Add Prometheus metrics for authentication attempts

Signed-off-by: Matt Rogers <mrogers@redhat.com>
openshift · Aug 16, 2017 · 37befe7 · 37befe7
1 parent e2c9b75
commit 37befe7
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/pkg/auth/prometheus/metrics.go b/pkg/auth/prometheus/metrics.go
@@ -0,0 +1,36 @@
+package prometheus
+
+import (
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+const (
+	AuthSubsystem = "auth_subsystem"
+)
+
+var (
+	authCounterTotal = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Subsystem: AuthSubsystem,
+			Name:      "auth_count_total",
+			Help:      "Counts total authentication attempts",
+		}, []string{},
+	)
+	authCounterResult = prometheus.NewCounterVec(
+		prometheus.CounterOpts{
+			Subsystem: AuthSubsystem,
+			Name:      "auth_count_result",
+			Help:      "Counts authentication attempts by result",
+		}, []string{"result"},
+	)
+)
+
+func init() {
+	prometheus.MustRegister(authCounterTotal)
+	prometheus.MustRegister(authCounterResult)
+}
+
+func UpdateAuthCounters(result string) {
+	authCounterTotal.WithLabelValues().Inc()
+	authCounterResult.WithLabelValues(result).Inc()
+}
diff --git a/pkg/auth/server/login/login.go b/pkg/auth/server/login/login.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/openshift/origin/pkg/auth/authenticator"
 	"github.com/openshift/origin/pkg/auth/oauth/handlers"
+	"github.com/openshift/origin/pkg/auth/prometheus"
 	"github.com/openshift/origin/pkg/auth/server/csrf"
 	"github.com/openshift/origin/pkg/auth/server/errorpage"
 )
@@ -164,19 +165,26 @@ func (l *Login) handleLogin(w http.ResponseWriter, req *http.Request) {
 		failed(errorCodeUserRequired, w, req)
 		return
 	}
+	var result string
+	defer func() {
+		prometheus.UpdateAuthCounters(result)
+	}()
 	user, ok, err := l.auth.AuthenticatePassword(username, password)
 	if err != nil {
 		glog.Errorf(`Error authenticating %q with provider %q: %v`, username, l.provider, err)
 		failed(errorpage.AuthenticationErrorCode(err), w, req)
+		result = "failure"
 		return
 	}
 	if !ok {
 		glog.V(4).Infof(`Login with provider %q failed for %q`, l.provider, username)
 		failed(errorCodeAccessDenied, w, req)
+		result = "failure"
 		return
 	}
 	glog.V(4).Infof(`Login with provider %q succeeded for %q: %#v`, l.provider, username, user)
 	l.auth.AuthenticationSucceeded(user, then, w, req)
+	result = "success"
 }
 
 // NewLoginFormRenderer creates a login form renderer that takes in an optional custom template to