Instrument authentication via ldap_with_git

Hakeem Abdul-Razakrequested to merge
546680-instrument_ldap_with_git into master

Related to #546680 (closed)

What does this MR do and why?

Instruments the number of unique users who try to authenticate with Git over HTTP(S) using LDAP credentials, when the prevent_ldap_sign_in? admin setting on self-managed is enabled.

How to set up and validate locally

  1. Setup the interval events monitor
  • Run this in a terminal after you cd into gitlab-development-kit/gitlab: rails runner scripts/internal_events/monitor.rb authenticate_to_ldap_with_git_over_https_when_prevent_ldap_sign_in_is_enabled
  • If the event monitor does not work, use the rails console
gdk rails console
require_relative 'spec/support/helpers/service_ping_helpers.rb'
ServicePingHelpers.get_current_usage_metric_value('counts.count_total_authenticate_to_ldap_with_git_over_https_when_prevent_ldap_sign_in_is_enabled_monthly')
ServicePingHelpers.get_current_usage_metric_value('counts.count_total_authenticate_to_ldap_with_git_over_https_when_prevent_ldap_sign_in_is_enabled_weekly')
  1. Setup OpenLDAP. Run bundle exec rake gitlab:ldap:check in a terminal to verify that at least 1 LDAP server is running.
  2. Login with one of the autocreated users like: username: john, password: password
  3. Create a private project & try to clone it with git via https like git clone https://gdk.test:3443/john/johnldap_private.git. Verify the events & metrics don't increment
  4. Create a second private project
  5. Disable LDAP web sign in & run gdk reconfigure && gdk restart.
  6. Try to clone the second project with git via https, like git clone https://gdk.test:3443/john/johnldap_private2.git. Verify the events & metrics increment per unique user

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Hakeem Abdul-Razak

Merge request reports