Provides metrics for Keycloak events

java keycloak maven micrometer prometheus renovate

Find a file

kokuwa.io Bot 2ed645be11 [maven-release-plugin] prepare release 0.2.1 [no ci]		2023-04-24 12:34:36 +00:00
.github	Bump versions and include previous versions in build (#27 )	2023-04-24 14:32:46 +02:00
src	Check realm from context for null, fix #25 (#26 )	2023-04-24 14:22:45 +02:00
.markdownlint.yaml	First draft of implementation (#1 )	2023-03-03 12:38:06 +01:00
.yamllint	First draft of implementation (#1 )	2023-03-03 12:38:06 +01:00
LICENSE	First draft of implementation (#1 )	2023-03-03 12:38:06 +01:00
pom.xml	[maven-release-plugin] prepare release 0.2.1 [no ci]	2023-04-24 12:34:36 +00:00
README.md	Bump versions and include previous versions in build (#27 )	2023-04-24 14:32:46 +02:00

README.md

Keycloak Event Metrics

Provides metrics for Keycloak user/admin events. Tested on Keycloak 20-21.

Why?

aerogear/keycloak-metrics-spi is an alternative to this plugin but is not well maintained. This implementation is different:

no Prometheus push (event listener only adds counter to Micrometer)
no realm specific Prometheus endpoint, only /metrics (from Quarkus)
no jvm/http metrics, this is already included in Keycloak
different metric names, can relace model ids with name (see configuration)
deployed to maven central and very small (10 kb vs. 229 KB aerogear/keycloak-metrics-spi)

What?

Resuses micrometer from Quarkus distribution to add metrics for Keycloak for events.

User Events

User events are added with key keycloak_event_user_total and tags:

type: EventType from Event#type
realm: realm id from Event#realmId
client: client id from Event#clientId
error: error from Event#error, only present for error types

Examples:

keycloak_event_user_total{client="test",realm="9039a0b5-e8c9-437a-a02e-9d91b04548a4",type="LOGIN",error="",} 2.0
keycloak_event_user_total{client="test",realm="1fdb3465-1675-49e8-88ad-292e2f42ee72",type="LOGIN",error="",} 1.0
keycloak_event_user_total{client="test",realm="1fdb3465-1675-49e8-88ad-292e2f42ee72",type="LOGIN_ERROR",error="invalid_user_credentials",} 1.0

Admin Events

Admin events are added with key keycloak_event_admin_total and tags:

realm: realm id from AdminEvent#realmId
operation: OperationType from AdminEvent#operationType
resource: ResourceType from AdminEvent#resourceType
error: error from AdminEvent#error, only present for error types

Examples:

keycloak_event_admin_total{error="",operation="CREATE",realm="1fdb3465-1675-49e8-88ad-292e2f42ee72",resource="USER",} 1.0
keycloak_event_admin_total{error="",operation="CREATE",realm="9039a0b5-e8c9-437a-a02e-9d91b04548a4",resource="USER",} 1.0

Configuration

`KC_METRICS_EVENT_REPLACE_IDS`

If set to true than replace model ids with names:

RealmModel#getId() with RealmModel#getName()

Metrics:

keycloak_event_user_total{client="test-client",error="",realm="test-realm",type="LOGIN",} 2.0
keycloak_event_user_total{client="other-client",error="",realm="other-realm",type="LOGIN",} 1.0
keycloak_event_user_total{client="other-client",error="invalid_user_credentials",realm="other-realm",type="LOGIN_ERROR",} 1.0

Installation

Testcontainers

For usage in Testcontainers see KeycloakExtension.java

Docker

Check: kokuwaio/keycloak

Dockerfile:

FROM quay.io/keycloak/keycloak:21.0.1

ENV KEYCLOAK_ADMIN=admin
ENV KEYCLOAK_ADMIN_PASSWORD=password
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_LOG_CONSOLE_COLOR=true

ADD target/keycloak-event-metrics-0.0.1-SNAPSHOT.jar /opt/keycloak/providers
RUN /opt/keycloak/bin/kc.sh build

Run:

docker build . --tag keycloak:metrics
docker run --rm -p8080 keycloak:metrics start-dev