is an existing directory) and asserts that certPath is removed by the rollback, covering the previously untested os.Remove(certPath) branch in persistPair.
jonatrios
force-pushed
the
cr/LITE-34406-cert-renewal-metrics
branch
from
48f2037 to
0dc4115
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
chaperone_cert_expiry_secondsgauge: set on startup (after cert load inNewTLSConfig) and after eachInstallhot-swap;tls.Certificate.Leafis now pre-parsed soNotAfteris always accessible without a second round-trip throughx509.ParseCertificatechaperone_cert_renewals_totalcounter withstatuslabel (success|failure): incremented inHandleInstallon every attempt outcomenamespace = "chaperone"constant inmetrics.goto satisfygoconstlinter/metricsreference table indocs/reference/http-api.mdpersistPairdoc comment and mTLS test comment to accurately describe the best-effort rollback (cert may be absent after a key-rename failure, not the old pair restored)TestHandler_Install_PersistPair_KeyRenameFailscovering the previously untestedos.Remove(certPath)rollback branchJira: https://imorg.atlassian.net/browse/LITE-34406
🤖 Generated with Claude Code