Add auth attemp metrics

2020-08-26 15:42:40 +01:00 · 2020-08-26 15:42:40 +01:00 · 6f98f84ae2
parent 8093653362
commit 6f98f84ae2
2 changed files with 8 additions and 1 deletions
--- a/3
+++ b/3
@ -118,7 +118,8 @@ define PROJECT_ENV
 	    {writer_gc_threshold, 1000000000},
 	    %% interval at which connection/channel tracking executes post operations
 	    {tracking_execution_timeout, 15000},
-	    {stream_messages_soft_limit, 256}
+	    {stream_messages_soft_limit, 256},
+        {return_per_user_auth_attempt_metrics, false}
 	  ]
 endef

--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@ -1413,15 +1413,19 @@ auth_phase(Response,
                                       auth_mechanism = {Name, AuthMechanism},
                                       auth_state     = AuthState},
                       sock = Sock}) ->
+    Ip = list_to_binary(inet:ntoa(Connection#connection.host)),
    case AuthMechanism:handle_response(Response, AuthState) of
        {refused, Username, Msg, Args} ->
+            rabbit_core_metrics:auth_attempt_failed(Ip, Username),
            auth_fail(Username, Msg, Args, Name, State);
        {protocol_error, Msg, Args} ->
+            rabbit_core_metrics:auth_attempt_failed(Ip, ""),
            notify_auth_result(none, user_authentication_failure,
                               [{error, rabbit_misc:format(Msg, Args)}],
                               State),
            rabbit_misc:protocol_error(syntax_error, Msg, Args);
        {challenge, Challenge, AuthState1} ->
+            rabbit_core_metrics:auth_attempt_succeeded(Ip, ""),
            Secure = #'connection.secure'{challenge = Challenge},
            ok = send_on_channel0(Sock, Secure, Protocol),
            State#v1{connection = Connection#connection{
@ -1429,9 +1433,11 @@ auth_phase(Response,
        {ok, User = #user{username = Username}} ->
            case rabbit_access_control:check_user_loopback(Username, Sock) of
                ok ->
+                    rabbit_core_metrics:auth_attempt_succeeded(Ip, Username),
                    notify_auth_result(Username, user_authentication_success,
                                       [], State);
                not_allowed ->
+                    rabbit_core_metrics:auth_attempt_failed(Ip, Username),
                    auth_fail(Username, "user '~s' can only connect via "
                              "localhost", [Username], Name, State)
            end,