From 6177abdfa12dffc8dde3c579e7b938294d8fac91 Mon Sep 17 00:00:00 2001 From: Jyoti Mahapatra Date: Wed, 9 Feb 2022 19:46:38 -0800 Subject: [PATCH] add sts error metric Signed-off-by: Jyoti Mahapatra --- pkg/metrics/metrics.go | 20 ++++++++++++++++++-- pkg/token/token.go | 3 +++ pkg/token/token_test.go | 8 ++++++++ 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 7bd2bac05..a465a2434 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -17,7 +17,7 @@ const ( var authenticatorMetrics Metrics func InitMetrics(registerer prometheus.Registerer) { - authenticatorMetrics = CreateMetrics(registerer) + authenticatorMetrics = createMetrics(registerer) } func Get() Metrics { @@ -29,9 +29,11 @@ type Metrics struct { ConfigMapWatchFailures prometheus.Counter Latency *prometheus.HistogramVec EC2DescribeInstanceCallCount prometheus.Counter + StsConnectionFailure prometheus.Counter + StsResponses *prometheus.CounterVec } -func CreateMetrics(reg prometheus.Registerer) Metrics { +func createMetrics(reg prometheus.Registerer) Metrics { factory := promauto.With(reg) return Metrics{ @@ -42,6 +44,20 @@ func CreateMetrics(reg prometheus.Registerer) Metrics { Help: "EKS Configmap watch failures", }, ), + StsConnectionFailure: factory.NewCounter( + prometheus.CounterOpts{ + Namespace: Namespace, + Name: "sts_connection_failures_total", + Help: "Sts call could not succeed or timedout", + }, + ), + StsResponses: factory.NewCounterVec( + prometheus.CounterOpts{ + Namespace: Namespace, + Name: "sts_responses_total", + Help: "Sts responses with error code label", + }, []string{"ResponseCode"}, + ), Latency: factory.NewHistogramVec( prometheus.HistogramOpts{ Namespace: Namespace, diff --git a/pkg/token/token.go b/pkg/token/token.go index 6402b41ab..f34e06ead 100644 --- a/pkg/token/token.go +++ b/pkg/token/token.go @@ -41,6 +41,7 @@ import ( clientauthv1beta1 "k8s.io/client-go/pkg/apis/clientauthentication/v1beta1" "sigs.k8s.io/aws-iam-authenticator/pkg" "sigs.k8s.io/aws-iam-authenticator/pkg/arn" + "sigs.k8s.io/aws-iam-authenticator/pkg/metrics" ) // Identity is returned on successful Verify() results. It contains a parsed @@ -510,6 +511,7 @@ func (v tokenVerifier) Verify(token string) (*Identity, error) { response, err := v.client.Do(req) if err != nil { + metrics.Get().StsConnectionFailure.Inc() // special case to avoid printing the full URL if possible if urlErr, ok := err.(*url.Error); ok { return nil, NewSTSError(fmt.Sprintf("error during GET: %v", urlErr.Err)) @@ -523,6 +525,7 @@ func (v tokenVerifier) Verify(token string) (*Identity, error) { return nil, NewSTSError(fmt.Sprintf("error reading HTTP result: %v", err)) } + metrics.Get().StsResponses.WithLabelValues(fmt.Sprint(response.StatusCode)).Inc() if response.StatusCode != 200 { return nil, NewSTSError(fmt.Sprintf("error from AWS (expected 200, got %d). Body: %s", response.StatusCode, string(responseBody[:]))) } diff --git a/pkg/token/token_test.go b/pkg/token/token_test.go index 69af6280f..a186ca1f1 100644 --- a/pkg/token/token_test.go +++ b/pkg/token/token_test.go @@ -13,8 +13,16 @@ import ( "strings" "testing" "time" + + "github.com/prometheus/client_golang/prometheus" + "sigs.k8s.io/aws-iam-authenticator/pkg/metrics" ) +func TestMain(m *testing.M) { + metrics.InitMetrics(prometheus.NewRegistry()) + m.Run() +} + func validationErrorTest(t *testing.T, partition string, token string, expectedErr string) { t.Helper()