feat: remove all telemetry code

It has always been disabled in Casket, but having to update dead code
like this was an unnecessary burden.

casket.go

@@ -16,14 +16,14 @@
 //
 // To use this package:
 //
-//   1. Set the AppName and AppVersion variables.
-//   2. Call LoadCasketfile() to get the Casketfile.
-//      Pass in the name of the server type (like "http").
-//      Make sure the server type's package is imported
-//      (import _ "github.com/tmpim/casket/caskethttp").
-//   3. Call casket.Start() to start Casket. You get back
-//      an Instance, on which you can call Restart() to
-//      restart it or Stop() to stop it.
+//  1. Set the AppName and AppVersion variables.
+//  2. Call LoadCasketfile() to get the Casketfile.
+//     Pass in the name of the server type (like "http").
+//     Make sure the server type's package is imported
+//     (import _ "github.com/tmpim/casket/caskethttp").
+//  3. Call casket.Start() to start Casket. You get back
+//     an Instance, on which you can call Restart() to
+//     restart it or Stop() to stop it.
 //
 // You should call Wait() on your instance to wait for
 // all servers to quit before your process exits.
@@ -44,7 +44,6 @@ import (
 	"time"
 
 	"github.com/tmpim/casket/casketfile"
-	"github.com/tmpim/casket/telemetry"
 )
 
 // Configurable application parameters
@@ -600,12 +599,6 @@ func ValidateAndExecuteDirectives(cdyfile Input, inst *Instance, justValidate bo
 		return err
 	}
 
-	for _, sb := range sblocks {
-		for dir := range sb.Tokens {
-			telemetry.AppendUnique("directives", dir)
-		}
-	}
-
 	inst.context = stype.NewContext(inst)
 	if inst.context == nil {
 		return fmt.Errorf("server type %s produced a nil Context", stypeName)
@@ -616,8 +609,6 @@ func ValidateAndExecuteDirectives(cdyfile Input, inst *Instance, justValidate bo
 		return fmt.Errorf("error inspecting server blocks: %v", err)
 	}
 
-	telemetry.Set("num_server_blocks", len(sblocks))
-
 	return executeDirectives(inst, cdyfile.Path(), stype.Directives(), sblocks, justValidate)
 }
 

casket/casketmain/run.go

@@ -32,13 +32,10 @@ import (
 	"strings"
 
 	"github.com/caddyserver/certmagic"
-	"github.com/google/uuid"
-	"github.com/klauspost/cpuid"
 	"github.com/tmpim/casket"
 	"github.com/tmpim/casket/casketfile"
 	"github.com/tmpim/casket/caskettls"
-	"github.com/tmpim/casket/telemetry"
-	lumberjack "gopkg.in/natefinch/lumberjack.v2"
+	"gopkg.in/natefinch/lumberjack.v2"
 
 	_ "github.com/tmpim/casket/caskethttp" // plug in the HTTP server type
 	// This is where other plugins get plugged in (imported)
@@ -52,7 +49,6 @@ func init() {
 	flag.StringVar(&certmagic.Default.DefaultServerName, "default-sni", certmagic.Default.DefaultServerName, "If a ClientHello ServerName is empty, use this ServerName to choose a TLS certificate")
 	flag.BoolVar(&certmagic.DefaultACME.DisableHTTPChallenge, "disable-http-challenge", certmagic.DefaultACME.DisableHTTPChallenge, "Disable the ACME HTTP challenge")
 	flag.BoolVar(&certmagic.DefaultACME.DisableTLSALPNChallenge, "disable-tls-alpn-challenge", certmagic.DefaultACME.DisableTLSALPNChallenge, "Disable the ACME TLS-ALPN challenge")
-	flag.StringVar(&disabledMetrics, "disabled-metrics", "", "Comma-separated list of telemetry metrics to disable")
 	flag.StringVar(&conf, "conf", "", "Casketfile to load (default \""+casket.DefaultConfigFile+"\")")
 	flag.StringVar(&cpu, "cpu", "100%", "CPU cap")
 	flag.BoolVar(&printEnv, "env", false, "Enable to print environment variables")
@@ -147,16 +143,6 @@ func Run() {
 		}
 	}
 
-	// initialize telemetry client
-	if EnableTelemetry {
-		err := initTelemetry()
-		if err != nil {
-			mustLogFatalf("[ERROR] Initializing telemetry: %v", err)
-		}
-	} else if disabledMetrics != "" {
-		mustLogFatalf("[ERROR] Cannot disable specific metrics because telemetry is disabled")
-	}
-
 	// Check for one-time actions
 	if revoke != "" {
 		err := caskettls.Revoke(revoke)
@@ -218,26 +204,6 @@ func Run() {
 		mustLogFatalf("%v", err)
 	}
 
-	// Begin telemetry (these are no-ops if telemetry disabled)
-	telemetry.Set("casket_version", casket.AppVersion)
-	telemetry.Set("num_listeners", len(instance.Servers()))
-	telemetry.Set("server_type", serverType)
-	telemetry.Set("os", runtime.GOOS)
-	telemetry.Set("arch", runtime.GOARCH)
-	telemetry.Set("cpu", struct {
-		BrandName  string `json:"brand_name,omitempty"`
-		NumLogical int    `json:"num_logical,omitempty"`
-		AESNI      bool   `json:"aes_ni,omitempty"`
-	}{
-		BrandName:  cpuid.CPU.BrandName,
-		NumLogical: runtime.NumCPU(),
-		AESNI:      cpuid.CPU.AesNi(),
-	})
-	if containerized := detectContainer(); containerized {
-		telemetry.Set("container", containerized)
-	}
-	telemetry.StartEmitting()
-
 	// Twiddle your thumbs
 	instance.Wait()
 }
@@ -432,78 +398,6 @@ func detectContainer() bool {
 	return false
 }
 
-// initTelemetry initializes the telemetry engine.
-func initTelemetry() error {
-	uuidFilename := filepath.Join(casket.AssetsPath(), "uuid")
-	if customUUIDFile := os.Getenv("CASKET_UUID_FILE"); customUUIDFile != "" {
-		uuidFilename = customUUIDFile
-	}
-
-	newUUID := func() uuid.UUID {
-		id := uuid.New()
-		err := os.MkdirAll(casket.AssetsPath(), 0700)
-		if err != nil {
-			log.Printf("[ERROR] Persisting instance UUID: %v", err)
-			return id
-		}
-		err = ioutil.WriteFile(uuidFilename, []byte(id.String()), 0600) // human-readable as a string
-		if err != nil {
-			log.Printf("[ERROR] Persisting instance UUID: %v", err)
-		}
-		return id
-	}
-
-	var id uuid.UUID
-
-	// load UUID from storage, or create one if we don't have one
-	if uuidFile, err := os.Open(uuidFilename); os.IsNotExist(err) {
-		// no UUID exists yet; create a new one and persist it
-		id = newUUID()
-	} else if err != nil {
-		log.Printf("[ERROR] Loading persistent UUID: %v", err)
-		id = newUUID()
-	} else {
-		defer uuidFile.Close()
-		uuidBytes, err := ioutil.ReadAll(uuidFile)
-		if err != nil {
-			log.Printf("[ERROR] Reading persistent UUID: %v", err)
-			id = newUUID()
-		} else {
-			id, err = uuid.ParseBytes(uuidBytes)
-			if err != nil {
-				log.Printf("[ERROR] Parsing UUID: %v", err)
-				id = newUUID()
-			}
-		}
-	}
-
-	// parse and check the list of disabled metrics
-	var disabledMetricsSlice []string
-	if len(disabledMetrics) > 0 {
-		if len(disabledMetrics) > 1024 {
-			// mitigate disk space exhaustion at the collection endpoint
-			return fmt.Errorf("too many metrics to disable")
-		}
-		disabledMetricsSlice = splitTrim(disabledMetrics, ",")
-		for _, metric := range disabledMetricsSlice {
-			if metric == "instance_id" || metric == "timestamp" || metric == "disabled_metrics" {
-				return fmt.Errorf("instance_id, timestamp, and disabled_metrics cannot be disabled")
-			}
-		}
-	}
-
-	// initialize telemetry
-	telemetry.Init(id, disabledMetricsSlice)
-
-	// if any metrics were disabled, report which ones (so we know how representative the data is)
-	if len(disabledMetricsSlice) > 0 {
-		telemetry.Set("disabled_metrics", disabledMetricsSlice)
-		log.Printf("[NOTICE] The following telemetry metrics are disabled: %s", disabledMetrics)
-	}
-
-	return nil
-}
-
 // Split string s into all substrings separated by sep and returns a slice of
 // the substrings between those separators.
 //
@@ -620,6 +514,3 @@ var (
 	validate        bool
 	disabledMetrics string
 )
-
-// EnableTelemetry defines whether telemetry is enabled in Run.
-var EnableTelemetry = false

caskethttp/httpserver/mitm.go

@@ -26,7 +26,6 @@ import (
 	"sync"
 
 	"github.com/tmpim/casket/caskettls"
-	"github.com/tmpim/casket/telemetry"
 )
 
 // tlsHandler is a http.Handler that will inject a value
@@ -65,10 +64,6 @@ func (h *tlsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	h.listener.helloInfosMu.RUnlock()
 
 	ua := r.Header.Get("User-Agent")
-	uaHash := telemetry.FastHash([]byte(ua))
-
-	// report this request's UA in connection with this ClientHello
-	go telemetry.AppendUnique("tls_client_hello_ua:"+caskettls.ClientHelloInfo(info).Key(), uaHash)
 
 	var checked, mitm bool
 	if r.Header.Get("X-BlueCoat-Via") != "" || // Blue Coat (masks User-Agent header to generic values)
@@ -108,13 +103,6 @@ func (h *tlsHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 	if checked {
 		r = r.WithContext(context.WithValue(r.Context(), MitmCtxKey, mitm))
-		if mitm {
-			go telemetry.AppendUnique("http_mitm", "likely")
-		} else {
-			go telemetry.AppendUnique("http_mitm", "unlikely")
-		}
-	} else {
-		go telemetry.AppendUnique("http_mitm", "unknown")
 	}
 
 	if mitm && h.closeOnMITM {
@@ -213,11 +201,6 @@ func (c *clientHelloConn) Read(b []byte) (n int, err error) {
 	c.listener.helloInfos[c.Conn.RemoteAddr().String()] = rawParsed
 	c.listener.helloInfosMu.Unlock()
 
-	// report this ClientHello to telemetry
-	chKey := caskettls.ClientHelloInfo(rawParsed).Key()
-	go telemetry.SetNested("tls_client_hello", chKey, rawParsed)
-	go telemetry.AppendUnique("tls_client_hello_count", chKey)
-
 	c.readHello = true
 	return
 }

caskethttp/httpserver/plugin.go

@@ -32,7 +32,6 @@ import (
 	"github.com/tmpim/casket/casketfile"
 	"github.com/tmpim/casket/caskethttp/staticfiles"
 	"github.com/tmpim/casket/caskettls"
-	"github.com/tmpim/casket/telemetry"
 )
 
 const serverType = "http"
@@ -69,12 +68,6 @@ func init() {
 	casket.RegisterParsingCallback(serverType, "root", hideCasketfile)
 	casket.RegisterParsingCallback(serverType, "tls", activateHTTPS)
 	caskettls.RegisterConfigGetter(serverType, func(c *casket.Controller) *caskettls.Config { return GetConfig(c).TLS })
-
-	// disable the caskettls package reporting ClientHellos
-	// to telemetry, since our MITM detector does this but
-	// with more information than the standard lib provides
-	// (as of May 2018)
-	caskettls.ClientHelloTelemetry = false
 }
 
 // hideCasketfile hides the source/origin Casketfile if it is within the
@@ -234,18 +227,6 @@ func (h *httpContext) MakeServers() ([]casket.Server, error) {
 	httpPort := strconv.Itoa(certmagic.HTTPPort)
 	httpsPort := strconv.Itoa(certmagic.HTTPSPort)
 
-	// make a rough estimate as to whether we're in a "production
-	// environment/system" - start by assuming that most production
-	// servers will set their default CA endpoint to a public,
-	// trusted CA (obviously not a perfect heuristic)
-	var looksLikeProductionCA bool
-	for _, publicCAEndpoint := range caskettls.KnownACMECAs {
-		if strings.Contains(certmagic.DefaultACME.CA, publicCAEndpoint) {
-			looksLikeProductionCA = true
-			break
-		}
-	}
-
 	// Iterate each site configuration and make sure that:
 	// 1) TLS is disabled for explicitly-HTTP sites (necessary
 	//    when an HTTP address shares a block containing tls)
@@ -313,18 +294,6 @@ func (h *httpContext) MakeServers() ([]casket.Server, error) {
 		servers = append(servers, s)
 	}
 
-	// NOTE: This value is only a "good guess". Quite often, development
-	// environments will use internal DNS or a local hosts file to serve
-	// real-looking domains in local development. We can't easily tell
-	// which without doing a DNS lookup, so this guess is definitely naive,
-	// and if we ever want a better guess, we will have to do DNS lookups.
-	deploymentGuess := "dev"
-	if looksLikeProductionCA && atLeastOneSiteLooksLikeProduction {
-		deploymentGuess = "prod"
-	}
-	telemetry.Set("http_deployment_guess", deploymentGuess)
-	telemetry.Set("http_num_sites", len(h.siteConfigs))
-
 	return servers, nil
 }
 

caskethttp/httpserver/server.go

@@ -35,7 +35,6 @@ import (
 	"github.com/tmpim/casket"
 	"github.com/tmpim/casket/caskethttp/staticfiles"
 	"github.com/tmpim/casket/caskettls"
-	"github.com/tmpim/casket/telemetry"
 )
 
 // Server is the HTTP server implementation.
@@ -370,10 +369,6 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	if len(ua) > 512 {
 		ua = ua[:512]
 	}
-	uaHash := telemetry.FastHash([]byte(ua)) // this is a normalized field
-	go telemetry.SetNested("http_user_agent", uaHash, ua)
-	go telemetry.AppendUnique("http_user_agent_count", uaHash)
-	go telemetry.Increment("http_request_count")
 
 	// copy the original, unchanged URL into the context
 	// so it can be referenced by middlewares

caskettls/handshake.go

@@ -16,13 +16,11 @@ package caskettls
 
 import (
 	"crypto/tls"
-	"fmt"
 	"log"
 	"net"
 	"strings"
 
 	"github.com/caddyserver/certmagic"
-	"github.com/tmpim/casket/telemetry"
 )
 
 // configGroup is a type that keys configs by their hostname
@@ -155,26 +153,6 @@ type ClientHelloInfo struct {
 	CompressionMethodsUnknown bool `json:"-"`
 }
 
-// Key returns a standardized string form of the data in info,
-// useful for identifying duplicates.
-func (info ClientHelloInfo) Key() string {
-	extensions, compressionMethods := "?", "?"
-	if !info.ExtensionsUnknown {
-		extensions = fmt.Sprintf("%x", info.Extensions)
-	}
-	if !info.CompressionMethodsUnknown {
-		compressionMethods = fmt.Sprintf("%x", info.CompressionMethods)
-	}
-	return telemetry.FastHash([]byte(fmt.Sprintf("%x-%x-%s-%s-%x-%x",
-		info.Version, info.CipherSuites, extensions,
-		compressionMethods, info.Curves, info.Points)))
-}
-
-// ClientHelloTelemetry determines whether to report
-// TLS ClientHellos to telemetry. Disable if doing
-// it from a different package.
-var ClientHelloTelemetry = true
-
 // normalizedName returns a cleaned form of serverName that is
 // used for consistency when referring to a SNI value.
 func normalizedName(serverName string) string {

caskettls/setup.go

@@ -32,7 +32,6 @@ import (
 
 	"github.com/caddyserver/certmagic"
 	"github.com/tmpim/casket"
-	"github.com/tmpim/casket/telemetry"
 )
 
 func init() {
@@ -332,7 +331,6 @@ func setupTLS(c *casket.Controller) error {
 		if err != nil {
 			return fmt.Errorf("self-signed: %v", err)
 		}
-		telemetry.Increment("tls_self_signed_count")
 	}
 
 	// store this as a custom config