Add user principal tag in metrics

runtime/service/src/main/java/org/apache/polaris/service/config/ProductionReadinessChecks.java

@@ -44,6 +44,7 @@
 import org.apache.polaris.service.context.TestRealmContextResolver;
 import org.apache.polaris.service.events.PolarisEventListener;
 import org.apache.polaris.service.events.TestPolarisEventListener;
+import org.apache.polaris.service.metrics.MetricsConfiguration;
 import org.apache.polaris.service.persistence.InMemoryPolarisMetaStoreManagerFactory;
 import org.eclipse.microprofile.config.Config;
 import org.eclipse.microprofile.config.ConfigValue;
@@ -113,6 +114,30 @@ public void warnOnFailedChecks(
     }
   }
 
+  @Produces
+  public ProductionReadinessCheck checkUserPrincipalMetricTag(MetricsConfiguration config) {
+    if (config.userPrincipalTag().enableInApiMetrics()) {
+      return ProductionReadinessCheck.of(
+          Error.of(
+              "Metrics configuration includes user principal name and this could have security implications.",
+              "polaris.metrics.user-principal-tag.enable-in-api-metrics"));
+    }
+    return ProductionReadinessCheck.OK;
+  }
+
+  @Produces
+  public ProductionReadinessCheck checkUserPrincipalAndRealmIdMetricTags(
+      MetricsConfiguration config) {
+    if (config.userPrincipalTag().enableInApiMetrics()
+        && config.realmIdTag().enableInApiMetrics()) {
+      return ProductionReadinessCheck.of(
+          Error.of(
+              "Metrics configuration includes both user principal name and realm id in tags and this could have performance implications.",
+              "polaris.metrics.user-principal-tag.enable-in-api-metrics"));
+    }
+    return ProductionReadinessCheck.OK;
+  }
+
   @Produces
   public ProductionReadinessCheck checkTokenBrokers(AuthenticationConfiguration configuration) {
     List<ProductionReadinessCheck.Error> errors = new ArrayList<>();

runtime/service/src/main/java/org/apache/polaris/service/metrics/MetricsConfiguration.java

@@ -32,6 +32,9 @@ public interface MetricsConfiguration {
   /** Configuration for the Realm ID metric tag. */
   RealmIdTag realmIdTag();
 
+  /** Configuration for the user principal metric tag. */
+  UserPrincipalTag userPrincipalTag();
+
   interface RealmIdTag {
 
     /**
@@ -65,4 +68,16 @@ interface RealmIdTag {
     @Min(1)
     int httpMetricsMaxCardinality();
   }
+
+  interface UserPrincipalTag {
+
+    /**
+     * Whether to include the User Principal tag in the API request metrics.
+     *
+     * <p>Beware that if the cardinality of this tag is too high, it can cause performance issues or
+     * even crash the server.
+     */
+    @WithDefault("false")
+    boolean enableInApiMetrics();
+  }
 }

runtime/service/src/main/java/org/apache/polaris/service/metrics/PolarisValueExpressionResolver.java

@@ -23,6 +23,7 @@
 import jakarta.annotation.Nonnull;
 import jakarta.enterprise.context.ApplicationScoped;
 import jakarta.inject.Inject;
+import jakarta.ws.rs.core.SecurityContext;
 import org.apache.polaris.core.context.RealmContext;
 
 @ApplicationScoped
@@ -39,6 +40,13 @@ public String resolve(@Nonnull String expression, @Nullable Object parameter) {
         && expression.equals("realmIdentifier")) {
       return realmContext.getRealmIdentifier();
     }
+
+    if (metricsConfiguration.userPrincipalTag().enableInApiMetrics()
+        && parameter instanceof SecurityContext securityContext
+        && expression.equals("userPrincipal")
+        && securityContext.getUserPrincipal() != null) {
+      return securityContext.getUserPrincipal().getName();
+    }
     return null;
   }
 }

runtime/service/src/test/java/org/apache/polaris/service/metrics/MetricsTestBase.java

@@ -105,6 +105,11 @@ public void testMetricsEmittedOnSuccessfulRequest(String endpoint) {
                           metricsConfiguration.realmIdTag().enableInApiMetrics()
                               ? fixture.realm
                               : ""),
+                      Map.entry(
+                          "principal",
+                          metricsConfiguration.userPrincipalTag().enableInApiMetrics()
+                              ? "root"
+                              : ""),
                       Map.entry(
                           "class", "org.apache.polaris.service.admin.api.PolarisPrincipalsApi"),
                       Map.entry("exception", "none"),
@@ -156,6 +161,11 @@ public void testMetricsEmittedOnFailedRequest(String endpoint) {
                           metricsConfiguration.realmIdTag().enableInApiMetrics()
                               ? fixture.realm
                               : ""),
+                      Map.entry(
+                          "principal",
+                          metricsConfiguration.userPrincipalTag().enableInApiMetrics()
+                              ? "root"
+                              : ""),
                       Map.entry(
                           "class", "org.apache.polaris.service.admin.api.PolarisPrincipalsApi"),
                       Map.entry("exception", "NotFoundException"),

runtime/service/src/test/java/org/apache/polaris/service/metrics/RealmIdTagEnabledMetricsTest.java

@@ -39,7 +39,9 @@ public Map<String, String> getConfigOverrides() {
           "polaris.metrics.realm-id-tag.enable-in-api-metrics",
           "true",
           "polaris.metrics.realm-id-tag.enable-in-http-metrics",
-          "true");
+          "true",
+          "polaris.metrics.user-principal-tag.enable-in-api-metrics",
+          "false");
     }
   }
 }

runtime/service/src/test/java/org/apache/polaris/service/metrics/UserPrincipalTagDisabledMetricsTest.java

@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.polaris.service.metrics;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.QuarkusTestProfile;
+import io.quarkus.test.junit.TestProfile;
+import java.util.Map;
+
+@QuarkusTest
+@TestProfile(UserPrincipalTagDisabledMetricsTest.Profile.class)
+public class UserPrincipalTagDisabledMetricsTest extends MetricsTestBase {
+
+  public static class Profile implements QuarkusTestProfile {
+
+    @Override
+    public Map<String, String> getConfigOverrides() {
+      return Map.of(
+          "polaris.metrics.tags.environment", "prod", "polaris.realm-context.type", "test");
+    }
+  }
+}

runtime/service/src/test/java/org/apache/polaris/service/metrics/UserPrincipalTagEnabledMetricsTest.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.polaris.service.metrics;
+
+import io.quarkus.test.junit.QuarkusTest;
+import io.quarkus.test.junit.QuarkusTestProfile;
+import io.quarkus.test.junit.TestProfile;
+import java.util.Map;
+
+@QuarkusTest
+@TestProfile(UserPrincipalTagEnabledMetricsTest.Profile.class)
+public class UserPrincipalTagEnabledMetricsTest extends MetricsTestBase {
+
+  public static class Profile implements QuarkusTestProfile {
+
+    @Override
+    public Map<String, String> getConfigOverrides() {
+      return Map.of(
+          "polaris.metrics.tags.environment",
+          "prod",
+          "polaris.metrics.user-principal-tag.enable-in-api-metrics",
+          "true",
+          "polaris.metrics.realm-id-tag.enable-in-api-metrics",
+          "false",
+          "polaris.metrics.realm-id-tag.enable-in-http-metrics",
+          "false");
+    }
+  }
+}

server-templates/api.mustache

@@ -93,7 +93,7 @@ public class {{classname}}  {
   {{#authMethods}}{{#isOAuth}}@RolesAllowed("**"){{/isOAuth}}{{/authMethods}}{{/hasAuthMethods}}
   @Timed("{{metricsPrefix}}.{{baseName}}.{{nickname}}")
   @Timeout
-  public Response {{nickname}}({{#isMultipart}}MultipartFormDataInput input,{{/isMultipart}}{{#allParams}}{{>queryParams}}{{>pathParams}}{{>headerParams}}{{>bodyParams}}{{^isMultipart}}{{>formParams}},{{/isMultipart}}{{#isMultipart}}{{^isFormParam}},{{/isFormParam}}{{/isMultipart}}{{/allParams}}@Context @MeterTag(key="realm_id",expression="realmIdentifier") RealmContext realmContext,@Context SecurityContext securityContext) {
+  public Response {{nickname}}({{#isMultipart}}MultipartFormDataInput input,{{/isMultipart}}{{#allParams}}{{>queryParams}}{{>pathParams}}{{>headerParams}}{{>bodyParams}}{{^isMultipart}}{{>formParams}},{{/isMultipart}}{{#isMultipart}}{{^isFormParam}},{{/isFormParam}}{{/isMultipart}}{{/allParams}}@Context @MeterTag(key="realm_id",expression="realmIdentifier") RealmContext realmContext,@Context @MeterTag(key="principal",expression="userPrincipal") SecurityContext securityContext) {
 {{! Don't log form or header params in case there are secrets, e.g., OAuth tokens }}
     LOGGER.atDebug().setMessage("Invoking {{baseName}} with params")
       .addKeyValue("operation", "{{nickname}}"){{#allParams}}{{^isHeaderParam}}{{^isFormParam}}