Application detection rules: Multiple rules matching the same application not working

[didiladi]

Describe the bug
We discovered that sadly, monaco doesn't support multiple application detection rules mapping to the same application. This is a result from the API implementation, which makes this use case impossible to handle correctly by monaco.

How to reproduce
To give a concrete example, the following does not work:

Yaml configuration:

config:
  - app-detection-rule-1: app-detection-rule-1.json
  - app-detection-rule-2: app-detection-rule-2.json

app-detection-rule-1:
  - name: "Application Detection Rule 1"
  - applicationId: "APPLICATION-0123456789123456"

app-detection-rule-2:
  - name: "Application Detection Rule 2"
  - applicationId: "APPLICATION-0123456789123456"

app-detection-rule-1.json:

{
  "applicationIdentifier": "{{ .applicationId }}",
  "filterConfig": {
    "pattern": "www.test1.",
    "applicationMatchType": "BEGINS_WITH",
    "applicationMatchTarget": "URL"
  }
}

app-detection-rule-2.json:

{
  "applicationIdentifier": "{{ .applicationId }}",
  "filterConfig": {
    "pattern": "www.test2.",
    "applicationMatchType": "BEGINS_WITH",
    "applicationMatchTarget": "URL"
  }
}

Log output
When trying to apply this configuration, the following error occurs:

2020-12-17 20:21:37 ERROR Deployment to workshop failed with error Failed to upsert DT object app-detection-rule-1 (HTTP 400)!
    Response was: {"error":{"code":400,"message":"Constraints violated.","constraintViolations":[{"path":"","message":"Given application detection rule duplicates rule <SOME ID>,"parameterLocation":"PAYLOAD_BODY","location":null}]}}, responsible config: monaco/projects/project/app-detection-rule/app-detection-rule-1.json

Why is this an issue?

The API does not specify a name for an application detection rule and does not return this information in the GET call. Instead, the name of a application detection rule is generated from the application's name, thus resulting in duplicate names for the above use case. And monaco needs the names to be unique to work properly, because its using the config's name to identify a given configuration.

Environment (please complete the following information):
Not related to any specific environment.

Expected behavior

For now, we can document that this use case is not supported in monaco. You need to have 1:1 relation between application detection rule and application.

I'm afraid there is no proper fix in monaco. However, what we can do:

• For application detection rules only:
  • When the configs were downloaded (Download current environment configuration #19)
    • Allow ids in the jsons and extract the id from the json. Use this id in the PUT
    • Allow duplicate names
    • This means that the existing configuration can be used and distributed to other environments. A user can update the existing configs, but not add more than 1 rule for a application.
  • When starting from scratch
    • The limitation of the 1:1 mapping between application and the application detection rule is applied
    • We validate if this limitation would be hit and throw an error if this is the case.

In addition to that, I will create a bug ticket for the engineering team to extend the API.

[ghost]

The impact of this extends to multiple executions of monaco with only one rule defined as @arunkrishnan-dt and I discovered today:

Assume 1 application and app-detection-rule. First run, everything is fine. Second run:

ERROR Deployment to arun_test_environment failed with error Failed to upsert DT object APP-DETECTION-RULE-NAME(HTTP 400)!
    Response was: {"error":{"code":400,"message":"Constraints violated.","constraintViolations":[{"path":"","message":"Given application detection rule duplicates rule ***","parameterLocation":"PAYLOAD_BODY","location":null}]}}, responsible config: projects\***\app-detection-rule\app-detection-rule.json

[didiladi]

Fantastic news: The engineering team will provide a fix for the API in 1.210.x. 🥇 🚀

[163a]

Thankyou for this issue, because I thought I was going crazy. For reference, I tried to re-use a single JSON for multiple app rules and thought it should be possible.

common_detection_rules.json

{
  "applicationIdentifier": "{{ .app_identifier }}",
  "filterConfig": {
    "pattern": "{{ .pattern }}",
    "applicationMatchType": "{{ .match_operator }}",
    "applicationMatchTarget": "{{ .match_target }}"
  }
}

Interestingly, even though 'name' is never used by this config, it cannot be omitted.

"ERROR... ...please make sure name is defined"

rum_rules.yaml

config:
  - webapp_rule_1: "common_detection_rules.json"
  - webapp_rule_2: "common_detection_rules.json"
  - webapp_rule_3: "common_detection_rules.json"
  
webapp_rule_1:
  - name: "projects/demo/application/demo_web_application.name"
  - app_identifier: "projects/demo/application/demo_web_application.id"
  - pattern: "frontend"
  - match_operator: "BEGINS_WITH"
  - match_target: "DOMAIN"

webapp_rule_2:
  - name: "projects/demo/application/demo_web_application.name"
  - app_identifier: "projects/demo/application/demo_web_application.id"
  - pattern: "demo.local"
  - match_operator: "MATCHES"
  - match_target: "DOMAIN"

webapp_rule_3:
  - name: "projects/demo/application/demo_web_application.name"
  - app_identifier: "projects/demo/application/demo_web_application.id"
  - pattern: "/demo"
  - match_operator: "CONTAINS"
  - match_target: "URL"

[didiladi]

If you run into the problem, just add the name property into the config. E.g.

{
  "name": "{{.name}}",
  "applicationIdentifier": "{{ .app_identifier }}",
  "filterConfig": {
    "pattern": "{{ .pattern }}",
    "applicationMatchType": "{{ .match_operator }}",
    "applicationMatchTarget": "{{ .match_target }}"
  }
}

The API was fixed in 1.210.x. -> Closing the issue