Mocca
A SPA UI for Selfcare
Simple overview
User
|
| # HTML/CSS/JS request
| # API requests
____|____
| |
| Mocca | # Non-api requests
| URP | # stop here
| UARP |
|_________|
|
| # REST API requests
_____|____
| |
| Selfcare |
|__________|
Full overview
FOH
|
|
_____|_____
| | # modini.in.telstra.com - Sends traffic to Modini
| Modini | # mocca.in.telstra.com - Sends traffic to Mocca
| RP |
|___________|
| |
modini.in.telstra.com | | mocca.in.telstra.com
| |
| |_________ ____ Other users
| | |
| Trust with | | Authenticate with PAM
| certificate | | # Eg ocsadmin.something.telstra.com
| and header | | # Eg mocca.something.telstra.com
| | |
| ====== F5 - two separate pools
____|____ ____|__|___
| | | |
| Modini | | URP |
|_________| | Mocca |
| UARP | # UARP accesses the Modini database
|___________|
|
=== F5 (the same F5 as above)
_____|____
| |
| Selfcare |
|__________|
The life of a request
User Modini Local F5 Unico Reverse Proxy Unico Authorisation Reverse Proxy API provider (eg selfcare)
API
request
--------->|
| Forward to
| Mocca
| with user
| header
|----------->|
| Forward to
| healthy URP
| instance
|----------------->|
| Determines it's
| an API request,
| forward to UARP
| with a final
| destination as
| the F5.
| Adds the username
| as a header.
|
|--------------------------->|
| Checks the user's
| roles/rights/groups
| checks whether they
| can make the request.
| Forwards request to
| the final destination.
| May modify the
| request/response.
|<----------------------------------------------|
|
| Forward to
| healthy Selfcare
|------------------------------------------------------------------------------->|
| Process request as normal
|
...
Mocca retro
- SPA made with Backbone.js (et al)
- A little bit too REST opinionated
- Considering alternatives (Mithril.js)
- Not as performant (not always important)
- Can support IE8
- Used a "fake server" for dev
- Made some reusable and replaceable components
- Log out code reused by multiple projects
- Could replace module X for another deployment
- Have a UI boilerplate now, that's reasonably useful
- Could integrate a B/E into the dev env (RMT)
- Lack of real design exercise really really hurt
Mocca retro pt2
- Had automated functional tests, but they fell out of maintenance as too much of the design changed
- IMO, unit tests aren't super useful, even less so for UIs
- Masses of scope creep
- Integrates with UARP for authorisation (for usability, UARP does the real work)
- Proper URL use - bookmarks, history
- Being reliant on Modini was brutal (at times)
- Try and land on consistent naming
Unico Reverse Proxy
- An authenticating RP with simple SSO
- Radius, PAM, text file, ie modular
- Simple SSO because it's subdomain based
- Directs requests as configured (per subdomain, somewhat per path)
- SSL-y
- Request logging
- Request headers (eg request IDs)
- Lightweight
- Not a load balancer (see HAProxy)
- Basic web server functionality (including static gzip)
HAProxy diagram
Unico Authorisation Reverse Proxy
- Reuses Modini's Authorisation structure
- Reuses UCDB
- Modular role and rights source (can implement different providers)
- Has some "API" functionality to answer queries
- Blocks, allows, modifies (ish) requests
- Based on path
- Based on verb
- Or a combination of both
- Wants a better "deep" health check
- Never ever in original scope
Pros
- Simple
- Low hardware requirements
- "Web 2.0"-y
- Easy reuse of components (URP, UARP)
- Simple to add extra applications
- Simple to deploy and manage
- Development efficacy (fast feedback loop)
Cons
- More reliant on the backend
- Less options if the b/e can't do what you need
- Might need to think of different ways to handle problems
- Security: most API's are yes or no, not granular
- Hit some IE8 walls -> inconsistent browser requirements
Reuse
- (UAM)
- Mocca
- DSIMA
- OCS Admin Configuration GUI
- (WGUIM)
Random thoughts
- Create a role management UI that is a standalone reimplementation of the Modini one
- Consider things like Last-Modified headers in APIs
- Try and be more consistent with out "REST" API design -- accept that some interaction are RPCs
- Use HAProxy to add HA in scenarios where an F5 isn't available
- Top quality load balancer (almost F5 level) and simple to add to the equation
- Use Electron/nw.js to provide an "executable" to sidestep browser requirements
- Coffeescript vs ES6
Random thoughts pt2
- Add a logging API to the URP, to support logging from an SPA front end (eg exceptions, or just general logs)
- Should migrate UAM to URP
- Actually trying to keep deps up to date - worth it
- I like JSON, but not as ideal for others
- Cross-platform deployment is annoying
- Solaris is more annoying - should script in JS
- Difficult playing second fiddle to the SOAP APIs
- Consider starting when more b/e design is done (confidently done (ie a bit implemented))
- Maybe life would've been easier if "we" (Mocca team) did it (we know what "we" want)
Random thoughts pt3
- Dangerous doing dev in a different browser than the target, but hard to do otherwise
- Really useful having fast (almost zero-dt) restarts
- Never felt like it was clear who was meant to "make decisions"
- Jenkins is lame
- Consistent request IDs are so excellent
- Actually, for us, it was ace not being exposed to Puppet
- Making the Puppet repo more modular (or something) would help in my mind (I used Salt to do the Mocca et al installs, and loved it -- because it was self contained)
Random thoughts pt4
- Some kind of service discovery story would be very worth having (even DNS would be super novel)
Mocca
By bruce_one
Mocca
- 52
