feat(api): restrict timeline buckets per check config

Author: pixel365

examples/checks/api-checks.yaml

@@ -10,6 +10,7 @@ checks:
     retries: 3
     failure_threshold: 3
     success_threshold: 1
+    allowed_buckets: [ minute, hour ]
     tags: [ public, critical ]
     spec:
       url: http://localhost:8080
@@ -38,6 +39,7 @@ checks:
     retries: 3
     failure_threshold: 3
     success_threshold: 1
+    allowed_buckets: [ minute, hour ]
     tags: [ public, critical ]
     spec:
       host: localhost
@@ -57,6 +59,7 @@ checks:
     retries: 3
     failure_threshold: 3
     success_threshold: 1
+    allowed_buckets: [ minute, hour ]
     tags: [ internal, critical ]
     spec:
       host: localhost
@@ -80,6 +83,7 @@ checks:
     retries: 3
     failure_threshold: 3
     success_threshold: 1
+    allowed_buckets: [ minute, hour ]
     tags: [ public, critical ]
     spec:
       server: 8.8.8.8
@@ -100,6 +104,7 @@ checks:
     retries: 2
     failure_threshold: 2
     success_threshold: 1
+    allowed_buckets: [ hour, day ]
     tags: [ public, security ]
     spec:
       host: api.example.com

internal/api/handlers.go

@@ -218,51 +218,91 @@ func (h *Handler) timelineFilterFromRequest(
 
 	filter.Bucket = model.CheckExecutionBucket(query.Get("bucket"))
 
-	interval, err := h.checkInterval(filter.ServiceID, filter.CheckID)
+	fields, err := h.checkFields(filter.ServiceID, filter.CheckID)
 	if err != nil {
 		return filter, err
 	}
-	filter.Interval = interval
+	filter.Interval = fields.Interval
+
+	if !isAllowedBucket(filter.Bucket, fields.AllowedBuckets) {
+		return filter, fmt.Errorf(
+			"bucket %q is not allowed for check %s/%s; allowed buckets: %v",
+			filter.Bucket,
+			filter.ServiceID,
+			filter.CheckID,
+			allowedBuckets(fields.AllowedBuckets),
+		)
+	}
 
 	return filter, filter.Validate()
 }
 
-func (h *Handler) checkInterval(serviceID, checkID string) (time.Duration, error) {
+func allowedBuckets(allowed []string) []string {
+	if len(allowed) > 0 {
+		return allowed
+	}
+
+	return []string{
+		string(model.CheckExecutionBucketMinute),
+		string(model.CheckExecutionBucketHour),
+	}
+}
+
+func isAllowedBucket(bucket model.CheckExecutionBucket, allowed []string) bool {
+	if bucket == "" {
+		bucket = model.CheckExecutionBucketMinute
+	}
+
+	if len(allowed) == 0 {
+		return bucket == model.CheckExecutionBucketMinute ||
+			bucket == model.CheckExecutionBucketHour
+	}
+
+	for i := range allowed {
+		if model.CheckExecutionBucket(allowed[i]) == bucket {
+			return true
+		}
+	}
+
+	return false
+}
+
+func (h *Handler) checkFields(serviceID, checkID string) (config.CheckFields, error) {
 	cfg := h.cfgProvider.Current()
 
-	if interval, ok := checkInterval(cfg.HttpChecks, serviceID, checkID); ok {
-		return interval, nil
+	if fields, ok := checkFields(cfg.HttpChecks, serviceID, checkID); ok {
+		return fields, nil
 	}
 
-	if interval, ok := checkInterval(cfg.TCPChecks, serviceID, checkID); ok {
-		return interval, nil
+	if fields, ok := checkFields(cfg.TCPChecks, serviceID, checkID); ok {
+		return fields, nil
 	}
 
-	if interval, ok := checkInterval(cfg.GRPCChecks, serviceID, checkID); ok {
-		return interval, nil
+	if fields, ok := checkFields(cfg.GRPCChecks, serviceID, checkID); ok {
+		return fields, nil
 	}
 
-	if interval, ok := checkInterval(cfg.DNSChecks, serviceID, checkID); ok {
-		return interval, nil
+	if fields, ok := checkFields(cfg.DNSChecks, serviceID, checkID); ok {
+		return fields, nil
 	}
 
-	if interval, ok := checkInterval(cfg.TLSChecks, serviceID, checkID); ok {
-		return interval, nil
+	if fields, ok := checkFields(cfg.TLSChecks, serviceID, checkID); ok {
+		return fields, nil
 	}
 
-	return 0, fmt.Errorf("check %s/%s not found", serviceID, checkID)
+	return config.CheckFields{}, fmt.Errorf("check %s/%s not found", serviceID, checkID)
 }
 
-func checkInterval[T any](
+func checkFields[T any](
 	checks map[string]config.TypedCheck[T],
 	serviceID string,
 	checkID string,
-) (time.Duration, bool) {
+) (config.CheckFields, bool) {
 	for i := range checks {
 		if checks[i].Service == serviceID && checks[i].ID == checkID {
-			return checks[i].Interval, true
+			return checks[i].CheckFields, true
 		}
 	}
 
-	return 0, false
+	return config.CheckFields{}, false
 }

internal/app/manager.go

@@ -390,5 +390,6 @@ func sameCheckFields(a, b config.CheckFields) bool {
 		a.FailureThreshold == b.FailureThreshold &&
 		a.SuccessThreshold == b.SuccessThreshold &&
 		a.Interval == b.Interval &&
+		slices.Equal(a.AllowedBuckets, b.AllowedBuckets) &&
 		a.Enabled == b.Enabled
 }

internal/config/model.go

@@ -65,22 +65,20 @@ type Service struct {
 	Description string `yaml:"description" json:"description" validate:"omitempty,min=1"`
 }
 
+//nolint:lll
 type CheckFields struct {
-	ID      string `yaml:"id"      json:"id"      validate:"required,min=1"`
-	Name    string `yaml:"name"    json:"name"    validate:"required,min=1"`
-	Service string `yaml:"service" json:"service" validate:"required,min=1"`
-
-	Type CheckType `yaml:"type" json:"type" validate:"required,oneof=http tcp grpc tls dns"`
-
-	//nolint:lll,nolintlint
-	Tags []string `yaml:"tags" json:"tags" validate:"omitempty,min=1,dive,min=1"`
-
-	Timeout          time.Duration `yaml:"timeout"           json:"timeout"           validate:"required,gt=0ms"`
+	ID               string        `yaml:"id"                json:"id"                validate:"required,min=1"`
+	Name             string        `yaml:"name"              json:"name"              validate:"required,min=1"`
+	Service          string        `yaml:"service"           json:"service"           validate:"required,min=1"`
+	Type             CheckType     `yaml:"type"              json:"type"              validate:"required,oneof=http tcp grpc tls dns"`
+	Tags             []string      `yaml:"tags"              json:"tags"              validate:"omitempty,min=1,dive,min=1"`
+	AllowedBuckets   []string      `yaml:"allowed_buckets"   json:"allowed_buckets"   validate:"omitempty,dive,oneof=second minute hour day"`
 	Jitter           time.Duration `yaml:"jitter"            json:"jitter"            validate:"gte=0"`
 	Retries          int           `yaml:"retries"           json:"retries"           validate:"required,gte=0"`
 	FailureThreshold int           `yaml:"failure_threshold" json:"failure_threshold" validate:"required,gte=1"`
 	SuccessThreshold int           `yaml:"success_threshold" json:"success_threshold" validate:"required,gte=1"`
 	Interval         time.Duration `yaml:"interval"          json:"interval"          validate:"required,gt=0ms"`
+	Timeout          time.Duration `yaml:"timeout"           json:"timeout"           validate:"required,gt=0ms"`
 	Enabled          bool          `yaml:"enabled"           json:"enabled"`
 }