From 7e9462a10350665f7e95b9264e53937d6cf70ed6 Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Fri, 4 Feb 2022 13:56:06 +0800
Subject: [PATCH] feat: add metrics to the ssh portal

---
 internal/sshserver/authhandler.go    | 17 ++++++++++++++++-
 internal/sshserver/sessionhandler.go | 10 ++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/internal/sshserver/authhandler.go b/internal/sshserver/authhandler.go
index e4bc1e3a..a2bd3806 100644
--- a/internal/sshserver/authhandler.go
+++ b/internal/sshserver/authhandler.go
@@ -7,6 +7,8 @@ import (
 
 	"github.com/gliderlabs/ssh"
 	"github.com/nats-io/nats.go"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
 	"github.com/uselagoon/ssh-portal/internal/k8s"
 	"github.com/uselagoon/ssh-portal/internal/serviceapi"
 	"go.uber.org/zap"
@@ -17,11 +19,23 @@ var (
 	natsTimeout = 8 * time.Second
 )
 
+var (
+	authAttemptsTotal = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "authentication_attempts_total",
+		Help: "The total number of authentication attempts",
+	})
+	authSuccessTotal = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "authentication_success_total",
+		Help: "The total number of successful authentication",
+	})
+)
+
 // pubKeyAuth returns a ssh.PublicKeyHandler which accepts any key, and simply
 // adds the given key to the connection context.
 func pubKeyAuth(log *zap.Logger, nc *nats.Conn,
 	c *k8s.Client) ssh.PublicKeyHandler {
 	return func(ctx ssh.Context, key ssh.PublicKey) bool {
+		authAttemptsTotal.Inc()
 		// parse SSH public key
 		pubKey, err := gossh.ParsePublicKey(key.Marshal())
 		if err != nil {
@@ -33,7 +47,7 @@ func pubKeyAuth(log *zap.Logger, nc *nats.Conn,
 		// get Lagoon labels from namespace if available
 		pid, eid, err := c.NamespaceDetails(ctx.User())
 		if err != nil {
-			log.Info("couldn't get namespace details",
+			log.Debug("couldn't get namespace details",
 				zap.String("session-id", ctx.SessionID()),
 				zap.String("namespace", ctx.User()), zap.Error(err))
 			return false
@@ -62,6 +76,7 @@ func pubKeyAuth(log *zap.Logger, nc *nats.Conn,
 		}
 		// handle response
 		if bytes.Equal(response.Data, []byte("true")) {
+			authSuccessTotal.Inc()
 			log.Debug("authentication successful",
 				zap.String("session-id", ctx.SessionID()),
 				zap.String("fingerprint", fingerprint),
diff --git a/internal/sshserver/sessionhandler.go b/internal/sshserver/sessionhandler.go
index dbeca1a6..1115ca4b 100644
--- a/internal/sshserver/sessionhandler.go
+++ b/internal/sshserver/sessionhandler.go
@@ -4,12 +4,22 @@ import (
 	"fmt"
 
 	"github.com/gliderlabs/ssh"
+	"github.com/prometheus/client_golang/prometheus"
+	"github.com/prometheus/client_golang/prometheus/promauto"
 	"github.com/uselagoon/ssh-portal/internal/k8s"
 	"go.uber.org/zap"
 )
 
+var (
+	sessionTotal = promauto.NewCounter(prometheus.CounterOpts{
+		Name: "session_total",
+		Help: "The total number of ssh sessions",
+	})
+)
+
 func sessionHandler(log *zap.Logger, c *k8s.Client) ssh.Handler {
 	return func(s ssh.Session) {
+		sessionTotal.Inc()
 		sid, ok := s.Context().Value(ssh.ContextKeySessionID).(string)
 		if !ok {
 			log.Warn("couldn't get session ID")