From ab6bb6e1eb23c73b00d813d6113d878a313fb9e6 Mon Sep 17 00:00:00 2001 From: kristinaspring Date: Thu, 30 Apr 2020 13:18:03 -0700 Subject: [PATCH] added endpoint regexp for capability checks (#111) * added endpoint regexp for capability checks * updated changelog --- CHANGELOG.md | 1 + go.mod | 2 +- go.sum | 7 +++++-- gungnir.yaml | 5 +++++ main.go | 1 + primaryHandler.go | 12 +++++++++++- 6 files changed, 24 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ec3001..89b3ce4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - changed Event struct tag from wrp to json [#110](https://github.com/xmidt-org/gungnir/pull/110) - bumped codex-db to v0.6.0 [#110](https://github.com/xmidt-org/gungnir/pull/110) - bumped wrp-go to v2.0.1 [#110](https://github.com/xmidt-org/gungnir/pull/110) +- bumped webpa-common to v1.9.0 to add configurable regexp for capability check metric labels [#111](https://github.com/xmidt-org/gungnir/pull/111) ## [v0.13.1] - fixed a capabilityCheck issue by correctly parsing out an additional `/` from the URL [#108](https://github.com/xmidt-org/gungnir/pull/108) diff --git a/go.mod b/go.mod index 19a4779..5af2251 100644 --- a/go.mod +++ b/go.mod @@ -16,6 +16,6 @@ require ( github.com/xmidt-org/bascule v0.8.0 github.com/xmidt-org/codex-db v0.7.0 github.com/xmidt-org/voynicrypto v0.1.1 - github.com/xmidt-org/webpa-common v1.6.2 + github.com/xmidt-org/webpa-common v1.9.0 github.com/xmidt-org/wrp-go/v2 v2.0.1 ) diff --git a/go.sum b/go.sum index 6c229b5..7b12520 100644 --- a/go.sum +++ b/go.sum @@ -244,6 +244,7 @@ github.com/rollbar/rollbar-go v1.0.2/go.mod h1:AcFs5f0I+c71bpHlXNNDbOWJiKwjFDtIS github.com/rubyist/circuitbreaker v2.2.0+incompatible/go.mod h1:Ycs3JgJADPuzJDwffe12k6BZT8hxVi6lFK+gWYJLN4A= github.com/samuel/go-zookeeper v0.0.0-20180130194729-c4fab1ac1bec/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/segmentio/ksuid v1.0.2/go.mod h1:BXuJDr2byAiHuQaQtSKoXh1J0YmUDurywOXgB2w+OSU= github.com/shirou/gopsutil v2.18.12+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= @@ -301,11 +302,13 @@ github.com/xmidt-org/webpa-common v1.2.0/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4 github.com/xmidt-org/webpa-common v1.3.1/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI= github.com/xmidt-org/webpa-common v1.3.2/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI= github.com/xmidt-org/webpa-common v1.5.0/go.mod h1:wR27EP2MfUvQNy22rYm9p65VSErlwTi34mDCWhZivgI= -github.com/xmidt-org/webpa-common v1.6.2 h1:2K2PPzEpLJ+SG18j54ST2pyqujE2HUgHzBrrKWS3+W8= -github.com/xmidt-org/webpa-common v1.6.2/go.mod h1:r6I3zj1HM1iZHcytbgViJpoYCBNHIATF/7aZMgCOfXg= +github.com/xmidt-org/webpa-common v1.9.0 h1:6Nc0joRNJKLVIQhTUSfY9zyn8QWJzppFIzhUj1wWBLA= +github.com/xmidt-org/webpa-common v1.9.0/go.mod h1:8Ml4Ck/bANH1TCTfGgLFqepdiotTzchxNyo89W4aDd4= +github.com/xmidt-org/wrp-go v1.3.3 h1:WvODdrtxPwHEUqwfwHpu+kNUfBzLBfAIdrKCQjoCblc= github.com/xmidt-org/wrp-go v1.3.3/go.mod h1:VOKYeeVWc2cyYmGWJksqUCV/lGzReRl0EP74y3mcWp0= github.com/xmidt-org/wrp-go/v2 v2.0.1 h1:JWMpAvNCkD1pLXdZLmAs/4g3twxTM7K4YU57dapJvB0= github.com/xmidt-org/wrp-go/v2 v2.0.1/go.mod h1:v0HK0go/7OSVDvKbnXsUn6c+M987p0yyxWEs8/Fmf60= +github.com/xmidt-org/wrp-go/v3 v3.0.1/go.mod h1:08zAEevd+fM81/asCgsMJdgO8sfKLvqclqJGX1pphnE= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/yugabyte/gocql v0.0.0-20190522232832-e049977574e9 h1:BpVFCemJnLkcheWPQGmFnWzS+4CNXtHwKsgZiyvTT/I= github.com/yugabyte/gocql v0.0.0-20190522232832-e049977574e9/go.mod h1:kXnWCffg+Tcm4uCyjKS4JcAJEsWDrMPR58Yav3pfwBc= diff --git a/gungnir.yaml b/gungnir.yaml index f1ee0ac..d6a4364 100644 --- a/gungnir.yaml +++ b/gungnir.yaml @@ -186,6 +186,11 @@ jwtValidator: # type: "enforce" # prefix: "prefix Here" # acceptAllMethod: "all" +# # endpointBuckets provides regular expressions to use against the request +# # endpoint in order to group requests for a metric label. +# endpointBuckets: +# - "device/.*/events\\b" +# - "device/.*/status\\b" ######################################## # Database Related Configuration diff --git a/main.go b/main.go index 9a2db00..be4f322 100644 --- a/main.go +++ b/main.go @@ -87,6 +87,7 @@ type CapabilityConfig struct { Type string Prefix string AcceptAllMethod string + EndpointBuckets []string } type JWTValidator struct { diff --git a/primaryHandler.go b/primaryHandler.go index 141c16c..e5f6f99 100644 --- a/primaryHandler.go +++ b/primaryHandler.go @@ -24,6 +24,7 @@ import ( "errors" "fmt" "net/http" + "regexp" "strings" "time" @@ -354,7 +355,16 @@ func authChain(basicAuth []string, jwtVal JWTValidator, capabilityCheck Capabili // only add capability check if the configuration is set if capabilityCheck.Type == "enforce" || capabilityCheck.Type == "monitor" { - checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod) + var endpoints []*regexp.Regexp + for _, e := range capabilityCheck.EndpointBuckets { + r, err := regexp.Compile(e) + if err != nil { + logging.Error(logger).Log(logging.MessageKey(), "failed to compile regular expression", "regex", e, logging.ErrorKey(), err.Error()) + continue + } + endpoints = append(endpoints, r) + } + checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod, endpoints) if err != nil { return alice.Chain{}, emperror.With(err, "failed to create capability check") }