Our policy in the past on such things is to require that they are broken
into small reviewable chunks on a feature branch, even if the end to end
working version was more ‘usable’.

On July 12, 2018 at 10:51:30, Simon Elliston Ball (

I've been doing some work on getting the Metron UIs and REST layers to work
with Apache KnoxSSO, and LDAP authentication, to remove the need to store
passwords in MySQL, allow AD integration, secure up our authentication
points. I'm also working in a Knox service to allow the gateway to provide
full SSL for the interfaces and avoid all the proxying and CORS things we
have to worry about.

This has ended up being a pretty chunky piece of work which involves very
significant changes to the UIs, REST layer, and introduces Knox to the
blueprint, as well as messing with the full-dev build scripts, and adding
ansible roles.

As such, in-order to make it a bit more reviewable, would it be better to
contribute it to a feature branch? It could arguably be broken into a
series of PRs, but at least some parts of full dev would be broken between
most of the logical steps, since it's all kinda co-dependent, so it's
easier to look at as a unit.