From 44d8713091931a4c10883117261aae6aa385f755 Mon Sep 17 00:00:00 2001 From: Rob Best Date: Thu, 19 Nov 2020 22:53:47 +0000 Subject: [PATCH] Add test for TLS version metric --- prober/https_test.go | 8 ++++++++ prober/metrics_test.go | 17 +++++++++++++++++ prober/tcp_test.go | 8 ++++++++ 3 files changed, 33 insertions(+) diff --git a/prober/https_test.go b/prober/https_test.go index d389adc..ad310a1 100644 --- a/prober/https_test.go +++ b/prober/https_test.go @@ -56,6 +56,7 @@ func TestProbeHTTPS(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSTimeout tests that the https probe respects the timeout in the @@ -164,6 +165,7 @@ func TestProbeHTTPSNoScheme(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSServername tests that the probe is successful when the @@ -206,6 +208,7 @@ func TestProbeHTTPSServerName(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSHTTP tests that the prober fails when hitting a HTTP server @@ -283,6 +286,7 @@ func TestProbeHTTPSClientAuth(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSClientAuthWrongClientCert tests that the probe fails with a bad @@ -419,6 +423,7 @@ func TestProbeHTTPSExpiredInsecure(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSProxy tests the proxy_url field in the configuration @@ -482,6 +487,7 @@ func TestProbeHTTPSProxy(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSOCSP tests a HTTPS probe with OCSP stapling @@ -527,6 +533,7 @@ func TestProbeHTTPSOCSP(t *testing.T) { checkCertificateMetrics(cert, registry, t) checkOCSPMetrics(resp, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeHTTPSVerifiedChains tests the verified chain metrics returned by a @@ -608,4 +615,5 @@ func TestProbeHTTPSVerifiedChains(t *testing.T) { checkCertificateMetrics(serverCert, registry, t) checkOCSPMetrics([]byte{}, registry, t) checkVerifiedChainMetrics(verifiedChains, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } diff --git a/prober/metrics_test.go b/prober/metrics_test.go index b6eb6fe..843a433 100644 --- a/prober/metrics_test.go +++ b/prober/metrics_test.go @@ -195,6 +195,23 @@ func checkOCSPMetrics(resp []byte, registry *prometheus.Registry, t *testing.T) checkRegistryResults(expectedResults, mfs, t) } +func checkTLSVersionMetrics(version string, registry *prometheus.Registry, t *testing.T) { + mfs, err := registry.Gather() + if err != nil { + t.Fatal(err) + } + expectedResults := []*registryResult{ + ®istryResult{ + Name: "ssl_tls_version_info", + LabelValues: map[string]string{ + "version": version, + }, + Value: 1, + }, + } + checkRegistryResults(expectedResults, mfs, t) +} + func newCertificate(certPEM []byte) (*x509.Certificate, error) { block, _ := pem.Decode(certPEM) return x509.ParseCertificate(block.Bytes) diff --git a/prober/tcp_test.go b/prober/tcp_test.go index 59e3832..49c0d02 100644 --- a/prober/tcp_test.go +++ b/prober/tcp_test.go @@ -53,6 +53,7 @@ func TestProbeTCP(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPInvalidName tests hitting the server on an address which isn't @@ -123,6 +124,7 @@ func TestProbeTCPServerName(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPExpired tests that the probe fails with an expired server cert @@ -203,6 +205,7 @@ func TestProbeTCPExpiredInsecure(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPStartTLSSMTP tests STARTTLS against a mock SMTP server @@ -241,6 +244,7 @@ func TestProbeTCPStartTLSSMTP(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPStartTLSFTP tests STARTTLS against a mock FTP server @@ -279,6 +283,7 @@ func TestProbeTCPStartTLSFTP(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPStartTLSIMAP tests STARTTLS against a mock IMAP server @@ -317,6 +322,7 @@ func TestProbeTCPStartTLSIMAP(t *testing.T) { } checkCertificateMetrics(cert, registry, t) checkOCSPMetrics([]byte{}, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPTimeout tests that the TCP probe respects the timeout in the @@ -392,6 +398,7 @@ func TestProbeTCPOCSP(t *testing.T) { checkCertificateMetrics(cert, registry, t) checkOCSPMetrics(resp, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) } // TestProbeTCPVerifiedChains tests the verified chain metrics returned by a tcp @@ -473,4 +480,5 @@ func TestProbeTCPVerifiedChains(t *testing.T) { checkCertificateMetrics(serverCert, registry, t) checkOCSPMetrics([]byte{}, registry, t) checkVerifiedChainMetrics(verifiedChains, registry, t) + checkTLSVersionMetrics("TLS 1.3", registry, t) }