Skip to content

add a new collector that gets information about a server's TLS certificates #1765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open

add a new collector that gets information about a server's TLS certificates #1765

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
843afb6
add a new collector that gets information about a server's TLS certif…
laverya Mar 31, 2025
d57b212
check issuer in analyzer, update test
laverya Apr 1, 2025
8475f6e
add analyzer and unit tests
laverya Apr 1, 2025
c34b425
Merge branch 'main' into laverya/sc-121804/finish-validating-failing-…
laverya Apr 1, 2025
92a599a
make schemas
laverya Apr 1, 2025
70a099a
add replicated.app analyze test
laverya Apr 1, 2025
9aba086
make generate
laverya Apr 1, 2025
e35578f
Merge branch 'main' into laverya/sc-121804/finish-validating-failing-…
laverya Apr 1, 2025
5fccca2
go mod tidy examples
laverya Apr 1, 2025
6df1106
Update pkg/analyze/host_tls.go
laverya Apr 1, 2025
e832664
include error in collect results instead of returning
laverya Apr 1, 2025
33c4487
add to struct, make generate schemas
laverya Apr 1, 2025
d10a121
collector name is required in analyzer
laverya Apr 1, 2025
d6bce85
fix unit tests
laverya Apr 1, 2025
09ff342
add this to the e2e tests
laverya Apr 1, 2025
4ee38f3
fix getting host analyzer
laverya Apr 1, 2025
d3b915f
fix collection
laverya Apr 1, 2025
e139fb5
use dorequest to collect tls info
laverya Apr 1, 2025
727d82e
support collecting certificate from behind a proxy
laverya Apr 1, 2025
b2c10c7
rename to tlsCertificate
laverya Apr 1, 2025
8eb674c
allow fetching the expected set of certs from the remote server
laverya Apr 1, 2025
6539de6
make generate schemas
laverya Apr 1, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cmd/collect/cli/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ func RootCmd() *cobra.Command {
cmd.Flags().String("chroot", "", "Chroot to path")

// hidden in favor of the `insecure-skip-tls-verify` flag
cmd.Flags().Bool("allow-insecure-connections", false, "when set, do not verify TLS certs when retrieving spec and reporting results")
cmd.Flags().Bool("allow-insecure-connections", false, "when set, do not verify TLSCertificate certs when retrieving spec and reporting results")
cmd.Flags().MarkHidden("allow-insecure-connections")

viper.BindPFlags(cmd.Flags())
Expand Down
2 changes: 1 addition & 1 deletion cmd/troubleshoot/cli/root.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ If no arguments are provided, specs are automatically loaded from the cluster by
cmd.Flags().Bool("dry-run", false, "print support bundle spec without collecting anything")

// hidden in favor of the `insecure-skip-tls-verify` flag
cmd.Flags().Bool("allow-insecure-connections", false, "when set, do not verify TLS certs when retrieving spec and reporting results")
cmd.Flags().Bool("allow-insecure-connections", false, "when set, do not verify TLSCertificate certs when retrieving spec and reporting results")
cmd.Flags().MarkHidden("allow-insecure-connections")

// `no-uri` references the `followURI` functionality where we can use an upstream spec when creating a support bundle
Expand Down
49 changes: 49 additions & 0 deletions config/crds/troubleshoot.sh_analyzers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3156,6 +3156,55 @@ spec:
required:
- outcomes
type: object
tlsCertificate:
properties:
annotations:
additionalProperties:
type: string
type: object
checkName:
type: string
collectorName:
type: string
exclude:
type: BoolString
outcomes:
items:
properties:
fail:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
pass:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
warn:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
type: object
type: array
strict:
type: BoolString
required:
- outcomes
type: object
udpPortStatus:
properties:
annotations:
Expand Down
15 changes: 15 additions & 0 deletions config/crds/troubleshoot.sh_collectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17744,6 +17744,21 @@ spec:
exclude:
type: BoolString
type: object
tlsCertificate:
properties:
address:
type: string
collectorName:
type: string
exclude:
type: BoolString
expectedCertSubpath:
type: string
httpsProxy:
type: string
required:
- address
type: object
udpPortStatus:
properties:
collectorName:
Expand Down
64 changes: 64 additions & 0 deletions config/crds/troubleshoot.sh_hostcollectors.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1305,6 +1305,55 @@ spec:
required:
- outcomes
type: object
tlsCertificate:
properties:
annotations:
additionalProperties:
type: string
type: object
checkName:
type: string
collectorName:
type: string
exclude:
type: BoolString
outcomes:
items:
properties:
fail:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
pass:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
warn:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
type: object
type: array
strict:
type: BoolString
required:
- outcomes
type: object
udpPortStatus:
properties:
annotations:
Expand Down Expand Up @@ -1970,6 +2019,21 @@ spec:
exclude:
type: BoolString
type: object
tlsCertificate:
properties:
address:
type: string
collectorName:
type: string
exclude:
type: BoolString
expectedCertSubpath:
type: string
httpsProxy:
type: string
required:
- address
type: object
udpPortStatus:
properties:
collectorName:
Expand Down
64 changes: 64 additions & 0 deletions config/crds/troubleshoot.sh_hostpreflights.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1305,6 +1305,55 @@ spec:
required:
- outcomes
type: object
tlsCertificate:
properties:
annotations:
additionalProperties:
type: string
type: object
checkName:
type: string
collectorName:
type: string
exclude:
type: BoolString
outcomes:
items:
properties:
fail:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
pass:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
warn:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
type: object
type: array
strict:
type: BoolString
required:
- outcomes
type: object
udpPortStatus:
properties:
annotations:
Expand Down Expand Up @@ -1970,6 +2019,21 @@ spec:
exclude:
type: BoolString
type: object
tlsCertificate:
properties:
address:
type: string
collectorName:
type: string
exclude:
type: BoolString
expectedCertSubpath:
type: string
httpsProxy:
type: string
required:
- address
type: object
udpPortStatus:
properties:
collectorName:
Expand Down
64 changes: 64 additions & 0 deletions config/crds/troubleshoot.sh_supportbundles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20247,6 +20247,55 @@ spec:
required:
- outcomes
type: object
tlsCertificate:
properties:
annotations:
additionalProperties:
type: string
type: object
checkName:
type: string
collectorName:
type: string
exclude:
type: BoolString
outcomes:
items:
properties:
fail:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
pass:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
warn:
properties:
message:
type: string
uri:
type: string
when:
type: string
type: object
type: object
type: array
strict:
type: BoolString
required:
- outcomes
type: object
udpPortStatus:
properties:
annotations:
Expand Down Expand Up @@ -20912,6 +20961,21 @@ spec:
exclude:
type: BoolString
type: object
tlsCertificate:
properties:
address:
type: string
collectorName:
type: string
exclude:
type: BoolString
expectedCertSubpath:
type: string
httpsProxy:
type: string
required:
- address
type: object
udpPortStatus:
properties:
collectorName:
Expand Down
26 changes: 13 additions & 13 deletions examples/sdk/helm-template/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ replace github.com/replicatedhq/troubleshoot v0.0.0 => ../../../

require (
github.com/replicatedhq/troubleshoot v0.0.0
helm.sh/helm/v3 v3.17.1
helm.sh/helm/v3 v3.17.2
sigs.k8s.io/yaml v1.4.0
)

Expand Down Expand Up @@ -47,30 +47,30 @@ require (
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/shopspring/decimal v1.4.0 // indirect
github.com/spf13/cast v1.7.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
golang.org/x/crypto v0.35.0 // indirect
golang.org/x/net v0.36.0 // indirect
golang.org/x/crypto v0.36.0 // indirect
golang.org/x/net v0.38.0 // indirect
golang.org/x/oauth2 v0.25.0 // indirect
golang.org/x/sys v0.30.0 // indirect
golang.org/x/term v0.29.0 // indirect
golang.org/x/text v0.22.0 // indirect
golang.org/x/time v0.7.0 // indirect
golang.org/x/sys v0.31.0 // indirect
golang.org/x/term v0.30.0 // indirect
golang.org/x/text v0.23.0 // indirect
golang.org/x/time v0.8.0 // indirect
google.golang.org/protobuf v1.36.2 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/api v0.32.2 // indirect
k8s.io/apiextensions-apiserver v0.32.2 // indirect
k8s.io/apimachinery v0.32.2 // indirect
k8s.io/client-go v0.32.2 // indirect
k8s.io/api v0.32.3 // indirect
k8s.io/apiextensions-apiserver v0.32.3 // indirect
k8s.io/apimachinery v0.32.3 // indirect
k8s.io/client-go v0.32.3 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
sigs.k8s.io/controller-runtime v0.20.2 // indirect
sigs.k8s.io/controller-runtime v0.20.4 // indirect
sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
)
Loading
Loading