trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

*: add additional prometheus metrics, remove unusable high entropy metrics 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-02-19 17:08:40 +01:00
parent 069e9c015b
commit 0874574e5c
No known key found for this signature in database
6 changed files with 43 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
authentik/core/expression/evaluator.py
View File

@ -1,8 +1,9 @@
"""Property Mapping Evaluator""" """Property Mapping Evaluator"""
from typing import Optional from typing import Any, Optional
from django.db.models import Model from django.db.models import Model
from django.http import HttpRequest from django.http import HttpRequest
from prometheus_client import Histogram
from authentik.core.models import User from authentik.core.models import User
from authentik.events.models import Event, EventAction from authentik.events.models import Event, EventAction
@ -10,6 +11,12 @@ from authentik.lib.expression.evaluator import BaseEvaluator
from authentik.lib.utils.errors import exception_to_string from authentik.lib.utils.errors import exception_to_string
from authentik.policies.types import PolicyRequest from authentik.policies.types import PolicyRequest
PROPERTY_MAPPING_TIME = Histogram(
"authentik_property_mapping_execution_time",
"Evaluation time of property mappings",
["mapping_name"],
)
class PropertyMappingEvaluator(BaseEvaluator): class PropertyMappingEvaluator(BaseEvaluator):
"""Custom Evaluator that adds some different context variables.""" """Custom Evaluator that adds some different context variables."""
@ -49,3 +56,7 @@ class PropertyMappingEvaluator(BaseEvaluator):
event.from_http(req.http_request, req.user) event.from_http(req.http_request, req.user)
return return
event.save() event.save()
def evaluate(self, *args, **kwargs) -> Any:
with PROPERTY_MAPPING_TIME.labels(mapping_name=self._filename).time():
return super().evaluate(*args, **kwargs)

1
authentik/flows/planner.py
View File

@ -261,7 +261,6 @@ class FlowPlanner:
marker = ReevaluateMarker(binding=binding) marker = ReevaluateMarker(binding=binding)
if stage: if stage:
plan.append(binding, marker) plan.append(binding, marker)
HIST_FLOWS_PLAN_TIME.labels(flow_slug=self.flow.slug)
self._logger.debug( self._logger.debug(
"f(plan): finished building", "f(plan): finished building",
) )

39
authentik/flows/stage.py
View File

@ -7,6 +7,7 @@ from django.http.request import QueryDict
from django.http.response import HttpResponse from django.http.response import HttpResponse
from django.urls import reverse from django.urls import reverse
from django.views.generic.base import View from django.views.generic.base import View
from prometheus_client import Histogram
from rest_framework.request import Request from rest_framework.request import Request
from sentry_sdk.hub import Hub from sentry_sdk.hub import Hub
from structlog.stdlib import BoundLogger, get_logger from structlog.stdlib import BoundLogger, get_logger
@ -31,6 +32,11 @@ if TYPE_CHECKING:
from authentik.flows.views.executor import FlowExecutorView from authentik.flows.views.executor import FlowExecutorView
PLAN_CONTEXT_PENDING_USER_IDENTIFIER = "pending_user_identifier" PLAN_CONTEXT_PENDING_USER_IDENTIFIER = "pending_user_identifier"
HIST_FLOWS_STAGE_TIME = Histogram(
"authentik_flows_stage_time",
"Duration taken by different parts of stages",
["stage_type", "method"],
)
class StageView(View): class StageView(View):
@ -109,14 +115,24 @@ class ChallengeStageView(StageView):
keep_context=keep_context, keep_context=keep_context,
) )
return self.executor.restart_flow(keep_context) return self.executor.restart_flow(keep_context)
with Hub.current.start_span( with (
op="authentik.flow.stage.challenge_invalid", Hub.current.start_span(
description=self.__class__.__name__, op="authentik.flow.stage.challenge_invalid",
description=self.__class__.__name__,
),
HIST_FLOWS_STAGE_TIME.labels(
stage_type=self.__class__.__name__, method="challenge_invalid"
).time(),
): ):
return self.challenge_invalid(challenge) return self.challenge_invalid(challenge)
with Hub.current.start_span( with (
op="authentik.flow.stage.challenge_valid", Hub.current.start_span(
description=self.__class__.__name__, op="authentik.flow.stage.challenge_valid",
description=self.__class__.__name__,
),
HIST_FLOWS_STAGE_TIME.labels(
stage_type=self.__class__.__name__, method="challenge_valid"
).time(),
): ):
return self.challenge_valid(challenge) return self.challenge_valid(challenge)
@ -135,9 +151,14 @@ class ChallengeStageView(StageView):
return self.executor.flow.title return self.executor.flow.title
def _get_challenge(self, *args, **kwargs) -> Challenge: def _get_challenge(self, *args, **kwargs) -> Challenge:
with Hub.current.start_span( with (
op="authentik.flow.stage.get_challenge", Hub.current.start_span(
description=self.__class__.__name__, op="authentik.flow.stage.get_challenge",
description=self.__class__.__name__,
),
HIST_FLOWS_STAGE_TIME.labels(
stage_type=self.__class__.__name__, method="get_challenge"
).time(),
): ):
challenge = self.get_challenge(*args, **kwargs) challenge = self.get_challenge(*args, **kwargs)
with Hub.current.start_span( with Hub.current.start_span(

5
authentik/policies/apps.py
View File

@ -7,11 +7,6 @@ GAUGE_POLICIES_CACHED = Gauge(
"authentik_policies_cached", "authentik_policies_cached",
"Cached Policies", "Cached Policies",
) )
HIST_POLICIES_BUILD_TIME = Histogram(
"authentik_policies_build_time",
"Execution times complete policy result to an object",
["object_pk", "object_type"],
)
HIST_POLICIES_EXECUTION_TIME = Histogram( HIST_POLICIES_EXECUTION_TIME = Histogram(
"authentik_policies_execution_time", "authentik_policies_execution_time",

5
authentik/policies/engine.py
View File

@ -10,7 +10,6 @@ from sentry_sdk.tracing import Span
from structlog.stdlib import BoundLogger, get_logger from structlog.stdlib import BoundLogger, get_logger
from authentik.core.models import User from authentik.core.models import User
from authentik.policies.apps import HIST_POLICIES_BUILD_TIME
from authentik.policies.exceptions import PolicyEngineException from authentik.policies.exceptions import PolicyEngineException
from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode
from authentik.policies.process import PolicyProcess, cache_key from authentik.policies.process import PolicyProcess, cache_key
@ -86,10 +85,6 @@ class PolicyEngine:
op="authentik.policy.engine.build", op="authentik.policy.engine.build",
description=self.__pbm, description=self.__pbm,
) as span, ) as span,
HIST_POLICIES_BUILD_TIME.labels(
object_pk=str(self.__pbm.pk),
object_type=f"{self.__pbm._meta.app_label}.{self.__pbm._meta.model_name}",
).time(),
): ):
span: Span span: Span
span.set_data("pbm", self.__pbm) span.set_data("pbm", self.__pbm)

2
internal/web/proxy.go
View File

@ -59,7 +59,7 @@ func (ws *WebServer) configureProxy() {
} }
} }
Requests.With(prometheus.Labels{ Requests.With(prometheus.Labels{
"dest": "py", "dest": "core",
}).Observe(float64(time.Since(before))) }).Observe(float64(time.Since(before)))
r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024) r.Body = http.MaxBytesReader(rw, r.Body, 32*1024*1024)
rp.ServeHTTP(rw, r) rp.ServeHTTP(rw, r)