address comments

Signed-off-by: Sertaç Özercan <sozercan@users.noreply.github.com>
open-policy-agent · Nov 9, 2019 · 9e68577 · 9e68577
1 parent b6eda03
commit 9e68577
Show file tree

Hide file tree

Showing 11 changed files with 113 additions and 182 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/cmd/manager/main.go b/cmd/manager/main.go
@@ -63,11 +63,10 @@ func main() {
 
 	log := logf.Log.WithName("entrypoint")
 
-	e, err := metrics.NewMetricsExporter()
+	err := metrics.NewMetricsExporter()
 	if err != nil {
 		log.Error(err, "error initializing metrics exporter")
 	}
-	metrics.SetCurMetricsExporter(e)
 
 	// Get a config to talk to the apiserver
 	log.Info("setting up client for manager")

diff --git a/pkg/audit/manager.go b/pkg/audit/manager.go
@@ -242,11 +242,11 @@ func (am *AuditManager) writeAuditResults(ctx context.Context, resourceList *met
 		for _, item := range instanceList.Items {
 			updateConstraints[item.GetSelfLink()] = item
 
-			// report total violations and constraint counts
-			am.reporter.ReportTotalViolations(item.GetKind(), item.GetName(), totalViolations[item.GetSelfLink()])
-			am.reporter.ReportConstraints(item.GetKind(), int64(len(instanceList.Items)))
+			// report constraint counts and total violations
+			enforcementAction := updateLists[item.GetSelfLink()][0].enforcementAction
+			am.reporter.ReportConstraints(enforcementAction, int64(len(instanceList.Items)))
+			am.reporter.ReportTotalViolations(enforcementAction, totalViolations[item.GetSelfLink()])
 		}
-
 		if len(updateConstraints) > 0 {
 			if am.ucloop != nil {
 				close(am.ucloop.stop)

diff --git a/pkg/audit/stats_reporter.go b/pkg/audit/stats_reporter.go
@@ -11,20 +11,17 @@ import (
 )
 
 const (
-	totalViolationsName  = "violations_total"
-	constraintsTotalName = "constraints_total"
-	auditLatency         = "audit_latency"
-	methodType           = "audit"
+	totalViolationsName  = "total_violations"
+	totalConstraintsName = "total_constraints"
+	auditDuration        = "audit_duration"
 )
 
 var (
-	violationsTotalM  = stats.Int64(totalViolationsName, "Total number of violations per constraint", stats.UnitNone)
-	constraintsTotalM = stats.Int64(constraintsTotalName, "Total number of enforced constraints", stats.UnitNone)
-	auditLatencyM     = stats.Float64(auditLatency, "Latency of audit operation", stats.UnitMilliseconds)
+	violationsTotalM  = stats.Int64(totalViolationsName, "Total number of violations per constraint", stats.UnitDimensionless)
+	constraintsTotalM = stats.Int64(totalConstraintsName, "Total number of enforced constraints", stats.UnitDimensionless)
+	auditDurationM    = stats.Float64(auditDuration, "Latency of audit operation in seconds", "s")
 
-	methodTypeKey     = tag.MustNewKey("method_type")
-	constraintKindKey = tag.MustNewKey("constraint_kind")
-	constraintNameKey = tag.MustNewKey("constraint_name")
+	enforcementActionKey = tag.MustNewKey("enforcement_action")
 )
 
 func init() {
@@ -37,19 +34,18 @@ func register() {
 			Name:        totalViolationsName,
 			Measure:     violationsTotalM,
 			Aggregation: view.LastValue(),
-			TagKeys:     []tag.Key{methodTypeKey, constraintKindKey, constraintNameKey},
+			TagKeys:     []tag.Key{enforcementActionKey},
 		},
 		{
-			Name:        constraintsTotalName,
+			Name:        totalConstraintsName,
 			Measure:     constraintsTotalM,
 			Aggregation: view.LastValue(),
-			TagKeys:     []tag.Key{methodTypeKey, constraintKindKey},
+			TagKeys:     []tag.Key{enforcementActionKey},
 		},
 		{
-			Name:        auditLatency,
-			Measure:     auditLatencyM,
+			Name:        auditDuration,
+			Measure:     auditDurationM,
 			Aggregation: view.Distribution(1000, 2000, 3000, 4000, 5000, 6000, 7000, 8000, 9000, 10000, 11000, 12000, 13000, 14000, 15000),
-			TagKeys:     []tag.Key{methodTypeKey},
 		},
 	}
 
@@ -58,24 +54,21 @@ func register() {
 	}
 }
 
-func (r *reporter) ReportTotalViolations(constraintKind, constraintName string, v int64) error {
+func (r *reporter) ReportTotalViolations(enforcementAction string, v int64) error {
 	ctx, err := tag.New(
 		r.ctx,
-		tag.Insert(methodTypeKey, methodType),
-		tag.Insert(constraintKindKey, constraintKind),
-		tag.Insert(constraintNameKey, constraintName))
+		tag.Insert(enforcementActionKey, enforcementAction))
 	if err != nil {
 		return err
 	}
 
 	return r.report(ctx, violationsTotalM.M(v))
 }
 
-func (r *reporter) ReportConstraints(constraintKind string, v int64) error {
+func (r *reporter) ReportConstraints(enforcementAction string, v int64) error {
 	ctx, err := tag.New(
 		r.ctx,
-		tag.Insert(methodTypeKey, methodType),
-		tag.Insert(constraintKindKey, constraintKind))
+		tag.Insert(enforcementActionKey, enforcementAction))
 	if err != nil {
 		return err
 	}
@@ -84,21 +77,19 @@ func (r *reporter) ReportConstraints(constraintKind string, v int64) error {
 }
 
 func (r *reporter) ReportLatency(d time.Duration) error {
-	ctx, err := tag.New(
-		r.ctx,
-		tag.Insert(methodTypeKey, methodType))
+	ctx, err := tag.New(r.ctx)
 	if err != nil {
 		return err
 	}
 
-	// Convert time.Duration in nanoseconds to milliseconds
-	return r.report(ctx, auditLatencyM.M(float64(d/time.Millisecond)))
+	// Convert time.Duration in nanoseconds to seconds
+	return r.report(ctx, auditDurationM.M(float64(d/time.Second)))
 }
 
 // StatsReporter reports audit metrics
 type StatsReporter interface {
-	ReportTotalViolations(constraintKind, constraintName string, v int64) error
-	ReportConstraints(constraintKind string, v int64) error
+	ReportTotalViolations(enforcementAction string, v int64) error
+	ReportConstraints(enforcementAction string, v int64) error
 	ReportLatency(d time.Duration) error
 }
 

diff --git a/pkg/audit/stats_reporter_test.go b/pkg/audit/stats_reporter_test.go
@@ -10,17 +10,15 @@ import (
 func TestReportTotalViolations(t *testing.T) {
 	var expectedValue int64 = 10
 	expectedTags := map[string]string{
-		"constraint_kind": "testKind",
-		"constraint_name": "testConstraint",
-		"method_type":     "audit",
+		"enforcement_action": "deny",
 	}
 
 	r, err := NewStatsReporter()
 	if err != nil {
 		t.Errorf("NewStatsReporter() error %v", err)
 	}
 
-	err = r.ReportTotalViolations("testKind", "testConstraint", expectedValue)
+	err = r.ReportTotalViolations("deny", expectedValue)
 	if err != nil {
 		t.Errorf("ReportTotalViolations error %v", err)
 	}
@@ -45,22 +43,21 @@ func TestReportTotalViolations(t *testing.T) {
 func TestReportConstraints(t *testing.T) {
 	var expectedValue int64 = 10
 	expectedTags := map[string]string{
-		"constraint_kind": "testKind",
-		"method_type":     "audit",
+		"enforcement_action": "deny",
 	}
 
 	r, err := NewStatsReporter()
 	if err != nil {
 		t.Errorf("NewStatsReporter() error %v", err)
 	}
 
-	err = r.ReportConstraints("testKind", expectedValue)
+	err = r.ReportConstraints("deny", expectedValue)
 	if err != nil {
 		t.Errorf("ReportConstraints error %v", err)
 	}
-	row, err := view.RetrieveData(constraintsTotalName)
+	row, err := view.RetrieveData(totalConstraintsName)
 	if err != nil {
-		t.Errorf("Error when retrieving data: %v from %v", err, constraintsTotalName)
+		t.Errorf("Error when retrieving data: %v from %v", err, totalConstraintsName)
 	}
 	value, ok := row[0].Data.(*view.LastValueData)
 	if !ok {
@@ -72,19 +69,16 @@ func TestReportConstraints(t *testing.T) {
 		}
 	}
 	if int64(value.Value) != expectedValue {
-		t.Errorf("Metric: %v - Expected %v, got %v. ", constraintsTotalName, value.Value, expectedValue)
+		t.Errorf("Metric: %v - Expected %v, got %v. ", totalConstraintsName, value.Value, expectedValue)
 	}
 }
 
 func TestReportLatency(t *testing.T) {
-	expectedLatencyValueMin := time.Duration(100 * time.Millisecond)
-	expectedLatencyValueMax := time.Duration(500 * time.Millisecond)
+	expectedLatencyValueMin := time.Duration(100 * time.Second)
+	expectedLatencyValueMax := time.Duration(500 * time.Second)
 	var expectedLatencyCount int64 = 2
 	var expectedLatencyMin float64 = 100
 	var expectedLatencyMax float64 = 500
-	expectedTags := map[string]string{
-		"method_type": "audit",
-	}
 
 	r, err := NewStatsReporter()
 	if err != nil {
@@ -99,26 +93,21 @@ func TestReportLatency(t *testing.T) {
 	if err != nil {
 		t.Errorf("ReportLatency error %v", err)
 	}
-	row, err := view.RetrieveData(auditLatency)
+	row, err := view.RetrieveData(auditDuration)
 	if err != nil {
-		t.Errorf("Error when retrieving data: %v from %v", err, auditLatency)
+		t.Errorf("Error when retrieving data: %v from %v", err, auditDuration)
 	}
 	latencyValue, ok := row[0].Data.(*view.DistributionData)
 	if !ok {
 		t.Error("ReportLatency should have aggregation type Distribution")
 	}
-	for _, tag := range row[0].Tags {
-		if tag.Value != expectedTags[tag.Key.Name()] {
-			t.Errorf("ReportLatency tags does not match for %v", tag.Key.Name())
-		}
-	}
 	if latencyValue.Count != expectedLatencyCount {
-		t.Errorf("Metric: %v - Expected %v, got %v. ", auditLatency, latencyValue.Count, expectedLatencyCount)
+		t.Errorf("Metric: %v - Expected %v, got %v. ", auditDuration, latencyValue.Count, expectedLatencyCount)
 	}
 	if latencyValue.Min != expectedLatencyMin {
-		t.Errorf("Metric: %v - Expected %v, got %v. ", auditLatency, latencyValue.Min, expectedLatencyMin)
+		t.Errorf("Metric: %v - Expected %v, got %v. ", auditDuration, latencyValue.Min, expectedLatencyMin)
 	}
 	if latencyValue.Max != expectedLatencyMax {
-		t.Errorf("Metric: %v - Expected %v, got %v. ", auditLatency, latencyValue.Max, expectedLatencyMax)
+		t.Errorf("Metric: %v - Expected %v, got %v. ", auditDuration, latencyValue.Max, expectedLatencyMax)
 	}
 }
diff --git a/pkg/metrics/exporter.go b/pkg/metrics/exporter.go
@@ -15,13 +15,13 @@ var (
 )
 
 var (
-	metricsBackend = flag.String("metricsBackend", "Prometheus", "Backend used for metrics")
-	prometheusPort = flag.Int("prometheusPort", 9090, "Prometheus port")
+	metricsBackend = flag.String("metrics-backend", "Prometheus", "Backend used for metrics")
+	prometheusPort = flag.Int("prometheus-port", 9090, "Prometheus port for metrics backend")
 )
 
 const prometheusExporter = "prometheus"
 
-func NewMetricsExporter() (view.Exporter, error) {
+func NewMetricsExporter() error {
 	ce := getCurMetricsExporter()
 	// If there is a Prometheus Exporter server running, stop it.
 	resetCurPromSrv()
@@ -42,20 +42,19 @@ func NewMetricsExporter() (view.Exporter, error) {
 		err = fmt.Errorf("unsupported metrics backend %v", *metricsBackend)
 	}
 	if err != nil {
-		return nil, err
+		return err
 	}
-	return e, nil
+
+	metricsMux.Lock()
+	defer metricsMux.Unlock()
+	view.RegisterExporter(e)
+	curMetricsExporter = e
+
+	return nil
 }
 
 func getCurMetricsExporter() view.Exporter {
 	metricsMux.RLock()
 	defer metricsMux.RUnlock()
 	return curMetricsExporter
 }
-
-func SetCurMetricsExporter(e view.Exporter) {
-	metricsMux.Lock()
-	defer metricsMux.Unlock()
-	view.RegisterExporter(e)
-	curMetricsExporter = e
-}
diff --git a/pkg/metrics/record_test.go b/pkg/metrics/record_test.go
@@ -10,7 +10,7 @@ import (
 
 func TestRecord(t *testing.T) {
 	const measureName = "test_total"
-	testM := stats.Int64(measureName, measureName, stats.UnitNone)
+	testM := stats.Int64(measureName, measureName, stats.UnitDimensionless)
 	var expectedValue int64 = 10
 
 	ctx := context.Background()