diff --git a/helper/builtinplugins/registry_full.go b/helper/builtinplugins/registry_full.go index 32bba4048796..ac56d139df39 100644 --- a/helper/builtinplugins/registry_full.go +++ b/helper/builtinplugins/registry_full.go @@ -40,6 +40,7 @@ import ( logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad" logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq" logicalTotp "github.com/hashicorp/vault/builtin/logical/totp" + "github.com/hashicorp/vault/helper/pluginconsts" dbCass "github.com/hashicorp/vault/plugins/database/cassandra" dbHana "github.com/hashicorp/vault/plugins/database/hana" dbInflux "github.com/hashicorp/vault/plugins/database/influxdb" @@ -54,26 +55,26 @@ import ( func newFullAddonRegistry() *registry { return ®istry{ credentialBackends: map[string]credentialBackend{ - "alicloud": {Factory: credAliCloud.Factory}, - "app-id": { + pluginconsts.AuthTypeAliCloud: {Factory: credAliCloud.Factory}, + pluginconsts.AuthTypeAppId: { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "aws": {Factory: credAws.Factory}, - "azure": {Factory: credAzure.Factory}, - "cf": {Factory: credCF.Factory}, - "gcp": {Factory: credGcp.Factory}, - "github": {Factory: credGitHub.Factory}, - "kerberos": {Factory: credKerb.Factory}, - "kubernetes": {Factory: credKube.Factory}, - "ldap": {Factory: credLdap.Factory}, - "oci": {Factory: credOCI.Factory}, - "okta": {Factory: credOkta.Factory}, - "pcf": { + pluginconsts.AuthTypeAWS: {Factory: credAws.Factory}, + pluginconsts.AuthTypeAzure: {Factory: credAzure.Factory}, + pluginconsts.AuthTypeCF: {Factory: credCF.Factory}, + pluginconsts.AuthTypeGCP: {Factory: credGcp.Factory}, + pluginconsts.AuthTypeGitHub: {Factory: credGitHub.Factory}, + pluginconsts.AuthTypeKerberos: {Factory: credKerb.Factory}, + pluginconsts.AuthTypeKubernetes: {Factory: credKube.Factory}, + pluginconsts.AuthTypeLDAP: {Factory: credLdap.Factory}, + pluginconsts.AuthTypeOCI: {Factory: credOCI.Factory}, + pluginconsts.AuthTypeOkta: {Factory: credOkta.Factory}, + pluginconsts.AuthTypePCF: { Factory: credCF.Factory, DeprecationStatus: consts.Deprecated, }, - "radius": {Factory: credRadius.Factory}, + pluginconsts.AuthTypeRadius: {Factory: credRadius.Factory}, }, databasePlugins: map[string]databasePlugin{ // These four plugins all use the same mysql implementation but with diff --git a/helper/pluginconsts/plugin_consts.go b/helper/pluginconsts/plugin_consts.go new file mode 100644 index 000000000000..37d1f2b9663b --- /dev/null +++ b/helper/pluginconsts/plugin_consts.go @@ -0,0 +1,29 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package pluginconsts + +// These consts live outside the plugin registry files to prevent import cycles. +const ( + AuthTypeAliCloud = "alicloud" + AuthTypeAppId = "app-id" + AuthTypeAWS = "aws" + AuthTypeAzure = "azure" + AuthTypeCF = "cf" + AuthTypeGCP = "gcp" + AuthTypeGitHub = "github" + AuthTypeKerberos = "kerberos" + AuthTypeKubernetes = "kubernetes" + AuthTypeLDAP = "ldap" + AuthTypeOCI = "oci" + AuthTypeOkta = "okta" + AuthTypePCF = "pcf" + AuthTypeRadius = "radius" + AuthTypeToken = "token" + AuthTypeCert = "cert" + AuthTypeOIDC = "oidc" + AuthTypeUserpass = "userpass" + AuthTypeSAML = "saml" + AuthTypeApprole = "approle" + AuthTypeJWT = "jwt" +) diff --git a/vault/core_metrics.go b/vault/core_metrics.go index 5bf400e622c9..fd249f9a7de6 100644 --- a/vault/core_metrics.go +++ b/vault/core_metrics.go @@ -535,6 +535,31 @@ func getMeanNamespaceSecrets(mapOfNamespacesToSecrets map[string]int) int { return getTotalSecretsAcrossAllNamespaces(mapOfNamespacesToSecrets) / length } +// GetAuthMethodUsageMetrics returns a map of auth mount types to the number of those mounts that exist. +func (c *Core) GetAuthMethodUsageMetrics() map[string]int { + mounts := make(map[string]int) + + c.authLock.RLock() + defer c.authLock.RUnlock() + + // we don't grab the statelock, so this code might run during or after the seal process. + // Therefore, we need to check if c.auth is nil. If we do not, this will panic when + // run after seal. + if c.auth == nil { + return mounts + } + + for _, entry := range c.auth.Entries { + authType := entry.Type + if _, ok := mounts[authType]; !ok { + mounts[authType] = 1 + } else { + mounts[authType] += 1 + } + } + return mounts +} + // GetKvUsageMetrics returns a map of namespace paths to KV secret counts within those namespaces. func (c *Core) GetKvUsageMetrics(ctx context.Context, kvVersion string) (map[string]int, error) { mounts := c.findKvMounts() diff --git a/website/content/docs/enterprise/license/product-usage-reporting.mdx b/website/content/docs/enterprise/license/product-usage-reporting.mdx index 860d2bc28c35..b7b048a607f8 100644 --- a/website/content/docs/enterprise/license/product-usage-reporting.mdx +++ b/website/content/docs/enterprise/license/product-usage-reporting.mdx @@ -119,7 +119,29 @@ All of these metrics are numerical, and contain no sensitive values or additiona | `vault.kv.version1.secrets.namespace.min` | The lowest number of KVv1 secrets in a namespace in Vault, e.g. `2`. | | `vault.kv.version2.secrets.namespace.min` | The highest number of KVv2 secrets in a namespace in Vault, e.g. `1000`. | | `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv1 secrets in namespaces in Vault, e.g. `52.8`. | -| `vault.kv.version1.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. | +| `vault.kv.version2.secrets.namespace.mean` | The mean number of KVv2 secrets in namespaces in Vault, e.g. `52.8`. | +| `vault.auth.method.approle.count` | The total number of Approle auth mounts in Vault. | +| `vault.auth.method.alicloud.count` | The total number of Alicloud auth mounts in Vault. | +| `vault.auth.method.aws.count` | The total number of AWS auth mounts in Vault. | +| `vault.auth.method.appid.count` | The total number of App ID auth mounts in Vault. | +| `vault.auth.method.azure.count` | The total number of Azure auth mounts in Vault. | +| `vault.auth.method.cloudfoundry.count` | The total number of Cloud Foundry auth mounts in Vault. | +| `vault.auth.method.github.count` | The total number of GitHub auth mounts in Vault. | +| `vault.auth.method.gcp.count` | The total number of GCP auth mounts in Vault. | +| `vault.auth.method.jwt.count` | The total number of JWT auth mounts in Vault. | +| `vault.auth.method.kerberos.count` | The total number of Kerberos auth mounts in Vault. | +| `vault.auth.method.kubernetes.count` | The total number of kubernetes auth mounts in Vault. | +| `vault.auth.method.ldap.count` | The total number of LDAP auth mounts in Vault. | +| `vault.auth.method.oci.count` | The total number of OCI auth mounts in Vault. | +| `vault.auth.method.okta.count` | The total number of Okta auth mounts in Vault. | +| `vault.auth.method.pcf.count` | The total number of PCF auth mounts in Vault. | +| `vault.auth.method.radius.count` | The total number of Radius auth mounts in Vault. | +| `vault.auth.method.saml.count` | The total number of SAML auth mounts in Vault. | +| `vault.auth.method.cert.count` | The total number of Cert auth mounts in Vault. | +| `vault.auth.method.oidc.count` | The total number of OIDC auth mounts in Vault. | +| `vault.auth.method.token.count` | The total number of Token auth mounts in Vault. | +| `vault.auth.method.userpass.count` | The total number of Userpass auth mounts in Vault. | +| `vault.auth.method.plugin.count` | The total number of custom plugin auth mounts in Vault. | ## Usage metadata list