VAULT-35527 add control groups metrics (#30733)

* oss patch * oss patch update
2026-02-03 20:40:45 -05:00 · 2025-05-23 12:47:00 -04:00 · 2025-05-23 12:47:00 -04:00 · f444e37f10
commit f444e37f10
parent f1c83954f6
1 changed files with 37 additions and 0 deletions
--- a/vault/core_metrics.go
+++ b/vault/core_metrics.go
@ -1118,3 +1118,40 @@ func (c *Core) GetAuditExclusionStanzaCount() int {

 	return exclusionsCount
 }
+
+func (c *Core) GetControlGroupCount() (int, error) {
+	policyStore := c.policyStore
+
+	if policyStore == nil {
+		return 0, fmt.Errorf("could not find a policy store")
+	}
+
+	namespaces := c.collectNamespaces()
+	controlGroupCount := 0
+
+	for _, ns := range namespaces {
+		nsCtx := namespace.ContextWithNamespace(context.Background(), ns)
+
+		// get the names of all the ACL policies from on this namespace
+		policyNames, err := policyStore.ListPolicies(nsCtx, PolicyTypeACL)
+		if err != nil {
+			return 0, err
+		}
+
+		for _, name := range policyNames {
+			policy, err := policyStore.GetPolicy(nsCtx, name, PolicyTypeACL)
+			if err != nil {
+				return 0, err
+			}
+
+			// check for control groups inside the path rules of the policy
+			for _, pathPolicy := range policy.Paths {
+				if pathPolicy.ControlGroupHCL != nil {
+					controlGroupCount++
+				}
+			}
+		}
+	}
+
+	return controlGroupCount, nil
+}