Report auth events in manage stage usage ping
-
Review changes -
-
Download -
Patches
-
Plain diff
All threads resolved!
All threads resolved!
What does this MR do?
Part 2 of #224102 (closed)
Provide aggregate auth event details in usage ping to help identify how often particular authentication methods are being used. This will help inform decision making about improvements and fixes.
Telemetry example
:usage_activity_by_stage=> {
:manage => {
...
:user_auth_by_provider=>{"ldap"=>10, "smartcard"=>20, "group_saml"=>10}
},
},
:usage_activity_by_stage_monthly=> {
:manage => {
...
:user_auth_by_provider=>{"ldap"=>1, "smartcard"=>2, "group_saml"=>1}
},
}Database
Query
https://paste.depesz.com/s/Ehy
SELECT COUNT(DISTINCT "authentication_events"."user_id") FROM "authentication_events" WHERE "authentication_events"."success" = true AND "authentication_events"."provider" = 'standard' AND "authentication_events"."created_at" BETWEEN '2020-08-12 19:05:45.606188' AND '2020-09-09 19:05:45.606328' AND "authentication_events"."user_id" BETWEEN 0 AND 1000;The above will happen once per provider configured on the system. For any given instance this is likely just one or two distinct providers, but it can be any of dozens we support. Of course, the last query will depend on how many entries there are. If there are thousands/millions it will be batched accordingly.
Query Plan
https://explain.depesz.com/s/hwuG
Aggregate (cost=2.17..2.18 rows=1 width=8) (actual time=0.017..0.017 rows=1 loops=1)
-> Index Only Scan using index_authentication_events_on_provider_user_id_created_at on authentication_events (cost=0.14..2.17 rows=1 width=8) (actual time=0.011..0.011 rows=0 loops=1)
Index Cond: ((provider = 'standard'::text) AND (user_id >= 0) AND (user_id <= 1000) AND (created_at >= '2020-08-16 19:05:45.606188-05'::timestamp with time zone) AND (created_at <= '2020-09-16 19:05:45.606328-05'::timestamp with time zone))
Heap Fetches: 0
Planning Time: 0.220 ms
Execution Time: 0.039 ms
(6 rows)Migration up
== 20200916151442 AddResultIndexToAuthenticationEvents: migrating =============
-- transaction_open?()
-> 0.0000s
-- index_exists?(:authentication_events, [:provider, :user_id, :created_at], {:where=>"result = 1", :name=>"index_authentication_events_on_provider_user_id_created_at", :algorithm=>:concurrently})
-> 0.0030s
-- add_index(:authentication_events, [:provider, :user_id, :created_at], {:where=>"result = 1", :name=>"index_authentication_events_on_provider_user_id_created_at", :algorithm=>:concurrently})
-> 0.0093s
== 20200916151442 AddResultIndexToAuthenticationEvents: migrated (0.0127s) ====Migration down
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by Drew Blessing
Merge request reports
Compare and
Show latest version
- version 28ec1903e5
- version 27d853d6d3
- version 26635700ce
- version 25635700ce
- version 24635700ce
- version 23635700ce
- version 22635700ce
- version 21635700ce
- version 20266cee9c
- version 195d42cf69
- version 185d42cf69
- version 17901fbb61
- version 16cc368ea5
- version 15cc368ea5
- version 1495f7a4c0
- version 130cb89baf
- version 1286cb5441
- version 11e6eb0dac
- version 1077d9eb65
- version 9e1c4246a
- version 8e1c4246a
- version 7e1c4246a
- version 6e1c4246a
- version 5e1c4246a
- version 4e1c4246a
- version 3e1c4246a
- version 2e1c4246a
- version 1a74fa8fa
- master (base)
- latest version9f1395381 commit,
- version 28ec1903e51 commit,
- version 27d853d6d31 commit,
- version 26635700ce2 commits,
- version 25635700ce2 commits,
- version 24635700ce2 commits,
- version 23635700ce2 commits,
- version 22635700ce2 commits,
- version 21635700ce1 commit,
- version 20266cee9c1 commit,
- version 195d42cf694 commits,
- version 185d42cf693 commits,
- version 17901fbb613 commits,
- version 16cc368ea53 commits,
- version 15cc368ea52 commits,
- version 1495f7a4c02 commits,
- version 130cb89baf2 commits,
- version 1286cb54412 commits,
- version 11e6eb0dac2 commits,
- version 1077d9eb653 commits,
- version 9e1c4246a2 commits,
- version 8e1c4246a2 commits,
- version 7e1c4246a2 commits,
- version 6e1c4246a2 commits,
- version 5e1c4246a2 commits,
- version 4e1c4246a2 commits,
- version 3e1c4246a1 commit,
- version 2e1c4246a2 commits,
- version 1a74fa8fa2 commits,
Compare changes
- Side-by-side
- Inline
There are no changes yet
No changes between version 3 and version 3
Loading