added endpoint regex for capabilityCheck metric (#147)

* added endpoint regex for capabilityCheck metric * updated with new webpa-common version * updated changelog
xmidt-org · Feb 24, 2020 · f59e1c7 · f59e1c7
1 parent e1d354d
commit f59e1c7
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ## [Unreleased]
 - fix a bug in which tr1d1um was returning 500 for user error requests [#146](https://github.com/xmidt-org/tr1d1um/pull/146)
 
+## [v0.4.0]
+- added endpoint regex configuration for capabilityCheck metric [#147](https://github.com/xmidt-org/tr1d1um/pull/147)
+
 ## [v0.3.0]
  - add feature to disable verbose transaction logger [#145](https://github.com/xmidt-org/tr1d1um/pull/145)
  - changed WRP message source [#144](https://github.com/xmidt-org/tr1d1um/pull/144)
@@ -35,7 +38,8 @@ Switching to new build process
 ### Added
 - Initial creation
 
-[Unreleased]: https://github.com/xmidt-org/tr1d1um/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/xmidt-org/tr1d1um/compare/v0.4.0...HEAD
+[v0.4.0]: https://github.com/xmidt-org/tr1d1um/compare/v0.3.0...v0.4.0
 [v0.3.0]: https://github.com/xmidt-org/tr1d1um/compare/v0.2.1...v0.3.0
 [v0.2.1]: https://github.com/xmidt-org/tr1d1um/compare/v0.2.0...v0.2.1
 [v0.2.0]: https://github.com/xmidt-org/tr1d1um/compare/v0.1.5...v0.2.0

diff --git a/go.mod b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/spf13/viper v1.6.1
 	github.com/stretchr/testify v1.3.0
 	github.com/xmidt-org/bascule v0.8.0
-	github.com/xmidt-org/webpa-common v1.6.2
+	github.com/xmidt-org/webpa-common v1.7.0
 	github.com/xmidt-org/wrp-go v1.3.3
 	golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 // indirect
 	golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6 // indirect

diff --git a/go.sum b/go.sum
@@ -211,10 +211,13 @@ github.com/xmidt-org/bascule v0.8.0/go.mod h1:dPxlbNT3lCwYAtOq2zbzyzTEKgM+azLSbK
 github.com/xmidt-org/webpa-common v1.1.0/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI=
 github.com/xmidt-org/webpa-common v1.3.1 h1:IenWLbUZwM9vtIZz5n8+/us9bv2XxAQSx8FCimYMN4U=
 github.com/xmidt-org/webpa-common v1.3.1/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI=
-github.com/xmidt-org/webpa-common v1.6.2 h1:2K2PPzEpLJ+SG18j54ST2pyqujE2HUgHzBrrKWS3+W8=
-github.com/xmidt-org/webpa-common v1.6.2/go.mod h1:r6I3zj1HM1iZHcytbgViJpoYCBNHIATF/7aZMgCOfXg=
+github.com/xmidt-org/webpa-common v1.3.2/go.mod h1:oCpKzOC+9h2vYHVzAU/06tDTQuBN4RZz+rhgIXptpOI=
+github.com/xmidt-org/webpa-common v1.7.0 h1:0FB/SQIePQigZ2DDMWSjRml2FxPLZJPrcq1sBh+sXAU=
+github.com/xmidt-org/webpa-common v1.7.0/go.mod h1:PV4+42cjvL2hCj17Jb+Rnik9DszDG/DjHz8IT8e52ww=
 github.com/xmidt-org/wrp-go v1.3.3 h1:WvODdrtxPwHEUqwfwHpu+kNUfBzLBfAIdrKCQjoCblc=
 github.com/xmidt-org/wrp-go v1.3.3/go.mod h1:VOKYeeVWc2cyYmGWJksqUCV/lGzReRl0EP74y3mcWp0=
+github.com/xmidt-org/wrp-go/v2 v2.0.0 h1:5qWc3uZDQNxjunUqK9HMrWZcdCaTtUVCtR+SSYWSK6I=
+github.com/xmidt-org/wrp-go/v2 v2.0.0/go.mod h1:v0HK0go/7OSVDvKbnXsUn6c+M987p0yyxWEs8/Fmf60=
 github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=

diff --git a/main.go b/main.go
@@ -29,6 +29,7 @@ import (
 	_ "net/http/pprof"
 	"os"
 	"os/signal"
+	"regexp"
 	"runtime"
 	"time"
 
@@ -337,6 +338,7 @@ type CapabilityConfig struct {
 	Type            string
 	Prefix          string
 	AcceptAllMethod string
+	EndpointBuckets []string
 }
 
 //authenticationHandler configures the authorization requirements for requests to reach the main handler
@@ -402,7 +404,16 @@ func authenticationHandler(v *viper.Viper, logger log.Logger, registry xmetrics.
 	var capabilityCheck CapabilityConfig
 	v.UnmarshalKey("capabilityCheck", &capabilityCheck)
 	if capabilityCheck.Type == "enforce" || capabilityCheck.Type == "monitor" {
-		checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod)
+		var endpoints []*regexp.Regexp
+		for _, e := range capabilityCheck.EndpointBuckets {
+			r, err := regexp.Compile(e)
+			if err != nil {
+				logging.Error(logger).Log(logging.MessageKey(), "failed to compile regular expression", "regex", e, logging.ErrorKey(), err.Error())
+				continue
+			}
+			endpoints = append(endpoints, r)
+		}
+		checker, err := basculechecks.NewCapabilityChecker(capabilityCheckMeasures, capabilityCheck.Prefix, capabilityCheck.AcceptAllMethod, endpoints)
 		if err != nil {
 			return nil, emperror.With(err, "failed to create capability check")
 		}

diff --git a/tr1d1um.yaml b/tr1d1um.yaml
@@ -217,9 +217,20 @@ jwtValidator:
 # is approved for all methods.
 # (Optional)
 # capabilityCheck:
+#   # type provides the mode for capability checking.
 #   type: "enforce"
+#   # prefix provides the regex to match the capability before the endpoint.
 #   prefix: "prefix Here"
+#   # acceptAllMethod provides a way to have a capability that allows all 
+#   # methods for a specific endpoint.
 #   acceptAllMethod: "all"
+#   # endpointBuckets provides regular expressions to use against the request 
+#   # endpoint in order to group requests for a metric label.
+#   endpointBuckets:
+#     - "hook\\b"
+#     - "hooks\\b"
+#     - "device/.*/stat\\b"
+#     - "device/.*/config\\b"
 
 
 ##############################################################################