Merge pull request #450 from rabbitmq/auth-attempt-metrics

Add enable/disable and list auth attempt metrics
2020-10-14 23:56:47 +03:00 · 2020-10-14 23:56:47 +03:00 · 5a95b3b847
parent 9ec745da56 c43db9d4d9
commit 5a95b3b847
7 changed files with 300 additions and 0 deletions
--- a/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/disable_auth_attempt_source_tracking_command.ex
+++ b/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/disable_auth_attempt_source_tracking_command.ex
@ -0,0 +1,35 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule RabbitMQ.CLI.Diagnostics.Commands.DisableAuthAttemptSourceTrackingCommand do
+  alias RabbitMQ.CLI.Core.DocGuide
+  @behaviour RabbitMQ.CLI.CommandBehaviour
+
+  use RabbitMQ.CLI.Core.MergesNoDefaults
+  use RabbitMQ.CLI.Core.AcceptsNoPositionalArguments
+  use RabbitMQ.CLI.Core.RequiresRabbitAppRunning
+
+  def run([], %{node: node_name}) do
+    :rabbit_misc.rpc_call(node_name, :application, :set_env,
+      [:rabbit, :track_auth_attempt_source, :false])
+  end
+  use RabbitMQ.CLI.DefaultOutput
+
+  def usage, do: "disable_track_auth_attempt_source"
+
+  def usage_doc_guides() do
+    [
+      DocGuide.access_control(),
+      DocGuide.monitoring()
+    ]
+  end
+
+  def help_section(), do: :configuration
+
+  def description(), do: "Disables the tracking of peer IP address and username of authentication attempts"
+
+  def banner([], _), do: "Disabling authentication attempt source tracking ..."
+end
--- a/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/enable_auth_attempt_source_tracking_command.ex
+++ b/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/enable_auth_attempt_source_tracking_command.ex
@ -0,0 +1,36 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule RabbitMQ.CLI.Diagnostics.Commands.EnableAuthAttemptSourceTrackingCommand do
+  alias RabbitMQ.CLI.Core.DocGuide
+  @behaviour RabbitMQ.CLI.CommandBehaviour
+
+  use RabbitMQ.CLI.Core.MergesNoDefaults
+  use RabbitMQ.CLI.Core.AcceptsNoPositionalArguments
+  use RabbitMQ.CLI.Core.RequiresRabbitAppRunning
+
+  def run([], %{node: node_name}) do
+    :rabbit_misc.rpc_call(node_name, :application, :set_env,
+      [:rabbit, :track_auth_attempt_source, :true])
+  end
+
+  use RabbitMQ.CLI.DefaultOutput
+
+  def usage, do: "enable_auth_attempt_source_tracking"
+
+  def usage_doc_guides() do
+    [
+      DocGuide.access_control(),
+      DocGuide.monitoring()
+    ]
+  end
+
+  def help_section(), do: :configuration
+
+  def description(), do: "Enables the tracking of peer IP address and username of authentication attempts"
+
+  def banner([], _), do: "Enabling authentication attempt source tracking ..."
+end
--- a/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/list_node_auth_attempt_stats_command.ex
+++ b/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/list_node_auth_attempt_stats_command.ex
@ -0,0 +1,75 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule RabbitMQ.CLI.Diagnostics.Commands.ListNodeAuthAttemptStatsCommand do
+  alias RabbitMQ.CLI.Core.DocGuide
+
+  @behaviour RabbitMQ.CLI.CommandBehaviour
+
+  def formatter(), do: RabbitMQ.CLI.Formatters.Table
+
+  def scopes(), do: [:ctl, :diagnostics]
+
+  use RabbitMQ.CLI.Core.RequiresRabbitAppRunning
+
+  def switches(), do: [by_source: :boolean]
+
+  def merge_defaults(args, opts) do
+    {args, Map.merge(%{by_source: false}, opts)}
+  end
+
+  def validate([], _), do: :ok
+  def validate(_, _), do: {:validation_failure, :too_many_args}
+
+  def run([], %{node: node_name, timeout: timeout, by_source: by_source}) do
+    case by_source do
+      :true ->
+        :rabbit_misc.rpc_call(
+          node_name, :rabbit_core_metrics, :get_auth_attempts_by_source, [], timeout)
+      :false ->
+        :rabbit_misc.rpc_call(
+          node_name, :rabbit_core_metrics, :get_auth_attempts, [], timeout)
+    end
+  end
+
+  def output([], %{node: node_name, formatter: "json"}) do
+    {:ok, %{"result" => "ok", "node" => node_name, "attempts" => []}}
+  end
+  def output([], %{node: node_name})  do
+    {:ok, "Node #{node_name} reported no authentication attempt stats"}
+  end
+  def output(rows, %{node: node_name, formatter: "json"}) do
+    maps = Enum.map(rows, &Map.new/1)
+    {:ok,
+     %{
+       "result"   => "ok",
+       "node"     => node_name,
+       "attempts" => maps
+     }}
+  end
+  use RabbitMQ.CLI.DefaultOutput
+
+  def usage, do: "list_node_auth_attempts [--by-source]"
+
+  def usage_additional do
+    [
+      ["--by-source", "list authentication attempts by remote address and username"]
+    ]
+  end
+
+  def usage_doc_guides() do
+    [
+      DocGuide.access_control(),
+      DocGuide.monitoring()
+    ]
+  end
+
+  def help_section(), do: :observability_and_health_checks
+  def description(), do: "Lists authentication attempts on the target node"
+
+  def banner([], %{node: node_name}), do: "Listing authentication
+ attempts for node \"#{node_name}\" ..."
+end
--- a/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/reset_node_auth_attempt_metrics_command.ex
+++ b/deps/rabbitmq_cli/lib/rabbitmq/cli/diagnostics/commands/reset_node_auth_attempt_metrics_command.ex
@ -0,0 +1,37 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule RabbitMQ.CLI.Diagnostics.Commands.ResetNodeAuthAttemptMetricsCommand do
+  alias RabbitMQ.CLI.Core.DocGuide
+  @behaviour RabbitMQ.CLI.CommandBehaviour
+
+  use RabbitMQ.CLI.Core.MergesNoDefaults
+  use RabbitMQ.CLI.Core.AcceptsNoPositionalArguments
+  use RabbitMQ.CLI.Core.RequiresRabbitAppRunning
+
+  def run([], %{node: node_name}) do
+    :rabbit_misc.rpc_call(node_name, :rabbit_core_metrics, :reset_auth_attempt_metrics, [])
+  end
+
+  def usage, do: "reset_node_auth_attempt_metrics"
+
+  def usage_doc_guides() do
+    [
+      DocGuide.access_control(),
+      DocGuide.monitoring()
+    ]
+  end
+
+  def help_section(), do: :configuration
+
+  def description(), do: "Resets auth attempt metrics on the target node"
+
+  def banner([], %{node: node_name}) do
+    "Reset auth attempt metrics on node #{node_name} ..."
+  end
+
+  use RabbitMQ.CLI.DefaultOutput
+end
--- a/deps/rabbitmq_cli/test/diagnostics/disable_auth_attempt_source_tracking_command_test.exs
+++ b/deps/rabbitmq_cli/test/diagnostics/disable_auth_attempt_source_tracking_command_test.exs
@ -0,0 +1,39 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule DisbleAuthAttemptSourceTrackingCommandTest do
+  use ExUnit.Case, async: false
+  import TestHelper
+
+  @command RabbitMQ.CLI.Diagnostics.Commands.DisableAuthAttemptSourceTrackingCommand
+  setup_all do
+    RabbitMQ.CLI.Core.Distribution.start()
+    :ok
+  end
+
+  setup context do
+    {:ok, opts: %{node: get_rabbit_hostname(), timeout: context[:test_timeout]}}
+  end
+
+  test "validate: providing no arguments passes validation", context do
+    assert @command.validate([], context[:opts]) == :ok
+  end
+
+  test "validate: providing any arguments fails validation", context do
+    assert @command.validate(["a"], context[:opts]) ==
+      {:validation_failure, :too_many_args}
+  end
+
+    @tag test_timeout: 3000
+  test "run: targeting an unreachable node throws a badrpc", context do
+    assert match?({:badrpc, _}, @command.run([], Map.merge(context[:opts], %{node: :jake@thedog})))
+  end
+
+  @tag test_timeout: 15000
+  test "run: disables source tracking for auth attempt stats", context do
+    assert :ok = @command.run([], context[:opts])
+  end
+end
--- a/deps/rabbitmq_cli/test/diagnostics/enable_auth_attempt_source_tracking_command_test.exs
+++ b/deps/rabbitmq_cli/test/diagnostics/enable_auth_attempt_source_tracking_command_test.exs
@ -0,0 +1,39 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule EnableAuthAttemptSourceTrackingCommandTest do
+  use ExUnit.Case, async: false
+  import TestHelper
+
+  @command RabbitMQ.CLI.Diagnostics.Commands.EnableAuthAttemptSourceTrackingCommand
+  setup_all do
+    RabbitMQ.CLI.Core.Distribution.start()
+    :ok
+  end
+
+  setup context do
+    {:ok, opts: %{node: get_rabbit_hostname(), timeout: context[:test_timeout]}}
+  end
+
+  test "validate: providing no arguments passes validation", context do
+    assert @command.validate([], context[:opts]) == :ok
+  end
+
+  test "validate: providing any arguments fails validation", context do
+    assert @command.validate(["a"], context[:opts]) ==
+      {:validation_failure, :too_many_args}
+  end
+
+    @tag test_timeout: 3000
+  test "run: targeting an unreachable node throws a badrpc", context do
+    assert match?({:badrpc, _}, @command.run([], Map.merge(context[:opts], %{node: :jake@thedog})))
+  end
+
+  @tag test_timeout: 15000
+  test "run: enables source tracking for auth attempt stats", context do
+    assert :ok = @command.run([], context[:opts])
+  end
+end
--- a/deps/rabbitmq_cli/test/diagnostics/list_node_auth_attempt_stats_command_test.exs
+++ b/deps/rabbitmq_cli/test/diagnostics/list_node_auth_attempt_stats_command_test.exs
@ -0,0 +1,39 @@
+## This Source Code Form is subject to the terms of the Mozilla Public
+## License, v. 2.0. If a copy of the MPL was not distributed with this
+## file, You can obtain one at https://mozilla.org/MPL/2.0/.
+##
+## Copyright (c) 2007-2020 VMware, Inc. or its affiliates.  All rights reserved.
+
+defmodule ListNodeAuthAttemptStatsCommandTest do
+  use ExUnit.Case, async: false
+  import TestHelper
+
+  @command RabbitMQ.CLI.Diagnostics.Commands.ListNodeAuthAttemptStatsCommand
+  setup_all do
+    RabbitMQ.CLI.Core.Distribution.start()
+    :ok
+  end
+
+  setup context do
+    {:ok, opts: %{node: get_rabbit_hostname(), timeout: context[:test_timeout], by_source: false}}
+  end
+
+  test "validate: providing no arguments passes validation", context do
+    assert @command.validate([], context[:opts]) == :ok
+  end
+
+  test "validate: providing any arguments fails validation", context do
+    assert @command.validate(["a"], context[:opts]) ==
+      {:validation_failure, :too_many_args}
+  end
+
+    @tag test_timeout: 3000
+  test "run: targeting an unreachable node throws a badrpc", context do
+    assert match?({:badrpc, _}, @command.run([], Map.merge(context[:opts], %{node: :jake@thedog})))
+  end
+
+  @tag test_timeout: 15000
+  test "run: returns auth attempt stats", context do
+    assert is_list(@command.run([], context[:opts]))
+  end
+end