Create Product Consumption Tracking Module

[agzaiyenth]

This pull request introduces a new product_consumption_tracking module to the customer portal backend, enabling the import of deployment usage data via a zip file. It includes the necessary service endpoint, request validation, and supporting types and constants. Supporting dependencies and imports are also updated to integrate the new functionality.

New Product Consumption Tracking Feature:

• Added the product_consumption_tracking module, including:
  • client.bal: Configures an HTTP client with OAuth2 for secure communication.
  • constants.bal: Defines constants for content type and charset.
  • types.bal: Introduces types for OAuth2 config and the deployment usage import response.
  • product_consumption_tracking.bal: Implements the importDeploymentUsage function to handle the import logic.

API and Service Integration:

• Exposed a new POST resource /deployment-usage-import in service.bal to accept zip files, validate requests, and delegate to the new import function.
• Added request validation logic in utils.bal to ensure only valid zip files are processed.

Dependency and Module Configuration:

• Registered the new module and its dependencies (ballerina/url, ballerina/url package) in Dependencies.toml to ensure proper resolution and build. [1] [2] [3]
• Updated imports in service.bal for the new module.

Summary by CodeRabbit

• New Features

  • Added a deployment-usage import endpoint allowing authenticated users to upload ZIP files for product consumption tracking.
  • Added a configured product consumption tracking client (configurable base URL and OAuth2 client-credentials) with retry and timeout handling.

• Bug Fixes / Reliability

  • Added Content-Type validation for ZIP uploads and clearer 400/500 responses for invalid uploads or downstream failures.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new product_consumption_tracking module (types, constants, OAuth2-configured http:Client, import function) and a customer-portal POST endpoint that validates ZIP content and forwards the file to the tracking service; updates Dependencies.toml to register the module.

Changes

Deployment Usage Import Feature

Layer / File(s)	Summary
Type contracts and constants apps/customer-portal/backend/modules/product_consumption_tracking/types.bal, apps/customer-portal/backend/modules/product_consumption_tracking/constants.bal	Public records ClientCredentialsOauth2Config and DeploymentUsageImportResponse and the CONTENT_TYPE_APPLICATION_ZIP constant.
Product tracking client configuration apps/customer-portal/backend/modules/product_consumption_tracking/client.bal	Module-level configurable productConsumptionTrackingBaseUrl and clientCredentialsOauth2Config; builds productConsumptionTrackingClient with OAuth2 client-credentials, HTTP/1.1, keep-alive disabled, 300s timeout, and retry policy (3 attempts, 2s) for transient/server errors.
Import function apps/customer-portal/backend/modules/product_consumption_tracking/product_consumption_tracking.bal	Exported importDeploymentUsage(string email, byte[] zipFile) constructs an http:Request with ZIP binary payload and application/zip, posts via the configured client, and returns `DeploymentUsageImportResponse
HTTP endpoint, validation, and service wiring apps/customer-portal/backend/service.bal, apps/customer-portal/backend/utils.bal	New isolated POST deployment-usage endpoint authenticates via user-info header, calls validateDeploymentUsageImportRequest (ensures ZIP Content-Type), reads binary ZIP payload, invokes product_consumption_tracking:importDeploymentUsage, and maps validation/ZIP-read/import-bad-request errors to HTTP 400; other failures to 500. A single blank-line insertion is present elsewhere.
Dependency manifest updates apps/customer-portal/backend/Dependencies.toml	Adds customer_portal.product_consumption_tracking to the wso2:customer_portal package modules list.

Sequence Diagram

sequenceDiagram
  participant Service as CustomerPortalService
  participant ImportFn as importDeploymentUsage
  participant Client as productConsumptionTrackingClient
  participant External as ExternalTrackingService
  Service->>ImportFn: importDeploymentUsage(email, zip bytes)
  ImportFn->>Client: POST /deployment-usage (application/zip)
  Client->>External: HTTP request (OAuth2 client-credentials)
  External-->>Client: HTTP response
  Client-->>ImportFn: DeploymentUsageImportResponse|error
  ImportFn-->>Service: DeploymentUsageImportResponse|error

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

Type/New Feature, App/Customer Portal, Area/Backend

Suggested reviewers

• cloby99
• shayanmalinda
• chanukaranaba

Poem

🐰 A rabbit hops through portals new,
With ZIPs in paw and auth in view,
It checks the headers, posts with care,
Waits for a response — a tiny hare,
Then nibbles a carrot and bids adieu.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete, missing most required template sections including Purpose, Goals, Approach, User stories, Release notes, Documentation, Training, Certification, Marketing, test details, Security checks, Samples, Related PRs, and Migrations.	Complete the PR description by filling in all required template sections: Purpose/Goals with issue links, Approach with implementation details, User stories, Release notes, Documentation links, and Security checks confirmation.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main change: introducing a new product consumption tracking module to the customer portal backend.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In
`@apps/customer-portal/backend/modules/product_consumption_tracking/client.bal`:
- Around line 31-41: The productConsumptionTrackingClient's retryConfig is
causing unsafe automatic retries for non-idempotent importDeploymentUsage;
remove the retryConfig block (or disable retries) from the
productConsumptionTrackingClient configuration so POSTs won't be automatically
retried, and ensure no other client-level retry is applied to
productConsumptionTrackingClient; reference the retryConfig setting and the
productConsumptionTrackingClient and importDeploymentUsage symbols when locating
the code to change.

In
`@apps/customer-portal/backend/modules/product_consumption_tracking/product_consumption_tracking.bal`:
- Around line 28-29: The code currently appends the user's email into the query
string via the path variable (`string path = string
`/deployment-usage-import?email=${encodedEmail}``) and calls
`productConsumptionTrackingClient->post(path, zipFile, mediaType =
CONTENT_TYPE_APPLICATION_ZIP)` which can leak PII; instead remove the
`?email=...` query param and send the email in a request header (e.g.,
`X-User-Email`) or include it in the authenticated token/context; update the
call to `productConsumptionTrackingClient->post` to use the cleaned path
(`/deployment-usage-import`) and add the header with the `encodedEmail` value
via the client call or its request metadata so the server reads the email from
the header/auth context rather than the URL.

In `@apps/customer-portal/backend/service.bal`:
- Around line 5128-5139: The code calls req.getBinaryPayload() without checking
size—add an explicit max-ZIP-size check before reading the payload (either
inside validateDeploymentUsageImportRequest or immediately before calling
req.getBinaryPayload()) to reject oversized uploads; e.g., determine a
MAX_ZIP_BYTES constant and if the incoming Content-Length (or a
streaming/pre-read size check) exceeds MAX_ZIP_BYTES return the same
<http:BadRequest>{ body: { message: "Upload too large" } } path instead of
calling req.getBinaryPayload(), and ensure any new check uses the same
validationError flow (or sets validationError) so subsequent logic (the existing
log:printWarn(validationError) and return) remains unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 5a05011e-8d2d-4a6d-94e2-a5592843fff7

📥 Commits

Reviewing files that changed from the base of the PR and between effa5ae and 7c6fd38.

📒 Files selected for processing (7)

• apps/customer-portal/backend/Dependencies.toml
• apps/customer-portal/backend/modules/product_consumption_tracking/client.bal
• apps/customer-portal/backend/modules/product_consumption_tracking/constants.bal
• apps/customer-portal/backend/modules/product_consumption_tracking/product_consumption_tracking.bal
• apps/customer-portal/backend/modules/product_consumption_tracking/types.bal
• apps/customer-portal/backend/service.bal
• apps/customer-portal/backend/utils.bal

[Rashmika998]

Summary

Clean integration of the product consumption tracking module with sensible retry and auth configuration. Two required items: the ZIP upload endpoint reads the binary payload into memory with no size cap, and ImportRequest is an open record that silently accepts extra fields. A few suggestions around error detail propagation, Content-Type coverage, and the hard-coded 300s timeout.

---

Comment added by Claude on behalf of @Rashmika998