First draft of implementation (#1)
* First draft of implementation Readme will follow * Rename id. * Exclude `commons-io` to disable build warnings * Simplify metrics and add documentation
This commit is contained in:
parent
dc38b3715e
commit
c8977d7175
GPG key ID:
E07AF5BA239FE543
23 changed files with 1345 additions and 1 deletions
66
src/test/java/io/kokuwa/keycloak/metrics/KeycloakIT.java
Normal file
66
src/test/java/io/kokuwa/keycloak/metrics/KeycloakIT.java
Normal file
|
|
@ -0,0 +1,66 @@
|
|||
package io.kokuwa.keycloak.metrics;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertAll;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.util.UUID;
|
||||
|
||||
import org.junit.jupiter.api.DisplayName;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.keycloak.events.EventType;
|
||||
|
||||
import io.kokuwa.keycloak.metrics.junit.KeycloakClient;
|
||||
import io.kokuwa.keycloak.metrics.junit.KeycloakExtension;
|
||||
import io.kokuwa.keycloak.metrics.prometheus.Prometheus;
|
||||
|
||||
@ExtendWith(KeycloakExtension.class)
|
||||
public class KeycloakIT {
|
||||
|
||||
@DisplayName("login and attempts")
|
||||
@Test
|
||||
void loginAndAttempts(KeycloakClient keycloak, Prometheus prometheus) {
|
||||
|
||||
var realmName1 = UUID.randomUUID().toString();
|
||||
var username1 = UUID.randomUUID().toString();
|
||||
var password1 = UUID.randomUUID().toString();
|
||||
var realmName2 = UUID.randomUUID().toString();
|
||||
var username2 = UUID.randomUUID().toString();
|
||||
var password2 = UUID.randomUUID().toString();
|
||||
var realmId1 = keycloak.createRealm(realmName1);
|
||||
var realmId2 = keycloak.createRealm(realmName2);
|
||||
keycloak.createUser(realmName1, username1, password1);
|
||||
keycloak.createUser(realmName2, username2, password2);
|
||||
|
||||
prometheus.scrap();
|
||||
var loginBefore = prometheus.userEvent(EventType.LOGIN);
|
||||
var loginBefore1 = prometheus.userEvent(EventType.LOGIN, realmId1);
|
||||
var loginBefore2 = prometheus.userEvent(EventType.LOGIN, realmId2);
|
||||
var loginErrorBefore = prometheus.userEvent(EventType.LOGIN_ERROR);
|
||||
var loginErrorBefore1 = prometheus.userEvent(EventType.LOGIN_ERROR, realmId1);
|
||||
var loginErrorBefore2 = prometheus.userEvent(EventType.LOGIN_ERROR, realmId2);
|
||||
|
||||
assertTrue(keycloak.login(realmName1, username1, password1));
|
||||
assertTrue(keycloak.login(realmName1, username1, password1));
|
||||
assertTrue(keycloak.login(realmName2, username2, password2));
|
||||
assertFalse(keycloak.login(realmName2, username2, "nope"));
|
||||
|
||||
prometheus.scrap();
|
||||
var loginAfter = prometheus.userEvent(EventType.LOGIN);
|
||||
var loginAfter1 = prometheus.userEvent(EventType.LOGIN, realmId1);
|
||||
var loginAfter2 = prometheus.userEvent(EventType.LOGIN, realmId2);
|
||||
var loginErrorAfter = prometheus.userEvent(EventType.LOGIN_ERROR);
|
||||
var loginErrorAfter1 = prometheus.userEvent(EventType.LOGIN_ERROR, realmId1);
|
||||
var loginErrorAfter2 = prometheus.userEvent(EventType.LOGIN_ERROR, realmId2);
|
||||
|
||||
assertAll("prometheus",
|
||||
() -> assertEquals(loginBefore + 3, loginAfter, "login success total"),
|
||||
() -> assertEquals(loginBefore1 + 2, loginAfter1, "login success #1"),
|
||||
() -> assertEquals(loginBefore2 + 1, loginAfter2, "login success #2"),
|
||||
() -> assertEquals(loginErrorBefore + 1, loginErrorAfter, "login failure total"),
|
||||
() -> assertEquals(loginErrorBefore1 + 0, loginErrorAfter1, "login failure #1"),
|
||||
() -> assertEquals(loginErrorBefore2 + 1, loginErrorAfter2, "login failure #2"));
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,72 @@
|
|||
package io.kokuwa.keycloak.metrics.junit;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.ws.rs.NotAuthorizedException;
|
||||
import javax.ws.rs.core.MultivaluedHashMap;
|
||||
|
||||
import org.keycloak.OAuth2Constants;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.token.TokenService;
|
||||
import org.keycloak.representations.idm.ClientRepresentation;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
|
||||
/**
|
||||
* Client for keycloak.
|
||||
*
|
||||
* @author Stephan Schnabel
|
||||
*/
|
||||
public class KeycloakClient {
|
||||
|
||||
private final Keycloak keycloak;
|
||||
private final TokenService token;
|
||||
|
||||
KeycloakClient(Keycloak keycloak, TokenService token) {
|
||||
this.keycloak = keycloak;
|
||||
this.token = token;
|
||||
}
|
||||
|
||||
public String createRealm(String realmName) {
|
||||
var client = new ClientRepresentation();
|
||||
client.setClientId("test");
|
||||
client.setPublicClient(true);
|
||||
client.setDirectAccessGrantsEnabled(true);
|
||||
var realm = new RealmRepresentation();
|
||||
realm.setEnabled(true);
|
||||
realm.setRealm(realmName);
|
||||
realm.setEventsListeners(List.of("metrics-listener"));
|
||||
realm.setClients(List.of(client));
|
||||
keycloak.realms().create(realm);
|
||||
return keycloak.realms().realm(realmName).toRepresentation().getId();
|
||||
}
|
||||
|
||||
public void createUser(String realmName, String username, String password) {
|
||||
var credential = new CredentialRepresentation();
|
||||
credential.setType(CredentialRepresentation.PASSWORD);
|
||||
credential.setValue(password);
|
||||
credential.setTemporary(false);
|
||||
var user = new UserRepresentation();
|
||||
user.setEnabled(true);
|
||||
user.setEmail(username + "@example.org");
|
||||
user.setEmailVerified(true);
|
||||
user.setUsername(username);
|
||||
user.setCredentials(List.of(credential));
|
||||
keycloak.realms().realm(realmName).users().create(user);
|
||||
}
|
||||
|
||||
public boolean login(String realmName, String username, String password) {
|
||||
try {
|
||||
token.grantToken(realmName, new MultivaluedHashMap<>(Map.of(
|
||||
OAuth2Constants.CLIENT_ID, "test",
|
||||
OAuth2Constants.GRANT_TYPE, OAuth2Constants.PASSWORD,
|
||||
OAuth2Constants.USERNAME, username,
|
||||
OAuth2Constants.PASSWORD, password)));
|
||||
return true;
|
||||
} catch (NotAuthorizedException e) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,95 @@
|
|||
package io.kokuwa.keycloak.metrics.junit;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.time.Duration;
|
||||
import java.util.Properties;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.ws.rs.client.ClientBuilder;
|
||||
|
||||
import org.junit.jupiter.api.extension.BeforeAllCallback;
|
||||
import org.junit.jupiter.api.extension.ExtensionContext;
|
||||
import org.junit.jupiter.api.extension.ParameterContext;
|
||||
import org.junit.jupiter.api.extension.ParameterResolver;
|
||||
import org.keycloak.admin.client.Keycloak;
|
||||
import org.keycloak.admin.client.token.TokenService;
|
||||
import org.testcontainers.containers.GenericContainer;
|
||||
import org.testcontainers.containers.wait.strategy.Wait;
|
||||
import org.testcontainers.utility.MountableFile;
|
||||
|
||||
import io.kokuwa.keycloak.metrics.prometheus.Prometheus;
|
||||
import io.kokuwa.keycloak.metrics.prometheus.PrometheusClient;
|
||||
|
||||
/**
|
||||
* JUnit extension to start keycloak.
|
||||
*
|
||||
* @author Stephan Schnabel
|
||||
*/
|
||||
public class KeycloakExtension implements BeforeAllCallback, ParameterResolver {
|
||||
|
||||
private static KeycloakClient client;
|
||||
private static Prometheus prometheus;
|
||||
|
||||
@Override
|
||||
public void beforeAll(ExtensionContext context) throws Exception {
|
||||
|
||||
if (client != null) {
|
||||
return;
|
||||
}
|
||||
|
||||
// get test properties
|
||||
|
||||
var properties = new Properties();
|
||||
try {
|
||||
properties.load(getClass().getResourceAsStream("/test.properties"));
|
||||
} catch (IOException e) {
|
||||
throw new Exception("Failed to read properties", e);
|
||||
}
|
||||
var version = properties.getProperty("version");
|
||||
var jar = properties.getProperty("jar");
|
||||
var timeout = properties.getProperty("timeout");
|
||||
|
||||
// create and start container
|
||||
|
||||
@SuppressWarnings("resource")
|
||||
var container = new GenericContainer<>("quay.io/keycloak/keycloak:" + version)
|
||||
.withEnv("KEYCLOAK_ADMIN", "admin")
|
||||
.withEnv("KEYCLOAK_ADMIN_PASSWORD", "password")
|
||||
.withEnv("KC_LOG_CONSOLE_COLOR", "true")
|
||||
.withEnv("KC_HEALTH_ENABLED", "true")
|
||||
.withEnv("KC_METRICS_ENABLED", "true")
|
||||
.withCopyFileToContainer(MountableFile.forHostPath(jar), "/opt/keycloak/providers/metrics.jar")
|
||||
.withLogConsumer(out -> System.out.print(out.getUtf8String()))
|
||||
.withExposedPorts(8080)
|
||||
.withStartupTimeout(Duration.parse(timeout))
|
||||
.waitingFor(Wait.forHttp("/health").forPort(8080))
|
||||
.withCommand("start-dev");
|
||||
try {
|
||||
container.start();
|
||||
} catch (RuntimeException e) {
|
||||
throw new Exception("Failed to start keycloak", e);
|
||||
}
|
||||
|
||||
// create client for keycloak container
|
||||
|
||||
var url = "http://" + container.getHost() + ":" + container.getMappedPort(8080);
|
||||
var keycloak = Keycloak.getInstance(url, "master", "admin", "password", "admin-cli");
|
||||
assertEquals(version, keycloak.serverInfo().getInfo().getSystemInfo().getVersion(), "version invalid");
|
||||
var target = ClientBuilder.newClient().target(url);
|
||||
var token = Keycloak.getClientProvider().targetProxy(target, TokenService.class);
|
||||
prometheus = new Prometheus(Keycloak.getClientProvider().targetProxy(target, PrometheusClient.class));
|
||||
client = new KeycloakClient(keycloak, token);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean supportsParameter(ParameterContext parameterContext, ExtensionContext extensionContext) {
|
||||
return Set.of(KeycloakClient.class, Prometheus.class).contains(parameterContext.getParameter().getType());
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object resolveParameter(ParameterContext parameterContext, ExtensionContext extensionContext) {
|
||||
return parameterContext.getParameter().getType().equals(KeycloakClient.class) ? client : prometheus;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,61 @@
|
|||
package io.kokuwa.keycloak.metrics.prometheus;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
import java.util.stream.Stream;
|
||||
|
||||
import org.keycloak.events.EventType;
|
||||
|
||||
/**
|
||||
* Client to access Prometheus metric values:
|
||||
*
|
||||
* @author Stephan Schnabel
|
||||
*/
|
||||
public class Prometheus {
|
||||
|
||||
private final Set<PrometheusMetric> state = new HashSet<>();
|
||||
private final PrometheusClient client;
|
||||
|
||||
public Prometheus(PrometheusClient client) {
|
||||
this.client = client;
|
||||
}
|
||||
|
||||
public int userEvent(EventType type) {
|
||||
return state.stream()
|
||||
.filter(metric -> Objects.equals(metric.name(), "keycloak_event_user_total"))
|
||||
.filter(metric -> Objects.equals(metric.tags().get("type"), type.toString()))
|
||||
.mapToInt(metric -> metric.value().intValue())
|
||||
.sum();
|
||||
}
|
||||
|
||||
public int userEvent(EventType type, String realmName) {
|
||||
return state.stream()
|
||||
.filter(metric -> Objects.equals(metric.name(), "keycloak_event_user_total"))
|
||||
.filter(metric -> Objects.equals(metric.tags().get("type"), type.toString()))
|
||||
.filter(metric -> Objects.equals(metric.tags().get("realm"), realmName))
|
||||
.mapToInt(metric -> metric.value().intValue())
|
||||
.sum();
|
||||
}
|
||||
|
||||
public void scrap() {
|
||||
state.clear();
|
||||
Stream.of(client.scrap().split("[\\r\\n]+"))
|
||||
.filter(line -> !line.startsWith("#"))
|
||||
.filter(line -> line.startsWith("keycloak"))
|
||||
.map(line -> {
|
||||
var name = line.substring(0, line.contains("{") ? line.indexOf("{") : line.lastIndexOf(" "));
|
||||
var tags = line.contains("{")
|
||||
? Stream.of(line.substring(line.indexOf("{") + 1, line.indexOf("}")).split(","))
|
||||
.map(tag -> tag.split("="))
|
||||
.filter(tag -> tag.length >= 2)
|
||||
.collect(Collectors.toMap(tag -> tag[0], tag -> tag[1].replace("\"", "")))
|
||||
: Map.<String, String>of();
|
||||
var value = Double.parseDouble(line.substring(line.lastIndexOf(" ")));
|
||||
return new PrometheusMetric(name, tags, value);
|
||||
})
|
||||
.forEach(state::add);
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
package io.kokuwa.keycloak.metrics.prometheus;
|
||||
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.Path;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
|
||||
/**
|
||||
* JAX-RS client for prometheus endpoint.
|
||||
*
|
||||
* @author Stephan Schnabel
|
||||
*/
|
||||
public interface PrometheusClient {
|
||||
|
||||
@GET
|
||||
@Path("/metrics")
|
||||
@Consumes(MediaType.TEXT_PLAIN)
|
||||
String scrap();
|
||||
}
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
package io.kokuwa.keycloak.metrics.prometheus;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* Represents a parsed Prometheus line.
|
||||
*
|
||||
* @author Stephan Schnabel
|
||||
* @param name Metric name
|
||||
* @param tags Tags for this metriv value
|
||||
* @param value Metric value
|
||||
*/
|
||||
public record PrometheusMetric(String name, Map<String, String> tags, Double value) {}
|
||||
3
src/test/resources/test.properties
Normal file
3
src/test/resources/test.properties
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
version=${version.org.keycloak}
|
||||
timeout=PT5m
|
||||
jar=${project.build.directory}/${project.build.finalName}.jar
|
||||
Loading…
Add table
Add a link
Reference in a new issue