feat(mmds): Add metric to count GET requests without tokens

The metric is useful for users to track whether v1-style requests are
issued or not inside a guest.

Signed-off-by: Takahiro Itazuri <[email protected]>

Author: zulinx86

CHANGELOG.md

@@ -21,11 +21,11 @@ and this project adheres to
   "X-aws-ec2-metadata-token" and "X-aws-ec2-metadata-token-ttl-seconds")
   alongside the MMDS-specific ones.
 - [#5290](https://github.com/firecracker-microvm/firecracker/pull/5290): Added
-  `mmds.rx_invalid_token` metric to track the number of GET requests that were
-  rejected due to token validation failures in MMDS version 2. This metric also
-  counts requests that would be rejected in MMDS version 2 when MMDS version 1
-  is configured. This helps users assess readiness for migrating to MMDS version
-  2.
+  `mmds.rx_invalid_token` and `mmds.rx_no_token` metrics to track the number of
+  GET requests that were rejected due to token validation failures in MMDS
+  version 2. These metrics also count requests that would be rejected in MMDS
+  version 2 when MMDS version 1 is configured. They helps users assess readiness
+  for migrating to MMDS version 2.
 
 ### Changed
 

docs/mmds/mmds-user-guide.md

@@ -235,8 +235,9 @@ As in version 2, version 1 also supports a session oriented method in order to
 make the migration easier. See [the next section](#version-2) for the session
 oriented method. Note that version 1 returns a successful response to a `GET`
 request even with an invalid token or no token not to break existing workloads.
-`mmds.rx_invalid_token` metric tracks the number of `GET` requests with invalid
-tokens, helping users evaluate their readiness for migrating to MMDS version 2.
+`mmds.rx_invalid_token` and `mmds.rx_no_token` metrics track the number of
+`GET` requests with invalid tokens and missing tokens respectively, helping
+users evaluate their readiness for migrating to MMDS version 2.
 
 Requests containing any other HTTP methods than `GET` and `PUT` will receive
 **405 Method Not Allowed** error.

src/vmm/src/logger/metrics.rs

@@ -558,6 +558,8 @@ pub struct MmdsMetrics {
     pub rx_bad_eth: SharedIncMetric,
     /// The number of GET requests with invalid tokens.
     pub rx_invalid_token: SharedIncMetric,
+    /// The number of GET requests with no tokens.
+    pub rx_no_token: SharedIncMetric,
     /// The total number of successful receive operations by the MMDS.
     pub rx_count: SharedIncMetric,
     /// The total number of bytes sent by the MMDS.
@@ -582,6 +584,7 @@ impl MmdsMetrics {
             rx_accepted_unusual: SharedIncMetric::new(),
             rx_bad_eth: SharedIncMetric::new(),
             rx_invalid_token: SharedIncMetric::new(),
+            rx_no_token: SharedIncMetric::new(),
             rx_count: SharedIncMetric::new(),
             tx_bytes: SharedIncMetric::new(),
             tx_count: SharedIncMetric::new(),

src/vmm/src/mmds/mod.rs

@@ -149,7 +149,7 @@ fn respond_to_get_request_v1(mmds: &Mmds, request: Request) -> Response {
             }
         }
         None => {
-            // TODO: Increment a metric that will be added in an upcoming commit.
+            METRICS.mmds.rx_no_token.inc();
         }
     }
 
@@ -162,6 +162,7 @@ fn respond_to_get_request_v2(mmds: &Mmds, request: Request) -> Response {
     let token = match x_metadata_token.0 {
         Some(token) => token,
         None => {
+            METRICS.mmds.rx_no_token.inc();
             let error_msg = VmmMmdsError::NoTokenProvided.to_string();
             return build_response(
                 request.http_version(),
@@ -533,9 +534,11 @@ mod tests {
             MediaType::ApplicationJson,
         );
         let prev_rx_invalid_token = METRICS.mmds.rx_invalid_token.count();
+        let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
         let actual_response = convert_to_response(mmds.clone(), request);
         assert_eq!(actual_response, expected_response);
         assert_eq!(prev_rx_invalid_token, METRICS.mmds.rx_invalid_token.count());
+        assert_eq!(prev_rx_no_token + 1, METRICS.mmds.rx_no_token.count());
 
         // Test valid v2 request.
         let request = Request::try_from(
@@ -560,9 +563,11 @@ mod tests {
             MediaType::ApplicationJson,
         );
         let prev_rx_invalid_token = METRICS.mmds.rx_invalid_token.count();
+        let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
         let actual_response = convert_to_response(mmds.clone(), request);
         assert_eq!(actual_response, expected_response);
         assert_eq!(prev_rx_invalid_token, METRICS.mmds.rx_invalid_token.count());
+        assert_eq!(prev_rx_no_token, METRICS.mmds.rx_no_token.count());
 
         // Test GET request with invalid token is accepted when v1 is configured.
         let (request, expected_response) = generate_request_and_expected_response(
@@ -572,12 +577,14 @@ mod tests {
             MediaType::ApplicationJson,
         );
         let prev_rx_invalid_token = METRICS.mmds.rx_invalid_token.count();
+        let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
         let actual_response = convert_to_response(mmds, request);
         assert_eq!(actual_response, expected_response);
         assert_eq!(
             prev_rx_invalid_token + 1,
             METRICS.mmds.rx_invalid_token.count()
         );
+        assert_eq!(prev_rx_no_token, METRICS.mmds.rx_no_token.count());
     }
 
     #[test]
@@ -713,9 +720,11 @@ mod tests {
             MediaType::ApplicationJson,
         );
         let prev_rx_invalid_token = METRICS.mmds.rx_invalid_token.count();
+        let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
         let actual_response = convert_to_response(mmds.clone(), request);
         assert_eq!(actual_response, expected_response);
         assert_eq!(prev_rx_invalid_token, METRICS.mmds.rx_invalid_token.count());
+        assert_eq!(prev_rx_no_token, METRICS.mmds.rx_no_token.count());
 
         // Test invalid customer header value is ignored if not PUT request to /latest/api/token.
         #[rustfmt::skip]
@@ -775,8 +784,10 @@ mod tests {
         let mut expected_response = Response::new(Version::Http10, StatusCode::Unauthorized);
         expected_response.set_content_type(MediaType::PlainText);
         expected_response.set_body(Body::new(VmmMmdsError::NoTokenProvided.to_string()));
+        let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
         let actual_response = convert_to_response(mmds.clone(), request);
         assert_eq!(actual_response, expected_response);
+        assert_eq!(prev_rx_no_token + 1, METRICS.mmds.rx_no_token.count());
 
         // Create a new MMDS token that expires in one second.
         let request = Request::try_from(
@@ -809,12 +820,14 @@ mod tests {
             expected_response.set_content_type(MediaType::PlainText);
             expected_response.set_body(Body::new(VmmMmdsError::InvalidToken.to_string()));
             let prev_rx_invalid_token = METRICS.mmds.rx_invalid_token.count();
+            let prev_rx_no_token = METRICS.mmds.rx_no_token.count();
             let actual_response = convert_to_response(mmds.clone(), request);
             assert_eq!(actual_response, expected_response);
             assert_eq!(
                 prev_rx_invalid_token + 1,
                 METRICS.mmds.rx_invalid_token.count()
             );
+            assert_eq!(prev_rx_no_token, METRICS.mmds.rx_no_token.count());
 
             // Wait for the second token to expire.
             std::thread::sleep(Duration::from_secs(1));

tests/host_tools/fcmetrics.py

@@ -186,6 +186,7 @@ def validate_fc_metrics(metrics):
             "rx_accepted_unusual",
             "rx_bad_eth",
             "rx_invalid_token",
+            "rx_no_token",
             "rx_count",
             "tx_bytes",
             "tx_count",