Add _remaining tidy metrics. (#16702)

* Add _remaining tidy metrics.

* Add two extra metrics during tidy.

* Update test and documentation for remaining tidy metrics.
This commit is contained in:
Kit Haines 2022-08-23 12:17:17 -04:00 committed by GitHub
parent c6bc8db441
commit e9e3b4995b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 8 deletions

View File

@ -3902,13 +3902,15 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
} }
// Check the tidy metrics // Check the tidy metrics
{ {
// Map of gagues to expected value // Map of gauges to expected value
expectedGauges := map[string]float32{ expectedGauges := map[string]float32{
"secrets.pki.tidy.cert_store_current_entry": 0, "secrets.pki.tidy.cert_store_current_entry": 0,
"secrets.pki.tidy.cert_store_total_entries": 1, "secrets.pki.tidy.cert_store_total_entries": 1,
"secrets.pki.tidy.revoked_cert_current_entry": 0, "secrets.pki.tidy.revoked_cert_current_entry": 0,
"secrets.pki.tidy.revoked_cert_total_entries": 1, "secrets.pki.tidy.revoked_cert_total_entries": 1,
"secrets.pki.tidy.start_time_epoch": 0, "secrets.pki.tidy.start_time_epoch": 0,
"secrets.pki.tidy.cert_store_total_entries_remaining": 0,
"secrets.pki.tidy.revoked_cert_total_entries_remaining": 0,
} }
// Map of counters to the sum of the metrics for that counter // Map of counters to the sum of the metrics for that counter
expectedCounters := map[string]float64{ expectedCounters := map[string]float64{

View File

@ -154,6 +154,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
b.tidyStatusIncCertStoreCount() b.tidyStatusIncCertStoreCount()
} }
} }
metrics.SetGauge([]string{"secrets", "pki", "tidy", "cert_store_total_entries_remaining"}, float32(uint(serialCount)-b.tidyStatus.certStoreDeletedCount))
} }
if tidyRevokedCerts || tidyRevocationList { if tidyRevokedCerts || tidyRevocationList {
@ -223,7 +224,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
b.tidyStatusIncRevokedCertCount() b.tidyStatusIncRevokedCertCount()
} }
} }
metrics.SetGauge([]string{"secrets", "pki", "tidy", "revoked_cert_total_entries_remaining"}, float32(uint(revokedSerialsCount)-b.tidyStatus.revokedCertDeletedCount))
if rebuildCRL { if rebuildCRL {
if err := b.crlBuilder.rebuild(ctx, b, req, false); err != nil { if err := b.crlBuilder.rebuild(ctx, b, req, false); err != nil {
return err return err
@ -301,7 +302,7 @@ func (b *backend) pathTidyStatusRead(_ context.Context, _ *logical.Request, _ *f
resp.Data["time_finished"] = b.tidyStatus.timeFinished resp.Data["time_finished"] = b.tidyStatus.timeFinished
resp.Data["error"] = b.tidyStatus.err.Error() resp.Data["error"] = b.tidyStatus.err.Error()
// Don't clear the message so that it serves as a hint about when // Don't clear the message so that it serves as a hint about when
// the error ocurred. // the error occurred.
} }
return resp, nil return resp, nil

3
changelog/16702.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
secrets/pki/tidy: Add another pair of metrics counting certificates not deleted by the tidy operation.
```

View File

@ -314,11 +314,13 @@ These metrics relate to the supported [secrets engines][secrets-engines].
| `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge | | `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge |
| `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter | | `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter |
| `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge | | `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge |
| `secrets.pki.tidy.cert_store_total_entries_remaining` | Number of entries in the certificate store that are left after the tidy operation (checked but not removed). | entry | gauge |
| `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary | | `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary |
| `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter | | `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter |
| `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge | | `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge |
| `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter | | `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter |
| `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge | | `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge |
| `secrets.pki.tidy.revoked_cert_total_entries_remaining` | Number of entries in the certificate store for revoked certificates that are left after the tidy operation (checked but not removed). | entry | gauge |
| `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge | | `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge |
| `secrets.pki.tidy.success` | Number of times the PKI tidy operation has completed succcessfully | operations | counter | | `secrets.pki.tidy.success` | Number of times the PKI tidy operation has completed succcessfully | operations | counter |
| `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge | | `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge |