apisonator 3.3.2 → 3.4.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 881dcbb24dbe3757ed8d786f49cdf6aab9dce3bb060f26387f142b4e825e06a1
-  data.tar.gz: e25f370546c286d5400fdbf19331ef554f34ce47c91df522007039c1fbf322e4
+  metadata.gz: bb8035c96211d326fdd9231d4f7d92303ca0821d813cc01b2e44bef5c9ec8f4b
+  data.tar.gz: 3fb050d336b0bc774281741590a7b848c63a2ef05300ede3602907fb116b48d0
 SHA512:
-  metadata.gz: 618be1a317cee54f1892357f7a64739b79eb0e203e15ae03a367176642e4d526c72d283a59438640e1e6503fd5e72a85be230deab76e6ac13c2305e8080aacd5
-  data.tar.gz: e7150ec528c2dc2b2b0f53a69fa50b2f5b7af52f736ca0a74196a38ae6be1b8a6913fd81fc609f00e18278c2fab571a7a926f647635b9b264b7abd7099673584
+  metadata.gz: a7fd9acbfaf34c91682cce1fe47014dfcca36895e5520970fcc1b9a7c2d583ee2c467c21c87a41328d1c7331a192b104324a403a5888a55cfc22a7835e646ee4
+  data.tar.gz: 74004a2879c25b1cbab73369f5d261e64eac2ed0ce218758d4605322361eae88058caf2f512fbe993d98e6958251ecb55305171e5f93e2178131a75a5ee8157d

data/CHANGELOG.md

@@ -2,6 +2,59 @@
 
 Notable changes to Apisonator will be tracked in this document.
 
+## 3.4.3 - 2021-06-23
+
+### Fixed
+
+- Fixed bug that causes Apisonator to stop pinging Porta to fetch events. This
+bug triggers very rarely
+([#292](https://github.com/3scale/apisonator/pull/292)).
+
+## 3.4.2 - 2021-06-17
+
+### Fixed
+
+- Fixed exception raised when TTL = 0 in `UsagesChecked.mark_all_checked`
+([#290](https://github.com/3scale/apisonator/pull/290)).
+
+## 3.4.1 - 2021-06-16
+
+### Changed
+
+- Introduced performance optimizations around alerts detection
+([#287](https://github.com/3scale/apisonator/pull/287)).
+
+## 3.4.0 - 2021-06-14
+
+### Added
+
+- New extension that list the keys of an application
+([#284](https://github.com/3scale/apisonator/pull/284)).
+
+### Changed
+
+- It is now possible to use OIDC in the auth and authrep endpoints
+([#280](https://github.com/3scale/apisonator/pull/280)).
+- Updated multi-json to 1.15.0
+([#278](https://github.com/3scale/apisonator/pull/278)).
+
+### Removed
+
+- Deleted unused service attributes related with deleted end-users functionality
+([#277](https://github.com/3scale/apisonator/pull/277)).
+
+## 3.3.3 - 2021-03-09
+
+### Changed
+
+- Check if alerts can be raised before calculating utilization (perf
+optimization) ([#275](https://github.com/3scale/apisonator/pull/275)).
+
+### Removed
+
+- Stop maintaining unused "current_max" key in Alerts
+([#272](https://github.com/3scale/apisonator/pull/272)).
+
 ## 3.3.2 - 2021-02-23
 
 ### Fixed

data/Gemfile.lock

@@ -36,7 +36,7 @@ GIT
 PATH
   remote: .
   specs:
-    apisonator (3.3.2)
+    apisonator (3.4.3)
 
 GEM
   remote: https://rubygems.org/
@@ -137,7 +137,7 @@ GEM
     mocha (1.3.0)
       metaclass (~> 0.0.1)
     mono_logger (1.1.0)
-    multi_json (1.13.1)
+    multi_json (1.15.0)
     mustache (1.0.5)
     mustermann (1.0.2)
     net-scp (1.2.1)

data/Gemfile.on_prem.lock

@@ -36,7 +36,7 @@ GIT
 PATH
   remote: .
   specs:
-    apisonator (3.3.2)
+    apisonator (3.4.3)
 
 GEM
   remote: https://rubygems.org/
@@ -126,7 +126,7 @@ GEM
     mocha (1.3.0)
       metaclass (~> 0.0.1)
     mono_logger (1.1.0)
-    multi_json (1.13.1)
+    multi_json (1.15.0)
     mustache (1.0.5)
     mustermann (1.0.2)
     net-scp (1.2.1)

data/lib/3scale/backend.rb

@@ -44,6 +44,7 @@ require '3scale/backend/queue_storage'
 require '3scale/backend/errors'
 require '3scale/backend/stats'
 require '3scale/backend/usage_limit'
+require '3scale/backend/utilization'
 require '3scale/backend/alerts'
 require '3scale/backend/event_storage'
 require '3scale/backend/worker'

data/lib/3scale/backend/alert_limit.rb

@@ -1,21 +1,19 @@
 module ThreeScale
   module Backend
     class AlertLimit
-      module KeyHelpers
-        def key(service_id)
-          "alerts/service_id:#{service_id}/allowed_set"
-        end
-      end
-
-      include KeyHelpers
-      extend KeyHelpers
+      include Alerts::KeyHelpers
+      extend Alerts::KeyHelpers
 
       include Storable
 
       attr_accessor :service_id, :value
 
       def save
-        storage.sadd(key(service_id), value.to_i) if valid?
+        if valid?
+          res = storage.sadd(key_allowed_set(service_id), value.to_i)
+          Alerts::UsagesChecked.invalidate_for_service(service_id)
+          res
+        end
       end
 
       def to_hash
@@ -26,7 +24,7 @@ module ThreeScale
       end
 
       def self.load_all(service_id)
-        values = storage.smembers(key(service_id))
+        values = storage.smembers(key_allowed_set(service_id))
         values.map do |value|
           new(service_id: service_id, value: value.to_i)
         end
@@ -38,7 +36,7 @@ module ThreeScale
       end
 
       def self.delete(service_id, value)
-        storage.srem(key(service_id), value.to_i) if valid_value?(value)
+        storage.srem(key_allowed_set(service_id), value.to_i) if valid_value?(value)
       end
 
       def self.valid_value?(value)

data/lib/3scale/backend/alerts.rb

@@ -6,11 +6,10 @@ module ThreeScale
 
         # The compacted hour in the params refers to the
         # TimeHacks.to_compact_s method.
-        def alert_keys(service_id, app_id, discrete_utilization, compacted_hour_start)
+        def alert_keys(service_id, app_id, discrete_utilization)
           {
             already_notified: key_already_notified(service_id, app_id, discrete_utilization),
             allowed: key_allowed_set(service_id),
-            current_max: key_current_max(service_id, app_id, compacted_hour_start),
             current_id: key_current_id
           }
         end
@@ -31,18 +30,19 @@ module ThreeScale
           "#{prefix}allowed_set"
         end
 
-        def key_current_max(service_id, app_id, compacted_hour_start)
-          prefix = key_prefix(service_id, app_id)
-          "#{prefix}#{compacted_hour_start}/current_max"
-        end
-
         def key_current_id
           'alerts/current_id'.freeze
         end
+
+        def key_usage_already_checked(service_id, app_id)
+          prefix = key_prefix(service_id, app_id)
+          "#{prefix}usage_already_checked"
+        end
       end
 
       extend self
       extend KeyHelpers
+      include Memoizer::Decorator
 
       ALERT_TTL       = 24*3600 # 1 day (only one message per day)
       ## zero must be here and sorted, yes or yes
@@ -50,67 +50,109 @@ module ThreeScale
       FIRST_ALERT_BIN = ALERT_BINS.first
       RALERT_BINS     = ALERT_BINS.reverse.freeze
 
-      def utilization(app_usage_reports)
-        max_utilization = -1.0
-        max_record = nil
-        max = proc do |item|
-          if item.max_value > 0
-            utilization = item.current_value / item.max_value.to_f
-
-            if utilization > max_utilization
-              max_record = item
-              max_utilization = utilization
-            end
+      # This class is useful to reduce the amount of information that we need to
+      # fetch from Redis to determine whether an alert should be raised.
+      # In summary, alerts are raised at the application level and we need to
+      # wait for 24h before raising a new one for the same level (ALERTS_BIN
+      # above).
+      #
+      # This class allows us to check all the usage limits once and then not
+      # check all of them again (just the ones in the report job) until:
+      # 1) A specific alert has expired (24h passed since it was triggered).
+      # 2) A new alert bin is enabled for the service.
+      class UsagesChecked
+        extend KeyHelpers
+        extend StorageHelpers
+        include Memoizer::Decorator
+
+        def self.need_to_check_all?(service_id, app_id)
+          !storage.exists(key_usage_already_checked(service_id, app_id))
+        end
+        memoize :need_to_check_all?
+
+        def self.mark_all_checked(service_id, app_id)
+          ttl = ALERT_BINS.map do |bin|
+            ttl = storage.ttl(key_already_notified(service_id, app_id, bin))
+
+            # Redis returns -2 if key does not exist, and -1 if it exists without
+            # a TTL (we know this should not happen for the alert bins).
+            # In those cases we should just set the TTL to the max (ALERT_TTL).
+            ttl >= 0 ? ttl : ALERT_TTL
+          end.min
+
+          # Setex fails when ttl = 0. Also, if it's 0, we don't need to mark it
+          # as checked, because the "already_notified" key for the bin is just
+          # about to expire, so we'll need to check all the usages.
+          if ttl > 0
+            storage.setex(key_usage_already_checked(service_id, app_id), ttl, '1'.freeze)
+            Memoizer.clear(Memoizer.build_key(self, :need_to_check_all?, service_id, app_id))
           end
         end
 
-        app_usage_reports.each(&max)
+        def self.invalidate(service_id, app_id)
+          storage.del(key_usage_already_checked(service_id, app_id))
+        end
+
+        def self.invalidate_for_service(service_id)
+          app_ids = []
+          cursor = 0
+
+          loop do
+            cursor, ids = storage.sscan(
+              Application.applications_set_key(service_id), cursor, count: SCAN_SLICE
+            )
+
+            app_ids += ids
 
-        if max_utilization == -1
-          ## case that all the limits have max_value==0
-          max_utilization = 0
-          max_record = app_usage_reports.first
+            break if cursor.to_i == 0
+          end
+
+          invalidate_batch(service_id, app_ids)
         end
 
-        [max_utilization, max_record]
+        def self.invalidate_batch(service_id, app_ids)
+          app_ids.each_slice(PIPELINED_SLICE_SIZE) do |ids|
+            keys = ids.map { |app_id| key_usage_already_checked(service_id, app_id) }
+            storage.del(keys)
+          end
+        end
+        private_class_method :invalidate_batch
       end
 
-      def update_utilization(service_id, app_id, max_utilization, max_record, timestamp)
-        discrete = utilization_discrete(max_utilization)
-        max_utilization_i = (max_utilization * 100.0).round
+      def can_raise_more_alerts?(service_id, app_id)
+        allowed_bins = allowed_set_for_service(service_id).sort
+
+        return false if allowed_bins.empty?
 
-        beginning_of_day = Period::Boundary.day_start(timestamp)
-        period_hour = Period::Boundary.hour_start(timestamp).to_compact_s
-        # UNIX timestamp for key expiration - add 1 day + 5 mins
-        expire_at = (beginning_of_day + 86700).to_i
+        # If the bin with the highest value has already been notified, there's
+        # no need to notify anything else.
+        not notified?(service_id, app_id, allowed_bins.last)
+      end
 
-        keys = alert_keys(service_id, app_id, discrete, period_hour)
+      def update_utilization(service_id, app_id, utilization)
+        discrete = utilization_discrete(utilization.ratio)
 
-        already_alerted, allowed, current_max, _ = storage.pipelined do
+        keys = alert_keys(service_id, app_id, discrete)
+
+        already_alerted, allowed = storage.pipelined do
           storage.get(keys[:already_notified])
           storage.sismember(keys[:allowed], discrete)
-          storage.get(keys[:current_max])
-          storage.expireat(keys[:current_max], expire_at)
-        end
-
-        ## update the status of utilization
-        if max_utilization_i > current_max.to_i
-          storage.set(keys[:current_max], max_utilization_i)
         end
 
         if already_alerted.nil? && allowed && discrete.to_i > 0
-          next_id, _ = storage.pipelined do
+          next_id, _, _ = storage.pipelined do
             storage.incr(keys[:current_id])
             storage.setex(keys[:already_notified], ALERT_TTL, "1")
+            UsagesChecked.invalidate(service_id, app_id)
           end
 
           alert = { :id => next_id,
                     :utilization => discrete,
-                    :max_utilization => max_utilization,
+                    :max_utilization => utilization.ratio,
                     :application_id => app_id,
                     :service_id => service_id,
-                    :timestamp => timestamp,
-                    :limit => formatted_limit(max_record) }
+                    :timestamp => Time.now.utc,
+                    :limit => utilization.to_s }
 
           Backend::EventStorage::store(:alert, alert)
         end
@@ -124,10 +166,15 @@ module ThreeScale
         end || FIRST_ALERT_BIN
       end
 
-      def formatted_limit(record)
-        "#{record.metric_name} per #{record.period}: "\
-        "#{record.current_value}/#{record.max_value}"
+      def allowed_set_for_service(service_id)
+        storage.smembers(key_allowed_set(service_id)).map(&:to_i) # Redis returns strings always
+      end
+      memoize :allowed_set_for_service
+
+      def notified?(service_id, app_id, bin)
+        storage.get(key_already_notified(service_id, app_id, bin))
       end
+      memoize :notified?
 
       def storage
         Storage.instance

data/lib/3scale/backend/constants.rb

@@ -4,6 +4,8 @@ module ThreeScale
       module All
         TIME_FORMAT          = '%Y-%m-%d %H:%M:%S %z'.freeze
         PIPELINED_SLICE_SIZE = 400
+        SLEEP_BETWEEN_SCANS = 0.01 # In seconds
+        SCAN_SLICE = 500
       end
 
       def self.included(base)

data/lib/3scale/backend/event_storage.rb

@@ -4,7 +4,10 @@ module ThreeScale
   module Backend
     class EventStorage
       PING_TTL    = 60
-      EVENT_TYPES = [:first_traffic, :first_daily_traffic, :alert]
+      private_constant :PING_TTL
+
+      EVENT_TYPES = [:first_traffic, :first_daily_traffic, :alert].freeze
+      private_constant :EVENT_TYPES
 
       class << self
         include StorageHelpers
@@ -84,21 +87,15 @@ module ThreeScale
           URI(events_hook)
         end
 
-        def expire_last_ping
-          storage.expire(events_ping_key, PING_TTL)
-        end
-
         def pending_ping?
           ## the queue is not empty and more than timeout has passed
           ## since the front-end was notified
-          events_set_size, ping_key_value = storage.pipelined do
-            storage.zcard(events_queue_key)
-            storage.incr(events_ping_key)
+          events_set_size, can_ping = storage.pipelined do
+            size
+            storage.set(events_ping_key, '1'.freeze, ex: PING_TTL, nx: true)
           end
 
-          return false unless ping_key_value.to_i == 1
-          expire_last_ping
-          events_set_size > 0
+          can_ping && events_set_size > 0
         end
 
         def decode_event(raw_event)

data/lib/3scale/backend/service.rb

@@ -4,16 +4,12 @@ module ThreeScale
       include Storable
 
       # list of attributes to be fetched from storage
-      ATTRIBUTES = %i[state referrer_filters_required backend_version
-                      user_registration_required default_user_plan_id
-                      default_user_plan_name provider_key].freeze
+      ATTRIBUTES = %i[state referrer_filters_required backend_version provider_key].freeze
       private_constant :ATTRIBUTES
 
       attr_reader :state
-      attr_accessor :provider_key, :id, :backend_version,
-        :default_user_plan_id, :default_user_plan_name
-      attr_writer :referrer_filters_required, :user_registration_required,
-        :default_service
+      attr_accessor :provider_key, :id, :backend_version
+      attr_writer :referrer_filters_required, :default_service
 
       class << self
         include Memoizer::Decorator
@@ -104,8 +100,6 @@ module ThreeScale
         memoize :list
 
         def save!(attributes = {})
-          massage_set_user_registration_required attributes
-
           new(attributes).save!
         end
 
@@ -139,26 +133,10 @@ module ThreeScale
         def massage_service_attrs(service_attrs)
           service_attrs[:referrer_filters_required] =
             service_attrs[:referrer_filters_required].to_i > 0
-          service_attrs[:user_registration_required] =
-            massage_get_user_registration_required(
-              service_attrs[:user_registration_required])
 
           service_attrs
         end
 
-        # nil => true, 1 => true, '1' => true, 0 => false, '0' => false
-        def massage_get_user_registration_required(value)
-          value.nil? ? true : value.to_i > 0
-        end
-
-        def massage_set_user_registration_required(attributes)
-          if attributes[:user_registration_required].nil?
-            val = storage.get(storage_key(attributes[:id], :user_registration_required))
-            attributes[:user_registration_required] =
-              (!val.nil? && val.to_i == 0) ? false : true
-          end
-        end
-
         def get_attr(id, attribute)
           storage.get(storage_key(id, attribute))
         end
@@ -195,10 +173,6 @@ module ThreeScale
         @referrer_filters_required
       end
 
-      def user_registration_required?
-        @user_registration_required
-      end
-
       def save!
         set_as_default_if_needed
         persist
@@ -227,9 +201,6 @@ module ThreeScale
           provider_key: provider_key,
           backend_version: backend_version,
           referrer_filters_required: referrer_filters_required?,
-          user_registration_required: user_registration_required?,
-          default_user_plan_id: default_user_plan_id,
-          default_user_plan_name: default_user_plan_name,
           default_service: default_service?
         }
       end
@@ -294,9 +265,6 @@ module ThreeScale
 
       def persist_attributes
         persist_attribute :referrer_filters_required, referrer_filters_required? ? 1 : 0
-        persist_attribute :user_registration_required, user_registration_required? ? 1 : 0
-        persist_attribute :default_user_plan_id, default_user_plan_id, true
-        persist_attribute :default_user_plan_name, default_user_plan_name, true
         persist_attribute :backend_version, backend_version, true
         persist_attribute :provider_key, provider_key
         persist_attribute :state, state.to_s if state

data/lib/3scale/backend/stats/aggregator.rb

@@ -59,7 +59,7 @@ module ThreeScale
             touched_apps = aggregate(transactions, current_bucket)
 
             ApplicationEvents.generate(touched_apps.values)
-            update_alerts(touched_apps)
+            update_alerts(transactions)
             begin
               ApplicationEvents.ping
             rescue ApplicationEvents::PingFailed => e
@@ -137,33 +137,35 @@ module ThreeScale
             logger.info(MAX_BUCKETS_CREATED_MSG)
           end
 
-          def update_alerts(applications)
-            current_timestamp = Time.now.getutc
-
-            applications.each do |_appid, values|
-              service_id = values[:service_id]
-              application = Backend::Application.load(service_id,
-                                                      values[:application_id])
-
-              # The app could have been deleted at some point since the job was
-              # enqueued. No need to update alerts in that case.
-              next unless application
-
-              application.load_metric_names
-              usage = Usage.application_usage(application, current_timestamp)
-              status = Transactor::Status.new(service_id: service_id,
-                                              application: application,
-                                              values: usage)
-
-              max_utilization, max_record = Alerts.utilization(
-                  status.application_usage_reports)
-
-              if max_utilization >= 0.0
-                Alerts.update_utilization(service_id,
-                                          values[:application_id],
-                                          max_utilization,
-                                          max_record,
-                                          current_timestamp)
+          def update_alerts(transactions)
+            transactions.group_by { |tx| tx.application_id }.each do |app_id, txs|
+              service_id = txs.first.service_id # All the txs of an app belong to the same service
+
+              # Finding the max utilization can be costly because it involves
+              # loading usage limits and current usages. That's why before that,
+              # we check if there are any alerts that can be raised.
+              next unless Alerts.can_raise_more_alerts?(service_id, app_id)
+
+              begin
+                max_utilization = if Alerts::UsagesChecked.need_to_check_all?(service_id, app_id)
+                                    Utilization.max_in_all_metrics(service_id, app_id).tap do
+                                      Alerts::UsagesChecked.mark_all_checked(service_id, app_id)
+                                    end
+                                  else
+                                    # metrics_ids here includes the metrics
+                                    # explicitly reported plus their parents in
+                                    # the hierarchy.
+                                    metric_ids = txs.map { |tx| tx.usage.keys }.flatten.uniq
+                                    Utilization.max_in_metrics(service_id, app_id, metric_ids)
+                                  end
+              rescue ApplicationNotFound
+                # The app could have been deleted at some point since the job
+                # was enqueued. No need to update alerts in that case.
+                next
+              end
+
+              if max_utilization && max_utilization.ratio > 0
+                Alerts.update_utilization(service_id, app_id, max_utilization)
               end
             end
           end

data/lib/3scale/backend/stats/cleaner.rb

@@ -36,12 +36,6 @@ module ThreeScale
         KEY_SERVICES_TO_DELETE = 'set_with_services_marked_for_deletion'.freeze
         private_constant :KEY_SERVICES_TO_DELETE
 
-        SLEEP_BETWEEN_SCANS = 0.01 # In seconds
-        private_constant :SLEEP_BETWEEN_SCANS
-
-        SCAN_SLICE = 500
-        private_constant :SCAN_SLICE
-
         STATS_KEY_PREFIX = 'stats/'.freeze
         private_constant :STATS_KEY_PREFIX
 

data/lib/3scale/backend/transactor.rb

@@ -61,6 +61,8 @@ module ThreeScale
 
       def validate(oauth, provider_key, report_usage, params, request_info)
         service = Service.load_with_provider_key!(params[:service_id], provider_key)
+        oidc_service = !oauth && service.backend_version == 'oauth'.freeze
+
         # service_id cannot be taken from params since it might be missing there
         service_id = service.id
 
@@ -70,12 +72,18 @@ module ThreeScale
         # significant.
         params[:app_id] = nil if app_id && app_id.empty?
 
-        if oauth
-          raise ApplicationNotFound.new nil if app_id.nil?
-          validators = Validators::OAUTH_VALIDATORS
-        else
-          validators = Validators::VALIDATORS
-        end
+        # While OIDC without an app_id makes little sense, we would break existing
+        # behaviour when calling non oauth_auth*.xml endpoints if we returned an
+        # error here, so only do this for oauth_auth*.xml endpoints.
+        raise ApplicationNotFound.new nil if oauth && app_id.nil?
+
+        validators = if oidc_service
+                       Validators::OIDC_VALIDATORS
+                     elsif oauth
+                       Validators::OAUTH_VALIDATORS
+                     else
+                       Validators::VALIDATORS
+                     end
 
         params[:user_key] = nil if params[:user_key] && params[:user_key].empty?
         application = Application.load_by_id_or_user_key!(service_id,
@@ -98,8 +106,9 @@ module ThreeScale
           # hierarchy parameter adds information in the response needed
           # to derive which limits affect directly or indirectly the
           # metrics for which authorization is requested.
-          hierarchy:       extensions[:hierarchy] == '1',
-          flat_usage:      extensions[:flat_usage] == '1'
+          hierarchy:       extensions[:hierarchy] == '1'.freeze,
+          flat_usage:      extensions[:flat_usage] == '1'.freeze,
+          list_app_keys:   extensions[:list_app_keys] == '1'.freeze
         }
 
         application.load_metric_names
@@ -108,24 +117,6 @@ module ThreeScale
         apply_validators(validators, status_attrs, params)
       end
 
-      def get_token_ids(token, service_id, app_id)
-        begin
-          token_aid = OAuth::Token::Storage.get_credentials(token, service_id)
-        rescue AccessTokenInvalid => e
-          # Yep, well, er. Someone specified that it is OK to have an
-          # invalid token if an app_id is specified. Somehow passing in
-          # a user_key is still not enough, though...
-          raise e if app_id.nil?
-        end
-
-        # We only take the token ids into account if we had no parameter ids
-        if app_id.nil?
-          app_id = token_aid
-        end
-
-        app_id
-      end
-
       def do_authorize(method, provider_key, params, context_info)
         notify_authorize(provider_key)
         validate(method == :oauth_authorize, provider_key, false, params, context_info[:request])

data/lib/3scale/backend/transactor/status.rb

@@ -8,17 +8,23 @@ module ThreeScale
         # We only use 'redirect_uri' if a request sent such a param. See #397.
         REDIRECT_URI_FIELD = 'redirect_url'.freeze
         private_constant :REDIRECT_URI_FIELD
+        # Maximum number of keys to list when using the list_app_keys extension
+        # At the time of writing System/Porta has a limit of 5 different app_keys
+        # at any given moment, but this could change anytime.
+        LIST_APP_KEYS_MAX = 256
+        private_constant :LIST_APP_KEYS_MAX
 
         def initialize(attributes)
-          @service_id      = attributes[:service_id]
-          @application     = attributes[:application]
-          @oauth           = attributes[:oauth]
-          @usage           = attributes[:usage]
-          @predicted_usage = attributes[:predicted_usage]
-          @values          = filter_values(attributes[:values] || {})
-          @timestamp       = attributes[:timestamp] || Time.now.getutc
-          @hierarchy_ext   = attributes[:hierarchy]
-          @flat_usage_ext  = attributes[:flat_usage]
+          @service_id        = attributes[:service_id]
+          @application       = attributes[:application]
+          @oauth             = attributes[:oauth]
+          @usage             = attributes[:usage]
+          @predicted_usage   = attributes[:predicted_usage]
+          @values            = filter_values(attributes[:values] || {})
+          @timestamp         = attributes[:timestamp] || Time.now.getutc
+          @hierarchy_ext     = attributes[:hierarchy]
+          @flat_usage_ext    = attributes[:flat_usage]
+          @list_app_keys_ext = attributes[:list_app_keys]
 
           raise 'service_id not specified' if @service_id.nil?
           raise ':application is required' if @application.nil?
@@ -106,6 +112,7 @@ module ThreeScale
             add_plan_section(xml, 'plan'.freeze, plan_name)
             add_reports_section(xml, application_usage_reports)
             hierarchy_reports.concat application_usage_reports if hierarchy_reports
+            add_app_keys_section xml if @list_app_keys_ext
           end
 
           if hierarchy_reports
@@ -161,6 +168,17 @@ module ThreeScale
           xml << '</hierarchy>'.freeze
         end
 
+        def add_app_keys_section(xml)
+          xml << '<app_keys app="'.freeze
+          xml << @application.id << '" svc="'.freeze
+          xml << @service_id << '">'.freeze
+          @application.keys.take(LIST_APP_KEYS_MAX).each do |key|
+            xml << '<key id="'.freeze
+            xml << key << '"/>'.freeze
+          end
+          xml << '</app_keys>'.freeze
+        end
+
         # helper to iterate over reports and get relevant hierarchy info
         def with_report_and_hierarchy(reports)
           reports.each do |ur|

data/lib/3scale/backend/transactor/usage_report.rb

@@ -3,7 +3,7 @@ module ThreeScale
     module Transactor
       class Status
         class UsageReport
-          attr_reader :type, :period
+          attr_reader :type, :usage_limit, :period
 
           def initialize(status, usage_limit)
             @status      = status

data/lib/3scale/backend/usage.rb

@@ -3,12 +3,19 @@ module ThreeScale
     class Usage
       class << self
         def application_usage(application, timestamp)
-          usage(application, timestamp) do |metric_id, instance_period|
+          usage(application.usage_limits, timestamp) do |metric_id, instance_period|
             Stats::Keys.application_usage_value_key(
                 application.service_id, application.id, metric_id, instance_period)
           end
         end
 
+        def application_usage_for_limits(application, timestamp, usage_limits)
+          usage(usage_limits, timestamp) do |metric_id, instance_period|
+            Stats::Keys.application_usage_value_key(
+              application.service_id, application.id, metric_id, instance_period)
+          end
+        end
+
         def is_set?(usage_str)
           usage_str && usage_str[0] == '#'.freeze
         end
@@ -25,7 +32,7 @@ module ThreeScale
 
         private
 
-        def usage(obj, timestamp)
+        def usage(usage_limits, timestamp)
           # The timestamp does not change, so we can generate all the
           # instantiated periods just once.
           # This is important. Without this, the code can generate many instance
@@ -33,7 +40,7 @@ module ThreeScale
           # time.
           instance_periods = Period::instance_periods_for_ts(timestamp)
 
-          pairs = metric_period_pairs obj.usage_limits
+          pairs = metric_period_pairs usage_limits
           return {} if pairs.empty?
 
           keys = pairs.map do |(metric_id, period)|

data/lib/3scale/backend/utilization.rb

@@ -0,0 +1,83 @@
+module ThreeScale
+  module Backend
+    class Utilization
+      include Comparable
+
+      attr_reader :metric_id, :period, :max_value, :current_value
+
+      def initialize(limit, current_value)
+        @metric_id = limit.metric_id
+        @period = limit.period
+        @max_value = limit.value
+        @current_value = current_value
+        @encoded = encoded(limit, current_value)
+      end
+
+      def ratio
+        return 0 if max_value == 0 # Disabled metric
+        current_value/max_value.to_f
+      end
+
+      # Returns in the format needed by the Alerts class.
+      def to_s
+        @encoded
+      end
+
+      def <=>(other)
+        # Consider "disabled" the lowest ones
+        if ratio == 0 && other.ratio == 0
+          return max_value <=> other.max_value
+        end
+
+        ratio <=> other.ratio
+      end
+
+      # Note: this can return nil
+      def self.max_in_all_metrics(service_id, app_id)
+        application = Backend::Application.load!(service_id, app_id)
+
+        usage = Usage.application_usage(application, Time.now.getutc)
+
+        status = Transactor::Status.new(service_id: service_id,
+                                        application: application,
+                                        values: usage)
+
+        # Preloads all the metric names to avoid fetching them one by one when
+        # generating the usage reports
+        application.load_metric_names
+
+        max = status.application_usage_reports.map do |usage_report|
+          Utilization.new(usage_report.usage_limit, usage_report.current_value)
+        end.max
+
+        # Avoid returning a utilization for disabled metrics
+        max && max.max_value > 0 ? max : nil
+      end
+
+      # Note: this can return nil
+      def self.max_in_metrics(service_id, app_id, metric_ids)
+        application = Backend::Application.load!(service_id, app_id)
+
+        limits = UsageLimit.load_for_affecting_metrics(
+          service_id, application.plan_id, metric_ids
+        )
+
+        usage = Usage.application_usage_for_limits(application, Time.now.getutc, limits)
+
+        max = limits.map do |limit|
+          Utilization.new(limit, usage[limit.period][limit.metric_id])
+        end.max
+
+        # Avoid returning a utilization for disabled metrics
+        max && max.max_value > 0 ? max : nil
+      end
+
+      private
+
+      def encoded(limit, current_value)
+        metric_name = Metric.load_name(limit.service_id, limit.metric_id)
+        "#{metric_name} per #{limit.period}: #{current_value}/#{limit.value}"
+      end
+    end
+  end
+end

data/lib/3scale/backend/validators.rb

@@ -21,6 +21,13 @@ module ThreeScale
       OAUTH_VALIDATORS = ([Validators::OauthSetting,
                            Validators::OauthKey,
                            Validators::RedirectURI] + COMMON_VALIDATORS).freeze
+
+      # OIDC specific validators will only check app keys when app_key is given.
+      #
+      # No need to add OauthSetting, since we need to check that to tell
+      # OIDC apart from the rest when calling authrep.xml (note lack of
+      # the oauth_ prefix).
+      OIDC_VALIDATORS = ([Validators::OauthKey] + COMMON_VALIDATORS).freeze
     end
   end
 end

data/lib/3scale/backend/validators/oauth_setting.rb

@@ -3,7 +3,7 @@ module ThreeScale
     module Validators
       class OauthSetting < Base
         def apply
-          if service.backend_version == 'oauth'
+          if service.backend_version == 'oauth'.freeze
             succeed!
           else
             fail!(OauthNotEnabled.new)

data/lib/3scale/backend/version.rb

@@ -1,5 +1,5 @@
 module ThreeScale
   module Backend
-    VERSION = '3.3.2'
+    VERSION = '3.4.3'
   end
 end

data/licenses.xml

@@ -23,7 +23,7 @@
       </dependency>
           <dependency>
         <packageName>apisonator</packageName>
-        <version>3.3.2</version>
+        <version>3.4.3</version>
         <licenses>
                       <license>
               <name>Apache 2.0</name>
@@ -475,7 +475,7 @@
       </dependency>
           <dependency>
         <packageName>multi_json</packageName>
-        <version>1.13.1</version>
+        <version>1.15.0</version>
         <licenses>
                       <license>
               <name>MIT</name>

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apisonator
 version: !ruby/object:Gem::Version
-  version: 3.3.2
+  version: 3.4.3
 platform: ruby
 authors:
 - Adam Ciganek
@@ -16,7 +16,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-02-23 00:00:00.000000000 Z
+date: 2021-06-23 00:00:00.000000000 Z
 dependencies: []
 description: This gem provides a daemon that handles authorization and reporting of
   web services managed by 3scale.
@@ -164,6 +164,7 @@ files:
 - lib/3scale/backend/usage_limit.rb
 - lib/3scale/backend/use_cases/provider_key_change_use_case.rb
 - lib/3scale/backend/util.rb
+- lib/3scale/backend/utilization.rb
 - lib/3scale/backend/validators.rb
 - lib/3scale/backend/validators/base.rb
 - lib/3scale/backend/validators/key.rb