Documentation ΒΆ
Overview ΒΆ
Package restapi πΉ Archer
# Documentation Archer is an API service that can privately connect services from one private [OpenStack Network](https://docs.openstack.org/neutron/latest/admin/intro-os-networking.html) to another. Consumers can select a *service* from a service catalog and **inject** it to their network, which means making this *service* available via a private ip address. Archer implements an *OpenStack* like API and integrates with *OpenStack Keystone* and *OpenStack Neutron*. ### Architecture There are two types of resources: **services** and **endpoints** * **Services** are private or public services that are manually configured in *Archer*. They can be accessed by creating an endpoint. * **Service endpoints**, or short **endpoints**, are IP endpoints in a local network used to transparently access services residing in different private networks. ### Features * Multi-tenant capable via OpenStack Identity service * OpenStack `policy.json` access policy support * Prometheus Exporter * Rate limiting ### Supported Backends * F5 BigIP ### Requirements * PostgreSQL Database ## API properties This section describes properties of the Archer API. It uses a ReSTful HTTP API. #### Request format The Archer API only accepts requests with the JSON data serialization format. The Content-Type header for POST requests is always expected to be `application/json`. #### Response format The Archer API always response with JSON data serialization format. The Content-Type header is always `Content-Type: application/json`. #### Authentication and authorization The **Archer API** uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in `X-Auth-Token` request header. You obtain the token by authenticating to the Keystone endpoint. When Keystone is enabled, the `project_id` attribute is not required in create requests because the project ID is derived from the authentication token. #### Pagination To reduce load on the service, list operations will return a maximum number of items at a time. To navigate the collection, the parameters limit, marker and page_reverse can be set in the URI. For example: ``` ?limit=100&marker=1234&page_reverse=False ``` The `marker` parameter is the ID of the last item in the previous list. The `limit` parameter sets the page size. The `page_reverse` parameter sets the page direction. These parameters are optional. If the client requests a limit beyond the maximum limit configured by the deployment, the server returns the maximum limit number of items. For convenience, list responses contain atom **next** links and **previous** links. The last page in the list requested with `page_reverse=False` will not contain **next** link, and the last page in the list requested with `page_reverse=True` will not contain **previous** link. To determine if pagination is supported, a user can check whether the `pagination` capability is available through the Archer API detail endpoint. #### Sorting You can use the `sort` parameter to sort the results of list operations. The sort parameter contains a comma-separated list of sort keys, in order of the sort priority. Each sort key can be optionally prepended with a minus **-** character to reverse default sort direction (ascending). For example: ``` ?sort=key1,-key2,key3 ``` **key1** is the first key (ascending order), **key2** is the second key (descending order) and **key3** is the third key in ascending order. To determine if sorting is supported, a user can check whether the `sort` capability is available through the Archer API detail endpoint. #### Filtering by tags Most resources (e.g. service and endpoint) support adding tags to the resource attributes. Archer supports advanced filtering using these tags for list operations. The following tag filters are supported by the Archer API: * `tags` - Return the list of entities that have this tag or tags. * `tags-any` - Return the list of entities that have one or more of the given tags. * `not-tags` - Return the list of entities that do not have one or more of the given tags. * `not-tags-any` - Return the list of entities that do not have at least one of the given tags. Each tag supports a maximum amount of 64 characters. For example to get a list of resources having both, **red** and **blue** tags: ``` ?tags=red,blue ``` To get a list of resourcing having either, **red** or **blue** tags: ``` ?tags-any=red,blue ``` Tag filters can also be combined in the same request: ``` ?tags=red,blue&tags-any=green,orange ``` #### Response Codes (Faults) | Code | Description | | ----- | ----------------- | | 400 | Validation Error | | 401 | Unauthorized | | 403 | Policy does not allow current user to do this <br> The project is over quota for the request | | 404 | Not Found <br> Resource not found | | 409 | Conflict | | 422 | Unprocessable Entity | | 429 | You have reached maximum request limit | | 500 | Internal server error | ## Endpoint identification Archer supports the Proxy Protocol v2 for endpoint identification. The Proxy Protocol is a widely used protocol for passing client connection information through a load balancer to the backend server. It is used to identify the original client IP address and port number. The Proxy Protocol v2 is a binary protocol that is more efficient than the original text-based Proxy Protocol v1. The proxy protocol header also includes the ID of the endpoint. This information is encoded using a custom Type-Length-Value (TLV) vector as follows. | Field | Length (Octets) | Description | | ----- | --------------- | -------------------------------------------------------------- | | Type | 1 | PP2_TYPE_SAPCC (0xEC) | | Length| 2 | Length of the value (UUIDv4 is always 36 byte as ASCII string) | | Value | 36 | ASCII UUID of the endpoint | Schemes: http https Host: localhost BasePath: / Version: 1.4.1 License: Apache 2.0 https://www.apache.org/licenses/LICENSE-2.0.html Contact: SAP SE / Converged Cloud https://sap.com Consumes: - application/json Produces: - application/json
swagger:meta
Index ΒΆ
- Variables
- type Server
- func (s *Server) ConfigureAPI()
- func (s *Server) ConfigureFlags()
- func (s *Server) Fatalf(f string, args ...interface{})
- func (s *Server) GetHandler() http.Handler
- func (s *Server) HTTPListener() (net.Listener, error)
- func (s *Server) Listen() error
- func (s *Server) Logf(f string, args ...interface{})
- func (s *Server) Serve() (err error)
- func (s *Server) SetAPI(api *operations.ArcherAPI)
- func (s *Server) SetHandler(handler http.Handler)
- func (s *Server) Shutdown() error
- func (s *Server) TLSListener() (net.Listener, error)
- func (s *Server) UnixListener() (net.Listener, error)
Constants ΒΆ
This section is empty.
Variables ΒΆ
var ( // SwaggerJSON embedded version of the swagger document used at generation time SwaggerJSON json.RawMessage // FlatSwaggerJSON embedded flattened version of the swagger document used at generation time FlatSwaggerJSON json.RawMessage )
var ( // SwaggerSpec make parsed swaggerspec available globally SwaggerSpec *loads.Document )
Functions ΒΆ
This section is empty.
Types ΒΆ
type Server ΒΆ
type Server struct { EnabledListeners []string `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"` CleanupTimeout time.Duration `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"` GracefulTimeout time.Duration `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"` MaxHeaderSize flagext.ByteSize `` /* 231-byte string literal not displayed */ SocketPath flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/archer.sock"` Host string `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"` Port int `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"` ListenLimit int `long:"listen-limit" description:"limit the number of outstanding requests"` KeepAlive time.Duration `` /* 169-byte string literal not displayed */ ReadTimeout time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"` WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"` TLSHost string `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"` TLSPort int `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"` TLSCertificate flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"` TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"` TLSCACertificate flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"` TLSListenLimit int `long:"tls-listen-limit" description:"limit the number of outstanding requests"` TLSKeepAlive time.Duration `` /* 160-byte string literal not displayed */ TLSReadTimeout time.Duration `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"` TLSWriteTimeout time.Duration `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"` // contains filtered or unexported fields }
Server for the archer API
func NewServer ΒΆ
func NewServer(api *operations.ArcherAPI) *Server
NewServer creates a new api archer server but does not configure it
func (*Server) ConfigureAPI ΒΆ
func (s *Server) ConfigureAPI()
ConfigureAPI configures the API and handlers.
func (*Server) ConfigureFlags ΒΆ
func (s *Server) ConfigureFlags()
ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse
func (*Server) Fatalf ΒΆ
Fatalf logs message either via defined user logger or via system one if no user logger is defined. Exits with non-zero status after printing
func (*Server) GetHandler ΒΆ
GetHandler returns a handler useful for testing
func (*Server) HTTPListener ΒΆ
HTTPListener returns the http listener
func (*Server) Logf ΒΆ
Logf logs message either via defined user logger or via system one if no user logger is defined.
func (*Server) SetAPI ΒΆ
func (s *Server) SetAPI(api *operations.ArcherAPI)
SetAPI configures the server with the specified API. Needs to be called before Serve
func (*Server) SetHandler ΒΆ
SetHandler allows for setting a http handler on this server
func (*Server) TLSListener ΒΆ
TLSListener returns the https listener