search

mulesoft-catalyst / metrics-toolkit

The metrics toolkit (formerly metrics accelerator/framework) is a Mule application intended to collect, aggregate and load platform metrics into different visualization systems; providing out of the box integrations and visualization options, including useful dashboards and charts.
The Unlicense
83 stars 105 forks source link

CH network metrics do not display 'Used' number #182

Closed MartijnvdB closed 2 years ago

MartijnvdB commented 2 years ago

In metrics-toolkit v1.8.2 with CloudHub, the 'Used' metric graphs for VPC/VPN/LB/static IPs in the Splunk dashboard are always empty even though we have a number of each of them allocated. The 'Available' numbers are correct.

When I examine the data in Splunk, I see that the values for the 'used' fields are always null.

hc_1026

hc_1025

Splunk data:

hc_1029

The relevant output of the 'GET Platform Metrics' request in the Postman collection looks like this, the value in the fields vpcsUsed/vpnsUsed/dlbsUsed/staticIPsUsed are null.

hc_1028

I ran the code in Anypoint Studio and captured the value of vars.entitlement and vars.usage which are used in the DW 'Build Metrics Aggregated Response' in aggregator-platform-metrics.xml. This shows that the fields 'vpcsConsumed' (vpn-, etc.) do not exist in those variables, hence they cannot be mapped.

We are using an Anypoint account, not a connected app, to access the Anypoint APIs.

richardmckinley commented 2 years ago

Hi @MartijnvdB

Thanks for raising this. The first solution I would suggest is updating to version 1.9.0 of the toolkit.

Here is a sample of my output, proving that the toolkit it functioning as expected. I am using v1.9.0

image

If this does not resolve it, you may have a permissions issue. Please double check that the user you are using has all required permissions, particularly CloudHub Network Viewer and Organisation Admin.

Thanks

MartijnvdB commented 2 years ago

Hi,

Thanks for the quick reply.

For security reasons we want to keep the permissions for the system account that we use to a minimum. Hence we do not want to give the account 'Organization Administrator' and 'CloudHub Admin' roles (any engineer with access to the password management tool would be able to become Admin on the platform). These are mentioned as prerequisites.

So basically the account only has View and Read permissions.

How likely is it that the issue is caused by a lack of permissions?

richardmckinley commented 2 years ago

Hi @MartijnvdB

I understand the security concern but these are limitations and requirements of the platform APIs used by the toolkit. This is certainly the cause of your issue.

Purely from a security perspective, you may want to consider using a connected app. However, there are limitations on which metrics are available using a connected app, but it seems like these are limits you are already enforcing but not providing the full scope of permissions to the user account. Please see the Limitations section of the docs for a list of metrics which are not available if using a connected app.

Thanks

MartijnvdB commented 2 years ago

Hi @richardmckinley,

Please go ahead and close this request. For now we will live with the existing limitations (of Anypoint, and of our security guidelines).

Best regards,

Martijn