Add _remaining tidy metrics. (#16702)
* Add _remaining tidy metrics. * Add two extra metrics during tidy. * Update test and documentation for remaining tidy metrics.
This commit is contained in:
parent
c6bc8db441
commit
e9e3b4995b
|
@ -3902,13 +3902,15 @@ func TestBackend_RevokePlusTidy_Intermediate(t *testing.T) {
|
||||||
}
|
}
|
||||||
// Check the tidy metrics
|
// Check the tidy metrics
|
||||||
{
|
{
|
||||||
// Map of gagues to expected value
|
// Map of gauges to expected value
|
||||||
expectedGauges := map[string]float32{
|
expectedGauges := map[string]float32{
|
||||||
"secrets.pki.tidy.cert_store_current_entry": 0,
|
"secrets.pki.tidy.cert_store_current_entry": 0,
|
||||||
"secrets.pki.tidy.cert_store_total_entries": 1,
|
"secrets.pki.tidy.cert_store_total_entries": 1,
|
||||||
"secrets.pki.tidy.revoked_cert_current_entry": 0,
|
"secrets.pki.tidy.revoked_cert_current_entry": 0,
|
||||||
"secrets.pki.tidy.revoked_cert_total_entries": 1,
|
"secrets.pki.tidy.revoked_cert_total_entries": 1,
|
||||||
"secrets.pki.tidy.start_time_epoch": 0,
|
"secrets.pki.tidy.start_time_epoch": 0,
|
||||||
|
"secrets.pki.tidy.cert_store_total_entries_remaining": 0,
|
||||||
|
"secrets.pki.tidy.revoked_cert_total_entries_remaining": 0,
|
||||||
}
|
}
|
||||||
// Map of counters to the sum of the metrics for that counter
|
// Map of counters to the sum of the metrics for that counter
|
||||||
expectedCounters := map[string]float64{
|
expectedCounters := map[string]float64{
|
||||||
|
|
|
@ -154,6 +154,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
|
||||||
b.tidyStatusIncCertStoreCount()
|
b.tidyStatusIncCertStoreCount()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
metrics.SetGauge([]string{"secrets", "pki", "tidy", "cert_store_total_entries_remaining"}, float32(uint(serialCount)-b.tidyStatus.certStoreDeletedCount))
|
||||||
}
|
}
|
||||||
|
|
||||||
if tidyRevokedCerts || tidyRevocationList {
|
if tidyRevokedCerts || tidyRevocationList {
|
||||||
|
@ -223,7 +224,7 @@ func (b *backend) pathTidyWrite(ctx context.Context, req *logical.Request, d *fr
|
||||||
b.tidyStatusIncRevokedCertCount()
|
b.tidyStatusIncRevokedCertCount()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
metrics.SetGauge([]string{"secrets", "pki", "tidy", "revoked_cert_total_entries_remaining"}, float32(uint(revokedSerialsCount)-b.tidyStatus.revokedCertDeletedCount))
|
||||||
if rebuildCRL {
|
if rebuildCRL {
|
||||||
if err := b.crlBuilder.rebuild(ctx, b, req, false); err != nil {
|
if err := b.crlBuilder.rebuild(ctx, b, req, false); err != nil {
|
||||||
return err
|
return err
|
||||||
|
@ -301,7 +302,7 @@ func (b *backend) pathTidyStatusRead(_ context.Context, _ *logical.Request, _ *f
|
||||||
resp.Data["time_finished"] = b.tidyStatus.timeFinished
|
resp.Data["time_finished"] = b.tidyStatus.timeFinished
|
||||||
resp.Data["error"] = b.tidyStatus.err.Error()
|
resp.Data["error"] = b.tidyStatus.err.Error()
|
||||||
// Don't clear the message so that it serves as a hint about when
|
// Don't clear the message so that it serves as a hint about when
|
||||||
// the error ocurred.
|
// the error occurred.
|
||||||
}
|
}
|
||||||
|
|
||||||
return resp, nil
|
return resp, nil
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
secrets/pki/tidy: Add another pair of metrics counting certificates not deleted by the tidy operation.
|
||||||
|
```
|
|
@ -314,11 +314,13 @@ These metrics relate to the supported [secrets engines][secrets-engines].
|
||||||
| `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge |
|
| `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge |
|
||||||
| `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter |
|
| `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter |
|
||||||
| `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge |
|
| `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge |
|
||||||
|
| `secrets.pki.tidy.cert_store_total_entries_remaining` | Number of entries in the certificate store that are left after the tidy operation (checked but not removed). | entry | gauge |
|
||||||
| `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary |
|
| `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary |
|
||||||
| `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter |
|
| `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter |
|
||||||
| `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge |
|
| `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge |
|
||||||
| `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter |
|
| `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter |
|
||||||
| `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge |
|
| `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge |
|
||||||
|
| `secrets.pki.tidy.revoked_cert_total_entries_remaining` | Number of entries in the certificate store for revoked certificates that are left after the tidy operation (checked but not removed). | entry | gauge |
|
||||||
| `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge |
|
| `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge |
|
||||||
| `secrets.pki.tidy.success` | Number of times the PKI tidy operation has completed succcessfully | operations | counter |
|
| `secrets.pki.tidy.success` | Number of times the PKI tidy operation has completed succcessfully | operations | counter |
|
||||||
| `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge |
|
| `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge |
|
||||||
|
|
Loading…
Reference in New Issue