fix: escape principal and resource tag value in authorizer metrics

src/main/java/io/aiven/kafka/auth/AivenAclAuthorizerMetrics.java

@@ -141,15 +141,15 @@ public void recordLogAuthResult(
                     metrics.metricInstance(
                         authOpDenyRateByOperationResourcePrincipal,
                         "operation", operation.name(),
-                        "resource", resourcePattern.name(),
-                        "principal", principal.getName()),
+                        "resource", EscapeTagValue.apply(resourcePattern.name()),
+                        "principal", EscapeTagValue.apply(principal.getName())),
                     new Rate());
                 authOpDenySensor.add(
                     metrics.metricInstance(
                         authOpDenyTotalByOperationResourcePrincipal,
                         "operation", operation.name(),
-                        "resource", resourcePattern.name(),
-                        "principal", principal.getName()),
+                        "resource", EscapeTagValue.apply(resourcePattern.name()),
+                        "principal", EscapeTagValue.apply(principal.getName())),
                     new CumulativeCount());
                 authOpDenySensor.record();
                 break;

src/main/java/io/aiven/kafka/auth/EscapeTagValue.java

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2025 Aiven Oy https://aiven.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.aiven.kafka.auth;
+
+public class EscapeTagValue {
+    public static String apply(final String value) {
+        return value.replaceAll("[,= ]", "_");
+    }
+}

src/test/java/io/aiven/kafka/auth/AivenAclAuthorizerMetricsTest.java

@@ -20,6 +20,7 @@
 import javax.management.ObjectName;
 
 import java.lang.management.ManagementFactory;
+import java.util.List;
 
 import org.apache.kafka.common.acl.AclOperation;
 import org.apache.kafka.common.metrics.MetricConfig;

src/test/java/io/aiven/kafka/auth/EscapeTagValueTest.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2025 Aiven Oy https://aiven.io
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package io.aiven.kafka.auth;
+
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class EscapeTagValueTest {
+
+    @Test
+    void testEscape() throws Exception {
+        assertEquals("abcd_efgh", EscapeTagValue.apply("abcd,efgh"));
+        assertEquals("abcd_efgh", EscapeTagValue.apply("abcd=efgh"));
+        assertEquals("abcd_efgh", EscapeTagValue.apply("abcd efgh"));
+        assertEquals("ab_cd_ef_gh", EscapeTagValue.apply("ab,cd=ef gh"));
+        assertEquals("abcdefgh", EscapeTagValue.apply("abcdefgh"));
+        System.out.println(EscapeTagValue.apply("abcd,efgh"));
+    }
+}