Include certificate count in issuer check state messages
Add a per-issuer certificate counter to issuerAgg and append the count to each CheckState message and Meta map, so operators can see how many certificates were observed per issuer at a glance.
This commit is contained in:
parent
c6400c7773
commit
8b7df15883
1 changed files with 8 additions and 5 deletions
|
|
@ -31,6 +31,7 @@ type issuerAgg struct {
|
|||
code string
|
||||
msg string
|
||||
endpoints map[string]bool
|
||||
count int // number of certificates observed from this issuer
|
||||
}
|
||||
|
||||
type allowList struct {
|
||||
|
|
@ -152,6 +153,7 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
|
|||
cur = &issuerAgg{sample: p, endpoints: map[string]bool{}}
|
||||
agg[k] = cur
|
||||
}
|
||||
cur.count++
|
||||
if severityRank(severity) >= severityRank(cur.severity) {
|
||||
cur.severity = severity
|
||||
cur.code = code
|
||||
|
|
@ -233,22 +235,23 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
|
|||
endpoints = append(endpoints, ep)
|
||||
}
|
||||
sort.Strings(endpoints)
|
||||
meta := map[string]any{"endpoints": endpoints}
|
||||
meta := map[string]any{"endpoints": endpoints, "cert_count": a.count}
|
||||
|
||||
certSuffix := fmt.Sprintf(" (%d certificate(s) checked)", a.count)
|
||||
switch a.severity {
|
||||
case SeverityCrit:
|
||||
out = append(out, sdk.CheckState{
|
||||
Status: sdk.StatusCrit, Message: a.msg, Code: a.code,
|
||||
Status: sdk.StatusCrit, Message: a.msg + certSuffix, Code: a.code,
|
||||
Subject: subject, Meta: meta,
|
||||
})
|
||||
case SeverityWarn:
|
||||
out = append(out, sdk.CheckState{
|
||||
Status: sdk.StatusWarn, Message: a.msg, Code: a.code,
|
||||
Status: sdk.StatusWarn, Message: a.msg + certSuffix, Code: a.code,
|
||||
Subject: subject, Meta: meta,
|
||||
})
|
||||
case SeverityInfo:
|
||||
out = append(out, sdk.CheckState{
|
||||
Status: sdk.StatusInfo, Message: a.msg, Code: a.code,
|
||||
Status: sdk.StatusInfo, Message: a.msg + certSuffix, Code: a.code,
|
||||
Subject: subject, Meta: meta,
|
||||
})
|
||||
default:
|
||||
|
|
@ -257,7 +260,7 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
|
|||
msg = "Certificate observed; no CAA records published"
|
||||
}
|
||||
out = append(out, sdk.CheckState{
|
||||
Status: sdk.StatusOK, Message: msg, Code: CodeOK,
|
||||
Status: sdk.StatusOK, Message: msg + certSuffix, Code: CodeOK,
|
||||
Subject: subject, Meta: meta,
|
||||
})
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue