Skip to content

Commit

Permalink
Merge pull request #5122 from hashicorp/backport/tmessi-fix-authorize…
Browse files Browse the repository at this point in the history
…-session-metric/really-closing-hookworm

This pull request was automerged via backport-assistant
  • Loading branch information
hc-github-team-secure-boundary authored Sep 19, 2024
2 parents 1fafc00 + 7a71ea7 commit 331c946
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 5 deletions.
8 changes: 4 additions & 4 deletions internal/daemon/controller/internal/metric/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -101,12 +101,12 @@ func apiPathsAndMethods() map[string][]string {
func buildRegexFromPath(p string) *regexp.Regexp {
// We only care about how grpc-gateway will route to specific handlers.
// As long as there is at least 1 character that is part of a path segment
// (not a '/', '?', or ':' we have identified an id for the sake of routing.
const idRegexp = "[^\\/\\?\\:]+"
// (not a '?', or ':' we have identified an id for the sake of routing.
const idRegexp = "[^\\?\\:]+"

// Replace any tag in the form of {id} or {auth_method_id} with the above
// Replace any tag in the form of {id}, {id**}, or {auth_method_id} with the above
// regex so we can match paths to that when measuring requests.
pWithId := string(regexp.MustCompile("\\{[^\\}]*id\\}").ReplaceAll([]byte(p), []byte(idRegexp)))
pWithId := string(regexp.MustCompile("\\{[^\\}]*id(\\=\\*\\*)?\\}").ReplaceAll([]byte(p), []byte(idRegexp)))

// Escape everything except for our id regexp.
var seg []string
Expand Down
27 changes: 26 additions & 1 deletion internal/daemon/controller/internal/metric/api_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,12 +41,12 @@ func TestBuildRegexFromPath(t *testing.T) {
"/v1/pathsomething/am_1234567890:authenticate",
"/v1/pathsomething/{id}:authenticate",
"/v1/pathsomething/{auth_method}:authenticate",
"/v1/pathsomething/am_1234567890/:authenticate",
},
dont: []string{
"/v1/pathsomething:authenticate",
"/v1/pathsomething:authenticate:authenticate",
"/v1/pathsomething/:authenticate:authenticate",
"/v1/pathsomething/am_1234567890/:authenticate",
"/v1/pathsomething/?whatabout=:authenticate",
},
},
Expand Down Expand Up @@ -130,6 +130,31 @@ func TestPathLabel(t *testing.T) {
in: "v1/accounts/a_1234567890:set-password",
want: "/v1/accounts/{id}:set-password",
},
{
// using target id
in: "/v1/targets/tssh_12345789:authorize-session",
want: "/v1/targets/{id=**}:authorize-session",
},
{
// using target name
in: "/v1/targets/foo-target:authorize-session",
want: "/v1/targets/{id=**}:authorize-session",
},
{
// using target name with a space
in: "/v1/targets/foo target:authorize-session",
want: "/v1/targets/{id=**}:authorize-session",
},
{
// using target name with a slash
in: "/v1/targets/foo/target:authorize-session",
want: "/v1/targets/{id=**}:authorize-session",
},
{
// using alias
in: "/v1/targets/foo.test:authorize-session",
want: "/v1/targets/{id=**}:authorize-session",
},
{
// mistype the custom action
in: "/v1/accounts/a_1234567890:set-passwords",
Expand Down

0 comments on commit 331c946

Please sign in to comment.