11 Monday Jun 2018
Posted in General, Oracle, Technology
I have a new blog post over on the Capgemini site – https://www.capgemini.com/2018/06/oracle-code-london/ talks about the way Oracle has changed its engagement towards developers and the Oracle Code London event that I presented at – first mentioned at Oracle Code London – Presentation & Periscope Interview
31 Thursday May 2018
Posted in General, Oracle, Technology
Tags
Whilst in London Wednesday to present Microservices in a Monolith World at the Oracle Code London, I also participated in an interview streamed via Periscope. The interview can be seen at https://www.pscp.tv/w/1jMKgqBrwYyJL
Not only was this interview captured, my entire presentation is available on YouTube …
21 Monday May 2018
Posted in API Platform CS, General, Oracle, Technology
Tags
The last week or two I have been working on a new API Platform utility to add to my existing tools (see here). This tool addresses the question of generating documentation. Much as been said about API documentation and the quality of it, check out these articles :
If you look at these articles and others, there are some common themes, which are:
Apiary covers the first theme to a first class standard, and you will see Apiary called out for its ability to document APIs in a lot of articles. Well written API Blueprints will cover the bulk of the second bullet. But the other points tend to fall outside of a Blueprint and fit more the API Policies and their use.
Not everyone is so commited or enjoys writing documentation. The other driver for going beyond the use of Apiary is that some organizations feel the need to have a traditional word style document to capture/define an API’s contract in detail. With the API Platform the management portal enables an API to be published into the developer portal with the Apiary definition and a markdown file for further documentation.
08 Tuesday May 2018
Posted in General, Oracle, Technology, UKOUG
Tags
The call for papers for the U.K. Oracle User Group’s 2018 Conference in December is out. The committee are looking for papers across not just core Oracle technologies like the database and SOA Suite but newer technologies such as Event Hub. With Oracle’s engagement with developers and the commitment to open source the UKOUG has moved to engage with these users as well. So the committee will welcome submissions about open source tech that maybe run on an Oracle platform. You can submit your proposals here.
If you’re considering making a submission but want some advise or suggestions then reachout to the UKOUG and its committee members – contact details are here.
We look forward to seeing you in Liverpool in December.
07 Monday May 2018
Posted in General, Oracle, Technology
Oracle Cloud is growing and maturing at a tremendous rate if the breadth of PaaS capabilities is any indication. However, there are a few gotchas out there, that can cause some headaches if they get you. These typically relate to processes that impact across different functional areas. A common middleware stack (API CS, SOA CS, OIC etc) will look something like the following:
As the diagram shows when you build the cloud services, the layers get configured with credentials to the lower layers needed (although Oracle have in the pipeline the Oracle managed version of many services where this is probably going to be hidden from us). Continue reading
27 Tuesday Feb 2018
Posted in API Platform CS, APIs & microservices, Books, General, Oracle, Technology
Tags
API Platform, API-P, APIs & microservices, CLI, command line, GitHub, Oracle, revert forward, utility, versioning
Oracle’s API Platform (API-P) product avoids the use of external configuration management. If you want to better understand why, then checkout our forthcoming book as it goes into detail about why this is the case (it can be pre-release version of the book can be obtained here). In a previous blog I wrote about and illustrated the use of the API-P’s own APIs so that it was possible to see what API iterations had been deployed to API Gateways.
In this blog I want to explore the issues of version management a bit further. API-P provides internal version management through the idea of iterations as previously explored (Understanding API Deployment State on API Platform). In addition to this there are API policy attributes called version, status etc. This information whilst having some impact on behavior reflects the version of the ‘contract’ that the API represents between the consumer and provider, and requires a manual change.
The API policies themselves are version tracked through the iteration identifiers. Each time a policy is saved the iteration is is incremented. What the API-P doesn’t support is the concept of branching. In relatively simple API Policy branching is unlikely to ever be an issue.
Let’s take a more complex scenario. In our book API Platform we introduced the some APIs that would allow the retrieval of meta data about artists in the record companies’ catalog. It has however come to light that the API has been targeted with malicious calls, firstly through trying to attack using injection attacks and secondly trying to overload the back end by creating data requests that make the back-end work hard in retrieving data.
To defend against this, the API Policy has been enhanced to include some custom groovy policies to inspect the values provided. Strictly speaking following the principles of Semantic Versioning the API version should go from 1.0.0 to 1.0.1. However seeing that the ‘contract’ as presented to the consumer hasn’t really changed – the data models are the same, the URI goes unaltered resulting in the implementation team not changing the version.
During development processes, it is not unusual to be developing existing logic, and decide that approach being used isn’t right or not going to perform as well. So you abandon your changes and revert back to the last approved version. However, this isn’t possible as any save will result in a new iteration. The API-P will be getting some enhanced version management features. But today to be able to undo the changes we need a means to ‘revert forward‘ (hence the tool name) that is to take an older iteration and make it the latest, as illustrated in the next diagram.
Today the API-P doesn’t provide a means to perform this process within the User interface. However when looking at a gateway you can review the API policy deployed. As we established previously that you may have different gateways deployed with different iterations. Given this, as API-P has been built true to the principles of separating the UI from the backend through the use of APIs we can deduce there should be a means to get the details of an API with a specific iteration.
To this end we have built on the pattern previously illustrated to provide the means to ‘Revert Forward’ by creating a Groovy script that will use the APIs provided by API-P to retreive an iteration and push it back at the latest version. When the policy is pushed back it also modifies the description to show which iteration has been pushed.
You may ask, why not use the conventional developer approach of branching as suggested in the following diagram. However API-P’s iteration framework doesn’t extend to support this.
The next with this is pretty predictable – how do I know which iteration to revert to. You have two options here, firstly either revert in order so you can see the prior version in turn – which whilst visually good, is not necessarily the most practical option. So in the tool we have a parameter that will allow you to display on the console the configuration of each iteration. This does mean you are going to see the policies in a JSON presentation. To make life easier we would recommend good practise and recording in the policy description information that helps determine the policy’s characteristics – and this can be used to better determine iteration behaviour.
If we are able to take an earlier iteration and make it the latest one by pushing it back then it is a short step to actually target a different management cloud in effect migrating the policies. Whilst possible it comes with some serious cautions …
Oracle does not recommend that the policies be stored anywhere outside of the platform, whilst it this utility makes that a possibility, it deliberately avoids writing any of the information to the file, the policies only reside outside of the platform for the duration of the process execution.
All the parameters assume the values will not contain any space characters. Each command is preceded by a dash eg. revertForward.groovy -inpassword mypass -inSvr https://a.b.com
The code can be obtained from my GitHub repository here.
07 Wednesday Feb 2018
Posted in API Platform CS, APIs & microservices, General, Technology
As APIs become more pervasive within our solutions we see the arrival of not just design and cataloging tools such as Apiary, Apigee and others but also the arrival of gateways. The gateways provide execution of operations including validation, accounting (moneytization), routing, and other controls such as throttled checks that would often not occur until the first contact with a service bus. For example initial routing based on the API call, fine grained authentication and authorisation (differing from your firewalls who will just perhaps authorise).
In the more traditional integration middleware of Oracle Service Bus and SOA (regardless of cloud, on-premises) you can trace the execution through the middleware end to end. This tracing can be achieved because the platform creates and assigns the a UUID (aka eCID) and ensures that it is carried through the middleware. It is this very behaviour that allows Oracle to provide Business Activity Monitoring without any need to be invasive. Burt not only that in a highly distyributed environment you can track the processing of a transaction from end to end.
The challenge now is that the first point of middleware style behaviour can be at the gateway. So we actually need to move forward the UUID or equivalent forward the the first point of contact. Not only that we need to think about the fact we will see non Oracle integration middleware involved. Within Spring, Kabana and other established frameworks and tools which are getting signficiant traction with the rise of Microservices, the Ids being used are not the same as the UUIDs used by Oracle. For example Spring Cloud Slueth uses the same HTTP header Ids that Zipkin and Kabana support:
More information can be found here and here.
For the new Oracle API Platform Cloud Service we can check for the existance of the header attributes as a policy and apply actions such as:
Ultimately it would be more attractive to apply the logic using the API Platform’s SDK but to get things rolling applying the IDs with the API Groovy policy is sufficient (more here).
Next question that begs, is where to put the ID and want to call it? Put the value in the body, and you’re invading the business aspect of an API with execution specific details, not to mention potentially changing the API definition. Whilst stuffing HTTP(s) headers with custom attributes is often discouraged as the values aren’t to immediately visible. In my opinion at least the answer largely has been set by president for us. If you weren’t using HTTPS but JMS then you would use the header, but also a number of frameworks already exist that do make use of this strategy such as those mentioned above.
Using the header defined by Kabana etc means that the very process will mean that a number of Support tools out of the box will understand and be able to help visualise your logs with no additional effort.
The following is a Groovy script that could ber used for the purposes of applying an Id appropriately into the HTTP header in the API Platform:
if (!context.getApiRequest().getHeaders().containsKey ("baggage-UUID "))
{
// use current time to seed random generator
def now = java.time.Instant.now()
def random = new java.util.Random(now.getEpochSecond())
// create an array of 16 bytes to hold the random value
byte[] uid = new byte[16]
random.nextBytes(uid)
// convert the random string from Hex to an ASCII string
Writable uidInHex= uid.encodeHex()
String uidStr= uidInHex.toString()
// set the outbound header
context.getServiceRequest().setHeader("baggage-UUID", uidStr)
}
05 Monday Feb 2018
Posted in API Platform CS, APIs & microservices, Books, General, mindmap
Tags
When it comes to ensuring I keep up good practises, I try to look at books in areas I think I have a good handle on such as APIs. Why? well it confirms and validates I’m upto date; sometimes another view point can spark ideas on how to make something better, improve an approach or simply understand another way of explaining an idea. The later is important as the key benefit of knowing something is the opportunity to help someone else. Not everyone communicates or understands ideas in the same so this is always helpful.
So recently I ran through James Higginbotham’s Designing Great Web API’s book(let). Often when goping through a book I mindmap it so that I can share it, and refer to it as a lit of prompts reminders if necessary. Whilst’s James’ book doesnt reveal anything new or relevatory for anyone working with APIs it does provide a good succinct explination to basic practises. So here is the mindmap:
You can also access my MapWise view here. James’ book can be obtained freely from O’Reilly here.
The book doesn’t go into the depth of details for practises that Apiary (Pro Edition) offers with style guidelines which will describe morec detailed recommended practises (more here).
01 Thursday Feb 2018
Posted in API Platform CS, APIs & microservices, General, Oracle, Technology
Tags
API, API Platform, code, development, node.js, Oracle, PlatformTest, policies
When configuring API Policies in the the Oracle API Platform it helps if there is a simple back end that can take the received payload and record the sent values (header & body) as well as reflect the call details back as the response, or possibly respond with a test payload (so that response policies, particularly policies that require payload navigation can be exercised correctly). By having this facility it becomes a lot easier to determine whether the policies are executing correctly in terms of routing, transforming, filtering etc. without needing to worry about whether the API implementation is correct. You could say that this is a kind of mock for testing the API Platform.
The added benefit of having a mock back end is that it is easy to ‘smoke test’ a gateway deployment very easily. Particularly if the mock is happy to receive any form of call.
Whilst implementing such a capability can be done in pretty much any language and platform you like. We have in the past for example built a Springboot Java application that can have the dependencies configured to then deploy into WebLogic for example. We have come to refer these test apps/mocks as PlatformTests as that’s exactly what they help do. A Node.js implementation of a PlatformTest such as as the following implementation is particularly appealing as the Node.js footprint is small and simple to deploy and undeploy. A basic Node.js implementation can also consume any URL and operation you choose to use. The nature of JavaScript makes it very quick to adapt the mock if need be. Although in the ideal world, we write the solution once and then use simple configuration to tune behavior.
The following code looks for a local file called testResponse.json if found then returns the content of the file (assumed to be JSON) otherwise it reflects back in the body, the received header and body. This reflection makes it extremely easy to see how the policies have changed the inbound call. The content is also logged to the console – making it easy to also see what came through to the back end.
The implementation also assumes port 8080, but changing the port is exceptionally easy.
There one enhancement planned, and this is to allow the response test payload to be handled as XML. This will need a little tweaking of the code as presently a JSON Object is currently stringified.
The code is also available in my GitHub repository – https://github.com/mp3monster/Utils/blob/master/PlatformTest.js and an example test response file is at https://github.com/mp3monster/Utils/blob/master/testResponse.json
const http = require('http');
const fs = require('fs');
// create a simple HTTP server that will handle the requests
http.createServer((request, response) => {
const { headers, method, url } = request;
console.log("Called at " + new Date().toLocaleDateString());
let body = [];
request.on('error', (err) => {
console.log("Svr Error Handler :" + err.toString);
response.statusCode(400);
response.end();
}).on('data', (chunk) => {
body.push(chunk);
}).on('end', () => {
body = Buffer.concat(body).toString();
// At this point, we have the headers, method, url and body, and can now
// do whatever we need to in order to respond to this request.
});
// record in the console what details have been received
console.log ("Received:\nMethod:" + method.toString() +
"\n URL:"+ url.toString + "\nheaders:\n"+headers.toString() +
"\nBody:\n" + body);
// now build the response
response.setHeader('Content-Type', 'application/json');
response.setHeader('PlatformTestTime', new Date().toLocaleDateString());
// initialise our response object so that if we don't load a response
// file then we reflect the content
var responseBody = { headers, method, url, body };
try {
// try reading a response file
fs.readFile('testResponse.json', function(err, data) {
console.log("handling file");
if (err != null) {
if (err.code === 'ENOENT') {
console.log("on return file - will reflect");
} else {
console.log("Read error:" + err.toString());
}
} else {
// a file exists - but is empty?
if ((data != null) && (data.length > 0)) {
// we have a file with content - lets process so it into a JSON
// object
if (Buffer.isBuffer(data)) {
// convert the buffer from hex to an ASCII string
body = data.toString('utf8');
console.log("test response:" + body);
responseBody = JSON.parse(body);
}
}
}
// create an array with our values and then make it
// JSON with stringfy
var output = JSON.stringify(responseBody);
response.write(output);
console.log("Returning:" + output);
response.statusCode = 200;
response.end();
});
} catch (err) {
if (err.code === 'ENOENT') {
console.log("on return file - will reflect");
} else {
console.log(err.toString());
}
var output = JSON.stringify(responseBody);
response.write(output);
console.log("Returning:" + output);
response.statusCode = 200;
response.end();
}
}).listen(8080); // Activates this server, listening on port 8080.
25 Thursday Jan 2018
Posted in API Platform CS, APIs & microservices, development, General, Oracle, Technology
Tags
API, API Platform, API-PCS, Groovy, iterations, Oracle, Script, Technology, utility, versions
The new Oracle API Platform makes it possible to deploy different versions of your APIs to different gateway instances. When you you’re managing the Development API Policies through all the different stages of the lifecycle (Design to Production) from a single management tier such a capability is essential. This is further challenged by the fact that each save of you API Definition creates a new iteration (the term used to identify each saved ‘version’ of the API)
However it does lead the challenge from a management perspective of knowing which iterations are running on each Gateway.. you can get the information from the current UI but it requires multiple steps to get the information. The UI also lends itself more to the design processes today than perhaps the more dense information views that a operational report might warrant.
I’m sure that over time these views will come, but today we can solve the problem by taking advantage of the fact that the product lives by its own ‘mission’ by offering a very rich set of APIs. As a result it becomes possible to actually build your own views. To that end I have written a Groovy script which will go through each API that can be seen and retrieves the iteration deployed to each logical gateway.
In terms of running the script you obviously need Groovy installed. It expects 3 parameters which are:
You can hardwire into the script default values which will then be used if no parameters are provided.
Here is a screenshot of some output. I have masked out some information for reasons of security. But there should be enough here to give a sense of what is happening:
The script includes suppressing certificate validation – necessary if you haven’t yet deployed your own specific certificate and still working with the default Oracle certificate.
Feel free to take the script and play with it. I make no claims to it’s elegance etc but I have tried to comment it so you can see what is going on. I have tried to keep the code fairly simple so you can see how it works and processes the JSON responses. The script is available at: https://github.com/mp3monster/Utils/blob/master/getDeployedIterations.groovy
For more about the APIs involved in the script, checkout
