In this article we will explore the current version of wishbone-input-httpserver
a Wishbone input module to receive events over http(s).
Introduction
Wishbone-input-httpserver is a wishbone input module to receive
events over the http protocol. A typical use-case is to accept and process
webhook payloads. Once the payload is received, it is turned into an event
which can be further processed and acted upon as defined by the Wishbone
bootstrap file.
The source code can be found on Github: https://github.com/wishbone-modules/wishbone-input-httpserver
Installation & setup
Both Wishbone and wishbone-input-httpserver can be installed in different ways. The Wishbone installation documentation describes the most common scenarios.
In this article we will use the Docker image
smetj/wishbone-input-httpserver:latest which is build by
travis-ci each time code is committed to the project or a new release is
done.
This container image includes the latest Wishbone and wishbone-input- httpserver and is used as a reference installation.
Validate module availability
You can validate whether the wishbone-input-httpserver module is available by issuing following command:
$ docker run -t -i smetj/wishbone-input-httpserver:latest list
If Wishbone can find the wishbone-input-httpserver module it will be
listed as wishbone_contrib.module.input.httpserver since it is not a
builtin module but an external (contributed) one instead.
Bootstrap file
The bootstrap file defines the Wishbone server. It defines which modules to initialize using which parameters and which module queues to connect in order to define the event flow.
We will use the following bootstrap file as starting point for this article:
To bootstrap the Wishbone server we mount the bootstrap file to the container:
$ docker run -t -i \
--volume $(pwd)/bootstrap.yaml:/bootstrap.yaml \
-p 19283:19283 \
smetj/wishbone-input-httpserver:latest start --config /bootstrap.yaml
If all went well you should have a running Wishbone server greeting you with following message:
Instance started in foreground with pid 1
2018-02-22T12:03:29.7677+00:00 wishbone[1] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
Documentation
At any time you can read a module's documentation using following command:
$ docker run -t -i smetj/wishbone-input-httpserver:latest show --docs wishbone_contrib.module.input.httpserver
Features
Paths vs queues
Wishbone modules are connected to each other with queues.
The example bootstrap file connects the input queue of 2
wishbone.module.output.stdout module instances (red and green) to
the red and green queue of module instance input.
This means that events submitted to http://localhost:19283/green will
end up with module instance green and events submitted to
http://localhost:19283/red will end up with module instance
green.
The URL path is mapped to a queue name, therefor the path should always match a queue name otherwise you will get a 404:
$ curl http://localhost:19283/red/three/four
404 Not Found. Endpoint 'red/three/four' does not exist
$ curl http://localhost:19283/blue
404 Not Found. Endpoint 'blue' does not exist
Submitting data
A client can submit data using a PUT or POST on the desired resource:
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -d @- http://localhost:19283/green
200 OK. 28cfaced-598c-4b33-bd19-ba1efa0c613d
On the server side we can see the payload embedded in an event and printed to STDOUT (module instance green):
Instance started in foreground with pid 1
2018-02-23T15:54:52.8308+00:00 wishbone[1] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
{'cloned': False, 'bulk': False, 'data': {'one': 1, 'two': 2, 'three': 3}, 'errors': {}, 'tags': [], 'timestamp': 1519401293.4195442, 'tmp': {'input': {'headers': {'content-type': 'application/x-www-form-urlencoded', 'content-length': '32', 'host': 'localhost:19283', 'user-agent': 'curl/7.53.1', 'accept': '*/*'}, 'env': {'gateway_interface': 'CGI/1.1', 'server_software': 'gevent/1.2 Python/3.6', 'script_name': '', 'wsgi.url_scheme': 'http', 'server_name': '42ac480639ed', 'server_port': '19283', 'request_method': 'PUT', 'path_info': '/green', 'query_string': '', 'content_type': 'application/x-www-form-urlencoded', 'content_length': '32', 'server_protocol': 'HTTP/1.1', 'remote_addr': '172.17.0.1', 'remote_port': '38236', 'http_host': 'localhost:19283', 'http_user_agent': 'curl/7.53.1', 'http_accept': '*/*'}, 'params': {}}, 'green': {}}, 'ttl': 253, 'uuid_previous': [], 'uuid': '28cfaced-598c-4b33-bd19-ba1efa0c613d'}
2018-02-23T15:54:53.4217+00:00 wishbone[1] informational input: 172.17.0.1 - - [2018-02-23 15:54:53] "PUT /green HTTP/1.1" 200 167 0.000790
The bootstrap file has defined a wishbone.protocol.decode.json
instances called json which is applied to the input module
instance.
As you can see, the UUID returned to the client is also available in the event itself.
If we were to submit invalid JSON we would get following error:
$ echo 'abc'|curl -XPUT -d @- http://localhost:19283/green
406 Not Acceptable. There was an error processing your request. Reason: ProtocolDecodeError Expecting value: line 1 column 1 (char 0)
URL query string for extra context
Sometimes you could use the possibility to add additional context to a payload without having the opportunity to modify the payload itself. Think of for example the many webhook functionality offered by service such as Github, Pagerduty, Docker registry, ...
The wishbone-input-httpserver module accepts an URL query string for
each endpoint. This doesn't really influence the request itself but instead it
adds the query string's key/values to the Wishbone event's metadata.
An example illustrates the usage:
A client request:
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -d @- 'http://localhost:19283/green?&location=eu&country=be&city=brussels'
200 OK. 6838ab83-2b32-4ac2-b32a-e3bc3d0b92ff
On the server side:
{'cloned': False, 'bulk': False, 'data': {'one': 1, 'two': 2, 'three': 3}, 'errors': {}, 'tags': [], 'timestamp': 1519485068.251564, 'tmp': {'input': {'headers': {'content-type': 'application/x-www-form-urlencoded', 'content-length': '32', 'host': 'localhost:19283', 'user-agent': 'curl/7.53.1', 'accept': '*/*'}, 'env': {'gateway_interface': 'CGI/1.1', 'server_software': 'gevent/1.2 Python/3.6', 'script_name': '', 'wsgi.url_scheme': 'http', 'server_name': 'd47dcd83a746', 'server_port': '19283', 'request_method': 'PUT', 'path_info': '/green', 'query_string': '&location=eu&country=be&city=brussels', 'content_type': 'application/x-www-form-urlencoded', 'content_length': '32', 'server_protocol': 'HTTP/1.1', 'remote_addr': '172.17.0.1', 'remote_port': '56856', 'http_host': 'localhost:19283', 'http_user_agent': 'curl/7.53.1', 'http_accept': '*/*'}, 'params': {'location': 'eu', 'country': 'be', 'city': 'brussels'}}, 'green': {}}, 'ttl': 253, 'uuid_previous': [], 'uuid': '6838ab83-2b32-4ac2-b32a-e3bc3d0b92ff'}
As you can see the tmp.input.params contains the query parameters as
key/values which can be useful for further processing. This way we can give
the client the possibility add additional contextual data to the event without
having to modify the actual payload.
Multiple instances
Using the module parameter so_reuseport you can, if desired, run
multiple Wishbone processes and have each wishbone-input-httpserver
instance bind to the same port. The result of this is that each incoming
request is handled in a round robin fashion by the server instances bound to
that port.
For this we set following option in the bootstrap file:
modules:
input:
module: wishbone_contrib.module.input.httpserver
protocol: json
arguments:
so_reuseport: true
We start the Wishbone server using following option --instances 2:
$ docker run -t -i \
--volume $(pwd)/bootstrap.yaml:/bootstrap.yaml \
-p 19283:19283 \
smetj/wishbone-input-httpserver:latest start --config /bootstrap.yaml --instances 2
Instances started in foreground with pid 9, 10
2018-02-24T15:59:31.7313+00:00 wishbone[10] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
2018-02-24T15:59:31.7321+00:00 wishbone[9] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
We can see incoming requests are spread round robin over both instances by looking at the PID in the logs:
2018-02-24T15:59:31.7313+00:00 wishbone[10] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
2018-02-24T15:59:31.7321+00:00 wishbone[9] informational input: Webserver bound to 0.0.0.0:19283. Listening for incoming requests
{'cloned': False, 'bulk': False, 'data': {'one': 1, 'two': 2, 'three': 3}, 'errors': {}, 'tags': [], 'timestamp': 1519488117.1167986, 'tmp': {'input': {'headers': {'content-type': 'application/x-www-form-urlencoded', 'content-length': '32', 'host': 'localhost:19283', 'user-agent': 'curl/7.53.1', 'accept': '*/*'}, 'env': {'gateway_interface': 'CGI/1.1', 'server_software': 'gevent/1.2 Python/3.6', 'script_name': '', 'wsgi.url_scheme': 'http', 'server_name': 'd1c2cff05487', 'server_port': '19283', 'request_method': 'PUT', 'path_info': '/green', 'query_string': '&location=eu&country=be&city=brussels', 'content_type': 'application/x-www-form-urlencoded', 'content_length': '32', 'server_protocol': 'HTTP/1.1', 'remote_addr': '172.17.0.1', 'remote_port': '57332', 'http_host': 'localhost:19283', 'http_user_agent': 'curl/7.53.1', 'http_accept': '*/*'}, 'params': {'location': 'eu', 'country': 'be', 'city': 'brussels'}}, 'green': {}}, 'ttl': 253, 'uuid_previous': [], 'uuid': '561f38d2-c0a2-4fd9-a733-e85d4ad399b3'}
2018-02-24T16:01:57.1194+00:00 wishbone[9] informational input: 172.17.0.1 - - [2018-02-24 16:01:57] "PUT /green?&location=eu&country=be&city=brussels HTTP/1.1" 200 167 0.000814
{'cloned': False, 'bulk': False, 'data': {'one': 1, 'two': 2, 'three': 3}, 'errors': {}, 'tags': [], 'timestamp': 1519488117.6960216, 'tmp': {'input': {'headers': {'content-type': 'application/x-www-form-urlencoded', 'content-length': '32', 'host': 'localhost:19283', 'user-agent': 'curl/7.53.1', 'accept': '*/*'}, 'env': {'gateway_interface': 'CGI/1.1', 'server_software': 'gevent/1.2 Python/3.6', 'script_name': '', 'wsgi.url_scheme': 'http', 'server_name': 'd1c2cff05487', 'server_port': '19283', 'request_method': 'PUT', 'path_info': '/green', 'query_string': '&location=eu&country=be&city=brussels', 'content_type': 'application/x-www-form-urlencoded', 'content_length': '32', 'server_protocol': 'HTTP/1.1', 'remote_addr': '172.17.0.1', 'remote_port': '57336', 'http_host': 'localhost:19283', 'http_user_agent': 'curl/7.53.1', 'http_accept': '*/*'}, 'params': {'location': 'eu', 'country': 'be', 'city': 'brussels'}}, 'green': {}}, 'ttl': 253, 'uuid_previous': [], 'uuid': '926d9b41-f07e-4ab0-a607-d3166d3437f1'}
2018-02-24T16:01:57.6988+00:00 wishbone[10] informational input: 172.17.0.1 - - [2018-02-24 16:01:57] "PUT /green?&location=eu&country=be&city=brussels HTTP/1.1" 200 167 0.000798
Responses
wishbone-input-httpserver offers the possibility to set a custom
response to the client in case of a 200.
We can set custom responses per endpoint by setting the resource
parameter in bootstrap file:
modules:
input:
module: wishbone_contrib.module.input.httpserver
protocol: json
arguments:
resource:
'(green|red)':
users: []
tokens: []
response: "200 How is the weather in {{tmp.input.params.city}}?"
The response on the client side then looks like:
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -d @- 'http://localhost:19283/green?&location=eu&country=be&city=brussels'
200 How is the weather in brussels?
The resource parameter is a dict of which the key is a regex
matching the endpoint. The value is a dict consisting out of users,
tokensresponse.
Authentication
Per defined resource in the resource parameter you can define
authentication using a token or basic authentication.
Once a user (for basic authentication) or a token is defined, the endpoints matching the regex require authentication.
Obviously, when authentication comes in play (and even without), you should run
wishbone-input-httpserver with SSL certificates by setting the
ssl_key, ssl_cert and ssl_cacerts module parameters.
Token based authentication
Enabling token authentication is as simple as adding a value to the tokens
array of the resource in the resource parameter:
modules:
input:
module: wishbone_contrib.module.input.httpserver
protocol: json
arguments:
resource:
'(green|red)':
users: []
tokens:
- 6cdd782b63624c5ab6a6635112557a30
response: "200 How is the weather in {{tmp.input.params.city}}?"
The client request:
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -d @- 'http://localhost:19283/green?&location=eu&country=be&city=brussels'
403 Unauthorized. The requested resource requires authentication.
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -H 'Authorization: token 6cdd782b63624c5ab6a6635112557a30' -d @- 'http://localhost:19283/green?&location=eu&country=be&city=brussels'
200 How is the weather in brussels?
Basic authentication
Basic authentication requires you to set 2 values. You need to associate the
username to the resource (users value) and you need to define the
username and hashed password in htpasswd module parameter.
The htpasswd parameter is a dict where keys are usernames and the
values are hashed passwords. The hashed passwords can be created by using the
htpasswd command:
$ htpasswd -n -b bob my_secret_password
bob:$apr1$96XNBTbu$Gpw.UY6op/TG06Uba21ck/
You can then add the user and the hashed password to the module parameters:
modules:
input:
module: wishbone_contrib.module.input.httpserver
protocol: json
arguments:
resource:
'(green|red)':
users:
- bob
tokens:
- 6cdd782b63624c5ab6a6635112557a30
response: "200 How is the weather in {{tmp.input.params.city}}?"
htpasswd:
bob: '$apr1$96XNBTbu$Gpw.UY6op/TG06Uba21ck/'
Client side:
$ echo '{"one": 1, "two": 2, "three": 3}'|curl -XPUT -d @- 'http://bob:my_secret_password@localhost:19283/green?&location=eu&country=be&city=brussels'
200 How is the weather in brussels?
Update authentication & authorization without restart
Depending on the use case, having to restart the server in order to load updated credentials isn't very practical.
The wishbone-input-httpserver module comes with 2 special queues
_resource and _htpasswd which can receive events triggering
the reload of on disk based resource or htpasswd file.
The format of the incoming event should be:
{"path": "/var/tmp/htpasswd", "inotify_type": "IN_CLOSE_WRITE"}
You can somehow create these type of events yourself or you can use the
builtin Wishbone module wishbone.module.input.inotify which can monitor
files for changes and generate the required events for
wishbone-input-httpserver to reload the file.
The following bootstrap file illustrates the idea:
When running the server you should the htpasswd file from the host.
$ docker run -t -i \
--volume $(pwd)/htpasswd:/htpasswd \
--volume $(pwd)/bootstrap_2.yaml:/bootstrap.yaml \
-p 19283:19283 \
smetj/wishbone-input-httpserver:latest start --config /bootstrap.yaml
Updating Bob's password:
$ htpasswd -b ./htpasswd bob abc
The Wishbone server's wishbone-input-httpserver instance reports the
htpasswd is read:
2018-02-25T12:09:48.4312+00:00 wishbone[1] informational input: Reading htpasswd file '/htpasswd'. Cached.
Where to go from here
In this article we have reviewed the main features of the
wishbone-input-httpserver module.
Obviously, sending incoming events to STDOUT is handy for exploring and experimenting but otherwise it's not that useful as such.
First of all, it's really easy to create your own wishbone module. So extending Wishbone with your own custom code isn't hard.
Besides that, there are a number of Wishbone 3 compatible modules available on the wishbone modules Github account and more on their way.
Any feedback, comments, suggestions, bug reports, pull requests are highly welcome and highly appreciated.