Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Authentication]Add authentication metrics #9244

Merged
merged 10 commits into from Jan 26, 2021
Merged

[Authentication]Add authentication metrics #9244

merged 10 commits into from Jan 26, 2021

Conversation

RobertIndie
Copy link
Member

@RobertIndie RobertIndie commented Jan 20, 2021
edited

Master Issue: streamnative/platform-epics#217

Motivation

Currently, if many clients are failing to authenticate, it might not be clear as to the reason why. For JWT auth for example, it could be because the JWT failed to validate, or that a token is expired. In a busy system, these messages are too noisy to log, so we should instead consider metrics that provide info on successful vs failed auths, as well as auth failure reasons

Modifications

  • Implement AuthenticationMetrics API that allows for instrumenting auth success, and auth failures, with a Prometheus compatible attribute used to distinguish failure reasons.

  • Add auth metrics instrument to the basic auth, jwt auth, tls auth, athenz auth and sasl auth.

  • Add metric pulsar_authentication_success_count with two labels provider_name and auth_method

  • Add metric pulsar_authentication_failures_count with 3 labels provider_name , auth_method and reason

Verifying this change

  • Make sure that the change passes the CI checks.

This change is already covered by existing tests, such as testAuthMetrics.

@sijie sijie added area/security type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages labels Jan 20, 2021
@sijie sijie added this to the 2.8.0 milestone Jan 20, 2021
@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@codelipenghui codelipenghui added the doc-required Your PR changes impact docs and you will update later. label Jan 21, 2021
@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

codelipenghui
codelipenghui reviewed Jan 21, 2021
View reviewed changes
...mon/src/main/java/org/apache/pulsar/broker/authentication/metrics/AuthenticationMetrics.java Outdated Show resolved Hide resolved
...mon/src/main/java/org/apache/pulsar/broker/authentication/metrics/AuthenticationMetrics.java Outdated Show resolved Hide resolved
...mon/src/main/java/org/apache/pulsar/broker/authentication/metrics/AuthenticationMetrics.java Outdated Show resolved Hide resolved
...mon/src/main/java/org/apache/pulsar/broker/authentication/metrics/AuthenticationMetrics.java Outdated Show resolved Hide resolved
pulsar-broker/src/main/java/org/apache/pulsar/broker/service/BrokerService.java Outdated Show resolved Hide resolved
pulsar-broker/src/test/java/org/apache/pulsar/broker/stats/PrometheusMetricsTest.java Outdated Show resolved Hide resolved
@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

4 similar comments
@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

1 similar comment
@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

codelipenghui
codelipenghui reviewed Jan 25, 2021
View reviewed changes
Copy link
Contributor

@codelipenghui codelipenghui left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, could you please show me how the AuthenticationMetrics.java interact with the prometheus metrcis generator? Seems I can find it.

...mon/src/main/java/org/apache/pulsar/broker/authentication/metrics/AuthenticationMetrics.java Outdated Show resolved Hide resolved
@RobertIndie
Copy link
Member Author

BTW, could you please show me how the AuthenticationMetrics.java interact with the prometheus metrcis generator? Seems I can find it.

Whenever a successful authentication is triggered, the log is stored in the CollectorRegistry.defaultRegistry.
Prometheus metrics generator obtains the log data through this method:

pulsar/pulsar-broker/src/main/java/org/apache/pulsar/broker/stats/prometheus/PrometheusMetricsGenerator.java

Line 206 in 2071a85

Enumeration<MetricFamilySamples> metricFamilySamples = CollectorRegistry.defaultRegistry.metricFamilySamples();

@RobertIndie
Copy link
Member Author

/pulsarbot run-failure-checks

@codelipenghui codelipenghui merged commit f89dbb6 into apache:master Jan 26, 2021
codelipenghui pushed a commit that referenced this pull request Jan 26, 2021
@RobertIndie @codelipenghui
[Authentication]Add authentication metrics (#9244)
a1fe129 
### Motivation
Currently, if many clients are failing to authenticate, it might not be clear as to the reason why. For JWT auth for example, it could be because the JWT failed to validate, or that a token is expired. In a busy system, these messages are too noisy to log, so we should instead consider metrics that provide info on successful vs failed auths, as well as auth failure reasons

### Modifications

* Implement `AuthenticationMetrics` API that allows for instrumenting auth success, and auth failures, with a Prometheus compatible attribute used to distinguish failure reasons.
* Add auth metrics instrument to the `basic auth`, `jwt auth`, `tls auth`, `athenz auth` and `sasl auth`.

(cherry picked from commit f89dbb6)
@codelipenghui codelipenghui added the cherry-picked/branch-2.7 Archived: 2.7 is end of life label Jan 26, 2021
@Anonymitaet Anonymitaet mentioned this pull request Mar 4, 2021
Merged
@Anonymitaet Anonymitaet removed the doc-required Your PR changes impact docs and you will update later. label Mar 5, 2021
@wmccarley wmccarley mentioned this pull request Nov 11, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sijie sijie sijie left review comments

@codelipenghui codelipenghui codelipenghui approved these changes

@315157973 315157973 Awaiting requested review from 315157973

@hangc0276 hangc0276 Awaiting requested review from hangc0276

@jiazhai jiazhai Awaiting requested review from jiazhai

@merlimat merlimat Awaiting requested review from merlimat

Assignees

@RobertIndie RobertIndie

Labels
area/security cherry-picked/branch-2.7 Archived: 2.7 is end of life release/2.7.1 type/enhancement The enhancements for the existing features or docs. e.g. reduce memory usage of the delayed messages
Projects
None yet
Milestone
2.8.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@RobertIndie @sijie @codelipenghui @Anonymitaet