Provide earliest and latest expiry date for graph apps

[mblaschke]

Would make queries easier to check when an app secret/cert is expiring

[deggja]

Hello @mblaschke,

Thanks for all the awesome exporters. I'm an avid user of the Log Analytics exporter that you guys created.

I'm testing the Resource manager exporter now. It is working but I am having some trouble understanding what kind of data I am actually exporting.

My goal: to be able to extract the expiry date of service principals in Azure Active Directory.

I am targeting Graph data by disabling all other scraping and running it with --scrape.time.graph to remove all the unnecessary data. I get the values outputted to localhost:8080 on the /metrics endpoint, but in the following format (redacted credentials from output):

azurerm_graph_app_credential{appAppID="redacted",credentialID="redacted",credentialName="service-principal-test",credentialType="password",type="startDate"} 1.364265162e+02

Is there any way to extract the actual date for the expiry with this exporter or am I expecting too much?

[mblaschke]

what about using max by (appAppID) (azurerm_graph_app_credential{type="startDate"})?

the startDate/endDate is provided as unix timestamp, you can convert it easily in Grafana to datetime but when i remember correcly Grafana uses milliseconds where Prometheus is normally using seconds you have to convert (metric * 1000) the metric value.

if you want a relative time (eg "expiring in") you have use time() - azurerm_graph_app_credential.

[deggja]

---

what about using max by (appAppID) (azurerm_graph_app_credential{type="startDate"})?

the startDate/endDate is provided as unix timestamp, you can convert it easily in Grafana to datetime but when i remember correcly Grafana uses milliseconds where Prometheus is normally using seconds you have to convert (metric * 1000) the metric value.

if you want a relative time (eg "expiring in") you have use time() - azurerm_graph_app_credential.

Perfect - that works.

Thanks @mblaschke !