Merge pull request #13401 from thalesmg/20240703-r57-authz-ignore-api-metrics

fix(authz api): add new `ignore` metric to status response

apps/emqx_auth/src/emqx_authz/emqx_authz_api_sources.erl

@@ -467,7 +467,13 @@ make_result_map(ResList) ->
     lists:foldl(Fun, {maps:new(), maps:new(), maps:new(), maps:new()}, ResList).
 
 restructure_map(#{
-    counters := #{deny := Failed, total := Total, allow := Succ, nomatch := Nomatch},
+    counters := #{
+        ignore := Ignore,
+        deny := Failed,
+        total := Total,
+        allow := Succ,
+        nomatch := Nomatch
+    },
     rate := #{total := #{current := Rate, last5m := Rate5m, max := RateMax}}
 }) ->
     #{
@@ -475,6 +481,7 @@ restructure_map(#{
         allow => Succ,
         deny => Failed,
         nomatch => Nomatch,
+        ignore => Ignore,
         rate => Rate,
         rate_last5m => Rate5m,
         rate_max => RateMax

apps/emqx_auth/src/emqx_authz/emqx_authz_schema.erl

@@ -88,6 +88,7 @@ fields("metrics_status_fields") ->
 fields("metrics") ->
     [
         {"total", ?HOCON(integer(), #{desc => ?DESC("metrics_total")})},
+        {"ignore", ?HOCON(integer(), #{desc => ?DESC("ignore")})},
         {"allow", ?HOCON(integer(), #{desc => ?DESC("allow")})},
         {"deny", ?HOCON(integer(), #{desc => ?DESC("deny")})},
         {"nomatch", ?HOCON(float(), #{desc => ?DESC("nomatch")})}

apps/emqx_auth_http/test/emqx_authz_http_SUITE.erl

@@ -48,7 +48,7 @@ init_per_suite(Config) ->
             emqx_auth,
             emqx_auth_http
         ],
-        #{work_dir => ?config(priv_dir, Config)}
+        #{work_dir => emqx_cth_suite:work_dir(Config)}
     ),
     [{suite_apps, Apps} | Config].
 
@@ -56,12 +56,22 @@ end_per_suite(_Config) ->
     ok = emqx_authz_test_lib:restore_authorizers(),
     emqx_cth_suite:stop(?config(suite_apps, _Config)).
 
-init_per_testcase(_Case, Config) ->
+init_per_testcase(t_bad_response = TestCase, Config) ->
+    TCApps = emqx_cth_suite:start_apps(
+        [emqx_management, emqx_mgmt_api_test_util:emqx_dashboard()],
+        #{work_dir => emqx_cth_suite:work_dir(TestCase, Config)}
+    ),
+    init_per_testcase(common, [{tc_apps, TCApps} | Config]);
+init_per_testcase(_TestCase, Config) ->
     ok = emqx_authz_test_lib:reset_authorizers(),
     {ok, _} = emqx_authz_http_test_server:start_link(?HTTP_PORT, ?HTTP_PATH),
     Config.
 
-end_per_testcase(_Case, _Config) ->
+end_per_testcase(t_bad_response, Config) ->
+    TCApps = ?config(tc_apps, Config),
+    emqx_cth_suite:stop_apps(TCApps),
+    end_per_testcase(common, Config);
+end_per_testcase(_TestCase, _Config) ->
     _ = emqx_authz:set_feature_available(rich_actions, true),
     try
         ok = emqx_authz_http_test_server:stop()
@@ -589,6 +599,29 @@ t_bad_response(_Config) ->
         },
         get_metrics()
     ),
+    ?assertMatch(
+        {200, #{
+            <<"metrics">> := #{
+                <<"ignore">> := 1,
+                <<"nomatch">> := 0,
+                <<"allow">> := 0,
+                <<"deny">> := 0,
+                <<"total">> := 1
+            },
+            <<"node_metrics">> := [
+                #{
+                    <<"metrics">> := #{
+                        <<"ignore">> := 1,
+                        <<"nomatch">> := 0,
+                        <<"allow">> := 0,
+                        <<"deny">> := 0,
+                        <<"total">> := 1
+                    }
+                }
+            ]
+        }},
+        get_status_api()
+    ),
     ok.
 
 t_no_value_for_placeholder(_Config) ->
@@ -806,3 +839,11 @@ get_metrics() ->
             'authorization.nomatch'
         ]
     ).
+
+get_status_api() ->
+    Path = emqx_mgmt_api_test_util:uri(["authorization", "sources", "http", "status"]),
+    Auth = emqx_mgmt_api_test_util:auth_header_(),
+    Opts = #{return_all => true},
+    Res0 = emqx_mgmt_api_test_util:request_api(get, Path, _QParams = [], Auth, _Body = [], Opts),
+    {Status, RawBody} = emqx_mgmt_api_test_util:simplify_result(Res0),
+    {Status, emqx_utils_json:decode(RawBody, [return_maps])}.

apps/emqx_management/test/emqx_mgmt_api_test_util.erl

@@ -154,6 +154,14 @@ do_request_api(Method, Request, Opts) ->
             {error, Reason}
     end.
 
+simplify_result(Res) ->
+    case Res of
+        {error, {{_, Status, _}, _, Body}} ->
+            {Status, Body};
+        {ok, {{_, Status, _}, _, Body}} ->
+            {Status, Body}
+    end.
+
 auth_header_() ->
     emqx_common_test_http:default_auth_header().
 

rel/i18n/emqx_authz_schema.hocon

@@ -78,6 +78,11 @@ failed.desc:
 failed.label:
 """Failed"""
 
+ignore.desc:
+"""Count of query ignored.  This counter is increased whenever the authorization source attempts to authorize a request, but either it's not applicable, or an error was encountered and the result is undecidable"""
+ignore.label:
+"""Ignored"""
+
 metrics.desc:
 """The metrics of the resource."""