insights-api-common 3.0.0

data/lib/generators/shared_utilities/orm_helper.rb

@@ -0,0 +1,25 @@
+module SharedUtilities
+  module OrmHelper
+    private
+
+    def model_exists?
+      File.exist?(File.join(destination_root, model_path))
+    end
+
+    def migration_exists?(table_name)
+      Dir.glob("#{File.join(destination_root, migration_path)}/[0-9]*_*.rb").grep(/\d+_add_devise_to_#{table_name}.rb$/).first
+    end
+
+    def migration_path
+      if Rails.version >= '5.0.3'
+        db_migrate_path
+      else
+        @migration_path ||= File.join("db", "migrate")
+      end
+    end
+
+    def model_path
+      @model_path ||= File.join("app", "models", "#{file_path}.rb")
+    end
+  end
+end

data/lib/generators/shared_utilities/templates/migration.rb

@@ -0,0 +1,27 @@
+class Create<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :<%= table_name %><%= primary_key_type %> do |t|
+  <%= migration_data -%>
+
+<% attributes.each do |attribute| -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+      t.references "resource", :polymorphic => true, :index => true
+      t.string     :name
+      t.string     :authtype
+      t.string     :status
+      t.string     :status_details
+      t.bigint     :tenant_id
+
+      t.timestamps
+    end
+
+    create_table :encryptions<%= primary_key_type %> do |t|
+      t.references "authentication", :index => true
+      t.string :secret
+      t.bigint :tenant_id
+
+      t.timestamps
+    end
+  end
+end

data/lib/generators/shared_utilities/templates/migration_existing.rb

@@ -0,0 +1,28 @@
+class UpdateOn<%= table_name.camelize %> < ActiveRecord::Migration<%= migration_version %>
+  def self.up
+    change_table :<%= table_name %> do |t|
+  <%= migration_data -%>
+
+<% attributes.each do |attribute| -%>
+      t.<%= attribute.type %> :<%= attribute.name %>
+<% end -%>
+
+      # Uncomment below if timestamps were not included in your original model.
+      # t.timestamps null: false
+    end
+
+    # Assumption is made there is no 'encryptions' table, so creating it here
+    create_table :encryptions<%= primary_key_type %> do |t|
+      t.references "<%= table_name %>", :index => true
+      t.string :secret
+      t.bigint :tenant_id
+
+      t.timestamps
+    end
+  end
+
+  def self.down
+    # By default, we don't want to make any assumption about how to roll back a migration when your
+    # model already existed. Please edit below which fields you would like to remove in this migration.
+    raise ActiveRecord::IrreversibleMigration
+  end

data/lib/insights.rb

@@ -0,0 +1 @@
+require 'insights/api/common'

data/lib/insights/api/common.rb

@@ -0,0 +1,12 @@
+require "insights/api/common/engine"
+require "insights/api/common/entitlement"
+require "insights/api/common/error_document"
+require "insights/api/common/filter"
+require "insights/api/common/inflections"
+require "insights/api/common/logging"
+require "insights/api/common/metrics"
+require "insights/api/common/open_api"
+require "insights/api/common/option_redirect_enhancements"
+require "insights/api/common/request"
+require "insights/api/common/routing"
+require "insights/api/common/user"

data/lib/insights/api/common/application_controller_mixins/api_doc.rb

@@ -0,0 +1,39 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module ApiDoc
+          def self.included(other)
+            other.extend(self::ClassMethods)
+          end
+
+          private
+
+          def api_doc
+            self.class.send(:api_doc)
+          end
+
+          def api_doc_definition
+            self.class.send(:api_doc_definition)
+          end
+
+          module ClassMethods
+            private
+
+            def api_doc
+              @api_doc ||= ::Insights::API::Common::OpenApi::Docs.instance[api_version[1..-1].sub(/x/, ".")]
+            end
+
+            def api_doc_definition
+              @api_doc_definition ||= api_doc.definitions[model.name]
+            end
+
+            def api_version
+              @api_version ||= name.split("::")[1].downcase
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/common.rb

@@ -0,0 +1,27 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module Common
+          def self.included(other)
+            other.extend(self::ClassMethods)
+          end
+
+          private
+
+          def model
+            self.class.send(:model)
+          end
+
+          module ClassMethods
+            private
+
+            def model
+              @model ||= controller_name.classify.constantize
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/exception_handling.rb

@@ -0,0 +1,41 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module ExceptionHandling
+          DEFAULT_ERROR_CODE = 400
+
+          def self.included(other)
+            other.rescue_from(StandardError, RuntimeError) do |exception|
+              errors = Insights::API::Common::ErrorDocument.new.tap do |error_document|
+                exception_list_from(exception).each do |exc|
+                  code = exc.respond_to?(:code) ? exc.code : error_code_from_class(exc)
+                  error_document.add(code, "#{exc.class}: #{exc.message}")
+                end
+              end
+
+              render :json => errors.to_h, :status => error_code_from_class(exception)
+            end
+          end
+
+          def exception_list_from(exception)
+            [].tap do |arr|
+              until exception.nil?
+                arr << exception
+                exception = exception.cause
+              end
+            end
+          end
+
+          def error_code_from_class(exception)
+            if ActionDispatch::ExceptionWrapper.rescue_responses.key?(exception.class.to_s)
+              ActionDispatch::ExceptionWrapper.rescue_responses[exception.class.to_s]
+            else
+              DEFAULT_ERROR_CODE
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/openapi_enabled.rb

@@ -0,0 +1,13 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module OpenapiEnabled
+          def self.included(other)
+            other.class_attribute :openapi_enabled, :default => true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/parameters.rb

@@ -0,0 +1,134 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module Parameters
+          def self.included(other)
+            other.include(OpenapiEnabled)
+          end
+
+          def params_for_create
+            check_if_openapi_enabled
+            # We already validate this with OpenAPI validator, that validates every request, so we shouldn't do it again here.
+            body_params.permit!
+          end
+
+          def safe_params_for_list
+            check_if_openapi_enabled
+            # :limit & :offset can be passed in for pagination purposes, but shouldn't show up as params for filtering purposes
+            @safe_params_for_list ||= params.merge(params_for_polymorphic_subcollection).permit(*permitted_params, :filter => {}, :sort_by => [])
+          end
+
+          def permitted_params
+            check_if_openapi_enabled
+            api_doc_definition.all_attributes + [:limit, :offset, :sort_by] + [subcollection_foreign_key]
+          end
+
+          def subcollection_foreign_key
+            "#{request_path_parts["primary_collection_name"].singularize}_id"
+          end
+
+          def params_for_polymorphic_subcollection
+            return {} unless subcollection?
+            return {} unless reflection = primary_collection_model&.reflect_on_association(request_path_parts["subcollection_name"])
+            return {} unless as = reflection.options[:as]
+
+            {"#{as}_type" => primary_collection_model.name, "#{as}_id" => request_path_parts["primary_collection_id"]}
+          end
+
+          def primary_collection_model
+            @primary_collection_model ||= request_path_parts["primary_collection_name"].singularize.classify.safe_constantize
+          end
+
+          def params_for_list
+            check_if_openapi_enabled
+            safe_params = safe_params_for_list.slice(*all_attributes_for_index)
+            if safe_params[subcollection_foreign_key_using_through_relation]
+              # If this is a through relation, we need to replace the :foreign_key by the foreign key with right table
+              # information. So e.g. :container_images with :tags subcollection will have {:container_image_id => ID} and we need
+              # to replace it with {:container_images_tags => {:container_image_id => ID}}, where :container_images_tags is the
+              # name of the mapping table.
+              safe_params[through_relation_klass.table_name.to_sym] = {
+                subcollection_foreign_key_using_through_relation => safe_params.delete(subcollection_foreign_key_using_through_relation)
+              }
+            end
+
+            safe_params
+          end
+
+          def through_relation_klass
+            check_if_openapi_enabled
+            return unless subcollection?
+            return unless reflection = primary_collection_model&.reflect_on_association(request_path_parts["subcollection_name"])
+            return unless through = reflection.options[:through]
+
+            primary_collection_model&.reflect_on_association(through).klass
+          end
+
+          def through_relation_name
+            check_if_openapi_enabled
+            # Through relation name taken from the subcollection model side, so we can use this for table join.
+            return unless through_relation_klass
+            return unless through_relation_association = model.reflect_on_all_associations.detect { |x| !x.polymorphic? && x.klass == through_relation_klass }
+
+            through_relation_association.name
+          end
+
+          def subcollection_foreign_key_using_through_relation
+            return unless through_relation_klass
+
+            subcollection_foreign_key
+          end
+
+          def all_attributes_for_index
+            check_if_openapi_enabled
+            api_doc_definition.all_attributes + [subcollection_foreign_key_using_through_relation]
+          end
+
+          def filtered
+            check_if_openapi_enabled
+            Insights::API::Common::Filter.new(model, safe_params_for_list[:filter], api_doc_definition).apply
+          end
+
+          def pagination_limit
+            safe_params_for_list[:limit]
+          end
+
+          def pagination_offset
+            safe_params_for_list[:offset]
+          end
+
+          def query_sort_by
+            safe_params_for_list[:sort_by]
+          end
+
+          def params_for_update
+            check_if_openapi_enabled
+            # We already validate this with OpenAPI validator, here only to satisfy the strong parameters check
+            attr_list = *api_doc_definition.all_attributes - api_doc_definition.read_only_attributes
+            strong_params_hash = sanctified_permit_param(api_doc_definition, attr_list)
+            body_params.permit(strong_params_hash)
+          end
+
+          def sanctified_permit_param(api_doc_definition, attributes)
+            api_doc_definition['properties'].each_with_object([]) do |(k, v), memo|
+              next unless attributes.each { |attr| attr.include?(k) }
+
+              memo << if v['type'] == 'array'
+                        { k => [] }
+                      elsif v['type'] == 'object'
+                        { k => {} }
+                      else
+                        k
+                      end
+            end
+          end
+
+          def check_if_openapi_enabled
+            raise ArgumentError, "Openapi not enabled" unless self.class.openapi_enabled
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/request_body_validation.rb

@@ -0,0 +1,48 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module RequestBodyValidation
+          class BodyParseError < ::RuntimeError
+          end
+
+          def self.included(other)
+            ActionController::Parameters.action_on_unpermitted_parameters = :raise
+
+            other.include(OpenapiEnabled)
+
+            other.before_action(:validate_request)
+          end
+
+          private
+
+          def body_params
+            @body_params ||= begin
+              raw_body    = request.body.read
+              parsed_body = raw_body.blank? ? {} : JSON.parse(raw_body)
+              ActionController::Parameters.new(parsed_body).permit!
+            rescue JSON::ParserError
+              raise Insights::API::Common::ApplicationControllerMixins::RequestBodyValidation::BodyParseError, "Failed to parse request body, expected JSON"
+            end
+          end
+
+          # Validates against openapi.json
+          # - only for HTTP POST/PATCH
+          def validate_request
+            return unless request.post? || request.patch?
+            return unless self.class.openapi_enabled
+
+            api_version = self.class.send(:api_version)[1..-1].sub(/x/, ".")
+
+            self.class.send(:api_doc).validate!(
+              request.method,
+              request.path,
+              api_version,
+              body_params.as_json
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/request_parameter_validation.rb

@@ -0,0 +1,29 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module RequestParameterValidation
+          def self.included(other)
+            other.include(OpenapiEnabled)
+
+            other.before_action(:validate_request_parameters)
+          end
+
+          private
+
+          def validate_request_parameters
+            api_version = self.class.send(:api_version)[1..-1].sub(/x/, ".")
+
+            api_doc.try(
+              :validate_parameters!,
+              request.method,
+              request.path,
+              api_version,
+              params.slice(:sort_by)
+            )
+          end
+        end
+      end
+    end
+  end
+end

data/lib/insights/api/common/application_controller_mixins/request_path.rb

@@ -0,0 +1,70 @@
+module Insights
+  module API
+    module Common
+      module ApplicationControllerMixins
+        module RequestPath
+          class RequestPathError < ::RuntimeError
+          end
+
+          def self.included(other)
+            other.extend(self::ClassMethods)
+
+            other.before_action(:validate_primary_collection_id)
+          end
+
+          def request_path
+            request.env["REQUEST_URI"]
+          end
+
+          def request_path_parts
+            @request_path_parts ||= begin
+              path, _query = request_path.split("?")
+              path.match(/\/(?<full_version_string>v\d+.\d+)\/(?<primary_collection_name>\w+)(\/(?<primary_collection_id>[^\/]+)(\/(?<subcollection_name>\w+))?)?/)&.named_captures || {}
+            end
+          end
+
+          def subcollection?
+            !!(request_path_parts["subcollection_name"] && request_path_parts["primary_collection_id"] && request_path_parts["primary_collection_name"])
+          end
+
+          private
+
+          def id_regexp
+            self.class.send(:id_regexp, request_path_parts["primary_collection_name"])
+          end
+
+          def validate_primary_collection_id
+            id = request_path_parts["primary_collection_id"]
+            return if id.blank?
+
+            raise RequestPathError, "ID is invalid" unless id.match(id_regexp)
+          end
+
+          module ClassMethods
+            private
+
+            def id_regexp(primary_collection_name)
+              @id_regexp ||= begin
+                id_parameter = id_parameter_from_api_doc(primary_collection_name)
+                id_parameter ? id_parameter.fetch_path("schema", "pattern") : /^\d+$/
+              end
+            end
+
+            def id_parameter_from_api_doc(primary_collection_name)
+              # Find the id parameter in the documented route
+              id_parameter = api_doc.paths.fetch_path("/#{primary_collection_name}/{id}", "get", "parameters", 0)
+              # The route isn't documented, return nil
+              return unless id_parameter
+
+              # Return the id parameter or resolve the reference to it and return that
+              reference = id_parameter["$ref"]
+              return id_parameter unless reference
+
+              api_doc.parameters[reference.split("parameters/").last]
+            end
+          end
+        end
+      end
+    end
+  end
+end