Merge pull request #454 from Nikokolas3270/SREP-207

SREP-207: The interceptor is now producing metrics which can will be used to alert is something is wrong

Author: openshift-merge-bot[bot]

interceptor/go.mod

@@ -7,9 +7,11 @@ toolchain go1.23.9
 require (
 	github.com/PagerDuty/go-pagerduty v1.8.0
 	github.com/openshift/configuration-anomaly-detection v0.0.0-00010101000000-000000000000
+	github.com/prometheus/client_golang v1.22.0
 	github.com/tektoncd/triggers v0.27.0
 	google.golang.org/grpc v1.70.0
 	knative.dev/pkg v0.0.0-20241026180704-25f6002b00f3
+	sigs.k8s.io/controller-runtime v0.19.3
 )
 
 require (
@@ -226,7 +228,6 @@ require (
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
-	github.com/prometheus/client_golang v1.22.0 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.63.0 // indirect
 	github.com/prometheus/procfs v0.15.1 // indirect
@@ -306,7 +307,6 @@ require (
 	k8s.io/kubectl v0.32.2 // indirect
 	k8s.io/utils v0.0.0-20250502105355-0f33e8f1c979 // indirect
 	oras.land/oras-go v1.2.5 // indirect
-	sigs.k8s.io/controller-runtime v0.19.3 // indirect
 	sigs.k8s.io/gateway-api v1.2.1 // indirect
 	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/kustomize/api v0.18.0 // indirect

interceptor/main.go

@@ -12,7 +12,9 @@ import (
 
 	"github.com/openshift/configuration-anomaly-detection/interceptor/pkg/interceptor"
 	"github.com/openshift/configuration-anomaly-detection/pkg/logging"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"knative.dev/pkg/signals"
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
 )
 
 const (
@@ -28,10 +30,12 @@ func main() {
 	// set up signals so we handle the first shutdown signal gracefully
 	ctx := signals.NewContext()
 
-	service := interceptor.PagerDutyInterceptor{}
+	stats := interceptor.CreateInterceptorStats()
 	mux := http.NewServeMux()
-	mux.Handle("/", service)
+	mux.Handle("/", interceptor.CreateInterceptorHandler(stats))
 	mux.HandleFunc("/ready", readinessHandler)
+	interceptor.CreateAndRegisterMetricsCollector(stats)
+	mux.Handle("/metrics", promhttp.HandlerFor(metrics.Registry, promhttp.HandlerOpts{Registry: metrics.Registry}))
 
 	srv := &http.Server{
 		Addr: fmt.Sprintf(":%d", HTTPPort),

interceptor/pkg/interceptor/metrics.go

@@ -0,0 +1,59 @@
+package interceptor
+
+import (
+	"strconv"
+
+	"sigs.k8s.io/controller-runtime/pkg/metrics"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+const (
+	requestsCountMetricName = "cad_interceptor_requests_total"
+	requestsCountMetricHelp = "Number of times CAD interceptor has been called (through a PagerDuty webhook, normally)"
+
+	errorsCountMetricName = "cad_interceptor_errors_total"
+	errorsCountMetricHelp = "Number of times CAD interceptor has been failed to process a request"
+)
+
+var (
+	requestsCountMetricDesc = prometheus.NewDesc(
+		requestsCountMetricName,
+		requestsCountMetricHelp,
+		nil, nil)
+
+	errorsCountMetricDesc = prometheus.NewDesc(
+		errorsCountMetricName,
+		errorsCountMetricHelp,
+		[]string{"error_code", "reason"}, nil)
+)
+
+type interceptorMetricsCollector struct {
+	stats *InterceptorStats
+}
+
+func CreateAndRegisterMetricsCollector(stats *InterceptorStats) {
+	metrics.Registry.MustRegister(&interceptorMetricsCollector{stats})
+}
+
+func (c *interceptorMetricsCollector) Describe(ch chan<- *prometheus.Desc) {
+	prometheus.DescribeByCollect(c, ch)
+}
+
+func (c *interceptorMetricsCollector) Collect(ch chan<- prometheus.Metric) {
+	ch <- prometheus.MustNewConstMetric(
+		requestsCountMetricDesc,
+		prometheus.CounterValue,
+		float64(c.stats.RequestsCount),
+	)
+
+	for codeWithReason, errorsCount := range c.stats.CodeWithReasonToErrorsCount {
+		ch <- prometheus.MustNewConstMetric(
+			errorsCountMetricDesc,
+			prometheus.CounterValue,
+			float64(errorsCount),
+			strconv.Itoa(codeWithReason.ErrorCode),
+			codeWithReason.Reason,
+		)
+	}
+}

interceptor/pkg/interceptor/pdinterceptor.go

@@ -24,19 +24,35 @@ import (
 // ErrInvalidContentType is returned when the content-type is not a JSON body.
 var ErrInvalidContentType = errors.New("form parameter encoding not supported, please change the hook to send JSON payloads")
 
-type PagerDutyInterceptor struct{}
+type ErrorCodeWithReason struct {
+	ErrorCode int
+	Reason    string
+}
 
-func (pdi PagerDutyInterceptor) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	b, err := pdi.executeInterceptor(r)
-	if err != nil {
-		var e Error
-		if errors.As(err, &e) {
-			logging.Infof("HTTP %d - %s", e.Status(), e)
-			http.Error(w, e.Error(), e.Status())
-		} else {
-			logging.Errorf("Non Status Error: %s", err)
-			http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
-		}
+type InterceptorStats struct {
+	RequestsCount               uint64
+	CodeWithReasonToErrorsCount map[ErrorCodeWithReason]int
+}
+
+func CreateInterceptorStats() *InterceptorStats {
+	return &InterceptorStats{CodeWithReasonToErrorsCount: make(map[ErrorCodeWithReason]int)}
+}
+
+type interceptorHandler struct {
+	stats *InterceptorStats
+}
+
+func CreateInterceptorHandler(stats *InterceptorStats) http.Handler {
+	return &interceptorHandler{stats}
+}
+
+func (pdi interceptorHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	pdi.stats.RequestsCount++
+
+	b, httpErr := pdi.executeInterceptor(r)
+	if httpErr != nil {
+		logging.Infof("HTTP %d - %s", httpErr.code, httpErr.err)
+		http.Error(w, httpErr.err.Error(), httpErr.code)
 	}
 
 	w.Header().Add("Content-Type", "application/json")
@@ -45,46 +61,35 @@ func (pdi PagerDutyInterceptor) ServeHTTP(w http.ResponseWriter, r *http.Request
 	}
 }
 
-// Error represents a handler error. It provides methods for a HTTP status
-// code and embeds the built-in error interface.
-type Error interface {
-	error
-	Status() int
+// httpError represents an error with an associated HTTP status code.
+type httpError struct {
+	code int
+	err  error
 }
 
-// HTTPError represents an error with an associated HTTP status code.
-type HTTPError struct {
-	Code int
-	Err  error
-}
-
-// Allows HTTPError to satisfy the error interface.
-func (se HTTPError) Error() string {
-	return se.Err.Error()
-}
+func (pdi *interceptorHandler) httpError(errorCode int, reason string, err error) *httpError {
+	pdi.stats.CodeWithReasonToErrorsCount[ErrorCodeWithReason{errorCode, reason}]++
 
-// Returns our HTTP status code.
-func (se HTTPError) Status() int {
-	return se.Code
+	return &httpError{code: errorCode, err: fmt.Errorf("%s: %w", reason, err)}
 }
 
-func badRequest(err error) HTTPError {
-	return HTTPError{Code: http.StatusBadRequest, Err: err}
+func (pdi *interceptorHandler) badRequest(reason string, err error) *httpError {
+	return pdi.httpError(http.StatusBadRequest, reason, err)
 }
 
-func internal(err error) HTTPError {
-	return HTTPError{Code: http.StatusInternalServerError, Err: err}
+func (pdi *interceptorHandler) internal(reason string, err error) *httpError {
+	return pdi.httpError(http.StatusInternalServerError, reason, err)
 }
 
-func (pdi *PagerDutyInterceptor) executeInterceptor(r *http.Request) ([]byte, error) {
+func (pdi *interceptorHandler) executeInterceptor(r *http.Request) ([]byte, *httpError) {
 	// Create a context
 	ctx, cancel := context.WithTimeout(r.Context(), 3*time.Second)
 	defer cancel()
 
 	var body bytes.Buffer
 	defer r.Body.Close() //nolint:errcheck
 	if _, err := io.Copy(&body, r.Body); err != nil {
-		return nil, internal(fmt.Errorf("failed to read body: %w", err))
+		return nil, pdi.internal("failed to read body", err)
 	}
 	r.Body = io.NopCloser(bytes.NewReader(body.Bytes()))
 
@@ -95,12 +100,12 @@ func (pdi *PagerDutyInterceptor) executeInterceptor(r *http.Request) ([]byte, er
 		Header map[string][]string `json:"header"`
 	}
 	if err := json.Unmarshal(body.Bytes(), &originalReq); err != nil {
-		return nil, badRequest(fmt.Errorf("failed to parse request body: %w", err))
+		return nil, pdi.badRequest("failed to parse body", err)
 	}
 
 	extractedRequest, err := http.NewRequestWithContext(ctx, r.Method, r.URL.String(), bytes.NewReader([]byte(originalReq.Body)))
 	if err != nil {
-		return nil, internal(fmt.Errorf("malformed body/header in unwrapped request: %w", err))
+		return nil, pdi.internal("malformed body/header in unwrapped request", err)
 	}
 
 	for k, v := range originalReq.Header {
@@ -117,26 +122,26 @@ func (pdi *PagerDutyInterceptor) executeInterceptor(r *http.Request) ([]byte, er
 
 	err = webhookv3.VerifySignature(extractedRequest, token)
 	if err != nil {
-		return nil, badRequest(fmt.Errorf("failed to verify signature: %w", err))
+		return nil, pdi.badRequest("failed to verify signature", err)
 	}
 
 	logging.Info("Signature verified successfully")
 
 	if err := json.Unmarshal(body.Bytes(), &ireq); err != nil {
-		return nil, badRequest(fmt.Errorf("failed to parse body as InterceptorRequest: %w", err))
+		return nil, pdi.badRequest("failed to parse body as InterceptorRequest", err)
 	}
 	logging.Debugf("Interceptor request body is: %s", ireq.Body)
 
-	iresp := pdi.Process(ctx, &ireq)
+	iresp := pdi.process(ctx, &ireq)
 	logging.Debugf("Interceptor response is: %+v", iresp)
 	respBytes, err := json.Marshal(iresp)
 	if err != nil {
-		return nil, internal(err)
+		return nil, pdi.internal("failed to encode response", err)
 	}
 	return respBytes, nil
 }
 
-func (pdi *PagerDutyInterceptor) Process(ctx context.Context, r *triggersv1.InterceptorRequest) *triggersv1.InterceptorResponse {
+func (pdi *interceptorHandler) process(ctx context.Context, r *triggersv1.InterceptorRequest) *triggersv1.InterceptorResponse {
 	pdClient, err := pagerduty.GetPDClient([]byte(r.Body))
 	if err != nil {
 		return interceptors.Failf(codes.InvalidArgument, "could not initialize pagerduty client: %v", err)

interceptor/test/e2e.sh

@@ -20,7 +20,8 @@ function test_interceptor {
 
     local incident_id=$1
     local expected_response=$2
-    local override_signature=$3
+    local expected_metrics=$3
+    local override_signature=$4
 
     # Run the interceptor and print logs to temporary log file
     export PD_SIGNATURE="test"
@@ -52,26 +53,40 @@ function test_interceptor {
         -d "$WRAPPED_PAYLOAD" \
         http://localhost:8080) || CURL_EXITCODE=$?
 
-    # Check if the curl output matches the expected response
-    if [[ "$CURL_OUTPUT" == "$expected_response" ]] && [[ "$CURL_EXITCODE" == "0" ]]; then
-        echo -e "${GREEN}Test passed for incident ID $incident_id: Response is as expected.${NC}"
+    local return_code=0
 
-        # Shut down the interceptor
-        kill $INTERCEPTOR_PID
-    else
+    # Check if the curl output differs from the expected response
+    if [[ "$CURL_OUTPUT" != "$expected_response" ]] || [[ "$CURL_EXITCODE" != "0" ]]; then
         echo -e "${RED}Test failed for incident ID $incident_id: Unexpected response.${NC}"
         echo -e "${RED}Expected: $expected_response${NC}"
         echo -e "${RED}Got: $CURL_OUTPUT${NC}"
         echo -e "${RED}Exit code: $CURL_EXITCODE${NC}"
         echo -e ""
         echo -e "Interceptor logs"
         cat $temp_log_file
+        return_code=1
+    else
+        curl_metrics_exitcode=0
+        curl_metrics_output=$(curl -s http://localhost:8080/metrics | grep '^cad_interceptor_') || curl_metrics_exitcode=$?
+
+        if [[ "$curl_metrics_output" != "$expected_metrics" ]] || [[ "$curl_metrics_exitcode" != "0" ]]; then
+            echo -e "${RED}Test failed for incident ID $incident_id: Unexpected metrics.${NC}"
+            echo -e "${RED}Expected: $expected_metrics${NC}"
+            echo -e "${RED}Got: $curl_metrics_output${NC}"
+            echo -e "${RED}Exit code: $curl_metrics_exitcode${NC}"
+            echo -e ""
+            echo -e "Interceptor logs"
+            cat $temp_log_file
+            return_code=1
+        else
+            echo -e "${GREEN}Test passed for incident ID $incident_id: Response and metrics are as expected.${NC}"
+        fi
+    fi
 
-        # Shut down the interceptor
-        kill $INTERCEPTOR_PID
+    # Shut down the interceptor
+    kill $INTERCEPTOR_PID
 
-        return 1
-    fi
+    return $return_code
 }
 
 # Expected outputs
@@ -83,13 +98,13 @@ EXPECTED_RESPONSE_SIGNATURE_ERROR='failed to verify signature: invalid webhook s
 echo "========= TESTS ============="
 # Test for a pre-existing alert we handle (ClusterProvisioningDelay)
 echo "Test 1: alert with existing handling returns a 'continue: true' response"
-test_interceptor "Q12WO44XJLR3H3" "$EXPECTED_RESPONSE_CONTINUE"
+test_interceptor "Q12WO44XJLR3H3" "$EXPECTED_RESPONSE_CONTINUE" "cad_interceptor_requests_total 1"
 
 # Test for an alert we don't handle (alert called unhandled)
 echo "Test 2: unhandled alerts returns a 'continue: false' response"
-test_interceptor "Q3722KGCG12ZWD" "$EXPECTED_RESPONSE_STOP"
+test_interceptor "Q3722KGCG12ZWD" "$EXPECTED_RESPONSE_STOP" "cad_interceptor_requests_total 1"
 
 # Test for an alert with invalid signature
 echo "Test 3: expected failure due to invalid signature"
 PD_SIGNATURE="invalid-signature"
-test_interceptor "Q12WO44XJLR3H3" "$EXPECTED_RESPONSE_SIGNATURE_ERROR" "invalid-signature"
+test_interceptor "Q12WO44XJLR3H3" "$EXPECTED_RESPONSE_SIGNATURE_ERROR" 'cad_interceptor_errors_total{error_code="400",reason="failed to verify signature"} 1'$'\n''cad_interceptor_requests_total 1' "invalid-signature"