aurora-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin Sweeney (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AURORA-390) UI should be able to query any scheduler backend
Date Tue, 06 May 2014 23:22:31 GMT

    [ https://issues.apache.org/jira/browse/AURORA-390?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13991321#comment-13991321
] 

Kevin Sweeney commented on AURORA-390:
--------------------------------------

Configurable access control seems like the right way to go here; however, with a value of
"*" anyone on the Internet who can put a <script> tag in your page can read the response.
I'd propose instead exposing the a flag to set the value of the header.

For the local development mode case you don't even need this - you can simply tell your browser
to ignore the header with --disable-web-security or equivalent.

> UI should be able to query any scheduler backend
> ------------------------------------------------
>
>                 Key: AURORA-390
>                 URL: https://issues.apache.org/jira/browse/AURORA-390
>             Project: Aurora
>          Issue Type: Task
>          Components: UI
>            Reporter: Suman Karumuri
>
> Currently, we test the scheduler UI with the test data generated from the IsolatedSchedulerModule.
While this is useful for basic testing, the data generated is of poor quality and is leading
to many bugs that are discovered late. It would be awesome, if the UI on my laptop can query
any scheduler backend. For example, if the UI can query a test or a staging environment, we
can test the UI with real data without an elaborate setup process. Further, it would simplify
debugging prod issues and this will also take us closer to making the UI a separate self hosted
service to run e2e tests. 
> Currently, the UI on the scheduler can only query the scheduler which is hosting the
UI because the /api end point doesn't allow CORS calls. If we want to enable this we have
2 options: 
> a) Enable CORS support on /api end point by adding " Access-Control-Allow-Origin: *"
header.
> b) Make a JSON-P call from the UI front end to the backend. Since we make the Ajax calls
to the backend using thrift library, we need to bypass the ajax stuff in the thrift library
by writing our own wrapper around the thrift library to make the calls using JSON-P. (like
the angular-thrift library[1]).
> Since any script can already query the JSON end point and since it less risky and simple
change I am leaning towards a).
> [~wfarner][~davmclau] and [~kevints] Please weigh in.
> [1] https://github.com/massaroni/angular-thrift



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message