fastly / fastly-exporter

A Prometheus exporter for the Fastly Real-time Analytics API
Apache License 2.0
98 stars 36 forks source link

Consider adding a way to (optionally) track tokens #146

Closed magmax closed 6 months ago

magmax commented 1 year ago

Tracking tokens in order to monitor when they get old and should be renewed, or when they stop to be used and could be destroyed, is a must on security departments.

So, it would be great to be able to get such stats by using Prometheus, but requires a service to expose that data.

This applies for user and automation tokens.

Minimum data required:

leklund commented 7 months ago

This is a really interesting request. The exporter has always been focused on metrics from the real-time API but I can see why this sort of data would also be extremely useful. My initial instinct is that this would be its own service. I would guess that a lot of use cases for the exporter are using an automation token or a service limited token with a limited role so would not be able to read all tokens for a customer. With short lived tokens and browser tokens you also risk add a high level of cardinality to your prometheus metrics.

I like the idea but I don't think it fits well in the current fastly-exporter. However, one thing that would be fairly trivial to expose is the expiration time of the token being user for the exporter.

leklund commented 6 months ago

164 Added a gauge metric with expiration time of the FASTLY_API_TOKEN used by the exporter. I don't think exporting expiration times for all tokens belongs here since this tool is focused on exporting real-time stats.