From 9415a94c7f429d5d80e8ba7729a3aaeba362a2e8 Mon Sep 17 00:00:00 2001 From: firest Date: Thu, 30 Jun 2022 13:34:47 +0800 Subject: [PATCH] feat(metrics): optimize client.authenticate --- apps/emqx/src/emqx_access_control.erl | 2 +- apps/emqx/src/emqx_authentication.erl | 16 ++++++++++++++++ apps/emqx/src/emqx_metrics.erl | 11 +++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/apps/emqx/src/emqx_access_control.erl b/apps/emqx/src/emqx_access_control.erl index 1b864cda9..37770e443 100644 --- a/apps/emqx/src/emqx_access_control.erl +++ b/apps/emqx/src/emqx_access_control.erl @@ -34,7 +34,7 @@ | {continue, binary(), map()} | {error, term()}. authenticate(Credential) -> - case run_hooks('client.authenticate', [Credential], {ok, #{is_superuser => false}}) of + case emqx_hooks:run_fold('client.authenticate', [Credential], {ok, #{is_superuser => false}}) of ok -> {ok, #{is_superuser => false}}; Other -> diff --git a/apps/emqx/src/emqx_authentication.erl b/apps/emqx/src/emqx_authentication.erl index 7e46a8aba..e6caf9b26 100644 --- a/apps/emqx/src/emqx_authentication.erl +++ b/apps/emqx/src/emqx_authentication.erl @@ -215,17 +215,20 @@ when %%------------------------------------------------------------------------------ authenticate(#{enable_authn := false}, _AuthResult) -> + inc_authenticate_metric('authentication.success.anonymous'), ignore; authenticate(#{listener := Listener, protocol := Protocol} = Credential, _AuthResult) -> case get_authenticators(Listener, global_chain(Protocol)) of {ok, ChainName, Authenticators} -> case get_enabled(Authenticators) of [] -> + inc_authenticate_metric('authentication.success.anonymous'), ignore; NAuthenticators -> do_authenticate(ChainName, NAuthenticators, Credential) end; none -> + inc_authenticate_metric('authentication.success.anonymous'), ignore end. @@ -611,6 +614,7 @@ handle_create_authenticator(Chain, Config, Providers) -> end. do_authenticate(_ChainName, [], _) -> + inc_authenticate_metric('authentication.failure'), {stop, {error, not_authorized}}; do_authenticate( ChainName, [#authenticator{id = ID, provider = Provider, state = State} | More], Credential @@ -629,8 +633,10 @@ do_authenticate( %% {error, Reason} case Result of {ok, _} -> + inc_authenticate_metric('authentication.success'), emqx_metrics_worker:inc(authn_metrics, MetricsID, success); {error, _} -> + inc_authenticate_metric('authentication.failure'), emqx_metrics_worker:inc(authn_metrics, MetricsID, failed); _ -> ok @@ -902,3 +908,13 @@ to_list(M) when is_map(M) -> [M]; to_list(L) when is_list(L) -> L. call(Call) -> gen_server:call(?MODULE, Call, infinity). + +inc_authenticate_metric(Metric) -> + emqx_metrics:inc('client.authenticate'), + inc_authenticate_metric2(Metric). + +inc_authenticate_metric2('authentication.success.anonymous' = Metric) -> + emqx_metrics:inc(Metric), + emqx_metrics:inc('authentication.success'); +inc_authenticate_metric2(Metric) -> + emqx_metrics:inc(Metric). diff --git a/apps/emqx/src/emqx_metrics.erl b/apps/emqx/src/emqx_metrics.erl index be4abe9c4..7e841a2cf 100644 --- a/apps/emqx/src/emqx_metrics.erl +++ b/apps/emqx/src/emqx_metrics.erl @@ -260,6 +260,13 @@ {counter, 'authorization.cache_hit'} ]). +%% Statistic metrics for auth checking +-define(STASTS_AUTHN_METRICS, [ + {counter, 'authentication.success'}, + {counter, 'authentication.success.anonymous'}, + {counter, 'authentication.failure'} +]). + %% Overload protetion counters -define(OLP_METRICS, [ {counter, 'olp.delay.ok'}, @@ -543,6 +550,7 @@ init([]) -> ?CLIENT_METRICS, ?SESSION_METRICS, ?STASTS_ACL_METRICS, + ?STASTS_AUTHN_METRICS, ?OLP_METRICS ]), % Store reserved indices @@ -690,6 +698,9 @@ reserved_idx('session.terminated') -> 224; reserved_idx('authorization.allow') -> 300; reserved_idx('authorization.deny') -> 301; reserved_idx('authorization.cache_hit') -> 302; +reserved_idx('authentication.success') -> 310; +reserved_idx('authentication.success.anonymous') -> 311; +reserved_idx('authentication.failure') -> 312; reserved_idx('olp.delay.ok') -> 400; reserved_idx('olp.delay.timeout') -> 401; reserved_idx('olp.hbn') -> 402;