This is an automated email from the ASF dual-hosted git repository. hanahmily pushed a commit to branch source-tls in repository https://gitbox.apache.org/repos/asf/skywalking.git
commit 1a10284271958424210bc5f35f964e477a092f03 Author: Gao Hongtao <[email protected]> AuthorDate: Tue Sep 8 09:46:07 2020 +0800 Parse tls mode from als Signed-off-by: Gao Hongtao <[email protected]> --- .../src/main/resources/oal/core.oal | 6 ++++ .../core/source/ServiceInstanceRelation.java | 3 ++ .../oap/server/core/source/ServiceRelation.java | 3 ++ .../envoy/als/K8sALSServiceMeshHTTPAnalysis.java | 33 ++++++++++++++++++++++ .../receiver/mesh/TelemetryDataDispatcher.java | 2 ++ 5 files changed, 47 insertions(+) diff --git a/oap-server/server-bootstrap/src/main/resources/oal/core.oal b/oap-server/server-bootstrap/src/main/resources/oal/core.oal index 48af721..ba95111 100755 --- a/oap-server/server-bootstrap/src/main/resources/oal/core.oal +++ b/oap-server/server-bootstrap/src/main/resources/oal/core.oal @@ -69,6 +69,12 @@ database_access_sla = from(DatabaseAccess.*).percent(status == true); database_access_cpm = from(DatabaseAccess.*).cpm(); database_access_percentile = from(DatabaseAccess.latency).percentile(10); +// Example of TLS related metric. Detected point was not distinguished, that means mTLS requests from both sides will be +// counted in. +////////// +// service_relation_mtls_cpm = from(ServiceRelation.*).filter(tlsMode == "mTLS").cpm(); +// service_instance_relation_mtls_cpm = from(ServiceInstanceRelation.*).filter(tlsMode == "mTLS").cpm(); + // Disable unnecessary hard core stream, targeting @Stream#name ///////// // disable(segment); diff --git a/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceInstanceRelation.java b/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceInstanceRelation.java index 78ae627..e4f328c 100644 --- a/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceInstanceRelation.java +++ b/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceInstanceRelation.java @@ -103,6 +103,9 @@ public class ServiceInstanceRelation extends Source { @Getter @Setter private DetectPoint detectPoint; + @Getter + @Setter + private String tlsMode; @Override public void prepare() { diff --git a/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceRelation.java b/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceRelation.java index 4fb40aa..cf9fb61 100644 --- a/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceRelation.java +++ b/oap-server/server-core/src/main/java/org/apache/skywalking/oap/server/core/source/ServiceRelation.java @@ -93,6 +93,9 @@ public class ServiceRelation extends Source { @Getter @Setter private DetectPoint detectPoint; + @Getter + @Setter + private String tlsMode; @Override public void prepare() { diff --git a/oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/K8sALSServiceMeshHTTPAnalysis.java b/oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/K8sALSServiceMeshHTTPAnalysis.java index 287e98a..72e6b86 100644 --- a/oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/K8sALSServiceMeshHTTPAnalysis.java +++ b/oap-server/server-receiver-plugin/envoy-metrics-receiver-plugin/src/main/java/org/apache/skywalking/oap/server/receiver/envoy/als/K8sALSServiceMeshHTTPAnalysis.java @@ -18,6 +18,7 @@ package org.apache.skywalking.oap.server.receiver.envoy.als; +import com.google.common.base.Strings; import com.google.common.util.concurrent.ThreadFactoryBuilder; import com.google.protobuf.Duration; import com.google.protobuf.Timestamp; @@ -28,6 +29,7 @@ import io.envoyproxy.envoy.data.accesslog.v2.AccessLogCommon; import io.envoyproxy.envoy.data.accesslog.v2.HTTPAccessLogEntry; import io.envoyproxy.envoy.data.accesslog.v2.HTTPRequestProperties; import io.envoyproxy.envoy.data.accesslog.v2.HTTPResponseProperties; +import io.envoyproxy.envoy.data.accesslog.v2.TLSProperties; import io.envoyproxy.envoy.service.accesslog.v2.StreamAccessLogsMessage; import io.kubernetes.client.openapi.ApiClient; import io.kubernetes.client.openapi.apis.CoreV1Api; @@ -43,6 +45,7 @@ import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.TimeUnit; @@ -68,6 +71,12 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { private static final String VALID_PHASE = "Running"; + private static final String NON_TLS = "NONE"; + + private static final String M_TLS = "mTLS"; + + private static final String TLS = "TLS"; + @Getter(AccessLevel.PROTECTED) private final AtomicReference<Map<String, ServiceMetaInfo>> ipServiceMap = new AtomicReference<>(); @@ -211,6 +220,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { downstreamLocalAddress.getSocketAddress() .getAddress(), downstreamLocalAddress.getSocketAddress() .getPortValue()); + String tlsMode = parseTLS(properties.getTlsProperties()); if (cluster.startsWith("inbound|")) { // Server side if (downstreamService.equals(ServiceMetaInfo.UNKNOWN)) { @@ -229,6 +239,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { Math.toIntExact(responseCode)) .setStatus(status) .setProtocol(protocol) + .setTlsMode(tlsMode) .setDetectPoint(DetectPoint.server); LOGGER.debug("Transformed ingress->sidecar inbound mesh metric {}", metric); @@ -252,6 +263,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { Math.toIntExact(responseCode)) .setStatus(status) .setProtocol(protocol) + .setTlsMode(tlsMode) .setDetectPoint(DetectPoint.server); LOGGER.debug("Transformed sidecar->sidecar(server side) inbound mesh metric {}", metric); @@ -281,6 +293,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { .setResponseCode(Math.toIntExact(responseCode)) .setStatus(status) .setProtocol(protocol) + .setTlsMode(tlsMode) .setDetectPoint(DetectPoint.client); LOGGER.debug("Transformed sidecar->sidecar(server side) inbound mesh metric {}", metric); @@ -292,6 +305,21 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { return sources; } + private String parseTLS(TLSProperties properties) { + if (properties == null) { + return NON_TLS; + } + if (Strings.isNullOrEmpty(Optional.ofNullable(properties.getLocalCertificateProperties()) + .orElse(TLSProperties.CertificateProperties.newBuilder().build()).getSubject())) { + return NON_TLS; + } + if (Strings.isNullOrEmpty(Optional.ofNullable(properties.getPeerCertificateProperties()) + .orElse(TLSProperties.CertificateProperties.newBuilder().build()).getSubject())) { + return TLS; + } + return M_TLS; + } + protected void analysisProxy(StreamAccessLogsMessage.Identifier identifier, HTTPAccessLogEntry entry) { AccessLogCommon properties = entry.getCommonProperties(); if (properties != null) { @@ -330,6 +358,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { responseCode = response.getResponseCode().getValue(); } boolean status = responseCode >= 200 && responseCode < 400; + String tlsMode = parseTLS(properties.getTlsProperties()); ServiceMeshMetric.Builder metric = ServiceMeshMetric.newBuilder() .setStartTime(startTime) @@ -345,6 +374,7 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { .setResponseCode(Math.toIntExact(responseCode)) .setStatus(status) .setProtocol(protocol) + .setTlsMode(tlsMode) .setDetectPoint(DetectPoint.server); LOGGER.debug("Transformed ingress inbound mesh metric {}", metric); @@ -376,6 +406,9 @@ public class K8sALSServiceMeshHTTPAnalysis implements ALSHTTPAnalysis { Math.toIntExact(responseCode)) .setStatus(status) .setProtocol(protocol) + // Can't parse it from tls properties, leave + // it to Server side. + .setTlsMode(NON_TLS) .setDetectPoint(DetectPoint.client); LOGGER.debug("Transformed ingress outbound mesh metric {}", outboundMetric); diff --git a/oap-server/server-receiver-plugin/skywalking-mesh-receiver-plugin/src/main/java/org/apache/skywalking/aop/server/receiver/mesh/TelemetryDataDispatcher.java b/oap-server/server-receiver-plugin/skywalking-mesh-receiver-plugin/src/main/java/org/apache/skywalking/aop/server/receiver/mesh/TelemetryDataDispatcher.java index f980977..890c797 100644 --- a/oap-server/server-receiver-plugin/skywalking-mesh-receiver-plugin/src/main/java/org/apache/skywalking/aop/server/receiver/mesh/TelemetryDataDispatcher.java +++ b/oap-server/server-receiver-plugin/skywalking-mesh-receiver-plugin/src/main/java/org/apache/skywalking/aop/server/receiver/mesh/TelemetryDataDispatcher.java @@ -186,6 +186,7 @@ public class TelemetryDataDispatcher { serviceRelation.setResponseCode(metrics.getResponseCode()); serviceRelation.setDetectPoint(detectPointMapping(metrics.getDetectPoint())); serviceRelation.setComponentId(protocol2Component(metrics.getProtocol())); + serviceRelation.setTlsMode(metrics.getTlsMode()); SOURCE_RECEIVER.receive(serviceRelation); } @@ -221,6 +222,7 @@ public class TelemetryDataDispatcher { serviceRelation.setResponseCode(metrics.getResponseCode()); serviceRelation.setDetectPoint(detectPointMapping(metrics.getDetectPoint())); serviceRelation.setComponentId(protocol2Component(metrics.getProtocol())); + serviceRelation.setTlsMode(metrics.getTlsMode()); SOURCE_RECEIVER.receive(serviceRelation); }
