Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve SSL Expiry Metrics and Switch to Round-Robin Partition Assigner #144

Merged
merged 3 commits into from
Apr 8, 2024
Merged

Improve SSL Expiry Metrics and Switch to Round-Robin Partition Assigner #144

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
fa54d6c
Change default partition strategy from Range based to Round-Robin
Apr 7, 2024
3d09021
Improved metric details for SSL certs expiry
Apr 7, 2024
9600b0c
Improvement in Listerner error metrics Aspect
Apr 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/main/java/hlf/java/rest/client/config/BaseKafkaConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
import io.micrometer.core.instrument.Gauge;
import io.micrometer.core.instrument.MeterRegistry;
import java.sql.Timestamp;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.time.Instant;
import java.util.Date;
import java.util.Map;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.BooleanUtils;
Expand Down Expand Up @@ -57,18 +60,24 @@ protected void configureSSLProperties(
SSLAuthFilesHelper.getExpiryTimestampForKeyStore(
sslProperties.getSslTruststoreLocation(), sslProperties.getSslTruststorePassword());

DateFormat formatter = new SimpleDateFormat("dd/MM/yyyy");

String guagePrefix =
getConfigType().equals(ConfigType.CONSUMER) ? "consumer." : "producer.";

Gauge.builder(
guagePrefix + topicName + ".keystore.expiryTs",
keyStoreCertExpiryTimestamp::getTime)
.tag("topic-name", topicName)
.tag("expiry-date", formatter.format(new Date(keyStoreCertExpiryTimestamp.getTime())))
.strongReference(true)
.register(sslMetricsRegistry);

Gauge.builder(
guagePrefix + topicName + ".truststore.expiryTs",
trustStoreCertExpiryTimestamp::getTime)
.tag("topic-name", topicName)
.tag("expiry-date", formatter.format(new Date(trustStoreCertExpiryTimestamp.getTime())))
.strongReference(true)
.register(sslMetricsRegistry);

Expand All @@ -81,13 +90,15 @@ protected void configureSSLProperties(
guagePrefix + topicName + ".keystore.hasExpired",
hasKeyStoreCertExpired,
BooleanUtils::toInteger)
.tag("topic-name", topicName)
.strongReference(true)
.register(sslMetricsRegistry);

Gauge.builder(
guagePrefix + topicName + ".truststore.hasExpired",
hasTrustStoreCertExpired,
BooleanUtils::toInteger)
.tag("topic-name", topicName)
.strongReference(true)
.register(sslMetricsRegistry);

Expand Down
5 changes: 5 additions & 0 deletions src/main/java/hlf/java/rest/client/config/KafkaConsumerConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,11 @@ public DefaultKafkaConsumerFactory<String, String> consumerFactory(
props.put(
ConsumerConfig.MAX_POLL_RECORDS_CONFIG, FabricClientConstants.KAFKA_INTG_MAX_POLL_RECORDS);

// Distribute available partitions evenly across all consumers (or consumer threads)
props.put(
ConsumerConfig.PARTITION_ASSIGNMENT_STRATEGY_CONFIG,
FabricClientConstants.ROUND_ROBIN_CONSUMER_PARTITION_ASSIGNEMENT_STRATEGY);

// Azure event-hub config
configureSaslProperties(props, kafkaConsumerProperties.getSaslJaasConfig());

Expand Down
17 changes: 14 additions & 3 deletions src/main/java/hlf/java/rest/client/config/SSLAuthFilesHelper.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,14 @@
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.sql.Timestamp;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import lombok.experimental.UtilityClass;
import lombok.extern.slf4j.Slf4j;
import org.springframework.util.CollectionUtils;

@Slf4j
@UtilityClass
Expand Down Expand Up @@ -57,18 +61,25 @@ Timestamp getExpiryTimestampForKeyStore(String keyStorePath, String keyStorePass

KeyStore keyStore = loadKeyStore(keyStorePath, keyStorePassword);

List<Timestamp> certExpiryTimestamps = new ArrayList<>();

Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
Certificate cert = keyStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Cert = (X509Certificate) cert;
return new Timestamp(x509Cert.getNotAfter().getTime());
certExpiryTimestamps.add(new Timestamp(x509Cert.getNotAfter().getTime()));
}
}

throw new CertificateException(
"Couldn't extract an instance of X509Certificate for fetching expiry details");
if (CollectionUtils.isEmpty(certExpiryTimestamps)) {
throw new CertificateException(
"Couldn't extract an instance of X509Certificate for fetching expiry details");
}

// Return the earliest (minimum) timestamp from the list
return Collections.min(certExpiryTimestamps);
}

private static KeyStore loadKeyStore(String path, String password)
Expand Down
2 changes: 2 additions & 0 deletions src/main/java/hlf/java/rest/client/util/FabricClientConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,6 @@ public class FabricClientConstants {
public static final String JSON_PATH_CERTIFICATE = "$..certificate";

public static final String VALUE_TAG_CAPABILITIES = "Capabilities";
public static final String ROUND_ROBIN_CONSUMER_PARTITION_ASSIGNEMENT_STRATEGY =
"org.apache.kafka.clients.consumer.RoundRobinAssignor";
}
Loading