From 8220d21ec48b03a34592a7957e6225655c288146 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= <torjus@usit.uio.no>
Date: Tue, 3 Jun 2025 22:40:42 +0200
Subject: [PATCH] Add lifetime to certificates monitored

---
 main.go                | 2 +-
 stepmon/stepmon.go     | 9 +++++++++
 tlsconmon/tlsconmon.go | 9 +++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/main.go b/main.go
index c470915..04ae0cc 100644
--- a/main.go
+++ b/main.go
@@ -17,7 +17,7 @@ import (
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 )
 
-const Version = "0.1.0"
+const Version = "0.1.1"
 
 func LoadConfig() (*config.Config, error) {
 	path := "labmon.toml"
diff --git a/stepmon/stepmon.go b/stepmon/stepmon.go
index 1b62aae..3250cf9 100644
--- a/stepmon/stepmon.go
+++ b/stepmon/stepmon.go
@@ -29,6 +29,13 @@ var stepCertError = promauto.NewGaugeVec(prometheus.GaugeOpts{
 	Help:      "Error checking the certificate.",
 }, []string{"cert_id"})
 
+var stepCertLifetime = promauto.NewGaugeVec(prometheus.GaugeOpts{
+	Namespace: "labmon",
+	Subsystem: "stepmon",
+	Name:      "certificate_lifetime_seconds",
+	Help:      "How long the certificate is valid in seconds.",
+}, []string{"cert_id"})
+
 type StepMonitor struct {
 	BaseURL string
 	RootID  string
@@ -77,6 +84,8 @@ func (sm *StepMonitor) Start() {
 				stepCertError.WithLabelValues(sm.RootID).Set(1)
 			} else {
 				stepCertError.WithLabelValues(sm.RootID).Set(0)
+				lifetime := sm.certificate.NotAfter.Sub(sm.certificate.NotBefore).Seconds()
+				stepCertLifetime.WithLabelValues(sm.RootID).Set(lifetime)
 			}
 
 			timerCertFetch.Reset(5 * time.Minute)
diff --git a/tlsconmon/tlsconmon.go b/tlsconmon/tlsconmon.go
index 3079716..a1d1602 100644
--- a/tlsconmon/tlsconmon.go
+++ b/tlsconmon/tlsconmon.go
@@ -37,6 +37,13 @@ var (
 		Help:      "Error checking the certificate.",
 	}, []string{"address"})
 
+	gaugeCertLifetime = promauto.NewGaugeVec(prometheus.GaugeOpts{
+		Namespace: "labmon",
+		Subsystem: "tlsconmon",
+		Name:      "certificate_lifetime_seconds",
+		Help:      "How long the certificate is valid in seconds.",
+	}, []string{"address"})
+
 	// OTEL tracing
 	tracer = otel.Tracer(name)
 )
@@ -104,6 +111,8 @@ func (tm *TLSConnectionMonitor) Start(ctx context.Context) {
 	if err := tm.fetchCert(ctx); err != nil {
 		gaugeCertError.WithLabelValues(tm.Address).Set(1)
 		gaugeCertTimeLeft.WithLabelValues(tm.Address).Set(0)
+		lifetime := tm.cert.NotAfter.Sub(tm.cert.NotBefore).Seconds()
+		gaugeCertLifetime.WithLabelValues(tm.Address).Set(lifetime)
 	} else {
 		gaugeCertError.WithLabelValues(tm.Address).Set(0)
 		timeLeft := time.Until(tm.cert.NotAfter).Seconds()