[
https://issues.apache.org/jira/browse/ARTEMIS-4306?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17750845#comment-17750845
]
Justin Bertram edited comment on ARTEMIS-4306 at 8/3/23 5:54 PM:
-----------------------------------------------------------------
I linked the original discussion in the description. I think success & failure
counts for both authn & authz are a good place to start. The user in the email
thread requested individual success & failure counts for a handful of
individual permission types, but I'm not convinced of the utility of those. In
my opinion it doesn't make sense to provide metrics for only _some_ of the
permission types and there are [10 permission
types|https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses]
so that would be 20 metrics for authz rather than just 2. At this point I just
don't see the justification for the additional complexity that would add.
We can get metrics for both authn & authz caches mostly for free by using
Micrometer's [cache
integration|https://github.com/micrometer-metrics/micrometer/tree/main/micrometer-core/src/main/java/io/micrometer/core/instrument/binder/cache]
similar to what's already been done with various system metrics (recent work
via ARTEMIS-4292).
Lastly, there needs to be a flag to enable/disable these metrics like there is
for the [JVM, Netty,
etc.|https://activemq.apache.org/components/artemis/documentation/latest/metrics.html#configuration]
was (Author: jbertram):
I linked the original discussion in the description. I think success & failure
counts for both authn & authz are a good place to start. The user in the email
thread requested individual success & failure counts for a handful of
individual permission types, but I'm not convinced of the utility of those. In
my opinion it doesn't make sense to provide metrics for only _some_ of the
permission types and there are [10 permission
types|https://activemq.apache.org/components/artemis/documentation/latest/security.html#role-based-security-for-addresses]
so that would be 20 metrics for authz rather than just 2. At this point I just
don't see the justification for the additional complexity that would add.
We can get metrics for both authn & authz caches mostly for free by using
Micrometer's [cache
integration|https://github.com/micrometer-metrics/micrometer/tree/main/micrometer-core/src/main/java/io/micrometer/core/instrument/binder/cache].
Lastly, there needs to be a flag to enable/disable these metrics like there is
for the [JVM, Netty,
etc.|https://activemq.apache.org/components/artemis/documentation/latest/metrics.html#configuration]
> Add authn/z metrics
> -------------------
>
> Key: ARTEMIS-4306
> URL: https://issues.apache.org/jira/browse/ARTEMIS-4306
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Reporter: Justin Bertram
> Priority: Major
>
> It would be useful to have metrics for authn/z successes and failures as well
> as for metrics related to the corresponding caches.
> See this discussion on the users mailing list for more details:
> https://lists.apache.org/thread/g6ygyo4kb3xhygq8hpw7vsl3l2g5qt92
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
