bbva / kapow Goto Github PK

As per the spec¹, the call should return a JSON body with the info
of the newly created route. Should we consider this in the mocked server
and in the test?

¹: https://github.com/BBVA/kapow/tree/master/spec#insert-a-route

At this moment setResponseHeader adds values to the header with every call (a PUT). Should we use POST for this and PUT to overwrite?

What should the return code be when there is no form in the target request and access to a field is requested?

Partially implemented in branch feature/respond.

Add a mechanism to avoid responding when the shell finishes.

GO's implementation doesn't make any header key/value encoding validation. We need to add this validation.

Add a note in the specification syaing that cookie keys are case sensitive.

We need to write the route specification to make clear what attibutes are mandatory and the attributes domain (if any is needed)

Currently the data API only allows to set status code, there is no way to set a reason phrase. As said by specification the reason phrase is an important element in order to provide valuable information to human beings so Kapow! users should be allowed to set this value.

GO's current implemetation doesn't allow to set an arbitrary response status trough WriteHeader. We need a way by which circumvent this.

The code is a PoC, a dirty one. No test. No desing. Just a prof that is possible to do Kapow!.

The best tech stack for Kapow! is out there, and we'll find it.

The --url flag and KAPOW_URL env var are no longer sufficient because the control server which they pointed to has been split in two: control and data.

Thus, we need to honour this split. Let's be specific:

kapow route should honour the KAPOW_CONTROL_URL env var and the --control-url flag, with a default value of http://localhost:8081.

kapow server should honour the --control-bind flag, with a default value of localhost:8081.

kapow server should honour the --bind flag, or its alias --user-bind, with a default value of localhost:8080.

kapow server should honour the --data-bind flag, with a default value of localhost:8082.

kapow get|set should honour the KAPOW_DATA_URL env var and the
--data-url flag, with a default value of http://localhost:8082.

For completion, although this hasn't changed, kapow get|set should honour the KAPOW_HANDLER_ID env var and the --handler-id flag. No default value.

Note that flags take precedence over env vars.

When you try lo load more than one .pow file, using *.pow, if you don't put "\n" at ending of each file, kapow doesn't works.

Kapow! have no way to recover the original creation info of a given endpoint. This will be a good enhancement because if this endpoint gives you the data with the same format you can feed another Kapow! instance with the info of other Kapow!

Ask yourself, what iptables would do?
Maybe avoid a negative index throwing an error?

When the shell started by Kapow! server ends with error this error code is not returned from Kapow! so if exited with error the error code is missed.

Using this .pow file:

bash kapow route add -X POST /tools/network/nmap -c 'nmap -v -Pn -n -sS -sS -A "$(request /form/ip)" | response /stream'

After launch Kapow! this above rules and launch 3 executions and cancel them (with a CTRL+C), the Kapow! service reject connections until one nmap execution finishes.

It appears that, when CTRL+C was break the connection with Kapow! serve, it doesn't stop the nmap background process.

Screenshot of curl calling the service:

Screenshot of the Kapow! console:

Add a new /route branch to the resources tree so the external process can query not only the current request data, but the data of the route its being processed.

As suggested by @hhurtado.

Too specific errors are too complex rigth now. Instead 400 and several 422 throw only a 422 malformed entity.

Implement in the E2E suite the success feature on data spec.

As per the spec, this call should return the actual route inserted, with the final values for all its fields.

Co-authored-by: César Gallego [email protected]

Example: https://github.com/BBVA/kapow/blob/a865ade26a12f2271fa5796b45fd7f13b684d198/internal/client/route_remove_test.go

The default values for the Route entity must be set on the create/insert handler as the server has all the information needed to do so

• Change spec
• Change code

As discussed we let the "client" in this case the control API layer to generate the route ID to allow in the future users to give a custom routeID name.

Maybe the job of the user state layer is only to validate data on append to avoid collisions or malformed inputs.

Related to #39

Implement a test suite to check any Kapow! implementation compliance against the specification. The test suite must contain at least:

• HTTP Control API
• HTTP Data API
• Kapow! Framework

This test suite must be independent of the implementation and cannot be coupled with the current or future implementations under any circumstances.

• Change spec
• Change tests
• Change poc
• Change code

At this moment setResponseCookie adds values to the cookie with every call (a PUT). Should we use POST for this and PUT to overwrite?

GO's implementation doesn't make any cookie key/value encoding validation. We need to add this validation.

This is disturbing 😅; please use standard metasyntactic variables (foo, bar, baz...) or descriptive text content (examplebody, exampleheader, ...) as example data for tests.

On an empty env gherking-lint is not found. Maybe need pipenv install --dev and added dependency.

Continue the works in branch tutorial

*.pow files can't be executed directly.

They should be executed either running kapow server foo.pow or within an interactive kapow shell. Otherwise, it won't work, and it fails with a call stack trace, like this:

$ ./nmap.pow 
Traceback (most recent call last):
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/bin/kapow", line 7, in <module>
    exec(compile(f.read(), __file__, 'exec'))
  File "/home/pancho/sandbox/bbva/kapow/poc/bin/kapow", line 632, in <module>
    kapow()
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/pancho/sandbox/bbva/kapow/poc/bin/kapow", line 573, in route_add
    "command": source})
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/api.py", line 116, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/api.py", line 60, in request
    return session.request(method=method, url=url, **kwargs)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/sessions.py", line 519, in request
    prep = self.prepare_request(req)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/sessions.py", line 462, in prepare_request
    hooks=merge_hooks(request.hooks, self.hooks),
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/models.py", line 313, in prepare
    self.prepare_url(url, params)
  File "/home/pancho/.local/share/virtualenvs/poc-DayB6nJe/lib/python3.7/site-packages/requests/models.py", line 387, in prepare_url
    raise MissingSchema(error)
requests.exceptions.MissingSchema: Invalid URL 'None/routes': No schema supplied. Perhaps you meant http://None/routes?

We should handle this case more gracefully, and return an explicit error message when it happens.

NOTES:

One way to solve this would be:

1. Adding the shebang line to all *.pow files:
   #!/usr/bin/env -S kapow server.
2. Modify the server code so that it won't spawn a second server if the environment variable KAPOW_URL is already defined, which happens when running within an interactive kapow shell.

This could be hard to implement, so we could settle for less:

1. Detect the condition described above and exit with a descriptive error message.
2. If the #!/usr/bin/env -S kapow server is in place and you try to run it within an interactive kapow shell, exit notifying the user that the .pow file shoud be run like this: bash -c foo.pow.

In order to simplify the Kapow! endpoint creation process a debug operation flag will be great. In this operation mode Kapow! will respond you with full stacktrace of every error.
This debug operation must be avoid on production environments.

Currently Kapow! is a PoC and the interpreter was written in Python.

The idea for a next improved version is: Distribute Kapow! as a static binary without any library dependency to improve the portability

As Kapow admin I want to replicate a running kapow from a newly fresh kapow, even if i have no original script files.

We need to define how are we going to return the values associated to a param (/request/params/{name})

The GO's implementation doesn't allow to decode form encoded data sent in a request with an arbitrary method and/or content type other than "application/x-www-form-urlencoded". This is needed for Kapow! semantic so it MUST be changed in the future.

Implement a ParseForm function that doesn't care about method nor Content-Type.

What should the behaviour be when an error occurs accesing the content of a file?