Skip to content

Commit fe2edf3

Browse files
gavinbunneygavinbunney
committed
Add listener tag to ssl handshake metrics
1 parent 0f4e354 commit fe2edf3

3 files changed

Lines changed: 68 additions & 7 deletions

File tree

zuul-core/src/main/java/com/netflix/zuul/netty/server/BaseZuulChannelInitializer.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -307,7 +307,7 @@ protected void addTimeoutHandlers(ChannelPipeline pipeline) {
307307
}
308308

309309
protected void addSslInfoHandlers(ChannelPipeline pipeline, boolean isSSlFromIntermediary) {
310-
pipeline.addLast("ssl_info", new SslHandshakeInfoHandler(registry, isSSlFromIntermediary));
310+
pipeline.addLast("ssl_info", new SslHandshakeInfoHandler(registry, isSSlFromIntermediary, metricId));
311311
pipeline.addLast("ssl_exceptions", new SslExceptionsHandler(registry));
312312
}
313313

zuul-core/src/main/java/com/netflix/zuul/netty/server/ssl/SslHandshakeInfoHandler.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,16 +78,19 @@ public class SslHandshakeInfoHandler extends ChannelInboundHandlerAdapter {
7878

7979
private final Registry spectatorRegistry;
8080
private final boolean isSSlFromIntermediary;
81+
private final String listenerName;
8182

82-
public SslHandshakeInfoHandler(Registry spectatorRegistry, boolean isSSlFromIntermediary) {
83+
public SslHandshakeInfoHandler(Registry spectatorRegistry, boolean isSSlFromIntermediary, String listenerName) {
8384
this.spectatorRegistry = Preconditions.checkNotNull(spectatorRegistry);
8485
this.isSSlFromIntermediary = isSSlFromIntermediary;
86+
this.listenerName = Preconditions.checkNotNull(listenerName);
8587
}
8688

8789
@VisibleForTesting
8890
SslHandshakeInfoHandler() {
8991
spectatorRegistry = new NoopRegistry();
9092
isSSlFromIntermediary = false;
93+
listenerName = "unknown";
9194
}
9295

9396
@Override
@@ -286,6 +289,8 @@ private void incrementCounters(
286289
SslHandshakeCompletionEvent sslHandshakeCompletionEvent, SslHandshakeInfo handshakeInfo) {
287290
try {
288291
List<Tag> tagList = new ArrayList<>();
292+
tagList.add(Tag.of("listener", listenerName));
293+
289294
if (sslHandshakeCompletionEvent.isSuccess()) {
290295
tagList.add(Tag.of(
291296
"protocol", handshakeInfo.getProtocol().isEmpty() ? "unknown" : handshakeInfo.getProtocol()));

zuul-core/src/test/java/com/netflix/zuul/netty/server/ssl/SslHandshakeInfoHandlerTest.java

Lines changed: 61 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -142,7 +142,7 @@ public void handshakeFailureWithSSLException() throws Exception {
142142
CurrentPassport.fromChannel(channel);
143143
channel.attr(SourceAddressChannelHandler.ATTR_SOURCE_ADDRESS).set("192.168.1.1");
144144

145-
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false);
145+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "test");
146146

147147
SslHandler sslHandler = mock(SslHandler.class);
148148
when(sslHandler.engine()).thenReturn(sslEngine);
@@ -161,6 +161,8 @@ public void handshakeFailureWithSSLException() throws Exception {
161161
// Verify success counter was incremented
162162
assertThat(registry.counter(
163163
"server.ssl.handshake",
164+
"listener",
165+
"test",
164166
"success",
165167
"false",
166168
"sni",
@@ -182,7 +184,7 @@ public void handshakeFailureWithClosedChannelException() throws Exception {
182184
when(registry.counter(anyString())).thenReturn(counter);
183185

184186
// Create handler with mocked registry
185-
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false);
187+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "test");
186188

187189
// Create channel and context
188190
EmbeddedChannel channel = new EmbeddedChannel();
@@ -211,7 +213,7 @@ public void handshakeFailureWithHandshakeTimeout() throws Exception {
211213
when(registry.counter(anyString())).thenReturn(counter);
212214

213215
// Create handler with mocked registry
214-
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false);
216+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "test");
215217

216218
// Create channel and context
217219
EmbeddedChannel channel = new EmbeddedChannel();
@@ -240,7 +242,7 @@ public void handshakeSuccessWithSNI(String sni) throws Exception {
240242
Registry registry = new DefaultRegistry();
241243

242244
// Create handler
243-
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false);
245+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "test");
244246

245247
// Create channel
246248
EmbeddedChannel channel = new EmbeddedChannel();
@@ -283,6 +285,8 @@ public void handshakeSuccessWithSNI(String sni) throws Exception {
283285

284286
assertThat(registry.counter(
285287
"server.ssl.handshake",
288+
"listener",
289+
"test",
286290
"success",
287291
"true",
288292
"sni",
@@ -318,7 +322,7 @@ public void handshakeSuccessWithSNI(String sni) throws Exception {
318322
public void handshakeSuccessWithNamedGroup() throws Exception {
319323
Registry registry = new DefaultRegistry();
320324

321-
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false);
325+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "test");
322326

323327
EmbeddedChannel channel = new EmbeddedChannel();
324328
CurrentPassport.fromChannel(channel);
@@ -348,6 +352,8 @@ public void handshakeSuccessWithNamedGroup() throws Exception {
348352

349353
assertThat(registry.counter(
350354
"server.ssl.handshake",
355+
"listener",
356+
"test",
351357
"success",
352358
"true",
353359
"sni",
@@ -370,4 +376,54 @@ public void handshakeSuccessWithNamedGroup() throws Exception {
370376
assertThat(info.getProtocol()).isEqualTo("TLSv1.3");
371377
assertThat(info.getCipherSuite()).isEqualTo("TLS_AES_128_GCM_SHA256");
372378
}
379+
380+
@Test
381+
public void handshakeSuccessIncludesListenerTag() throws Exception {
382+
Registry registry = new DefaultRegistry();
383+
384+
SslHandshakeInfoHandler handler = new SslHandshakeInfoHandler(registry, false, "main_7001");
385+
386+
EmbeddedChannel channel = new EmbeddedChannel();
387+
CurrentPassport.fromChannel(channel);
388+
389+
SSLEngine sslEngine = mock(SSLEngine.class);
390+
ExtendedSSLSession sslSession = mock(ExtendedSSLSession.class);
391+
X509Certificate serverCert = mock(X509Certificate.class);
392+
393+
when(sslEngine.getSession()).thenReturn(sslSession);
394+
when(sslEngine.getNeedClientAuth()).thenReturn(false);
395+
when(sslEngine.getWantClientAuth()).thenReturn(false);
396+
when(sslSession.getProtocol()).thenReturn("TLSv1.3");
397+
when(sslSession.getCipherSuite()).thenReturn("TLS_AES_256_GCM_SHA384");
398+
when(sslSession.getLocalCertificates()).thenReturn(new Certificate[] {serverCert});
399+
when(sslSession.getPeerCertificates()).thenReturn(new Certificate[0]);
400+
when(sslSession.getRequestedServerNames()).thenReturn(List.of(new SNIHostName("www.netflix.com")));
401+
402+
SslHandler sslHandler = mock(SslHandler.class);
403+
when(sslHandler.engine()).thenReturn(sslEngine);
404+
channel.pipeline().addLast("ssl", sslHandler);
405+
channel.pipeline().addLast(handler);
406+
407+
ChannelHandlerContext ctx = channel.pipeline().context(handler);
408+
handler.userEventTriggered(ctx, SslHandshakeCompletionEvent.SUCCESS);
409+
410+
assertThat(registry.counter(
411+
"server.ssl.handshake",
412+
"listener",
413+
"main_7001",
414+
"success",
415+
"true",
416+
"sni",
417+
"www.netflix.com",
418+
"protocol",
419+
"TLSv1.3",
420+
"ciphersuite",
421+
"TLS_AES_256_GCM_SHA384",
422+
"clientauth",
423+
"NONE",
424+
"namedgroup",
425+
"unknown")
426+
.count())
427+
.isEqualTo(1);
428+
}
373429
}

0 commit comments

Comments
 (0)