Add metrics for vault error

Now use a custom error type for vault with http error
ecadlabs · Jun 19, 2019 · 2d72878 · 2d72878
1 parent 3a4b4d8
commit 2d72878
Show file tree

Hide file tree

Showing 6 changed files with 69 additions and 18 deletions.
diff --git a/metrics/metrics.go b/metrics/metrics.go
@@ -10,18 +10,19 @@ import (
 var signingOpCount = prometheus.NewCounterVec(prometheus.CounterOpts{
 	Name: "signing_ops_total",
 	Help: "Total number of signing operations completed.",
-}, []string{"address", "vault", "kind"})
+}, []string{"address", "vault", "op", "kind"})
 
 var Handler http.Handler
 
 // RegisterHandler register metrics handler
 func init() {
 	prometheus.MustRegister(signingOpCount)
 	prometheus.MustRegister(vaultSigningSummary)
+	prometheus.MustRegister(vaultErrorCounter)
 	Handler = promhttp.Handler()
 }
 
 // IncNewSigningOp register a new signing operation with vault
-func IncNewSigningOp(address string, vault string, kind string) {
-	signingOpCount.WithLabelValues(address, vault, kind).Inc()
+func IncNewSigningOp(address string, vault string, op string, kind string) {
+	signingOpCount.WithLabelValues(address, vault, op, kind).Inc()
 }
diff --git a/metrics/vaultmetrics.go b/metrics/vaultmetrics.go
@@ -1,18 +1,29 @@
 package metrics
 
 import (
+	"fmt"
 	"time"
 
 	"github.com/ecadlabs/signatory/signatory"
 	"github.com/prometheus/client_golang/prometheus"
 )
 
+type HttpError interface {
+	Code() int
+}
+
 var vaultSigningSummary = prometheus.NewSummaryVec(
 	prometheus.SummaryOpts{
 		Name: "vault_sign_request_duration_microseconds",
 		Help: "Vaults signing requests latencies in microseconds",
 	}, []string{"vault"})
 
+var vaultErrorCounter = prometheus.NewCounterVec(
+	prometheus.CounterOpts{
+		Name: "vault_sign_request_error_total",
+		Help: "Vaults signing requests error count",
+	}, []string{"vault", "code"})
+
 type metricVault struct {
 	vault signatory.Vault
 }
@@ -27,7 +38,18 @@ func (v *metricVault) Sign(digest []byte, key signatory.StoredKey) ([]byte, erro
 		vaultSigningSummary.WithLabelValues(v.vault.Name()).Observe(us)
 	}))
 	defer timer.ObserveDuration()
-	return v.vault.Sign(digest, key)
+
+	result, err := v.vault.Sign(digest, key)
+
+	if err != nil {
+		if val, ok := err.(HttpError); ok {
+			vaultErrorCounter.WithLabelValues(v.vault.Name(), fmt.Sprintf("%d", val.Code())).Inc()
+		} else {
+			vaultErrorCounter.WithLabelValues(v.vault.Name(), "n/a").Inc()
+		}
+	}
+
+	return result, err
 }
 func (v *metricVault) Name() string { return v.vault.Name() }
 

diff --git a/signatory/signatory.go b/signatory/signatory.go
@@ -20,7 +20,7 @@ var (
 )
 
 // NotifySigning observer function for signing request
-type NotifySigning func(address string, vault string, kind string)
+type NotifySigning func(address string, vault string, op string, kind string)
 
 // PublicKey alias for an array of byte
 type PublicKey = []byte
@@ -174,7 +174,7 @@ func (s *Signatory) Sign(keyHash string, message []byte) (string, error) {
 
 	log.Debugf("Encoded signature: %s", encodedSig)
 
-	s.notifySigning(keyHash, vault.Name(), msg.Type())
+	s.notifySigning(keyHash, vault.Name(), msg.Type(), msg.Kind())
 
 	log.Infof("Signed %s successfully", msg.Type())
 

diff --git a/tezos/message.go b/tezos/message.go
@@ -134,7 +134,8 @@ func (m *Message) level() *big.Int {
 	return nil
 }
 
-func (m *Message) kind() string {
+// Kind return the kind of a generic operation
+func (m *Message) Kind() string {
 	if len(m.hex) <= 33 {
 		return OpGenUnknown
 	}
@@ -172,7 +173,7 @@ func (m *Message) MatchFilter(conf *config.TezosConfig) error {
 	// Generic operations have an extra check
 	if msgType == OpGeneric {
 		allowed = false
-		kind := m.kind()
+		kind := m.Kind()
 		for _, filter := range conf.AllowedKinds {
 			if kind == filter {
 				allowed = true

diff --git a/vault/azure.go b/vault/azure.go
@@ -130,14 +130,15 @@ func (s *AzureVault) getToken(resource string) (string, error) {
 
 	httpReq.Header.Add("Content-Type", "application/x-www-form-urlencoded")
 	response, err := s.client.Do(httpReq)
-	defer response.Body.Close()
 
 	if err != nil {
 		return "", err
 	}
 
+	defer response.Body.Close()
+
 	if response.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("(Azure/%s) Error response from the API %v", s.config.Vault, response.StatusCode)
+		return "", NewHttpError(fmt.Sprintf("(Azure/%s) Error response from the API %v", s.config.Vault, response.StatusCode), response.StatusCode)
 	}
 
 	azLoginResponse := struct {
@@ -190,8 +191,11 @@ func (s *AzureVault) ListPublicKeys() ([]signatory.StoredKey, error) {
 	defer response.Body.Close()
 
 	if response.StatusCode != http.StatusOK {
-		result, _ := ioutil.ReadAll(response.Body)
-		return nil, fmt.Errorf("(Azure/%s) Error fetching public keys: %v, %s", s.config.Vault, response.StatusCode, string(result))
+		result, err := ioutil.ReadAll(response.Body)
+		if err != nil {
+			return nil, err
+		}
+		return nil, NewHttpError(fmt.Sprintf("(Azure/%s) Error fetching public keys: %v, %s", s.config.Vault, response.StatusCode, string(result)), response.StatusCode)
 	}
 
 	azListResponse := struct {
@@ -242,14 +246,15 @@ func (s *AzureVault) GetPublicKey(keyID string) (signatory.StoredKey, error) {
 	httpReq.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
 
 	response, err := s.client.Do(httpReq)
-	defer response.Body.Close()
 
 	if err != nil {
 		return nil, err
 	}
 
+	defer response.Body.Close()
+
 	if response.StatusCode != http.StatusOK {
-		return nil, fmt.Errorf("(Azure/%s) Error retrieving public key %v", s.config.Vault, response.StatusCode)
+		return nil, NewHttpError(fmt.Sprintf("(Azure/%s) Error retrieving public key %v", s.config.Vault, response.StatusCode), response.StatusCode)
 	}
 
 	azKeyResponse := AzureKey{}
@@ -312,15 +317,16 @@ func (s *AzureVault) Sign(digest []byte, storedKey signatory.StoredKey) ([]byte,
 	httpReq.Header.Add("Content-Type", "application/json")
 
 	response, err := s.client.Do(httpReq)
-	defer response.Body.Close()
 
 	if err != nil {
 		return nil, err
 	}
 
+	defer response.Body.Close()
+
 	if response.StatusCode != http.StatusOK {
 		result, _ := ioutil.ReadAll(response.Body)
-		return nil, fmt.Errorf("(Azure/%s) Error signing operation  %v, %s", s.config.Vault, response.StatusCode, string(result))
+		return nil, NewHttpError(fmt.Sprintf("(Azure/%s) Error signing operation  %v, %s", s.config.Vault, response.StatusCode, string(result)), response.StatusCode)
 	}
 
 	azSignResponse := struct {
@@ -372,12 +378,13 @@ func (s *AzureVault) Ready() bool {
 	httpReq.Header.Add("Authorization", fmt.Sprintf("Bearer %s", token))
 
 	response, err := s.client.Do(httpReq)
-	defer response.Body.Close()
 
 	if err != nil {
 		return false
 	}
 
+	defer response.Body.Close()
+
 	if response.StatusCode != http.StatusOK {
 		return false
 	}
@@ -448,7 +455,7 @@ func (s *AzureVault) Import(jwk *signatory.JWK) (string, error) {
 
 	if response.StatusCode != http.StatusOK {
 		result, _ := ioutil.ReadAll(response.Body)
-		return "", fmt.Errorf("(Azure/%s) Error importing key %v, %s", s.config.Vault, response.StatusCode, string(result))
+		return "", NewHttpError(fmt.Sprintf("(Azure/%s) Error importing key %v, %s", s.config.Vault, response.StatusCode, string(result)), response.StatusCode)
 	}
 
 	azImportResponse := struct {

diff --git a/vault/errors.go b/vault/errors.go
@@ -0,0 +1,20 @@
+package vault
+
+import "github.com/pkg/errors"
+
+type withHttp struct {
+	error
+	code int
+}
+
+func (e *withHttp) Code() int {
+	return e.code
+}
+
+func NewHttpError(msg string, code int) error {
+	wrapped := errors.New(msg)
+	return &withHttp{
+		wrapped,
+		code,
+	}
+}