zama-ai
diff --git a/‎core/service/src/engine/centralized/central_kms.rs‎
Lines changed: 8 additions & 22 deletions b/‎core/service/src/engine/centralized/central_kms.rs‎
Lines changed: 8 additions & 22 deletions
diff --git a/‎core/service/src/engine/centralized/endpoint.rs‎
Lines changed: 120 additions & 14 deletions b/‎core/service/src/engine/centralized/endpoint.rs‎
Lines changed: 120 additions & 14 deletions
diff --git a/‎core/service/src/engine/centralized/service/crs_gen.rs‎
Lines changed: 4 additions & 20 deletions b/‎core/service/src/engine/centralized/service/crs_gen.rs‎
Lines changed: 4 additions & 20 deletions
@@ -478,20 +478,13 @@ pub fn central_public_decrypt<
     // run the decryption of each ct in the batch in parallel
     cts.par_iter()
         .map(|ct| {
-            let inner_timer = metrics::METRICS
+            let mut inner_timer = metrics::METRICS
                 .time_operation(OP_PUBLIC_DECRYPT_INNER)
-                .map_err(|e| tracing::warn!("Failed to create metric: {}", e))
-                .and_then(|b| {
-                    b.tags(metric_tags.clone()).map_err(|e| {
-                        tracing::warn!("Failed to a tag in party_id, key_id or request_id : {}", e)
-                    })
-                })
-                .map(|b| b.start())
-                .map_err(|e| tracing::warn!("Failed to start timer: {:?}", e))
-                .ok();
+                .tags(metric_tags.clone())
+                .start();
             let fhe_type = ct.fhe_type()?;
             let fhe_type_string = ct.fhe_type_string();
-            inner_timer.map(|mut b| b.tag(TAG_TFHE_TYPE, fhe_type_string));
+            inner_timer.tag(TAG_TFHE_TYPE, fhe_type_string);
             RealCentralizedKms::<PubS, PrivS>::public_decrypt(
                 keys,
                 &ct.ciphertext,
@@ -530,21 +523,14 @@ pub async fn async_user_decrypt<
 
     let mut all_signcrypted_cts = vec![];
     for typed_ciphertext in typed_ciphertexts {
-        let inner_timer = metrics::METRICS
+        let mut inner_timer = metrics::METRICS
             .time_operation(OP_USER_DECRYPT_INNER)
-            .map_err(|e| tracing::warn!("Failed to create metric: {}", e))
-            .and_then(|b| {
-                b.tags(metric_tags.clone()).map_err(|e| {
-                    tracing::warn!("Failed to a tag in party_id, key_id or request_id : {}", e)
-                })
-            })
-            .map(|b| b.start())
-            .map_err(|e| tracing::warn!("Failed to start timer: {:?}", e))
-            .ok();
+            .tags(metric_tags.clone())
+            .start();
         let high_level_ct = &typed_ciphertext.ciphertext;
         let fhe_type = typed_ciphertext.fhe_type()?;
         let fhe_type_string = typed_ciphertext.fhe_type_string();
-        inner_timer.map(|mut b| b.tag(TAG_TFHE_TYPE, fhe_type_string));
+        inner_timer.tag(TAG_TFHE_TYPE, fhe_type_string);
         let ct_format = typed_ciphertext.ciphertext_format();
         let external_handle = typed_ciphertext.external_handle.clone();
         let signcrypted_ciphertext = RealCentralizedKms::<PubS, PrivS>::user_decrypt(
 
@@ -14,6 +14,17 @@ use crate::engine::centralized::service::{
     get_public_decryption_result_impl, get_user_decryption_result_impl, public_decrypt_impl,
     user_decrypt_impl,
 };
+use observability::{
+    metrics::METRICS,
+    metrics_names::{
+        map_tonic_code_to_metric_tag, ERR_INVALID_REQUEST, OP_CRS_GEN_REQUEST, OP_CRS_GEN_RESULT,
+        OP_CUSTODIAN_CONTEXT_RESTORE, OP_DESTROY_CUSTODIAN_CONTEXT, OP_DESTROY_KMS_CONTEXT,
+        OP_FETCH_PK, OP_INIT, OP_KEYGEN_PREPROC_REQUEST, OP_KEYGEN_PREPROC_RESULT,
+        OP_KEYGEN_REQUEST, OP_KEYGEN_RESULT, OP_NEW_CUSTODIAN_CONTEXT, OP_NEW_KMS_CONTEXT,
+        OP_PUBLIC_DECRYPT_REQUEST, OP_PUBLIC_DECRYPT_RESULT, OP_USER_DECRYPT_REQUEST,
+        OP_USER_DECRYPT_RESULT,
+    },
+};
 
 #[tonic::async_trait]
 impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'static>
@@ -30,6 +41,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
     /// * Pre-condition:  -
     /// * Post-condition: -
     async fn init(&self, _request: Request<InitRequest>) -> Result<Response<Empty>, Status> {
+        METRICS.increment_request_counter(OP_INIT);
+        METRICS.increment_error_counter(OP_INIT, ERR_INVALID_REQUEST);
         tonic_some_or_err(
             None,
             "Requesting init on centralized kms is not suported".to_string(),
@@ -51,6 +64,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<KeyGenPreprocRequest>,
     ) -> Result<Response<Empty>, Status> {
+        METRICS.increment_request_counter(OP_KEYGEN_PREPROC_REQUEST);
+        METRICS.increment_error_counter(OP_KEYGEN_PREPROC_REQUEST, ERR_INVALID_REQUEST);
         tonic_some_or_err(
             None,
             "Requesting preproc on centralized kms is not suported".to_string(),
@@ -71,6 +86,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<v1::RequestId>,
     ) -> Result<Response<KeyGenPreprocResult>, Status> {
+        METRICS.increment_request_counter(OP_KEYGEN_PREPROC_RESULT);
+        METRICS.increment_error_counter(OP_KEYGEN_PREPROC_RESULT, ERR_INVALID_REQUEST);
         tonic_some_or_err(
             None,
             "Requesting preproc status on centralized kms is not suported".to_string(),
@@ -109,7 +126,14 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::KeyGenRequest>,
     ) -> Result<Response<Empty>, Status> {
-        self.key_gen(request).await
+        METRICS.increment_request_counter(observability::metrics_names::OP_INSECURE_KEYGEN_REQUEST);
+        self.key_gen(request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(
+                observability::metrics_names::OP_INSECURE_KEYGEN_REQUEST,
+                tag,
+            );
+        })
     }
 
     /// WARNING: This method is insecure and should not be used in production.
@@ -142,7 +166,14 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::KeyGenResult>, Status> {
-        self.get_key_gen_result(request).await
+        METRICS.increment_request_counter(observability::metrics_names::OP_INSECURE_KEYGEN_RESULT);
+        self.get_key_gen_result(request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(
+                observability::metrics_names::OP_INSECURE_KEYGEN_RESULT,
+                tag,
+            );
+        })
     }
 
     /// Computes key generation.
@@ -173,7 +204,11 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::KeyGenRequest>,
     ) -> Result<Response<Empty>, Status> {
-        key_gen_impl(self, request).await
+        METRICS.increment_request_counter(OP_KEYGEN_REQUEST);
+        key_gen_impl(self, request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(OP_KEYGEN_REQUEST, tag);
+        })
     }
 
     /// Retrieves the result from a key generation.
@@ -205,7 +240,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::KeyGenResult>, Status> {
-        get_key_gen_result_impl(self, request).await
+        METRICS.increment_request_counter(OP_KEYGEN_RESULT);
+        get_key_gen_result_impl(self, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_KEYGEN_RESULT, tag);
+            })
     }
 
     /// Computes a user decryption. That is, it decrypts a ciphertext and encrypts the result under a user's public key.
@@ -236,7 +277,11 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::UserDecryptionRequest>,
     ) -> Result<Response<Empty>, Status> {
-        user_decrypt_impl(self, request).await
+        METRICS.increment_request_counter(OP_USER_DECRYPT_REQUEST);
+        user_decrypt_impl(self, request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(OP_USER_DECRYPT_REQUEST, tag);
+        })
     }
 
     /// Retrieves the result from a user decryption.
@@ -267,7 +312,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::UserDecryptionResponse>, Status> {
-        get_user_decryption_result_impl(self, request).await
+        METRICS.increment_request_counter(OP_USER_DECRYPT_RESULT);
+        get_user_decryption_result_impl(self, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_USER_DECRYPT_RESULT, tag);
+            })
     }
 
     /// Computes a public decryption. That is, it decrypts a ciphertext and returns the plaintext.
@@ -293,7 +344,11 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::PublicDecryptionRequest>,
     ) -> Result<Response<Empty>, Status> {
-        public_decrypt_impl(self, request).await
+        METRICS.increment_request_counter(OP_PUBLIC_DECRYPT_REQUEST);
+        public_decrypt_impl(self, request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(OP_PUBLIC_DECRYPT_REQUEST, tag);
+        })
     }
 
     /// Retrieves the result from a public decryption.
@@ -322,7 +377,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::PublicDecryptionResponse>, Status> {
-        get_public_decryption_result_impl(self, request).await
+        METRICS.increment_request_counter(OP_PUBLIC_DECRYPT_RESULT);
+        get_public_decryption_result_impl(self, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_PUBLIC_DECRYPT_RESULT, tag);
+            })
     }
 
     /// Computes a CRS generation. That is, it generates a common reference string (CRS) for the KMS.
@@ -350,7 +411,11 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::CrsGenRequest>,
     ) -> Result<Response<Empty>, Status> {
-        crs_gen_impl(self, request).await
+        METRICS.increment_request_counter(OP_CRS_GEN_REQUEST);
+        crs_gen_impl(self, request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(OP_CRS_GEN_REQUEST, tag);
+        })
     }
 
     /// Retrieves the result from a CRS generation.
@@ -381,7 +446,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::CrsGenResult>, Status> {
-        get_crs_gen_result_impl(self, request).await
+        METRICS.increment_request_counter(OP_CRS_GEN_RESULT);
+        get_crs_gen_result_impl(self, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_CRS_GEN_RESULT, tag);
+            })
     }
 
     /// WARNING: This method is by definition expected to be insecure and should not be used in production.
@@ -413,7 +484,15 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::CrsGenRequest>,
     ) -> Result<Response<Empty>, Status> {
-        self.crs_gen(request).await
+        METRICS
+            .increment_request_counter(observability::metrics_names::OP_INSECURE_CRS_GEN_REQUEST);
+        self.crs_gen(request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(
+                observability::metrics_names::OP_INSECURE_CRS_GEN_REQUEST,
+                tag,
+            );
+        })
     }
 
     /// WARNING: This method is by definition expected to be insecure and should not be used in production.
@@ -447,7 +526,14 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<v1::RequestId>,
     ) -> Result<Response<kms_grpc::kms::v1::CrsGenResult>, Status> {
-        self.get_crs_gen_result(request).await
+        METRICS.increment_request_counter(observability::metrics_names::OP_INSECURE_CRS_GEN_RESULT);
+        self.get_crs_gen_result(request).await.inspect_err(|err| {
+            let tag = map_tonic_code_to_metric_tag(err.code());
+            let _ = METRICS.increment_error_counter(
+                observability::metrics_names::OP_INSECURE_CRS_GEN_RESULT,
+                tag,
+            );
+        })
     }
 
     /// WARNING: This method is not implemented yet and will always return an error.
@@ -466,7 +552,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::NewKmsContextRequest>,
     ) -> Result<Response<kms_grpc::kms::v1::Empty>, Status> {
-        new_kms_context_impl(&self.crypto_storage, request).await
+        METRICS.increment_request_counter(OP_NEW_KMS_CONTEXT);
+        new_kms_context_impl(&self.crypto_storage, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_NEW_KMS_CONTEXT, tag);
+            })
     }
 
     /// WARNING: This method is not implemented yet and will always return an error.
@@ -485,7 +577,13 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         request: Request<kms_grpc::kms::v1::DestroyKmsContextRequest>,
     ) -> Result<Response<Empty>, Status> {
-        delete_kms_context_impl(&self.crypto_storage, request).await
+        METRICS.increment_request_counter(OP_DESTROY_KMS_CONTEXT);
+        delete_kms_context_impl(&self.crypto_storage, request)
+            .await
+            .inspect_err(|err| {
+                let tag = map_tonic_code_to_metric_tag(err.code());
+                let _ = METRICS.increment_error_counter(OP_DESTROY_KMS_CONTEXT, tag);
+            })
     }
 
     /// WARNING: This method is not implemented yet and will always return an error.
@@ -504,6 +602,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<kms_grpc::kms::v1::NewCustodianContextRequest>,
     ) -> Result<Response<Empty>, Status> {
+        METRICS.increment_request_counter(OP_NEW_CUSTODIAN_CONTEXT);
+        METRICS.increment_error_counter(OP_NEW_CUSTODIAN_CONTEXT, ERR_INVALID_REQUEST);
         Err(Status::unimplemented(
             "new_custodian_context is not implemented",
         ))
@@ -525,6 +625,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<kms_grpc::kms::v1::DestroyCustodianContextRequest>,
     ) -> Result<Response<Empty>, Status> {
+        METRICS.increment_request_counter(OP_DESTROY_CUSTODIAN_CONTEXT);
+        METRICS.increment_error_counter(OP_DESTROY_CUSTODIAN_CONTEXT, ERR_INVALID_REQUEST);
         Err(Status::unimplemented(
             "destroy_custodian_context is not implemented",
         ))
@@ -550,6 +652,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<Empty>,
     ) -> Result<Response<OperatorPublicKey>, Status> {
+        METRICS.increment_request_counter(OP_FETCH_PK);
+        METRICS.increment_error_counter(OP_FETCH_PK, ERR_INVALID_REQUEST);
         Err(Status::unimplemented(
             "get_operator_public_key is not implemented",
         ))
@@ -571,6 +675,8 @@ impl<PubS: Storage + Sync + Send + 'static, PrivS: Storage + Sync + Send + 'stat
         &self,
         _request: Request<Empty>,
     ) -> Result<Response<Empty>, Status> {
+        METRICS.increment_request_counter(OP_CUSTODIAN_CONTEXT_RESTORE);
+        METRICS.increment_error_counter(OP_CUSTODIAN_CONTEXT_RESTORE, ERR_INVALID_REQUEST);
         Err(Status::unimplemented(
             "custodian_backup_restore is not implemented",
         ))
 
@@ -7,7 +7,7 @@ use kms_grpc::kms::v1::{CrsGenRequest, CrsGenResult, Empty};
 use kms_grpc::rpc_types::{optional_protobuf_to_alloy_domain, SignedPubDataHandleInternal};
 use kms_grpc::RequestId;
 use observability::metrics::METRICS;
-use observability::metrics_names::{ERR_CRS_GEN_FAILED, ERR_RATE_LIMIT_EXCEEDED, OP_CRS_GEN};
+use observability::metrics_names::{ERR_CRS_GEN_FAILED, OP_CRS_GEN_REQUEST};
 use threshold_fhe::execution::tfhe_internals::parameters::DKGParams;
 use threshold_fhe::session_id::SessionId;
 use tokio::sync::{OwnedSemaphorePermit, RwLock};
@@ -33,23 +33,9 @@ pub async fn crs_gen_impl<
     request: Request<CrsGenRequest>,
 ) -> Result<Response<Empty>, Status> {
     tracing::info!("Received CRS generation request");
-    let _timer = METRICS
-        .time_operation(OP_CRS_GEN)
-        .map_err(|e| Status::internal(format!("Failed to start metrics: {e}")))?
-        .start();
-    METRICS
-        .increment_request_counter(OP_CRS_GEN)
-        .map_err(|e| Status::internal(format!("Failed to increment counter: {e}")))?;
+    let _timer = METRICS.time_operation(OP_CRS_GEN_REQUEST).start();
 
-    let permit = service
-        .rate_limiter
-        .start_crsgen()
-        .await
-        .inspect_err(|_e| {
-            if let Err(e) = METRICS.increment_error_counter(OP_CRS_GEN, ERR_RATE_LIMIT_EXCEEDED) {
-                tracing::warn!("Failed to increment error counter: {:?}", e);
-            }
-        })?;
+    let permit = service.rate_limiter.start_crsgen().await?;
 
     let inner = request.into_inner();
     let req_id = tonic_some_or_err(
@@ -90,6 +76,7 @@ pub async fn crs_gen_impl<
             )
             .await
             {
+                METRICS.increment_error_counter(OP_CRS_GEN_REQUEST, ERR_CRS_GEN_FAILED);
                 tracing::error!("CRS generation of request {} failed: {}", req_id, e);
             } else {
                 tracing::info!(
@@ -160,9 +147,6 @@ pub(crate) async fn crs_gen_background<
                         "Failed CRS generation for CRS with ID {req_id}: {e}"
                     )),
                 );
-                METRICS
-                    .increment_error_counter(OP_CRS_GEN, ERR_CRS_GEN_FAILED)
-                    .ok();
                 return Err(anyhow::anyhow!("Failed CRS generation: {}", e));
             }
         };