added "upstream_auth_empty_tokens_total" metric

SamMHD · SamMHD · commit e12483712321 · 2025-08-18T15:51:46.000+03:30
diff --git a/pkg/auth/authenticator.go b/pkg/auth/authenticator.go
@@ -284,19 +284,23 @@ func NewAuthenticator(logger logr.Logger) *Authenticator {
 // validateUpstreamAuthRequest validates the service before calling the upstream.
 // when calling the upstream authentication, one of read or write tokens must be
 // empty and the upstream address must be a valid url.
-func validateUpstreamAuthRequest(service WebservicesCacheEntry, _ *Request) CerberusReason {
+func validateUpstreamAuthRequest(service WebservicesCacheEntry, request *Request) CerberusReason {
 	if service.Spec.UpstreamHttpAuth.ReadTokenFrom == "" ||
 		service.Spec.UpstreamHttpAuth.WriteTokenTo == "" {
 		return CerberusReasonTargetAuthTokenEmpty
 	}
 	if !govalidator.IsRequestURL(service.Spec.UpstreamHttpAuth.Address) {
 		return CerberusReasonInvalidUpstreamAddress
 	}
-	// uncomment if you want to stop upstream auth call when token is empty
-	// token := request.Request.Header.Get(service.Spec.UpstreamHttpAuth.ReadTokenFrom)
-	// if token == "" {
-	// 	return CerberusReasonUpstreamAuthHeaderEmpty
-	// }
+	if request != nil {
+		token := request.Request.Header.Get(service.Spec.UpstreamHttpAuth.ReadTokenFrom)
+		if token == "" {
+			upstreamAuthEmptyTokens.Inc()
+
+			// uncomment if you want to stop upstream auth call when token is empty
+			// return CerberusReasonUpstreamAuthHeaderEmpty
+		}
+	}
 	return ""
 }
 
diff --git a/pkg/auth/metrics.go b/pkg/auth/metrics.go
@@ -13,7 +13,7 @@ const (
 	HasUpstreamAuth             = "upstream_auth_enabled"
 	ObjectKindLabel             = "kind"
 	WithDownstreamDeadlineLabel = "with_downstream_deadline"
-	WebserviceLabel 			= "webservice" 
+	WebserviceLabel             = "webservice"
 
 	MetricsKindSecret                  = "secret"
 	MetricsKindWebservice              = "webservice"
@@ -131,6 +131,13 @@ var (
 		},
 		[]string{WithDownstreamDeadlineLabel},
 	)
+
+	upstreamAuthEmptyTokens = prometheus.NewCounter(
+		prometheus.CounterOpts{
+			Name: "upstream_auth_empty_tokens_total",
+			Help: "Total number of UpstreamAuth requests that token were empty",
+		},
+	)
 )
 
 func init() {
@@ -196,9 +203,9 @@ func AddWithDownstreamDeadlineLabel(labels prometheus.Labels, hasDeadline bool)
 }
 
 func AddWebserviceLabel(labels prometheus.Labels, wsvc string) prometheus.Labels {
-    if labels == nil {
-        labels = prometheus.Labels{}
-    }
-    labels[WebserviceLabel] = wsvc
-    return labels
-}
+	if labels == nil {
+		labels = prometheus.Labels{}
+	}
+	labels[WebserviceLabel] = wsvc
+	return labels
+}
