I want to open up discussion around adding a Stellar REST client function.
There are services available to enrich security telemetry and they are
commonly exposed through a REST interface.  The primary purpose of this
discuss thread to collect requirements from the community and agree on a
general architectural approach.

At a minimum I see a Stellar REST client supporting:

   - Common HTTP verbs including GET, POST, DELETE, etc
   - Option to provide headers and request parameters as needed
   - Support for basic authentication
   - Proper request and error handling (we can discuss further how this
   should work)
   - SSL support
   - Option to use a proxy server (including authentication)
   - JSON format

In addition to these functional requirements, I would also propose we
include these performance requirements:

   - Provide a configurable caching layer
   - Provide a mechanism for pooling connections
   - Provide clear documentation and guidance on how to properly use this
   feature since there is a significant risk of introducing latency issues

What else would you like to see included?

I think the primary architectural decision we need to make (based on the
agreed upon requirements of course) is an appropriate Java HTTP/REST client
library.  Ideally we choose a library that supports everything we need
OOTB.  I think the majority of the work for this feature will involve
wrapping this library in a Stellar function and exposing the configuration
knobs through Metron's configuration interface (Ambari, Zookeeper, etc).  I
have done some very light research and here is my initial list:

   - Apache HttpComponents - https://hc.apache.org/
   - Has support for all of the features listed above as far as I can tell
      - Doesn't introduce a large number of new dependencies (am I wrong
      here?)
      - Is sort of included already (we will need to upgrade from
      httpclient)
      - Lower level
   - Google HTTP Client Library for Java -
   
https://developers.google.com/api-client-library/java/google-http-java-client/
   - Higher level API with pluggable components
      - Introduces dependencies (we've had issues with Guava in the past)
   - Netflix Ribbon - https://github.com/Netflix/ribbon
      - Has a lot of nice features that may be useful in the future
      - Introduces dependencies (including guava)
      - Hasn't been committed to in the last 5-6 months
   - Unirest - https://github.com/Kong/unirest-java
      - Lightweight API built on top of HttpComponents
      - Pluggable serialization library (jackson is an issue for us so this
      is nice)
      - Also has not received a commit in a while
   - OkHttp - http://square.github.io/okhttp/
   - Good documentation and looks easy to use
      - Actively maintained

Obviously we have a lot of choices.  I think it comes down to balancing the
tradeoff between ease of use (HttpComponents will likely require the most
work since it is lower level) and capability.  Introducing additional
dependencies is something we should also be mindful of because our shading
practices.

This should get us started.  Let me know what you think!

Reply via email to