feat: add security Consul metrics (#383)

closes: #374 Signed-off-by: Valina Li <[email protected]>
edgexfoundry · Oct 19, 2022 · a43e448 · a43e448
1 parent 3493ca4
commit a43e448
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 71 deletions.
diff --git a/bootstrap/bootstrap.go b/bootstrap/bootstrap.go
@@ -171,9 +171,8 @@ func RunAndReturnWaitGroup(
 		if metricsManager != nil {
 			secretProvider := container.SecretProviderFrom(dic.Get)
 			if secretProvider != nil {
-				secretProvider.RegisterMetrics(func(metrics map[string]interface{}) {
-					registerMetrics(metricsManager, metrics, lc)
-				})
+				metrics := secretProvider.GetMetricsToRegister()
+				registerMetrics(metricsManager, metrics, lc)
 
 				// TODO: use this same approach to register future service metric controlled by other components
 			}

diff --git a/bootstrap/interfaces/mocks/SecretProvider.go b/bootstrap/interfaces/mocks/SecretProvider.go
diff --git a/bootstrap/interfaces/secret.go b/bootstrap/interfaces/secret.go
@@ -4,12 +4,6 @@ import (
 	"time"
 )
 
-// Service Metric Names
-const (
-	SecretsRequestedMetricName = "SecuritySecretsRequested"
-	SecretsStoredMetricName    = "SecuritySecretsStored"
-)
-
 // SecretProvider defines the contract for secret provider implementations that
 // allow secrets to be retrieved/stored from/to a services Secret Store.
 type SecretProvider interface {
@@ -44,6 +38,6 @@ type SecretProvider interface {
 	// DeregisterSecretUpdatedCallback removes a secret's registered callback path.
 	DeregisterSecretUpdatedCallback(path string)
 
-	// RegisterMetrics registers all metric objects using the passed in registerCallback.
-	RegisterMetrics(registerCallback func(metrics map[string]interface{}))
+	// GetMetricsToRegister returns all metric objects that needs to be registered.
+	GetMetricsToRegister() map[string]interface{}
 }
diff --git a/bootstrap/secret/insecure.go b/bootstrap/secret/insecure.go
@@ -191,10 +191,10 @@ func (p *InsecureProvider) DeregisterSecretUpdatedCallback(path string) {
 	delete(p.registeredSecretCallbacks, path)
 }
 
-// RegisterMetrics registers all InsecureProvider metric objects using the registerCallback in callback.
-func (p *InsecureProvider) RegisterMetrics(registerCallback func(metrics map[string]interface{})) {
-	registerCallback(map[string]interface{}{
-		interfaces.SecretsRequestedMetricName: p.securitySecretsRequested,
-		interfaces.SecretsStoredMetricName:    p.securitySecretsStored,
-	})
+// GetMetricsToRegister returns all metric objects that needs to be registered.
+func (p *InsecureProvider) GetMetricsToRegister() map[string]interface{} {
+	return map[string]interface{}{
+		secretsRequestedMetricName: p.securitySecretsRequested,
+		secretsStoredMetricName:    p.securitySecretsStored,
+	}
 }
diff --git a/bootstrap/secret/secret.go b/bootstrap/secret/secret.go
@@ -36,6 +36,14 @@ import (
 	"github.com/edgexfoundry/go-mod-secrets/v2/pkg/token/runtimetokenprovider"
 )
 
+// secret service Metric Names
+const (
+	secretsRequestedMetricName        = "SecuritySecretsRequested"
+	secretsStoredMetricName           = "SecuritySecretsStored"
+	securityConsulTokensRequestedName = "SecurityConsulTokensRequested"
+	securityConsulTokenDurationName   = "SecurityConsulTokenDuration"
+)
+
 // NewSecretProvider creates a new fully initialized the Secret Provider.
 func NewSecretProvider(
 	configuration interfaces.Configuration,

diff --git a/bootstrap/secret/secure.go b/bootstrap/secret/secure.go
@@ -53,35 +53,39 @@ type SecureProvider struct {
 	lc           logger.LoggingClient
 	loader       authtokenloader.AuthTokenLoader
 	// runtimeTokenProvider is for delayed start services
-	runtimeTokenProvider      runtimetokenprovider.RuntimeTokenProvider
-	serviceKey                string
-	configuration             interfaces.Configuration
-	secretsCache              map[string]map[string]string // secret's path, key, value
-	cacheMutex                *sync.RWMutex
-	lastUpdated               time.Time
-	ctx                       context.Context
-	registeredSecretCallbacks map[string]func(path string)
-	securitySecretsRequested  gometrics.Counter
-	securitySecretsStored     gometrics.Counter
+	runtimeTokenProvider          runtimetokenprovider.RuntimeTokenProvider
+	serviceKey                    string
+	configuration                 interfaces.Configuration
+	secretsCache                  map[string]map[string]string // secret's path, key, value
+	cacheMutex                    *sync.RWMutex
+	lastUpdated                   time.Time
+	ctx                           context.Context
+	registeredSecretCallbacks     map[string]func(path string)
+	securitySecretsRequested      gometrics.Counter
+	securitySecretsStored         gometrics.Counter
+	securityConsulTokensRequested gometrics.Counter
+	securityConsulTokenDuration   gometrics.Timer
 }
 
 // NewSecureProvider creates & initializes Provider instance for secure secrets.
 func NewSecureProvider(ctx context.Context, config interfaces.Configuration, lc logger.LoggingClient,
 	loader authtokenloader.AuthTokenLoader, runtimeTokenLoader runtimetokenprovider.RuntimeTokenProvider,
 	serviceKey string) *SecureProvider {
 	provider := &SecureProvider{
-		configuration:             config,
-		lc:                        lc,
-		loader:                    loader,
-		runtimeTokenProvider:      runtimeTokenLoader,
-		serviceKey:                serviceKey,
-		secretsCache:              make(map[string]map[string]string),
-		cacheMutex:                &sync.RWMutex{},
-		lastUpdated:               time.Now(),
-		ctx:                       ctx,
-		registeredSecretCallbacks: make(map[string]func(path string)),
-		securitySecretsRequested:  gometrics.NewCounter(),
-		securitySecretsStored:     gometrics.NewCounter(),
+		configuration:                 config,
+		lc:                            lc,
+		loader:                        loader,
+		runtimeTokenProvider:          runtimeTokenLoader,
+		serviceKey:                    serviceKey,
+		secretsCache:                  make(map[string]map[string]string),
+		cacheMutex:                    &sync.RWMutex{},
+		lastUpdated:                   time.Now(),
+		ctx:                           ctx,
+		registeredSecretCallbacks:     make(map[string]func(path string)),
+		securitySecretsRequested:      gometrics.NewCounter(),
+		securitySecretsStored:         gometrics.NewCounter(),
+		securityConsulTokensRequested: gometrics.NewCounter(),
+		securityConsulTokenDuration:   gometrics.NewTimer(),
 	}
 	return provider
 }
@@ -238,6 +242,10 @@ func (p *SecureProvider) SecretsLastUpdated() time.Time {
 
 // GetAccessToken returns the access token for the requested token type.
 func (p *SecureProvider) GetAccessToken(tokenType string, serviceKey string) (string, error) {
+	p.securityConsulTokensRequested.Inc(1)
+	started := time.Now()
+	defer p.securityConsulTokenDuration.UpdateSince(started)
+
 	switch tokenType {
 	case TokenTypeConsul:
 		token, err := p.secretClient.GenerateConsulToken(serviceKey)
@@ -437,10 +445,12 @@ func (p *SecureProvider) DeregisterSecretUpdatedCallback(path string) {
 	delete(p.registeredSecretCallbacks, path)
 }
 
-// RegisterMetrics registers all SecureProvider metric objects using the passed in registerCallback.
-func (p *SecureProvider) RegisterMetrics(registerCallback func(metrics map[string]interface{})) {
-	registerCallback(map[string]interface{}{
-		interfaces.SecretsRequestedMetricName: p.securitySecretsRequested,
-		interfaces.SecretsStoredMetricName:    p.securitySecretsStored,
-	})
+// GetMetricsToRegister returns all metric objects that needs to be registered.
+func (p *SecureProvider) GetMetricsToRegister() map[string]interface{} {
+	return map[string]interface{}{
+		secretsRequestedMetricName:        p.securitySecretsRequested,
+		secretsStoredMetricName:           p.securitySecretsStored,
+		securityConsulTokensRequestedName: p.securityConsulTokensRequested,
+		securityConsulTokenDurationName:   p.securityConsulTokenDuration,
+	}
 }