Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hawkular/add ssl support #460

Merged
merged 5 commits into from
Mar 20, 2017

Conversation

josejulio
Copy link
Member

@josejulio josejulio commented Feb 23, 2017

Adds support for tls endpoints on Hawkular MW provider

ToDo:

  • Rename container_security_options to endpoint_security_options

screenshot from 2017-02-23 11-15-26

screenshot from 2017-02-23 11-26-29

screenshot from 2017-02-23 11-16-02

This PR depends on PR #450 and supports ManageIQ/manageiq#14054

@miq-bot add-label providers/hawkular

@miq-bot
Copy link
Member

miq-bot commented Feb 23, 2017

@josejulio Cannot apply the following label because they are not recognized: providers/hawkular

@josejulio
Copy link
Member Author

@cben I modified some of your work, could you please take a look and let me know if I should duplicate the code or is OK what i did?

def container_security_options(security_protocol, certificate_authority)
{
:security_protocol => security_protocol,
:verify_ssl => %w(ssl-without-validation non-ssl).exclude?(security_protocol),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cben
Added non-ssl to the options that shouldn't be verified by ssl.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Not all providers will use same logic, but good to share.
Let's rename the function to something more generic, say endpoint_security_options?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. Will do once your PR is merged. (adding it as a todo).

%div{"ng-if" => defined?(tls_ca_certs_hide) ? false : true}
.form-group{"ng-if"=> "emsCommonModel.emstype == 'rhevm' || " + |
"((emsCommonModel.ems_controller == 'ems_container' || " + |
"emsCommonModel.emstype == 'hawkular') && " + |
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also using this Trusted CA Certificates textarea.

@josejulio josejulio changed the title Hawkular/add ssl support [WIP] Hawkular/add ssl support Feb 23, 2017
@josejulio
Copy link
Member Author

@miq-bot add-label WIP

@miq-bot miq-bot added the wip label Feb 23, 2017
@@ -143,7 +153,8 @@

%div{"ng-if" => defined?(tls_ca_certs_hide) ? false : true}
.form-group{"ng-if"=> "emsCommonModel.emstype == 'rhevm' || " + |
"(emsCommonModel.ems_controller == 'ems_container' && " + |
"((emsCommonModel.ems_controller == 'ems_container' || " + |
"emsCommonModel.emstype == 'hawkular') && " + |
Copy link
Contributor

@cben cben Feb 26, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is perhaps too nested, hard to read.
One option that might be more readable if you put the custom condition first (untested):

                         "(emsCommonModel.#{prefix}_security_protocol == 'ssl-with-validation-custom-ca' &&" |
                         " (emsCommonModel.ems_controller == 'ems_container' || " +                          |
                         "  emsCommonModel.emstype == 'hawkular'))"}                                         |

However the meaning of security_protocol is provider-dependent and this file already does a lot of copy-pasting to keep different providers independent.
What do you think of doing separate (container && custom) || (hawkular && custom)?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grouping them different seems a good option that would give more flexibility to modify them as needed for each provider without having to copy/paste the whole block.

@josejulio josejulio force-pushed the hawkular/add_ssl_support branch 2 times, most recently from 25af1c1 to eed3141 Compare March 2, 2017 18:37
@josejulio
Copy link
Member Author

@miq-bot add_label middleware, wip, pending core

@miq-bot
Copy link
Member

miq-bot commented Mar 3, 2017

This pull request is not mergeable. Please rebase and repush.

@josejulio josejulio force-pushed the hawkular/add_ssl_support branch from 4d6ad1f to b6d0c9d Compare March 3, 2017 19:33
@josejulio josejulio force-pushed the hawkular/add_ssl_support branch from b6d0c9d to b8d8736 Compare March 3, 2017 19:44
@josejulio josejulio changed the title [WIP] Hawkular/add ssl support Hawkular/add ssl support Mar 3, 2017
@josejulio
Copy link
Member Author

@miq-bot rm_label wip

@miq-bot miq-bot removed the wip label Mar 3, 2017
@josejulio
Copy link
Member Author

#450 is merged already.
@cben I made the changes you suggested. As i modified some of your code, could you please review again? Thanks!

@abonas
Copy link
Member

abonas commented Mar 7, 2017

Wouldn't it be better to first put the protocol field, and then after the user selects it, to fill automatically the default port? (which user can of course change)

@josejulio
Copy link
Member Author

@abonas I'm reusing UI from #450

What you propose is possible but would end being inconsistent with other providers as they define the port before the security protocol.

https://github.com/josejulio/manageiq-ui-classic/blob/b8d8736225787281808e52b8c7a9688d8f07e1d8/app/views/layouts/angular-bootstrap/_endpoints_angular.html.haml#L27-L59

I could move our security_protocol field and fill the port field if that's not a concern..

@cben
Copy link
Contributor

cben commented Mar 7, 2017

I think some providers do reset port based on security protocol:

$scope.openstackSecurityProtocolChanged = function() {
if ($scope.emsCommonModel.emstype === 'openstack' || $scope.emsCommonModel.emstype === 'openstack_infra') {
if ($scope.emsCommonModel.default_security_protocol === 'non-ssl') {
$scope.emsCommonModel.default_api_port = $scope.getDefaultApiPort($scope.emsCommonModel.emstype);
} else {
$scope.emsCommonModel.default_api_port = "13000";
}
}
};

in which case yes, having protocol above port makes sense.

Don't assume #450 is perfect. I missed several spots there, and still chasing a bug there. Will cc you as soon I have a fix.

@josejulio
Copy link
Member Author

If that makes sense for both of you, I'll move the port below the security protocol and fill default values.

@abonas
Copy link
Member

abonas commented Mar 14, 2017

@serenamarie125 and @Loicavenel , please have a look at the UX issue in regards of fields order for protocol, port, etc. Current way of things don't make a lot of sense (and causes a bit more work for the user). Please decide how it should look in all the providers.

@Loicavenel
Copy link

We should at minimum reverse Port and Protocol where it does exist. Some providers does not have Port but use URL as input. If protocols has different port, then default port should be presented and updated baed on the protocol selection

@josejulio
Copy link
Member Author

@abonas @Loicavenel
Should i do that on this PR?
Please see #460 (comment)
There might be other fields between Port and Security Protocol.

If protocols has different port, then default port should be presented and updated baed on the protocol selection

Currently (on this provider) the Port is only updated (when selecting a protocol) IF port is empty OR port is any of the default ports OR port is invalid (e.g. NaN).

@cben
Copy link
Contributor

cben commented Mar 14, 2017 via email

@josejulio
Copy link
Member Author

That would be the third option! I'll edit #460 (comment)

@josejulio
Copy link
Member Author

@AparnaKarve Updated code so Trusted CA Certificates now affects required validation.

Next steps would be:
Pass down a default value of default_security_protocol to the angular controller using this after is merged and preferably on a separate PR.
Change port / security protocol order (IMO (and @cben opinion) belongs in a separate PR)

Is there anything else you want me to address on this PR?

@AparnaKarve
Copy link
Contributor

Updated code so Trusted CA Certificates now affects required validation.

@josejulio Good call on that.

Agree about addressing the other issues you mentioned in separate PRs.
And with that, this is GTG.

@josejulio
Copy link
Member Author

@AparnaKarve wait a bit. I think i missed something.

@josejulio josejulio force-pushed the hawkular/add_ssl_support branch from 8efed47 to 1a2d639 Compare March 14, 2017 17:21
@josejulio
Copy link
Member Author

@AparnaKarve Ok, done, I had an extra ´}´ on the last commit. Just removed it.

@miq-bot
Copy link
Member

miq-bot commented Mar 14, 2017

Checked commits josejulio/manageiq-ui-classic@03a478a~...1a2d639 with ruby 2.2.6, rubocop 0.47.1, and haml-lint 0.20.0
3 files checked, 0 offenses detected
Everything looks good. 🏆

@josejulio josejulio force-pushed the hawkular/add_ssl_support branch from 1a2d639 to 7413410 Compare March 14, 2017 17:47
@josejulio
Copy link
Member Author

josejulio commented Mar 14, 2017

Ummh, @AparnaKarve, #670 also address the Trusted CA certificates, so I'm removing it from this PR because is the same code.

@abonas
Copy link
Member

abonas commented Mar 15, 2017

@josejulio @cben please see @Loicavenel guideline regarding the protocol/port order, it could be applied in this PR or in a separate one, although I don't see much point doing it here in the incorrect way and then redoing it again in another PR.

@AparnaKarve
Copy link
Contributor

@josejulio #670 has some code that you would need to fix this completely, so how about we wait for #670 to get merged first? (which I'm currently reviewing)

Once it's merged, it will be easy for you to identify what else needs to be fixed from your end.

@josejulio
Copy link
Member Author

@AparnaKarve Sure: I can wait for it.

@abonas We are sharing the security_protocol with others providers. I just want to make sure I don't break anything from their end. By doing a separate PR i could at least try to have them look at only that fix.
It shouldn't break anything though.

@josejulio josejulio mentioned this pull request Mar 16, 2017
@josejulio
Copy link
Member Author

@AparnaKarve

Rebased and added the security_protocol_default for ems_middleware
Now when editing a previously added provider it shows Non SSL selected
screenshot from 2017-03-16 18-49-13

@AparnaKarve
Copy link
Contributor

@josejulio The screenshot looks good. So looks like you're all set now.

@cben
Copy link
Contributor

cben commented Mar 19, 2017

LGTM 👍

@abonas
Copy link
Member

abonas commented Mar 20, 2017

@miq-bot assign @martinpovolny please review & merge

@miq-bot
Copy link
Member

miq-bot commented Mar 20, 2017

@abonas 'martinpovolny please review & merge' is an invalid assignee, ignoring...

@abonas
Copy link
Member

abonas commented Mar 20, 2017

@miq-bot assign @martinpovolny
@martinpovolny please review and merge

@miq-bot miq-bot assigned martinpovolny and unassigned abonas Mar 20, 2017
@mzazrivec mzazrivec added this to the Sprint 57 Ending Mar 27, 2017 milestone Mar 20, 2017
@mzazrivec mzazrivec merged commit fe72635 into ManageIQ:master Mar 20, 2017
@josejulio josejulio deleted the hawkular/add_ssl_support branch March 21, 2017 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants