Month: November 2017

Using JavaScript and JSON as a Common Language in Orbital Bus

Large enterprises usually have many programming languages across their departments. These departments, often located in different cities, will build teams out of what they see as the best-available local resources. It’s fairly common to find large-scale enterprise or government groups that have applications written in .NET and Java, never mind the plethora of other languages and flavours thereof. This technological mishmash is a major challenge to any sort of enterprise service bus; one that Orbital Bus is trying to overcome.

In creating Orbital Bus, we decided at the start that developers shouldn’t have to learn any new languages to implement our solution. The learning curve had to be minimal to ensure wide-spread adoption. We were able to deliver some of that goal by creating our Code Generation utility. This tool would allow us to take a single input and compile it to code usable by our ESB. However, this tool still needs input, so what were we to do?

Enter Javascript. We decided that by making the code generation input Javascript we would make it accessible to as many developers as possible with no extra work. No matter what language you develop in, you’ve probably had to work on some Javascript, whether to create visual effects or to load data with an Ajax call. We could implement Javascript with a high degree of confidence that users would be able to work with it without any sort of intimidating ramp. Javascript also provides a feature-rich environment that we don’t have to worry about maintaining. If developers want functionality that already exists in a library it’s minimal work for them to implement it. Along with Javascript, we were also able to rely on the JSON schema standard for modelling objects. We don’t have to worry about maintaining an API for describing models in our system. We simply have to point towards the standard we support and let the JSON schema community do the heavy lifting.

What exactly are we doing with all this Javascript? I mentioned the use of schemas to define models. We use models to define the types which are expected for the receiver. We take in standard JSON schemas to create C# classes which are then deployed as part of a contract library with the receiver. This library is used by receiver and the dispatcher. (Check out our article about using MEF with our contact libraries.) The models defined in this schema are also the ones expected by our translation engine. The receiver node of Orbital Bus takes Javascript translation files which it executes in both directions. With this feature developers can implement any translation they want as the information passes through the receiver node. These translations are simple .js files with method calls. We even support logging and business errors through integrated methods. Check out our documentation for more information on implementation. We even used JSON files for our configurations rather than XML to make sure that our points of contact with Orbital Bus are as unified as possible. As we grow Orbital Bus’ functionality we expect to grow its use of Javascript.

The default Javascript translation template.
The default Javascript translation template.

It was tough trying to think of the best way to support a polylinguistic development environment. Thankfully Javascript gave us a single point of entry we could use across many development environments. There’s still work we want to do with our Javascript implementation. We want to integrate libraries by default in our translations, allowing developers to use library calls without having to include them manually. We also want to add Javascript to our collection of connectors for the Orbital Bus. Thankfully, with a common input set out, Orbital Bus will be free to grow its implementations while continuing to support developers from a wide variety of backgrounds.

  • Joseph
  • Pound

Dynamic Plugin Loading Using MEF

The Managed Extensibility Framework (MEF) is a library that enables software to discover and load libraries at runtime without hard-coded references. Microsoft included MEF in .NET framework version 4.0 and since then it has been commonly used for dependency resolution and inversion of control patterns.

Orbital Bus makes communication possible between different parties by sharing contract and schemas. A receiver has a contract library that has all the information needed for a dispatcher to make proper synchronous and asynchronous calls all the way to an end consumer. The dispatcher downloads a receiver’s contract library and then uses it to construct calls with the right data schemas. It became very clear to us during development that a crucial requirement was that the dispatcher to be able handle any downloaded contract library DLL and process it without code changes. This is where MEF comes into play. It lets us inject libraries, in this case the receiver’s contract libraries, at the start-up stage.

Once we chose to use MEF as our integration tool, we were able to start the Code Generation Project. This project is a convenient CLI tool that efficiently generates the contract libraries and plugins which are loaded by the receiver. These libraries are made available for download to any dispatcher on the mesh network. One challenge we encountered downloading multiple contract libraries for the dispatcher was how to distinguish between these contract libraries. What if two contracts have similar operation names? How can the dispatcher tell what is the right operation to select from its composition container? We were able to solve this challenge by making sure that each contract library generated has a unique ServiceId that would be exported as metadata within the contract library. This setting enables the dispatcher to filter out various operations based on their ServiceId:

    namespace ConsumerContractLibrary
    {
        [ExportMetadata("ServiceId", "ConsumerLibrary")]
        public class AddCustomerOperation : IOperationDescription {}
    }

When the receiver starts up, it will pull the plugins from its Plugins folder and load the plugin.dll and adapters into MEF’s CompositionContainer, a component used to manage the composition of parts. Those dependencies will be injected into the receiver as it loads. In addition to handling messages destined for the consumer, the receiver also serves as file server that waits for the dispatcher to download the contract library when needed.

    public PluginLoader(IConfigurationService config)
    {
        this.config = config;
        var container = this.BuildContainer(); // load the plugin DLLs and create composition container
        this.RegisterAdapters(container);
        var details = this.RegisterPlugins(container);
        this.BootStrapSubscriberDetails(details); //Creates needed dependencies and bootstraps the given details.
    }

After a dispatcher downloads the available contract library specifications into a composition container, it will filter out and return all the exported values in the container corresponding the given ServiceId.

    public static IEnumerable<T> GetExportedValues<T>(this CompositionContainer container,
            Func<IDictionary<string, object>, bool> predicate)
    {
        var exportedValues = new List<T>();

        foreach (var part in container.Catalog.Parts)
        {
            foreach (var ExportDef in part.ExportDefinitions)
            {
                if (ExportDef.ContractName == typeof(T).FullName)
                {
                    if (predicate(ExportDef.Metadata))
                        exportedValues.Add((T)part.CreatePart().GetExportedValue(ExportDef));
                }
            }
        }

        return exportedValues;
    }

Where the predicate clause is actively the filter we need for ServiceId:

    metadata => metadata.ContainsKeyWithValue(METADATAKEY, serviceId)

After filtering the process, the dispatcher has all the contract library operations that are supported by the receiver.

MEF proved invaluable in solving the problem of runtime library integrations and to enable the plugin architecture. This implementation allows Orbital Bus the flexibility for developers to customize or update their contract libraries, service configurations, and translations without affecting other services on the bus. As our work continues, we plan on looking closer at the issue of versioning in the dispatcher to keep its cache in sync with the receiver’s contract libraries, making Orbital Bus an even more agile messaging solution.

  • Yi
  • Luo

Continuous Integration: Balancing Value and Effort

Continuous integration can be a tough sell to managers. It’s hard to describe the need for extra time and resources to build automated tests that should mimic what is already being done by developers. This advocacy can be especially difficult early in development when CI failures are common and the pipeline will need a lot of work. Why would any manager want a tool that creates more problems and interferes with the development cycle? A robust continuous integration pipeline is vital during development since it protects from the deployment of broken code and will generate more issues to remove bugs before production. Since Orbital Bus is an internal project, we decided to use it as an opportunity to build the kind of CI pipeline we always wanted to have on client sites.

Early on we looked at the possibility of automated provisioning of multiple machines for integration tests. We looked at a variety of tools including Vagrant, Salt Stack, and Chef and Puppet. What we found is that this automation was not worth the time investment. This post is supposed to be about the value of investing in a CI pipeline, so why are we talking about work we abandoned? To demonstrate that the value of a CI pipeline has to be proportionate to the time cost of maintaining it. When it came to automated provisioning we realized that we would spend more time maintaining that portion of the pipeline than reaping the benefits, so we stood up the VMs manually and replaced provisioning with a stage to clean the machines between runs.

As development progressed, we added to our pipeline, making sure that the time investment for each step was proportionate to the benefits we were receiving. Gradually we added the build process, unit tests, and automated end-to-end integration tests. As we continued to experiment we began using the GitLab CI runners to enhance our testing. We also discovered that GitLab could integrate with Jenkins, and brought our pipelines together to create an integrated dashboard on GitLab. As we neared the public release, we added a whole new stage for GitLab pages to deploy our documentation.

A shot of our Jenkins Continuous Integration pipeline builds.
A shot of our Jenkins pipeline builds.

As the saying goes, Rome was not built in a day. Neither was our continuous integration. We added to it gradually, and as we did we had to overcome a number of obstacles. Our greatest problem has been false negatives. False negatives immediately negate the benefits of continuous integration because the team stops respecting the errors being thrown by the system. At one point, our disregard for the failures on the CI pipeline prevented us from noticing a significant compatibility error in our code. Each failure was an opportunity for us to understand how our code was running on multiple platforms, to explore the delta between development and production environments, and ultimately made our solution more robust. From the perspective of productivity it was costly, but the time greatly outweighed the value of hardening of our solution.

A capture of one of our Continuous Integration GitLab pipelines.
A capture of one of our GitLab pipelines.

You would be mistaken if you thought we’ve stopped working on our pipeline. We have plans to continue to grow our CI, expanding our integration tests to include performance benchmarks and to work with the multiple projects which have originated in the Orbital Bus development. These additional steps and tests will be developed alongside our new features, so as to integrate organically. As our solution matures, so will our continuous integration, which means we can continue to depend on it for increased returns in our development cycle.

  • Joseph
  • Pound

Securing the Orbital Bus

After getting familiar with the Orbital Bus Architecture, and how it solves the traditional Enterprise Service Bus (ESB) shortcomings, it was time for our development team to create a secure solution around the components and communication channels of our distributed solution.

The challenge:

The Orbital Bus makes exchanging information possible between various parties. To this effect, Orbital Bus has three components involving communication:

  • RabbitMQ is the message broker across its various components.
  • Orbital Bus service registration and discovery is built on top of Consul.
  • The receiver calls out to the consumer with a REST Adapter that is built using the RestSharp Client.

These communication components support TLS-Encryption and HTTP authentication. We also want to support additional authentication and message protection mechanisms in the future. In order to implement these solutions Orbital Bus needs to provide a way to save credentials, X.509 certificates, and other forms of tokens. To summarize, the challenges we encountered in developing Orbital Bus were:

  1. Provide a secure vault to store various types of credentials, certificates, and tokens.
  2. Make the security features optional so it could be implemented only when needed.

The Solution

While working on the Orbital Bus it became obvious that a secure vault was needed to save sensitive information such as credentials, tokens, and certificates. Inspired by Java Keystore, Foci Solutions designed and developed a platform-agonstic C# Keystore solution that could work on Windows or Linux. Foci’s Keystore is available as a Nuget Package, and it also comes with a Keystore Manager CLI Tool to perform CRUD operations on the Keystore directly. Please visit the Keystore’s How to Guide for more details on how to use the Keystore and its manager.

The Keystore addresses the first security challenge. Your system requires a secure RabbitMQ client? Not a problem. You can have the credentials saved in the Keystore and use them whenever needed. Your Orbital Bus implementation requires using a certificate for service discovery through Consul? The Keystore can encrypt and save the certificate to be used whenever needed. If you look closely at the Orbital Bus API Documentation, you will notice that there is a KeystoreService and a KeystoreRepository that makes the integration with Foci’s Keystore Seamless. The Keystore’s CRUD repository makes it available to any part of the Orbital Bus components via the KeystoreService.

Now that the first security challenge has been addressed through the Keystore integration, let’s move on to the second challenge: How to make security available but optional? The first thought that comes to mind is to modify Orbital Bus code. After further consideration, it becomes very clear that code modification based on security requirements is an expensive approach that necessitates code change based on the implementation requirements. We decided to integrate the security options into our configuration service to allow changes on the fly. This way security options throughout the Orbital Bus solution can be toggled with minimal effort. You want to secure your dispatcher’s communication to the RabbitMQ client? Then all you need is to turn on a security flag and provide the RabbitMQ credentials. Just let Orbital Bus’ configuration service take care of the rest.

How to Use the Keystore

Foci’s Keystore can accommodate various entry types like certificates, key pairs, username/password pairs, and tokens. Each entry in the Keystore has a unique Alias to keep them organized. The Keystore can be configured to encrypt/decrypt its content using either the Current User or Local Machine data protection scopes. The Keystore is fully integrated for use by any component of the Orbital Bus like the dispatcher or receiver. You will only need to initialize the Keystore with the Keystore Manager Tool and add any credentials or certificates your solution requires. For example: Your implementation requires a secure communication between the dispatcher and RabbitMQ using a username and password? All you need to do is create the Keystore using the Keystore Manager Tool and add a new entry for the required credentials with a unique Alias. What’s next? How to retrieve the stored entries? What’s this Alias for? How to use it? All this will be explained in the next section.

How to Configure Security

Orbital Bus approach favours configuration over customization for obvious reasons. In this section we will walk through how you can configure RabbitMQ, Consul, and the REST Adapter to be secure. The Orbital Bus has a KeystoreService that sits in the Root of the solution. The KeystoreService is injected into the ConfigurationService class. This ConfigurationService is a powerful and flexible tool. It can be injected into any component and it imports any set of configurations that are stored in a specified JSON file mapped into their own configuration model. For example: The ConfigurationService is injected into the DispatcherRegistration in order to configure the dispatcher with settings including the RabbitMQ options for addresses, credentials, and certificates.

RabbitMQ Configuration

Both the dispatcher and receiver establish RabbitMQ buses that can be configured as secure. The following is a JSON configuration file for a dispatcher that has the RabbitMQ security enabled:

{
  "DispatcherConfiguration":
  {
    "BusHostIp": "localhost",
    "BusHostPort": 5672,
    "ContractLibraryPrefix": "",
    "ConsulConfiguration": {
      "HostIp": "localhost",
      "HostPort": 8500
    }
  },
  "BaseConfiguration": {
    "RabbitMQConfiguration": {
      "BusHostIp": "localhost",
      "BusHostPort": 5672,
      "SslEnabled": "true",
      "Alias": "rabbitCredentials"
    }
  }
}

You might notice that the property SslEnabled is set to true, and there is an Alias property with the value “rabbitCredentials”. This simple configuration allows Orbital Bus to enable secure communications with the RabbitMQ server. The Alias here is the unique name we assigned to the credentials entry saved in the Keystore using the Keystore Manger Tool. Securing RabbitMQ in Orbital Bus is as simple as this. Save your credentials in the Keystore, and make sure you edit your configuration to point to the stored credentials Alias.

Consul Configuration

For Orbital Bus we implemented Consul security connections with certificate authentication. Any REST client or request created to communicate to Consul should have an appended certificate for authentication. In return, Consul will return its certificate to authenticate to the client. The following is a JSON configuration file for a dispatcher that has the Consul security enabled:

{
  "DispatcherConfiguration":   
  {
    "BusHostIp": "localhost",
    "BusHostPort": 5672,
    "ContractLibraryPrefix": "",
    "ConsulConfiguration": {
      "HostIp": "localhost",
      "HostPort": 8500
    }
  },
  "BaseConfiguration": {
    "ConsulConfiguration": {
      "HostIp": "localhost",
      "HostPort": 8500,
      "SslEnabledConsul": "true",
      "Alias": "consulcert"
    }
  }
}

Here a similar approach to the RabbitMQ implementation is used. An entry with the Alias “consulcert” is referenced to retrieve the stored certificate that would be injected into the ConsulService when its initialized. The service then appends that certificate to requests.

REST API

The REST Adapter follows a similar approach to enable and configure secure HTTP communications. The RestAdapterConfiguration class has a SecureConsumer flag to indicate if the security is enabled and a ConsumerAlias contains the unique Alias name for the credentials in the Keystore.

Security is always a pressing concern and the best solution is not often easily apparent. In building the Keystore, we sought to make a tool that could be used easily and repeatedly, while at the same time making it an integral part of the Orbital Bus. We recommend checking out the How To Guide and trying it out yourself.

  • Rabie
  • Almatarneh