Billing metrics always contains `anon' user. #321

New issue

Closed

opened 2024-02-22 14:05:57 +00:00 by dkirillov · 1 comment

dkirillov commented 2024-02-22 14:05:57 +00:00

Member

Copy link

Billing metrics

$ curl http://localhost:8086/metrics/billing
# HELP frostfs_s3_gw_billing_user_requests Accumulated user requests
# TYPE frostfs_s3_gw_billing_user_requests counter
frostfs_s3_gw_billing_user_requests{bucket="test2",cid="Erv2GCQQq1gkRKchMpe1o4tsH3U6SvFz1PQqRRHoi4pP",operation="PUT",user="anon"} 1

always contains anon instead of actual owner id.

Expected Behavior

Metric contains actual owner ID.

Current Behavior

Metric contains anon for authenticated requests.

Possible Solution

There are two possible solutions I see:

• Change order of middlwares (put s3middleware.Metrics after s3middleware.Auth)

diff --git a/api/router.go b/api/router.go
index 1e7cf80e..2606441d 100644
--- a/api/router.go
+++ b/api/router.go
@@ -127,9 +127,9 @@ func NewRouter(cfg Config) *chi.Mux {
                middleware.ThrottleWithOpts(cfg.Throttle),
                middleware.Recoverer,
                s3middleware.Tracing(),
-               s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.MiddlewareSettings),
                s3middleware.LogSuccessResponse(cfg.Log),
                s3middleware.Auth(cfg.Center, cfg.Log),
+               s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.MiddlewareSettings),
        )
 
        if cfg.FrostFSIDValidation {

But this leads to no counting requests that fail authentication and don't count authentication in result request duration.

• Instead of resolving user from ctx get it from ReqInfo (s3middleware.Auth must put proper owner id into it)

diff --git a/api/middleware/auth.go b/api/middleware/auth.go
index b35ef126..76984025 100644
--- a/api/middleware/auth.go
+++ b/api/middleware/auth.go
@@ -46,6 +46,8 @@ func Auth(center Center, log *zap.Logger) Func {
        return func(h http.Handler) http.Handler {
                return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
                        ctx := r.Context()
+                       reqInfo := GetReqInfo(ctx)
+                       reqInfo.User = "anon"
                        box, err := center.Authenticate(r)
                        if err != nil {
                                if err == ErrNoAuthorizationHeader {
@@ -64,6 +66,10 @@ func Auth(center Center, log *zap.Logger) Func {
                                        ctx = SetClientTime(ctx, box.ClientTime)
                                }
                                ctx = SetAuthHeaders(ctx, box.AuthHeaders)
+
+                               if box.AccessBox.Gate.BearerToken != nil {
+                                       reqInfo.User = bearer.ResolveIssuer(*box.AccessBox.Gate.BearerToken).String()
+                               }
                        }
 
                        h.ServeHTTP(w, r.WithContext(ctx))
diff --git a/api/middleware/metrics.go b/api/middleware/metrics.go
index 1370c3bc..273b4b96 100644
--- a/api/middleware/metrics.go
+++ b/api/middleware/metrics.go
@@ -80,7 +80,7 @@ func stats(f http.HandlerFunc, resolveCID cidResolveFunc, appMetrics *metrics.Ap
                // simply for the fact that it is not human-readable.
                durationSecs := time.Since(statsWriter.startTime).Seconds()
 
-               user := resolveUser(r.Context())
+               user := reqInfo.User
                cnrID := resolveCID(r.Context(), reqInfo)
                appMetrics.Update(user, reqInfo.BucketName, cnrID, settings.ResolveNamespaceAlias(reqInfo.Namespace),
                        requestTypeFromAPI(reqInfo.API), in.countBytes, out.countBytes)
diff --git a/api/middleware/reqinfo.go b/api/middleware/reqinfo.go
index 1c016079..6b8b2809 100644
--- a/api/middleware/reqinfo.go
+++ b/api/middleware/reqinfo.go
@@ -35,6 +35,7 @@ type (
                RequestID    string   // x-amz-request-id
                API          string   // API name -- GetObject PutObject NewMultipartUpload etc.
                BucketName   string   // Bucket name
+               User         string   // User owner id
                ObjectName   string   // Object name
                TraceID      string   // Trace ID
                URL          *url.URL // Request url

Steps to Reproduce (for bugs)

1. Create bucket

$ aws   s3api --endpoint http://localhost:8084  create-bucket --bucket test

2. Put object

$ s3api --endpoint http://localhost:8084  put-object --bucket test --key mtp 
{
    "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
}

3. Get metrics

$ curl http://localhost:8086/metrics/billing
# HELP frostfs_s3_gw_billing_user_requests Accumulated user requests
# TYPE frostfs_s3_gw_billing_user_requests counter
frostfs_s3_gw_billing_user_requests{bucket="test2",cid="Erv2GCQQq1gkRKchMpe1o4tsH3U6SvFz1PQqRRHoi4pP",operation="PUT",user="anon"} 1

Context

This metric is used to make billing, so we need to have properly owner id.

Regression

Yes. This #149 pr changed middlewares order.

Your Environment

• Version used: 391fc9cbe3
• Server setup and configuration: devenv

Billing metrics ``` $ curl http://localhost:8086/metrics/billing # HELP frostfs_s3_gw_billing_user_requests Accumulated user requests # TYPE frostfs_s3_gw_billing_user_requests counter frostfs_s3_gw_billing_user_requests{bucket="test2",cid="Erv2GCQQq1gkRKchMpe1o4tsH3U6SvFz1PQqRRHoi4pP",operation="PUT",user="anon"} 1 ``` always contains `anon` instead of actual owner id. ## Expected Behavior Metric contains actual owner ID. ## Current Behavior Metric contains `anon` for authenticated requests. ## Possible Solution There are two possible solutions I see: * Change [order of middlwares](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/src/commit/391fc9cbe3c95b26bd5dc684a9c09bed0a6e6865/api/router.go#L130-L132) (put `s3middleware.Metrics` after `s3middleware.Auth`) ```diff diff --git a/api/router.go b/api/router.go index 1e7cf80e..2606441d 100644 --- a/api/router.go +++ b/api/router.go @@ -127,9 +127,9 @@ func NewRouter(cfg Config) *chi.Mux { middleware.ThrottleWithOpts(cfg.Throttle), middleware.Recoverer, s3middleware.Tracing(), - s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.MiddlewareSettings), s3middleware.LogSuccessResponse(cfg.Log), s3middleware.Auth(cfg.Center, cfg.Log), + s3middleware.Metrics(cfg.Log, cfg.Handler.ResolveBucket, cfg.Metrics, cfg.MiddlewareSettings), ) if cfg.FrostFSIDValidation { ``` But this leads to no counting requests that fail authentication and don't count authentication in result request duration. * Instead of [resolving user from ctx](https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/src/commit/391fc9cbe3c95b26bd5dc684a9c09bed0a6e6865/api/middleware/metrics.go#L83) get it from `ReqInfo` (`s3middleware.Auth` must put proper owner id into it) ```diff diff --git a/api/middleware/auth.go b/api/middleware/auth.go index b35ef126..76984025 100644 --- a/api/middleware/auth.go +++ b/api/middleware/auth.go @@ -46,6 +46,8 @@ func Auth(center Center, log *zap.Logger) Func { return func(h http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { ctx := r.Context() + reqInfo := GetReqInfo(ctx) + reqInfo.User = "anon" box, err := center.Authenticate(r) if err != nil { if err == ErrNoAuthorizationHeader { @@ -64,6 +66,10 @@ func Auth(center Center, log *zap.Logger) Func { ctx = SetClientTime(ctx, box.ClientTime) } ctx = SetAuthHeaders(ctx, box.AuthHeaders) + + if box.AccessBox.Gate.BearerToken != nil { + reqInfo.User = bearer.ResolveIssuer(*box.AccessBox.Gate.BearerToken).String() + } } h.ServeHTTP(w, r.WithContext(ctx)) diff --git a/api/middleware/metrics.go b/api/middleware/metrics.go index 1370c3bc..273b4b96 100644 --- a/api/middleware/metrics.go +++ b/api/middleware/metrics.go @@ -80,7 +80,7 @@ func stats(f http.HandlerFunc, resolveCID cidResolveFunc, appMetrics *metrics.Ap // simply for the fact that it is not human-readable. durationSecs := time.Since(statsWriter.startTime).Seconds() - user := resolveUser(r.Context()) + user := reqInfo.User cnrID := resolveCID(r.Context(), reqInfo) appMetrics.Update(user, reqInfo.BucketName, cnrID, settings.ResolveNamespaceAlias(reqInfo.Namespace), requestTypeFromAPI(reqInfo.API), in.countBytes, out.countBytes) diff --git a/api/middleware/reqinfo.go b/api/middleware/reqinfo.go index 1c016079..6b8b2809 100644 --- a/api/middleware/reqinfo.go +++ b/api/middleware/reqinfo.go @@ -35,6 +35,7 @@ type ( RequestID string // x-amz-request-id API string // API name -- GetObject PutObject NewMultipartUpload etc. BucketName string // Bucket name + User string // User owner id ObjectName string // Object name TraceID string // Trace ID URL *url.URL // Request url ``` ## Steps to Reproduce (for bugs) 1. Create bucket ``` $ aws s3api --endpoint http://localhost:8084 create-bucket --bucket test ``` 2. Put object ``` $ s3api --endpoint http://localhost:8084 put-object --bucket test --key mtp { "ETag": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" } ``` 3. Get metrics ``` $ curl http://localhost:8086/metrics/billing # HELP frostfs_s3_gw_billing_user_requests Accumulated user requests # TYPE frostfs_s3_gw_billing_user_requests counter frostfs_s3_gw_billing_user_requests{bucket="test2",cid="Erv2GCQQq1gkRKchMpe1o4tsH3U6SvFz1PQqRRHoi4pP",operation="PUT",user="anon"} 1 ``` ## Context This metric is used to make billing, so we need to have properly owner id. ## Regression Yes. This #149 pr changed middlewares order. ## Your Environment <!--- Include as many relevant details about the environment you experienced the bug in --> * Version used: https://git.frostfs.info/TrueCloudLab/frostfs-s3-gw/commit/391fc9cbe3c95b26bd5dc684a9c09bed0a6e6865 * Server setup and configuration: devenv

dkirillov added the

bug

label 2024-02-22 14:05:57 +00:00

alexvanin commented 2024-02-26 08:41:45 +00:00

Owner

Copy link

I don't like an idea of changing middleware order, so second option does look better. Let's do that.

I don't like an idea of changing middleware order, so second option does look better. Let's do that.

alexvanin added this to the v0.29.0 milestone 2024-02-26 08:41:54 +00:00

alexvanin modified the milestone from v0.29.0 to v0.28.2 2024-02-26 08:45:41 +00:00

mbiryukova self-assigned this 2024-02-26 11:12:00 +00:00

mbiryukova referenced this issue from a pull request that will close it, 2024-02-26 13:22:04 +00:00

[#321] Use correct owner id in billing metrics #322

mbiryukova referenced this issue from a pull request that will close it, 2024-02-26 14:15:39 +00:00

[#321] Use correct owner id in billing metrics #323

alexvanin closed this issue 2024-02-28 08:50:13 +00:00

alexvanin referenced this issue from a commit 2024-02-28 08:50:14 +00:00

[#321] Use correct owner id in billing metrics

alexvanin referenced this issue from a commit 2024-02-28 14:27:04 +00:00

[#321] Use correct owner id in billing metrics

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

support/v0.32

support/v0.31

support/v0.30

support/v0.29

support/v0.28

support/v0.27

v0.32.10

v0.32.9

v0.32.8

v0.32.7

v0.32.6

v0.32.5

v0.32.4

v0.32.3

v0.32.2

v0.32.1

v0.33.0-pre

v0.32.0

v0.31.3

v0.31.2

v0.30.9

v0.31.1

v0.31.0

v0.31.0-rc.6

v0.31.0-rc.5

v0.31.0-rc.4

v0.30.8

v0.31.0-rc.3

v0.30.7

v0.31.0-rc.2

v0.31.0-rc.1

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.30.0-rc.5

v0.29.2

v0.30.0-rc.4

v0.30.0-rc.3

v0.30.0-rc.2

v0.29.1

v0.30.0-rc.1

v0.29.0

v0.28.2

v0.29.0-rc.11

v0.29.0-rc.10

v0.29.0-rc.9

v0.29.0-rc.8

v0.29.0-rc.7

v0.29.0-rc.6

v0.29.0-rc.5

v0.29.0-rc.4

v0.29.0-rc.3

v0.29.0-rc.2

v0.29.0-rc.1

v0.28.1

v0.28.0

v0.28.0-rc.1

v0.27.0

v0.27.0-rc.2

v0.27.0-rc.1

Labels

Clear labels   

P0

Highest

  

P1

High

  

P2

Medium

  

P3

Low

  

good first issue

Good for newcomers

  

Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  

blocked

The issue or PR is blocked by something

  

bug

Something is not working

  

config

Configuration format update or breaking change

  

discussion

Talking about something in order to reach a decision or to exchange ideas

  

documentation

Documentation related

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

go

Language features adoption

  

help wanted

Extra attention is needed

  

internal

  

invalid

Something is wrong

  

kludge

This is a kludge and we know it

  

observability

Related to metrics, tracing and logs

  

perfomance

Perfomance related

  

question

More information is needed

  

refactoring

Refactoring

  

wontfix

This won't be fixed

No labels

P0

P1

P2

P3

good first issue

Infrastructure

blocked

bug

config

discussion

documentation

duplicate

enhancement

go

help wanted

internal

invalid

kludge

observability

perfomance

question

refactoring

wontfix

Milestone

Clear milestone

No items

No milestone

v0.28.2

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

mbiryukova

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-s3-gw#321

No description provided.