diff --git a/doc/telemetry/telemetry_config.md b/doc/telemetry/telemetry_config.md index b7584de4f5..54500bd509 100644 --- a/doc/telemetry/telemetry_config.md +++ b/doc/telemetry/telemetry_config.md @@ -16,20 +16,22 @@ You may use all, some, or none of the collectors. The following collectors suppo ## Telemetry configuration syntax -| Configuration | Type | Description | Default | -|-----------------------|---------------|---------------------------------------------------------------|--------------------------| -| `InMem` | `InMem` | In-memory configuration | running | -| `Prometheus` | `Prometheus` | Prometheus configuration | | -| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | -| `Statsd` | `[]Statsd` | List of Statsd configurations | | -| `M3` | `[]M3` | List of M3 configurations | | -| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | -| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | -| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | -| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | -| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | +| Configuration | Type | Description | Default | +|--------------------------|---------------|---------------------------------------------------------------|--------------------------| +| `InMem` | `InMem` | In-memory configuration | running | +| `Prometheus` | `Prometheus` | Prometheus configuration | | +| `DogStatsd` | `[]DogStatsd` | List of DogStatsd configurations | | +| `Statsd` | `[]Statsd` | List of Statsd configurations | | +| `M3` | `[]M3` | List of M3 configurations | | +| `MetricPrefix` | `string` | Prefix to add to all emitted metrics | spire_server/spire_agent | +| `TrustDomain` | `string` | Optional label value for all metrics | | +| `EnableTrustDomainLabel` | `bool` | Enable optional trust domain label for all metrics | false | +| `EnableHostnameLabel` | `bool` | Enable adding hostname to labels | true | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `AllowedPrefixes` | `[]string` | A list of metric prefixes to allow, with '.' as the separator | | +| `BlockedPrefixes` | `[]string` | A list of metric prefixes to block, with '.' as the separator | | +| `AllowedLabels` | `[]string` | A list of metric labels to allow, with '.' as the separator | | +| `BlockedLabels` | `[]string` | A list of metric labels to block, with '.' as the separator | | ### `Prometheus` @@ -79,7 +81,8 @@ telemetry { ] InMem {} - + TrustDomain = "example.org" + EnaEnableTrustDomainLabel = true AllowedLabels = [] BlockedLabels = [] AllowedPrefixes = [] diff --git a/pkg/common/telemetry/config.go b/pkg/common/telemetry/config.go index 33783a0ed6..7d6909d816 100644 --- a/pkg/common/telemetry/config.go +++ b/pkg/common/telemetry/config.go @@ -19,12 +19,14 @@ type FileConfig struct { M3 []M3Config `hcl:"M3"` InMem *InMem `hcl:"InMem"` - MetricPrefix string `hcl:"MetricPrefix"` - EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` - AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator - BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator - AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator - BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator + MetricPrefix string `hcl:"MetricPrefix"` + TrustDomain *string `hcl:"TrustDomain"` + EnableTrustDomainLabel *bool `hcl:"EnableTrustDomainLabel"` + EnableHostnameLabel *bool `hcl:"EnableHostnameLabel"` + AllowedPrefixes []string `hcl:"AllowedPrefixes"` // A list of metric prefixes to allow, with '.' as the separator + BlockedPrefixes []string `hcl:"BlockedPrefixes"` // A list of metric prefixes to block, with '.' as the separator + AllowedLabels []string `hcl:"AllowedLabels"` // A list of metric labels to allow, with '.' as the separator + BlockedLabels []string `hcl:"BlockedLabels"` // A list of metric labels to block, with '.' as the separator UnusedKeyPositions map[string][]token.Pos `hcl:",unusedKeyPositions"` } diff --git a/pkg/common/telemetry/metrics.go b/pkg/common/telemetry/metrics.go index 1cf1dcf041..f6078c9d4f 100644 --- a/pkg/common/telemetry/metrics.go +++ b/pkg/common/telemetry/metrics.go @@ -11,6 +11,9 @@ import ( const timerGranularity = time.Millisecond +// EnableTrustDomainLabel is the value for the custom TrustDomain label/tag for a metric +var trustDomain = "" + // Label is a label/tag for a metric type Label = metrics.Label @@ -83,6 +86,11 @@ func NewMetrics(c *MetricsConfig) (*MetricsImpl, error) { } else { conf.EnableHostnameLabel = true } + + if c.FileConfig.EnableTrustDomainLabel != nil && c.FileConfig.TrustDomain != nil && *c.FileConfig.EnableTrustDomainLabel { + trustDomain = *c.FileConfig.TrustDomain + } + conf.EnableTypePrefix = runner.requiresTypePrefix() conf.AllowedLabels = c.FileConfig.AllowedLabels conf.BlockedLabels = c.FileConfig.BlockedLabels @@ -112,13 +120,27 @@ func (m *MetricsImpl) ListenAndServe(ctx context.Context) error { } func (m *MetricsImpl) SetGauge(key []string, val float32) { - for _, s := range m.metricsSinks { - s.SetGauge(key, val) + if trustDomain != "" { + m.SetGaugeWithLabels(key, val, []Label{}) + } else { + for _, s := range m.metricsSinks { + s.SetGauge(key, val) + } } } // SetGaugeWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) SetGaugeWithLabels(key []string, val float32, labels []Label) { + if trustDomain != "" { + for i, label := range labels { + if label.Name == TrustDomainID { + label.Value = trustDomain + } + } + } + + // or optionally, the label could have another name instead of TrustDomainID and just append that to the list of exsiting labels. + // labels = append(labels, Label{Name: TrustDomain, Value: trustDomain}) sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.SetGaugeWithLabels(key, val, sanitizedLabels) @@ -132,13 +154,25 @@ func (m *MetricsImpl) EmitKey(key []string, val float32) { } func (m *MetricsImpl) IncrCounter(key []string, val float32) { - for _, s := range m.metricsSinks { - s.IncrCounter(key, val) + if trustDomain != "" { + m.IncrCounterWithLabels(key, val, []Label{}) + } else { + for _, s := range m.metricsSinks { + s.IncrCounter(key, val) + } } } // IncrCounterWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels []Label) { + if trustDomain != "" { + for i, label := range labels { + if label.Name == TrustDomainID { + label.Value = trustDomain + } + } + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.IncrCounterWithLabels(key, val, sanitizedLabels) @@ -146,13 +180,25 @@ func (m *MetricsImpl) IncrCounterWithLabels(key []string, val float32, labels [] } func (m *MetricsImpl) AddSample(key []string, val float32) { - for _, s := range m.metricsSinks { - s.AddSample(key, val) + if trustDomain != "" { + m.AddSampleWithLabels(key, val, []Label{}) + } else { + for _, s := range m.metricsSinks { + s.AddSample(key, val) + } } } // AddSampleWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []Label) { + if trustDomain != "" { + for i, label := range labels { + if label.Name == TrustDomainID { + label.Value = trustDomain + } + } + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.AddSampleWithLabels(key, val, sanitizedLabels) @@ -160,13 +206,25 @@ func (m *MetricsImpl) AddSampleWithLabels(key []string, val float32, labels []La } func (m *MetricsImpl) MeasureSince(key []string, start time.Time) { - for _, s := range m.metricsSinks { - s.MeasureSince(key, start) + if trustDomain != "" { + m.MeasureSinceWithLabels(key, start, []Label{}) + } else { + for _, s := range m.metricsSinks { + s.MeasureSince(key, start) + } } } // MeasureSinceWithLabels delegates to embedded metrics, sanitizing labels func (m *MetricsImpl) MeasureSinceWithLabels(key []string, start time.Time, labels []Label) { + if trustDomain != "" { + for i, label := range labels { + if label.Name == TrustDomainID { + label.Value = trustDomain + } + } + } + sanitizedLabels := SanitizeLabels(labels) for _, s := range m.metricsSinks { s.MeasureSinceWithLabels(key, start, sanitizedLabels) diff --git a/pkg/common/telemetry/names.go b/pkg/common/telemetry/names.go index 2ee2dfc43e..fe5be2af7a 100644 --- a/pkg/common/telemetry/names.go +++ b/pkg/common/telemetry/names.go @@ -604,6 +604,9 @@ const ( // TrustDomainID tags the ID of some trust domain TrustDomainID = "trust_domain_id" + // TrustDomainName tags the custom trust domain name provided for telemetry + TrustDomainName = "trust_domain_name" + // Unknown tags some unknown caller, entity, or status Unknown = "unknown"