Fix missing token renew statistics (#76)

gogatekeeper · Apr 8, 2021 · 645400c · 645400c
1 parent 6a81b2b
commit 645400c
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/middleware_test.go b/middleware_test.go
@@ -393,7 +393,24 @@ func TestMetricsMiddleware(t *testing.T) {
 	cfg := newFakeKeycloakConfig()
 	cfg.EnableMetrics = true
 	cfg.LocalhostMetrics = true
+	cfg.EnableRefreshTokens = true
+	cfg.EnableEncryptedToken = true
+	cfg.EncryptionKey = testEncryptionKey
 	requests := []fakeRequest{
+		{
+			URI:           fakeAuthAllURL,
+			HasLogin:      true,
+			Redirects:     true,
+			OnResponse:    delay,
+			ExpectedProxy: true,
+			ExpectedCode:  http.StatusOK,
+		},
+		{
+			URI:           fakeAuthAllURL,
+			Redirects:     false,
+			ExpectedProxy: true,
+			ExpectedCode:  http.StatusOK,
+		},
 		{
 			URI: cfg.WithOAuthURI(metricsURL),
 			Headers: map[string]string{
@@ -407,8 +424,35 @@ func TestMetricsMiddleware(t *testing.T) {
 			ExpectedCode:            http.StatusOK,
 			ExpectedContentContains: "proxy_request_status_total",
 		},
+		{
+			URI:                     cfg.WithOAuthURI(metricsURL),
+			ExpectedCode:            http.StatusOK,
+			ExpectedContentContains: "action=\"issued\"",
+		},
+		{
+			URI:                     cfg.WithOAuthURI(metricsURL),
+			ExpectedCode:            http.StatusOK,
+			ExpectedContentContains: "action=\"exchange\"",
+		},
+		{
+			URI:                     cfg.WithOAuthURI(metricsURL),
+			ExpectedCode:            http.StatusOK,
+			ExpectedContentContains: "action=\"login\"",
+		},
+		{
+			URI:                     cfg.WithOAuthURI(metricsURL),
+			ExpectedCode:            http.StatusOK,
+			ExpectedContentContains: "action=\"logout\"",
+		},
+		{
+			URI:                     cfg.WithOAuthURI(metricsURL),
+			ExpectedCode:            http.StatusOK,
+			ExpectedContentContains: "action=\"renew\"",
+		},
 	}
-	newFakeProxy(cfg, &fakeAuthConfig{}).RunTests(t, requests)
+	p := newFakeProxy(cfg, &fakeAuthConfig{})
+	p.idp.setTokenExpiration(1000 * time.Millisecond)
+	p.RunTests(t, requests)
 }
 
 func TestOauthRequests(t *testing.T) {

diff --git a/oauth.go b/oauth.go
@@ -75,6 +75,7 @@ func getRefreshedToken(conf *oauth2.Config, proxyConfig *Config, t string) (jwt.
 
 	defer cancel()
 
+	start := time.Now()
 	tkn, err := conf.TokenSource(ctx, &oauth2.Token{RefreshToken: t}).Token()
 
 	if err != nil {
@@ -83,6 +84,11 @@ func getRefreshedToken(conf *oauth2.Config, proxyConfig *Config, t string) (jwt.
 		}
 		return jwt.JSONWebToken{}, "", "", time.Time{}, time.Duration(0), err
 	}
+
+	taken := time.Since(start).Seconds()
+	oauthTokensMetric.WithLabelValues("renew").Inc()
+	oauthLatencyMetric.WithLabelValues("renew").Observe(taken)
+
 	refreshExpiresIn := time.Until(tkn.Expiry)
 	token, err := jwt.ParseSigned(tkn.AccessToken)