Add arkose fail open counters
What does this MR do and why?
This MR adds code for counting the failures and successes of the Arkose::TokenVerificationService. In a future MR, these counts will be used to determine whether we should activate our fail open mechanism.
References
#578300
Setup Instructions
- Setup Arkose (get credentials via 1Password)
# rails c
::Gitlab::CurrentSettings.update!(arkose_labs_public_api_key: ', arkose_labs_private_api_key: '', arkose_labs_namespace: 'client')
::Gitlab::CurrentSettings.update!(arkose_labs_data_exchange_key: "")- Enable the feature flag
# rails c
Feature.enable(:track_arkose_token_verification_results, :instance)- Verify counters work correctly:
# rails c
mod = AntiAbuse::IdentityVerification::ArkoseFailOpen
# Bump SUCCESS 3x
mod.track_token_verification_result(success: true)
mod.track_token_verification_result(success: true)
mod.track_token_verification_result(success: true)
# Bump FAILURE 2x
mod.track_token_verification_result(success: false)
mod.track_token_verification_result(success: false)
h = mod::BUCKET_DURATION_HOURS
now = Time.zone.now
id = "#{now.to_date.strftime('%Y%m%d')}-#{now.hour / h}"
sp = mod::COUNTER_SUCCESS_KEY_PREFIX
fp = mod::COUNTER_FAILURE_KEY_PREFIX
Gitlab::Redis::SharedState.with do |r|
sk, fk = "#{sp}#{id}", "#{fp}#{id}"
s, f = r.get(sk)&.to_i || 0, r.get(fk)&.to_i || 0
sttl,fttl= r.ttl(sk), r.ttl(fk)
puts "bucket=#{id}\n success: #{s} (ttl=#{sttl}s) key=#{sk}\n failure: #{f} (ttl=#{fttl}s) key=#{fk}"
end
# =>
# bucket=20251105-5
# success: 3 (ttl=28785s) key=arkose:vrate:success:20251105-5
# failure: 2 (ttl=28785s) key=arkose:vrate:failure:20251105-5Edited by Matthew MacRae-Bovell