From d2cf05e97bb4fb7ecac4edc61ee9fa392d0b098c Mon Sep 17 00:00:00 2001
From: KyleWiese <kwiese@google.com>
Date: Thu, 26 Sep 2024 20:47:26 +0000
Subject: [PATCH] For analytics records, upload a singular product that was
 used for an authorized operation. This replaces the existing functionality
 that picked a random matching product from the credential

---
 analytics/record.go     | 6 +-----
 auth/context.go         | 1 +
 product/manager.go      | 1 +
 product/product.go      | 2 ++
 product/product_test.go | 2 ++
 5 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/analytics/record.go b/analytics/record.go
index 85557c4..98c041e 100644
--- a/analytics/record.go
+++ b/analytics/record.go
@@ -86,13 +86,9 @@ func (r Record) EnsureFields(authContext *auth.Context) Record {
 	r.ClientID = authContext.ClientID
 	r.Organization = authContext.Organization()
 	r.Environment = authContext.Environment()
-
 	r.GatewayFlowID = uuid.New().String()
+	r.APIProduct = authContext.AnalyticsProduct
 
-	// select arbitrary APIProduct
-	if len(authContext.APIProducts) > 0 {
-		r.APIProduct = authContext.APIProducts[0]
-	}
 	return r
 }
 
diff --git a/auth/context.go b/auth/context.go
index f949f3b..57eec7a 100644
--- a/auth/context.go
+++ b/auth/context.go
@@ -47,6 +47,7 @@ type Context struct {
 	Scopes           []string
 	APIKey           string
 	CustomAttributes string
+	AnalyticsProduct string // A single product to attatch to analytics records based on matched operations.
 }
 
 // if claims can't be processed, returns error and sets no fields
diff --git a/product/manager.go b/product/manager.go
index 9d77b2e..4391ae5 100644
--- a/product/manager.go
+++ b/product/manager.go
@@ -82,6 +82,7 @@ type AuthorizedOperation struct {
 	QuotaLimit    int64
 	QuotaInterval int64
 	QuotaTimeUnit string
+	APIProduct    string
 }
 
 // Authorize a request against API Products and its Operations
diff --git a/product/product.go b/product/product.go
index 5960ad6..ec9f1b1 100644
--- a/product/product.go
+++ b/product/product.go
@@ -318,6 +318,7 @@ func (p *APIProduct) authorize(authContext *auth.Context, api, path, method stri
 					QuotaLimit:    p.QuotaLimitInt,
 					QuotaInterval: p.QuotaIntervalInt,
 					QuotaTimeUnit: p.QuotaTimeUnit,
+					APIProduct:    p.Name,
 				}
 				// OperationConfig quota is an override
 				if oc.Quota != nil && oc.Quota.LimitInt > 0 {
@@ -353,6 +354,7 @@ func (p *APIProduct) authorize(authContext *auth.Context, api, path, method stri
 		QuotaLimit:    p.QuotaLimitInt,
 		QuotaInterval: p.QuotaIntervalInt,
 		QuotaTimeUnit: p.QuotaTimeUnit,
+		APIProduct:    p.Name,
 	})
 	hint = "    authorized\n"
 
diff --git a/product/product_test.go b/product/product_test.go
index 4629f5a..ac2dafe 100644
--- a/product/product_test.go
+++ b/product/product_test.go
@@ -196,6 +196,7 @@ func TestAuthorize(t *testing.T) {
 			wantAuthOp: &AuthorizedOperation{
 				ID:         "Name 2-prod-foo@google.com-app",
 				QuotaLimit: productsMap["Name 2"].QuotaLimitInt,
+				APIProduct: "Name 2",
 			},
 			wantHints: `Authorizing request:
 			environment: prod
@@ -255,6 +256,7 @@ func TestAuthorize(t *testing.T) {
 			wantAuthOp: &AuthorizedOperation{
 				ID:         "Name 1-prod-foo@google.com-app",
 				QuotaLimit: productsMap["Name 1"].QuotaLimitInt,
+				APIProduct: "Name 1",
 			},
 			wantHints: `Authorizing request:
 			environment: prod