diff --git a/.changelog/12166.txt b/.changelog/12166.txt new file mode 100644 index 0000000000..06b4340003 --- /dev/null +++ b/.changelog/12166.txt @@ -0,0 +1,3 @@ +```release-note:deprecation +acl: The `consul.acl.ResolveTokenToIdentity` metric is no longer reported. The values that were previous reported as part of this metric will now be part of the `consul.acl.ResolveToken` metric. +``` diff --git a/agent/acl_test.go b/agent/acl_test.go index b205220f67..a26798bba8 100644 --- a/agent/acl_test.go +++ b/agent/acl_test.go @@ -94,14 +94,6 @@ func (a *TestACLAgent) ResolveTokenToIdentityAndAuthorizer(secretID string) (str return a.resolveAuthzFn(secretID) } -func (a *TestACLAgent) ResolveTokenToIdentity(secretID string) (structs.ACLIdentity, error) { - if a.resolveIdentFn == nil { - return nil, fmt.Errorf("ResolveTokenToIdentity call is unexpected - no ident resolver callback set") - } - - return a.resolveIdentFn(secretID) -} - func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { identity, authz, err := a.ResolveTokenToIdentityAndAuthorizer(secretID) if err != nil { diff --git a/agent/consul/acl.go b/agent/consul/acl.go index da89e2dd3d..ab637b7209 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -34,10 +34,6 @@ var ACLSummaries = []prometheus.SummaryDefinition{ Name: []string{"acl", "ResolveToken"}, Help: "This measures the time it takes to resolve an ACL token.", }, - { - Name: []string{"acl", "ResolveTokenToIdentity"}, - Help: "This measures the time it takes to resolve an ACL token to an Identity.", - }, } // These must be kept in sync with the constants in command/agent/acl.go. diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go index 678b0b87bc..d2c6e267ce 100644 --- a/agent/delegate_mock_test.go +++ b/agent/delegate_mock_test.go @@ -47,11 +47,6 @@ func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *struct return m.Called(node, prune, entMeta).Error(0) } -func (m *delegateMock) ResolveTokenToIdentity(token string) (structs.ACLIdentity, error) { - ret := m.Called(token) - return ret.Get(0).(structs.ACLIdentity), ret.Error(1) -} - func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) { ret := m.Called(token, entMeta, authzContext) return ret.Get(0).(acl.Authorizer), ret.Error(1) diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 0c8ea8d01d..749e2fa17c 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -334,7 +334,7 @@ These metrics are used to monitor the health of the Consul servers. | Metric | Description | Unit | Type | | --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | ------- | | `consul.acl.ResolveToken` | Measures the time it takes to resolve an ACL token. | ms | timer | -| `consul.acl.ResolveTokenToIdentity` | Measures the time it takes to resolve an ACL token to an Identity. | ms | timer | +| `consul.acl.ResolveTokenToIdentity` | Measures the time it takes to resolve an ACL token to an Identity. This metric was removed in Consul 1.12. The time will now be reflected in `consul.acl.ResolveToken`. | ms | timer | | `consul.acl.token.cache_hit` | Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache. | cache read op | counter | | `consul.acl.token.cache_miss` | Increments if Consul cannot resolve a token's identity, or a legacy token, from the cache. | cache read op | counter | | `consul.cache.bypass` | Counts how many times a request bypassed the cache because no cache-key was provided. | counter | counter |