*: add additional prometheus metrics, remove unusable high entropy metrics

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

authentik/core/expression/evaluator.py

@@ -1,8 +1,9 @@
 """Property Mapping Evaluator"""
-from typing import Optional
+from typing import Any, Optional
 
 from django.db.models import Model
 from django.http import HttpRequest
+from prometheus_client import Histogram
 
 from authentik.core.models import User
 from authentik.events.models import Event, EventAction
@@ -10,6 +11,12 @@ from authentik.lib.expression.evaluator import BaseEvaluator
 from authentik.lib.utils.errors import exception_to_string
 from authentik.policies.types import PolicyRequest
 
+PROPERTY_MAPPING_TIME = Histogram(
+    "authentik_property_mapping_execution_time",
+    "Evaluation time of property mappings",
+    ["mapping_name"],
+)
+
 
 class PropertyMappingEvaluator(BaseEvaluator):
     """Custom Evaluator that adds some different context variables."""
@@ -49,3 +56,7 @@ class PropertyMappingEvaluator(BaseEvaluator):
             event.from_http(req.http_request, req.user)
             return
         event.save()
+
+    def evaluate(self, *args, **kwargs) -> Any:
+        with PROPERTY_MAPPING_TIME.labels(mapping_name=self._filename).time():
+            return super().evaluate(*args, **kwargs)

authentik/flows/planner.py

@@ -261,7 +261,6 @@ class FlowPlanner:
                     marker = ReevaluateMarker(binding=binding)
                 if stage:
                     plan.append(binding, marker)
-            HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug)
         self._logger.debug(
             "f(plan): finished building",
         )

authentik/flows/stage.py

@@ -7,6 +7,7 @@ from django.http.request import QueryDict
 from django.http.response import HttpResponse
 from django.urls import reverse
 from django.views.generic.base import View
+from prometheus_client import Histogram
 from rest_framework.request import Request
 from sentry_sdk.hub import Hub
 from structlog.stdlib import BoundLogger, get_logger
@@ -31,6 +32,11 @@ if TYPE_CHECKING:
     from authentik.flows.views.executor import FlowExecutorView
 
 PLAN_CONTEXT_PENDING_USER_IDENTIFIER = "pending_user_identifier"
+HIST_FLOWS_STAGE_TIME = Histogram(
+    "authentik_flows_stage_time",
+    "Duration taken by different parts of stages",
+    ["stage_type", "method"],
+)
 
 
 class StageView(View):
@@ -109,14 +115,24 @@ class ChallengeStageView(StageView):
                     keep_context=keep_context,
                 )
                 return self.executor.restart_flow(keep_context)
-            with Hub.current.start_span(
-                op="authentik.flow.stage.challenge_invalid",
-                description=self.__class__.__name__,
+            with (
+                Hub.current.start_span(
+                    op="authentik.flow.stage.challenge_invalid",
+                    description=self.__class__.__name__,
+                ),
+                HIST_FLOWS_STAGE_TIME.labels(
+                    stage_type=self.__class__.__name__, method="challenge_invalid"
+                ).time(),
             ):
                 return self.challenge_invalid(challenge)
-        with Hub.current.start_span(
-            op="authentik.flow.stage.challenge_valid",
-            description=self.__class__.__name__,
+        with (
+            Hub.current.start_span(
+                op="authentik.flow.stage.challenge_valid",
+                description=self.__class__.__name__,
+            ),
+            HIST_FLOWS_STAGE_TIME.labels(
+                stage_type=self.__class__.__name__, method="challenge_valid"
+            ).time(),
         ):
             return self.challenge_valid(challenge)
 
@@ -135,9 +151,14 @@ class ChallengeStageView(StageView):
             return self.executor.flow.title
 
     def _get_challenge(self, *args, **kwargs) -> Challenge:
-        with Hub.current.start_span(
-            op="authentik.flow.stage.get_challenge",
-            description=self.__class__.__name__,
+        with (
+            Hub.current.start_span(
+                op="authentik.flow.stage.get_challenge",
+                description=self.__class__.__name__,
+            ),
+            HIST_FLOWS_STAGE_TIME.labels(
+                stage_type=self.__class__.__name__, method="get_challenge"
+            ).time(),
         ):
             challenge = self.get_challenge(*args, **kwargs)
         with Hub.current.start_span(

authentik/policies/apps.py

@@ -7,11 +7,6 @@ GAUGE_POLICIES_CACHED = Gauge(
     "authentik_policies_cached",
     "Cached Policies",
 )
-HIST_POLICIES_BUILD_TIME = Histogram(
-    "authentik_policies_build_time",
-    "Execution times complete policy result to an object",
-    ["object_pk", "object_type"],
-)
 
 HIST_POLICIES_EXECUTION_TIME = Histogram(
     "authentik_policies_execution_time",

authentik/policies/engine.py

@@ -10,7 +10,6 @@ from sentry_sdk.tracing import Span
 from structlog.stdlib import BoundLogger, get_logger
 
 from authentik.core.models import User
-from authentik.policies.apps import HIST_POLICIES_BUILD_TIME
 from authentik.policies.exceptions import PolicyEngineException
 from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode
 from authentik.policies.process import PolicyProcess, cache_key
@@ -86,10 +85,6 @@ class PolicyEngine:
                 op="authentik.policy.engine.build",
                 description=self.__pbm,
             ) as span,
-            HIST_POLICIES_BUILD_TIME.labels(
-                object_pk=str(self.__pbm.pk),
-                object_type=f"{self.__pbm._meta.app_label}.{self.__pbm._meta.model_name}",
-            ).time(),
         ):
             span: Span
             span.set_data("pbm", self.__pbm)

internal/web/proxy.go

@@ -59,7 +59,7 @@ func (ws *WebServer) configureProxy() {
 			}
 		}
 		Requests.With(prometheus.Labels{
-			"dest": "py",
+			"dest": "core",
 		}).Observe(float64(time.Since(before)))
 		r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024)
 		rp.ServeHTTP(rw, r)