mirror of https://github.com/sysown/proxysql
Adds operational-visibility metrics for the pass-through auth feature.
Previously the only diagnostics available to an SRE were the audit
log (optional, often off) and proxy_warning (added in the preceding
commit). Both are good but neither lets an operator answer
"is anything happening?" / "how often does pass-through succeed?"
at a glance.
Nine atomic counters added to MySQL_Passthrough_Auth_Cache,
incremented at the single well-defined call site each:
probes_attempted -- a real probe was about to run
(past all eligibility gates, past
inflight cap, past rate limits)
probes_ok -- probe succeeded, cache populated
probes_failed_credentials -- probe got 1045/1698/1130 from backend
probes_failed_transport -- probe got 2xxx / unknown errno
lockouts_user -- per-user lockout fired
lockouts_ip -- per-IP lockout fired
inflight_cap_rejects -- max_inflight_probes saturated
cache_hits -- PPHR_verify_password used the cache
cache_invalidations -- backend ER 1045 evicted a cached entry
Plus two current-state gauges (read on demand from existing methods):
inflight_probes -- current Glo->inflight()
cache_entries -- current Glo->size()
Exposed via a new admin virtual table:
stats_mysql_passthrough_auth_metrics(
metric_name VARCHAR NOT NULL PRIMARY KEY,
metric_value BIGINT NOT NULL
)
stats___mysql_passthrough_auth_metrics is registered alongside the
existing stats___mysql_passthrough_auth_cache; both refresh from
GloMyPTAuthCache on SELECT.
All counter ops use std::memory_order_relaxed -- stats are
advisory and don't need to synchronize with the increments.
Counters are monotonic since process start; reset only by process
restart. Phase 2 may add a Prometheus exposer alongside this; for
now the admin table is the canonical surface for monitoring
integrations.
Discovered by the production-readiness subagent during the second
deep review of PR #5810. Listed there as a blocker for production
GA because operational visibility into pass-through misbehavior
was effectively zero.
docs/passthrough-auth-spec
parent
c73d1be692
commit
8dfe921ad4
Loading…
Reference in new issue