From eac21fdffa877a1f23c9804a1b72efe6c7112ab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Mary-Vall=C3=A9e?= Date: Wed, 15 Dec 2021 18:38:54 +0100 Subject: [PATCH 1/5] Added feature: UUID obfuscation in URI label with URI_METRICS_DETAILED enabled --- README.md | 19 +++++++++++++++++++ .../keycloak/metrics/ResourceExtractor.java | 13 +++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c14e3d8..6b76056 100644 --- a/README.md +++ b/README.md @@ -375,6 +375,25 @@ keycloak_request_duration_count{code="200",method="GET",resource="admin,admin/se keycloak_request_duration_sum{code="200",method="GET",resource="admin,admin/serverinfo",uri="",} 19.0 ``` +To replace `users` or `clients` UUID values by a generic `{id}` with ```URI_METRICS_DETAILED``` enabled, +set ```URI_METRICS_UUID_HIDED``` to `true` + +```c +# HELP keycloak_request_duration Request duration +# TYPE keycloak_request_duration histogram +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="50.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="100.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="250.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="500.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="1000.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="2000.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="10000.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="30000.0",} 6.0 +keycloak_request_duration_bucket{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",le="+Inf",} 6.0 +keycloak_request_duration_count{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",} 6.0 +keycloak_request_duration_sum{code="200",method="GET",resource="admin,admin/realms",uri="admin/realms/master/users/{id}",} 41.0 +``` + ## External Access To disable metrics being externally accessible to a cluster. Set the environment variable 'DISABLE_EXTERNAL_ACCESS'. Once set enable the header 'X-Forwarded-Host' on your proxy. This is enabled by default on HA Proxy on Openshift. diff --git a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java index b00fc26..c7ebf5b 100644 --- a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java +++ b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java @@ -13,6 +13,7 @@ class ResourceExtractor { private static final boolean URI_METRICS_ENABLED = Boolean.parseBoolean(System.getenv("URI_METRICS_ENABLED")); private static final boolean URI_METRICS_DETAILED = Boolean.parseBoolean(System.getenv("URI_METRICS_DETAILED")); private static final String URI_METRICS_FILTER = System.getenv("URI_METRICS_FILTER"); + private static final boolean URI_METRICS_UUID_HIDED = Boolean.parseBoolean(System.getenv("URI_METRICS_UUID_HIDED")); private ResourceExtractor() { } @@ -89,13 +90,21 @@ private static StringBuilder getURIDetailed(StringBuilder sb, List match String uri = matchedURIs.get(0); if (URI_METRICS_DETAILED) { - sb.append(uri); + if (URI_METRICS_UUID_HIDED) { + String[] realm = uri.split("/"); + if (realm.length > 4 && (realm[3].equals("clients") || realm[3].equals("users"))) { + uri = uri.replace(realm[4], "{id}"); + } + sb.append(uri); + } else { + sb.append(uri); + } } else { String[] realm = uri.split("/"); if (realm.length != 1) { if (uri.startsWith("admin/realms/")) { uri = uri.replace(realm[2], "{realm}"); - if (realm.length > 4 && realm[3].equals("clients")) { + if (realm.length > 4 && (realm[3].equals("clients") || realm[3].equals("users"))) { uri = uri.replace(realm[4], "{id}"); } } From 8ad187cec75cf012ff4855eec71ca62906672474 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Mary-Vall=C3=A9e?= <96186940+comemaryvallee@users.noreply.github.com> Date: Thu, 16 Dec 2021 14:37:43 +0100 Subject: [PATCH 2/5] Fix variable name --- .../jboss/aerogear/keycloak/metrics/ResourceExtractor.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java index c7ebf5b..dc295bb 100644 --- a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java +++ b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java @@ -13,7 +13,7 @@ class ResourceExtractor { private static final boolean URI_METRICS_ENABLED = Boolean.parseBoolean(System.getenv("URI_METRICS_ENABLED")); private static final boolean URI_METRICS_DETAILED = Boolean.parseBoolean(System.getenv("URI_METRICS_DETAILED")); private static final String URI_METRICS_FILTER = System.getenv("URI_METRICS_FILTER"); - private static final boolean URI_METRICS_UUID_HIDED = Boolean.parseBoolean(System.getenv("URI_METRICS_UUID_HIDED")); + private static final boolean URI_METRICS_UUID_HIDDEN = Boolean.parseBoolean(System.getenv("URI_METRICS_UUID_HIDDEN")); private ResourceExtractor() { } @@ -90,7 +90,7 @@ private static StringBuilder getURIDetailed(StringBuilder sb, List match String uri = matchedURIs.get(0); if (URI_METRICS_DETAILED) { - if (URI_METRICS_UUID_HIDED) { + if (URI_METRICS_UUID_HIDDEN) { String[] realm = uri.split("/"); if (realm.length > 4 && (realm[3].equals("clients") || realm[3].equals("users"))) { uri = uri.replace(realm[4], "{id}"); From 95514e32fa6f7c9cde53b78bfc763ad601f0a497 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Mary-Vall=C3=A9e?= <96186940+comemaryvallee@users.noreply.github.com> Date: Thu, 16 Dec 2021 14:38:20 +0100 Subject: [PATCH 3/5] Fix variable name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6b76056..3e17d17 100644 --- a/README.md +++ b/README.md @@ -376,7 +376,7 @@ keycloak_request_duration_sum{code="200",method="GET",resource="admin,admin/serv ``` To replace `users` or `clients` UUID values by a generic `{id}` with ```URI_METRICS_DETAILED``` enabled, -set ```URI_METRICS_UUID_HIDED``` to `true` +set ```URI_METRICS_UUID_HIDDEN``` to `true` ```c # HELP keycloak_request_duration Request duration From 6ef1e4d1218bdc4d9c1be64276681f6846ec809c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Mary-Vall=C3=A9e?= <96186940+comemaryvallee@users.noreply.github.com> Date: Thu, 16 Dec 2021 14:38:30 +0100 Subject: [PATCH 4/5] Fix variable name From c63ead708df81c1ad13ede0b10cd31dbbc92d87f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=B4me=20Mary-Vall=C3=A9e?= Date: Thu, 10 Feb 2022 11:46:51 +0100 Subject: [PATCH 5/5] Modified UUID obfuscation code to hide every occurence via regex --- .../jboss/aerogear/keycloak/metrics/ResourceExtractor.java | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java index dc295bb..ad5a0ca 100644 --- a/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java +++ b/src/main/java/org/jboss/aerogear/keycloak/metrics/ResourceExtractor.java @@ -91,10 +91,7 @@ private static StringBuilder getURIDetailed(StringBuilder sb, List match if (URI_METRICS_DETAILED) { if (URI_METRICS_UUID_HIDDEN) { - String[] realm = uri.split("/"); - if (realm.length > 4 && (realm[3].equals("clients") || realm[3].equals("users"))) { - uri = uri.replace(realm[4], "{id}"); - } + uri = uri.replaceAll("\\w{8}-\\w{4}-\\w{4}-\\w{4}-\\w{12}", "{id}"); sb.append(uri); } else { sb.append(uri);