Merge pull request #30 from Traceableai/edge-decision-svc

ENG-53074: adding edge decision svc config

ENV_VARS.md

@@ -27,6 +27,11 @@ Agents can be configured using environment variables:
 | TA_BLOCKING_CONFIG_RESPONSE_STATUS_CODE | Allows user to set a custom blocking status code value |
 | TA_BLOCKING_CONFIG_MAX_RECURSION_DEPTH | Setting a maximum allowed depth for recursion while parsing combination policies |
 | TA_BLOCKING_CONFIG_RESPONSE_MESSAGE | Allows user to set a custom blocking message |
+| TA_BLOCKING_CONFIG_EDGE_DECISION_SERVICE_ENABLED | When `true` EdgeDecisionService based evaluation is enabled to block requests |
+| TA_BLOCKING_CONFIG_EDGE_DECISION_SERVICE_ENDPOINT | Represents the endpoint of the EdgeDecisionService |
+| TA_BLOCKING_CONFIG_EDGE_DECISION_SERVICE_TIMEOUT_MS | Max timeout for calls to EdgeDecisionService |
+| TA_BLOCKING_CONFIG_EDGE_DECISION_SERVICE_INCLUDE_PATH_REGEXES | Specify regexes which will be matched with http.url attribute to do EdgeDecisionService evaluation. The values should be separated by `,`. |
+| TA_BLOCKING_CONFIG_EDGE_DECISION_SERVICE_EXCLUDE_PATH_REGEXES | Specify regexes which will be matched with http.url attribute to exclude spans from EdgeDecisionService evaluation. The values should be separated by `,`. |
 | TA_DEBUG_LOG |  |
 | TA_REMOTE_CONFIG_ENABLED | Denotes if config needs to be fetched from remote or not |
 | TA_REMOTE_CONFIG_ENDPOINT | Denotes the agentmanager endpoint to connect to for config. eg: localhost:5441 |
@@ -53,3 +58,4 @@ Agents can be configured using environment variables:
 | TA_METRICS_CONFIG_LOGGING_ENABLED | Set this flag to print metrics in logs |
 | TA_METRICS_CONFIG_LOGGING_FREQUENCY | Set the frequency at which metrics should be printed. Examples are '1s', '2m', '3h'. Default value is 30m |
 | TA_ENVIRONMENT | Represents the environment name of agent |
+| TA_AGENT_TOKEN | Represents the agent token to be used by the agent |

Makefile

@@ -18,7 +18,7 @@ generate-proto:
 	$(MAKE) -C ./tools/hypertrace/agent-config/tools/go-generator
 
 	@echo "Tidy generated modules."
-	@find $(PWD)/gen/go \( -name vendor -o -name '[._].*' -o -name node_modules \) -prune -o -name go.mod -print | sed 's:/go.mod::' | xargs -I {} bash -c 'cd {}; go mod tidy -go=1.19'
+	@find $(PWD)/gen/go \( -name vendor -o -name '[._].*' -o -name node_modules \) -prune -o -name go.mod -print | sed 's:/go.mod::' | xargs -I {} bash -c 'cd {}; go mod tidy'
 
 	@# Run gen/go load sanity tests
 	cd $(PWD)/gen/go && go test ./...

gen/go/go.mod

@@ -1,11 +1,11 @@
 module github.com/Traceableai/agent-config/gen/go
 
-go 1.19
+go 1.23.2
 
 require (
 	github.com/ghodss/yaml v1.0.0
 	github.com/stretchr/testify v1.9.0
-	google.golang.org/protobuf v1.34.2
+	google.golang.org/protobuf v1.35.1
 )
 
 require (

gen/go/go.sum

@@ -3,13 +3,15 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=

gen/go/proto/v1/config.proto

@@ -20,6 +20,8 @@ message AgentConfig {
   MetricsConfig metrics_config = 9;
   // represents the environment name of agent
   google.protobuf.StringValue environment = 10;
+  // represents the agent token to be used by the agent
+  google.protobuf.StringValue agent_token = 11;
 }
 
 // Opa covers the options related to the mechanics for getting Open Policy Agent configuration file.
@@ -64,6 +66,9 @@ message BlockingConfig {
 
   // Allows user to set a custom blocking message
   google.protobuf.StringValue response_message = 10;
+
+  // EdgeDecisionService based evaluator configuration
+  EdgeDecisionServiceConfig edge_decision_service = 11;
 }
 
 message ModsecurityConfig {
@@ -137,10 +142,10 @@ message LogFileConfig {
 }
 
 message MetricsLogConfig {
-    // set this flag to print metrics in logs
-    google.protobuf.BoolValue enabled = 1;
-    // set the frequency at which metrics should be printed. Examples are '1s', '2m', '3h'. Default value is 30m
-    google.protobuf.StringValue frequency = 2;
+  // set this flag to print metrics in logs
+  google.protobuf.BoolValue enabled = 1;
+  // set the frequency at which metrics should be printed. Examples are '1s', '2m', '3h'. Default value is 30m
+  google.protobuf.StringValue frequency = 2;
 }
 
 message EndpointMetricsConfig {
@@ -169,16 +174,29 @@ enum SpanType {
 }
 
 message RateLimitConfig {
-      // set this flag to enable rate limiter
-      google.protobuf.BoolValue enabled = 1;
-      // total number of requests to be rate limited in a given time window
-      google.protobuf.Int64Value max_count_global = 2;
-      // number of requests per endpoint to be rate limited in a given time window
-      google.protobuf.Int64Value max_count_per_endpoint = 3;
-      // set the interval for rate limiter buckets to be reset. Examples are '1s', '2m', '3h'. 
-      google.protobuf.StringValue refresh_period = 4;
-      // set the interval for rate limiter cache to be reset. Examples are '1s', '2m', '3h'. 
-      google.protobuf.StringValue value_expiration_period = 5;
-      // set the span type for rate limited spans
-      SpanType span_type = 6;
+  // set this flag to enable rate limiter
+  google.protobuf.BoolValue enabled = 1;
+  // total number of requests to be rate limited in a given time window
+  google.protobuf.Int64Value max_count_global = 2;
+  // number of requests per endpoint to be rate limited in a given time window
+  google.protobuf.Int64Value max_count_per_endpoint = 3;
+  // set the interval for rate limiter buckets to be reset. Examples are '1s', '2m', '3h'. 
+  google.protobuf.StringValue refresh_period = 4;
+  // set the interval for rate limiter cache to be reset. Examples are '1s', '2m', '3h'. 
+  google.protobuf.StringValue value_expiration_period = 5;
+  // set the span type for rate limited spans
+  SpanType span_type = 6;
+}
+
+message EdgeDecisionServiceConfig {
+  // when `true` EdgeDecisionService based evaluation is enabled to block requests
+  google.protobuf.BoolValue enabled = 1;
+  // endpoint represents the endpoint of the EdgeDecisionService
+  google.protobuf.StringValue endpoint = 2;
+  // max timeout for calls to EdgeDecisionService
+  google.protobuf.Int32Value timeout_ms  = 3;
+  // specify regexes which will be matched with http.url attribute to do EdgeDecisionService evaluation.
+  repeated google.protobuf.StringValue include_path_regexes = 4;
+    // specify regexes which will be matched with http.url attribute to exclude spans from EdgeDecisionService evaluation.
+  repeated google.protobuf.StringValue exclude_path_regexes = 5;
 }