amimof · costasd · Sep 22, 2022
diff --git a/cmd/node-cert-exporter/main.go b/cmd/node-cert-exporter/main.go
@@ -27,16 +27,17 @@ var BRANCH string
 var GOVERSION string
 
 var (
-	host         string
-	port         int
-	listen       string
-	paths        []string
-	excludePaths []string
-	includeGlobs []string
-	excludeGlobs []string
-	tls          bool
-	tlsCertFile  string
-	tlsKeyFile   string
+	host          string
+	port          int
+	listen        string
+	paths         []string
+	excludePaths  []string
+	includeGlobs  []string
+	excludeGlobs  []string
+	includeLabels []string
+	tls           bool
+	tlsCertFile   string
+	tlsKeyFile    string
 )
 
 func init() {
@@ -46,6 +47,7 @@ func init() {
 	pflag.StringSliceVar(&excludePaths, "exclude-path", []string{}, "List of paths to exclute from searching for SSL certificates.")
 	pflag.StringSliceVar(&includeGlobs, "include-glob", []string{}, "List files matching a pattern to include. This flag can be used multiple times.")
 	pflag.StringSliceVar(&excludeGlobs, "exclude-glob", []string{}, "List files matching a pattern to exclude. This flag can be used multiple times.")
+	pflag.StringSliceVar(&includeLabels, "include-labels", []string{}, "List of labels to include in emitted metrics. This flag can be used multiple times. Default is all labels.")
 	pflag.BoolVar(&tls, "tls", false, "Enable TLS for node-cert-exporter. Defaults to false.")
 	pflag.StringVar(&tlsCertFile, "tls-cert-file", "", "Path to a TLS certificate to use when serving. Required for TLS.")
 	pflag.StringVar(&tlsKeyFile, "tls-key-file", "", "Path to a TLS private key to use when serving. Required for TLS.")
@@ -66,7 +68,7 @@ func main() {
 		return
 	}
 
-	e := exporter.New()
+	e := exporter.New(includeLabels...)
 	e.SetRoots(paths)
 	e.SetExcludeRoots(excludePaths)
 	e.IncludeGlobs(includeGlobs)

diff --git a/pkg/exporter/exporter.go b/pkg/exporter/exporter.go
@@ -49,13 +49,14 @@ func getFirstCertBlock(data []byte) []byte {
 
 // Exporter implements prometheus.Collector interface
 type Exporter struct {
-	mux          sync.Mutex
-	includeGlobs []string
-	excludeGlobs []string
-	roots        []string
-	exRoots      []string
-	certExpiry   *prometheus.GaugeVec
-	certFailed   *prometheus.GaugeVec
+	mux           sync.Mutex
+	includeGlobs  []string
+	excludeGlobs  []string
+	roots         []string
+	exRoots       []string
+	includeLabels []string
+	certExpiry    *prometheus.GaugeVec
+	certFailed    *prometheus.GaugeVec
 }
 
 // IncludeGlobs sets the list of file globs the exporter uses to match certificate files for scraping
@@ -87,7 +88,7 @@ func (e *Exporter) Collect(ch chan<- prometheus.Metric) {
 
 // Describe satisfies prometheus.Collector interface
 func (e *Exporter) Describe(ch chan<- *prometheus.Desc) {
-	ch <- e.certExpiry.WithLabelValues("path", "issuer", "alg", "version", "subject", "dns_names", "email_addresses", "hostname", "nodename").Desc()
+	ch <- e.certExpiry.WithLabelValues(e.includeLabels...).Desc()
 }
 
 // Scrape iterates over the list of file paths (set by SetRoot) and parses any found x509 certificates.
@@ -159,7 +160,7 @@ func (e *Exporter) Scrape(ch chan<- prometheus.Metric) {
 			continue
 		}
 
-		labels := prometheus.Labels{
+		defaultPromLabels := prometheus.Labels{
 			"path":            path,
 			"issuer":          cert.Issuer.String(),
 			"alg":             cert.SignatureAlgorithm.String(),
@@ -170,24 +171,45 @@ func (e *Exporter) Scrape(ch chan<- prometheus.Metric) {
 			"hostname":        hostname,
 			"nodename":        nodename,
 		}
+		var promLabels = make(prometheus.Labels)
+		for _, l := range e.includeLabels {
+			if val, ok := defaultPromLabels[l]; ok {
+				promLabels[l] = val
+			}
+		}
 
 		since := time.Until(cert.NotAfter)
-		e.certExpiry.With(labels).Set(since.Seconds())
-		ch <- e.certExpiry.With(labels)
+		e.certExpiry.With(promLabels).Set(since.Seconds())
+		ch <- e.certExpiry.With(promLabels)
 	}
 
 }
 
 // New creates an instance of Exporter and returns it
-func New() *Exporter {
+func New(includeLabels ...string) *Exporter {
+	defaultPromLabels := []string{"path", "issuer", "alg", "version", "subject", "dns_names", "email_addresses", "hostname", "nodename"}
+	promLabels := []string{}
+
+	if len(includeLabels) == 0 {
+		promLabels = defaultPromLabels
+	} else {
+		for _, i := range includeLabels {
+			for _, f := range defaultPromLabels {
+				if i == f {
+					promLabels = append(promLabels, i)
+				}
+			}
+		}
+	}
 	return &Exporter{
+		includeLabels: promLabels,
 		certExpiry: prometheus.NewGaugeVec(prometheus.GaugeOpts{
 			Namespace: "ssl_certificate",
 			Subsystem: "expiry",
 			Name:      "seconds",
 			Help:      "Number of seconds until certificate expires",
 		},
-			[]string{"path", "issuer", "alg", "version", "subject", "dns_names", "email_addresses", "hostname", "nodename"}),
+			promLabels),
 		certFailed: prometheus.NewGaugeVec(prometheus.GaugeOpts{
 			Namespace: "ssl_certificate",
 			Subsystem: "expiry",

diff --git a/pkg/exporter/exporter_test.go b/pkg/exporter/exporter_test.go
@@ -3,6 +3,7 @@ package exporter
 import (
 	"bytes"
 	"encoding/pem"
+	"reflect"
 	"strings"
 	"testing"
 )
@@ -93,3 +94,23 @@ func TestGetFirstCertBlock(t *testing.T) {
 		}
 	}
 }
+
+func TestNewExporterWithIncludeLabels(t *testing.T) {
+	e := New("alg", "path")
+	w := []string{"alg", "path"}
+	if !reflect.DeepEqual(e.includeLabels, w) {
+		t.Errorf("configuring prometheus labels in New() did not return successfully")
+		t.Errorf("Have: %v", e.includeLabels)
+		t.Errorf("Want: %v", w)
+	}
+}
+
+func TestNewExporterWithDefaultLabels(t *testing.T) {
+	e := New()
+	w := []string{"path", "issuer", "alg", "version", "subject", "dns_names", "email_addresses", "hostname", "nodename"}
+	if !reflect.DeepEqual(e.includeLabels, w) {
+		t.Errorf("default prometheus labels in New() did not return successfully")
+		t.Errorf("Have: %v", e.includeLabels)
+		t.Errorf("Want: %v", w)
+	}
+}