[receiver/tlscheck] Move Target Validation to scrape & Implement Scrape Errors (#40341)

<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue.
Ex. Adding a feature - Explain what this achieves.-->
#### Description

This PR moves target validation from `config.go` to `scraper.go`. This
causes a change in behavior. Previously, the receiver would crash if a
target failed validation. With this change, the receiver will log an
error message and increment the `otelcol_scraper_errored_metric_points`
metric.


<!--Describe what testing was performed and which tests were added.-->
#### Testing
I added tests for the new validation function.

---------

Co-authored-by: Antoine Toulme <[email protected]>

Author: michael-burt

.chloggen/tlscheck-error-handling.yaml

@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver)
+component: tlscheckreceiver
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Do not crash on target validation & implement better scrape errors
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [40341]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: [user]

receiver/tlscheckreceiver/README.md

@@ -43,6 +43,10 @@ receivers:
 
 This component does not provide hostname, validity period, path, or CRL / OCSP verification on the certificate.
 
+## Certificate File Validation
+
+If a certificate file specified in the configuration does not exist or is unable to be opened, an error will be logged on each scrape cycle and the `otelcol_scraper_errored_metric_points` metric will be incremented. If you would like to monitor for the existence of specific certificate files on disk, consider using the [File Stats receiver](../filestatsreceiver/README.md).
+
 ## Metrics
 
 Details about the metrics produced by this receiver can be found in [metadata.yaml](./metadata.yaml).

receiver/tlscheckreceiver/config.go

@@ -5,12 +5,6 @@ package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-coll
 
 import (
 	"errors"
-	"fmt"
-	"net"
-	"os"
-	"path/filepath"
-	"strconv"
-	"strings"
 
 	"go.opentelemetry.io/collector/config/confignet"
 	"go.opentelemetry.io/collector/scraper/scraperhelper"
@@ -42,77 +36,13 @@ type Config struct {
 	_ struct{}
 }
 
-func validatePort(port string) error {
-	portNum, err := strconv.Atoi(port)
-	if err != nil {
-		return fmt.Errorf("provided port is not a number: %s", port)
-	}
-	if portNum < 1 || portNum > 65535 {
-		return fmt.Errorf("provided port is out of valid range (1-65535): %d", portNum)
-	}
-	return nil
-}
-
 func validateTarget(ct *CertificateTarget) error {
-	// Check that exactly one of endpoint or file_path is specified
 	if ct.Endpoint != "" && ct.FilePath != "" {
 		return errors.New("cannot specify both endpoint and file_path")
 	}
 	if ct.Endpoint == "" && ct.FilePath == "" {
 		return errors.New("must specify either endpoint or file_path")
 	}
-
-	// Validate endpoint if specified
-	if ct.Endpoint != "" {
-		if strings.Contains(ct.Endpoint, "://") {
-			return fmt.Errorf("endpoint contains a scheme, which is not allowed: %s", ct.Endpoint)
-		}
-
-		_, port, err := net.SplitHostPort(ct.Endpoint)
-		if err != nil {
-			return fmt.Errorf("%s: %w", errInvalidEndpoint.Error(), err)
-		}
-
-		if err := validatePort(port); err != nil {
-			return fmt.Errorf("%s: %w", errInvalidEndpoint.Error(), err)
-		}
-	}
-
-	// Validate file path if specified
-	if ct.FilePath != "" {
-		// Clean the path to handle different path separators
-		cleanPath := filepath.Clean(ct.FilePath)
-
-		// Check if the path is absolute
-		if !filepath.IsAbs(cleanPath) {
-			return fmt.Errorf("file path must be absolute: %s", ct.FilePath)
-		}
-
-		// Check if path exists and is a regular file
-		fileInfo, err := os.Stat(cleanPath)
-		if err != nil {
-			if os.IsNotExist(err) {
-				return fmt.Errorf("certificate file does not exist: %s", ct.FilePath)
-			}
-			return fmt.Errorf("error accessing certificate file %s: %w", ct.FilePath, err)
-		}
-
-		// check if it is a directory
-		if fileInfo.IsDir() {
-			return fmt.Errorf("path is a directory, not a file: %s", cleanPath)
-		}
-
-		// Check if it's a regular file (not a directory or special file)
-		if !fileInfo.Mode().IsRegular() {
-			return fmt.Errorf("certificate path is not a regular file: %s", ct.FilePath)
-		}
-
-		// Check if file is readable
-		if _, err := os.ReadFile(cleanPath); err != nil {
-			return fmt.Errorf("certificate file is not readable: %s", ct.FilePath)
-		}
-	}
-
 	return nil
 }
 

receiver/tlscheckreceiver/config_test.go

@@ -5,9 +5,7 @@ package tlscheckreceiver // import "github.com/open-telemetry/opentelemetry-coll
 
 import (
 	"errors"
-	"fmt"
 	"os"
-	"path/filepath"
 	"testing"
 	"time"
 
@@ -92,34 +90,6 @@ func TestValidate(t *testing.T) {
 			},
 			expectedErr: nil,
 		},
-		{
-			desc: "invalid endpoint",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						TCPAddrConfig: confignet.TCPAddrConfig{
-							Endpoint: "bad-endpoint:12efg",
-						},
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: fmt.Errorf("%w: provided port is not a number: 12efg", errInvalidEndpoint),
-		},
-		{
-			desc: "endpoint with scheme",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						TCPAddrConfig: confignet.TCPAddrConfig{
-							Endpoint: "https://example.com:443",
-						},
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: errors.New("endpoint contains a scheme, which is not allowed: https://example.com:443"),
-		},
 		{
 			desc: "both endpoint and file path",
 			cfg: &Config{
@@ -135,56 +105,6 @@ func TestValidate(t *testing.T) {
 			},
 			expectedErr: errors.New("cannot specify both endpoint and file_path"),
 		},
-		{
-			desc: "relative file path",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						FilePath: "cert.pem",
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: errors.New("file path must be absolute: cert.pem"),
-		},
-		{
-			desc: "nonexistent file",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						FilePath: filepath.Join(tmpDir, "nonexistent.pem"),
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: errors.New("certificate file does not exist"),
-		},
-		{
-			desc: "directory instead of file",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						FilePath: tmpDir,
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: fmt.Errorf("path is a directory, not a file: %s", tmpDir),
-		},
-		{
-			desc: "port out of range",
-			cfg: &Config{
-				Targets: []*CertificateTarget{
-					{
-						TCPAddrConfig: confignet.TCPAddrConfig{
-							Endpoint: "example.com:67000",
-						},
-					},
-				},
-				ControllerConfig: scraperhelper.NewDefaultControllerConfig(),
-			},
-			expectedErr: fmt.Errorf("%w: provided port is out of valid range (1-65535): 67000", errInvalidEndpoint),
-		},
 	}
 
 	for _, tc := range testCases {