moesif_rack 1.4.19 → 1.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/moesif_rack/app_config.rb +87 -120
- data/lib/moesif_rack/client_ip.rb +61 -102
- data/lib/moesif_rack/governance_rules.rb +483 -0
- data/lib/moesif_rack/moesif_helpers.rb +57 -6
- data/lib/moesif_rack/moesif_middleware.rb +168 -142
- data/lib/moesif_rack/regex_config_helper.rb +96 -104
- data/lib/moesif_rack/update_company.rb +44 -48
- data/lib/moesif_rack/update_user.rb +44 -48
- data/moesif_capture_outgoing/httplog/adapters/net_http.rb +18 -21
- data/moesif_capture_outgoing/httplog/http_log.rb +54 -85
- data/moesif_capture_outgoing/httplog.rb +2 -2
- data/test/config_example.json +1477 -0
- data/test/govrule_example.json +20 -0
- data/test/test_governance_rules.rb +212 -0
- metadata +8 -4
@@ -0,0 +1,20 @@
|
|
1
|
+
{
|
2
|
+
"_id": "647e8bd1b80b4f10945463c9",
|
3
|
+
"type": "user",
|
4
|
+
"block": true,
|
5
|
+
"name": "test",
|
6
|
+
"appliedTo": "matching",
|
7
|
+
"appliedToUnidentified": false,
|
8
|
+
"regex_config": [],
|
9
|
+
"cohorts": [{ "id": "647e8bbbed26fe10468dfe55", "type": "user" }],
|
10
|
+
"state": 2,
|
11
|
+
"response": {
|
12
|
+
"status": 100,
|
13
|
+
"headers": { "test": "{{1}}" },
|
14
|
+
"body": { "test": "{{0}}" }
|
15
|
+
},
|
16
|
+
"variables": [
|
17
|
+
{ "name": "0", "path": "cohort_names" },
|
18
|
+
{ "name": "1", "path": "first_seen_time" }
|
19
|
+
]
|
20
|
+
}
|
@@ -0,0 +1,212 @@
|
|
1
|
+
require 'moesif_api'
|
2
|
+
require 'test/unit'
|
3
|
+
require 'rack'
|
4
|
+
require 'net/http'
|
5
|
+
require_relative '../lib/moesif_rack/app_config'
|
6
|
+
require_relative '../lib/moesif_rack'
|
7
|
+
require_relative '../lib/moesif_rack/governance_rules'
|
8
|
+
|
9
|
+
class GovernanceRulesTest < Test::Unit::TestCase
|
10
|
+
self.test_order = :defined
|
11
|
+
def setup
|
12
|
+
return if @already_setup
|
13
|
+
@goverance_rule_manager = GovernanceRules.new(true)
|
14
|
+
@api_client = MoesifApi::MoesifAPIClient.new('Your Moesif Application Id')
|
15
|
+
@goverance_rule_manager.load_rules(@api_client.api)
|
16
|
+
@already_setup = true
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_get_applicable_regex_rules
|
20
|
+
request_fields = {
|
21
|
+
'request.verb' => 'GET',
|
22
|
+
'request.ip_address' => '125.2.3.2',
|
23
|
+
'request.route' => "",
|
24
|
+
'request.body.operationName' => "operator name"
|
25
|
+
}
|
26
|
+
request_body = {
|
27
|
+
"subject" => "should_block"
|
28
|
+
}
|
29
|
+
|
30
|
+
applicable_rules = @goverance_rule_manager.get_applicable_regex_rules(request_fields, request_body)
|
31
|
+
print "\nFound #{applicable_rules.length} applicable rule for regex only rules-------\n"
|
32
|
+
print applicable_rules.to_s
|
33
|
+
print "\n-------------\n"
|
34
|
+
assert(applicable_rules.length === 1, "expect to get at least one regex rule")
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
def test_get_applicable_user_rules_for_unidentified_user
|
39
|
+
request_fields = {
|
40
|
+
'request.route' => "test/no_italy",
|
41
|
+
}
|
42
|
+
request_body = {
|
43
|
+
"subject" => "should_block"
|
44
|
+
}
|
45
|
+
applicable_rules = @goverance_rule_manager.get_applicable_user_rules_for_unidentified_user(request_fields, request_body)
|
46
|
+
print "\nFound #{applicable_rules.length} applicable rule for anonymous user-------\n"
|
47
|
+
print applicable_rules.to_s
|
48
|
+
print "\n-------------\n"
|
49
|
+
assert(applicable_rules.length === 1, "expect to get 1 unidentified user rules")
|
50
|
+
end
|
51
|
+
|
52
|
+
def test_get_applicable_user_rules_for_matching
|
53
|
+
request_fields = {
|
54
|
+
'request.route' => "test/no_italy",
|
55
|
+
}
|
56
|
+
request_body = {
|
57
|
+
"subject" => "should_block"
|
58
|
+
}
|
59
|
+
user_id = 'rome1'
|
60
|
+
|
61
|
+
#for user id matched rules it depends on getting from config_rules_values
|
62
|
+
#for that particular user id.
|
63
|
+
# for this test case I will use this rule as fake input
|
64
|
+
#https://www.moesif.com/wrap/app/88:210-1051:5/governance-rule/64a5b8f9aca3042266d36ebc
|
65
|
+
config_user_rules_values = [
|
66
|
+
{
|
67
|
+
"rules" => "64a5b8f9aca3042266d36ebc",
|
68
|
+
"values" => {
|
69
|
+
"0" => "rome",
|
70
|
+
"1" => "some value for 1",
|
71
|
+
"2" => "some value for 2",
|
72
|
+
}
|
73
|
+
}
|
74
|
+
]
|
75
|
+
|
76
|
+
applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
|
77
|
+
print "\nFound #{applicable_rules.length} applicable rule for identified user based on event and config user rule values-------\n"
|
78
|
+
print applicable_rules.to_s
|
79
|
+
print "\n-------------\n"
|
80
|
+
assert(applicable_rules.length === 1, "expect 1 rules")
|
81
|
+
|
82
|
+
fake_response = {
|
83
|
+
status: 200,
|
84
|
+
headers: {
|
85
|
+
"original-header" => "should be preserved"
|
86
|
+
},
|
87
|
+
body: {
|
88
|
+
"foo_bar" => "if not blocked this would show"
|
89
|
+
}
|
90
|
+
}
|
91
|
+
|
92
|
+
new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values);
|
93
|
+
print "new resposne is: \n"
|
94
|
+
print new_response.to_s
|
95
|
+
print "\n------------------\n"
|
96
|
+
end
|
97
|
+
|
98
|
+
|
99
|
+
def test_get_applicable_user_rules_in_cohort_but_rule_is_apply_to_not_in_cohort
|
100
|
+
request_fields = {
|
101
|
+
'request.route' => "hello/canada",
|
102
|
+
}
|
103
|
+
request_body = {
|
104
|
+
"from_location" => "canada"
|
105
|
+
}
|
106
|
+
user_id = 'vancouver1'
|
107
|
+
|
108
|
+
config_user_rules_values = [
|
109
|
+
{
|
110
|
+
"rules" => "64a5b8fa3660b60f7c7662fc",
|
111
|
+
"values" => {
|
112
|
+
"0" => "city",
|
113
|
+
"1" => "some value for 1",
|
114
|
+
"2" => "some value for 2",
|
115
|
+
}
|
116
|
+
}
|
117
|
+
]
|
118
|
+
|
119
|
+
applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
|
120
|
+
print "\nFound #{applicable_rules.length} applicable rule for identified user in cohort rule rule apply to not in cohort-------\n"
|
121
|
+
print applicable_rules.to_s
|
122
|
+
print "\n-------------\n"
|
123
|
+
assert(applicable_rules.length === 0, "expect 0 rules, since user is in cohort, the rule is apply to users not in cohort")
|
124
|
+
|
125
|
+
fake_response = {
|
126
|
+
status: 200,
|
127
|
+
headers: {
|
128
|
+
"original-header" => "should be preserved"
|
129
|
+
},
|
130
|
+
body: {
|
131
|
+
"foo_bar" => "if not blocked this would show"
|
132
|
+
}
|
133
|
+
}
|
134
|
+
|
135
|
+
new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values);
|
136
|
+
print "new response is: \n"
|
137
|
+
print new_response.to_s
|
138
|
+
print "\n------------------\n"
|
139
|
+
end
|
140
|
+
|
141
|
+
|
142
|
+
def test_get_applicable_user_not_in_any_cohort_but_regex_matched
|
143
|
+
request_fields = {
|
144
|
+
'request.route' => "hello/canada",
|
145
|
+
}
|
146
|
+
request_body = {
|
147
|
+
"from_location" => "canada"
|
148
|
+
}
|
149
|
+
user_id = 'some_random_user'
|
150
|
+
|
151
|
+
# since user didn't match any cohort, the config_user_rule_values is nil
|
152
|
+
config_user_rules_values = nil;
|
153
|
+
|
154
|
+
applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
|
155
|
+
print "\nFound #{applicable_rules.length} applicable rule for identified user no in any cohort, but rule apply to not in cohort-------\n"
|
156
|
+
print applicable_rules.to_json
|
157
|
+
print "\n-------------\n"
|
158
|
+
assert(applicable_rules.length === 1, "expect 1 rules, since user is not in cohort, there is a apply to not in cohort rule with same regex maching")
|
159
|
+
|
160
|
+
fake_response = {
|
161
|
+
status: 200,
|
162
|
+
headers: {
|
163
|
+
"original-header" => "should be preserved"
|
164
|
+
},
|
165
|
+
body: {
|
166
|
+
"foo_bar" => "if not blocked this would show"
|
167
|
+
}
|
168
|
+
}
|
169
|
+
|
170
|
+
new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values)
|
171
|
+
print "new resposne is: \n"
|
172
|
+
print new_response.to_json
|
173
|
+
print "\n------------------\n"
|
174
|
+
end
|
175
|
+
|
176
|
+
|
177
|
+
def test_apply_multiple_rules
|
178
|
+
# this should match regex from one rule
|
179
|
+
request_fields = {
|
180
|
+
'request.route' => "hello/canada",
|
181
|
+
}
|
182
|
+
# this should match regex from another rule
|
183
|
+
request_body = {
|
184
|
+
"from_location" => "cairo"
|
185
|
+
}
|
186
|
+
|
187
|
+
# since user didn't match any cohort, the config_user_rule_values is nil
|
188
|
+
config_user_rules_values = nil;
|
189
|
+
|
190
|
+
applicable_rules = @goverance_rule_manager.get_applicable_user_rules(request_fields, request_body, config_user_rules_values)
|
191
|
+
print "\nFound #{applicable_rules.length} applicable rule for in cohort rule rule apply to not in cohort-------\n"
|
192
|
+
print applicable_rules.to_json
|
193
|
+
print "\n-------------\n"
|
194
|
+
assert(applicable_rules.length === 2, "expect 2 rules, since user is not in cohort, regex should match 2 rules")
|
195
|
+
|
196
|
+
fake_response = {
|
197
|
+
status: 200,
|
198
|
+
headers: {
|
199
|
+
"original-header" => "should be preserved"
|
200
|
+
},
|
201
|
+
body: {
|
202
|
+
"foo_bar" => "if not blocked this would show"
|
203
|
+
}
|
204
|
+
}
|
205
|
+
|
206
|
+
new_response = @goverance_rule_manager.apply_rules_list(applicable_rules, fake_response, config_user_rules_values)
|
207
|
+
print "new resposne is: \n"
|
208
|
+
print new_response.to_json
|
209
|
+
print "\n------------------\n"
|
210
|
+
end
|
211
|
+
|
212
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: moesif_rack
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Moesif, Inc
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2023-
|
12
|
+
date: 2023-07-10 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: test-unit
|
@@ -37,14 +37,14 @@ dependencies:
|
|
37
37
|
requirements:
|
38
38
|
- - "~>"
|
39
39
|
- !ruby/object:Gem::Version
|
40
|
-
version: 1.2.
|
40
|
+
version: 1.2.17
|
41
41
|
type: :runtime
|
42
42
|
prerelease: false
|
43
43
|
version_requirements: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 1.2.
|
47
|
+
version: 1.2.17
|
48
48
|
description: Rack/Rails middleware to log API calls to Moesif API analytics and monitoring
|
49
49
|
email: xing@moesif.com
|
50
50
|
executables: []
|
@@ -56,6 +56,7 @@ files:
|
|
56
56
|
- lib/moesif_rack.rb
|
57
57
|
- lib/moesif_rack/app_config.rb
|
58
58
|
- lib/moesif_rack/client_ip.rb
|
59
|
+
- lib/moesif_rack/governance_rules.rb
|
59
60
|
- lib/moesif_rack/moesif_helpers.rb
|
60
61
|
- lib/moesif_rack/moesif_middleware.rb
|
61
62
|
- lib/moesif_rack/regex_config_helper.rb
|
@@ -64,7 +65,10 @@ files:
|
|
64
65
|
- moesif_capture_outgoing/httplog.rb
|
65
66
|
- moesif_capture_outgoing/httplog/adapters/net_http.rb
|
66
67
|
- moesif_capture_outgoing/httplog/http_log.rb
|
68
|
+
- test/config_example.json
|
69
|
+
- test/govrule_example.json
|
67
70
|
- test/moesif_rack_test.rb
|
71
|
+
- test/test_governance_rules.rb
|
68
72
|
homepage: https://moesif.com
|
69
73
|
licenses:
|
70
74
|
- Apache-2.0
|