cryostatio
diff --git a/‎HTTP_API.md
+17-8 b/‎HTTP_API.md
+17-8
diff --git a/‎src/main/java/io/cryostat/net/web/http/api/v2/RulesPostHandler.java
+2-1 b/‎src/main/java/io/cryostat/net/web/http/api/v2/RulesPostHandler.java
+2-1
diff --git a/‎src/main/java/io/cryostat/rules/IllegalMatchExpressionException.java
+62 b/‎src/main/java/io/cryostat/rules/IllegalMatchExpressionException.java
+62
diff --git a/‎src/main/java/io/cryostat/rules/MatchExpressionTreeVisitor.java
+232 b/‎src/main/java/io/cryostat/rules/MatchExpressionTreeVisitor.java
+232
@@ -1,5 +1,8 @@
 # HTTP API
 
+* [V1](#V1-API)
+* [V2](#V2-API)
+
 ## V1 API
 
 ### Quick Reference
@@ -1390,15 +1393,22 @@ The handler-specific descriptions below describe how each handler populates the
     `POST /api/v2/rules`
 
     The request may be an HTTP form or a JSON document. In either case, the
-    attributes `"name"`, `"targetAlias"`, and `"eventSpecifier"` must be
+    attributes `"name"`, `"matchExpression"`, and `"eventSpecifier"` must be
     provided.
 
     `"name"`: the name of this rule definition. This must be unique. This name
     will also be used to generate the name of the associated recordings.
 
-    `"targetAlias"`: targets with an exactly matching `alias` will match this
-    rule definition, activating this rule for the target and causing the defined
-    recording to be started on the target.
+    `"matchExpression"`: a string expression used to determine which target JVMs
+    this rule will apply to. The expression has a variable named `target` in
+    scope, which is of type
+    [`ServiceRef`](src/main/java/io/cryostat/platform/ServiceRef.java).
+    Properties can be accessed using `.` separators, and the operators `==`,
+    `!=`, `||`, and `&&` are accepted, with their usual meanings. An example of
+    such an expression is:
+    `(target.alias == 'io.cryostat.Cryostat' || target.annotations.cryostat.JAVA_MAIN == 'io.cryostat.Cryostat') && target.annotations.cryostat.PORT != 9091`.
+    The simple expression `true` may also be used to create a rule which applies
+    to any and all discovered targets.
 
     `"eventSpecifier"`: a string of the form `template=Foo,type=TYPE`. This
     defines the event template that will be used for creating new recordings in
@@ -1449,7 +1459,7 @@ The handler-specific descriptions below describe how each handler populates the
 
     ##### example
     ```
-    $ curl -X POST -F name="Test Rule" -F description="This is a rule for testing" -F targetAlias="io.cryostat.Cryostat" -F eventSpecifier="template=Continuous,type=TARGET" http://0.0.0.0:8181/api/v2/rules
+    $ curl -X POST -F name="Test Rule" -F description="This is a rule for testing" -F matchExpression="target.alias == 'io.cryostat.Cryostat'" -F eventSpecifier="template=Continuous,type=TARGET" http://0.0.0.0:8181/api/v2/rules
     < HTTP/1.1 201 Created
     < location: /api/v2/rules/Test_Rule
     < content-length: 79
@@ -1504,7 +1514,7 @@ The handler-specific descriptions below describe how each handler populates the
     ##### example
     ```
     $ curl http://0.0.0.0:8181/api/v2/rules/Test_Rule
-    {"meta":{"type":"application/json","status":"OK"},"data":{"result":{"name":"Test_Rule","description":"This is a rule for testing","targetAlias":"io.cryostat.Cryostat","eventSpecifier":"template=Continuous,type=TARGET","archivalPeriodSeconds":30,"preservedArchives":1,"maxAgeSeconds":30,"maxSizeBytes":-1}}}
+    {"meta":{"type":"application/json","status":"OK"},"data":{"result":{"name":"Test_Rule","description":"This is a rule for testing","matchExpression":"target.alias=='io.cryostat.Cryostat'","eventSpecifier":"template=Continuous,type=TARGET","archivalPeriodSeconds":30,"preservedArchives":1,"maxAgeSeconds":30,"maxSizeBytes":-1}}}
     ```
 
 * #### `RulesGetHandler`
@@ -1527,8 +1537,7 @@ The handler-specific descriptions below describe how each handler populates the
     ##### example
     ```
     $ curl http://0.0.0.0:8181/api/v2/rules
-    {"meta":{"type":"application/json","status":"OK"},"data":{"result":[{"name":"Test_Rule","description":"This is a rule for testing","targetAlias":"io.cryostat.Cryostat","eventSpecifier":"template=Continuous,type=TARGET","archivalPeriodSeconds":30,"preservedArchives":1,"maxAgeSeconds":30,"maxSizeBytes":-1}]}}
-    ```
+    {"meta":{"type":"application/json","status":"OK"},"data":{"result":[{"name":"Test_Rule","description":"This is a rule for testing","matchExpression":"target.alias=='io.cryostat.Cryostat'","eventSpecifier":"template=Continuous,type=TARGET","archivalPeriodSeconds":30,"preservedArchives":1,"maxAgeSeconds":30,"maxSizeBytes":-1}]}}    ```
 
 ### Stored Target Credentials
 
 
@@ -45,6 +45,7 @@
 import io.cryostat.net.AuthManager;
 import io.cryostat.net.web.http.HttpMimeType;
 import io.cryostat.net.web.http.api.ApiVersion;
+import io.cryostat.rules.MatchExpressionValidationException;
 import io.cryostat.rules.Rule;
 import io.cryostat.rules.RuleException;
 import io.cryostat.rules.RuleRegistry;
@@ -121,7 +122,7 @@ public IntermediateResponse<String> handle(RequestParameters params) throws ApiE
                 try {
                     Rule.Builder builder = Rule.Builder.from(params.getFormAttributes());
                     rule = builder.build();
-                } catch (IllegalArgumentException iae) {
+                } catch (MatchExpressionValidationException | IllegalArgumentException iae) {
                     throw new ApiException(400, iae);
                 }
                 break;
 
@@ -0,0 +1,62 @@
+/*
+ * Copyright The Cryostat Authors
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or data
+ * (collectively the "Software"), free of charge and under any and all copyright
+ * rights in the Software, and any and all patent rights owned or freely
+ * licensable by each licensor hereunder covering either (i) the unmodified
+ * Software as contributed to or provided by such licensor, or (ii) the Larger
+ * Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software (each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ * The above copyright notice and either this complete permission notice or at
+ * a minimum a reference to the UPL must be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package io.cryostat.rules;
+
+import jdk.nashorn.api.tree.Tree;
+
+@SuppressWarnings("serial")
+class IllegalMatchExpressionException extends RuntimeException {
+    IllegalMatchExpressionException() {
+        this("matchExpression parsing failed");
+    }
+
+    IllegalMatchExpressionException(String reason) {
+        super(reason);
+    }
+
+    IllegalMatchExpressionException(Tree node, String matchExpression) {
+        super(
+                String.format(
+                        "matchExpression rejected, illegal %s at [%d, %d]: %s",
+                        node.getKind(),
+                        node.getStartPosition(),
+                        node.getEndPosition(),
+                        matchExpression.substring(
+                                (int) node.getStartPosition(), (int) node.getEndPosition())));
+    }
+}
@@ -0,0 +1,232 @@
+/*
+ * Copyright The Cryostat Authors
+ *
+ * The Universal Permissive License (UPL), Version 1.0
+ *
+ * Subject to the condition set forth below, permission is hereby granted to any
+ * person obtaining a copy of this software, associated documentation and/or data
+ * (collectively the "Software"), free of charge and under any and all copyright
+ * rights in the Software, and any and all patent rights owned or freely
+ * licensable by each licensor hereunder covering either (i) the unmodified
+ * Software as contributed to or provided by such licensor, or (ii) the Larger
+ * Works (as defined below), to deal in both
+ *
+ * (a) the Software, and
+ * (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+ * one is included with the Software (each a "Larger Work" to which the Software
+ * is contributed by such licensors),
+ *
+ * without restriction, including without limitation the rights to copy, create
+ * derivative works of, display, perform, and distribute the Software and make,
+ * use, sell, offer for sale, import, export, have made, and have sold the
+ * Software and the Larger Work(s), and to sublicense the foregoing rights on
+ * either these or other terms.
+ *
+ * This license is subject to the following condition:
+ * The above copyright notice and either this complete permission notice or at
+ * a minimum a reference to the UPL must be included in all copies or
+ * substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+package io.cryostat.rules;
+
+import jdk.nashorn.api.tree.BreakTree;
+import jdk.nashorn.api.tree.CaseTree;
+import jdk.nashorn.api.tree.CatchTree;
+import jdk.nashorn.api.tree.ClassDeclarationTree;
+import jdk.nashorn.api.tree.ClassExpressionTree;
+import jdk.nashorn.api.tree.ContinueTree;
+import jdk.nashorn.api.tree.DebuggerTree;
+import jdk.nashorn.api.tree.DoWhileLoopTree;
+import jdk.nashorn.api.tree.ErroneousTree;
+import jdk.nashorn.api.tree.ExportEntryTree;
+import jdk.nashorn.api.tree.ForInLoopTree;
+import jdk.nashorn.api.tree.ForLoopTree;
+import jdk.nashorn.api.tree.ForOfLoopTree;
+import jdk.nashorn.api.tree.FunctionCallTree;
+import jdk.nashorn.api.tree.FunctionDeclarationTree;
+import jdk.nashorn.api.tree.FunctionExpressionTree;
+import jdk.nashorn.api.tree.ImportEntryTree;
+import jdk.nashorn.api.tree.InstanceOfTree;
+import jdk.nashorn.api.tree.LabeledStatementTree;
+import jdk.nashorn.api.tree.ModuleTree;
+import jdk.nashorn.api.tree.NewTree;
+import jdk.nashorn.api.tree.RegExpLiteralTree;
+import jdk.nashorn.api.tree.ReturnTree;
+import jdk.nashorn.api.tree.SimpleTreeVisitorES5_1;
+import jdk.nashorn.api.tree.SpreadTree;
+import jdk.nashorn.api.tree.ThrowTree;
+import jdk.nashorn.api.tree.Tree;
+import jdk.nashorn.api.tree.TryTree;
+import jdk.nashorn.api.tree.UnaryTree;
+import jdk.nashorn.api.tree.WhileLoopTree;
+import jdk.nashorn.api.tree.WithTree;
+import jdk.nashorn.api.tree.YieldTree;
+
+class MatchExpressionTreeVisitor extends SimpleTreeVisitorES5_1<Void, String> {
+    private Void fail(Tree node, String matchExpression) {
+        throw new IllegalMatchExpressionException(node, matchExpression);
+    }
+
+    @Override
+    public Void visitBreak(BreakTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitCase(CaseTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitCatch(CatchTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitClassDeclaration(ClassDeclarationTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitClassExpression(ClassExpressionTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitDoWhileLoop(DoWhileLoopTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitErroneous(ErroneousTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitExportEntry(ExportEntryTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitForInLoop(ForInLoopTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitForLoop(ForLoopTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitForOfLoop(ForOfLoopTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitFunctionCall(FunctionCallTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitFunctionDeclaration(FunctionDeclarationTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitFunctionExpression(FunctionExpressionTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitImportEntry(ImportEntryTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitInstanceOf(InstanceOfTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitLabeledStatement(LabeledStatementTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitModule(ModuleTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitNew(NewTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitRegExpLiteral(RegExpLiteralTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitReturn(ReturnTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitSpread(SpreadTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitUnary(UnaryTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitUnknown(Tree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitWhileLoop(WhileLoopTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitWith(WithTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitYield(YieldTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitContinue(ContinueTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitDebugger(DebuggerTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitThrow(ThrowTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+
+    @Override
+    public Void visitTry(TryTree node, String matchExpression) {
+        return fail(node, matchExpression);
+    }
+}