From bf72db266ff577eaceaaf3a895f98653f14cce3f Mon Sep 17 00:00:00 2001 From: Steven Yuen Date: Thu, 14 Dec 2023 16:36:51 -0500 Subject: [PATCH] Add new RBAC metrics in Legacy check (#16432) * add new metrics * changelog entry * lint --- envoy/changelog.d/16432.added | 1 + envoy/datadog_checks/envoy/metrics.py | 32 +++++++++++++++++++ envoy/metadata.csv | 4 +++ .../fixtures/legacy/local_rate_limit.txt | 8 ++--- envoy/tests/fixtures/legacy/rbac_metric.txt | 4 +++ envoy/tests/legacy/common.py | 9 +++++- envoy/tests/legacy/test_unit.py | 19 +++++++++-- 7 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 envoy/changelog.d/16432.added create mode 100644 envoy/tests/fixtures/legacy/rbac_metric.txt diff --git a/envoy/changelog.d/16432.added b/envoy/changelog.d/16432.added new file mode 100644 index 0000000000000..e58aa4d84bde0 --- /dev/null +++ b/envoy/changelog.d/16432.added @@ -0,0 +1 @@ +Add new RBAC metrics in Legacy check diff --git a/envoy/datadog_checks/envoy/metrics.py b/envoy/datadog_checks/envoy/metrics.py index 9d6d5d73b0705..e67c2e7b770b0 100644 --- a/envoy/datadog_checks/envoy/metrics.py +++ b/envoy/datadog_checks/envoy/metrics.py @@ -3861,6 +3861,38 @@ ), 'method': 'monotonic_count', }, + 'http.rbac.allowed': { + 'tags': ( + ('stat_prefix',), + (), + (), + ), + 'method': 'monotonic_count', + }, + 'http.rbac.denied': { + 'tags': ( + ('stat_prefix',), + (), + (), + ), + 'method': 'monotonic_count', + }, + 'http.rbac.shadow_allowed': { + 'tags': ( + ('stat_prefix',), + (), + (), + ), + 'method': 'monotonic_count', + }, + 'http.rbac.shadow_denied': { + 'tags': ( + ('stat_prefix',), + (), + (), + ), + 'method': 'monotonic_count', + }, # "*." to match at the beginning of raw metric if it doesn't have a standard name '*.http_local_rate_limit.enabled': { 'tags': ( diff --git a/envoy/metadata.csv b/envoy/metadata.csv index 4dff22a33558f..eebb77cee4881 100644 --- a/envoy/metadata.csv +++ b/envoy/metadata.csv @@ -973,3 +973,7 @@ envoy.http_local_rate_limit.enabled,count,,request,,[Legacy] Total number of req envoy.http_local_rate_limit.enforced,count,,request,,[Legacy] Total number of requests for which rate limiting was applied (e.g.: 429 returned),-1,envoy,, envoy.http_local_rate_limit.rate_limited,count,,request,,[Legacy] Total number of responses without an available token (but not necessarily enforced),-1,envoy,, envoy.http_local_rate_limit.ok,count,,request,,[Legacy] Total number of under the limit responses from the token bucket,-1,envoy,, +envoy.http.rbac.allowed,count,,request,,[Legacy] Total requests that were allowed access,-1,envoy,, +envoy.http.rbac.denied,count,,request,,[Legacy] Total requests that were denied access,-1,envoy,, +envoy.http.rbac.shadow_allowed,count,,request,,[Legacy] Total requests that would be allowed access by the filter's shadow rules,-1,envoy,, +envoy.http.rbac.shadow_denied,count,,request,,[Legacy] Total requests that would be denied access by the filter's shadow rules,-1,envoy,, diff --git a/envoy/tests/fixtures/legacy/local_rate_limit.txt b/envoy/tests/fixtures/legacy/local_rate_limit.txt index 1d15491b9d19c..d966f4f122ca1 100644 --- a/envoy/tests/fixtures/legacy/local_rate_limit.txt +++ b/envoy/tests/fixtures/legacy/local_rate_limit.txt @@ -2,7 +2,7 @@ http_local_rate_limiter.http_local_rate_limit.enabled: 0 http_local_rate_limiter.http_local_rate_limit.enforced: 0 http_local_rate_limiter.http_local_rate_limit.ok: 0 http_local_rate_limiter.http_local_rate_limit.rate_limited: 0 -foo.http_local_rate_limit.enabled: 0 -foo.http_local_rate_limit.enforced: 0 -foo.http_local_rate_limit.ok: 0 -foo.http_local_rate_limit.rate_limited: 0 \ No newline at end of file +foo_buz_112.http_local_rate_limit.enabled: 0 +foo_buz_112.http_local_rate_limit.enforced: 0 +foo_buz_112.http_local_rate_limit.ok: 0 +foo_buz_112.http_local_rate_limit.rate_limited: 0 \ No newline at end of file diff --git a/envoy/tests/fixtures/legacy/rbac_metric.txt b/envoy/tests/fixtures/legacy/rbac_metric.txt new file mode 100644 index 0000000000000..48e5534d4fccd --- /dev/null +++ b/envoy/tests/fixtures/legacy/rbac_metric.txt @@ -0,0 +1,4 @@ +http.foo_buz_112.rbac.allowed: 0 +http.foo_buz_112.rbac.denied: 0 +http.foo_buz_112.rbac.shadow_allowed: 0 +http.foo_buz_112.rbac.shadow_denied: 0 \ No newline at end of file diff --git a/envoy/tests/legacy/common.py b/envoy/tests/legacy/common.py index 99e0bed659c1a..ddac5df67f931 100644 --- a/envoy/tests/legacy/common.py +++ b/envoy/tests/legacy/common.py @@ -52,4 +52,11 @@ "envoy.http_local_rate_limit.ok", ] -RATE_LIMIT_STAT_PREFIX_TAG = ['stat_prefix:http_local_rate_limiter', 'stat_prefix:foo'] +STAT_PREFIX_TAG = ['stat_prefix:http_local_rate_limiter', 'stat_prefix:foo_buz_112'] + +RBAC_METRICS = [ + "envoy.http.rbac.allowed", + "envoy.http.rbac.denied", + "envoy.http.rbac.shadow_allowed", + "envoy.http.rbac.shadow_denied", +] diff --git a/envoy/tests/legacy/test_unit.py b/envoy/tests/legacy/test_unit.py index 2f48085c12b5e..9ab0fba41a19a 100644 --- a/envoy/tests/legacy/test_unit.py +++ b/envoy/tests/legacy/test_unit.py @@ -18,7 +18,8 @@ HOST, INSTANCES, LOCAL_RATE_LIMIT_METRICS, - RATE_LIMIT_STAT_PREFIX_TAG, + RBAC_METRICS, + STAT_PREFIX_TAG, ) CHECK_NAME = 'envoy' @@ -281,7 +282,21 @@ def test_local_rate_limit_metrics(aggregator, fixture_path, mock_http_response, for metric in LOCAL_RATE_LIMIT_METRICS: aggregator.assert_metric(metric) - for tag in RATE_LIMIT_STAT_PREFIX_TAG: + for tag in STAT_PREFIX_TAG: aggregator.assert_metric_has_tag(metric, tag, count=1) aggregator.assert_metrics_using_metadata(get_metadata_metrics()) + + +def test_rbac_metrics(aggregator, fixture_path, mock_http_response, check, dd_run_check): + instance = INSTANCES['main'] + c = check(instance) + + mock_http_response(file_path=fixture_path('./legacy/rbac_metric.txt')) + dd_run_check(c) + + for metric in RBAC_METRICS: + aggregator.assert_metric(metric) + aggregator.assert_metric_has_tag(metric, STAT_PREFIX_TAG[1], count=1) + + aggregator.assert_metrics_using_metadata(get_metadata_metrics())