Skip to content

Commit

Permalink
backport of commit 1196624 (#28955)
Browse files Browse the repository at this point in the history
Co-authored-by: Violet Hynes <[email protected]>
  • Loading branch information
1 parent a43e9ce commit c109ac5
Show file tree
Hide file tree
Showing 4 changed files with 92 additions and 15 deletions.
29 changes: 15 additions & 14 deletions helper/builtinplugins/registry_full.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ import (
logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad"
logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq"
logicalTotp "github.com/hashicorp/vault/builtin/logical/totp"
"github.com/hashicorp/vault/helper/pluginconsts"
dbCass "github.com/hashicorp/vault/plugins/database/cassandra"
dbHana "github.com/hashicorp/vault/plugins/database/hana"
dbInflux "github.com/hashicorp/vault/plugins/database/influxdb"
Expand All @@ -54,26 +55,26 @@ import (
func newFullAddonRegistry() *registry {
return &registry{
credentialBackends: map[string]credentialBackend{
"alicloud": {Factory: credAliCloud.Factory},
"app-id": {
pluginconsts.AuthTypeAliCloud: {Factory: credAliCloud.Factory},
pluginconsts.AuthTypeAppId: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"aws": {Factory: credAws.Factory},
"azure": {Factory: credAzure.Factory},
"cf": {Factory: credCF.Factory},
"gcp": {Factory: credGcp.Factory},
"github": {Factory: credGitHub.Factory},
"kerberos": {Factory: credKerb.Factory},
"kubernetes": {Factory: credKube.Factory},
"ldap": {Factory: credLdap.Factory},
"oci": {Factory: credOCI.Factory},
"okta": {Factory: credOkta.Factory},
"pcf": {
pluginconsts.AuthTypeAWS: {Factory: credAws.Factory},
pluginconsts.AuthTypeAzure: {Factory: credAzure.Factory},
pluginconsts.AuthTypeCF: {Factory: credCF.Factory},
pluginconsts.AuthTypeGCP: {Factory: credGcp.Factory},
pluginconsts.AuthTypeGitHub: {Factory: credGitHub.Factory},
pluginconsts.AuthTypeKerberos: {Factory: credKerb.Factory},
pluginconsts.AuthTypeKubernetes: {Factory: credKube.Factory},
pluginconsts.AuthTypeLDAP: {Factory: credLdap.Factory},
pluginconsts.AuthTypeOCI: {Factory: credOCI.Factory},
pluginconsts.AuthTypeOkta: {Factory: credOkta.Factory},
pluginconsts.AuthTypePCF: {
Factory: credCF.Factory,
DeprecationStatus: consts.Deprecated,
},
"radius": {Factory: credRadius.Factory},
pluginconsts.AuthTypeRadius: {Factory: credRadius.Factory},
},
databasePlugins: map[string]databasePlugin{
// These four plugins all use the same mysql implementation but with
Expand Down
29 changes: 29 additions & 0 deletions helper/pluginconsts/plugin_consts.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package pluginconsts

// These consts live outside the plugin registry files to prevent import cycles.
const (
AuthTypeAliCloud = "alicloud"
AuthTypeAppId = "app-id"
AuthTypeAWS = "aws"
AuthTypeAzure = "azure"
AuthTypeCF = "cf"
AuthTypeGCP = "gcp"
AuthTypeGitHub = "github"
AuthTypeKerberos = "kerberos"
AuthTypeKubernetes = "kubernetes"
AuthTypeLDAP = "ldap"
AuthTypeOCI = "oci"
AuthTypeOkta = "okta"
AuthTypePCF = "pcf"
AuthTypeRadius = "radius"
AuthTypeToken = "token"
AuthTypeCert = "cert"
AuthTypeOIDC = "oidc"
AuthTypeUserpass = "userpass"
AuthTypeSAML = "saml"
AuthTypeApprole = "approle"
AuthTypeJWT = "jwt"
)
25 changes: 25 additions & 0 deletions vault/core_metrics.go
Original file line number Diff line number Diff line change
Expand Up @@ -535,6 +535,31 @@ func getMeanNamespaceSecrets(mapOfNamespacesToSecrets map[string]int) int {
return getTotalSecretsAcrossAllNamespaces(mapOfNamespacesToSecrets) / length
}

// GetAuthMethodUsageMetrics returns a map of auth mount types to the number of those mounts that exist.
func (c *Core) GetAuthMethodUsageMetrics() map[string]int {
mounts := make(map[string]int)

c.authLock.RLock()
defer c.authLock.RUnlock()

// we don't grab the statelock, so this code might run during or after the seal process.
// Therefore, we need to check if c.auth is nil. If we do not, this will panic when
// run after seal.
if c.auth == nil {
return mounts
}

for _, entry := range c.auth.Entries {
authType := entry.Type
if _, ok := mounts[authType]; !ok {
mounts[authType] = 1
} else {
mounts[authType] += 1
}
}
return mounts
}

// GetKvUsageMetrics returns a map of namespace paths to KV secret counts within those namespaces.
func (c *Core) GetKvUsageMetrics(ctx context.Context, kvVersion string) (map[string]int, error) {
mounts := c.findKvMounts()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,29 @@ All of these metrics are numerical, and contain no sensitive values or additiona
| `vault.kv.version1.secrets.namespace.min` | The lowest number of KVv1 secrets in a namespace in Vault, e.g. `2`. |
| `vault.kv.version2.secrets.namespace.min` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. |
| `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv1 secrets in namespaces in Vault, e.g. `52.8`. |
| `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. |
| `vault.kv.version2.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. |
| `vault.auth.method.approle.count` | The total number of Approle auth mounts in Vault. |
| `vault.auth.method.alicloud.count` | The total number of Alicloud auth mounts in Vault. |
| `vault.auth.method.aws.count` | The total number of AWS auth mounts in Vault. |
| `vault.auth.method.appid.count` | The total number of App ID auth mounts in Vault. |
| `vault.auth.method.azure.count` | The total number of Azure auth mounts in Vault. |
| `vault.auth.method.cloudfoundry.count` | The total number of Cloud Foundry auth mounts in Vault. |
| `vault.auth.method.github.count` | The total number of GitHub auth mounts in Vault. |
| `vault.auth.method.gcp.count` | The total number of GCP auth mounts in Vault. |
| `vault.auth.method.jwt.count` | The total number of JWT auth mounts in Vault. |
| `vault.auth.method.kerberos.count` | The total number of Kerberos auth mounts in Vault. |
| `vault.auth.method.kubernetes.count` | The total number of kubernetes auth mounts in Vault. |
| `vault.auth.method.ldap.count` | The total number of LDAP auth mounts in Vault. |
| `vault.auth.method.oci.count` | The total number of OCI auth mounts in Vault. |
| `vault.auth.method.okta.count` | The total number of Okta auth mounts in Vault. |
| `vault.auth.method.pcf.count` | The total number of PCF auth mounts in Vault. |
| `vault.auth.method.radius.count` | The total number of Radius auth mounts in Vault. |
| `vault.auth.method.saml.count` | The total number of SAML auth mounts in Vault. |
| `vault.auth.method.cert.count` | The total number of Cert auth mounts in Vault. |
| `vault.auth.method.oidc.count` | The total number of OIDC auth mounts in Vault. |
| `vault.auth.method.token.count` | The total number of Token auth mounts in Vault. |
| `vault.auth.method.userpass.count` | The total number of Userpass auth mounts in Vault. |
| `vault.auth.method.plugin.count` | The total number of custom plugin auth mounts in Vault. |

## Usage metadata list

Expand Down

0 comments on commit c109ac5

Please sign in to comment.