Fix handling of strimzi.authorization.enable.metrics (option was ig…

…nored) (strimzi#176)


Signed-off-by: Marko Strukelj <[email protected]>

README.md

@@ -1301,7 +1301,7 @@ For client-side authentication there are:
 
 - Get the average request time in ms during the last minute across all http requests to a specific authorization server:
 ```
- rate(strimzi_oauth_http_requests_totaltimems{host="sso:443"}[1m] / rate(strimzi_oaouth_http_requests_count{host="sso:443"}[1m]
+ rate(strimzi_oauth_http_requests_totaltimems{host="sso:443"}[1m]) / rate(strimzi_oaouth_http_requests_count{host="sso:443"}[1m])
 ```
 Note, that this gives reliable results if scrape period is 15 seconds. If scrape period is longer, you should use a multiple of 4 as a minimum time span to average across. For example, if scrape period is 30 seconds, use 2m span instead of 1m.
 

examples/kubernetes/README-metrics.md

@@ -129,7 +129,7 @@ We can connect to the JMX remotely to inspect the content. We can use `jmxterm`
 ```
 git clone https://github.com/jiaqi/jmxterm.git
 cd jmxterm
-git checkout -b v1.0.2
+git checkout v1.0.4
 mvn clean install
 ```
 
@@ -143,7 +143,7 @@ We assume that your Kafka client / broker is running locally with the following
 We can then use the `jmxterm` by running:
 
 ```
-java -jar target/jmxterm-1.0.2-uber.jar
+java -jar target/jmxterm-1.0.4-uber.jar
 open localhost:9500
 domains
 beans -d strimzi.oauth

oauth-keycloak-authorizer/src/main/java/io/strimzi/kafka/oauth/server/authorizer/AuthzConfig.java

@@ -28,6 +28,7 @@ public class AuthzConfig extends Config {
 
  public static final String STRIMZI_AUTHORIZATION_CONNECT_TIMEOUT_SECONDS = "strimzi.authorization.connect.timeout.seconds";
  public static final String STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS = "strimzi.authorization.read.timeout.seconds";
+ public static final String STRIMZI_AUTHORIZATION_ENABLE_METRICS = "strimzi.authorization.enable.metrics";
 
  AuthzConfig() {}
 

oauth-keycloak-authorizer/src/main/java/io/strimzi/kafka/oauth/server/authorizer/KeycloakRBACAuthorizer.java

@@ -63,6 +63,7 @@
 import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
+import static io.strimzi.kafka.oauth.common.Config.isTrue;
 import static io.strimzi.kafka.oauth.common.HttpUtil.post;
 import static io.strimzi.kafka.oauth.common.LogUtil.mask;
 import static io.strimzi.kafka.oauth.common.OAuthAuthenticator.urlencode;
@@ -283,18 +284,23 @@ private void configureMetrics(Map<String, ?> configs, AuthzConfig config) {
  Services.configure(configs);
  }
 
- enableMetrics = config.getValueAsBoolean(Config.OAUTH_ENABLE_METRICS, false);
+ String enableMetricsString = ConfigUtil.getConfigWithFallbackLookup(config, AuthzConfig.STRIMZI_AUTHORIZATION_ENABLE_METRICS, Config.OAUTH_ENABLE_METRICS);
+ try {
+ enableMetrics = enableMetricsString != null && isTrue(enableMetricsString);
+ } catch (Exception e) {
+ throw new ConfigException("Bad boolean value for key: " + AuthzConfig.STRIMZI_AUTHORIZATION_ENABLE_METRICS + ", value: " + enableMetricsString);
+ }
+
  if (enableMetrics) {
  metrics = Services.getInstance().getMetrics();
  }
  }
 
  /**
- * This method transforms strimzi.authorization.* entries into oauth.* entries in order to be able to use existing ConfigUtil
- * methods for setting up certificate truststore and hostname verification.
+ * This method extracts the key=value configuration entries relevant for KeycloakRBACAuthorizer from
+ * Kafka properties configuration file (server.properties) and wraps them with AuthzConfig instance.
  *
- * It also makes sure to copy over 'as-is' all the config keys expected in server.properties for configuring
- * this authorizer.
+ * Any new config options have to be added here in order to become visible, otherwise they will be ignored.
  *
  * @param configs Kafka configs map
  * @return Config object
@@ -329,6 +335,7 @@ static AuthzConfig convertToCommonConfig(Map<String, ?> configs) {
  Config.OAUTH_CONNECT_TIMEOUT_SECONDS,
  AuthzConfig.STRIMZI_AUTHORIZATION_READ_TIMEOUT_SECONDS,
  Config.OAUTH_READ_TIMEOUT_SECONDS,
+ AuthzConfig.STRIMZI_AUTHORIZATION_ENABLE_METRICS,
  Config.OAUTH_ENABLE_METRICS
  };