Add test for TLS version metric

ribbybibby · Nov 19, 2020 · 44d8713 · 44d8713
1 parent 8cde56c
commit 44d8713
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 0 deletions.
diff --git a/prober/https_test.go b/prober/https_test.go
@@ -56,6 +56,7 @@ func TestProbeHTTPS(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSTimeout tests that the https probe respects the timeout in the
@@ -164,6 +165,7 @@ func TestProbeHTTPSNoScheme(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSServername tests that the probe is successful when the
@@ -206,6 +208,7 @@ func TestProbeHTTPSServerName(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSHTTP tests that the prober fails when hitting a HTTP server
@@ -283,6 +286,7 @@ func TestProbeHTTPSClientAuth(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSClientAuthWrongClientCert tests that the probe fails with a bad
@@ -419,6 +423,7 @@ func TestProbeHTTPSExpiredInsecure(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSProxy tests the proxy_url field in the configuration
@@ -482,6 +487,7 @@ func TestProbeHTTPSProxy(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSOCSP tests a HTTPS probe with OCSP stapling
@@ -527,6 +533,7 @@ func TestProbeHTTPSOCSP(t *testing.T) {
 
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics(resp, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeHTTPSVerifiedChains tests the verified chain metrics returned by a
@@ -608,4 +615,5 @@ func TestProbeHTTPSVerifiedChains(t *testing.T) {
  checkCertificateMetrics(serverCert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
  checkVerifiedChainMetrics(verifiedChains, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
diff --git a/prober/metrics_test.go b/prober/metrics_test.go
@@ -195,6 +195,23 @@ func checkOCSPMetrics(resp []byte, registry *prometheus.Registry, t *testing.T)
  checkRegistryResults(expectedResults, mfs, t)
 }
 
+func checkTLSVersionMetrics(version string, registry *prometheus.Registry, t *testing.T) {
+ mfs, err := registry.Gather()
+ if err != nil {
+ t.Fatal(err)
+ }
+ expectedResults := []*registryResult{
+ &registryResult{
+ Name: "ssl_tls_version_info",
+ LabelValues: map[string]string{
+ "version": version,
+ },
+ Value: 1,
+ },
+ }
+ checkRegistryResults(expectedResults, mfs, t)
+}
+
 func newCertificate(certPEM []byte) (*x509.Certificate, error) {
  block, _ := pem.Decode(certPEM)
  return x509.ParseCertificate(block.Bytes)

diff --git a/prober/tcp_test.go b/prober/tcp_test.go
@@ -53,6 +53,7 @@ func TestProbeTCP(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPInvalidName tests hitting the server on an address which isn't
@@ -123,6 +124,7 @@ func TestProbeTCPServerName(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPExpired tests that the probe fails with an expired server cert
@@ -203,6 +205,7 @@ func TestProbeTCPExpiredInsecure(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPStartTLSSMTP tests STARTTLS against a mock SMTP server
@@ -241,6 +244,7 @@ func TestProbeTCPStartTLSSMTP(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPStartTLSFTP tests STARTTLS against a mock FTP server
@@ -279,6 +283,7 @@ func TestProbeTCPStartTLSFTP(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPStartTLSIMAP tests STARTTLS against a mock IMAP server
@@ -317,6 +322,7 @@ func TestProbeTCPStartTLSIMAP(t *testing.T) {
  }
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPTimeout tests that the TCP probe respects the timeout in the
@@ -392,6 +398,7 @@ func TestProbeTCPOCSP(t *testing.T) {
 
  checkCertificateMetrics(cert, registry, t)
  checkOCSPMetrics(resp, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }
 
 // TestProbeTCPVerifiedChains tests the verified chain metrics returned by a tcp
@@ -473,4 +480,5 @@ func TestProbeTCPVerifiedChains(t *testing.T) {
  checkCertificateMetrics(serverCert, registry, t)
  checkOCSPMetrics([]byte{}, registry, t)
  checkVerifiedChainMetrics(verifiedChains, registry, t)
+ checkTLSVersionMetrics("TLS 1.3", registry, t)
 }