Skip to content

Commit

Permalink
Adding grpc call for reading fulcio methods on prober
Browse files Browse the repository at this point in the history
Signed-off-by: Javan lacerda <[email protected]>
  • Loading branch information
javanlacerda committed Apr 11, 2024
1 parent 81a1374 commit e7e18a8
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 9 deletions.
40 changes: 31 additions & 9 deletions cmd/prober/prober.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/tls"
"encoding/json"
"flag"
"log"
Expand All @@ -32,7 +33,7 @@ import (
"github.com/prometheus/client_golang/prometheus/promhttp"
fulciopb "github.com/sigstore/fulcio/pkg/generated/protobuf"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/credentials"
"sigs.k8s.io/release-utils/version"

"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
Expand Down Expand Up @@ -118,7 +119,7 @@ func init() {

flag.StringVar(&rekorURL, "rekor-url", "https://rekor.sigstore.dev", "Set to the Rekor URL to run probers against")
flag.StringVar(&fulcioURL, "fulcio-url", "https://fulcio.sigstore.dev", "Set to the Fulcio URL to run probers against")
flag.StringVar(&fulcioGrpcURL, "fulcio-grpc-url", "grpc://fulcio.sigstore.dev", "Set to the Fulcio GRPC URL to run probers against")
flag.StringVar(&fulcioGrpcURL, "fulcio-grpc-url", "fulcio.sigstore.dev", "Set to the Fulcio GRPC URL to run probers against")

flag.BoolVar(&oneTime, "one-time", false, "Whether to run only one time and exit.")
flag.BoolVar(&runWriteProber, "write-prober", false, " [Kubernetes only] run the probers for the write endpoints.")
Expand Down Expand Up @@ -193,7 +194,7 @@ func main() {

func NewFulcioClient() (fulciopb.CAClient, error) {
opts := []grpc.DialOption{grpc.WithUserAgent(options.UserAgent())}
transportCreds := insecure.NewCredentials()
transportCreds := credentials.NewTLS(&tls.Config{MinVersion: tls.VersionTLS12})
opts = append(opts, grpc.WithTransportCredentials(transportCreds))
conn, err := grpc.NewClient(fulcioGrpcURL, opts...)
if err != nil {
Expand All @@ -219,12 +220,12 @@ func runProbers(ctx context.Context, freq int, runOnce bool, fulcioGrpcClient fu
}
}

Logger.Infoln("Getting Bundle via grpc:", fulcioGrpcURL)
if resp, err := fulcioGrpcClient.GetTrustBundle(ctx, &fulciopb.GetTrustBundleRequest{}); err != nil {
hasErr = true
Logger.Errorf("error running request GetTrustBundle via gRPC: %v", err)
} else {
Logger.Infoln("Worked fine: %s", resp)
// Performing requests against Fulcio gRPC API
for _, method := range fulciopb.CA_ServiceDesc.Methods {
if err := observeGrcpRequest(ctx, method, fulcioGrpcClient); err != nil {
hasErr = true
Logger.Errorf("error running request %s: %v", method.MethodName, err)
}
}

if runWriteProber {
Expand Down Expand Up @@ -284,6 +285,27 @@ func observeRequest(host string, r ReadProberCheck) error {
return nil
}

func observeGrcpRequest(ctx context.Context, method grpc.MethodDesc, fulcioGrpcClient fulciopb.CAClient) error {
s := time.Now()

var err error
switch method.MethodName {
case "GetTrustBundle":
_, err = fulcioGrpcClient.GetTrustBundle(ctx, &fulciopb.GetTrustBundleRequest{})
case "GetConfiguration":
_, err = fulcioGrpcClient.GetConfiguration(ctx, &fulciopb.GetConfigurationRequest{})
default:
Logger.Warn("Unimplemented:", method.MethodName)
return nil
}
latency := time.Since(s).Milliseconds()
if err != nil {
return err
}
exportGrpcDataToPrometheus(fulcioGrpcURL, method.MethodName, latency)
return nil
}

func httpRequest(host string, r ReadProberCheck) (*retryablehttp.Request, error) {
req, err := retryablehttp.NewRequest(r.Method, host+r.Endpoint, bytes.NewBuffer([]byte(r.Body)))
if err != nil {
Expand Down
26 changes: 26 additions & 0 deletions cmd/prober/prometheus.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,22 @@ var (
},
[]string{endpointLabel, hostLabel, statusCodeLabel, methodLabel})

grpcMethodLatenciesSummary = prometheus.NewSummaryVec(
prometheus.SummaryOpts{
Name: "api_endpoint_latency",
Help: "API endpoint latency distributions (milliseconds).",
Objectives: map[float64]float64{0.5: 0.05, 0.9: 0.01, 0.99: 0.001, .999: 0.0001},
},
[]string{hostLabel, methodLabel},
)

grpcMethodLatenciesHistogram = prometheus.NewHistogramVec(prometheus.HistogramOpts{
Name: "api_endpoint_latency_histogram",
Help: "API endpoint latency distribution across Rekor and Fulcio (milliseconds)",
Buckets: []float64{0.0, 200.0, 400.0, 600.0, 800.0, 1000.0},
},
[]string{hostLabel, methodLabel})

verificationCounter = prometheus.NewCounterVec(
prometheus.CounterOpts{
Name: "verification",
Expand All @@ -72,6 +88,16 @@ func exportDataToPrometheus(resp *http.Response, host, endpoint, method string,
Logger.With(zap.Int("status", statusCode), zap.Int("bytes", int(resp.ContentLength)), zap.Duration("latency", time.Duration(latency)*time.Millisecond)).Infof("[DEBUG] %v %v", method, host+endpoint)
}

func exportGrpcDataToPrometheus(host string, method string, latency int64) {
labels := prometheus.Labels{
hostLabel: host,
methodLabel: method,
}
grpcMethodLatenciesSummary.With(labels).Observe(float64(latency))
grpcMethodLatenciesHistogram.With(labels).Observe(float64(latency))
Logger.With(zap.Duration("latency", time.Duration(latency)*time.Millisecond)).Infof("[DEBUG] %v %v", method, host)
}

// NewVersionCollector returns a collector that exports metrics about current version
// information.
func NewVersionCollector(program string) prometheus.Collector {
Expand Down

0 comments on commit e7e18a8

Please sign in to comment.