From 0874574e5c70798f6fe8426fb3a01abdf30fbed0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sun, 19 Feb 2023 17:08:40 +0100 Subject: [PATCH] *: add additional prometheus metrics, remove unusable high entropy metrics Signed-off-by: Jens Langhammer --- authentik/core/expression/evaluator.py | 13 ++++++++- authentik/flows/planner.py | 1 - authentik/flows/stage.py | 39 ++++++++++++++++++++------ authentik/policies/apps.py | 5 ---- authentik/policies/engine.py | 5 ---- internal/web/proxy.go | 2 +- 6 files changed, 43 insertions(+), 22 deletions(-) diff --git a/authentik/core/expression/evaluator.py b/authentik/core/expression/evaluator.py index 53a147edd..03bdf158c 100644 --- a/authentik/core/expression/evaluator.py +++ b/authentik/core/expression/evaluator.py @@ -1,8 +1,9 @@ """Property Mapping Evaluator""" -from typing import Optional +from typing import Any, Optional from django.db.models import Model from django.http import HttpRequest +from prometheus_client import Histogram from authentik.core.models import User from authentik.events.models import Event, EventAction @@ -10,6 +11,12 @@ from authentik.lib.expression.evaluator import BaseEvaluator from authentik.lib.utils.errors import exception_to_string from authentik.policies.types import PolicyRequest +PROPERTY_MAPPING_TIME = Histogram( + "authentik_property_mapping_execution_time", + "Evaluation time of property mappings", + ["mapping_name"], +) + class PropertyMappingEvaluator(BaseEvaluator): """Custom Evaluator that adds some different context variables.""" @@ -49,3 +56,7 @@ class PropertyMappingEvaluator(BaseEvaluator): event.from_http(req.http_request, req.user) return event.save() + + def evaluate(self, *args, **kwargs) -> Any: + with PROPERTY_MAPPING_TIME.labels(mapping_name=self._filename).time(): + return super().evaluate(*args, **kwargs) diff --git a/authentik/flows/planner.py b/authentik/flows/planner.py index 8d07e5bf9..708ca0d22 100644 --- a/authentik/flows/planner.py +++ b/authentik/flows/planner.py @@ -261,7 +261,6 @@ class FlowPlanner: marker = ReevaluateMarker(binding=binding) if stage: plan.append(binding, marker) - HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug) self._logger.debug( "f(plan): finished building", ) diff --git a/authentik/flows/stage.py b/authentik/flows/stage.py index 0962cf4a8..6943877ad 100644 --- a/authentik/flows/stage.py +++ b/authentik/flows/stage.py @@ -7,6 +7,7 @@ from django.http.request import QueryDict from django.http.response import HttpResponse from django.urls import reverse from django.views.generic.base import View +from prometheus_client import Histogram from rest_framework.request import Request from sentry_sdk.hub import Hub from structlog.stdlib import BoundLogger, get_logger @@ -31,6 +32,11 @@ if TYPE_CHECKING: from authentik.flows.views.executor import FlowExecutorView PLAN_CONTEXT_PENDING_USER_IDENTIFIER = "pending_user_identifier" +HIST_FLOWS_STAGE_TIME = Histogram( + "authentik_flows_stage_time", + "Duration taken by different parts of stages", + ["stage_type", "method"], +) class StageView(View): @@ -109,14 +115,24 @@ class ChallengeStageView(StageView): keep_context=keep_context, ) return self.executor.restart_flow(keep_context) - with Hub.current.start_span( - op="authentik.flow.stage.challenge_invalid", - description=self.__class__.__name__, + with ( + Hub.current.start_span( + op="authentik.flow.stage.challenge_invalid", + description=self.__class__.__name__, + ), + HIST_FLOWS_STAGE_TIME.labels( + stage_type=self.__class__.__name__, method="challenge_invalid" + ).time(), ): return self.challenge_invalid(challenge) - with Hub.current.start_span( - op="authentik.flow.stage.challenge_valid", - description=self.__class__.__name__, + with ( + Hub.current.start_span( + op="authentik.flow.stage.challenge_valid", + description=self.__class__.__name__, + ), + HIST_FLOWS_STAGE_TIME.labels( + stage_type=self.__class__.__name__, method="challenge_valid" + ).time(), ): return self.challenge_valid(challenge) @@ -135,9 +151,14 @@ class ChallengeStageView(StageView): return self.executor.flow.title def _get_challenge(self, *args, **kwargs) -> Challenge: - with Hub.current.start_span( - op="authentik.flow.stage.get_challenge", - description=self.__class__.__name__, + with ( + Hub.current.start_span( + op="authentik.flow.stage.get_challenge", + description=self.__class__.__name__, + ), + HIST_FLOWS_STAGE_TIME.labels( + stage_type=self.__class__.__name__, method="get_challenge" + ).time(), ): challenge = self.get_challenge(*args, **kwargs) with Hub.current.start_span( diff --git a/authentik/policies/apps.py b/authentik/policies/apps.py index f3bea51b5..17ef4a3a4 100644 --- a/authentik/policies/apps.py +++ b/authentik/policies/apps.py @@ -7,11 +7,6 @@ GAUGE_POLICIES_CACHED = Gauge( "authentik_policies_cached", "Cached Policies", ) -HIST_POLICIES_BUILD_TIME = Histogram( - "authentik_policies_build_time", - "Execution times complete policy result to an object", - ["object_pk", "object_type"], -) HIST_POLICIES_EXECUTION_TIME = Histogram( "authentik_policies_execution_time", diff --git a/authentik/policies/engine.py b/authentik/policies/engine.py index fba6a6536..9972f4db8 100644 --- a/authentik/policies/engine.py +++ b/authentik/policies/engine.py @@ -10,7 +10,6 @@ from sentry_sdk.tracing import Span from structlog.stdlib import BoundLogger, get_logger from authentik.core.models import User -from authentik.policies.apps import HIST_POLICIES_BUILD_TIME from authentik.policies.exceptions import PolicyEngineException from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode from authentik.policies.process import PolicyProcess, cache_key @@ -86,10 +85,6 @@ class PolicyEngine: op="authentik.policy.engine.build", description=self.__pbm, ) as span, - HIST_POLICIES_BUILD_TIME.labels( - object_pk=str(self.__pbm.pk), - object_type=f"{self.__pbm._meta.app_label}.{self.__pbm._meta.model_name}", - ).time(), ): span: Span span.set_data("pbm", self.__pbm) diff --git a/internal/web/proxy.go b/internal/web/proxy.go index 339c531d1..e0fce7b22 100644 --- a/internal/web/proxy.go +++ b/internal/web/proxy.go @@ -59,7 +59,7 @@ func (ws *WebServer) configureProxy() { } } Requests.With(prometheus.Labels{ - "dest": "py", + "dest": "core", }).Observe(float64(time.Since(before))) r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024) rp.ServeHTTP(rw, r)