added endpoint regexp for capability checks (#111)

* added endpoint regexp for capability checks * updated changelog
xmidt-org · Apr 30, 2020 · ab6bb6e · ab6bb6e
1 parent 2331e29
commit ab6bb6e
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - changed Event struct tag from wrp to json [#110](https://github.com/xmidt-org/gungnir/pull/110)
 - bumped codex-db to v0.6.0 [#110](https://github.com/xmidt-org/gungnir/pull/110)
 - bumped wrp-go to v2.0.1 [#110](https://github.com/xmidt-org/gungnir/pull/110)
+- bumped webpa-common to v1.9.0 to add configurable regexp for capability check metric labels [#111](https://github.com/xmidt-org/gungnir/pull/111)
 
 ## [v0.13.1]
  - fixed a capabilityCheck issue by correctly parsing out an additional `/` from the URL [#108](https://github.com/xmidt-org/gungnir/pull/108)

diff --git a/go.mod b/go.mod
@@ -16,6 +16,6 @@ require (
 	github.com/xmidt-org/bascule v0.8.0
 	github.com/xmidt-org/codex-db v0.7.0
 	github.com/xmidt-org/voynicrypto v0.1.1
-	github.com/xmidt-org/webpa-common v1.6.2
+	github.com/xmidt-org/webpa-common v1.9.0
 	github.com/xmidt-org/wrp-go/v2 v2.0.1
 )
diff --git a/go.sum b/go.sum
@@ -244,6 +244,7 @@ github.com/rollbar/rollbar-go v1.0.2/go.mod h1:AcFs5f0I+c71bpHlXNNDbOWJiKwjFDtIS
 github.com/rubyist/circuitbreaker v2.2.0+incompatible/go.mod h1:Ycs3JgJADPuzJDwffe12k6BZT8hxVi6lFK+gWYJLN4A=
 github.com/samuel/go-zookeeper v0.0.0-20180130194729-c4fab1ac1bec/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/segmentio/ksuid v1.0.2/go.mod h1:BXuJDr2byAiHuQaQtSKoXh1J0YmUDurywOXgB2w+OSU=
 github.com/shirou/gopsutil v2.18.12+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
@@ -301,11 +302,13 @@ github.com/xmidt-org/webpa-common v1.2.0/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4
 github.com/xmidt-org/webpa-common v1.3.1/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI=
 github.com/xmidt-org/webpa-common v1.3.2/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI=
 github.com/xmidt-org/webpa-common v1.5.0/go.mod h1:wR27EP2MfUvQNy22rYm9p65VSErlwTi34mDCWhZivgI=
-github.com/xmidt-org/webpa-common v1.6.2 h1:2K2PPzEpLJ+SG18j54ST2pyqujE2HUgHzBrrKWS3+W8=
-github.com/xmidt-org/webpa-common v1.6.2/go.mod h1:r6I3zj1HM1iZHcytbgViJpoYCBNHIATF/7aZMgCOfXg=
+github.com/xmidt-org/webpa-common v1.9.0 h1:6Nc0joRNJKLVIQhTUSfY9zyn8QWJzppFIzhUj1wWBLA=
+github.com/xmidt-org/webpa-common v1.9.0/go.mod h1:8Ml4Ck/bANH1TCTfGgLFqepdiotTzchxNyo89W4aDd4=
+github.com/xmidt-org/wrp-go v1.3.3 h1:WvODdrtxPwHEUqwfwHpu+kNUfBzLBfAIdrKCQjoCblc=
 github.com/xmidt-org/wrp-go v1.3.3/go.mod h1:VOKYeeVWc2cyYmGWJksqUCV/lGzReRl0EP74y3mcWp0=
 github.com/xmidt-org/wrp-go/v2 v2.0.1 h1:JWMpAvNCkD1pLXdZLmAs/4g3twxTM7K4YU57dapJvB0=
 github.com/xmidt-org/wrp-go/v2 v2.0.1/go.mod h1:v0HK0go/7OSVDvKbnXsUn6c+M987p0yyxWEs8/Fmf60=
+github.com/xmidt-org/wrp-go/v3 v3.0.1/go.mod h1:08zAEevd+fM81/asCgsMJdgO8sfKLvqclqJGX1pphnE=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 github.com/yugabyte/gocql v0.0.0-20190522232832-e049977574e9 h1:BpVFCemJnLkcheWPQGmFnWzS+4CNXtHwKsgZiyvTT/I=
 github.com/yugabyte/gocql v0.0.0-20190522232832-e049977574e9/go.mod h1:kXnWCffg+Tcm4uCyjKS4JcAJEsWDrMPR58Yav3pfwBc=

diff --git a/gungnir.yaml b/gungnir.yaml
@@ -186,6 +186,11 @@ jwtValidator:
 #   type: "enforce"
 #   prefix: "prefix Here"
 #   acceptAllMethod: "all"
+#   # endpointBuckets provides regular expressions to use against the request 
+#   # endpoint in order to group requests for a metric label.
+#   endpointBuckets:
+#     - "device/.*/events\\b"
+#     - "device/.*/status\\b"
 
 ########################################
 #   Database Related Configuration

diff --git a/main.go b/main.go
@@ -87,6 +87,7 @@ type CapabilityConfig struct {
 	Type            string
 	Prefix          string
 	AcceptAllMethod string
+	EndpointBuckets []string
 }
 
 type JWTValidator struct {

diff --git a/primaryHandler.go b/primaryHandler.go
@@ -24,6 +24,7 @@ import (
 	"errors"
 	"fmt"
 	"net/http"
+	"regexp"
 	"strings"
 	"time"
 
@@ -354,7 +355,16 @@ func authChain(basicAuth []string, jwtVal JWTValidator, capabilityCheck Capabili
 
 	// only add capability check if the configuration is set
 	if capabilityCheck.Type == "enforce" || capabilityCheck.Type == "monitor" {
-		checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod)
+		var endpoints []*regexp.Regexp
+		for _, e := range capabilityCheck.EndpointBuckets {
+			r, err := regexp.Compile(e)
+			if err != nil {
+				logging.Error(logger).Log(logging.MessageKey(), "failed to compile regular expression", "regex", e, logging.ErrorKey(), err.Error())
+				continue
+			}
+			endpoints = append(endpoints, r)
+		}
+		checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod, endpoints)
 		if err != nil {
 			return alice.Chain{}, emperror.With(err, "failed to create capability check")
 		}