You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metron.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2018/07/19 11:25:00 UTC
[jira] [Commented] (METRON-1665) Move hosting of Alerts and Config
UIs from Nodejs to Spring Boot
[ https://issues.apache.org/jira/browse/METRON-1665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16549149#comment-16549149 ]
ASF GitHub Bot commented on METRON-1665:
----------------------------------------
GitHub user simonellistonball opened a pull request:
https://github.com/apache/metron/pull/1111
METRON-1665 Host UIs on Spring Boot and add SSO authentication
This is part of a move towards using KnoxSSO, and LDAP as an authentication method for Metron UIs.
The current UIs are served up by very lightweight nodejs applications, which serve the static bundle files produced by the angular build process, and proxies the rest api. This PR replaces this with Spring Boot applications, using the Spring Security stack.
It also provides a shared project used as the base for the UI host application, which ensures consistent security across all UIs (metron-interface/metron-ui-security) an abstract web hosting application with zuul embedded for proxying rest to avoid cors problems (metron-interface/metron-ui-host) and two further concrete applications to do the actual hosting, the angular front-ends have been subtley changed to package themselves in jars which are included in the hosting applications, aiding the ease and integrity of the front end code on deployment.
Some tests in the rest api have been changed slightly, and a fix has been applied to AlertsUiController to allow users access to delete their own settings. The metron-rest project has also been adapted to work with metron-ui-security, and so inherits the same authentication benefits.
A follow on PR will address changes to the mpack to implement necessary config changes.
Nodejs has been removed from the RPMs, and the deployment process, since it is no longer needed beyond the build stage.
An additional feature is the filter provided to allow JWT cookies to be passed to a backend through zuul as Authorization Bearer headers, allowing simpler stateless interaction with the rest api for example, which opens the possibility of deploying each layer in a load balanced or HA mode using ribbon config.
To test at this stage, you will need to manually configure and launch the metron-alerts and metron-config jars, which behave like init.d scripts. This can be done by launching the jars through the bin/ scripts, but would be a lot easier with the follow on work on mpack elements to configure them. For now, integration tests have been included for key function on the security layer and should be reviewed.
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions.
Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
- [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
```
mvn -q clean integration-test install && dev-utilities/build-utils/verify_licenses.sh
```
- [x] Have you written or updated unit tests and or integration tests to verify your changes?
- [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [x] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`:
```
cd site-book
mvn site
```
#### Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/simonellistonball/metron METRON-1665
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/metron/pull/1111.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1111
----
commit 90b75c27e55d868d17c59910f2ce6cf25f4f4abf
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T09:03:12Z
Add base projects for Hosting UIs in Spring
Add Zuul capability
Add KnoxSSO provider and security config
commit 8443329c90247c533bc4ffa5ef7cc64955c55f32
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T09:20:04Z
Packaging changes for the UIs
commit 627d37cf8092260a37c1f80d599025dbf6d3d2f7
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T09:28:29Z
Integrate SSO base to metron-rest and added test config
commit 824763624ec9e8abce94db0e5aaf51d7c92a6506
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T09:52:28Z
Clean up assembly build process based on new packaging of uis
commit bb83e0bac91581410c5bb8f62e112c930cd0d89b
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T10:04:44Z
Fixed security test for UI settings
commit dd6f3fb9eff2eafb3b8049abc836d7cb476a2396
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T10:05:59Z
Added hosting applications for UIs
commit 278f9cb40dca4d0ef1e0239ec34f85062c0d852f
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-12T17:43:00Z
Removed nodejs from rpm build process
commit c2fde46d5504769b19e9fd0872dcaf55ec6fbb6f
Author: Simon Elliston Ball <si...@...>
Date: 2018-07-19T11:19:44Z
RPM changes for new hosting method
----
> Move hosting of Alerts and Config UIs from Nodejs to Spring Boot
> ----------------------------------------------------------------
>
> Key: METRON-1665
> URL: https://issues.apache.org/jira/browse/METRON-1665
> Project: Metron
> Issue Type: Sub-task
> Reporter: Simon Elliston Ball
> Priority: Major
>
> The current UIs are served up by very lightweight nodejs applications, which serve the static bundle files produced by the angular build process, and proxies the rest api.
> The proposal is to use a spring boot application, allowing us to harmonise the security implementation across the UI static servers and the REST layer, and to provide a routing platform for later microservices.
> The UIs currently proxy to the REST API to avoid CORS issues, this will be achieved with Zuul.
> Spring Security will also be extended to use a Knox SSO authenticator.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)