-
Notifications
You must be signed in to change notification settings - Fork 743
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add opencensus metrics and prom exporter Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * prom exporter test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * record test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * address comments Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update opencensus v0.22.2 Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * address comments Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * change default port Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * fix defer Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * fix auditduration name in test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix expected port in test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * move total constraints to controller Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update with new map for cache Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix when cache doesn't include remaining tags Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * Update kind to v0.6.0 (#303) * update kind version to 0.6.0 Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * remove deprecated command Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * set TERM to disable fancy output Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * err check Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * make vendor Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix rebase Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix lint Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * add lock to delete and nested loop for known status/action Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * defer Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * requestResponse type Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * shared mutex Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * move reportMetrics Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * anonymous constraintcache Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * unexport Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * add test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix test nits Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * return err Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * added log.fatal Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * return to manager Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * remove goroutine Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix test Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * fix lint Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * handle stop Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> * update Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * update Signed-off-by: Sertaç Özercan <sozercan@gmail.com> * Use namespace of Pod as namespace for cert secret (#347) Fixes #346 Signed-off-by: Max Smythe <smythe@google.com> * Add capability PSP control aspect to library (#340) * Add capability PSP control aspect to library Signed-off-by: Max Smythe <smythe@google.com> * Update PSP library README Signed-off-by: Max Smythe <smythe@google.com> * Fix template kind Signed-off-by: Max Smythe <smythe@google.com> Signed-off-by: Sertaç Özercan <sozercan@gmail.com>
- Loading branch information
Showing
100 changed files
with
8,132 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
package audit | ||
|
||
import ( | ||
"context" | ||
"time" | ||
|
||
"github.com/open-policy-agent/gatekeeper/pkg/metrics" | ||
"github.com/open-policy-agent/gatekeeper/pkg/util" | ||
"go.opencensus.io/stats" | ||
"go.opencensus.io/stats/view" | ||
"go.opencensus.io/tag" | ||
) | ||
|
||
const ( | ||
totalViolationsName = "total_violations" | ||
auditDurationName = "audit_duration_seconds" | ||
) | ||
|
||
var ( | ||
violationsTotalM = stats.Int64(totalViolationsName, "Total number of violations per constraint", stats.UnitDimensionless) | ||
auditDurationM = stats.Float64(auditDurationName, "Latency of audit operation in seconds", stats.UnitSeconds) | ||
|
||
enforcementActionKey = tag.MustNewKey("enforcement_action") | ||
) | ||
|
||
func init() { | ||
if err := register(); err != nil { | ||
panic(err) | ||
} | ||
} | ||
|
||
func register() error { | ||
views := []*view.View{ | ||
{ | ||
Name: totalViolationsName, | ||
Measure: violationsTotalM, | ||
Aggregation: view.LastValue(), | ||
TagKeys: []tag.Key{enforcementActionKey}, | ||
}, | ||
{ | ||
Name: auditDurationName, | ||
Measure: auditDurationM, | ||
Aggregation: view.Distribution(0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.8, 0.9, 1, 2, 3, 4, 5), | ||
}, | ||
} | ||
return view.Register(views...) | ||
} | ||
|
||
func (r *reporter) ReportTotalViolations(enforcementAction util.EnforcementAction, v int64) error { | ||
ctx, err := tag.New( | ||
r.ctx, | ||
tag.Insert(enforcementActionKey, string(enforcementAction))) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return r.report(ctx, violationsTotalM.M(v)) | ||
} | ||
|
||
func (r *reporter) ReportLatency(d time.Duration) error { | ||
ctx, err := tag.New(r.ctx) | ||
if err != nil { | ||
return err | ||
} | ||
|
||
return r.report(ctx, auditDurationM.M(d.Seconds())) | ||
} | ||
|
||
// StatsReporter reports audit metrics | ||
type StatsReporter interface { | ||
ReportTotalViolations(enforcementAction util.EnforcementAction, v int64) error | ||
ReportLatency(d time.Duration) error | ||
} | ||
|
||
// newStatsReporter creaters a reporter for audit metrics | ||
func newStatsReporter() (StatsReporter, error) { | ||
ctx, err := tag.New( | ||
context.Background(), | ||
) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return &reporter{ctx: ctx}, nil | ||
} | ||
|
||
type reporter struct { | ||
ctx context.Context | ||
} | ||
|
||
func (r *reporter) report(ctx context.Context, m stats.Measurement) error { | ||
return metrics.Record(ctx, m) | ||
} |
Oops, something went wrong.