Counter that increments on every secret engine lease creation. (#9244)

2020-06-18 15:36:21 -05:00 · 2020-06-18 15:36:21 -05:00 · 239b2375aa
parent 7502813335
commit 239b2375aa
2 changed files with 59 additions and 0 deletions
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@ -841,6 +841,19 @@ func (c *Core) handleRequest(ctx context.Context, req *logical.Request) (retResp
 			// 26399 instead of 26400, say, even if it's just a few
 			// microseconds. This provides a nicer UX.
 			resp.Secret.TTL = le.ExpireTime.Sub(time.Now()).Round(time.Second)
+
+			// Count the lease creation
+			ttl_label := metricsutil.TTLBucket(resp.Secret.TTL)
+			c.MetricSink().IncrCounterWithLabels(
+				[]string{"secret", "lease", "creation"},
+				1,
+				[]metrics.Label{
+					metricsutil.NamespaceLabel(ns),
+					{"secret_engine", req.MountType},
+					{"mount_point", req.MountPoint},
+					{"creation_ttl", ttl_label},
+				},
+			)
 		}
 	}

--- a/vault/request_handling_test.go
+++ b/vault/request_handling_test.go
@ -297,3 +297,49 @@ func TestRequestHandling_LoginMetric(t *testing.T) {
 	)

 }
+
+func TestRequestHandling_SecretLeaseMetric(t *testing.T) {
+	core, _, root := TestCoreUnsealed(t)
+
+	inmemSink := metrics.NewInmemSink(
+		1000000*time.Hour,
+		2000000*time.Hour)
+	core.metricSink = &metricsutil.ClusterMetricSink{
+		ClusterName: "test-cluster",
+		Sink:        inmemSink,
+	}
+
+	// Create a key with a lease
+	req := logical.TestRequest(t, logical.UpdateOperation, "secret/foo")
+	req.Data["foo"] = "bar"
+	req.ClientToken = root
+	resp, err := core.HandleRequest(namespace.RootContext(nil), req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if resp != nil {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	// Read a key with a LeaseID
+	req = logical.TestRequest(t, logical.ReadOperation, "secret/foo")
+	req.ClientToken = root
+	req.SetTokenEntry(&logical.TokenEntry{ID: root, NamespaceID: "root", Policies: []string{"root"}})
+	resp, err = core.HandleRequest(namespace.RootContext(nil), req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+	if resp == nil || resp.Secret == nil || resp.Secret.LeaseID == "" {
+		t.Fatalf("bad: %#v", resp)
+	}
+
+	checkCounter(t, inmemSink, "secret.lease.creation",
+		map[string]string{
+			"cluster":       "test-cluster",
+			"namespace":     "root",
+			"secret_engine": "kv",
+			"mount_point":   "secret/",
+			"creation_ttl":  "+Inf",
+		},
+	)
+}