feat: add per-protocol auth observability via RequestTags#49
Merged
Conversation
Member
wolfeidau
commented
Mar 22, 2026
wolfeidau
commented
- Add AuthOutcome field to RequestTags and SetAuthOutcome() setter in telemetry/tags.go
- Update oidcMiddleware to call SetProtocol early (fixes empty protocol on 401/403) and set auth outcome at each exit point
- Upgrade OIDC token validation failure log level from Debug to Info
- Log auth_outcome field automatically via loggingMiddleware when set
- Add content_cache_auth_requests_total counter (protocol + outcome labels) recorded in RecordHTTP
- Add Auth dashboard section to Grafana with rate-by-outcome timeseries, failure rate stat, and per-protocol piechart
- Codify metrics requirement in CLAUDE.md protocol checklist and code style
- Add AuthOutcome field to RequestTags and SetAuthOutcome() setter in telemetry/tags.go - Update oidcMiddleware to call SetProtocol early (fixes empty protocol on 401/403) and set auth outcome at each exit point - Upgrade OIDC token validation failure log level from Debug to Info - Log auth_outcome field automatically via loggingMiddleware when set - Add content_cache_auth_requests_total counter (protocol + outcome labels) recorded in RecordHTTP - Add Auth dashboard section to Grafana with rate-by-outcome timeseries, failure rate stat, and per-protocol piechart - Codify metrics requirement in CLAUDE.md protocol checklist and code style
…overage - Add AuthOutcome type with named constants (Allowed/Unauthorized/Forbidden) to match the CacheResult pattern and eliminate stringly-typed values - Log OIDC insufficient_permission at Info level, consistent with token validation failures - Add comment to authMiddleware explaining the observability asymmetry - Wire authRequestsTotal into setupTestMetrics and add RecordHTTP auth metric tests (outcome set and outcome absent) - Add SetAuthOutcome unit tests to tags_test.go - Add TestOIDCMiddleware_SetsAuthOutcomeTags covering all three exit paths with InjectTags so the assertions actually exercise the new code
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.