Revert "Add TLS statistics to vespalib and expose as metrics via storageserver"

2 files changed, 8 insertions, 46 deletions

diff --git a/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp b/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp
index 5dc85bc567f..245368b6a7b 100644
--- a/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp
+++ b/vespalib/src/tests/net/tls/auto_reloading_tls_crypto_engine/auto_reloading_tls_crypto_engine_test.cpp
@@ -2,7 +2,6 @@
 
 #include <vespa/vespalib/io/fileutil.h>
 #include <vespa/vespalib/net/tls/auto_reloading_tls_crypto_engine.h>
-#include <vespa/vespalib/net/tls/statistics.h>
 #include <vespa/vespalib/net/tls/transport_security_options.h>
 #include <vespa/vespalib/net/tls/transport_security_options_reading.h>
 #include <vespa/vespalib/net/tls/impl/openssl_tls_context_impl.h>
@@ -107,11 +106,17 @@ struct Fixture {
     }
 
     vespalib::string current_cert_chain() const {
-        return engine->acquire_current_engine()->tls_context()->transport_security_options().cert_chain_pem();
+        auto impl = engine->acquire_current_engine();
+        // Leaks implementation details galore, but it's not very likely that we'll use
+        // anything but OpenSSL (or compatible APIs) in practice...
+        auto& ctx_impl = dynamic_cast<const impl::OpenSslTlsContextImpl&>(*impl->tls_context());
+        return ctx_impl.transport_security_options().cert_chain_pem();
     }
 
     AuthorizationMode current_authorization_mode() const {
-        return engine->acquire_current_engine()->tls_context()->authorization_mode();
+        auto impl = engine->acquire_current_engine();
+        auto& ctx_impl = dynamic_cast<const impl::OpenSslTlsContextImpl&>(*impl->tls_context());
+        return ctx_impl.authorization_mode();
     }
 };
 
@@ -138,15 +143,4 @@ TEST_FF("Authorization mode is propagated to engine", Fixture(50ms, Authorizatio
     EXPECT_EQUAL(AuthorizationMode::LogOnly, f1.current_authorization_mode());
 }
 
-TEST_FF("Config reload failure increments failure statistic", Fixture(50ms), TimeBomb(60)) {
-    auto before = ConfigStatistics::get().snapshot();
-
-    write_file("test_cert.pem.tmp", "Broken file oh no :(");
-    rename("test_cert.pem.tmp", "test_cert.pem", false, false);
-
-    while (ConfigStatistics::get().snapshot().subtract(before).failed_config_reloads == 0) {
-        std::this_thread::sleep_for(10ms);
-    }
-}
-
 TEST_MAIN() { TEST_RUN_ALL(); }
diff --git a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
index f70c5670bc9..69e0d44147e 100644
--- a/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
+++ b/vespalib/src/tests/net/tls/openssl_impl/openssl_impl_test.cpp
@@ -4,7 +4,6 @@
 #include <vespa/vespalib/data/smart_buffer.h>
 #include <vespa/vespalib/net/tls/authorization_mode.h>
 #include <vespa/vespalib/net/tls/crypto_codec.h>
-#include <vespa/vespalib/net/tls/statistics.h>
 #include <vespa/vespalib/net/tls/tls_context.h>
 #include <vespa/vespalib/net/tls/transport_security_options.h>
 #include <vespa/vespalib/net/tls/impl/openssl_crypto_codec_impl.h>
@@ -620,37 +619,6 @@ TEST_F("Disabled insecure authorization mode ignores verification result", CertF
     EXPECT_TRUE(f.handshake());
 }
 
-TEST_F("Failure statistics are incremented on authorization failures", CertFixture) {
-    reset_peers_with_server_authz_mode(f, AuthorizationMode::Enforce);
-    auto server_before = ConnectionStatistics::get(true).snapshot();
-    auto client_before = ConnectionStatistics::get(false).snapshot();
-    EXPECT_FALSE(f.handshake());
-    auto server_stats = ConnectionStatistics::get(true).snapshot().subtract(server_before);
-    auto client_stats = ConnectionStatistics::get(false).snapshot().subtract(client_before);
-
-    EXPECT_EQUAL(1u, server_stats.invalid_peer_credentials);
-    EXPECT_EQUAL(0u, client_stats.invalid_peer_credentials);
-    EXPECT_EQUAL(1u, server_stats.failed_tls_handshakes);
-    EXPECT_EQUAL(0u, server_stats.tls_connections);
-    EXPECT_EQUAL(0u, client_stats.tls_connections);
-}
-
-TEST_F("Success statistics are incremented on OK authorization", CertFixture) {
-    reset_peers_with_server_authz_mode(f, AuthorizationMode::Disable);
-    auto server_before = ConnectionStatistics::get(true).snapshot();
-    auto client_before = ConnectionStatistics::get(false).snapshot();
-    EXPECT_TRUE(f.handshake());
-    auto server_stats = ConnectionStatistics::get(true).snapshot().subtract(server_before);
-    auto client_stats = ConnectionStatistics::get(false).snapshot().subtract(client_before);
-
-    EXPECT_EQUAL(0u, server_stats.invalid_peer_credentials);
-    EXPECT_EQUAL(0u, client_stats.invalid_peer_credentials);
-    EXPECT_EQUAL(0u, server_stats.failed_tls_handshakes);
-    EXPECT_EQUAL(0u, client_stats.failed_tls_handshakes);
-    EXPECT_EQUAL(1u, server_stats.tls_connections);
-    EXPECT_EQUAL(1u, client_stats.tls_connections);
-}
-
 // TODO we can't test embedded nulls since the OpenSSL v3 extension APIs
 // take in null terminated strings as arguments... :I