pepr 0.43.0 → 0.44.0

package/package.json

@@ -15,7 +15,7 @@
     "!src/**/*.test.ts",
     "!dist/**/*.test.d.ts*"
   ],
-  "version": "0.43.0",
+  "version": "0.44.0",
   "main": "dist/lib.js",
   "types": "dist/lib.d.ts",
   "scripts": {

package/src/cli/dev.ts

@@ -11,6 +11,7 @@ import { buildModule, loadModule } from "./build";
 import { deployWebhook } from "../lib/assets/deploy";
 import { promises as fs } from "fs";
 import { validateCapabilityNames } from "../lib/helpers";
+
 export default function (program: RootCmd): void {
   program
     .command("dev")
@@ -42,6 +43,7 @@ export default function (program: RootCmd): void {
           description: cfg.description,
         },
         path,
+        [],
         opts.host,
       );
 

package/src/lib/processors/mutate-processor.ts

@@ -4,7 +4,7 @@
 import jsonPatch from "fast-json-patch";
 import { kind, KubernetesObject } from "kubernetes-fluent-client";
 import { clone } from "ramda";
-
+import { MeasureWebhookTimeout } from "../telemetry/webhookTimeouts";
 import { Capability } from "../core/capability";
 import { shouldSkipRequest } from "../filter/filter";
 import { MutateResponse } from "../k8s";
@@ -15,7 +15,8 @@ import { PeprMutateRequest } from "../mutate-request";
 import { base64Encode, convertFromBase64Map, convertToBase64Map } from "../utils";
 import { OnError } from "../../cli/init/enums";
 import { resolveIgnoreNamespaces } from "../assets/webhooks";
-
+import { Operation } from "fast-json-patch";
+import { WebhookType } from "../enums";
 export interface Bindable {
   req: AdmissionRequest;
   config: ModuleConfig;
@@ -139,6 +140,8 @@ export async function mutateProcessor(
   req: AdmissionRequest,
   reqMetadata: Record<string, string>,
 ): Promise<MutateResponse> {
+  const webhookTimer = new MeasureWebhookTimeout(WebhookType.MUTATE);
+  webhookTimer.start(config.webhookTimeout);
   let response: MutateResponse = {
     uid: req.uid,
     warnings: [],
@@ -207,6 +210,14 @@ export async function mutateProcessor(
   // Compare the original request to the modified request to get the patches
   const patches = jsonPatch.compare(req.object, transformed);
 
+  updateResponsePatchAndWarnings(patches, response);
+
+  Log.debug({ ...reqMetadata, patches }, `Patches generated`);
+  webhookTimer.stop();
+  return response;
+}
+
+export function updateResponsePatchAndWarnings(patches: Operation[], response: MutateResponse): void {
   // Only add the patch if there are patches to apply
   if (patches.length > 0) {
     response.patchType = "JSONPatch";
@@ -219,8 +230,4 @@ export async function mutateProcessor(
   if (response.warnings && response.warnings.length < 1) {
     delete response.warnings;
   }
-
-  Log.debug({ ...reqMetadata, patches }, `Patches generated`);
-
-  return response;
 }

package/src/lib/processors/validate-processor.ts

@@ -11,6 +11,8 @@ import { convertFromBase64Map } from "../utils";
 import { PeprValidateRequest } from "../validate-request";
 import { ModuleConfig } from "../core/module";
 import { resolveIgnoreNamespaces } from "../assets/webhooks";
+import { MeasureWebhookTimeout } from "../telemetry/webhookTimeouts";
+import { WebhookType } from "../enums";
 
 export async function processRequest(
   binding: Binding,
@@ -58,12 +60,13 @@ export async function validateProcessor(
   req: AdmissionRequest,
   reqMetadata: Record<string, string>,
 ): Promise<ValidateResponse[]> {
+  const webhookTimer = new MeasureWebhookTimeout(WebhookType.VALIDATE);
+  webhookTimer.start(config.webhookTimeout);
   const wrapped = new PeprValidateRequest(req);
   const response: ValidateResponse[] = [];
 
   // If the resource is a secret, decode the data
-  const isSecret = req.kind.version === "v1" && req.kind.kind === "Secret";
-  if (isSecret) {
+  if (req.kind.version === "v1" && req.kind.kind === "Secret") {
     convertFromBase64Map(wrapped.Raw as unknown as kind.Secret);
   }
 
@@ -94,6 +97,6 @@ export async function validateProcessor(
       response.push(resp);
     }
   }
-
+  webhookTimer.stop();
   return response;
 }

package/src/lib/telemetry/timeUtils.ts

@@ -0,0 +1 @@
+export const getNow = (): number => performance.now();

package/src/lib/telemetry/webhookTimeouts.ts

@@ -0,0 +1,34 @@
+import { metricsCollector } from "./metrics";
+import { getNow } from "./timeUtils";
+import Log from "./logger";
+import { WebhookType } from "../enums";
+export class MeasureWebhookTimeout {
+  #startTime: number | null = null;
+  #webhookType: string;
+  timeout: number = 0;
+
+  constructor(webhookType: WebhookType) {
+    this.#webhookType = webhookType;
+    metricsCollector.addCounter(`${webhookType}_timeouts`, `Number of ${webhookType} webhook timeouts`);
+  }
+
+  start(timeout: number = 10): void {
+    this.#startTime = getNow();
+    this.timeout = timeout;
+    Log.info(`Starting timer at ${this.#startTime}`);
+  }
+
+  stop(): void {
+    if (this.#startTime === null) {
+      throw new Error("Timer was not started before calling stop.");
+    }
+
+    const elapsedTime = getNow() - this.#startTime;
+    Log.info(`Webhook ${this.#startTime} took ${elapsedTime}ms`);
+    this.#startTime = null;
+
+    if (elapsedTime > this.timeout) {
+      metricsCollector.incCounter(`${this.#webhookType}_timeouts`);
+    }
+  }
+}