From 2ed0c40ce9006a07e2f96373560da6c1eb9ff17c Mon Sep 17 00:00:00 2001 From: sigalsax Date: Thu, 2 Jul 2020 09:00:33 +0300 Subject: [PATCH] Separate solution design from README docs - Separate the documentations for clarity - Add TODO list to README --- README.md | 90 +------------ SolutionDesign.md | 125 ++++++++++++++++++ .../ProgramProperties.java | 20 --- 3 files changed, 130 insertions(+), 105 deletions(-) create mode 100644 SolutionDesign.md delete mode 100644 src/main/java/com/troubleshooting/troubleshootingtool/ProgramProperties.java diff --git a/README.md b/README.md index 30118cb..6021009 100644 --- a/README.md +++ b/README.md @@ -1,97 +1,17 @@ # Conjur Authentication Troubleshooting Tool -## Proposal - Troubleshooting authentication errors can be a time-consuming undertaking as a developer works with different development and deployment environments, platforms, and tooling that understanding a cryptic 401 Unauthorized error is near to impossible. -To tackle this ongoing issue, we need an effective tool (with a great UI) that will aid in the troubleshooting process. - -## Goal - -Provide value to the team while also expanding knowledge and experience on a variety of topics REST/curl, MVC, Design -Patterns, Docker, Angular. - -## Ideas: - -- A tool that fetches specific logs according to defined authentication errors/keywords from Conjur in a containerized -environment, container ENV variables, and all related information about the unauthenticated user (if the user exists in -Conjur, the Conjur policy where the user is defined, their privileges, etc). - - - For DAP, checks API Endpoints are functioning correctly by making queries to health, nginx services, etc _(out of scope)_ - - - For DAP, fetch Master/Follower logs and configurations _(out of scope)_ - -- Salesforce tool that extracts all useful information from cases necessary for engineers to troubleshoot the case - -- Page with mappings of repository names to their pull commands. Ex: `conjur` → `docker pull registry2.itci.conjur.net/conjur` (for both private and public registries) - -- Slackbot where if you use a certain #tag (#documentation), will create salesforce cases for documentation - -## MVP - -For the first iteration of this tool, I have decided to pursue the first idea and create a tool that will do the following: - -- Connect with Conjur / DAP containers - -- Extract ENV variables - - - *NOTE:* By default, the tool also supports DAP b/c from the functionality currently offered, the user can input - the container name/id and receive the necessary logs and ENV variables which is environment agnostic - - - *NOTE:* For OSS, we are limited to setting the log levels as container ENV variables before OSS spin up - -- Parse and extract Conjur / DAP logs based on the type user requests - -- Return the user's relevant data in Conjur (if the user exists in Conjur, the Conjur policy where the user is defined, -their privileges, etc). +To tackle this ongoing issue, we need an effective tool that will aid in the troubleshooting process. -- Return a result page with data +## Development -## Phase 0 - -- [x] Reach out to developers, PO/Ms, and SEs to understand the pain points and use this feedback to develop tooling that will feature in the project - -- [x] Define an MVP that will provide immediate value and a running backlog - -- [x] Create the design +To spin up the application, navigate to project lines in your command line window, run `mvn spring-boot:run`, and +navigate to `localhost:4200`. ## Design -Class diagram: - -![Class Diagram](./classDiagram.png) - -Sequence diagram: - -![System Sequence Diagram](./troubleshootSystemSequenceDiagram.png) - -Activity diagram: - -![Activity Diagram](./activityDiagram.png) - -UI Mocks can be found here: https://www.figma.com/file/QcAxsC58Lh969NLunI8sTT/Authn2Mock?node-id=0%3A1 - -- App will save state so that the user does not have to redefine query with each session - -### Language - -I will build an application with Spring Boot to, amongst other things, manage dependencies, abstract away complexities with -feature flags, and provide a server out of box. I will use the [docker-java](https://github.com/docker-java/docker-java) -Java Docker API client. Their docs are hosted [here](https://javadoc.io/doc/com.github.docker-java/docker-java/3.0.1/index.html) and -I will utilize the following: - -- ExecCreateCmd exec = dockerClient.execCreateCmd(containerId).withCmd("env"), to extract ENV variables from the container - -- LogContainerCmd cmd = dockerClient.logContainerCmd(containerId), to extract logs from the container - -TODO: Figure out how to export logs like so: `docker logs 06b329936e62 | grep "authentication"` efficiently without exporting - the whole log file. Example 2 [here](https://www.programcreek.com/java-api-examples/?api=com.github.dockerjava.api.command.LogContainerCmd) - might be helpful. +For details on the design, head over to the [Solution Design doc](./SolutionDesign.md) -- TarArchiveInputStream tarStream = new TarArchiveInputStream(dockerClient.copyArchiveFromContainerCmd(containerName, -containerFile).exec()), to extract policy files from the container as a tar. -In Conjur OSS (quickstart), files are located in the `policy` directory. So I will extract and query policy files for the -unauthenticated user. Helpful resource: https://github.com/docker-java/docker-java/issues/991 -### Open questions: diff --git a/SolutionDesign.md b/SolutionDesign.md new file mode 100644 index 0000000..2ab2978 --- /dev/null +++ b/SolutionDesign.md @@ -0,0 +1,125 @@ +# Conjur Authentication Troubleshooting Tool + +## Proposal + +Troubleshooting authentication errors can be a time-consuming undertaking as a developer works with different development +and deployment environments, platforms, and tooling that understanding a cryptic 401 Unauthorized error is near to impossible. +To tackle this ongoing issue, we need an effective tool (with a great UI) that will aid in the troubleshooting process. + +## Goal + +Provide value to the team while also expanding knowledge and experience on a variety of topics REST/curl, MVC, Design +Patterns, Docker, Angular. + +## Ideas: + +- A tool that fetches specific logs according to defined authentication errors/keywords from Conjur in a containerized +environment, container ENV variables, and all related information about the unauthenticated user (if the user exists in +Conjur, the Conjur policy where the user is defined, their privileges, etc). + + - For DAP, checks API Endpoints are functioning correctly by making queries to health, nginx services, etc _(out of scope)_ + + - For DAP, fetch Master/Follower logs and configurations _(out of scope)_ + +- Salesforce tool that extracts all useful information from cases necessary for engineers to troubleshoot the case + +- Page with mappings of repository names to their pull commands. Ex: `conjur` → `docker pull registry2.itci.conjur.net/conjur` (for both private and public registries) + +- Slackbot where if you use a certain #tag (#documentation), will create salesforce cases for documentation + +## MVP + +For the first iteration of this tool, I have decided to pursue the first idea and create a tool that will do the following: + +- Connect with Conjur / DAP containers + +- Extract ENV variables + + - *NOTE:* By default, the tool also supports DAP b/c from the functionality currently offered, the user can input + the container name/id and receive the necessary logs and ENV variables which is environment agnostic + + - *NOTE:* For OSS, we are limited to setting the log levels as container ENV variables before OSS spin up + +- Parse and extract Conjur / DAP logs based on the type user requests + +- Return the user's relevant data in Conjur (if the user exists in Conjur, the Conjur policy where the user is defined, +their privileges, etc). + +- Return a result page with data + +## Phase 0 + +- [x] Reach out to developers, PO/Ms, and SEs to understand the pain points and use this feedback to develop tooling that will feature in the project + +- [x] Define an MVP that will provide immediate value and a running backlog + +- [x] Create the design + +## Phase 1 + +- [x] Construct classes and interfaces according to MVC + +- [x] Communicate with Docker using the Java Docker client + +- [x] Use Ajax / JQuery to render result on same page, without page reload + +- [x] Java objects are converted to JSON objects + +- [x] Page renders JSON objects + +### TODO: + +- [ ] Combine Env + Log JSON objects to be rendered together under 1 call + +- [ ] Remove duplication of responses with each submit + +- [ ] Add back in MVC objects and figure out how to integrate MVC with @ResponseBody + +- [ ] Style the page with CSS + +### Bugs: + +- [ ] New log entries and environment variables are being added to their lists with every "submit" even though input parameters are the same + + + +## Design + +Class diagram: + +![Class Diagram](./classDiagram.png) + +Sequence diagram: + +![System Sequence Diagram](./troubleshootSystemSequenceDiagram.png) + +Activity diagram: + +![Activity Diagram](./activityDiagram.png) + +UI Mocks can be found here: https://www.figma.com/file/QcAxsC58Lh969NLunI8sTT/Authn2Mock?node-id=0%3A1 + +- App will save state so that the user does not have to redefine query with each session + +### Language + +I will build an application with Spring Boot to, amongst other things, manage dependencies, abstract away complexities with +feature flags, and provide a server out of box. I will use the [docker-java](https://github.com/docker-java/docker-java) +Java Docker API client. Their docs are hosted [here](https://javadoc.io/doc/com.github.docker-java/docker-java/3.0.1/index.html) and +I will utilize the following: + +- ExecCreateCmd exec = dockerClient.execCreateCmd(containerId).withCmd("env"), to extract ENV variables from the container + +- LogContainerCmd cmd = dockerClient.logContainerCmd(containerId), to extract logs from the container + +TODO: Figure out how to export logs like so: `docker logs 06b329936e62 | grep "authentication"` efficiently without exporting + the whole log file. Example 2 [here](https://www.programcreek.com/java-api-examples/?api=com.github.dockerjava.api.command.LogContainerCmd) + might be helpful. + +- TarArchiveInputStream tarStream = new TarArchiveInputStream(dockerClient.copyArchiveFromContainerCmd(containerName, +containerFile).exec()), to extract policy files from the container as a tar. + +In Conjur OSS (quickstart), files are located in the `policy` directory. So I will extract and query policy files for the +unauthenticated user. Helpful resource: https://github.com/docker-java/docker-java/issues/991 + +### Open questions: diff --git a/src/main/java/com/troubleshooting/troubleshootingtool/ProgramProperties.java b/src/main/java/com/troubleshooting/troubleshootingtool/ProgramProperties.java deleted file mode 100644 index 12e021e..0000000 --- a/src/main/java/com/troubleshooting/troubleshootingtool/ProgramProperties.java +++ /dev/null @@ -1,20 +0,0 @@ -package com.troubleshooting.troubleshootingtool; - -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.context.annotation.PropertySource; -import org.springframework.stereotype.Component; - -@Component -@ConfigurationProperties -@PropertySource("classpath:application.properties") -public class ProgramProperties { - private String containerId; - - public String getContainerId() { - return containerId; - } - - public void setContainerId(String containerId) { - this.containerId = containerId; - } -}