[self-hosted] add Embedded IdP metrics (#5407)

management/server/metrics/selfhosted.go

@@ -210,6 +210,7 @@ func (w *Worker) generateProperties(ctx context.Context) properties {
 		rosenpassEnabled          int
 		localUsers                int
 		idpUsers                  int
+		embeddedIdpTypes          map[string]int
 	)
 	start := time.Now()
 	metricsProperties := make(properties)
@@ -218,6 +219,7 @@ func (w *Worker) generateProperties(ctx context.Context) properties {
 	rulesProtocol = make(map[string]int)
 	rulesDirection = make(map[string]int)
 	activeUsersLastDay = make(map[string]struct{})
+	embeddedIdpTypes = make(map[string]int)
 	uptime = time.Since(w.startupTime).Seconds()
 	connections := w.connManager.GetAllConnectedPeers()
 	version = nbversion.NetbirdVersion()
@@ -277,6 +279,8 @@ func (w *Worker) generateProperties(ctx context.Context) properties {
 							localUsers++
 						} else {
 							idpUsers++
+							idpType := extractIdpType(idpID)
+							embeddedIdpTypes[idpType]++
 						}
 					}
 				}
@@ -369,6 +373,11 @@ func (w *Worker) generateProperties(ctx context.Context) properties {
 	metricsProperties["rosenpass_enabled"] = rosenpassEnabled
 	metricsProperties["local_users_count"] = localUsers
 	metricsProperties["idp_users_count"] = idpUsers
+	metricsProperties["embedded_idp_count"] = len(embeddedIdpTypes)
+
+	for idpType, count := range embeddedIdpTypes {
+		metricsProperties["embedded_idp_users_"+idpType] = count
+	}
 
 	for protocol, count := range rulesProtocol {
 		metricsProperties["rules_protocol_"+protocol] = count
@@ -456,6 +465,17 @@ func createPostRequest(ctx context.Context, endpoint string, payloadStr string)
 	return req, cancel, nil
 }
 
+// extractIdpType extracts the IdP type from a Dex connector ID.
+// Connector IDs are formatted as "<type>-<xid>" (e.g., "okta-abc123", "zitadel-xyz").
+// Returns the type prefix, or "oidc" if no known prefix is found.
+func extractIdpType(connectorID string) string {
+	idx := strings.LastIndex(connectorID, "-")
+	if idx <= 0 {
+		return "oidc"
+	}
+	return strings.ToLower(connectorID[:idx])
+}
+
 func getMinMaxVersion(inputList []string) (string, string) {
 	versions := make([]*version.Version, 0)
 

management/server/metrics/selfhosted_test.go

@@ -27,7 +27,7 @@ func (mockDatasource) GetAllConnectedPeers() map[string]struct{} {
 // GetAllAccounts returns a list of *server.Account for use in tests with predefined information
 func (mockDatasource) GetAllAccounts(_ context.Context) []*types.Account {
 	localUserID := dex.EncodeDexUserID("10", "local")
-	idpUserID := dex.EncodeDexUserID("20", "zitadel")
+	idpUserID := dex.EncodeDexUserID("20", "zitadel-d5uv82dra0haedlf6kv0")
 	return []*types.Account{
 		{
 			Id:       "1",
@@ -341,4 +341,37 @@ func TestGenerateProperties(t *testing.T) {
 	if properties["idp_users_count"] != 1 {
 		t.Errorf("expected 1 idp_users_count, got %d", properties["idp_users_count"])
 	}
+	if properties["embedded_idp_users_zitadel"] != 1 {
+		t.Errorf("expected 1 embedded_idp_users_zitadel, got %v", properties["embedded_idp_users_zitadel"])
+	}
+	if properties["embedded_idp_count"] != 1 {
+		t.Errorf("expected 1 embedded_idp_count, got %v", properties["embedded_idp_count"])
+	}
+}
+
+func TestExtractIdpType(t *testing.T) {
+	tests := []struct {
+		connectorID string
+		expected    string
+	}{
+		{"okta-abc123def", "okta"},
+		{"zitadel-d5uv82dra0haedlf6kv0", "zitadel"},
+		{"entra-xyz789", "entra"},
+		{"google-abc123", "google"},
+		{"pocketid-abc123", "pocketid"},
+		{"microsoft-abc123", "microsoft"},
+		{"authentik-abc123", "authentik"},
+		{"keycloak-d5uv82dra0haedlf6kv0", "keycloak"},
+		{"local", "oidc"},
+		{"", "oidc"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.connectorID, func(t *testing.T) {
+			result := extractIdpType(tt.connectorID)
+			if result != tt.expected {
+				t.Errorf("extractIdpType(%q) = %q, want %q", tt.connectorID, result, tt.expected)
+			}
+		})
+	}
 }