We absolutely should look at the ample literature of how to design good REST APIs. My suggestion was for the short term; an incremental addition to what we have now.
Anyone have interest & time to research DRILL REST 2.0? This is the problem we have at the moment: we need a volunteer who can do the design and the implementation. Since web technologies change every couple of years; it a Jetty-based engine using Freemarker templating still state of the art? Or, have folks come up with some newer way to do this stuff? Web UI changes to fast for me to keep current… - Paul > On Jul 12, 2017, at 7:47 AM, Kunal Khatua <[email protected]> wrote: > > Should we look at some well-established products that have a good set of such > APIs for guidance? That will ensure that we atleast identify the most > relevant APIs. > > -----Original Message----- > From: John Omernik [mailto:[email protected]] > Sent: Wednesday, July 12, 2017 6:12 AM > To: user <[email protected]> > Subject: Re: Rest API - Need to Improve > > My Java is sitting on my desk right now... on the plus side, when Java is on > my desk, my Python is incredible... > > (Translation: Java scares me) > > :) > > > On Tue, Jul 11, 2017 at 4:23 PM, Paul Rogers <[email protected]> wrote: > >> Hi John, >> >> All good points! >> >> How comfortable are you with Java? The current REST API evolved >> organically based on the needs of the web UI. While we could wait for >> a REST re-design, we could also move forward just adding the messages >> you need — especially if you can contribute the code. >> >> The code is in org.apache.drill.exec.server.rest.LogInLogOutResources. >> This is a mercifully short file. The login page message itself is one >> line of actual code: >> >> @POST >> @Path("/login") >> @Produces(MediaType.TEXT_HTML) >> public Viewable getLoginPageAfterValidationError() { >> return ViewableWithPermissions.createLoginPage("Invalid >> username/password credentials."); >> } >> >> Seems simple enough to change above method to add the HTTP status to >> the generated web page; the browser won’t care. >> >> The web framework Drill uses is quite rich (mucked about with it a >> year ago, but have gotten rusty since.) There is an easy way to >> indicate the HTTP status; I just can’t remember what it is… >> >> Anyone else remember how to set the return status in a Jetty response? >> >> Thanks, >> >> - Paul >> >> >>> On Jul 7, 2017, at 5:48 AM, John Omernik <[email protected]> wrote: >>> >>> Hello all, I recently setup some notebooks using the Rest API. >>> >>> I found that I was using Drill 1.8, and my code for determining >>> authentication in Python, while hacky, worked... What I found is >>> using python requests, when I posted to j_security check, the >>> requests object almost always returned a HTTP 200. >>> >>> If it was a bad username/password, I parsed the page and looked for >>> that text. In 1.8, if login was successful the string "Number of Drill >>> Bits" >>> appeared on in the response text. From the requests module >>> perspective, both used HTTP 200 as a status code. However, on a >>> successful login, >> Drill >>> actually sends a HTTP 303 that goes to / and apparently requests >>> auto >> grabs >>> that request like nothing happened. Never telling me, the programmer >> about >>> the 303. >>> >>> However, in Drill 1.10, the UI for the / page improved, and likely, >>> the string "Number of Drill Bits" was removed. This made it so I >>> now had to reprogram my auth code to handle it better. >>> >>> So here I am, What IS the best way to determine programmatically in >>> a way that will remain stable if login was successful. Obviously >>> string parsing is prone to error and can be changed. I tried >>> checking for the presence >> of >>> a JSESSIONID but that can show up either way. >>> >>> So what is the "right" way to indicate login is successful? Could we >>> do something better with response codes? I know having the Form >>> seems to >> make >>> sense, but could we just use basic authentication and set the header >>> with the form? That way, we could issue single queries with basic >>> auth and >> get a >>> Unauthorized if the authentication didn't work. I don't know if I >>> have >> an >>> answer, but I do know that working with the Rest API isn't all that >>> intuitive, it should be easier to tell if login was successful... I >>> am interested in the thoughts of others here. >>> >>> John >>> >>> >>> >>> >>> >>> >>> >>> (Code) >>> def authDrill(self): >>> url = self.drill_base_url + "/j_security_check" >>> login = {'j_username': self.drill_user, 'j_password': >>> self.drill_pass} >>> >>> verify = "/etc/ssl/certs/ca-certificates.crt" >>> >>> if self.drill_pin_to_ip == True: >>> verify = False >>> >>> requests.packages.urllib3.disable_warnings(InsecureRequestWarning) >>> else: >>> verify = "/etc/ssl/certs/ca-certificates.crt" >>> >>> r = self.session.post(url, data=login, >>> headers=self.drill_headers, >>> verify=verify) >>> if r.status_code == 200: >>> if r.text.find("Invalid username/password credentials") >= 0: >>> raise Exception("Invalid username/password credentials") >>> elif r.text.find("Number of Drill Bits") >= 0: >>> pass >>> else: >>> raise Exception("Unknown HTTP 200 Code: %s" % r.text) >>> else: >>> raise Exception("Status Code: %s - Error" % r.status_code) >>> return self.session >> >>
