VAULT-34541 CE changes (#29920)

api/sys_utilization_report.go

@@ -53,6 +53,8 @@ type UtilizationReportOutput struct {
 	AuthMethods   map[string]int `json:"auth_methods,omitempty" structs:"auth_methods" mapstructure:"auth_methods"`
 	SecretEngines map[string]int `json:"secret_engines,omitempty" structs:"secret_engines" mapstructure:"secret_engines"`
 
+	LeasesByAuthMethod map[string]int `json:"leases_by_auth_method,omitempty" structs:"leases_by_auth_method" mapstructure:"leases_by_auth_method"`
+
 	ReplicationStatus *UtilizationReportReplicationStatusInformation `json:"replication_status,omitempty" structs:"replication_status" mapstructure:"replication_status"`
 
 	PKI *UtilizationReportPKIInformation `json:"pki,omitempty" structs:"pki" mapstructure:"pki"`

vault/core_metrics.go

@@ -650,6 +650,35 @@ func (c *Core) GetAuthMethodUsageMetrics() map[string]int {
 	return mounts
 }
 
+// GetAuthMethodLeaseCounts returns a map of auth mount types to the number of leases those mounts have.
+func (c *Core) GetAuthMethodLeaseCounts() (map[string]int, error) {
+	mounts := make(map[string]int)
+
+	c.authLock.RLock()
+	defer c.authLock.RUnlock()
+
+	for _, entry := range c.auth.Entries {
+		authType := entry.Type
+
+		if authType == mountTypeNSToken {
+			authType = pluginconsts.AuthTypeToken
+		}
+
+		mountPath := fmt.Sprintf("%s/%s", credentialTableType, entry.Path)
+		keys, err := logical.CollectKeysWithPrefix(c.expiration.quitContext, c.expiration.leaseView(entry.namespace), mountPath)
+		if err != nil {
+			return nil, err
+		}
+
+		if _, ok := mounts[authType]; !ok {
+			mounts[authType] = len(keys)
+		} else {
+			mounts[authType] += len(keys)
+		}
+	}
+	return mounts, nil
+}
+
 // GetKvUsageMetrics returns a map of namespace paths to KV secret counts within those namespaces.
 func (c *Core) GetKvUsageMetrics(ctx context.Context, kvVersion string) (map[string]int, error) {
 	mounts := c.findKvMounts()