Add AppProtectVersion to Telemetry (#5554)

cmd/nginx-ingress/main.go

@@ -51,7 +51,7 @@ const (
 	versionLabel           = "app.kubernetes.io/version"
 	appProtectVersionLabel = "appprotect.f5.com/version"
 	agentVersionLabel      = "app.nginx.org/agent-version"
-	appProtectVersionPath  = "/opt/app_protect/VERSION"
+	appProtectVersionPath  = "/opt/app_protect/RELEASE"
 )
 
 func main() {
@@ -184,6 +184,7 @@ func main() {
 		DefaultServerSecret:          *defaultServerSecret,
 		AppProtectEnabled:            *appProtect,
 		AppProtectDosEnabled:         *appProtectDos,
+		AppProtectVersion:            appProtectVersion,
 		IsNginxPlus:                  *nginxPlus,
 		IngressClass:                 *ingressClass,
 		ExternalServiceName:          *externalService,

docs/content/overview/product-telemetry.md

@@ -47,6 +47,7 @@ These are the data points collected and reported by NGINX Ingress Controller:
 - **OIDCPolicies** Number of OIDC policies.
 - **WAFPolicies** Number of WAF policies.
 - **GlobalConfiguration** Represents the use of a GlobalConfiguration resource.
+- **AppProtectVersion** The AppProtect version
 
 ## Opt out
 

internal/k8s/controller.go

@@ -185,6 +185,7 @@ type NewLoadBalancerControllerInput struct {
 	DefaultServerSecret          string
 	AppProtectEnabled            bool
 	AppProtectDosEnabled         bool
+	AppProtectVersion            string
 	IsNginxPlus                  bool
 	IngressClass                 string
 	ExternalServiceName          string
@@ -364,6 +365,7 @@ func NewLoadBalancerController(input NewLoadBalancerControllerInput) *LoadBalanc
 			Period:              24 * time.Hour,
 			K8sClientReader:     input.KubeClient,
 			Version:             input.NICVersion,
+			AppProtectVersion:   input.AppProtectVersion,
 			GlobalConfiguration: lbc.watchGlobalConfiguration,
 			Configurator:        lbc.configurator,
 			SecretStore:         lbc.secretStore,

internal/telemetry/cluster.go

@@ -192,6 +192,11 @@ func (c *Collector) PolicyCount() map[string]int {
 	return policyCounters
 }
 
+// AppProtectVersion returns the AppProtect Version
+func (c *Collector) AppProtectVersion() string {
+	return c.Config.AppProtectVersion
+}
+
 // lookupPlatform takes a string representing a K8s PlatformID
 // retrieved from a cluster node and returns a string
 // representing the platform name.

internal/telemetry/collector.go

@@ -71,6 +71,9 @@ type CollectorConfig struct {
 
 	// Policies gets all policies
 	Policies func() []*conf_v1.Policy
+
+	// AppProtectVersion represents the version of App Protect.
+	AppProtectVersion string
 }
 
 // NewCollector takes 0 or more options and creates a new TraceReporter.
@@ -133,6 +136,7 @@ func (c *Collector) Collect(ctx context.Context) {
 			WAFPolicies:           int64(report.WAFCount),
 			GlobalConfiguration:   report.GlobalConfiguration,
 			IngressAnnotations:    report.IngressAnnotations,
+			AppProtectVersion:     report.AppProtectVersion,
 		},
 	}
 
@@ -173,6 +177,7 @@ type Report struct {
 	WAFCount            int
 	GlobalConfiguration bool
 	IngressAnnotations  []string
+	AppProtectVersion   string
 }
 
 // BuildReport takes context, collects telemetry data and builds the report.
@@ -241,6 +246,8 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 
 	ingressAnnotations := c.IngressAnnotations()
 
+	appProtectVersion := c.AppProtectVersion()
+
 	return Report{
 		Name:                "NIC",
 		Version:             c.Config.Version,
@@ -268,5 +275,6 @@ func (c *Collector) BuildReport(ctx context.Context) (Report, error) {
 		WAFCount:            wafCount,
 		GlobalConfiguration: c.Config.GlobalConfiguration,
 		IngressAnnotations:  ingressAnnotations,
+		AppProtectVersion:   appProtectVersion,
 	}, err
 }

internal/telemetry/collector_test.go

@@ -665,6 +665,119 @@ func TestIngressCountReportsNumberOfDeployedIngresses(t *testing.T) {
 	}
 }
 
+func TestCollectAppProtectVersion(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name              string
+		appProtectVersion string
+		wantVersion       string
+	}{
+		{
+			name:              "AppProtect 4.8",
+			appProtectVersion: "4.8.1",
+			wantVersion:       "4.8.1",
+		},
+		{
+			name:              "AppProtect 4.9",
+			appProtectVersion: "4.9",
+			wantVersion:       "4.9",
+		},
+		{
+			name:              "AppProtect 5.1",
+			appProtectVersion: "5.1",
+			wantVersion:       "5.1",
+		},
+		{
+			name:              "No AppProtect Installed",
+			appProtectVersion: "",
+			wantVersion:       "",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			buf := &bytes.Buffer{}
+			exp := &telemetry.StdoutExporter{Endpoint: buf}
+
+			configurator := newConfiguratorWithIngress(t)
+
+			cfg := telemetry.CollectorConfig{
+				Configurator:      configurator,
+				K8sClientReader:   newTestClientset(node1, kubeNS),
+				Version:           telemetryNICData.ProjectVersion,
+				AppProtectVersion: tc.appProtectVersion,
+			}
+
+			c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp))
+			if err != nil {
+				t.Fatal(err)
+			}
+			c.Collect(context.Background())
+
+			ver := c.AppProtectVersion()
+
+			if tc.wantVersion != ver {
+				t.Errorf("want: %s, got: %s", tc.wantVersion, ver)
+			}
+		})
+	}
+}
+
+func TestCollectInvalidAppProtectVersion(t *testing.T) {
+	t.Parallel()
+
+	testCases := []struct {
+		name              string
+		appProtectVersion string
+		wantVersion       string
+	}{
+		{
+			name:              "AppProtect Not Installed",
+			appProtectVersion: "",
+			wantVersion:       "4.8.1",
+		},
+		{
+			name:              "Cant Find AppProtect 4.9",
+			appProtectVersion: "4.9",
+			wantVersion:       "",
+		},
+		{
+			name:              "Found Different AppProtect Version",
+			appProtectVersion: "5.1",
+			wantVersion:       "4.9",
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			buf := &bytes.Buffer{}
+			exp := &telemetry.StdoutExporter{Endpoint: buf}
+
+			configurator := newConfiguratorWithIngress(t)
+
+			cfg := telemetry.CollectorConfig{
+				Configurator:      configurator,
+				K8sClientReader:   newTestClientset(node1, kubeNS),
+				Version:           telemetryNICData.ProjectVersion,
+				AppProtectVersion: tc.appProtectVersion,
+			}
+
+			c, err := telemetry.NewCollector(cfg, telemetry.WithExporter(exp))
+			if err != nil {
+				t.Fatal(err)
+			}
+			c.Collect(context.Background())
+
+			ver := c.AppProtectVersion()
+
+			if tc.wantVersion == ver {
+				t.Errorf("want: %s, got: %s", tc.wantVersion, ver)
+			}
+		})
+	}
+}
+
 func TestCountVirtualServers(t *testing.T) {
 	t.Parallel()
 

internal/telemetry/data.avdl

@@ -87,5 +87,8 @@ It is the UID of the `kube-system` Namespace. */
 		/** IngressAnnotations is the list of annotations resources managed by NGINX Ingress Controller */
 		union {null, array<string>} IngressAnnotations = null;
 
+		/** AppProtectVersion represents the version of AppProtect. */
+		string? AppProtectVersion = null;
+
 	}
 }

internal/telemetry/exporter.go

@@ -101,4 +101,6 @@ type NICResourceCounts struct {
 	GlobalConfiguration bool
 	// IngressAnnotations is the list of annotations resources managed by NGINX Ingress Controller
 	IngressAnnotations []string
+	// AppProtectVersion represents the version of AppProtect.
+	AppProtectVersion string
 }

internal/telemetry/nicresourcecounts_attributes_generated.go

@@ -31,6 +31,7 @@ func (d *NICResourceCounts) Attributes() []attribute.KeyValue {
 	attrs = append(attrs, attribute.Int64("WAFPolicies", d.WAFPolicies))
 	attrs = append(attrs, attribute.Bool("GlobalConfiguration", d.GlobalConfiguration))
 	attrs = append(attrs, attribute.StringSlice("IngressAnnotations", d.IngressAnnotations))
+	attrs = append(attrs, attribute.String("AppProtectVersion", d.AppProtectVersion))
 
 	return attrs
 }