Skip to content

Commit

Permalink
For analytics records, upload a singular product that was used for an…
Browse files Browse the repository at this point in the history
… authorized operation. This replaces the existing functionality that picked a random matching product from the credential
  • Loading branch information
KyleWiese committed Sep 27, 2024
1 parent b6ade2f commit 3623f09
Show file tree
Hide file tree
Showing 8 changed files with 27 additions and 15 deletions.
4 changes: 2 additions & 2 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@ module github.com/apigee/apigee-remote-service-envoy/v2

go 1.16

//replace github.com/apigee/apigee-remote-service-golib/v2 => ../apigee-remote-service-golib
// replace github.com/apigee/apigee-remote-service-golib/v2 => ../apigee-remote-service-golib

require (
github.com/apigee/apigee-remote-service-golib/v2 v2.1.2
github.com/apigee/apigee-remote-service-golib/v2 v2.1.3
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad
github.com/gogo/googleapis v1.4.1
github.com/golang/protobuf v1.5.2
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
github.com/apigee/apigee-remote-service-golib/v2 v2.1.2 h1:9+tdJlIrpWOhGXTvYNysgG2bL4Sta93L2exiW3ChKEc=
github.com/apigee/apigee-remote-service-golib/v2 v2.1.2/go.mod h1:km/iROUzLa13srZgVP0R31sAcsdgYnCJlvZdCW7ud98=
github.com/apigee/apigee-remote-service-golib/v2 v2.1.3 h1:Sh4CD+w4Hgtm8njaFVyM+MMXceFvQC29xIcUHkg73Wg=
github.com/apigee/apigee-remote-service-golib/v2 v2.1.3/go.mod h1:km/iROUzLa13srZgVP0R31sAcsdgYnCJlvZdCW7ud98=
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
Expand Down
1 change: 1 addition & 0 deletions server/authorization.go
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ func (a *AuthorizationServer) Check(ctx gocontext.Context, req *envoy_auth.Check
if len(authorizedOps) == 0 {
return a.denied(req, tracker, authContext, api), nil
}
authContext.AnalyticsProduct = authorizedOps[0].APIProduct

// apply quotas to matched operations
var quotaArgs = quota.Args{QuotaAmount: 1}
Expand Down
5 changes: 3 additions & 2 deletions server/authorization_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -365,12 +365,13 @@ func TestImmediateAnalytics(t *testing.T) {
ClientID: "client id",
AccessToken: "token",
Application: "app",
APIProducts: []string{"product1"},
APIProducts: []string{"not-accepted-product", "accepted-product"},
Expires: time.Now(),
DeveloperEmail: "email",
Scopes: []string{"scope"},
APIKey: "apikey",
CustomAttributes: "{\"tier\":\"standard\"}",
AnalyticsProduct: "accepted-product",
}
testAuthMan.sendAuth(ac, auth.ErrBadAuth)

Expand Down Expand Up @@ -430,7 +431,7 @@ func TestImmediateAnalytics(t *testing.T) {
DeveloperApp: ac.Application,
AccessToken: ac.AccessToken,
ClientID: ac.ClientID,
APIProduct: ac.APIProducts[0],
APIProduct: ac.AnalyticsProduct,
Organization: server.handler.orgName,
Environment: server.handler.envName,
GatewaySource: gatewaySource,
Expand Down
2 changes: 2 additions & 0 deletions server/header_context.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ func makeMetadataHeaders(api string, ac *auth.Context, authorized bool) []*core.
header(headerEnvironment, ac.Environment()),
header(headerOrganization, ac.Organization()),
header(headerScope, strings.Join(ac.Scopes, " ")),
header(headerAnalyticsProduct, ac.AnalyticsProduct),
}
if ac.CustomAttributes != "" {
headers = append(headers, header(headerCustomAttributes, ac.CustomAttributes))
Expand Down Expand Up @@ -87,5 +88,6 @@ func (h *Handler) decodeMetadataHeaders(headers map[string]string) (string, *aut
DeveloperEmail: headers[headerDeveloperEmail],
Scopes: strings.Split(headers[headerScope], " "),
CustomAttributes: headers[headerCustomAttributes],
AnalyticsProduct: headers[headerAnalyticsProduct],
}
}
2 changes: 2 additions & 0 deletions server/header_context_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ func TestMetadataHeaders(t *testing.T) {
DeveloperEmail: "[email protected]",
Scopes: []string{"scope1", "scope2"},
CustomAttributes: "{\"tier\":\"standard\"}",
AnalyticsProduct: "prod1",
}
api := "api"
opts = makeMetadataHeaders(api, authContext, true)
Expand All @@ -66,6 +67,7 @@ func TestMetadataHeaders(t *testing.T) {
equal(headerEnvironment, authContext.Environment())
equal(headerOrganization, authContext.Organization())
equal(headerScope, strings.Join(authContext.Scopes, " "))
equal(headerAnalyticsProduct, authContext.AnalyticsProduct)

api2, ac2 := h.decodeMetadataHeaders(headers)
if api != api2 {
Expand Down
21 changes: 12 additions & 9 deletions server/metadata_context.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ const (
headerOrganization = "x-apigee-organization"
headerScope = "x-apigee-scope"
headerCustomAttributes = "x-apigee-customattributes"
headerAnalyticsProduct = "x-apigee-analytics-product"
)

// encodeExtAuthzMetadata encodes given api and auth context into
Expand All @@ -47,15 +48,16 @@ func encodeExtAuthzMetadata(api string, ac *auth.Context, authorized bool) *stru
}

fields := map[string]*structpb.Value{
headerAccessToken: stringValueFrom(ac.AccessToken),
headerAPI: stringValueFrom(api),
headerAPIProducts: stringValueFrom(strings.Join(ac.APIProducts, ",")),
headerApplication: stringValueFrom(ac.Application),
headerClientID: stringValueFrom(ac.ClientID),
headerDeveloperEmail: stringValueFrom(ac.DeveloperEmail),
headerEnvironment: stringValueFrom(ac.Environment()),
headerOrganization: stringValueFrom(ac.Organization()),
headerScope: stringValueFrom(strings.Join(ac.Scopes, " ")),
headerAccessToken: stringValueFrom(ac.AccessToken),
headerAPI: stringValueFrom(api),
headerAPIProducts: stringValueFrom(strings.Join(ac.APIProducts, ",")),
headerApplication: stringValueFrom(ac.Application),
headerClientID: stringValueFrom(ac.ClientID),
headerDeveloperEmail: stringValueFrom(ac.DeveloperEmail),
headerEnvironment: stringValueFrom(ac.Environment()),
headerOrganization: stringValueFrom(ac.Organization()),
headerScope: stringValueFrom(strings.Join(ac.Scopes, " ")),
headerAnalyticsProduct: stringValueFrom((ac.AnalyticsProduct)),
}

if ac.CustomAttributes != "" {
Expand Down Expand Up @@ -133,5 +135,6 @@ func (h *Handler) decodeExtAuthzMetadata(fields map[string]*structpb.Value) (str
DeveloperEmail: fields[headerDeveloperEmail].GetStringValue(),
Scopes: strings.Split(fields[headerScope].GetStringValue(), " "),
CustomAttributes: fields[headerCustomAttributes].GetStringValue(),
AnalyticsProduct: fields[headerAnalyticsProduct].GetStringValue(),
}
}
3 changes: 3 additions & 0 deletions server/metadata_context_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ func TestEncodeMetadata(t *testing.T) {
DeveloperEmail: "[email protected]",
Scopes: []string{"scope1", "scope2"},
CustomAttributes: "{\"tier\":\"standard\"}",
AnalyticsProduct: "prod1",
}
api := "api"
metadata := encodeExtAuthzMetadata(api, authContext, true)
Expand All @@ -65,6 +66,7 @@ func TestEncodeMetadata(t *testing.T) {
equal(headerOrganization, authContext.Organization())
equal(headerScope, strings.Join(authContext.Scopes, " "))
equal(headerCustomAttributes, authContext.CustomAttributes)
equal(headerAnalyticsProduct, authContext.AnalyticsProduct)

api2, ac2 := h.decodeExtAuthzMetadata(metadata.GetFields())
if api != api2 {
Expand Down Expand Up @@ -96,6 +98,7 @@ func TestEncodeMetadataAuthorizedField(t *testing.T) {
DeveloperEmail: "[email protected]",
Scopes: []string{"scope1", "scope2"},
CustomAttributes: "",
AnalyticsProduct: "prod1",
}

metadata := encodeExtAuthzMetadata("api", authContext, true)
Expand Down

0 comments on commit 3623f09

Please sign in to comment.