Forward Proxy & Certificate Rotation

CHANGELOG.md

@@ -3,6 +3,7 @@
 
 FEATURES:
 * Added a --enable-default-deny option to make denial by default [#PR320](https://github.com/gambol99/keycloak-proxy/pull/320)
+* Added metrics latency metrics for the forwarding proxy and the certificate rotation [#PR325](https://github.com/gambol99/keycloak-proxy/pull/325)
 * Added spelling check to the tests [#PR322](https://github.com/gambol99/keycloak-proxy/pull/322)
 * Added the X-Auth-Audience to the upstream headers [#PR319](https://github.com/gambol99/keycloak-proxy/pull/319)
 * Added the ability to control the timeout on the initial openid configuration from .well-known/openid-configuration [#PR315](https://github.com/gambol99/keycloak-proxy/pull/315)

doc.go

@@ -75,6 +75,12 @@ const (
 )
 
 var (
+	certificateRotationMetric = prometheus.NewCounter(
+		prometheus.CounterOpts{
+			Name: "proxy_certificate_rotation_total",
+			Help: "The total amount of times the certificate has been rotated",
+		},
+	)
 	oauthTokensMetric = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "proxy_oauth_tokens_total",

forwarding.go

@@ -205,8 +205,8 @@ func (r *oauthProxy) forwardProxyHandler() func(*http.Request, *http.Response) {
 		req.URL.Host = hostname
 		// is the host being signed?
 		if len(r.config.ForwardingDomains) == 0 || containsSubString(hostname, r.config.ForwardingDomains) {
-			req.Header.Set("X-Forwarded-Agent", prog)
 			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", state.token.Encode()))
+			req.Header.Set("X-Forwarded-Agent", prog)
 		}
 	}
 }

rotation.go

@@ -89,6 +89,8 @@ func (c *certificationRotation) watch() error {
 							zap.String("filename", event.Name),
 							zap.Error(err))
 					}
+					// @metric inform of the rotation
+					certificateRotationMetric.Inc()
 					// step: load the new certificate
 					c.storeCertificate(certificate)
 					// step: print a debug message for us

server.go

@@ -66,6 +66,7 @@ func init() {
 	time.LoadLocation("UTC")             // ensure all time is in UTC
 	runtime.GOMAXPROCS(runtime.NumCPU()) // set the core
 	// @step: register the instrumentation
+	prometheus.MustRegister(certificateRotationMetric)
 	prometheus.MustRegister(latencyMetric)
 	prometheus.MustRegister(oauthLatencyMetric)
 	prometheus.MustRegister(oauthTokensMetric)
@@ -308,6 +309,7 @@ func (r *oauthProxy) createForwardingProxy() error {
 		if resp != nil && r.config.EnableLogging {
 			start := ctx.UserData.(time.Time)
 			latency := time.Since(start)
+			latencyMetric.Observe(latency.Seconds())
 			r.log.Info("client request",
 				zap.String("method", resp.Request.Method),
 				zap.String("path", resp.Request.URL.Path),