diff --git a/apps/emqx/src/emqx_authentication.erl b/apps/emqx/src/emqx_authentication.erl index 745eaa715..5a219d043 100644 --- a/apps/emqx/src/emqx_authentication.erl +++ b/apps/emqx/src/emqx_authentication.erl @@ -616,8 +616,8 @@ handle_create_authenticator(Chain, Config, Providers) -> ok = emqx_metrics_worker:create_metrics( authn_metrics, AuthenticatorID, - [matched, success, failed, ignore], - [matched] + [total, success, failed, nomatch], + [total] ), {ok, serialize_authenticator(Authenticator)}; {error, Reason} -> @@ -628,10 +628,10 @@ handle_create_authenticator(Chain, Config, Providers) -> do_authenticate([], _) -> {stop, {error, not_authorized}}; do_authenticate([#authenticator{id = ID, provider = Provider, state = State} | More], Credential) -> - emqx_metrics_worker:inc(authn_metrics, ID, matched), + emqx_metrics_worker:inc(authn_metrics, ID, total), try Provider:authenticate(Credential, State) of ignore -> - ok = emqx_metrics_worker:inc(authn_metrics, ID, ignore), + ok = emqx_metrics_worker:inc(authn_metrics, ID, nomatch), do_authenticate(More, Credential); Result -> %% {ok, Extra} @@ -657,7 +657,7 @@ do_authenticate([#authenticator{id = ID, provider = Provider, state = State} | M stacktrace => Stacktrace, authenticator => ID }), - emqx_metrics_worker:inc(authn_metrics, ID, ignore), + emqx_metrics_worker:inc(authn_metrics, ID, nomatch), do_authenticate(More, Credential) end. diff --git a/apps/emqx_authn/i18n/emqx_authn_schema_i18n.conf b/apps/emqx_authn/i18n/emqx_authn_schema_i18n.conf index 371939daa..917554af0 100644 --- a/apps/emqx_authn/i18n/emqx_authn_schema_i18n.conf +++ b/apps/emqx_authn/i18n/emqx_authn_schema_i18n.conf @@ -163,4 +163,81 @@ emqx_authn_schema { zh: """节点名称。""" } } + + metrics_nomatch { + desc { + en: """The number of times the instance was ignored when the required authentication information was not found in the current instance.""" + zh: """在当前实例中没有找到需要的认证信息,实例被忽略的次数。""" + } + label: { + en: """Nomatch Times""" + zh: """实例被忽略的次数""" + } + } + + metrics_total { + desc { + en: """The total number of times the current instance was triggered.""" + zh: """当前实例被触发的总次数。""" + } + label: { + en: """Total Triggered Times""" + zh: """当前实例被触发的总次数""" + } + } + + metrics_success { + desc { + en: """The required authentication information is found in the current instance, and the instance returns authentication success.""" + zh: """在当前实例中找到需要的认证信息,并且实例返回认证成功的次数。""" + } + label: { + en: """Authentication Success Times""" + zh: """实例认证成功的次数""" + } + } + + metrics_failed { + desc { + en: """The required authentication information is found in the current instance, and the instance returns authentication failure.""" + zh: """在当前实例中找到需要的认证信息,并且实例返回认证失败的次数。""" + } + label: { + en: """Authentication Failed Times""" + zh: """实例认证失败的次数""" + } + } + + metrics_rate { + desc { + en: """The total rate at which instances are triggered, times/second.""" + zh: """实例被触发的速率。触发速率等于匹配速率 + 忽略速率,单位:次/秒。""" + } + label: { + en: """Total Triggered Rate""" + zh: """实例被触发的速率""" + } + } + + metrics_rate_max { + desc { + en: """The highest trigger rate the instance has ever reached, times/second.""" + zh: """实例曾经达到的最高触发速率,单位:次/秒。""" + } + label: { + en: """Highest Triggered Rate""" + zh: """实例曾经达到的最高触发速率""" + } + } + + metrics_rate_last5m { + desc { + en: """The average trigger rate of the instance within 5 minutes, times/second.""" + zh: """实例5分钟内平均触发速率,单位:次/秒。""" + } + label: { + en: """Average Triggered Rate in Last 5min""" + zh: """实例5分钟内平均触发速率""" + } + } } diff --git a/apps/emqx_authn/src/emqx_authn_api.erl b/apps/emqx_authn/src/emqx_authn_api.erl index 96f0093b2..834ea8f7d 100644 --- a/apps/emqx_authn/src/emqx_authn_api.erl +++ b/apps/emqx_authn/src/emqx_authn_api.erl @@ -1036,14 +1036,14 @@ make_result_map(ResList) -> lists:foldl(Fun, {maps:new(), maps:new(), maps:new(), maps:new()}, ResList). restructure_map(#{ - counters := #{failed := Failed, matched := Match, success := Succ, ignore := Ignore}, - rate := #{matched := #{current := Rate, last5m := Rate5m, max := RateMax}} + counters := #{failed := Failed, total := Total, success := Succ, nomatch := Nomatch}, + rate := #{total := #{current := Rate, last5m := Rate5m, max := RateMax}} }) -> #{ - matched => Match, + total => Total, success => Succ, failed => Failed, - ignore => Ignore, + nomatch => Nomatch, rate => Rate, rate_last5m => Rate5m, rate_max => RateMax @@ -1451,11 +1451,32 @@ status_metrics_example() -> status_metrics => #{ summary => <<"Authn status metrics">>, value => #{ - metrics => #{ + resource_metrics => #{ matched => 0, success => 0, failed => 0, - ignore => 0, + rate => 0.0, + rate_last5m => 0.0, + rate_max => 0.0 + }, + node_resource_metrics => [ + #{ + node => node(), + metrics => #{ + matched => 0, + success => 0, + failed => 0, + rate => 0.0, + rate_last5m => 0.0, + rate_max => 0.0 + } + } + ], + metrics => #{ + total => 0, + success => 0, + failed => 0, + nomatch => 0, rate => 0.0, rate_last5m => 0.0, rate_max => 0.0 @@ -1466,9 +1487,9 @@ status_metrics_example() -> node => node(), metrics => #{ matched => 0, - success => 0, + total => 0, failed => 0, - ignore => 0, + nomatch => 0, rate => 0.0, rate_last5m => 0.0, rate_max => 0.0 diff --git a/apps/emqx_authn/src/emqx_authn_schema.erl b/apps/emqx_authn/src/emqx_authn_schema.erl index ffcd2eeff..74276e370 100644 --- a/apps/emqx_authn/src/emqx_authn_schema.erl +++ b/apps/emqx_authn/src/emqx_authn_schema.erl @@ -115,8 +115,14 @@ fields("metrics_status_fields") -> ]; fields("metrics") -> [ - {"ignore", mk(integer(), #{desc => ?DESC("failed")})} - ] ++ common_field(); + {"nomatch", mk(integer(), #{desc => ?DESC("metrics_nomatch")})}, + {"total", mk(integer(), #{desc => ?DESC("metrics_total")})}, + {"success", mk(integer(), #{desc => ?DESC("metrics_success")})}, + {"failed", mk(integer(), #{desc => ?DESC("metrics_failed")})}, + {"rate", mk(float(), #{desc => ?DESC("metrics_rate")})}, + {"rate_max", mk(float(), #{desc => ?DESC("metrics_rate_max")})}, + {"rate_last5m", mk(float(), #{desc => ?DESC("metrics_rate_last5m")})} + ]; fields("resource_metrics") -> common_field(); fields("node_metrics") -> diff --git a/apps/emqx_authn/test/emqx_authn_api_SUITE.erl b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl index fe4a8af7e..38e6c21b7 100644 --- a/apps/emqx_authn/test/emqx_authn_api_SUITE.erl +++ b/apps/emqx_authn/test/emqx_authn_api_SUITE.erl @@ -125,24 +125,24 @@ t_aggregate_metrics(_) -> metrics => #{ failed => 0, - matched => 1, + total => 1, rate => 0.0, rate_last5m => 0.0, rate_max => 0.1, success => 1, - ignore => 1 + nomatch => 1 } }, 'emqx@node2.emqx.io' => #{ metrics => #{ failed => 0, - matched => 1, + total => 1, rate => 0.0, rate_last5m => 0.0, rate_max => 0.1, success => 1, - ignore => 2 + nomatch => 2 } } }, @@ -152,12 +152,12 @@ t_aggregate_metrics(_) -> metrics => #{ failed => 0, - matched => 2, + total => 2, rate => 0.0, rate_last5m => 0.0, rate_max => 0.2, success => 2, - ignore => 3 + nomatch => 3 } }, Res @@ -226,7 +226,7 @@ test_authenticator(PathPrefix) -> LookFun = fun(List) -> LookupVal(List, RList) end, MetricsList = [ {<<"failed">>, 0}, - {<<"matched">>, 0}, + {<<"total">>, 0}, {<<"rate">>, 0.0}, {<<"rate_last5m">>, 0.0}, {<<"rate_max">>, 0.0}, @@ -321,17 +321,17 @@ test_authenticator_users(PathPrefix) -> [] -> #{ <<"metrics">> := #{ - <<"matched">> := 1, + <<"total">> := 1, <<"success">> := 0, - <<"ignore">> := 1 + <<"nomatch">> := 1 } } = jiffy:decode(PageData0, [return_maps]); ["listeners", 'tcp:default'] -> #{ <<"metrics">> := #{ - <<"matched">> := 1, + <<"total">> := 1, <<"success">> := 0, - <<"ignore">> := 1 + <<"nomatch">> := 1 } } = jiffy:decode(PageData0, [return_maps]) end, @@ -379,17 +379,17 @@ test_authenticator_users(PathPrefix) -> [] -> #{ <<"metrics">> := #{ - <<"matched">> := 2, + <<"total">> := 2, <<"success">> := 1, - <<"ignore">> := 1 + <<"nomatch">> := 1 } } = jiffy:decode(PageData01, [return_maps]); ["listeners", 'tcp:default'] -> #{ <<"metrics">> := #{ - <<"matched">> := 2, + <<"total">> := 2, <<"success">> := 1, - <<"ignore">> := 1 + <<"nomatch">> := 1 } } = jiffy:decode(PageData01, [return_maps]) end, diff --git a/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf b/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf index 4f1c35ee8..3caf6ead8 100644 --- a/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf +++ b/apps/emqx_authz/i18n/emqx_authz_schema_i18n.conf @@ -528,36 +528,47 @@ Filter supports the following placeholders: } } - ignore { + metrics_total { desc { - en: """Not match any rules.""" - zh: """没有匹配到任何规则。""" + en: """The total number of times the authorization rule was triggered.""" + zh: """鉴权实例被触发的总次数。""" } label: { - en: """Not Match Any Rules""" - zh: """没有匹配到任何规则。""" + en: """The Total Number of Times the Authorization Rule was Triggered""" + zh: """鉴权实例被触发的总次数""" + } + } + + nomatch { + desc { + en: """The number of times that no authorization rules were matched.""" + zh: """没有匹配到任何鉴权规则的次数。""" + } + label: { + en: """The Number of Times that no Authorization Rules were Matched""" + zh: """没有匹配到任何鉴权规则的次数""" } } allow { desc { - en: """Authorize allow.""" - zh: """鉴权成功。""" + en: """The number of times the authentication was successful.""" + zh: """鉴权成功的次数。""" } label: { - en: """Authorize Allow""" - zh: """鉴权成功""" + en: """The Number of Times the Authentication was Successful""" + zh: """鉴权成功次数""" } } deny { desc { - en: """Authorize Deny.""" - zh: """鉴权失败""" + en: """The number of authentication failures.""" + zh: """鉴权失败的次数。""" } label: { - en: """Authorize Deny""" - zh: """鉴权失败""" + en: """The Number of Authentication Failures""" + zh: """鉴权失败次数""" } } } diff --git a/apps/emqx_authz/src/emqx_authz.erl b/apps/emqx_authz/src/emqx_authz.erl index 33f369b1a..83ac29d21 100644 --- a/apps/emqx_authz/src/emqx_authz.erl +++ b/apps/emqx_authz/src/emqx_authz.erl @@ -176,8 +176,8 @@ do_post_config_update({?CMD_PREPEND, RawNewSource}, Sources) -> ok = emqx_metrics_worker:create_metrics( authz_metrics, TypeName, - [matched, allow, deny, ignore], - [matched] + [total, allow, deny, nomatch], + [total] ), [InitedNewSource] ++ lookup(); do_post_config_update({?CMD_APPEND, RawNewSource}, Sources) -> @@ -271,8 +271,8 @@ init_metrics(Source) -> emqx_metrics_worker:create_metrics( authz_metrics, TypeName, - [matched, allow, deny, ignore], - [matched] + [total, allow, deny, nomatch], + [total] ). %%-------------------------------------------------------------------- @@ -354,13 +354,24 @@ do_authorize( [Connector = #{type := Type} | Tail] ) -> Module = authz_module(Type), - emqx_metrics_worker:inc(authz_metrics, Type, matched), - case Module:authorize(Client, PubSub, Topic, Connector) of + emqx_metrics_worker:inc(authz_metrics, Type, total), + try Module:authorize(Client, PubSub, Topic, Connector) of nomatch -> - emqx_metrics_worker:inc(authz_metrics, Type, ignore), + emqx_metrics_worker:inc(authz_metrics, Type, nomatch), do_authorize(Client, PubSub, Topic, Tail); Matched -> {Matched, Type} + catch + Class:Reason:Stacktrace -> + emqx_metrics_worker:inc(authz_metrics, Type, nomatch), + ?SLOG(warning, #{ + msg => "unexpected_error_in_authorize", + exception => Class, + reason => Reason, + stacktrace => Stacktrace, + authorize_type => Type + }), + do_authorize(Client, PubSub, Topic, Tail) end. get_enabled_authzs() -> diff --git a/apps/emqx_authz/src/emqx_authz_api_sources.erl b/apps/emqx_authz/src/emqx_authz_api_sources.erl index 72fa10c98..afbb7195f 100644 --- a/apps/emqx_authz/src/emqx_authz_api_sources.erl +++ b/apps/emqx_authz/src/emqx_authz_api_sources.erl @@ -398,14 +398,14 @@ make_result_map(ResList) -> lists:foldl(Fun, {maps:new(), maps:new(), maps:new(), maps:new()}, ResList). restructure_map(#{ - counters := #{deny := Failed, matched := Match, allow := Succ, ignore := Ignore}, - rate := #{matched := #{current := Rate, last5m := Rate5m, max := RateMax}} + counters := #{deny := Failed, total := Total, allow := Succ, nomatch := Nomatch}, + rate := #{total := #{current := Rate, last5m := Rate5m, max := RateMax}} }) -> #{ - matched => Match, + total => Total, allow => Succ, deny => Failed, - ignore => Ignore, + nomatch => Nomatch, rate => Rate, rate_last5m => Rate5m, rate_max => RateMax @@ -592,10 +592,10 @@ status_metrics_example() -> } ], metrics => #{ - matched => 0, + total => 0, allow => 0, deny => 0, - ignore => 0, + nomatch => 0, rate => 0.0, rate_last5m => 0.0, rate_max => 0.0 @@ -604,10 +604,10 @@ status_metrics_example() -> #{ node => node(), metrics => #{ - matched => 0, + total => 0, allow => 0, deny => 0, - ignore => 0, + nomatch => 0, rate => 0.0, rate_last5m => 0.0, rate_max => 0.0 diff --git a/apps/emqx_authz/src/emqx_authz_schema.erl b/apps/emqx_authz/src/emqx_authz_schema.erl index e8e0a7f3e..bced95f63 100644 --- a/apps/emqx_authz/src/emqx_authz_schema.erl +++ b/apps/emqx_authz/src/emqx_authz_schema.erl @@ -166,10 +166,10 @@ fields("metrics_status_fields") -> ]; fields("metrics") -> [ - {"matched", mk(integer(), #{desc => ?DESC("matched")})}, + {"total", mk(integer(), #{desc => ?DESC("metrics_total")})}, {"allow", mk(integer(), #{desc => ?DESC("allow")})}, {"deny", mk(integer(), #{desc => ?DESC("deny")})}, - {"ignore", mk(float(), #{desc => ?DESC("ignore")})} + {"nomatch", mk(float(), #{desc => ?DESC("nomatch")})} ] ++ common_rate_field(); fields("node_metrics") -> [ diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl index e59e52dfa..250487a5b 100644 --- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl @@ -243,8 +243,8 @@ t_api(_) -> <<"metrics">> := #{ <<"allow">> := 0, <<"deny">> := 0, - <<"matched">> := 0, - <<"ignore">> := 0 + <<"total">> := 0, + <<"nomatch">> := 0 } } = jiffy:decode(Status4, [return_maps]), ?assertMatch( @@ -298,8 +298,8 @@ t_api(_) -> <<"metrics">> := #{ <<"allow">> := 0, <<"deny">> := 0, - <<"matched">> := 0, - <<"ignore">> := 0 + <<"total">> := 0, + <<"nomatch">> := 0 } } = jiffy:decode(Status5_1, [return_maps]), @@ -377,8 +377,8 @@ t_api(_) -> <<"metrics">> := #{ <<"allow">> := 1, <<"deny">> := 0, - <<"matched">> := 1, - <<"ignore">> := 0 + <<"total">> := 1, + <<"nomatch">> := 0 } } = jiffy:decode(Status5, [return_maps]), @@ -396,8 +396,8 @@ t_api(_) -> <<"metrics">> := #{ <<"allow">> := 2, <<"deny">> := 0, - <<"matched">> := 2, - <<"ignore">> := 0 + <<"total">> := 2, + <<"nomatch">> := 0 } } = jiffy:decode(Status6, [return_maps]), @@ -416,8 +416,8 @@ t_api(_) -> <<"metrics">> := #{ <<"allow">> := 3, <<"deny">> := 0, - <<"matched">> := 3, - <<"ignore">> := 0 + <<"total">> := 3, + <<"nomatch">> := 0 } } = jiffy:decode(Status7, [return_maps]), @@ -508,7 +508,7 @@ t_aggregate_metrics(_) -> metrics => #{ failed => 0, - matched => 1, + total => 1, rate => 0.0, rate_last5m => 0.0, rate_max => 0.1, @@ -519,7 +519,7 @@ t_aggregate_metrics(_) -> metrics => #{ failed => 0, - matched => 1, + total => 1, rate => 0.0, rate_last5m => 0.0, rate_max => 0.1, @@ -533,7 +533,7 @@ t_aggregate_metrics(_) -> metrics => #{ failed => 0, - matched => 2, + total => 2, rate => 0.0, rate_last5m => 0.0, rate_max => 0.2,