Add Granular Policy count for telemetry (#5489)

nginxinc · May 3, 2024 · a42bf4f · a42bf4f
1 parent 30a4824
commit a42bf4f
Show file tree

Hide file tree

Showing 7 changed files with 287 additions and 92 deletions.
diff --git a/docs/content/overview/product-telemetry.md b/docs/content/overview/product-telemetry.md
@@ -37,7 +37,14 @@ These are the data points collected and reported by NGINX Ingress Controller:
 - **Services** Number of Services referenced by VirtualServers, VirtualServerRoutes, TransportServers and Ingresses.
 - **Ingresses** The number of Ingress resources managed by the NGINX Ingress Controller.
 - **IngressClasses** Number of Ingress Classes in the cluster.
-- **Policies** Number of policy resources managed by NGINX Ingress Controller
+- **AccessControlPolicies** Number of AccessControl policies.
+- **RateLimitPolicies** Number of RateLimit policies.
+- **JWTAuthPolicies** Number of JWTAuth policies.
+- **BasicAuthPolicies** Number of BasicAuth policies.
+- **IngressMTLSPolicies** Number of IngressMTLS policies.
+- **EgressMTLSPolicies** Number of EgressMTLS policies.
+- **OIDCPolicies** Number of OIDC policies.
+- **WAFPolicies** Number of WAF policies.
 - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource.
 
 ## Opt out

diff --git a/internal/telemetry/cluster.go b/internal/telemetry/cluster.go
@@ -145,12 +145,42 @@ func (c *Collector) IngressClassCount(ctx context.Context) (int, error) {
 	return len(ic.Items), nil
 }
 
-// PolicyCount returns number of Policies watched by NIC.
-func (c *Collector) PolicyCount() int {
+// PolicyCount returns the count in each Policy
+func (c *Collector) PolicyCount() map[string]int {
+	policyCounters := make(map[string]int)
+
 	if c.Config.Policies == nil {
-		return 0
+		return policyCounters
+	}
+
+	policies := c.Config.Policies()
+	if policies == nil {
+		return policyCounters
+	}
+
+	for _, policy := range policies {
+		spec := policy.Spec
+
+		switch {
+		case spec.AccessControl != nil:
+			policyCounters["AccessControl"]++
+		case spec.RateLimit != nil:
+			policyCounters["RateLimit"]++
+		case spec.JWTAuth != nil:
+			policyCounters["JWTAuth"]++
+		case spec.BasicAuth != nil:
+			policyCounters["BasicAuth"]++
+		case spec.IngressMTLS != nil:
+			policyCounters["IngressMTLS"]++
+		case spec.EgressMTLS != nil:
+			policyCounters["EgressMTLS"]++
+		case spec.OIDC != nil:
+			policyCounters["OIDC"]++
+		case spec.WAF != nil:
+			policyCounters["WAF"]++
+		}
 	}
-	return len(c.Config.Policies())
+	return policyCounters
 }
 
 // lookupPlatform takes a string representing a K8s PlatformID

diff --git a/internal/telemetry/collector.go b/internal/telemetry/collector.go
@@ -115,16 +115,23 @@ func (c *Collector) Collect(ctx context.Context) {
 			ClusterNodeCount:    int64(report.ClusterNodeCount),
 		},
 		NICResourceCounts{
-			VirtualServers:      int64(report.VirtualServers),
-			VirtualServerRoutes: int64(report.VirtualServerRoutes),
-			TransportServers:    int64(report.TransportServers),
-			Replicas:            int64(report.NICReplicaCount),
-			Secrets:             int64(report.Secrets),
-			Services:            int64(report.ServiceCount),
-			Ingresses:           int64(report.IngressCount),
-			IngressClasses:      int64(report.IngressClassCount),
-			Policies:            int64(report.PolicyCount),
-			GlobalConfiguration: report.GlobalConfiguration,
+			VirtualServers:        int64(report.VirtualServers),
+			VirtualServerRoutes:   int64(report.VirtualServerRoutes),
+			TransportServers:      int64(report.TransportServers),
+			Replicas:              int64(report.NICReplicaCount),
+			Secrets:               int64(report.Secrets),
+			Services:              int64(report.ServiceCount),
+			Ingresses:             int64(report.IngressCount),
+			IngressClasses:        int64(report.IngressClassCount),
+			AccessControlPolicies: int64(report.AccessControlCount),
+			RateLimitPolicies:     int64(report.RateLimitCount),
+			JWTAuthPolicies:       int64(report.JWTAuthCount),
+			BasicAuthPolicies:     int64(report.BasicAuthCount),
+			IngressMTLSPolicies:   int64(report.IngressMTLSCount),
+			EgressMTLSPolicies:    int64(report.EgressMTLSCount),
+			OIDCPolicies:          int64(report.OIDCCount),
+			WAFPolicies:           int64(report.WAFCount),
+			GlobalConfiguration:   report.GlobalConfiguration,
 		},
 	}
 
@@ -155,7 +162,14 @@ type Report struct {
 	Secrets             int
 	IngressCount        int
 	IngressClassCount   int
-	PolicyCount         int
+	AccessControlCount  int
+	RateLimitCount      int
+	JWTAuthCount        int
+	BasicAuthCount      int
+	IngressMTLSCount    int
+	EgressMTLSCount     int
+	OIDCCount           int
+	WAFCount            int
 	GlobalConfiguration bool
 }
 
@@ -212,7 +226,16 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 		glog.Errorf("Error collecting telemetry data: Ingress Classes: %v", err)
 	}
 
-	policyCount := c.PolicyCount()
+	policies := c.PolicyCount()
+
+	accessControlCount := policies["AccessControl"]
+	rateLimitCount := policies["RateLimit"]
+	jwtAuthCount := policies["JWTAuth"]
+	basicAuthCount := policies["BasicAuth"]
+	ingressMTLSCount := policies["IngressMTLS"]
+	egressMTLSCount := policies["EgressMTLS"]
+	oidcCount := policies["OIDC"]
+	wafCount := policies["WAF"]
 
 	return Report{
 		Name:                "NIC",
@@ -231,7 +254,14 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 		Secrets:             secretCount,
 		IngressCount:        ingressCount,
 		IngressClassCount:   ingressClassCount,
-		PolicyCount:         policyCount,
+		AccessControlCount:  accessControlCount,
+		RateLimitCount:      rateLimitCount,
+		JWTAuthCount:        jwtAuthCount,
+		BasicAuthCount:      basicAuthCount,
+		IngressMTLSCount:    ingressMTLSCount,
+		EgressMTLSCount:     egressMTLSCount,
+		OIDCCount:           oidcCount,
+		WAFCount:            wafCount,
 		GlobalConfiguration: c.Config.GlobalConfiguration,
 	}, err
 }