feat: add runtime parity for handling both ElasticSearch 6 and 7 upstreams (#51)

* feat: support es version > 7.0

* feat: add logs

* feat: update es version

* feat(build): reduce docker image size

* fix: PATCH user and permissions endpoint

* fix: size issue in logs

* feat: add billing

* Update main.go

* fix: Use tier_validity from accapi

* fix: resolve comments

* fix: update validity check condition

* fix: request logs at index level

* fix: billing env & remove email

* update accapi

* fix: remove subscription id

* fix: minor fixes

* add logs

* fix: minor fixes

* fix: update request

* fix: remove subscription id

* fix: update URL

* fix: remove fmt.Println(..) log

* fix: minor fixes

* fix: minor fixes

* fix: update URL

* fix: update arc instance endpoint

* fix: update URL

* feat: allow self signed certs

* fix: handle invalid ARC_ID + minor fixes

* fix: Rename variable

* Refactor: Enhancements + fixes to the billing mechanism (#24)

* test: use local ACC_API URL for test

* wip: add debug log

* wip: add debug log

* wip: add debug log

* wip: handle case where time validity = 0

* wip: fix time_validity value while a user is in trial

* fix: export ArcInstanceDetails and NodeCount

- make sure nodes are counted at init time irrespective of a valid subscription_id and report usage call

* fix: set type of NodeCount to int

* format: remove debug statements

* fix: handle case of an invalid ARC_ID

* format: improve error message for env not found

* fix: Modified query path for Patch Permission test

* feat: expose billing variable from util.go (#26)

* Add support for custom jwt usename key

The usename could be both for users & permissions

* Fix indentation

* feat: sync to dev

* Add support for modifying/deleting role in
permission using PATCH request

Also add GET handler for getting a permission
using role

* Fix indentation

* feat: allow self signed certs

* fix: es7 changes

* fixed middleware test of plugin

* fix: permission + post user

* fix: permission + post user (#29)

* RBAC: Add routes to GET/SET public key (#27)

* Create CRUD permission handlers for roles

* feat: add routes to GET/SET public key

* fix: minor fixes

* Fix: get public key route if es index is not present (#30)

* fix: permission + post user

* fix: get public key route if es index is not present

* Fixed getCredentialsTest of dao

* Fixed minor bug

* Fixed putPermissionTest of dao

* Fixed jwt token tests

* Minor change

* Made tests for handlers and completed methods for middleware

* Minor changes

* feat: support custom headers (#34)

* feat: add report usage for hosted cluster (#33)

* wip: add flag for hosted billing

* feat: add cron for reporting arc cluster usage

* fix: remove encryption

* Modified tests

* fix: allow sources check to pass if all is set

* handles IPv6 match case

* fix(permission): update referers error message

* feat: validate plan

* feat: add suggestions category

* feat: add limits for missing categories

* fix: plan validation for hosted billing

* fix: change the plan validation logic

* fix: auth header redirection

* feat: fetch & set cluster plan

* fix: minor fixes

* feat: improve validat

* fix: minor category fix

* fix: minor fixes

* fix: suggestions category

* fix: minor fixes

* fix: update URL

* add build flags

* fix: minor fixes

* feat: apply billing middleware for cluster plans

* fix: revert ACC_API url

* fix: stop execution if arc instance is not present

* fix(billing): hosted arc (#41)

* fix: arc_hosted billing

* fix: serious billing issue with time_validity

* feat: add ingnoreBillingMiddleware flag

* fix: revert acc_api

* fix: minor fixes

* fix: minor changes

* fix: docker file (#42)

change CMD -> ENTRYPOINT
add shared-docker volume path creation

* chore: adds default CMD, ignore config files

* fix: fallback to highest plan when billing is disabled

* fix: minor fixes

* mock: proxy getRawLogs() to work with ES v6 and ES v7

* wip: move es client instantiation to a separate file

* chore: update to use the new endpoint route

* test

* fix: use consistent report_usage URI

* fix: update report_usage route

* fix: time_validity in self-hosted billing

* fix: test

* fix: blacklist subscription route

* fix: blacklist plan route

* fix: revert ACC_API

* fix(auth): authentication bug with JWT

* fix a bug where role name should be queried against .keyword field
* fix bug where JWT key from environment variables would override values
set in DB
* fix a crash where the role key isn't present in JWT claims
* format error messages related to username/role authentication for better comprehension

* chore: transform POST search request to GET requests (#43)

* fix: remove CMD preset

* fix: test accapi

* fix: remove use of arc_id

* fix: revert accapi

* fix: set retrier max limit to 8 sec (from 8 ms)

* hotfix: add retry logic to ES proxy

* feat: use retrable (#46)

* feat: add support for source_filtering

* feat: apply source filtering for msearch

* feat: support es6 in logs plugin

* feat: add support for es6 in auth plugin

* refactor: parity changes

* chore: change the func name

* feat: add support for es6 in permissions plugin

* feat: add support for es6 in reindexer plugin

* feat: add es6 support for users plugin

* chore: refactor auth plugin

* chore: refactor logs

* chore: refactor permissions

* fix: warnings

* fix: test cases

* chore: update to go1.13

* chore: remove test cases + initialize e2e test

* fix: GET permissions for es6

* fix: es6 issues in users and permissions

* chore: add test cases for permissions

* chore: add users plugins test

* fix: minor fixes

* fix: minor fixes

Author: bietkul

.gitignore

@@ -6,3 +6,5 @@ build
 *.http
 
 tags
+
+config

Dockerfile

@@ -1,21 +1,55 @@
-FROM golang:1.11-alpine as build
+FROM golang:1.13-alpine as builder
+
+# Default value
+# Run `--build-arg BILLING=true` to enable billing
+ARG BILLING=false
+ENV BILLING="${BILLING}"
+
+# Run `--build-arg HOSTED_BILLING=true` to enable billing for hosted arc
+ARG HOSTED_BILLING=false
+ENV HOSTED_BILLING="${HOSTED_BILLING}"
+
+# Run `--build-arg CLUSTER_BILLING=true` to enable billing for clusters
+ARG CLUSTER_BILLING=false
+ENV CLUSTER_BILLING="${CLUSTER_BILLING}"
+
+# Run `--build-arg IGNORE_BILLING_MIDDLEWARE=true` to disable billing middleware for testing
+ARG IGNORE_BILLING_MIDDLEWARE=false
+ENV IGNORE_BILLING_MIDDLEWARE="${IGNORE_BILLING_MIDDLEWARE}"
+
+# Run `--build-arg PLAN_REFRESH_INTERVAL=X` to change the default interval of 1 hour, where 'X' is an integer represent the hours unit
+ARG PLAN_REFRESH_INTERVAL=1
+ENV PLAN_REFRESH_INTERVAL="${PLAN_REFRESH_INTERVAL}"
 
 # Install tools required for project
 # Run `docker build --no-cache .` to update dependencies
 RUN apk add --no-cache build-base git
 WORKDIR /arc
 
 # List project dependencies with go.mod and go.sum
-COPY go.mod .
-COPY go.sum .
+COPY go.mod go.sum ./
 
 # Install library dependencies
-RUN go mod download 
+RUN go mod download
 
 # Copy the entire project and build it
 # This layer is rebuilt when a file changes in the project directory
 COPY . .
 RUN make
 
+# Final stage: Create the running container
+FROM alpine:3.10.1 AS final
+
+# Get ca certs, for making api calls
+RUN apk add --no-cache ca-certificates
+
+
+# Create env folder
+RUN mkdir /arc-data && touch /arc-data/.env && chmod 777 /arc-data/.env
+
+# Import the compiled executable from the first stage.
+COPY --from=builder /arc /arc
+WORKDIR /arc
+
 EXPOSE 8000
-CMD ["build/arc", "--log", "stdout", "--plugins"]
+ENTRYPOINT ["build/arc", "--log", "stdout", "--plugins"]

Makefile

@@ -9,7 +9,7 @@ PLUGIN_MAIN_LOC_FUNC=plugins/$(1)/main/$(1).$(2)
 PLUGIN_LOC_FUNC=$(foreach PLUGIN,$(PLUGINS),$(call PLUGIN_MAIN_LOC_FUNC,$(PLUGIN),$(1)))
 
 cmd: plugins
-	$(GC) -o $(BUILD_DIR)/arc main.go
+	$(GC) -ldflags "-w -X main.Billing=$(BILLING) -X main.HostedBilling=$(HOSTED_BILLING) -X main.ClusterBilling=$(CLUSTER_BILLING) -X main.PlanRefreshInterval=$(PLAN_REFRESH_INTERVAL) -X main.IgnoreBillingMiddleware=$(IGNORE_BILLING_MIDDLEWARE)" -o $(BUILD_DIR)/arc main.go
 
 plugins: $(call PLUGIN_LOC_FUNC,so)
 

README.md

@@ -1,6 +1,6 @@
 # Arc
 
-Arc is a simple, modular API Gateway that sits between a client and an [ElasticSearch](https://elastic.co) cluster. It acts as a reverse proxy, routing requests from clients to services. Arc is extended through plugins, which provide extra functionality and services beyond the ElasticSearch's RESTful API. It can perform various cross-cutting tasks such as basic authentication, logging, rate-limiting, source/referers whitelisting, analytics etc. These functionalities can clearly be extended by adding a plugin encapsulating a desired  functionality. It also provides some useful abstractions that helps in managing and controlling the access 
+Arc is a simple, modular API Gateway that sits between a client and an [ElasticSearch](https://elastic.co) cluster. It acts as a reverse proxy, routing requests from clients to services. Arc is extended through plugins, which provide extra functionality and services beyond the ElasticSearch's RESTful API. It can perform various cross-cutting tasks such as basic authentication, logging, rate-limiting, source/referers whitelisting, analytics etc. These functionalities can clearly be extended by adding a plugin encapsulating a desired  functionality. It also provides some useful abstractions that helps in managing and controlling the access
 to ElasticSearch's RESTful API.
 
 ## Table of contents
@@ -14,10 +14,10 @@ to ElasticSearch's RESTful API.
 
 ## Overview
 
-When Arc is deployed, every client request being made to the Elasticsearch 
-will hit Arc first and then be proxied to the Elasticsearch cluster. In between requests and responses, Arc 
-may execute the installed plugins, essentially extending the Elasticsearch API feature set. Arc effectively 
-becomes an entry point for every API request made to Elasticsearch. Arc can be used and deployed against any 
+When Arc is deployed, every client request being made to the Elasticsearch
+will hit Arc first and then be proxied to the Elasticsearch cluster. In between requests and responses, Arc
+may execute the installed plugins, essentially extending the Elasticsearch API feature set. Arc effectively
+becomes an entry point for every API request made to Elasticsearch. Arc can be used and deployed against any
 Elasticsearch cluster (locally and hosted as provided by [Appbase.io](https://appbase.io)).
 
 ```
@@ -60,12 +60,12 @@ In order to run arc, you'll require an Elasticsearch node. There are multiple wa
 
 2. Start a single node Elasticsearch cluster locally
 
-        docker run -d --rm --name elasticsearch -p 9200:9200 -p 9300:9300 --net=arc -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.0
+        docker run -d --rm --name elasticsearch -p 9200:9200 -p 9300:9300 --net=arc -e "discovery.type=single-node" docker.elastic.co/elasticsearch/elasticsearch-oss:7.2.0
 
 3. Start Arc locally
 
         docker build -t arc . && docker run --rm --name arc -p 8000:8000 --net=arc --env-file=config/docker.env arc
-  
+
 For convenience, the steps described above are combined into a single `docker-compose` file. You can execute the file with command:
 
     docker-compose up
@@ -172,16 +172,16 @@ A `User` grants a `Permission` to a certain `User`, predefining its capabilities
 
 #### Category
 
-Categories can be used to control access to data and APIs in Arc. Along with Elasticsearch APIs, Categories cover the APIs provided by Arc itself to allow fine-grained control over the API consumption. For Elasticsearch, Categories broadly resembles to the API [classification](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html) that Elasticsearch 
-provides such as **Document APIs**, **Search APIs**, **Indices APIs** and so on. For Arc, Categories resembles to the 
+Categories can be used to control access to data and APIs in Arc. Along with Elasticsearch APIs, Categories cover the APIs provided by Arc itself to allow fine-grained control over the API consumption. For Elasticsearch, Categories broadly resembles to the API [classification](https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html) that Elasticsearch
+provides such as **Document APIs**, **Search APIs**, **Indices APIs** and so on. For Arc, Categories resembles to the
 additional APIs on top of Elasticsearch APIs, such as analytics and book keeping. Refer to category [docs](https://github.com/appbaseio/arc/blob/ugo/update-readme/31-12-2018/docs/categories.md) for the list of
 categories that Arc supports.
 
 #### ACL
 
 ACLs allow a fine grained control over the Elasticsearch APIs in addition to the Categories. Each ACL resembles an
-action performed by an Elasticsearch API. For brevity, setting and organising Categories automatically sets the default 
-ACLs associated with the set Categories. Setting ACLs adds just another level of control to provide access to 
+action performed by an Elasticsearch API. For brevity, setting and organising Categories automatically sets the default
+ACLs associated with the set Categories. Setting ACLs adds just another level of control to provide access to
 Elasticsearch APIs within a given Category. Refer to acl [docs](https://github.com/appbaseio/arc/blob/ugo/update-readme/31-12-2018/docs/acls.md) for the list of acls that Arc supports.
 
 #### Op
@@ -194,8 +194,8 @@ of the plugin. Operation is currently classified into three kinds:
 - `Write`: operation permits write requests exclusively.
 - `Delete`: operation permits delete requests exclusively.
 
-In order to allow a user or permission to make requests that involve modifying the data, a combination of the above 
-operations would be required. For example: `["read", "write"]` operation would allow a user or permission to perform 
+In order to allow a user or permission to make requests that involve modifying the data, a combination of the above
+operations would be required. For example: `["read", "write"]` operation would allow a user or permission to perform
 both read and write requests but would forbid making delete requests.
 
 #### Request Logging

config/manual-http-jwt.env

@@ -3,7 +3,6 @@ ES_CLUSTER_URL=http://127.0.0.1:9200
 USERNAME=foo
 PASSWORD=bar
 
-JWT_RSA_PUBLIC_KEY_DEST=http://localhost:8500/rsa-public
 HTTPS_CERT=sample/server.crt
 HTTPS_KEY=sample/server.key
 JWT_ROLE_KEY=role

docker-compose.yml

@@ -1,7 +1,7 @@
 version: '3'
 services:
   elasticsearch:
-    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.0
+    image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.2.0
     container_name: elasticsearch
     networks:
       - arc

go.mod

@@ -2,21 +2,22 @@ module github.com/appbaseio/arc
 
 require (
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/fortytw2/leaktest v1.2.0 // indirect
 	github.com/gobuffalo/envy v1.6.15 // indirect
 	github.com/gobuffalo/packr v1.22.0
-	github.com/google/go-cmp v0.2.0 // indirect
 	github.com/google/uuid v1.0.0
-	github.com/gorilla/context v1.1.1 // indirect
-	github.com/gorilla/mux v1.6.2
-	github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329 // indirect
-	github.com/olivere/elastic v6.2.16+incompatible
+	github.com/gorilla/mux v1.7.1
+	github.com/hashicorp/go-hclog v0.10.0 // indirect
+	github.com/hashicorp/go-retryablehttp v0.6.3
+	github.com/olivere/elastic v6.2.21+incompatible
+	github.com/olivere/elastic/v7 v7.0.4
+	github.com/robfig/cron v1.1.0
 	github.com/rogpeppe/go-internal v1.2.2 // indirect
 	github.com/rs/cors v1.6.0
 	github.com/siddharthlatest/mustache v0.0.0-20160118163553-00029677272d
+	github.com/smartystreets/goconvey v1.6.4
 	github.com/stretchr/testify v1.3.0
 	github.com/ulule/limiter v2.2.0+incompatible
-	golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc
+	golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
-	gopkg.in/olivere/elastic.v6 v6.2.21
+	gopkg.in/olivere/elastic.v6 v6.2.26
 )