Add counter to vault token renewal

README.md

@@ -2653,6 +2653,7 @@ to provide insight on performance of the templates.
 | `consul-template.runner_actions` | action=(start\|stop\|run) | A count of runner actions |
 | `consul-template.commands_exec` | status=(success\|error) | The number of commands executed after rendering templates |
 | `consul-template.commands_exec_time` | id=tmplDestination | The execution time (seconds) of a template command |
+| `consul-template.vault.token` | status=(configured\|renewed\|expired\|stopped) | A counter of vault token renewal statuses |
 
 ### Metric Samples
 

dependency/vault_common.go

@@ -73,6 +73,9 @@ type renewer interface {
 	Dependency
 	stopChan() chan struct{}
 	secrets() (*Secret, *api.Secret)
+
+	// recordCounter is an abstraction from metrics reporting for a renewer
+	recordCounter(string, string)
 }
 
 func renewSecret(clients *ClientSet, d renewer) error {
@@ -93,14 +96,20 @@ func renewSecret(clients *ClientSet, d renewer) error {
 		case err := <-renewer.DoneCh():
 			if err != nil {
 				log.Printf("[WARN] %s: failed to renew: %s", d, err)
+				d.recordCounter("status", "stopped")
+			} else {
+				d.recordCounter("status", "expired")
 			}
+
 			log.Printf("[WARN] %s: renewer done (maybe the lease expired)", d)
 			return nil
 		case renewal := <-renewer.RenewCh():
 			log.Printf("[TRACE] %s: successfully renewed", d)
 			printVaultWarnings(d, renewal.Secret.Warnings)
 			updateSecret(secret, renewal.Secret)
+			d.recordCounter("status", "renewed")
 		case <-d.stopChan():
+			d.recordCounter("status", "stopped")
 			return ErrStopped
 		}
 	}

dependency/vault_read.go

@@ -169,6 +169,8 @@ func (d *VaultReadQuery) readSecret(clients *ClientSet, opts *QueryOptions) (*ap
 	return vaultSecret, nil
 }
 
+func (d *VaultReadQuery) recordCounter(key, value string) {}
+
 func deletedKVv2(s *api.Secret) bool {
 	switch md := s.Data["metadata"].(type) {
 	case map[string]interface{}:

dependency/vault_token.go

@@ -1,8 +1,12 @@
 package dependency
 
 import (
+	"context"
+
+	"github.com/hashicorp/consul-template/telemetry"
 	"github.com/hashicorp/vault/api"
 	"github.com/pkg/errors"
+	"go.opentelemetry.io/otel/api/metric"
 )
 
 var (
@@ -15,6 +19,9 @@ type VaultTokenQuery struct {
 	stopCh      chan struct{}
 	secret      *Secret
 	vaultSecret *api.Secret
+
+	// counterRenew is a counter to monitor the renewal status of the vault token.
+	counterRenew metric.Int64Counter
 }
 
 // NewVaultTokenQuery creates a new dependency.
@@ -26,10 +33,22 @@ func NewVaultTokenQuery(token string) (*VaultTokenQuery, error) {
 			LeaseDuration: 1,
 		},
 	}
+
+	meter := telemetry.GlobalMeter()
+	counter, err := meter.NewInt64Counter("consul-template.vault.token",
+		metric.WithDescription("A counter of vault token renewal statuses"+
+			"with label status=(configured|renewed|expired|stopped)"))
+	if err != nil {
+		return nil, err
+	}
+
+	counter.Add(context.Background(), 1, telemetry.NewLabel("status", "configured"))
+
 	return &VaultTokenQuery{
-		stopCh:      make(chan struct{}, 1),
-		vaultSecret: vaultSecret,
-		secret:      transformSecret(vaultSecret),
+		stopCh:       make(chan struct{}, 1),
+		vaultSecret:  vaultSecret,
+		secret:       transformSecret(vaultSecret),
+		counterRenew: counter,
 	}, nil
 }
 
@@ -47,7 +66,6 @@ func (d *VaultTokenQuery) Fetch(clients *ClientSet, opts *QueryOptions,
 		if err != nil {
 			return nil, nil, errors.Wrap(err, d.String())
 		}
-		renewSecret(clients, d)
 	}
 
 	return nil, nil, ErrLeaseExpired
@@ -80,3 +98,10 @@ func (d *VaultTokenQuery) String() string {
 func (d *VaultTokenQuery) Type() Type {
 	return TypeVault
 }
+
+// recordCounter increments a counter for the vault dependency with a
+// set of key value label
+func (d *VaultTokenQuery) recordCounter(key, value string) {
+	ctx := context.Background()
+	d.counterRenew.Add(ctx, 1, telemetry.NewLabel(key, value))
+}

dependency/vault_write.go

@@ -175,3 +175,5 @@ func (d *VaultWriteQuery) writeSecret(clients *ClientSet, opts *QueryOptions) (*
 
 	return vaultSecret, nil
 }
+
+func (d *VaultWriteQuery) recordCounter(key, value string) {}