handle domains with multiple ips better

- probe the first IP of a domain only
- cache results for 10m

Author: tboeghk

examples/docker-compose.yaml

@@ -11,6 +11,6 @@ services:
     - 9090:9090
 
   tls-grade-exporter:
-    image: ghcr.io/ping7io/tls-grade-exporter:latest
+    image: ping7io/tls-grade-exporter:latest
     ports:
       - 9218:9218

pom.xml

@@ -19,26 +19,32 @@
     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-webflux</artifactId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
         <dependency>
-            <groupId>com.fasterxml.jackson.core</groupId>
-            <artifactId>jackson-databind</artifactId>
-            <version>2.16.0</version>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-cache</artifactId>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.30</version>
-            <scope>provided</scope>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-databind</artifactId>
+            <version>2.16.0</version>
         </dependency>
 
         <!-- Actuator -->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
-
         <dependency>
             <groupId>io.micrometer</groupId>
             <artifactId>micrometer-registry-prometheus</artifactId>
@@ -47,13 +53,13 @@
 
         <!-- Test dependencies -->
         <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
-            <scope>test</scope>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <optional>true</optional>
         </dependency>
         <dependency>
-            <groupId>io.projectreactor</groupId>
-            <artifactId>reactor-test</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
     </dependencies>

src/main/java/io/ping7/tlsgradeexporter/TestSslService.java

@@ -1,25 +1,23 @@
 package io.ping7.tlsgradeexporter;
 
 import java.nio.charset.StandardCharsets;
+import java.util.HashSet;
 import java.util.List;
-import java.util.concurrent.CompletableFuture;
+import java.util.Set;
 
-import org.springframework.aot.hint.ExecutableMode;
 import org.springframework.aot.hint.MemberCategory;
 import org.springframework.aot.hint.RuntimeHints;
 import org.springframework.aot.hint.RuntimeHintsRegistrar;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.context.annotation.ImportRuntimeHints;
 import org.springframework.stereotype.Service;
-import org.springframework.util.ReflectionUtils;
 import org.springframework.util.StopWatch;
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 import io.micrometer.core.annotation.Timed;
-import io.micrometer.core.instrument.MeterRegistry;
 import lombok.extern.java.Log;
-import reactor.core.publisher.Mono;
 
 /**
  * Runs the test ssl command
@@ -31,11 +29,22 @@ public class TestSslService {
 
     private final ObjectMapper om = new ObjectMapper();
 
+    private final Set<String> activeRatings = new HashSet<>();
+
+    public boolean isCurrentlyRating(String target) {
+        return activeRatings.contains(target);
+    }
+
     @Timed
-    public Mono<TlsGrade> rate(String target) {
-        return Mono.fromFuture(CompletableFuture.supplyAsync(() -> computeTestSslOutput(target)))
-                .onErrorComplete()
-                .map(s -> toTlsGrade(s, target));
+    @Cacheable("targets")
+    public TlsGrade rate(String target) {
+        activeRatings.add(target);
+
+        try {
+            return toTlsGrade(computeTestSslOutput(target), target);
+        } finally {
+            activeRatings.remove(target);
+        }
     }
 
     private String computeTestSslOutput(String target) {
@@ -113,7 +122,7 @@ else if ("scanTime".equals(f.getId())) {
 
     private String[] rateCommandFor(String target) {
         return new String[] { "testssl.sh/testssl.sh", "--quiet", "--color", "0", "--jsonfile",
-                "/dev/stderr", "--quiet", "--hints", target };
+                "/dev/stderr", "--hints", "--ip", "one", target };
     }
 
     static class TestSslServiceRuntimeHints implements RuntimeHintsRegistrar {

src/main/java/io/ping7/tlsgradeexporter/TlsGradeExporter.java

@@ -1,24 +1,27 @@
 package io.ping7.tlsgradeexporter;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.autoconfigure.observation.ObservationProperties.Http;
+import org.springframework.http.HttpStatusCode;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import reactor.core.publisher.Mono;
-
 @RestController
 public class TlsGradeExporter {
 
     @Autowired
     private TestSslService testSsl;
 
     @GetMapping("/probe")
-    public Mono<ResponseEntity<String>> tlsGradeMetrics(@RequestParam String target) {
-        return testSsl.rate(target)
-                .map(this::toPrometheusResponse);
+    public ResponseEntity<String> tlsGradeMetrics(@RequestParam String target) {
+        if (!testSsl.isCurrentlyRating(target)) {
+            return toPrometheusResponse(testSsl.rate(target));
+        } else {
+            return ResponseEntity.noContent().build();
+        }
     }
 
     ResponseEntity<String> toPrometheusResponse(TlsGrade grade) {

src/main/java/io/ping7/tlsgradeexporter/TlsGradeExporterApplication.java

@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cache.annotation.EnableCaching;
 
 @SpringBootApplication
+@EnableCaching
 public class TlsGradeExporterApplication {
 
 	public static void main(String[] args) {

src/main/resources/application.yaml

@@ -1,6 +1,10 @@
 spring:
   main:
     banner-mode: off
+  cache:
+    cache-names: "targets"
+    caffeine:
+      spec: "maximumSize=256,expireAfterWrite=10m"
 
 server:
   port : 9218