Add to MeasuredHandler

metrics/measured_http/http.go

@@ -45,6 +45,9 @@ type MeasuredHandler struct {
 	clk clock.Clock
 	// Normally this is always responseTime, but we override it for testing.
 	stat *prometheus.HistogramVec
+	// inFlightRequestsGauge is a gauge that tracks the number of requests
+	// currently in flight, labeled by endpoint.
+	inFlightRequestsGauge *prometheus.GaugeVec
 }
 
 func New(m serveMux, clk clock.Clock, stats prometheus.Registerer, opts ...otelhttp.Option) http.Handler {
@@ -55,17 +58,34 @@ func New(m serveMux, clk clock.Clock, stats prometheus.Registerer, opts ...otelh
 		},
 		[]string{"endpoint", "method", "code"})
 	stats.MustRegister(responseTime)
+
+	inFlightRequestsGauge := prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name: "in_flight_requests",
+			Help: "Tracks the number of WFE requests currently in flight, labeled by endpoint.",
+		},
+		[]string{"method"},
+	)
+	stats.MustRegister(inFlightRequestsGauge)
+
 	return otelhttp.NewHandler(&MeasuredHandler{
-		serveMux: m,
-		clk:      clk,
-		stat:     responseTime,
+		serveMux:              m,
+		clk:                   clk,
+		stat:                  responseTime,
+		inFlightRequestsGauge: inFlightRequestsGauge,
 	}, "server", opts...)
 }
 
 func (h *MeasuredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	begin := h.clk.Now()
 	rwws := &responseWriterWithStatus{w, 0}
 
+	subHandler, pattern := h.Handler(r)
+	if pattern != "/" {
+		h.inFlightRequestsGauge.WithLabelValues(pattern).Inc()
+		defer h.inFlightRequestsGauge.WithLabelValues(pattern).Dec()
+	}
+
 	// Use the method string only if it's a recognized HTTP method. This avoids
 	// ballooning timeseries with invalid methods from public input.
 	var method string
@@ -78,7 +98,6 @@ func (h *MeasuredHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		method = "unknown"
 	}
 
-	subHandler, pattern := h.Handler(r)
 	defer func() {
 		h.stat.With(prometheus.Labels{
 			"endpoint": pattern,

wfe2/stats.go

@@ -25,22 +25,6 @@ type wfe2Stats struct {
 	//   - isReplacement=[true|false]
 	//   - limitsExempt=[true|false]
 	ariReplacementOrders *prometheus.CounterVec
-	// inFlightRequestsGauge is a gauge that tracks the number of requests
-	// currently in flight, labeled by method. Possible values are:
-	//   - new-account
-	//   - account
-	//   - revoke-certificate
-	//   - key-rollover
-	//   - new-order
-	//   - finalize-order
-	//   - directory
-	//   - nonce
-	//   - get-order
-	//   - authorization
-	//   - challenge
-	//   - certificate
-	//   - renewal-info
-	inFlightRequestsGauge *prometheus.GaugeVec
 }
 
 func initStats(stats prometheus.Registerer) wfe2Stats {
@@ -94,21 +78,12 @@ func initStats(stats prometheus.Registerer) wfe2Stats {
 	)
 	stats.MustRegister(ariReplacementOrders)
 
-	inFlightRequestsGauge := prometheus.NewGaugeVec(
-		prometheus.GaugeOpts{
-			Name: "in_flight_requests",
-			Help: "Tracks the number of WFE requests currently in flight, labeled by method.",
-		},
-		[]string{"method"},
-	)
-
 	return wfe2Stats{
 		httpErrorCount:              httpErrorCount,
 		joseErrorCount:              joseErrorCount,
 		csrSignatureAlgs:            csrSignatureAlgs,
 		improperECFieldLengths:      improperECFieldLengths,
 		nonceNoMatchingBackendCount: nonceNoBackendCount,
 		ariReplacementOrders:        ariReplacementOrders,
-		inFlightRequestsGauge:       inFlightRequestsGauge,
 	}
 }

wfe2/wfe.go

@@ -510,9 +510,6 @@ func (wfe *WebFrontEndImpl) Directory(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("directory").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("directory").Dec()
-
 	directoryEndpoints := map[string]interface{}{
 		"newAccount": newAcctPath,
 		"newNonce":   newNoncePath,
@@ -589,9 +586,6 @@ func (wfe *WebFrontEndImpl) Nonce(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("new-nonce").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("new-nonce").Dec()
-
 	if request.Method == http.MethodPost {
 		acct, prob := wfe.validPOSTAsGETForAccount(request, ctx, logEvent)
 		if prob != nil {
@@ -679,8 +673,6 @@ func (wfe *WebFrontEndImpl) NewAccount(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("new-account").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("new-account").Dec()
 
 	// NewAccount uses `validSelfAuthenticatedPOST` instead of
 	// `validPOSTforAccount` because there is no account to authenticate against
@@ -1054,8 +1046,6 @@ func (wfe *WebFrontEndImpl) RevokeCertificate(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("revoke-cert").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("revoke-cert").Dec()
 
 	// The ACME specification handles the verification of revocation requests
 	// differently from other endpoints. For this reason we do *not* immediately
@@ -1104,9 +1094,6 @@ func (wfe *WebFrontEndImpl) Challenge(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("challenge").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("challenge").Dec()
-
 	notFound := func() {
 		wfe.sendError(response, logEvent, probs.NotFound("No such challenge"), nil)
 	}
@@ -1372,9 +1359,6 @@ func (wfe *WebFrontEndImpl) Account(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("account").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("account").Dec()
-
 	body, _, currAcct, prob := wfe.validPOSTForAccount(request, ctx, logEvent)
 	addRequesterHeader(response, logEvent.Requester)
 	if prob != nil {
@@ -1548,9 +1532,6 @@ func (wfe *WebFrontEndImpl) Authorization(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("authorization").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("authorization").Dec()
-
 	var requestAccount *core.Registration
 	var requestBody []byte
 	// If the request is a POST it is either:
@@ -1650,9 +1631,6 @@ func (wfe *WebFrontEndImpl) Authorization(
 // Certificate is used by clients to request a copy of their current certificate, or to
 // request a reissuance of the certificate.
 func (wfe *WebFrontEndImpl) Certificate(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("certificate").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("certificate").Dec()
-
 	var requesterAccount *core.Registration
 	// Any POSTs to the Certificate endpoint should be POST-as-GET requests. There are
 	// no POSTs with a body allowed for this endpoint.
@@ -1884,9 +1862,6 @@ func (wfe *WebFrontEndImpl) KeyRollover(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("key-rollover").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("key-rollover").Dec()
-
 	// Validate the outer JWS on the key rollover in standard fashion using
 	// validPOSTForAccount
 	outerBody, outerJWS, acct, prob := wfe.validPOSTForAccount(request, ctx, logEvent)
@@ -2284,9 +2259,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
 	logEvent *web.RequestEvent,
 	response http.ResponseWriter,
 	request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("new-order").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("new-order").Dec()
-
 	body, _, acct, prob := wfe.validPOSTForAccount(request, ctx, logEvent)
 	addRequesterHeader(response, logEvent.Requester)
 	if prob != nil {
@@ -2472,9 +2444,6 @@ func (wfe *WebFrontEndImpl) NewOrder(
 
 // GetOrder is used to retrieve a existing order object
 func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("get-order").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("get-order").Dec()
-
 	var requesterAccount *core.Registration
 	// Any POSTs to the Order endpoint should be POST-as-GET requests. There are
 	// no POSTs with a body allowed for this endpoint.
@@ -2558,9 +2527,6 @@ func (wfe *WebFrontEndImpl) GetOrder(ctx context.Context, logEvent *web.RequestE
 // Most processing of the order details is handled by the RA but
 // we do attempt to throw away requests with invalid CSRs here.
 func (wfe *WebFrontEndImpl) FinalizeOrder(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("finalize-order").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("finalize-order").Dec()
-
 	// Validate the POST body signature and get the authenticated account for this
 	// finalize order request
 	body, _, acct, prob := wfe.validPOSTForAccount(request, ctx, logEvent)
@@ -2722,9 +2688,6 @@ func parseARICertID(path string, issuerCertificates map[issuance.NameID]*issuanc
 // RenewalInfo is used to get information about the suggested renewal window
 // for the given certificate. It only accepts unauthenticated GET requests.
 func (wfe *WebFrontEndImpl) RenewalInfo(ctx context.Context, logEvent *web.RequestEvent, response http.ResponseWriter, request *http.Request) {
-	wfe.stats.inFlightRequestsGauge.WithLabelValues("renewal-info").Inc()
-	defer wfe.stats.inFlightRequestsGauge.WithLabelValues("renewal-info").Dec()
-
 	if !features.Get().ServeRenewalInfo {
 		wfe.sendError(response, logEvent, probs.NotFound("Feature not enabled"), nil)
 		return