Track usage data for Network Policies UI

Uses a redis HLL counter to track the number of clusters visiting the
network policies page with network policies present in the cluster.
Since any ultimate customer can visit the page, we require policies to
be present in the response as an extra signal for the feature having
provided value to the user.

See https://gitlab.com/gitlab-org/gitlab/-/issues/334090

Changelog: added
MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64731
EE: true

ee/app/services/network_policies/resources_service.rb

@@ -3,6 +3,7 @@
 module NetworkPolicies
   class ResourcesService
     include NetworkPolicies::Responses
+    include Gitlab::Utils::UsageData
 
     LIMIT = 100
 
@@ -26,6 +27,12 @@ module NetworkPolicies
 
     private
 
+    def track_usage_data_for_cluster(platform, policies)
+      return if policies.empty?
+
+      track_usage_event(:clusters_using_network_policies_ui, platform.cluster_id)
+    end
+
     def execute_per_environment(platform, namespace)
       policies = platform.kubeclient
         .get_network_policies(namespace: namespace)
@@ -33,6 +40,7 @@ module NetworkPolicies
       policies += platform.kubeclient
         .get_cilium_network_policies(namespace: namespace)
         .map { |resource| Gitlab::Kubernetes::CiliumNetworkPolicy.from_resource(resource) }
+      track_usage_data_for_cluster(platform, policies)
       [policies, nil]
     rescue Kubeclient::HttpError => e
       [policies, e]

ee/config/metrics/counts_28d/20210623202402_clusters_using_network_policies_ui_monthly.yml

+---
+key_path: redis_hll_counters.network_policies.clusters_using_network_policies_ui_monthly
+description: Monthly number of distinct clusters with network policies using the network policies UI
+product_section: sec
+product_stage: protect
+product_group: group::container security
+product_category: container_network_security
+value_type: number
+status: implemented
+milestone: "14.1"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64731
+time_frame: 28d
+data_source: redis_hll
+data_category: Operational
+distribution:
+- ee
+tier:
+- ultimate

ee/config/metrics/counts_7d/20210623202358_clusters_using_network_policies_ui_weekly.yml

+---
+key_path: redis_hll_counters.network_policies.clusters_using_network_policies_ui_weekly
+description: Weekly number of distinct clusters with network policies using the network policies UI
+product_section: sec
+product_stage: protect
+product_group: group::container security
+product_category: container_network_security
+value_type: number
+status: implemented
+milestone: "14.1"
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64731
+time_frame: 7d
+data_source: redis_hll
+data_category: Operational
+distribution:
+- ee
+tier:
+- ultimate

ee/spec/services/network_policies/resources_service_spec.rb

@@ -9,7 +9,7 @@ RSpec.describe NetworkPolicies::ResourcesService do
   let(:project) { create(:project) }
   let(:cluster) { create(:cluster, :instance) }
   let!(:cluster_kubernetes_namespace) { create(:cluster_kubernetes_namespace, project: project, cluster: cluster, environment: environment, namespace: 'namespace') }
-  let(:platform) { double('Clusters::Platforms::Kubernetes', kubeclient: kubeclient) }
+  let(:platform) { double('Clusters::Platforms::Kubernetes', kubeclient: kubeclient, cluster_id: cluster.id) }
   let(:kubeclient) { double('Kubeclient::Client') }
   let(:policy) do
     Gitlab::Kubernetes::NetworkPolicy.new(
@@ -46,6 +46,23 @@ RSpec.describe NetworkPolicies::ResourcesService do
       expect(subject.payload.last.as_json).to eq(cilium_policy.as_json)
     end
 
+    it_behaves_like 'tracking unique hll events' do
+      subject(:request) { service.execute }
+
+      let(:target_id) { 'clusters_using_network_policies_ui' }
+      let(:expected_type) { instance_of(Integer) }
+
+      before do
+        allow(kubeclient).to receive(:get_network_policies)
+          .with(namespace: cluster_kubernetes_namespace.namespace)
+          .and_return [policy.generate]
+
+        allow(kubeclient).to receive(:get_cilium_network_policies)
+          .with(namespace: cluster_kubernetes_namespace.namespace)
+          .and_return [cilium_policy.generate]
+      end
+    end
+
     context 'without deployment_platform' do
       let(:platform) { nil }
 

lib/gitlab/usage_data_counters/known_events/common.yml

@@ -369,3 +369,8 @@
   category: testing
   aggregation: weekly
   feature_flag: users_expanding_widgets_usage_data
+# Container Security - Network Policies
+- name: clusters_using_network_policies_ui
+  redis_slot: network_policies
+  category: network_policies
+  aggregation: weekly

spec/lib/gitlab/usage_data_counters/hll_redis_counter_spec.rb

@@ -46,7 +46,8 @@ RSpec.describe Gitlab::UsageDataCounters::HLLRedisCounter, :clean_gitlab_redis_s
         'pipeline_authoring',
         'epics_usage',
         'epic_boards_usage',
-        'secure'
+        'secure',
+        'network_policies'
       )
     end
   end

spec/lib/gitlab/usage_data_spec.rb

@@ -1269,7 +1269,7 @@ RSpec.describe Gitlab::UsageData, :aggregate_failures do
 
     let(:categories) { ::Gitlab::UsageDataCounters::HLLRedisCounter.categories }
     let(:ineligible_total_categories) do
-      %w[source_code ci_secrets_management incident_management_alerts snippets terraform incident_management_oncall secure]
+      %w[source_code ci_secrets_management incident_management_alerts snippets terraform incident_management_oncall secure network_policies]
     end
 
     context 'with redis_hll_tracking feature enabled' do