Move authorization before searching db in Reporting (#579)

astefanova · rajkiranrbala · commit 747614009930 · 2017-03-15T10:52:41.000-07:00
* Add recourse_id to resourceInstanceUsage params

* Adapt doc
diff --git a/doc/api.md b/doc/api.md
@@ -2195,7 +2195,7 @@ The _resource instance usage summary report_ API can be used to retrieve aggrega
 ### Method: get
 _HTTP request_:
 ```
-GET /v1/metering/organizations/:organization_id/resource_instances/:resource_instance_id/consumers/:consumer_id/plans/:plan_id/metering_plans/:metering_plan_id/rating_plans/:rating_plan_id/pricing_plans/:pricing_plan_id/t/:t/aggregated/usage/:time
+GET /v1/metering/organizations/:organization_id/spaces/:space_id/resource_id/:resource_id/resource_instances/:resource_instance_id/consumers/:consumer_id/plans/:plan_id/metering_plans/:metering_plan_id/rating_plans/:rating_plan_id/pricing_plans/:pricing_plan_id/t/:t/aggregated/usage/:time
 ```
 
 _Description_: Retrieves a usage report document containing a summary of the aggregated Cloud resource usage incurred by the specified resource instance within an organization and the specific set of plans at the specified time.
diff --git a/lib/aggregation/reporting/src/index.js b/lib/aggregation/reporting/src/index.js
@@ -542,8 +542,9 @@ const orgsUsage = function *(orgids, time, auth) {
 
 // Return the usage for a resource instance for a particular plan in a given
 // organization, consumer, time period
-const resourceInstanceUsage = function *(orgid, spaceid, resid, conid, planid,
-  mplanid, rplanid, pplanid, t, time, auth) {
+const resourceInstanceUsage = function *(orgid, spaceid, resourceInstanceId,
+  consumerId, planid, meteringPlanId, ratingPlanId, pricingPlanId,
+  timeBasedKeySegment, time, auth) {
   // Forward authorization header field to account to authorize
   const o = auth ? { headers: { authorization: auth } } : {};
 
@@ -563,13 +564,18 @@ const resourceInstanceUsage = function *(orgid, spaceid, resid, conid, planid,
     throw res;
   }
 
-  const id = ['k', orgid, resid, conid, planid, mplanid, rplanid, pplanid, 't',
-    t].join('/');
+  const id = ['k', orgid, resourceInstanceId, consumerId, planid,
+    meteringPlanId, ratingPlanId, pricingPlanId,
+    't', timeBasedKeySegment].join('/');
+
+
+  debug('Adiii %s', id);
 
   const doc = yield accumulatordb.get(id);
 
   if(!doc) {
-    debug('No resource instance usage found for %s on %s', resid, time);
+    debug('No resource instance usage found for %s on %s',
+      resourceInstanceId, time);
 
     // Return an empty usage report if no usage was found
     return {};
@@ -751,14 +757,14 @@ const runQuery = function *(query) {
 };
 
 // Return OAuth system scopes needed to retrieve org usage
-const sysScopes = (doc) => secured() ? {
+const sysScopes = () => secured() ? {
   system: ['abacus.usage.read']
 } : undefined;
 
 // Return OAuth resource or system scopes needed to retrieve resource instance
 // usage
-const scopes = (doc) => secured() ? {
-  resource: [['abacus.usage', doc.resource_id, 'read'].join('.')],
+const scopes = (resourceId) => secured() ? {
+  resource: [['abacus.usage', resourceId, 'read'].join('.')],
   system: ['abacus.usage.read']
 } : undefined;
 
@@ -767,14 +773,14 @@ const retrieveUsage = function *(req) {
   debug('Retrieving rated usage for organization %s on %s',
     req.params.organization_id, req.params.time);
 
+  if (secured())
+    oauth.authorize(req.headers && req.headers.authorization, sysScopes());
+
   // Retrieve and return the rated usage for the given org and time
   const doc = yield orgUsage(req.params.organization_id,
     req.params.time ? parseInt(req.params.time) : undefined,
     req.headers && req.headers.authorization);
 
-  if (secured())
-    oauth.authorize(req.headers && req.headers.authorization, sysScopes(doc));
-
   return {
     body: omit(dbclient.undbify(doc),
       ['last_rated_usage_id', 'aggregated_usage_id',
@@ -784,22 +790,23 @@ const retrieveUsage = function *(req) {
 };
 
 // Retrieve a usage report summary for a resource instance given the
-// org, resource instance, consumer, plan, metering plan,
-// rating plan, pricing plan, time
+// org, space, resource instance, consumer, plan, metering plan,
+// rating plan, pricing plan, t, time
 const retrieveResourceInstanceUsage = function *(req) {
   debug('Retrieving rated usage for resource instance %s on %s',
     req.params.resource_instance_id, req.params.time);
 
+  if (secured())
+    oauth.authorize(req.headers && req.headers.authorization,
+      scopes(req.params.resource_id));
+
   const doc = yield resourceInstanceUsage(req.params.organization_id,
     req.params.space_id, req.params.resource_instance_id,
     req.params.consumer_id, req.params.plan_id, req.params.metering_plan_id,
     req.params.rating_plan_id, req.params.pricing_plan_id, req.params.t,
     req.params.time ? parseInt(req.params.time) : undefined,
     req.headers && req.headers.authorization);
 
-  if (secured())
-    oauth.authorize(req.headers && req.headers.authorization, scopes(doc));
-
   return {
     body: omit(dbclient.undbify(doc),
       ['last_rated_usage_id', 'aggregated_usage_id', 'accumulated_usage_id'])
@@ -820,9 +827,10 @@ routes.get(
 
 routes.get(
   '/v1/metering/organizations/:organization_id/spaces/:space_id/' +
-  'resource_instances/:resource_instance_id/consumers/:consumer_id/plans/' +
-  ':plan_id/metering_plans/:metering_plan_id/rating_plans/:rating_plan_id/' +
-  'pricing_plans/:pricing_plan_id/t/:t/aggregated/usage/:time',
+  'resource_id/:resource_id/resource_instances/:resource_instance_id/' +
+  'consumers/:consumer_id/plans/:plan_id/metering_plans/:metering_plan_id/' +
+  'rating_plans/:rating_plan_id/pricing_plans/:pricing_plan_id/' +
+  't/:t/aggregated/usage/:time',
   throttle(retrieveResourceInstanceUsage));
 
 // Retrieve a usage summary using a GraphQL query
@@ -831,6 +839,9 @@ routes.get(
     debug(
       'Retrieving rated usage using graphql query %s', req.params.query);
 
+    if (secured())
+      oauth.authorize(req.headers && req.headers.authorization, sysScopes());
+
     const q = req.headers && req.headers.authorization ?
       req.params.query.replace(/(.*)\((.*)/,
       '$1(authorization: "' + req.headers.authorization + '", $2') :
@@ -853,9 +864,6 @@ routes.get(
         });
     }
 
-    if (secured())
-      oauth.authorize(req.headers && req.headers.authorization, sysScopes(doc));
-
     return {
       body: omit(dbclient.undbify(doc.data),
         ['last_rated_usage_id', 'aggregated_usage_id', 'accumulated_usage_id',
diff --git a/lib/aggregation/reporting/src/test/test.js b/lib/aggregation/reporting/src/test/test.js
