diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-15 17:34:46 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-16 11:28:10 +0100 |
commit | 3527d1bb4128662e5aafd92ec98c6c0b629f5e3e (patch) | |
tree | 98fd5e6cc1596cddb72d98956cfd48b466d2dc24 /security-utils | |
parent | 02013ebda915ec943f0d83ff1ca70b67852e534e (diff) |
Add metrics for capability checks
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | 3 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TlsMetrics.java | 36 |
2 files changed, 39 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java index f231e8429ce..d7ea93955af 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java @@ -49,6 +49,7 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, if (capabilityMode == DISABLE) return; boolean hasCapabilities = capabilities.has(requiredCapabilities); if (!hasCapabilities) { + TlsMetrics.instance().incrementCapabilitiesFailed(); String msg = createPermissionDeniedErrorMessage(requiredCapabilities, action, resource, peer); if (capabilityMode == LOG_ONLY) { log.info(msg); @@ -57,6 +58,8 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, log.fine(msg); throw new MissingCapabilitiesException(msg); } + } else { + TlsMetrics.instance().incrementCapabilitiesSucceeded(); } } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsMetrics.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsMetrics.java new file mode 100644 index 00000000000..1e9561a5b82 --- /dev/null +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsMetrics.java @@ -0,0 +1,36 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.security.tls; + +import java.util.concurrent.atomic.AtomicLong; + +/** + * @author bjorncs + */ +public class TlsMetrics { + private static final TlsMetrics instance = new TlsMetrics(); + + private final AtomicLong capabilitiesSucceeded = new AtomicLong(0); + private final AtomicLong capabilitiesFailed = new AtomicLong(0); + + private TlsMetrics() {} + + public static TlsMetrics instance() { return instance; } + + void incrementCapabilitiesSucceeded() { capabilitiesSucceeded.incrementAndGet(); } + void incrementCapabilitiesFailed() { capabilitiesFailed.incrementAndGet(); } + public Snapshot snapshot() { return new Snapshot(this); } + + public record Snapshot(long capabilitiesSucceeded, long capabilitiesFailed) { + public static final Snapshot EMPTY = new Snapshot(0, 0); + private Snapshot(TlsMetrics m) { this(m.capabilitiesSucceeded.get(), m.capabilitiesFailed.get()); } + public Diff changesSince(Snapshot previous) { return new Diff(this, previous); } + } + + public record Diff(long capabilitiesSucceeded, long capabilitiesFailed) { + private Diff(Snapshot current, Snapshot previous) { + this(current.capabilitiesSucceeded - previous.capabilitiesSucceeded, + current.capabilitiesFailed - previous.capabilitiesFailed); + } + } +} |