METRON-1671: Initial PCAP UI#1103
METRON-1671: Initial PCAP UI#1103tiborm wants to merge 20 commits intoapache:feature/METRON-1554-pcap-query-panelfrom tiborm:feature/METRON-1554-pcap-query-panel
Conversation
Conflicts: metron-interface/metron-rest/src/main/java/org/apache/metron/rest/MetronRestApplication.java metron-interface/metron-rest/src/main/java/org/apache/metron/rest/controller/PcapQueryController.java metron-interface/metron-rest/src/main/java/org/apache/metron/rest/util/pcapQueryThread.java
|
@tiborm Thanks for the contribution! A few comments for starters:
|
|
Some screenshots of your UI changes with accompanying explanation would also be useful so reviewers know what we're looking at. |
tiborm
changed the title
|
I think we should rename from alert ui to investigate or something |
|
@mmiklavc The 10k+ line spec file is a working unit test which contains mock data as well. @justinleet managed to make UI unit tests part of our Travis build. He opens a PR for that soon. |
|
I reviewed the UI. Everything comes up fine and looks good. One assumption I am making is that protocol is numeric because the protocol field will not allow me to enter a character. +1 |
….com/tiborm/metron into METRON-1671-review
…che/metron into feature/METRON-1554-pcap-query-panel
|
@tiborm @sardell Can one of you list out the UI PR's and indicate the order in which they should be tested and subsequently merged into the feature branch? Since this is the initial major ticket, you can probably add that as a comment here. In addition, each PR should clearly indicate which PR's it depends on and those that are depending on it. |
cestella
left a comment
cestella
left a comment
There was a problem hiding this comment.
Do we have any idea why or how these .ts files are able to make their way through the RAT checks on license headers?
| @@ -0,0 +1,29 @@ | |||
| import { async, ComponentFixture, TestBed } from '@angular/core/testing'; | |||
There was a problem hiding this comment.
Some of these .ts files don't have license headers, how is this passing the rat check? Do we have a rat exclusion that is too broad?
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,24 @@ | |||
| import { Component, OnInit, Input, Output, EventEmitter } from '@angular/core'; | |||
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,53 @@ | |||
| import { async, ComponentFixture, TestBed } from '@angular/core/testing'; | |||
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,22 @@ | |||
| import { Component, OnInit, Input } from '@angular/core'; | |||
| @@ -0,0 +1,38 @@ | |||
| import { Component, OnInit, Input } from '@angular/core'; | |||
| @@ -0,0 +1,22 @@ | |||
| import { Component, OnInit, Input } from '@angular/core'; | |||
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,51 @@ | |||
| import { async, ComponentFixture, TestBed } from '@angular/core/testing'; | |||
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,65 @@ | |||
| import { Component, OnInit, Input } from '@angular/core'; | |||
There was a problem hiding this comment.
Thanks, we added license headers.
| @@ -0,0 +1,1735 @@ | |||
| import { TestBed, async, inject } from '@angular/core/testing'; | |||
| @@ -0,0 +1,10186 @@ | |||
| import {Injectable, NgZone} from '@angular/core'; | |||
|
There's a bug report that rat treats .ts files as binary and ignores them. |
|
I have submitted a PR to up the rat plugin version and have fixed it in master #1126, let's make sure to add license headers here for new files added in this branch though. |
Add backend integration and add license headers
….com/tiborm/metron into METRON-1671-review
|
I tested this in full dev and the fixed query request is incorrect. Here's what is being sent: when it should look like: I've submitted a PR that fixes the issue. The UI works as expected with those changes. Let me know if there is anything missing in that. |
Can you submit or link to the test script/instructions for this? |
|
I have a couple comments after spinning up #1122 (which should have all these changes, I believe).
|
@merrimanr If I'm right on the context of the Q and A here, the PcapJob around the underlying MR job handles it async or sync. For REST, we expose it asynchronously via the job manager. |
Updated fixed pcap request
|
@mmiklavc The job manager is asynchronous in that it accepts a Finalizer. We have the polling loop in place but we would need to refactor the job manager to expose a callback function for getStatus. @justinleet I get where you're coming from, async communication would be ideal. For this use case though, I don't see much of a benefit. There is no reason we can't send status for all user jobs in response to a single polling request (a trivial change since there is already a getJobs method on the job manager). Also, we are reporting percentage done so there would likely be multiple aysnc calls anyways as the job progresses. This is definitely something we should add to our platform and I would be happy to work on it with you. Sounds like you're ok with this being a follow on. I'm sure we'll need this construct at some point in the near future. |
|
@tiborm - I see a lot of recent changes to dependency versions in the package lock file - is that intentional? Just a short comment about what it's for would be helpful. |
|
In the screenshots you provide, the timestamp field contains both the epoch timestamp and the date. I'd have to dig in, but based on PDML files I've seen, it's displaying both the "show" and the "value". Seems like we should either be splitting that display field, or just choosing one. |
| OR CONDITIONS OF ANY KIND, either express or implied. See the License for | ||
| the specific language governing permissions and limitations under the License. | ||
| --> | ||
| <td class="timestamp">{{ip.timestamp.value}} <span class="date">{{ip.timestamp.show}}</span></td> |
There was a problem hiding this comment.
This looks like the culprit for the double timestamp/data showing
There was a problem hiding this comment.
@justinleet I created a ticket to get some feedback on whether we should be displaying both field values as separate fields in the UI or if we should just choose one. I'm going to hold off on making changes to this code until we get some feedback from the community.
…che/metron into feature/METRON-1554-pcap-query-panel
|
@mmiklavc We had to update a package-lock.json file because of the original one contained a package collision. npm ci command just failed on that. |
|
@cestella We added the license headers for all new files. |
|
@mmiklavc The list of the sequential PR's in order are the following: METRON-1671: Initial PCAP UI METRON-1662: Adding download button METRON-1676: Adding date range selector to PCAP filter bar METRON-1675: Add Pagination to PCAP METRON-1683: Fix the download progress bar in PCAP UI |
|
@mmiklavc Thanks for the comment! I extended the JIRA ticket with user story like test scenarios. |
|
As part of the latest commits I removed commented code blocks, and fixed the variable naming issues in pcap-packet-line.component.ts. |
|
@justinleet In response to your UI-related questions:
It looks like @ruffle1986 added some validation in this branch. Are you fine with this being a follow up PR?
In the current iteration of the UI, a button to kill jobs is not available. I agree that we should add this to the UI, but if it's okay with you I think this could be a follow on PR.
Nice catch. I think we should open a ticket to investigate this further.
If a job is now running, an error is returned from the API. The UI work to handle this is in this commit.
It looks like this was resolved by @ruffle1986 in this branch by removing the type attribute on the input. |
|
Given that unit tests will be addressed in a forthcoming PR, this is good enough for me as an initial UI. +1 pending other commenters are satisfied. |
|
Several people have given feedback on this PR. What do you think @mmiklavc, @justinleet and @cestella? Is this good enough for a first pass at the UI? |
|
@sardell I'm fine with this stuff being follow on. Can we make sure we have tickets linked to https://issues.apache.org/jira/browse/METRON-1554? I believe the follow-ons are
Is there anything else that tickets need to be created for (assuming I didn't just miss them)? Once we get the tickets made (and linked here, so it's easy for anyone following the discussion to find them), I'm good with this being the basis for the rest of the UI work. |
|
@justinleet Here are the tickets for the follow-on items:
I believe that's all the tickets that need to be created stemming from the discussion above. |
|
Looks like all comments have been addressed, reviewers have been able to test successfully, and any remaining follow-on work has been added to the feature branch Jira/Epic. I'm +1 by inspection. Nice work gentlemen. |
|
This has been merged into the feature branch. Can you close it @tiborm? |
|
Thanks to everyone for the feedback and comments! |
8 participants
Contributor Comments
This PR contains the initial cut of PCAP UI.
The user is able to submit a PCAP process job by the search button (magnifier icon) at the top of the page. In the same filter bar User is able to narrow the result set by filtering to the following fields:
While the PCAP job is in progress a progress bar shows up below the filter bar. (Sorry, having no screenshot about it.)
The result of the PCAP processing is visualized in a grid. User able to open each record to get access to the details of the packet.
Running tests
If you like to run the unit tests run:
npm install
npm test
For addition info please check the readme.md in metron-alerts.
Testing
This has been tested in full dev. In order to test:
/apps/metron/pcap/inputin your VM.For test scenarios please check https://issues.apache.org/jira/browse/METRON-1671
Pull Request Checklist
Thank you for submitting a contribution to Apache Metron.
Please refer to our Development Guidelines for the complete guide to follow for contributions.
Please refer also to our Build Verification Guidelines for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:
For all changes:
For code changes:
Have you included steps to reproduce the behavior or problem that is being changed or addressed?
Have you included steps or a guide to how the change may be verified and tested manually?
Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
Have you written or updated unit tests and or integration tests to verify your changes?
If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?
For documentation related changes:
Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via
site-book/target/site/index.html:Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
It is also recommended that travis-ci is set up for your personal repository such that your branches are built there before submitting a pull request.