feat(kuma-cp) CA backend stats in Dataplane and Mesh Insights (#2562)

Signed-off-by: Jakub Dyszkiewicz <jakub.dyszkiewicz@gmail.com>
kumahq · Aug 19, 2021 · 7aaebc2 · 7aaebc2
1 parent 81adff3
commit 7aaebc2
Show file tree

Hide file tree

Showing 20 changed files with 751 additions and 411 deletions.
diff --git a/api/mesh/v1alpha1/dataplane_insight.pb.go b/api/mesh/v1alpha1/dataplane_insight.pb.go
diff --git a/api/mesh/v1alpha1/dataplane_insight.proto b/api/mesh/v1alpha1/dataplane_insight.proto
@@ -36,6 +36,12 @@ message DataplaneInsight {
 
     // Number of certificate regenerations for a Dataplane.
     uint32 certificate_regenerations = 3;
+
+    // Backend that was used to generate current certificate
+    string issuedBackend = 4;
+
+    // Supported backends (CA).
+    repeated string supportedBackends = 5;
   }
 }
 

diff --git a/api/mesh/v1alpha1/dataplane_insight_helpers.go b/api/mesh/v1alpha1/dataplane_insight_helpers.go
@@ -55,7 +55,7 @@ func (x *DataplaneInsight) GetSubscription(id string) (int, *DiscoverySubscripti
 	return -1, nil
 }
 
-func (x *DataplaneInsight) UpdateCert(generation time.Time, expiration time.Time) error {
+func (x *DataplaneInsight) UpdateCert(generation time.Time, expiration time.Time, issuedBackend string, supportedBackends []string) error {
 	if x.MTLS == nil {
 		x.MTLS = &DataplaneInsight_MTLS{}
 	}
@@ -69,6 +69,8 @@ func (x *DataplaneInsight) UpdateCert(generation time.Time, expiration time.Time
 	if err := ts.CheckValid(); err != nil {
 		return err
 	}
+	x.MTLS.IssuedBackend = issuedBackend
+	x.MTLS.SupportedBackends = supportedBackends
 	x.MTLS.LastCertificateRegeneration = ts
 	return nil
 }

diff --git a/api/mesh/v1alpha1/mesh_insight.pb.go b/api/mesh/v1alpha1/mesh_insight.pb.go
diff --git a/api/mesh/v1alpha1/mesh_insight.proto b/api/mesh/v1alpha1/mesh_insight.proto
@@ -44,4 +44,14 @@ message MeshInsight {
     map<string, DataplaneStat> envoy = 2;
   }
   DpVersions dpVersions = 4;
+
+  message MTLS {
+    // Dataplanes grouped by issued backends.
+    map<string, DataplaneStat> issuedBackends = 1;
+    // Dataplanes grouped by supported backends.
+    map<string, DataplaneStat> supportedBackends = 2;
+  }
+
+  // mTLS statistics
+  MTLS mTLS = 5;
 }
diff --git a/app/kumactl/cmd/inspect/inspect_dataplanes.go b/app/kumactl/cmd/inspect/inspect_dataplanes.go
@@ -64,7 +64,24 @@ func newInspectDataplanesCmd(pctx *cmd.RootContext) *cobra.Command {
 
 func printDataplaneOverviews(now time.Time, dataplaneOverviews *core_mesh.DataplaneOverviewResourceList, out io.Writer) error {
 	data := printers.Table{
-		Headers: []string{"MESH", "NAME", "TAGS", "STATUS", "LAST CONNECTED AGO", "LAST UPDATED AGO", "TOTAL UPDATES", "TOTAL ERRORS", "CERT REGENERATED AGO", "CERT EXPIRATION", "CERT REGENERATIONS", "KUMA-DP VERSION", "ENVOY VERSION", "NOTES"},
+		Headers: []string{
+			"MESH",
+			"NAME",
+			"TAGS",
+			"STATUS",
+			"LAST CONNECTED AGO",
+			"LAST UPDATED AGO",
+			"TOTAL UPDATES",
+			"TOTAL ERRORS",
+			"CERT REGENERATED AGO",
+			"CERT EXPIRATION",
+			"CERT REGENERATIONS",
+			"CERT BACKEND",
+			"SUPPORTED CERT BACKENDS",
+			"KUMA-DP VERSION",
+			"ENVOY VERSION",
+			"NOTES",
+		},
 		NextRow: func() func() []string {
 			i := 0
 			return func() []string {
@@ -97,6 +114,13 @@ func printDataplaneOverviews(now time.Time, dataplaneOverviews *core_mesh.Datapl
 				}
 				dataplaneInsight.GetMTLS().GetCertificateExpirationTime()
 				certRegenerations := strconv.Itoa(int(dataplaneInsight.GetMTLS().GetCertificateRegenerations()))
+				certBackend := dataplaneInsight.GetMTLS().GetIssuedBackend()
+				if dataplaneInsight.GetMTLS() == nil {
+					certBackend = "-"
+				} else if dataplaneInsight.GetMTLS().GetIssuedBackend() == "" {
+					certBackend = "unknown" // backwards compatibility with Kuma 1.2.x
+				}
+				supportedBackend := strings.Join(dataplaneInsight.GetMTLS().GetSupportedBackends(), ",")
 
 				var kumaDpVersion string
 				var envoyVersion string
@@ -121,6 +145,8 @@ func printDataplaneOverviews(now time.Time, dataplaneOverviews *core_mesh.Datapl
 					table.Ago(lastCertGeneration, now),   // CERT REGENERATED AGO
 					table.Date(certExpiration),           // CERT EXPIRATION
 					certRegenerations,                    // CERT REGENERATIONS
+					certBackend,                          // CERT BACKEND
+					supportedBackend,                     // SUPPORTED CERT BACKENDS
 					kumaDpVersion,                        // KUMA-DP VERSION
 					envoyVersion,                         // ENVOY VERSION
 					strings.Join(errs, ";"),              // NOTES

diff --git a/app/kumactl/cmd/inspect/inspect_dataplanes_test.go b/app/kumactl/cmd/inspect/inspect_dataplanes_test.go
@@ -3,7 +3,6 @@ package inspect_test
 import (
 	"bytes"
 	"context"
-	"io/ioutil"
 	"path/filepath"
 	"strings"
 	"time"
@@ -22,6 +21,7 @@ import (
 	core_mesh "github.com/kumahq/kuma/pkg/core/resources/apis/mesh"
 	"github.com/kumahq/kuma/pkg/core/resources/model"
 	test_kumactl "github.com/kumahq/kuma/pkg/test/kumactl"
+	"github.com/kumahq/kuma/pkg/test/matchers"
 	test_model "github.com/kumahq/kuma/pkg/test/resources/model"
 	util_proto "github.com/kumahq/kuma/pkg/util/proto"
 )
@@ -239,6 +239,8 @@ var _ = Describe("kumactl inspect dataplanes", func() {
 								Seconds: 1563306488,
 							},
 							CertificateRegenerations: 10,
+							IssuedBackend:            "ca-1",
+							SupportedBackends:        []string{"ca-1", "ca-2"},
 						},
 					},
 				},
@@ -427,15 +429,10 @@ var _ = Describe("kumactl inspect dataplanes", func() {
 
 				// when
 				err := rootCmd.Execute()
-				// then
-				Expect(err).ToNot(HaveOccurred())
 
-				// when
-				expected, err := ioutil.ReadFile(filepath.Join("testdata", given.goldenFile))
 				// then
 				Expect(err).ToNot(HaveOccurred())
-				// and
-				Expect(buf.String()).To(given.matcher(expected))
+				Expect(buf.String()).To(matchers.MatchGoldenEqual(filepath.Join("testdata", given.goldenFile)))
 			},
 			Entry("should support Table output by default", testCase{
 				outputFormat: "",

diff --git a/app/kumactl/cmd/inspect/testdata/inspect-dataplanes.golden.json b/app/kumactl/cmd/inspect/testdata/inspect-dataplanes.golden.json
@@ -166,7 +166,12 @@
         "mTLS": {
           "certificateExpirationTime": "2020-05-08T08:28:22Z",
           "lastCertificateRegeneration": "2019-07-16T19:48:08Z",
-          "certificateRegenerations": 10
+          "certificateRegenerations": 10,
+          "issuedBackend": "ca-1",
+          "supportedBackends": [
+            "ca-1",
+            "ca-2"
+          ]
         }
       }
     },

diff --git a/app/kumactl/cmd/inspect/testdata/inspect-dataplanes.golden.txt b/app/kumactl/cmd/inspect/testdata/inspect-dataplanes.golden.txt
@@ -1,5 +1,5 @@
-MESH      NAME          TAGS                                        STATUS               LAST CONNECTED AGO   LAST UPDATED AGO   TOTAL UPDATES   TOTAL ERRORS   CERT REGENERATED AGO   CERT EXPIRATION       CERT REGENERATIONS   KUMA-DP VERSION   ENVOY VERSION   NOTES
-default   experiment    kuma.io/service=metrics,mobile version=v1   Online               2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   1.0.2             1.16.1
-default   degraded-dp   kuma.io/service=example                     Partially degraded   2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   1.0.2             1.16.1          inbound[port=9001,svc=example] is not ready
-default   offline-dp    kuma.io/service=example                     Offline              2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   1.0.2             1.16.1          inbound[port=8080,svc=example] is not ready;inbound[port=9001,svc=example] is not ready
-default   example       kuma.io/service=example                     Offline              never                never              0               0              never                  -                     0
+MESH      NAME          TAGS                                        STATUS               LAST CONNECTED AGO   LAST UPDATED AGO   TOTAL UPDATES   TOTAL ERRORS   CERT REGENERATED AGO   CERT EXPIRATION       CERT REGENERATIONS   CERT BACKEND   SUPPORTED CERT BACKENDS   KUMA-DP VERSION   ENVOY VERSION   NOTES
+default   experiment    kuma.io/service=metrics,mobile version=v1   Online               2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   unknown                                  1.0.2             1.16.1          
+default   degraded-dp   kuma.io/service=example                     Partially degraded   2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   ca-1           ca-1,ca-2                 1.0.2             1.16.1          inbound[port=9001,svc=example] is not ready
+default   offline-dp    kuma.io/service=example                     Offline              2h                   never              30              3              22h                    2020-05-08 08:28:22   10                   unknown                                  1.0.2             1.16.1          inbound[port=8080,svc=example] is not ready;inbound[port=9001,svc=example] is not ready
+default   example       kuma.io/service=example                     Offline              never                never              0               0              never                  -                     0                    -