From e9e3b4995b3280c085be50ec376eb5265ef4c1af Mon Sep 17 00:00:00 2001 From: Kit Haines Date: Tue, 23 Aug 2022 12:17:17 -0400 Subject: [PATCH] Add _remaining tidy metrics. (#16702) * Add _remaining tidy metrics. * Add two extra metrics during tidy. * Update test and documentation for remaining tidy metrics. --- builtin/logical/pki/backend_test.go | 14 ++++++++------ builtin/logical/pki/path_tidy.go | 5 +++-- changelog/16702.txt | 3 +++ website/content/docs/internals/telemetry.mdx | 2 ++ 4 files changed, 16 insertions(+), 8 deletions(-) create mode 100644 changelog/16702.txt diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index d584111db..4b8b2db4e 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -3902,13 +3902,15 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) { } // Check the tidy metrics { - // Map of gagues to expected value + // Map of gauges to expected value expectedGauges := map[string]float32{ - "secrets.pki.tidy.cert_store_current_entry": 0, - "secrets.pki.tidy.cert_store_total_entries": 1, - "secrets.pki.tidy.revoked_cert_current_entry": 0, - "secrets.pki.tidy.revoked_cert_total_entries": 1, - "secrets.pki.tidy.start_time_epoch": 0, + "secrets.pki.tidy.cert_store_current_entry": 0, + "secrets.pki.tidy.cert_store_total_entries": 1, + "secrets.pki.tidy.revoked_cert_current_entry": 0, + "secrets.pki.tidy.revoked_cert_total_entries": 1, + "secrets.pki.tidy.start_time_epoch": 0, + "secrets.pki.tidy.cert_store_total_entries_remaining": 0, + "secrets.pki.tidy.revoked_cert_total_entries_remaining": 0, } // Map of counters to the sum of the metrics for that counter expectedCounters := map[string]float64{ diff --git a/builtin/logical/pki/path_tidy.go b/builtin/logical/pki/path_tidy.go index 556e4c348..737e5379b 100644 --- a/builtin/logical/pki/path_tidy.go +++ b/builtin/logical/pki/path_tidy.go @@ -154,6 +154,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr b.tidyStatusIncCertStoreCount() } } + metrics.SetGauge([]string{"secrets", "pki", "tidy", "cert_store_total_entries_remaining"}, float32(uint(serialCount)-b.tidyStatus.certStoreDeletedCount)) } if tidyRevokedCerts || tidyRevocationList { @@ -223,7 +224,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr b.tidyStatusIncRevokedCertCount() } } - + metrics.SetGauge([]string{"secrets", "pki", "tidy", "revoked_cert_total_entries_remaining"}, float32(uint(revokedSerialsCount)-b.tidyStatus.revokedCertDeletedCount)) if rebuildCRL { if err := b.crlBuilder.rebuild(ctx, b, req, false); err != nil { return err @@ -301,7 +302,7 @@ func (b *backend) pathTidyStatusRead(_ context.Context, _ *logical.Request, _ *f resp.Data["time_finished"] = b.tidyStatus.timeFinished resp.Data["error"] = b.tidyStatus.err.Error() // Don't clear the message so that it serves as a hint about when - // the error ocurred. + // the error occurred. } return resp, nil diff --git a/changelog/16702.txt b/changelog/16702.txt new file mode 100644 index 000000000..a19764675 --- /dev/null +++ b/changelog/16702.txt @@ -0,0 +1,3 @@ +```release-note:improvement +secrets/pki/tidy: Add another pair of metrics counting certificates not deleted by the tidy operation. +``` diff --git a/website/content/docs/internals/telemetry.mdx b/website/content/docs/internals/telemetry.mdx index 2e60e712f..a830f3cf0 100644 --- a/website/content/docs/internals/telemetry.mdx +++ b/website/content/docs/internals/telemetry.mdx @@ -314,11 +314,13 @@ These metrics relate to the supported [secrets engines][secrets-engines]. | `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge | | `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter | | `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge | +| `secrets.pki.tidy.cert_store_total_entries_remaining` | Number of entries in the certificate store that are left after the tidy operation (checked but not removed). | entry | gauge | | `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary | | `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter | | `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge | | `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter | | `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge | +| `secrets.pki.tidy.revoked_cert_total_entries_remaining` | Number of entries in the certificate store for revoked certificates that are left after the tidy operation (checked but not removed). | entry | gauge | | `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge | | `secrets.pki.tidy.success` | Number of times the PKI tidy operation has completed succcessfully | operations | counter | | `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge |