auth: add requests_total metric

auth/backend.go

@@ -44,6 +44,12 @@ type Config struct {
 	Whawty *WhawtyAuthConfig `yaml:"whawty"`
 }
 
+var (
+	authRequests        = prometheus.NewCounterVec(prometheus.CounterOpts{Name: "auth_requests_total"}, []string{"result"})
+	authRequestsSuccess = authRequests.MustCurryWith(prometheus.Labels{"result": "success"})
+	authRequestsFailed  = authRequests.MustCurryWith(prometheus.Labels{"result": "failed"})
+)
+
 type Backend interface {
 	Authenticate(username, password string) error
 }
@@ -55,6 +61,15 @@ func (b *NullBackend) Authenticate(username, password string) error {
 	return fmt.Errorf("invalid username/password")
 }
 
+func metricsCommon(prom prometheus.Registerer) (err error) {
+	if err = prom.Register(authRequests); err != nil {
+		return
+	}
+	authRequestsSuccess.WithLabelValues()
+	authRequestsFailed.WithLabelValues()
+	return nil
+}
+
 func NewBackend(conf *Config, prom prometheus.Registerer, infoLog, dbgLog *log.Logger) (Backend, error) {
 	if infoLog == nil {
 		infoLog = log.New(io.Discard, "", 0)

auth/backend_ldap.go

@@ -89,8 +89,8 @@ func NewLDAPBackend(conf *LDAPConfig, prom prometheus.Registerer, infoLog, dbgLo
 }
 
 func (b *LDAPBackend) initPrometheus(prom prometheus.Registerer) error {
-	// TODO: implement this!
-	return nil
+	// TODO: add custom metrics
+	return metricsCommon(prom)
 }
 
 func (b *LDAPBackend) getUserDN(l *ldap.Conn, username string) (string, bool, error) {
@@ -161,6 +161,7 @@ func (b *LDAPBackend) authenticate(server, username, password string) (bool, err
 func (b *LDAPBackend) Authenticate(username, password string) (err error) {
 	// make sure we don't trigger this: https://github.com/go-ldap/ldap/issues/93
 	if username == "" || password == "" {
+		authRequestsFailed.WithLabelValues().Inc()
 		return fmt.Errorf("username and or password must not be empty")
 	}
 
@@ -176,5 +177,10 @@ func (b *LDAPBackend) Authenticate(username, password string) (err error) {
 		}
 		last = server
 	}
-	return err
+	if err != nil {
+		authRequestsFailed.WithLabelValues().Inc()
+		return err
+	}
+	authRequestsSuccess.WithLabelValues().Inc()
+	return nil
 }

auth/backend_static.go

@@ -88,15 +88,17 @@ func (b *StaticBackend) watchFileEventCB(event fsnotify.Event) {
 	b.dbgLog.Printf("static: htpasswd file successfully reloaded")
 }
 
-func (b *StaticBackend) initPrometheus(prom prometheus.Registerer) error {
-	// TODO: implement this!
-	return nil
+func (b *StaticBackend) initPrometheus(prom prometheus.Registerer) (err error) {
+	// TODO: add custom metrics
+	return metricsCommon(prom)
 }
 
 func (b *StaticBackend) Authenticate(username, password string) error {
 	ok := b.htpasswd.Match(username, password)
 	if !ok {
+		authRequestsFailed.WithLabelValues().Inc()
 		return fmt.Errorf("invalid username or password")
 	}
+	authRequestsSuccess.WithLabelValues().Inc()
 	return nil
 }

auth/backend_whawty.go

@@ -199,20 +199,25 @@ func (b *WhawtyAuthBackend) watchFileEventCB(event fsnotify.Event) {
 }
 
 func (b *WhawtyAuthBackend) initPrometheus(prom prometheus.Registerer) error {
-	// TODO: implement this!
-	return nil
+	// TODO: add custom metrics
+	return metricsCommon(prom)
 }
 
 func (b *WhawtyAuthBackend) Authenticate(username, password string) error {
+	//authRequests.Inc()
+
 	b.storeMutex.RLock()
 	defer b.storeMutex.RUnlock()
 	ok, _, upgradeable, _, err := b.store.Authenticate(username, password)
 	if err != nil {
+		authRequestsFailed.WithLabelValues().Inc()
 		return err
 	}
 	if !ok {
+		authRequestsFailed.WithLabelValues().Inc()
 		return fmt.Errorf("invalid username or password")
 	}
+	authRequestsSuccess.WithLabelValues().Inc()
 	if upgradeable && b.upgradeChan != nil {
 		select {
 		case b.upgradeChan <- whawtyUpgradeRequest{Username: username, OldPassword: password}:

cmd/whawty-nginx-sso/config.go

@@ -56,8 +56,9 @@ type WebConfig struct {
 }
 
 type PrometheusConfig struct {
-	Listen string `yaml:"listen"`
-	Path   string `yaml:"path"`
+	Namespace string `yaml:"namespace"`
+	Path      string `yaml:"path"`
+	Listen    string `yaml:"listen"`
 }
 
 type Config struct {

cmd/whawty-nginx-sso/main.go

@@ -62,12 +62,12 @@ func cmdRun(c *cli.Context) error {
 		return cli.NewExitError(err.Error(), 2)
 	}
 
-	cookies, err := cookie.NewStore(&conf.Cookie, prom.registry, wl, wdl)
+	cookies, err := cookie.NewStore(&conf.Cookie, prom.reg(), wl, wdl)
 	if err != nil {
 		return cli.NewExitError(err.Error(), 2)
 	}
 
-	auth, err := auth.NewBackend(&conf.Auth, prom.registry, wl, wdl)
+	auth, err := auth.NewBackend(&conf.Auth, prom.reg(), wl, wdl)
 	if err != nil {
 		return cli.NewExitError(err.Error(), 2)
 	}

cmd/whawty-nginx-sso/prometheus.go

@@ -41,9 +41,10 @@ import (
 )
 
 type MetricsHandler struct {
-	registry *prometheus.Registry
-	listener net.Listener
-	path     string
+	registry  *prometheus.Registry
+	namespace string
+	path      string
+	listener  net.Listener
 }
 
 func newMetricsHandler(config *PrometheusConfig) (m *MetricsHandler, err error) {
@@ -56,6 +57,10 @@ func newMetricsHandler(config *PrometheusConfig) (m *MetricsHandler, err error)
 	if config.Path != "" {
 		m.path = config.Path
 	}
+	m.namespace = "whawty_nginx_sso"
+	if config.Namespace != "" {
+		m.namespace = config.Namespace
+	}
 	if config.Listen != "" {
 		m.listener, err = net.Listen("tcp", config.Listen)
 		if err != nil {
@@ -86,3 +91,7 @@ func (m *MetricsHandler) run() {
 	err := srv.Serve(m.listener)
 	wl.Printf("prometheus: listener thread has stopped (err=%v)", err)
 }
+
+func (m *MetricsHandler) reg() prometheus.Registerer {
+	return prometheus.WrapRegistererWithPrefix(m.namespace+"_", m.registry)
+}

contrib/sample-cfg.yml

@@ -164,5 +164,6 @@ web:
   #   # session-ticket-key: "b947e39f50e20351bdd81046e20fff7948d359a3aec391719d60645c5972cc77"
 
 prometheus: {}
+  # namespace: whawty_nginx_sso
   # path: /metrics
   # listen: "127.0.0.1:1235"