Enterprise Integration with Ruby (29 Mar 2016 Singapore Ruby Meetup)

Transcript

1. Enterprise Integration with Ruby Singapore Ruby Meetup 29 March 2016

   Su Sheng Loong

2. Who am I? • SU Sheng Loong (@code_ssl) • Work

   for Infocomm Development Authority (IDA) • Develop eServices at Ministry of Manpower (MOM) • Opinions are all mine

3. Programming in Ruby (and Rails) is fun...

4. … until you start integrating with other systems

5. Background • It is fairly common to have integration with

   other systems. • Enterprises are already invested in some proprietary or Commercial Off-The- Shelf (COTS) products. • Java/.Net are still mainstream for bespoke enterprise software development. • IMHO, Ruby is catching up with Java/.Net but vendor support is still limited as of today.

6. This Talk is NOT about • Government • Architectural patterns

   ▪ Service-oriented Architecture (SOA) ▪ Micro-services Architecture (MSA) • Starship “Enterprise” http://i.imgur.com/u4AEbmh.gif

7. Database

8. Database - Level 1 • Oracle is the “king” of

   databases in enterprise. • Ruby gems:- 1. ruby-oci8 2. activerecord-oracle_enhanced-adapter

9. Database - Level 2 • How to connect to multiple

   database servers?

10. Database - Level 2 (continued) • Add multiple database config

    into database.yml another_oracle_db: adapter: oracle_enhanced host: 192.168.0.8 port: 1521 database: xe username: user password: secret

11. Database - Level 2 (continued) • Call establish_connection explicitly to

    connect to the different database server ActiveRecord::Base.establish_connection(:another_oracle_db)

12. Database - Level 3 • How to secure database access

    from application?

13. Database - Level 3 (continued) • Use database user with

    “just enough power” for your application. • “select”, “insert” and “update” are sufficient for typical public facing web application. • Mark record as deleted (soft-delete) instead of deleting the record from the database table. ▪ “paranoia” gem uses “deleted_at” column

14. Database - Level 3 (continued) • Enhance the few necessary

    rake tasks - such as schema migration - to switch to more powerful database user.

15. Authentication

16. Authentication - Level 1 • Database authentication • Boring…

17. Authentication - Level 2 • Enterprises usually have Active Directory

    (AD). • AD is Microsoft’s implementation of directory service which manages data, eg. Users, Groups, Computers, Services, etc. in hierarchical structure.

18. Authentication - Level 2 • Protocols for integration with AD:-

    1. Lightweight Directory Access Protocol (LDAP) 2. Kerberos

19. Authentication - Level 2 (continued) • How to do LDAP

    in Ruby? • Ruby gems:- 1. net/ldap (standard library) 2. devise_ldap_authenticatable (https://github. com/cschiewek/devise_ldap_authenticatable)

20. Authentication - Level 2 (continued) • How to do Kerberos

    in Ruby? • Ruby gems:- 1. timfel-krb5-auth (https://github.com/timfel/krb5-auth) 2. devise-kerberos-authenticatable (https://github.com/ueokande/devise- kerberos-authenticatable)

21. Authentication - Level 2 (continued) • AD alternative for testing

    - ladle (https://github.com/NUBIC/ladle) • Spins up embedded directory server in Ruby. • Uses ApacheDS (https://directory.apache.org/apacheds/) under the hood.

22. Single Sign-on (SSO)

23. Single Sign On (SSO) - Level 1 • OAuth •

    Works by:- 1. Delegating user authentication to the service that hosts the user account 2. Authorizing third-party applications to access the user account https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

24. Single Sign On (SSO) - Level 1 (continued) https://www.digitalocean.com/community/tutorials/an-introduction-to-oauth-2

25. Single Sign On (SSO) - Level 1 (continued) • Ruby

    gem for implementing OAuth 2.0 Provider ▪ doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

26. Single Sign On (SSO) - Level 1 (continued) • Ruby

    gem for implementing OAuth 2.0 Consumer ▪ oauth2 (https://github.com/intridea/oauth2)

27. Single Sign On (SSO) - Level 2 • Security Assertion

    Markup Language (SAML) • XML-based

28. Single Sign On (SSO) - Level 2 (continued) http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02_html_19b6d40c.gif

29. Single Sign On (SSO) - Level 2 (continued) • Ruby

    gem for implementing service provider and identity provider ▪ libsaml (https://github.com/digidentity/libsaml)

30. Web Services / API

31. Web Services - Level 1 • REST API

32. Web Services - Level 2 • Simple Object Access Protocol

    (SOAP) Web Services

33. Web Services - Level 2 (continued) • For some reasons,

    enterprise IT still loves SOAP more than REST. • But more and more enterprise applications are embracing REST.

34. Web Services - Level 2 (continued) • How to do

    SOAP web services in Ruby?

35. Web Services - Level 2 (continued) • Ruby gem for

    implementing SOAP Provider ▪ wash_out (https://github.com/inossidabile/wash_out)

36. Web Services - Level 2 (continued) • Ruby gem for

    implementing SOAP Consumer ▪ savon (https://github.com/savonrb/savon)

37. Web Service Security

38. Web Service Security - Level 1 • Basic Authentication (username

    + password)

39. Web Service Security - Level 2 • X.509 Certificate-based authentication

40. Web Service Security - Level 2 (continued) 1. Consumer buys

    SSL certificate from Certificate Authority (CA). 2. Consumer generates DigestValue from the SOAP message body. 3. Consumer signs DigestValue with consumer’s private key to create SignatureValue. 4. Consumer encodes and includes public key certificate, message digest and signature in the SOAP message.

41. Web Service Security - Level 2 (continued) 1. Provider computes

    message digest #1 from the message body. 2. Provider decrypts SignatureValue with consumer’s certificate to create message digest #2. 3. Provider ascertain whether both message digest #1 and #2 are the same.

42. Web Service Security - Level 2 (continued) • Most of

    these signing/verification steps can be taken care of by “akami” gem (https://github.com/savonrb/akami). • “savon” also uses “akami”.

43. Web Service Security - Level 3 (continued) • Mutual (two-way)

    SSL authentication http://www. codeproject. com/KB/IP/326574/

44. Printer

45. Printer • cups - Ruby bridge to CUPS API ▪

    Segmentation fault issue remains unresolved • lpr - shell out from Ruby program to submit files for printing lpr -H 192.168.0.8:631 -P printer_name_1 -o media=a4 -o sides=two-sided-long-edge

46. There are more... • Messaging Queues (MQ) • Enterprise Service

    Bus (ESB) • File Transfer Protocol (FTP) • Log aggregation • Monitoring • Payment Gateway • Continuous Integration/Delivery

47. Stubbing/Mocking • WebMock and VCR ▪ https://robots.thoughtbot.com/how-to-stub-external-services-in-tests • Dummy Rails

    / Sinatra application • Vagrant box / Docker container • Mountebank (http://www.mbtest.org/)

48. Enterprise integration with Ruby may sound daunting...

49. … but after all it is not impossible

50. Question? https://media.giphy.com/media/dXICCcws9oxxK/giphy.gif

51. Thank You! <3