internal: remove deprecated metrics (#7540)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
0a0f87b9ca
commit
4080080acd
|
@ -29,16 +29,6 @@ var (
|
||||||
Name: "authentik_outpost_flow_timing_post_seconds",
|
Name: "authentik_outpost_flow_timing_post_seconds",
|
||||||
Help: "Duration it took to send a challenge in seconds",
|
Help: "Duration it took to send a challenge in seconds",
|
||||||
}, []string{"stage", "flow"})
|
}, []string{"stage", "flow"})
|
||||||
|
|
||||||
// NOTE: the following metrics are kept for compatibility purpose
|
|
||||||
FlowTimingGetLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_flow_timing_get",
|
|
||||||
Help: "Duration it took to get a challenge",
|
|
||||||
}, []string{"stage", "flow"})
|
|
||||||
FlowTimingPostLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_flow_timing_post",
|
|
||||||
Help: "Duration it took to send a challenge",
|
|
||||||
}, []string{"stage", "flow"})
|
|
||||||
)
|
)
|
||||||
|
|
||||||
type SolverFunction func(*api.ChallengeTypes, api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error)
|
type SolverFunction func(*api.ChallengeTypes, api.ApiFlowsExecutorSolveRequest) (api.FlowChallengeResponseRequest, error)
|
||||||
|
@ -198,10 +188,6 @@ func (fe *FlowExecutor) getInitialChallenge() (*api.ChallengeTypes, error) {
|
||||||
"stage": ch.GetComponent(),
|
"stage": ch.GetComponent(),
|
||||||
"flow": fe.flowSlug,
|
"flow": fe.flowSlug,
|
||||||
}).Observe(float64(gcsp.EndTime.Sub(gcsp.StartTime)) / float64(time.Second))
|
}).Observe(float64(gcsp.EndTime.Sub(gcsp.StartTime)) / float64(time.Second))
|
||||||
FlowTimingGetLegacy.With(prometheus.Labels{
|
|
||||||
"stage": ch.GetComponent(),
|
|
||||||
"flow": fe.flowSlug,
|
|
||||||
}).Observe(float64(gcsp.EndTime.Sub(gcsp.StartTime)))
|
|
||||||
return challenge, nil
|
return challenge, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -259,10 +245,6 @@ func (fe *FlowExecutor) solveFlowChallenge(challenge *api.ChallengeTypes, depth
|
||||||
"stage": ch.GetComponent(),
|
"stage": ch.GetComponent(),
|
||||||
"flow": fe.flowSlug,
|
"flow": fe.flowSlug,
|
||||||
}).Observe(float64(scsp.EndTime.Sub(scsp.StartTime)) / float64(time.Second))
|
}).Observe(float64(scsp.EndTime.Sub(scsp.StartTime)) / float64(time.Second))
|
||||||
FlowTimingPostLegacy.With(prometheus.Labels{
|
|
||||||
"stage": ch.GetComponent(),
|
|
||||||
"flow": fe.flowSlug,
|
|
||||||
}).Observe(float64(scsp.EndTime.Sub(scsp.StartTime)))
|
|
||||||
|
|
||||||
if depth >= 10 {
|
if depth >= 10 {
|
||||||
return false, errors.New("exceeded stage recursion depth")
|
return false, errors.New("exceeded stage recursion depth")
|
||||||
|
|
|
@ -22,11 +22,6 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD
|
||||||
"type": "bind",
|
"type": "bind",
|
||||||
"app": selectedApp,
|
"app": selectedApp,
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ls.ac.Outpost.Name,
|
|
||||||
"type": "bind",
|
|
||||||
"app": selectedApp,
|
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)))
|
|
||||||
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Bind request")
|
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Bind request")
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
@ -55,12 +50,6 @@ func (ls *LDAPServer) Bind(bindDN string, bindPW string, conn net.Conn) (ldap.LD
|
||||||
"reason": "no_provider",
|
"reason": "no_provider",
|
||||||
"app": "",
|
"app": "",
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ls.ac.Outpost.Name,
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "no_provider",
|
|
||||||
"app": "",
|
|
||||||
}).Inc()
|
|
||||||
|
|
||||||
return ldap.LDAPResultInsufficientAccessRights, nil
|
return ldap.LDAPResultInsufficientAccessRights, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,12 +47,6 @@ func (db *DirectBinder) Bind(username string, req *bind.Request) (ldap.LDAPResul
|
||||||
"reason": "flow_error",
|
"reason": "flow_error",
|
||||||
"app": db.si.GetAppSlug(),
|
"app": db.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": db.si.GetOutpostName(),
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "flow_error",
|
|
||||||
"app": db.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
req.Log().WithError(err).Warning("failed to execute flow")
|
req.Log().WithError(err).Warning("failed to execute flow")
|
||||||
return ldap.LDAPResultInvalidCredentials, nil
|
return ldap.LDAPResultInvalidCredentials, nil
|
||||||
}
|
}
|
||||||
|
@ -63,12 +57,6 @@ func (db *DirectBinder) Bind(username string, req *bind.Request) (ldap.LDAPResul
|
||||||
"reason": "invalid_credentials",
|
"reason": "invalid_credentials",
|
||||||
"app": db.si.GetAppSlug(),
|
"app": db.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": db.si.GetOutpostName(),
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "invalid_credentials",
|
|
||||||
"app": db.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
req.Log().Info("Invalid credentials")
|
req.Log().Info("Invalid credentials")
|
||||||
return ldap.LDAPResultInvalidCredentials, nil
|
return ldap.LDAPResultInvalidCredentials, nil
|
||||||
}
|
}
|
||||||
|
@ -82,12 +70,6 @@ func (db *DirectBinder) Bind(username string, req *bind.Request) (ldap.LDAPResul
|
||||||
"reason": "access_denied",
|
"reason": "access_denied",
|
||||||
"app": db.si.GetAppSlug(),
|
"app": db.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": db.si.GetOutpostName(),
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "access_denied",
|
|
||||||
"app": db.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.LDAPResultInsufficientAccessRights, nil
|
return ldap.LDAPResultInsufficientAccessRights, nil
|
||||||
}
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -97,12 +79,6 @@ func (db *DirectBinder) Bind(username string, req *bind.Request) (ldap.LDAPResul
|
||||||
"reason": "access_check_fail",
|
"reason": "access_check_fail",
|
||||||
"app": db.si.GetAppSlug(),
|
"app": db.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": db.si.GetOutpostName(),
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "access_check_fail",
|
|
||||||
"app": db.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
req.Log().WithError(err).Warning("failed to check access")
|
req.Log().WithError(err).Warning("failed to check access")
|
||||||
return ldap.LDAPResultOperationsError, nil
|
return ldap.LDAPResultOperationsError, nil
|
||||||
}
|
}
|
||||||
|
@ -117,12 +93,6 @@ func (db *DirectBinder) Bind(username string, req *bind.Request) (ldap.LDAPResul
|
||||||
"reason": "user_info_fail",
|
"reason": "user_info_fail",
|
||||||
"app": db.si.GetAppSlug(),
|
"app": db.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": db.si.GetOutpostName(),
|
|
||||||
"type": "bind",
|
|
||||||
"reason": "user_info_fail",
|
|
||||||
"app": db.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
req.Log().WithError(err).Warning("failed to get user info")
|
req.Log().WithError(err).Warning("failed to get user info")
|
||||||
return ldap.LDAPResultOperationsError, nil
|
return ldap.LDAPResultOperationsError, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,16 +22,6 @@ var (
|
||||||
Name: "authentik_outpost_ldap_requests_rejected_total",
|
Name: "authentik_outpost_ldap_requests_rejected_total",
|
||||||
Help: "Total number of rejected requests",
|
Help: "Total number of rejected requests",
|
||||||
}, []string{"outpost_name", "type", "reason", "app"})
|
}, []string{"outpost_name", "type", "reason", "app"})
|
||||||
|
|
||||||
// NOTE: the following metrics are kept for compatibility purpose
|
|
||||||
RequestsLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_ldap_requests",
|
|
||||||
Help: "The total number of configured providers",
|
|
||||||
}, []string{"outpost_name", "type", "app"})
|
|
||||||
RequestsRejectedLegacy = promauto.NewCounterVec(prometheus.CounterOpts{
|
|
||||||
Name: "authentik_outpost_ldap_requests_rejected",
|
|
||||||
Help: "Total number of rejected requests",
|
|
||||||
}, []string{"outpost_name", "type", "reason", "app"})
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func RunServer() {
|
func RunServer() {
|
||||||
|
|
|
@ -23,11 +23,6 @@ func (ls *LDAPServer) Search(bindDN string, searchReq ldap.SearchRequest, conn n
|
||||||
"type": "search",
|
"type": "search",
|
||||||
"app": selectedApp,
|
"app": selectedApp,
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ls.ac.Outpost.Name,
|
|
||||||
"type": "search",
|
|
||||||
"app": selectedApp,
|
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)))
|
|
||||||
req.Log().WithField("attributes", searchReq.Attributes).WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Search request")
|
req.Log().WithField("attributes", searchReq.Attributes).WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Search request")
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
|
|
@ -45,12 +45,6 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "empty_bind_dn",
|
"reason": "empty_bind_dn",
|
||||||
"app": ds.si.GetAppSlug(),
|
"app": ds.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ds.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "empty_bind_dn",
|
|
||||||
"app": ds.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: Anonymous BindDN not allowed %s", req.BindDN)
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: Anonymous BindDN not allowed %s", req.BindDN)
|
||||||
}
|
}
|
||||||
if !utils.HasSuffixNoCase(req.BindDN, ","+baseDN) {
|
if !utils.HasSuffixNoCase(req.BindDN, ","+baseDN) {
|
||||||
|
@ -60,12 +54,6 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "invalid_bind_dn",
|
"reason": "invalid_bind_dn",
|
||||||
"app": ds.si.GetAppSlug(),
|
"app": ds.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ds.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "invalid_bind_dn",
|
|
||||||
"app": ds.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ds.si.GetBaseDN())
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ds.si.GetBaseDN())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -78,12 +66,6 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "user_info_not_cached",
|
"reason": "user_info_not_cached",
|
||||||
"app": ds.si.GetAppSlug(),
|
"app": ds.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ds.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "user_info_not_cached",
|
|
||||||
"app": ds.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, errors.New("access denied")
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, errors.New("access denied")
|
||||||
}
|
}
|
||||||
accsp.Finish()
|
accsp.Finish()
|
||||||
|
@ -96,12 +78,6 @@ func (ds *DirectSearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "filter_parse_fail",
|
"reason": "filter_parse_fail",
|
||||||
"app": ds.si.GetAppSlug(),
|
"app": ds.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ds.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "filter_parse_fail",
|
|
||||||
"app": ds.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter)
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultOperationsError}, fmt.Errorf("Search Error: error parsing filter: %s", req.Filter)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -62,12 +62,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "empty_bind_dn",
|
"reason": "empty_bind_dn",
|
||||||
"app": ms.si.GetAppSlug(),
|
"app": ms.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ms.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "empty_bind_dn",
|
|
||||||
"app": ms.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: Anonymous BindDN not allowed %s", req.BindDN)
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: Anonymous BindDN not allowed %s", req.BindDN)
|
||||||
}
|
}
|
||||||
if !utils.HasSuffixNoCase(req.BindDN, ","+baseDN) {
|
if !utils.HasSuffixNoCase(req.BindDN, ","+baseDN) {
|
||||||
|
@ -77,12 +71,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "invalid_bind_dn",
|
"reason": "invalid_bind_dn",
|
||||||
"app": ms.si.GetAppSlug(),
|
"app": ms.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ms.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "invalid_bind_dn",
|
|
||||||
"app": ms.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ms.si.GetBaseDN())
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, fmt.Errorf("Search Error: BindDN %s not in our BaseDN %s", req.BindDN, ms.si.GetBaseDN())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -95,12 +83,6 @@ func (ms *MemorySearcher) Search(req *search.Request) (ldap.ServerSearchResult,
|
||||||
"reason": "user_info_not_cached",
|
"reason": "user_info_not_cached",
|
||||||
"app": ms.si.GetAppSlug(),
|
"app": ms.si.GetAppSlug(),
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ms.si.GetOutpostName(),
|
|
||||||
"type": "search",
|
|
||||||
"reason": "user_info_not_cached",
|
|
||||||
"app": ms.si.GetAppSlug(),
|
|
||||||
}).Inc()
|
|
||||||
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, errors.New("access denied")
|
return ldap.ServerSearchResult{ResultCode: ldap.LDAPResultInsufficientAccessRights}, errors.New("access denied")
|
||||||
}
|
}
|
||||||
accsp.Finish()
|
accsp.Finish()
|
||||||
|
|
|
@ -22,11 +22,6 @@ func (ls *LDAPServer) Unbind(boundDN string, conn net.Conn) (ldap.LDAPResultCode
|
||||||
"type": "unbind",
|
"type": "unbind",
|
||||||
"app": selectedApp,
|
"app": selectedApp,
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ls.ac.Outpost.Name,
|
|
||||||
"type": "unbind",
|
|
||||||
"app": selectedApp,
|
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)))
|
|
||||||
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Unbind request")
|
req.Log().WithField("took-ms", span.EndTime.Sub(span.StartTime).Milliseconds()).Info("Unbind request")
|
||||||
}()
|
}()
|
||||||
|
|
||||||
|
@ -55,11 +50,5 @@ func (ls *LDAPServer) Unbind(boundDN string, conn net.Conn) (ldap.LDAPResultCode
|
||||||
"reason": "no_provider",
|
"reason": "no_provider",
|
||||||
"app": "",
|
"app": "",
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ls.ac.Outpost.Name,
|
|
||||||
"type": "unbind",
|
|
||||||
"reason": "no_provider",
|
|
||||||
"app": "",
|
|
||||||
}).Inc()
|
|
||||||
return ldap.LDAPResultOperationsError, nil
|
return ldap.LDAPResultOperationsError, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -173,12 +173,6 @@ func NewApplication(p api.ProxyOutpostConfig, c *http.Client, server Server) (*A
|
||||||
"method": r.Method,
|
"method": r.Method,
|
||||||
"host": web.GetHost(r),
|
"host": web.GetHost(r),
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": a.outpostName,
|
|
||||||
"type": "app",
|
|
||||||
"method": r.Method,
|
|
||||||
"host": web.GetHost(r),
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
})
|
})
|
||||||
})
|
})
|
||||||
if server.API().GlobalConfig.ErrorReporting.Enabled {
|
if server.API().GlobalConfig.ErrorReporting.Enabled {
|
||||||
|
|
|
@ -64,13 +64,6 @@ func (a *Application) configureProxy() error {
|
||||||
"scheme": r.URL.Scheme,
|
"scheme": r.URL.Scheme,
|
||||||
"host": web.GetHost(r),
|
"host": web.GetHost(r),
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
metrics.UpstreamTimingLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": a.outpostName,
|
|
||||||
"upstream_host": r.URL.Host,
|
|
||||||
"method": r.Method,
|
|
||||||
"scheme": r.URL.Scheme,
|
|
||||||
"host": web.GetHost(r),
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
})
|
})
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -26,12 +26,6 @@ func (ps *ProxyServer) HandlePing(rw http.ResponseWriter, r *http.Request) {
|
||||||
"host": web.GetHost(r),
|
"host": web.GetHost(r),
|
||||||
"type": "ping",
|
"type": "ping",
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ps.akAPI.Outpost.Name,
|
|
||||||
"method": r.Method,
|
|
||||||
"host": web.GetHost(r),
|
|
||||||
"type": "ping",
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
|
func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
|
||||||
|
@ -44,12 +38,6 @@ func (ps *ProxyServer) HandleStatic(rw http.ResponseWriter, r *http.Request) {
|
||||||
"host": web.GetHost(r),
|
"host": web.GetHost(r),
|
||||||
"type": "static",
|
"type": "static",
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": ps.akAPI.Outpost.Name,
|
|
||||||
"method": r.Method,
|
|
||||||
"host": web.GetHost(r),
|
|
||||||
"type": "static",
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, string) {
|
func (ps *ProxyServer) lookupApp(r *http.Request) (*application.Application, string) {
|
||||||
|
|
|
@ -22,16 +22,6 @@ var (
|
||||||
Name: "authentik_outpost_proxy_upstream_response_duration_seconds",
|
Name: "authentik_outpost_proxy_upstream_response_duration_seconds",
|
||||||
Help: "Proxy upstream response latencies in seconds",
|
Help: "Proxy upstream response latencies in seconds",
|
||||||
}, []string{"outpost_name", "method", "scheme", "host", "upstream_host"})
|
}, []string{"outpost_name", "method", "scheme", "host", "upstream_host"})
|
||||||
|
|
||||||
// NOTE: the following metric is kept for compatibility purpose
|
|
||||||
RequestsLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_proxy_requests",
|
|
||||||
Help: "The total number of configured providers",
|
|
||||||
}, []string{"outpost_name", "method", "host", "type"})
|
|
||||||
UpstreamTimingLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_proxy_upstream_time",
|
|
||||||
Help: "A summary of the duration we wait for the upstream reply",
|
|
||||||
}, []string{"outpost_name", "method", "scheme", "host", "upstream_host"})
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func RunServer() {
|
func RunServer() {
|
||||||
|
|
|
@ -35,11 +35,6 @@ func (rs *RadiusServer) Handle_AccessRequest(w radius.ResponseWriter, r *RadiusR
|
||||||
"reason": "flow_error",
|
"reason": "flow_error",
|
||||||
"app": r.pi.appSlug,
|
"app": r.pi.appSlug,
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
|
||||||
"reason": "flow_error",
|
|
||||||
"app": r.pi.appSlug,
|
|
||||||
}).Inc()
|
|
||||||
_ = w.Write(r.Response(radius.CodeAccessReject))
|
_ = w.Write(r.Response(radius.CodeAccessReject))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -49,11 +44,6 @@ func (rs *RadiusServer) Handle_AccessRequest(w radius.ResponseWriter, r *RadiusR
|
||||||
"reason": "invalid_credentials",
|
"reason": "invalid_credentials",
|
||||||
"app": r.pi.appSlug,
|
"app": r.pi.appSlug,
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
|
||||||
"reason": "invalid_credentials",
|
|
||||||
"app": r.pi.appSlug,
|
|
||||||
}).Inc()
|
|
||||||
_ = w.Write(r.Response(radius.CodeAccessReject))
|
_ = w.Write(r.Response(radius.CodeAccessReject))
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
@ -66,11 +56,6 @@ func (rs *RadiusServer) Handle_AccessRequest(w radius.ResponseWriter, r *RadiusR
|
||||||
"reason": "access_check_fail",
|
"reason": "access_check_fail",
|
||||||
"app": r.pi.appSlug,
|
"app": r.pi.appSlug,
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
|
||||||
"reason": "access_check_fail",
|
|
||||||
"app": r.pi.appSlug,
|
|
||||||
}).Inc()
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if !access {
|
if !access {
|
||||||
|
@ -81,11 +66,6 @@ func (rs *RadiusServer) Handle_AccessRequest(w radius.ResponseWriter, r *RadiusR
|
||||||
"reason": "access_denied",
|
"reason": "access_denied",
|
||||||
"app": r.pi.appSlug,
|
"app": r.pi.appSlug,
|
||||||
}).Inc()
|
}).Inc()
|
||||||
metrics.RequestsRejectedLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
|
||||||
"reason": "access_denied",
|
|
||||||
"app": r.pi.appSlug,
|
|
||||||
}).Inc()
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
_ = w.Write(r.Response(radius.CodeAccessAccept))
|
_ = w.Write(r.Response(radius.CodeAccessAccept))
|
||||||
|
|
|
@ -47,10 +47,6 @@ func (rs *RadiusServer) ServeRADIUS(w radius.ResponseWriter, r *radius.Request)
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
"outpost_name": rs.ac.Outpost.Name,
|
||||||
"app": selectedApp,
|
"app": selectedApp,
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
}).Observe(float64(span.EndTime.Sub(span.StartTime)) / float64(time.Second))
|
||||||
metrics.RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"outpost_name": rs.ac.Outpost.Name,
|
|
||||||
"app": selectedApp,
|
|
||||||
}).Observe(float64(span.EndTime.Sub(span.StartTime)))
|
|
||||||
}()
|
}()
|
||||||
|
|
||||||
nr := &RadiusRequest{
|
nr := &RadiusRequest{
|
||||||
|
|
|
@ -22,16 +22,6 @@ var (
|
||||||
Name: "authentik_outpost_radius_requests_rejected_total",
|
Name: "authentik_outpost_radius_requests_rejected_total",
|
||||||
Help: "Total number of rejected requests",
|
Help: "Total number of rejected requests",
|
||||||
}, []string{"outpost_name", "reason", "app"})
|
}, []string{"outpost_name", "reason", "app"})
|
||||||
|
|
||||||
// NOTE: the following metric is kept for compatibility purpose
|
|
||||||
RequestsLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_outpost_radius_requests",
|
|
||||||
Help: "The total number of successful requests",
|
|
||||||
}, []string{"outpost_name", "app"})
|
|
||||||
RequestsRejectedLegacy = promauto.NewCounterVec(prometheus.CounterOpts{
|
|
||||||
Name: "authentik_outpost_radius_requests_rejected",
|
|
||||||
Help: "Total number of rejected requests",
|
|
||||||
}, []string{"outpost_name", "reason", "app"})
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func RunServer() {
|
func RunServer() {
|
||||||
|
|
|
@ -19,12 +19,6 @@ var (
|
||||||
Name: "authentik_main_request_duration_seconds",
|
Name: "authentik_main_request_duration_seconds",
|
||||||
Help: "API request latencies in seconds",
|
Help: "API request latencies in seconds",
|
||||||
}, []string{"dest"})
|
}, []string{"dest"})
|
||||||
|
|
||||||
// NOTE: the following metric is kept for compatibility purpose
|
|
||||||
RequestsLegacy = promauto.NewHistogramVec(prometheus.HistogramOpts{
|
|
||||||
Name: "authentik_main_requests",
|
|
||||||
Help: "The total number of configured providers",
|
|
||||||
}, []string{"dest"})
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (ws *WebServer) runMetricsServer() {
|
func (ws *WebServer) runMetricsServer() {
|
||||||
|
|
|
@ -40,9 +40,6 @@ func (ws *WebServer) configureProxy() {
|
||||||
Requests.With(prometheus.Labels{
|
Requests.With(prometheus.Labels{
|
||||||
"dest": "embedded_outpost",
|
"dest": "embedded_outpost",
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"dest": "embedded_outpost",
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
ws.proxyErrorHandler(rw, r, errors.New("proxy not running"))
|
ws.proxyErrorHandler(rw, r, errors.New("proxy not running"))
|
||||||
|
@ -62,9 +59,6 @@ func (ws *WebServer) configureProxy() {
|
||||||
Requests.With(prometheus.Labels{
|
Requests.With(prometheus.Labels{
|
||||||
"dest": "embedded_outpost",
|
"dest": "embedded_outpost",
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"dest": "embedded_outpost",
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -72,9 +66,6 @@ func (ws *WebServer) configureProxy() {
|
||||||
Requests.With(prometheus.Labels{
|
Requests.With(prometheus.Labels{
|
||||||
"dest": "core",
|
"dest": "core",
|
||||||
}).Observe(float64(elapsed) / float64(time.Second))
|
}).Observe(float64(elapsed) / float64(time.Second))
|
||||||
RequestsLegacy.With(prometheus.Labels{
|
|
||||||
"dest": "core",
|
|
||||||
}).Observe(float64(elapsed))
|
|
||||||
r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024)
|
r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024)
|
||||||
rp.ServeHTTP(rw, r)
|
rp.ServeHTTP(rw, r)
|
||||||
}))
|
}))
|
||||||
|
|
52
website/docs/releases/2024/v2024.1.md
Normal file
52
website/docs/releases/2024/v2024.1.md
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
---
|
||||||
|
title: Release 2024.1
|
||||||
|
slug: "/releases/2024.1"
|
||||||
|
---
|
||||||
|
|
||||||
|
## Breaking changes
|
||||||
|
|
||||||
|
- Removal of deprecated metrics
|
||||||
|
|
||||||
|
- `authentik_outpost_flow_timing_get` -> `authentik_outpost_flow_timing_get_seconds`
|
||||||
|
- `authentik_outpost_flow_timing_post` -> `authentik_outpost_flow_timing_post_seconds`
|
||||||
|
- `authentik_outpost_ldap_requests` -> `authentik_outpost_ldap_request_duration_seconds`
|
||||||
|
- `authentik_outpost_ldap_requests_rejected` -> `authentik_outpost_ldap_requests_rejected_total`
|
||||||
|
- `authentik_outpost_proxy_requests` -> `authentik_outpost_proxy_request_duration_seconds`
|
||||||
|
- `authentik_outpost_proxy_upstream_time` -> `authentik_outpost_proxy_upstream_response_duration_seconds`
|
||||||
|
- `authentik_outpost_radius_requests` -> `authentik_outpost_radius_request_duration_seconds`
|
||||||
|
- `authentik_outpost_radius_requests_rejected` -> `authentik_outpost_radius_requests_rejected_total`
|
||||||
|
- `authentik_main_requests` -> `authentik_main_request_duration_seconds`
|
||||||
|
|
||||||
|
## New features
|
||||||
|
|
||||||
|
## Upgrading
|
||||||
|
|
||||||
|
This release does not introduce any new requirements.
|
||||||
|
|
||||||
|
### docker-compose
|
||||||
|
|
||||||
|
To upgrade, download the new docker-compose file and update the Docker stack with the new version, using these commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
wget -O docker-compose.yml https://goauthentik.io/version/2024.1/docker-compose.yml
|
||||||
|
docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
The `-O` flag retains the downloaded file's name, overwriting any existing local file with the same name.
|
||||||
|
|
||||||
|
### Kubernetes
|
||||||
|
|
||||||
|
Upgrade the Helm Chart to the new version, using the following commands:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
helm repo update
|
||||||
|
helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.1
|
||||||
|
```
|
||||||
|
|
||||||
|
## Minor changes/fixes
|
||||||
|
|
||||||
|
<!-- _Insert the output of `make gen-changelog` here_ -->
|
||||||
|
|
||||||
|
## API Changes
|
||||||
|
|
||||||
|
<!-- _Insert output of `make gen-diff` here_ -->
|
Reference in a new issue