feat: firewall policy metrics across all output plugins (closes #928) (#979)

* feat(promunifi): add firewall policy metrics (closes #928) Bump unifi client to v5.22.0 and wire up firewall policy data end-to-end: - poller.Metrics: add FirewallPolicies []any slice - inputunifi: collect GetFirewallPolicies() per poll cycle; apply DefaultSiteNameOverride; augment into poller.Metrics - promunifi: export per-rule (rule_enabled, rule_index) and per-site aggregate metrics (rules_total, rules_enabled, rules_disabled, rules_by_action, rules_predefined, rules_custom, rules_logging_enabled) Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> * feat: export firewall policies to influx, datadog, and otel outputs Extends firewall policy support (PR #979) to all remaining output plugins: - influxunifi: batchFirewallPolicy() writes measurement "firewall_policy" with tags (rule_name, action, protocol, ip_version, source/dest zone, site_name, source) and fields (enabled, index, predefined, logging) - datadogunifi: batchFirewallPolicy() emits the same data as Datadog gauges under the "firewall_policy.*" namespace - otelunifi: exportFirewallPolicies() emits per-rule gauges (unifi_firewall_rule_enabled, unifi_firewall_rule_index) and per-site aggregates (rules_total, rules_enabled, rules_disabled, rules_by_action, rules_predefined, rules_custom, rules_logging_enabled) Also rebases onto master to pick up the otelunifi plugin (PR #978). Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 08:54:09 -04:00 · 2026-03-23 18:26:27 -05:00
parent 521c2f88bc
commit 6b33b6b97b
14 changed files with 430 additions and 6 deletions
--- a/pkg/datadogunifi/datadog.go
+++ b/pkg/datadogunifi/datadog.go
@@ -321,6 +321,10 @@ func (u *DatadogUnifi) loopPoints(r report) {
 	for _, w := range m.WANConfigs {
 		u.switchExport(r, w)
 	}
+
+	for _, p := range m.FirewallPolicies {
+		u.switchExport(r, p)
+	}
 }

 func (u *DatadogUnifi) switchExport(r report, v any) { //nolint:cyclop
@@ -361,6 +365,8 @@ func (u *DatadogUnifi) switchExport(r report, v any) { //nolint:cyclop
 		u.batchSpeedTest(r, v)
 	case *unifi.WANEnrichedConfiguration:
 		u.batchWAN(r, v)
+	case *unifi.FirewallPolicy:
+		u.batchFirewallPolicy(r, v)
 	default:
 		if u.Collector != nil && u.Collector.Poller().LogUnknownTypes {
 			u.LogDebugf("unknown export type: %T", v)
--- a/pkg/datadogunifi/firewall_policies.go
+++ b/pkg/datadogunifi/firewall_policies.go
@@ -0,0 +1,51 @@
+package datadogunifi
+
+import (
+	"github.com/unpoller/unifi/v5"
+)
+
+// batchFirewallPolicy generates firewall policy datapoints for Datadog.
+func (u *DatadogUnifi) batchFirewallPolicy(r report, p *unifi.FirewallPolicy) {
+	if p == nil {
+		return
+	}
+
+	metricName := metricNamespace("firewall_policy")
+
+	tags := []string{
+		tag("rule_name", p.Name),
+		tag("action", p.Action),
+		tag("protocol", p.Protocol),
+		tag("ip_version", p.IPVersion),
+		tag("source_zone", p.Source.ZoneID),
+		tag("dest_zone", p.Destination.ZoneID),
+		tag("site_name", p.SiteName),
+		tag("source", p.SourceName),
+	}
+
+	enabled := 0.0
+	if p.Enabled.Val {
+		enabled = 1.0
+	}
+
+	predefined := 0.0
+	if p.Predefined.Val {
+		predefined = 1.0
+	}
+
+	logging := 0.0
+	if p.Logging.Val {
+		logging = 1.0
+	}
+
+	data := map[string]float64{
+		"enabled":    enabled,
+		"index":      p.Index.Val,
+		"predefined": predefined,
+		"logging":    logging,
+	}
+
+	for name, value := range data {
+		_ = r.reportGauge(metricName(name), value, tags)
+	}
+}