TrafficCoordinates
ALFI is currently in an open beta.
com.gremlin.TrafficCoordinates instances are used to control the blast radius of an ALFI experiment. The blast radius for ALFI could be all or a subset of HTTP verbs, all or a subset of your application's HTTP request paths, or even a specific block of code within your application.
Outbound HTTP Traffic
The com.gremlin.TrafficCoordinates instance for Outbound HTTP Traffic will be automatically generated by the com.gremlin.http.client.GremlinApacheHttpRequestInterceptor which comes with the alfi-apache-http-client library. This interceptor will give you the ability to impact any HTTP verb or request route within your application. To take advantage of the com.gremlin.http.client.GremlinApacheHttpRequestInterceptor, you will need to add an instance of it to org.apache.http.impl.client.HttpClientBuilder when you create your org.apache.http.client.HttpClient client.
1final GremlinApacheHttpRequestInterceptor gremlinInterceptor = new GremlinApacheHttpRequestInterceptor(gremlinService, "alfi-client-demo");2final HttpClientBuilder clientBuilder = HttpClientBuilder.create().addInterceptorFirst(gremlinInterceptor);
The configuration in the screenshot above, targets 50% of all HTTP GET traffic to the application.
The second argument to com.gremlin.http.client.GremlinApacheHttpRequestInterceptor is a string and must match the value defined in the Client Name (required) input field of the Gremlin UI.
Inbound HTTP Traffic
com.gremlin.TrafficCoordinates instances are automatically created for you if alfi-http-servlet-filter is on the classpath.
The configuration in the screenshot above, targets 50% of all HTTP POST requests to the /payments route
Dynamo DB Traffic
The com.gremlin.TrafficCoordinates instance for Dynamo DB Traffic will be automatically generated by the com.gremlin.aws.GremlinDynamoRequestInterceptor which comes with the alfi-aws library. This interceptor will give you the ability to impact any DynamoDB operation (Get Item, Delete Item, etc...). To take advantage of the com.gremlin.aws.GremlinDynamoRequestInterceptor, you will need to add an instance of it to com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder when you create your com.amazonaws.services.dynamodbv2.AmazonDynamoDB client.
1final RequestHandler2 gremlinDynamoInterceptor = new GremlinDynamoRequestInterceptor(gremlinService(), CLIENT_EXECUTION_TIMEOUT, CLIENT_REQUEST_TIMEOUT);2final AmazonDynamoDB dbClient = AmazonDynamoDBClientBuilder3 .standard()4 .withRegion(region)5 .withClientConfiguration(new ClientConfiguration()6 .withClientExecutionTimeout(CLIENT_EXECUTION_TIMEOUT)7 .withConnectionTimeout(CLIENT_REQUEST_TIMEOUT)8 .withMaxErrorRetry(2)9 ).withRequestHandlers(gremlinDynamoInterceptor)10 .build();
The configuration in the screenshot above, targets 50% of all Get Item traffic to the application.
Custom Traffic Type
1final TrafficCoordinates trafficCoordinates = new TrafficCoordinates.Builder()2 .withType("PaymentController")3 .withField("method", "submitPayment")4 .build();56public HttpEntity<PaymentResponse> submitPayment(Payment paymentRequest) {7 this.gremlinService.applyImpact(trafficCoordinates); // Fault injected!8 return paymentService.makePayment(paymentRequest);9}
The configuration in the screenshot above, targets 50% of all calls to the PaymentController#submitPayment(PaymentRequest paymentRequest) method.
Extend TrafficCoordinates
Often, companies set up their infrastructure to maintain a per-request data structure and use this information to provide logging, monitoring, and observability data points. A common pattern is to set up a RequestContext and have authentication filters put in information like customerId or deviceId into the RequestContext object. This object then permits access from any later point, so that those attributes are easily available. These are often excellent locations on which to create attacks. If your system operates in this way, then you can set up a mapping to populate these values on all TrafficCoordinates. This code lives in a concrete subclass of GremlinCoordinatesProvider, which you've already seen in: Initialize Application Coordinates.
1import com.gremlin.GremlinCoordinatesProvider;2import com.gremlin.TrafficCoordinates;34public class MyCoordinatesProvider extends GremlinCoordinatesProvider {56 @Override7 public TrafficCoordinates extendEachTrafficCoordinates(TrafficCoordinates incomingCoordinates) {8 incomingCoordinates.putField("customerId", MyRequestContext.getCustomerId());9 incomingCoordinates.putField("deviceId", MyRequestContext.getDeviceId());10 incomingCoordinates.putField("country", MyRequestContext.getCountry());11 return incomingCoordinates;12 }13}
With this code wired into the construction of your GremlinService instance, all TrafficCoordinates will now get those 3 attributes and they are eligible to be matched for any type of traffic you'd like to attack.