Skip to content

Commit e124837

Browse files
committed
added "upstream_auth_empty_tokens_total" metric
1 parent c8f8935 commit e124837

File tree

2 files changed

+24
-13
lines changed

2 files changed

+24
-13
lines changed

pkg/auth/authenticator.go

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -284,19 +284,23 @@ func NewAuthenticator(logger logr.Logger) *Authenticator {
284284
// validateUpstreamAuthRequest validates the service before calling the upstream.
285285
// when calling the upstream authentication, one of read or write tokens must be
286286
// empty and the upstream address must be a valid url.
287-
func validateUpstreamAuthRequest(service WebservicesCacheEntry, _ *Request) CerberusReason {
287+
func validateUpstreamAuthRequest(service WebservicesCacheEntry, request *Request) CerberusReason {
288288
if service.Spec.UpstreamHttpAuth.ReadTokenFrom == "" ||
289289
service.Spec.UpstreamHttpAuth.WriteTokenTo == "" {
290290
return CerberusReasonTargetAuthTokenEmpty
291291
}
292292
if !govalidator.IsRequestURL(service.Spec.UpstreamHttpAuth.Address) {
293293
return CerberusReasonInvalidUpstreamAddress
294294
}
295-
// uncomment if you want to stop upstream auth call when token is empty
296-
// token := request.Request.Header.Get(service.Spec.UpstreamHttpAuth.ReadTokenFrom)
297-
// if token == "" {
298-
// return CerberusReasonUpstreamAuthHeaderEmpty
299-
// }
295+
if request != nil {
296+
token := request.Request.Header.Get(service.Spec.UpstreamHttpAuth.ReadTokenFrom)
297+
if token == "" {
298+
upstreamAuthEmptyTokens.Inc()
299+
300+
// uncomment if you want to stop upstream auth call when token is empty
301+
// return CerberusReasonUpstreamAuthHeaderEmpty
302+
}
303+
}
300304
return ""
301305
}
302306

pkg/auth/metrics.go

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ const (
1313
HasUpstreamAuth = "upstream_auth_enabled"
1414
ObjectKindLabel = "kind"
1515
WithDownstreamDeadlineLabel = "with_downstream_deadline"
16-
WebserviceLabel = "webservice"
16+
WebserviceLabel = "webservice"
1717

1818
MetricsKindSecret = "secret"
1919
MetricsKindWebservice = "webservice"
@@ -131,6 +131,13 @@ var (
131131
},
132132
[]string{WithDownstreamDeadlineLabel},
133133
)
134+
135+
upstreamAuthEmptyTokens = prometheus.NewCounter(
136+
prometheus.CounterOpts{
137+
Name: "upstream_auth_empty_tokens_total",
138+
Help: "Total number of UpstreamAuth requests that token were empty",
139+
},
140+
)
134141
)
135142

136143
func init() {
@@ -196,9 +203,9 @@ func AddWithDownstreamDeadlineLabel(labels prometheus.Labels, hasDeadline bool)
196203
}
197204

198205
func AddWebserviceLabel(labels prometheus.Labels, wsvc string) prometheus.Labels {
199-
if labels == nil {
200-
labels = prometheus.Labels{}
201-
}
202-
labels[WebserviceLabel] = wsvc
203-
return labels
204-
}
206+
if labels == nil {
207+
labels = prometheus.Labels{}
208+
}
209+
labels[WebserviceLabel] = wsvc
210+
return labels
211+
}

0 commit comments

Comments
 (0)