From a7ac3b9bbe3f3e35117bd7109997e58ce467f0a9 Mon Sep 17 00:00:00 2001 From: RainbowMango Date: Fri, 16 Aug 2019 19:30:43 +0800 Subject: [PATCH] Add authentication metrics: overall failure and error count --- .../pkg/endpoints/filters/authentication.go | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go index 1b4de1899f1..7e8f2baa50e 100644 --- a/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go +++ b/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authentication.go @@ -40,6 +40,12 @@ import ( * involves explicitly acknowledging support for the metric across multiple releases, in accordance with * the metric stability policy. */ +const ( + successLabel = "success" + failureLabel = "failure" + errorLabel = "error" +) + var ( authenticatedUserCounter = metrics.NewCounterVec( &metrics.CounterOpts{ @@ -49,10 +55,19 @@ var ( }, []string{"username"}, ) + + authenticatedAttemptsCounter = metrics.NewCounterVec( + &metrics.CounterOpts{ + Name: "authentication_attempts", + Help: "Counter of authenticated attempts.", + }, + []string{"result"}, + ) ) func init() { legacyregistry.MustRegister(authenticatedUserCounter) + legacyregistry.MustRegister(authenticatedAttemptsCounter) } // WithAuthentication creates an http handler that tries to authenticate the given request as a user, and then @@ -72,7 +87,11 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed if err != nil || !ok { if err != nil { klog.Errorf("Unable to authenticate the request due to an error: %v", err) + authenticatedAttemptsCounter.WithLabelValues(errorLabel).Inc() + } else if !ok { + authenticatedAttemptsCounter.WithLabelValues(failureLabel).Inc() } + failed.ServeHTTP(w, req) return } @@ -86,6 +105,7 @@ func WithAuthentication(handler http.Handler, auth authenticator.Request, failed req = req.WithContext(genericapirequest.WithUser(req.Context(), resp.User)) authenticatedUserCounter.WithLabelValues(compressUsername(resp.User.GetName())).Inc() + authenticatedAttemptsCounter.WithLabelValues(successLabel).Inc() handler.ServeHTTP(w, req) })