Split auth attempt metrics into global and detailed

GC collection can then be done by deleting all entries on the ETS table and total counters per protocol can be kept without individually scanning all entries
2020-09-22 16:32:07 +01:00 · 2020-09-22 16:32:07 +01:00 · 0d09fb0a85
parent 4c6251d3fb
commit 0d09fb0a85
2 changed files with 23 additions and 10 deletions
--- a/deps/rabbit_common/include/rabbit_core_metrics.hrl
+++ b/deps/rabbit_common/include/rabbit_core_metrics.hrl
@ -25,7 +25,8 @@
                      {connection_churn_metrics, set}]).

 -define(CORE_EXTRA_TABLES, [{gen_server2_metrics, set},
-                            {auth_attempt_metrics, set}]).
+                            {auth_attempt_metrics, set},
+                            {auth_attempt_detailed_metrics, set}]).

 -define(CONNECTION_CHURN_METRICS, {node(), 0, 0, 0, 0, 0, 0, 0}).

--- a/deps/rabbit_common/src/rabbit_core_metrics.erl
+++ b/deps/rabbit_common/src/rabbit_core_metrics.erl
@ -401,22 +401,34 @@ auth_attempt_failed(RemoteAddress, Username, Protocol) ->
 update_auth_attempt(RemoteAddress, Username, Protocol, Incr) ->
    %% It should default to false as per ip/user metrics could keep growing indefinitely
    %% It's up to the operator to enable them, and reset it required
-    Key = case application:get_env(rabbit, track_auth_attempt_source) of
-             {ok, true} ->
-                 {RemoteAddress, Username, Protocol};
-             {ok, false} ->
-                 {<<>>, <<>>, Protocol}
-             end,
-    _ = ets:update_counter(auth_attempt_metrics, Key, Incr, {Key, 0, 0, 0}),
+    case application:get_env(rabbit, track_auth_attempt_source) of
+        {ok, true} ->
+            case {RemoteAddress, Username} of
+                {<<>>, <<>>} ->
+                    ok;
+                _ ->
+                    Key = {RemoteAddress, Username, Protocol},
+                    _ = ets:update_counter(auth_attempt_detailed_metrics, Key, Incr, {Key, 0, 0, 0})
+            end;
+        {ok, false} ->
+            ok
+    end,
+    _ = ets:update_counter(auth_attempt_metrics, Protocol, Incr, {Protocol, 0, 0, 0}),
    ok.

 reset_auth_attempt_metrics() ->
    ets:delete_all_objects(auth_attempt_metrics),
+    ets:delete_all_objects(auth_attempt_detailed_metrics),
    ok.

 get_auth_attempts() ->
-    [format_auth_attempt(A) || A <- ets:tab2list(auth_attempt_metrics)].
+    [format_auth_attempt(A) || A <- ets:tab2list(auth_attempt_metrics)] ++
+        [format_auth_attempt(A) || A <- ets:tab2list(auth_attempt_detailed_metrics)].

 format_auth_attempt({{RemoteAddress, Username, Protocol}, Total, Succeeded, Failed}) ->
-    [{ip, RemoteAddress}, {username, Username}, {protocol, Protocol}, {auth_attempts, Total},
+    [{remote_address, RemoteAddress}, {username, Username},
+     {protocol, atom_to_binary(Protocol, utf8)}, {auth_attempts, Total},
+     {auth_attempts_failed, Failed}, {auth_attempts_succeeded, Succeeded}];
+format_auth_attempt({Protocol, Total, Succeeded, Failed}) ->
+    [{protocol, atom_to_binary(Protocol, utf8)}, {auth_attempts, Total},
     {auth_attempts_failed, Failed}, {auth_attempts_succeeded, Succeeded}].