Add auth attemp metrics

author: dcorbacho <dparracorbacho@piotal.io> 2020-08-26 15:42:40 +0100
committer: Michael Klishin <michael@clojurewerkz.org> 2020-10-14 05:17:49 +0300
commit: 6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5 (patch)
tree: 8eebf34330b3027cacac9dfe98d737ca1882a760
parent: 8093653362dc2282b8b7db060b11d987b1f2b282 (diff)
download: rabbitmq-server-git-6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 3b31513c69..12fc511df5 100644
--- a/Makefile
+++ b/Makefile
@@ -118,7 +118,8 @@ define PROJECT_ENV
 	    {writer_gc_threshold, 1000000000},
 	    %% interval at which connection/channel tracking executes post operations
 	    {tracking_execution_timeout, 15000},
-	    {stream_messages_soft_limit, 256}
+	    {stream_messages_soft_limit, 256},
+        {return_per_user_auth_attempt_metrics, false}
 	  ]
 endef
 
diff --git a/src/rabbit_reader.erl b/src/rabbit_reader.erl
index f9697c96e5..c4b4b1fd36 100644
--- a/src/rabbit_reader.erl
+++ b/src/rabbit_reader.erl
@@ -1413,15 +1413,19 @@ auth_phase(Response,
                                        auth_mechanism = {Name, AuthMechanism},
                                        auth_state     = AuthState},
                        sock = Sock}) ->
+    Ip = list_to_binary(inet:ntoa(Connection#connection.host)),
     case AuthMechanism:handle_response(Response, AuthState) of
         {refused, Username, Msg, Args} ->
+            rabbit_core_metrics:auth_attempt_failed(Ip, Username),
             auth_fail(Username, Msg, Args, Name, State);
         {protocol_error, Msg, Args} ->
+            rabbit_core_metrics:auth_attempt_failed(Ip, ""),
             notify_auth_result(none, user_authentication_failure,
                                [{error, rabbit_misc:format(Msg, Args)}],
                                State),
             rabbit_misc:protocol_error(syntax_error, Msg, Args);
         {challenge, Challenge, AuthState1} ->
+            rabbit_core_metrics:auth_attempt_succeeded(Ip, ""),
             Secure = #'connection.secure'{challenge = Challenge},
             ok = send_on_channel0(Sock, Secure, Protocol),
             State#v1{connection = Connection#connection{
@@ -1429,9 +1433,11 @@ auth_phase(Response,
         {ok, User = #user{username = Username}} ->
             case rabbit_access_control:check_user_loopback(Username, Sock) of
                 ok ->
+                    rabbit_core_metrics:auth_attempt_succeeded(Ip, Username),
                     notify_auth_result(Username, user_authentication_success,
                                        [], State);
                 not_allowed ->
+                    rabbit_core_metrics:auth_attempt_failed(Ip, Username),
                     auth_fail(Username, "user '~s' can only connect via "
                               "localhost", [Username], Name, State)
             end,
author	dcorbacho <dparracorbacho@piotal.io>	2020-08-26 15:42:40 +0100
committer	Michael Klishin <michael@clojurewerkz.org>	2020-10-14 05:17:49 +0300
commit	6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5 (patch)
tree	8eebf34330b3027cacac9dfe98d737ca1882a760
parent	8093653362dc2282b8b7db060b11d987b1f2b282 (diff)
download	rabbitmq-server-git-6f98f84ae2ab67a0d799e7a1e6d22bebdfa703e5.tar.gz