fix(rules): automated rule creation now list eventTemplates based on target selector

[maxcao13]

Fixes #433

It works but if a user clicks on a certain target and if there's any errors with SSL authentication or JMX authentication e.g. HTTP 427: JMX Authentication Failure, the ServiceApi will stop working and get stuck on the error, and hence subsequent clicks on the dropdown targets won't do anything

I'm not sure why I even get these errors since I'm running

CRYOSTAT_DISABLE_SSL=true CRYOSTAT_DISABLE_JMX_AUTH=true CRYOSTAT_CORS_ORIGIN=http://localhost:9000 sh smoketest.sh

[andrewazores]

I'm not sure why I even get these errors since I'm running

The HTTP 427 you're seeing is about Cryostat failing to connect to the selected target JVM.

CRYOSTAT_DISABLE_SSL=true CRYOSTAT_DISABLE_JMX_AUTH=true CRYOSTAT_CORS_ORIGIN=http://localhost:9000 sh smoketest.sh

These environment variables are telling Cryostat to start itself up with its own webserver running in HTTP mode rather than HTTPS (DISABLE_SSL), to not require JMX credentials when JMX clients attempt to connect to it (including itself as the connecting client - DISABLE_JMX_AUTH), and to allow cross-origin connections (needed for the cryostat-web devserver to properly interact, CORS_ORIGIN). If the target JVM you're connecting to requires JMX credentials then that's that, they're required, you can't disable credentials on a different target by asking Cryostat not to use credentials ;)

It works but if a user clicks on a certain target and if there's any errors with SSL authentication or JMX authentication e.g. HTTP 427: JMX Authentication Failure, the ServiceApi will stop working and get stuck on the error, and hence subsequent clicks on the dropdown targets won't do anything

Is this problem reproducible on main without any changes applied? If that's an existing bug then we need to file and address it separately.

[maxcao13]

I'm not sure why I even get these errors since I'm running

The HTTP 427 you're seeing is about Cryostat failing to connect to the selected target JVM.

CRYOSTAT_DISABLE_SSL=true CRYOSTAT_DISABLE_JMX_AUTH=true CRYOSTAT_CORS_ORIGIN=http://localhost:9000 sh smoketest.sh

These environment variables are telling Cryostat to start itself up with its own webserver running in HTTP mode rather than HTTPS (DISABLE_SSL), to not require JMX credentials when JMX clients attempt to connect to it (including itself as the connecting client - DISABLE_JMX_AUTH), and to allow cross-origin connections (needed for the cryostat-web devserver to properly interact, CORS_ORIGIN). If the target JVM you're connecting to requires JMX credentials then that's that, they're required, you can't disable credentials on a different target by asking Cryostat not to use credentials ;)

Oh gotcha, my bad didn't know that, thanks!

It works but if a user clicks on a certain target and if there's any errors with SSL authentication or JMX authentication e.g. HTTP 427: JMX Authentication Failure, the ServiceApi will stop working and get stuck on the error, and hence subsequent clicks on the dropdown targets won't do anything

Is this problem reproducible on main without any changes applied? If that's an existing bug then we need to file and address it separately.

Yeah, so I just tried it with cryostat -> HEAD and cryostat/web-client -> HEAD
running CRYOSTAT_DISABLE_SSL=true CRYOSTAT_DISABLE_JMX_AUTH=true CRYOSTAT_CORS_ORIGIN=http://localhost:9000/ sh smoketest.sh and npm run start:dev

When I select es.andrewazor.demo.Main on the dashboard, it gives a Authentication Required modal
and requires a Username and Password, and in the terminal, it gives the

WARNING: HTTP 427: JMX Authentication Failure
io.vertx.ext.web.handler.HttpException: Client Error (427)
Caused by: org.openjdk.jmc.rjmx.ConnectionException caused by java.lang.SecurityException: Authentication failed! Invalid username or password

before I even enter anything, and when I try to save the credentials that are autofilled, I get 405 Method Not Allowed and the logger says its for

Jul 18, 2022 5:44:09 PM io.cryostat.core.log.Logger info
INFO: (10.0.2.100:45488): OPTIONS /api/v2.2/credentials 204 0ms
Jul 18, 2022 5:44:09 PM io.cryostat.core.log.Logger info
INFO: (10.0.2.100:45494): POST /api/v2.2/credentials 405 0ms

and sort of the same thing will happen in the Automated Rule Creation since we try to get a connection to the target before query it's templates.

[andrewazores]

Weird, 405 Method Not Allowed on the brand-new credentials endpoint shouldn't be happening. Are your backend and frontend branches up to date with the upstream mains?

[maxcao13]

Yup, I believe so.

[andrewazores]

Strange. I can't reproduce that failure. I can get the 427 to occur, which is expected, but I can't get the 405. Did you rebuild your Cryostat container before the sh smoketest.sh? Maybe it's running a different/older build that doesn't have the API changes in it yet?

[maxcao13]

Hmm, actually yeah it is likely a problem on my end. I tried it again, and this time there were no issues, I'll investigate more.

[maxcao13]

This is how I can reproduce it.

[maxcao13]

Okay, I finally figured it out, I need to run mvn -Dheadless=true clean package to update my code change when running smoketest.sh or run.sh. I usually never do since I always use devserver.sh which does it for me, so I just forgot. :(

Did you rebuild your Cryostat container before the sh smoketest.sh? Maybe it's running a different/older build that doesn't have the API changes in it yet?

That was it, but I just didn't realize what you actually meant for some reason... my bad :( .

So there's no problem with the credentials feature you just implemented, sorry about that. I realized this after I got HTTP 406 from viewing reports on main... However my previous error is still an issue

if a user clicks on a certain target and if there's any errors with SSL authentication or JMX authentication e.g. HTTP 427: JMX Authentication Failure, the ServiceApi will stop working and get stuck on the error, and hence subsequent clicks on the dropdown targets won't do anything

Appending what I said, it's not that the drop down won't do anything, but it just won't query any further. So if a user navigates to the Rule Creation and the Match Selector was already selected onto a Target without proper authentication, then the query will fail completely and the dropdown will show empty for Custom Templates and Target Templates. The user has to refresh to fix.

This is definitely just a contained issue for me to figure out since on the recordings tab, the user can still switch targets if there is an auth error, and nothing stalls. I'll continue on this.

[maxcao13]

Not sure why, but Observables<EventTemplate[]> that are subscribed from refreshTemplateList that run into Error 427: Client Error (JMX Authentication) never complete until a a different valid target is queried, then both are completed (can see from console). But Observables that run into Error 502: Bad Gateway (Target SSL Untrusted)are caught by the catchError that is implemented and hence get completed correctly.

[andrewazores]

I see. That might just be a browser implementation thing. The browser itself does some level of processing of requests before we ever see them in application code, especially for 4xx error codes, so that might just explain the difference in behaviour. If there's something we can do to work around it that would be nice, but that's an issue for another PR.

Could you file a new issue with a description of the behaviour you've found? We probably won't get to it for some time but it'll be good to have it on the back burner.

[maxcao13]

Should we wait for #485, or can this be merged as it is? If there are no errors it works as intended, but if there is JMX Auth errors by selecting on an unauth'd target, the dropdown will show stale templates from the previous target, but it can be solved by just simply selecting a different target.

[andrewazores]

We can proceed without #485.

wait

[andrewazores]

Before:

After:

This little blue empty button thing under the breadcrumb shouldn't be there, should it?

[andrewazores]

Great work, thanks.