New command: 'authentication_attempts stats'

Author: michaelklishin

CHANGELOG.md

@@ -2,7 +2,13 @@
 
 ## v2.17.0 (in development)
 
-No changes yet.
+### Enhancements
+
+ * New command, `auth_attempts stats`, displays authentication attempte statistics per protocol:
+
+   ```
+   rabbitmqadmin auth_attempts stats --node rabbit@target.hostname
+   ```
 
 
 ## v2.16.0 (Oct 20, 2025)

Cargo.lock

@@ -17,7 +17,7 @@ reqwest = { version = "0.12", features = [
     "__rustls",
     "rustls-tls-native-roots",
 ] }
-rabbitmq_http_client = { version = "0.66.0", features = [
+rabbitmq_http_client = { version = "0.68.0", features = [
     "blocking",
     "tabled",
 ] }

Cargo.toml

@@ -46,6 +46,16 @@ pub fn parser(pre_flight_settings: PreFlightSettings) -> Command {
         GITHUB_REPOSITORY_URL
     );
 
+    let auth_attempts_group = Command::new("auth_attempts")
+        .about("Operations on authentication attempt statistics")
+        .infer_subcommands(pre_flight_settings.infer_subcommands)
+        .infer_long_args(pre_flight_settings.infer_long_options)
+        .after_help(color_print::cformat!(
+            "<bold>Doc guide</bold>: {}",
+            ACCESS_CONTROL_GUIDE_URL
+        ))
+        .arg_required_else_help(true)
+        .subcommands(auth_attempts_subcommands(pre_flight_settings.clone()));
     let bindings_group = Command::new("bindings")
         .about("Operations on bindings")
         .infer_subcommands(pre_flight_settings.infer_subcommands)
@@ -387,6 +397,7 @@ pub fn parser(pre_flight_settings: PreFlightSettings) -> Command {
         .subcommands(vhost_limits_subcommands(pre_flight_settings.clone()));
 
     let command_groups = [
+        auth_attempts_group,
         bindings_group,
         channels_group,
         close_group,
@@ -1403,6 +1414,26 @@ fn purge_subcommands(pre_flight_settings: PreFlightSettings) -> Vec<Command> {
         .collect()
 }
 
+fn auth_attempts_subcommands(pre_flight_settings: PreFlightSettings) -> Vec<Command> {
+    let stats_cmd = Command::new("stats")
+        .about("Displays authentication attempt statistics for a cluster node")
+        .after_help(color_print::cformat!(
+            "<bold>Doc guide</bold>: {}",
+            ACCESS_CONTROL_GUIDE_URL
+        ))
+        .arg(
+            Arg::new("node")
+                .long("node")
+                .help("target node, must be a cluster member")
+                .required(true),
+        );
+
+    [stats_cmd]
+        .into_iter()
+        .map(|cmd| cmd.infer_long_args(pre_flight_settings.infer_long_options))
+        .collect()
+}
+
 fn binding_subcommands(pre_flight_settings: PreFlightSettings) -> Vec<Command> {
     let idempotently_arg = Arg::new("idempotently")
         .long("idempotently")

src/cli.rs

@@ -68,6 +68,14 @@ pub fn list_nodes(client: APIClient) -> ClientResult<Vec<responses::ClusterNode>
     client.list_nodes()
 }
 
+pub fn list_auth_attempts(
+    client: APIClient,
+    command_args: &ArgMatches,
+) -> ClientResult<Vec<responses::AuthenticationAttemptStatistics>> {
+    let node = command_args.get_one::<String>("node").unwrap();
+    client.auth_attempts_statistics(node)
+}
+
 pub fn list_vhosts(client: APIClient) -> ClientResult<Vec<responses::VirtualHost>> {
     client.list_vhosts()
 }

src/commands.rs

@@ -427,6 +427,10 @@ fn dispatch_common_subcommand(
     res_handler: &mut ResultHandler,
 ) -> ExitCode {
     match &pair {
+        ("auth_attempts", "stats") => {
+            let result = commands::list_auth_attempts(client, second_level_args);
+            res_handler.tabular_result(result)
+        }
         ("bindings", "declare") => {
             let result = commands::declare_binding(client, &vhost, second_level_args);
             res_handler.no_output_on_success(result);

src/main.rs

@@ -0,0 +1,42 @@
+// Copyright (C) 2023-2025 RabbitMQ Core Team (teamrabbitmq@gmail.com)
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+use predicates::prelude::*;
+use std::error::Error;
+
+mod test_helpers;
+use crate::test_helpers::*;
+
+#[test]
+fn test_list_auth_attempts() -> Result<(), Box<dyn Error>> {
+    let rc = api_client();
+    let nodes = rc.list_nodes()?;
+    let first = nodes.first().unwrap();
+
+    run_succeeds(["auth_attempts", "stats", "--node", first.name.as_str()]).stdout(
+        output_includes("Protocol")
+            .and(output_includes("Number of attempts"))
+            .and(output_includes("Successful"))
+            .and(output_includes("Failed")),
+    );
+
+    Ok(())
+}
+
+#[test]
+fn test_list_auth_attempts_requires_node_argument() -> Result<(), Box<dyn Error>> {
+    run_fails(["auth_attempts", "stats"]).stderr(output_includes("--node"));
+
+    Ok(())
+}