search

kubeguard / guard

🔑 Kubernetes Authentication & Authorization WebHook Server
https://kubeguard.dev
Apache License 2.0
590 stars 81 forks source link

Add context timeout for checkaccess requests and fix metrics #350

Closed Anumita closed 1 year ago

Anumita commented 1 year ago

Context timeout - Change to using https://pkg.go.dev/golang.org/x/sync/errgroup which can propagate error , it is a wrapper on waitgroups. Added a context timeout of 23 seconds.

Added contexttimeout metric as well

Discover Resources metrics: Added metrics for -

  1. Total duration for discovering resources which includes both apiserver and get operations call
  2. Duration for apiserver call
  3. Duration for get operations call

Fix metrics:

  1. SAR status was returning 200 code regardless of whether there were any errors or not. Utilized existing withCode struct to make sure we send an appropriate errorcode. The divisions of errorcode are: a. if checkaccess fails , we will send back errorcode which will be the response status code. b. if it's any other error it will either be statusbadrequest if client related or statusInternalServerError otherwise

  2. Fixed checkaccess requests total and failed metrics to included statuscode as a dimension. This will help us get the success rate

  3. Added metrics for checkaccess latency as well

Anumita commented 1 year ago

Hey @tamalsaha , could you please release image for guard? We have merged both the PR's Thanks!

Anumita commented 1 year ago

Hey @tamalsaha , could you please release the image today if possible? We want to get this fix out asap, hence the urgency. Thanks!