From a49eaad6276b4e092e25a32c5301dbafa7373cd5 Mon Sep 17 00:00:00 2001 From: Grace Ajibade <152183535+graceajibade@users.noreply.github.com> Date: Thu, 9 Jan 2025 20:37:35 +0000 Subject: [PATCH] Enable optional trust domain label for all metrics (#5673) * Enable optional trust domain label for all metrics Signed-off-by: gajibade * Added enableTrustDomainLabel to MetricsConfig and updated tests Signed-off-by: gajibade * Clean up Signed-off-by: gajibade * clean up Signed-off-by: gajibade --------- Signed-off-by: gajibade Co-authored-by: gajibade Co-authored-by: Marcos Yacob --- doc/telemetry/telemetry_config.md | 30 +++++++++--------- pkg/agent/agent.go | 1 + pkg/common/telemetry/config.go | 14 +++++---- pkg/common/telemetry/dogstatsd_test.go | 1 + pkg/common/telemetry/inmem_test.go | 1 + pkg/common/telemetry/m3_test.go | 1 + pkg/common/telemetry/metrics.go | 41 +++++++++++++++++-------- pkg/common/telemetry/prometheus_test.go | 1 + pkg/common/telemetry/statsd_test.go | 1 + pkg/server/server.go | 1 + 10 files changed, 58 insertions(+), 34 deletions(-) diff --git a/doc/telemetry/telemetry_config.md b/doc/telemetry/telemetry_config.md index b7584de4f5..85cc99d16e 100644 --- a/doc/telemetry/telemetry_config.md +++ b/doc/telemetry/telemetry_config.md @@ -16,20 +16,21 @@ You may use all, some, or none of the collectors. The following collectors suppo ## Telemetry configuration syntax -| Configuration | Type | Description | Default | -|-----------------------|---------------|---------------------------------------------------------------|--------------------------| -| `InMem` | `InMem` | In-memory configuration | running | -| `Prometheus` | `Prometheus` | Prometheus configuration | | -| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | -| `Statsd` | `[]Statsd` | List of Statsd configurations | | -| `M3` | `[]M3` | List of M3 configurations | | -| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | -| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | -| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | -| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | +| Configuration | Type | Description | Default | +|--------------------------|---------------|---------------------------------------------------------------|--------------------------| +| `InMem` | `InMem` | In-memory configuration | running | +| `Prometheus` | `Prometheus` | Prometheus configuration | | +| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | +| `Statsd` | `[]Statsd` | List of Statsd configurations | | +| `M3` | `[]M3` | List of M3 configurations | | +| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | +| `EnableTrustDomainLabel` | `bool` | Enable optional trust domain label for all metrics | false | +| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | +| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | +| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | ### `Prometheus` @@ -79,7 +80,6 @@ telemetry { ] InMem {} - AllowedLabels = [] BlockedLabels = [] AllowedPrefixes = [] diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go index 550369201f..9907e01944 100644 --- a/pkg/agent/agent.go +++ b/pkg/agent/agent.go @@ -77,6 +77,7 @@ func (a *Agent) Run(ctx context.Context) error { FileConfig: a.c.Telemetry, Logger: a.c.Log.WithField(telemetry.SubsystemName, telemetry.Telemetry), ServiceName: telemetry.SpireAgent, + TrustDomain: a.c.TrustDomain.Name(), }) if err != nil { return err diff --git a/pkg/common/telemetry/config.go b/pkg/common/telemetry/config.go index 33783a0ed6..13327bc7e5 100644 --- a/pkg/common/telemetry/config.go +++ b/pkg/common/telemetry/config.go @@ -10,6 +10,7 @@ type MetricsConfig struct { Logger logrus.FieldLogger ServiceName string Sinks []Sink + TrustDomain string } type FileConfig struct { @@ -19,12 +20,13 @@ type FileConfig struct { M3 []M3Config `hcl:"M3"` InMem *InMem `hcl:"InMem"` - MetricPrefix string `hcl:"MetricPrefix"` - EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` - AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator - BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator - AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator - BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator + MetricPrefix string `hcl:"MetricPrefix"` + EnableTrustDomainLabel *bool `hcl:"EnableTrustDomainLabel"` + EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` + AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator + BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator + AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator + BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator UnusedKeyPositions map[string][]token.Pos `hcl:",unusedKeyPositions"` } diff --git a/pkg/common/telemetry/dogstatsd_test.go b/pkg/common/telemetry/dogstatsd_test.go index ed44e69e6e..a498c2bf17 100644 --- a/pkg/common/telemetry/dogstatsd_test.go +++ b/pkg/common/telemetry/dogstatsd_test.go @@ -58,6 +58,7 @@ func testDogStatsdConfig() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ DogStatsd: []DogStatsdConfig{ { diff --git a/pkg/common/telemetry/inmem_test.go b/pkg/common/telemetry/inmem_test.go index 1b6f8c781f..e9dcb5f25f 100644 --- a/pkg/common/telemetry/inmem_test.go +++ b/pkg/common/telemetry/inmem_test.go @@ -80,6 +80,7 @@ func testInmemConfig() *MetricsConfig { return &MetricsConfig{ Logger: logger, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{InMem: &InMem{}}, } } diff --git a/pkg/common/telemetry/m3_test.go b/pkg/common/telemetry/m3_test.go index 4823b2e7c0..41a9d41855 100644 --- a/pkg/common/telemetry/m3_test.go +++ b/pkg/common/telemetry/m3_test.go @@ -124,6 +124,7 @@ func testM3Config() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ M3: []M3Config{ { diff --git a/pkg/common/telemetry/metrics.go b/pkg/common/telemetry/metrics.go index 1cf1dcf041..0f6584136e 100644 --- a/pkg/common/telemetry/metrics.go +++ b/pkg/common/telemetry/metrics.go @@ -45,7 +45,8 @@ type MetricsImpl struct { c *MetricsConfig runners []sinkRunner // Each instance of metrics.Metrics in the slice corresponds to one metrics sink type - metricsSinks []*metrics.Metrics + metricsSinks []*metrics.Metrics + enableTrustDomainLabel bool } var _ Metrics = (*MetricsImpl)(nil) @@ -83,12 +84,18 @@ func NewMetrics(c *MetricsConfig) (*MetricsImpl, error) { } else { conf.EnableHostnameLabel = true } + conf.EnableTypePrefix = runner.requiresTypePrefix() conf.AllowedLabels = c.FileConfig.AllowedLabels conf.BlockedLabels = c.FileConfig.BlockedLabels conf.AllowedPrefixes = c.FileConfig.AllowedPrefixes conf.BlockedPrefixes = c.FileConfig.BlockedPrefixes + impl.enableTrustDomainLabel = false + if c.FileConfig.EnableTrustDomainLabel != nil { + impl.enableTrustDomainLabel = *c.FileConfig.EnableTrustDomainLabel + } + metricsSink, err := metrics.New(conf, fanout) if err != nil { return nil, err @@ -112,13 +119,15 @@ func (m *MetricsImpl) ListenAndServe(ctx context.Context) error { } func (m *MetricsImpl) SetGauge(key []string, val float32) { - for _, s := range m.metricsSinks { - s.SetGauge(key, val) - } + m.SetGaugeWithLabels(key, val, nil) } // SetGaugeWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) SetGaugeWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.SetGaugeWithLabels(key, val, sanitizedLabels) @@ -132,13 +141,15 @@ func (m *MetricsImpl) EmitKey(key []string, val float32) { } func (m *MetricsImpl) IncrCounter(key []string, val float32) { - for _, s := range m.metricsSinks { - s.IncrCounter(key, val) - } + m.IncrCounterWithLabels(key, val, nil) } // IncrCounterWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.IncrCounterWithLabels(key, val, sanitizedLabels) @@ -146,13 +157,15 @@ func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels [] } func (m *MetricsImpl) AddSample(key []string, val float32) { - for _, s := range m.metricsSinks { - s.AddSample(key, val) - } + m.AddSampleWithLabels(key, val, nil) } // AddSampleWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.AddSampleWithLabels(key, val, sanitizedLabels) @@ -160,13 +173,15 @@ func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []La } func (m *MetricsImpl) MeasureSince(key []string, start time.Time) { - for _, s := range m.metricsSinks { - s.MeasureSince(key, start) - } + m.MeasureSinceWithLabels(key, start, nil) } // MeasureSinceWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) MeasureSinceWithLabels(key []string, start time.Time, labels []Label) { + if m.enableTrustDomainLabel { + labels = append(labels, Label{Name: TrustDomain, Value: m.c.TrustDomain}) + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.MeasureSinceWithLabels(key, start, sanitizedLabels) diff --git a/pkg/common/telemetry/prometheus_test.go b/pkg/common/telemetry/prometheus_test.go index 9a58b21d04..659d59ca47 100644 --- a/pkg/common/telemetry/prometheus_test.go +++ b/pkg/common/telemetry/prometheus_test.go @@ -82,6 +82,7 @@ func testPrometheusConfig() *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ // Let prometheus listen on a random port Prometheus: &PrometheusConfig{}, diff --git a/pkg/common/telemetry/statsd_test.go b/pkg/common/telemetry/statsd_test.go index d7cde716df..96d216d3cf 100644 --- a/pkg/common/telemetry/statsd_test.go +++ b/pkg/common/telemetry/statsd_test.go @@ -64,6 +64,7 @@ func testStatsdConfigWithPort(port int) *MetricsConfig { return &MetricsConfig{ Logger: l, ServiceName: "foo", + TrustDomain: "test.org", FileConfig: FileConfig{ Statsd: []StatsdConfig{ { diff --git a/pkg/server/server.go b/pkg/server/server.go index f34e143750..82f40b07d3 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -92,6 +92,7 @@ func (s *Server) run(ctx context.Context) (err error) { FileConfig: s.config.Telemetry, Logger: s.config.Log.WithField(telemetry.SubsystemName, telemetry.Telemetry), ServiceName: telemetry.SpireServer, + TrustDomain: s.config.TrustDomain.Name(), }) if err != nil { return err