restapi

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2024 License: Apache-2.0 Imports: 48 Imported by: 0

Documentation ΒΆ

Overview ΒΆ

Package restapi 🏹 Archer

# Documentation
Archer is an API service that can privately connect services from one private [OpenStack Network](https://docs.openstack.org/neutron/latest/admin/intro-os-networking.html) to another. Consumers can select a *service* from a service catalog and **inject** it to their network, which means making this *service* available via a private ip address.

Archer implements an *OpenStack* like API and integrates with *OpenStack Keystone* and *OpenStack Neutron*.

### Architecture
There are two types of resources: **services** and **endpoints**

* **Services** are private or public services that are manually configured in *Archer*. They can be accessed by creating an endpoint.
* **Service endpoints**, or short **endpoints**, are IP endpoints in a local network used to transparently access services residing in different private networks.

### Features
* Multi-tenant capable via OpenStack Identity service
* OpenStack `policy.json` access policy support
* Prometheus Exporter
* Rate limiting

### Supported Backends
* F5 BigIP

### Requirements
* PostgreSQL Database

## API properties
This section describes properties of the Archer API. It uses a ReSTful HTTP API.

#### Request format
The Archer API only accepts requests with the JSON data serialization format. The Content-Type header for POST requests is always expected to be `application/json`.

#### Response format
The Archer API always response with JSON data serialization format. The Content-Type header is always `Content-Type: application/json`.

#### Authentication and authorization
The **Archer API** uses the OpenStack Identity service as the default authentication service. When Keystone is enabled, users that submit requests to the OpenStack Networking service must provide an authentication token in `X-Auth-Token` request header.
You obtain the token by authenticating to the Keystone endpoint.

When Keystone is enabled, the `project_id` attribute is not required in create requests because the project ID is derived from the authentication token.

#### Pagination
To reduce load on the service, list operations will return a maximum number of items at a time. To navigate the collection, the parameters limit, marker and page_reverse can be set in the URI. For example:

```
?limit=100&marker=1234&page_reverse=False
```

The `marker` parameter is the ID of the last item in the previous list. The `limit` parameter sets the page size. The `page_reverse` parameter sets the page direction.
These parameters are optional.
If the client requests a limit beyond the maximum limit configured by the deployment, the server returns the maximum limit number of items.

For convenience, list responses contain atom **next** links and **previous** links. The last page in the list requested with `page_reverse=False` will not contain **next** link, and the last page in the list requested with `page_reverse=True` will not contain **previous** link.

To determine if pagination is supported, a user can check whether the `pagination` capability is available through the Archer API detail endpoint.

#### Sorting
You can use the `sort` parameter to sort the results of list operations.
The sort parameter contains a comma-separated list of sort keys, in order of the sort priority. Each sort key can be optionally prepended with a minus **-** character to reverse default sort direction (ascending).

For example:

```
?sort=key1,-key2,key3
```

**key1** is the first key (ascending order), **key2** is the second key (descending order) and **key3** is the third key in ascending order.

To determine if sorting is supported, a user can check whether the `sort` capability is available through the Archer API detail endpoint.

#### Filtering by tags
Most resources (e.g. service and endpoint) support adding tags to the resource attributes. Archer supports advanced filtering using these tags for list operations. The following tag filters are supported by the Archer API:

* `tags` - Return the list of entities that have this tag or tags.
* `tags-any` - Return the list of entities that have one or more of the given tags.
* `not-tags` - Return the list of entities that do not have one or more of the given tags.
* `not-tags-any` - Return the list of entities that do not have at least one of the given tags.

Each tag supports a maximum amount of 64 characters.

For example to get a list of resources having both, **red** and **blue** tags:

```
?tags=red,blue
```

To get a list of resourcing having either, **red** or **blue** tags:

```
?tags-any=red,blue
```

Tag filters can also be combined in the same request:

```
?tags=red,blue&tags-any=green,orange
```

#### Response Codes (Faults)

| Code  | Description       |
| ----- | ----------------- |
| 400   | Validation Error |
| 401   | Unauthorized |
| 403   | Policy does not allow current user to do this <br> The project is over quota for the request |
| 404   | Not Found <br> Resource not found |
| 409   | Conflict |
| 422   | Unprocessable Entity |
| 429   | You have reached maximum request limit |
| 500   | Internal server error |

## Endpoint identification

Archer supports the Proxy Protocol v2 for endpoint identification.

The Proxy Protocol is a widely used protocol for passing client connection information through a load balancer to the backend server. It is used to identify the original client IP address and port number. The Proxy Protocol v2 is a binary protocol that is more efficient than the original text-based Proxy Protocol v1.

The proxy protocol header also includes the ID of the endpoint. This information is encoded using a custom Type-Length-Value (TLV) vector as follows.

| Field | Length (Octets) | Description                                                    |
| ----- | --------------- | -------------------------------------------------------------- |
| Type  | 1               | PP2_TYPE_SAPCC (0xEC)                                          |
| Length| 2               | Length of the value (UUIDv4 is always 36 byte as ASCII string) |
| Value | 36              | ASCII UUID of the endpoint                                     |

Schemes:
  http
  https
Host: localhost
BasePath: /
Version: 1.4.1
License: Apache 2.0 https://www.apache.org/licenses/LICENSE-2.0.html
Contact: SAP SE / Converged Cloud https://sap.com

Consumes:
  - application/json

Produces:
  - application/json

swagger:meta

Index ΒΆ

Constants ΒΆ

This section is empty.

Variables ΒΆ

View Source
var (
	// SwaggerJSON embedded version of the swagger document used at generation time
	SwaggerJSON json.RawMessage
	// FlatSwaggerJSON embedded flattened version of the swagger document used at generation time
	FlatSwaggerJSON json.RawMessage
)
View Source
var (
	// SwaggerSpec make parsed swaggerspec available globally
	SwaggerSpec *loads.Document
)

Functions ΒΆ

This section is empty.

Types ΒΆ

type Server ΒΆ

type Server struct {
	EnabledListeners []string         `long:"scheme" description:"the listeners to enable, this can be repeated and defaults to the schemes in the swagger spec"`
	CleanupTimeout   time.Duration    `long:"cleanup-timeout" description:"grace period for which to wait before killing idle connections" default:"10s"`
	GracefulTimeout  time.Duration    `long:"graceful-timeout" description:"grace period for which to wait before shutting down the server" default:"15s"`
	MaxHeaderSize    flagext.ByteSize `` /* 231-byte string literal not displayed */

	SocketPath flags.Filename `long:"socket-path" description:"the unix socket to listen on" default:"/var/run/archer.sock"`

	Host         string        `long:"host" description:"the IP to listen on" default:"localhost" env:"HOST"`
	Port         int           `long:"port" description:"the port to listen on for insecure connections, defaults to a random value" env:"PORT"`
	ListenLimit  int           `long:"listen-limit" description:"limit the number of outstanding requests"`
	KeepAlive    time.Duration `` /* 169-byte string literal not displayed */
	ReadTimeout  time.Duration `long:"read-timeout" description:"maximum duration before timing out read of the request" default:"30s"`
	WriteTimeout time.Duration `long:"write-timeout" description:"maximum duration before timing out write of the response" default:"60s"`

	TLSHost           string         `long:"tls-host" description:"the IP to listen on for tls, when not specified it's the same as --host" env:"TLS_HOST"`
	TLSPort           int            `long:"tls-port" description:"the port to listen on for secure connections, defaults to a random value" env:"TLS_PORT"`
	TLSCertificate    flags.Filename `long:"tls-certificate" description:"the certificate to use for secure connections" env:"TLS_CERTIFICATE"`
	TLSCertificateKey flags.Filename `long:"tls-key" description:"the private key to use for secure connections" env:"TLS_PRIVATE_KEY"`
	TLSCACertificate  flags.Filename `long:"tls-ca" description:"the certificate authority file to be used with mutual tls auth" env:"TLS_CA_CERTIFICATE"`
	TLSListenLimit    int            `long:"tls-listen-limit" description:"limit the number of outstanding requests"`
	TLSKeepAlive      time.Duration  `` /* 160-byte string literal not displayed */
	TLSReadTimeout    time.Duration  `long:"tls-read-timeout" description:"maximum duration before timing out read of the request"`
	TLSWriteTimeout   time.Duration  `long:"tls-write-timeout" description:"maximum duration before timing out write of the response"`
	// contains filtered or unexported fields
}

Server for the archer API

func NewServer ΒΆ

func NewServer(api *operations.ArcherAPI) *Server

NewServer creates a new api archer server but does not configure it

func (*Server) ConfigureAPI ΒΆ

func (s *Server) ConfigureAPI()

ConfigureAPI configures the API and handlers.

func (*Server) ConfigureFlags ΒΆ

func (s *Server) ConfigureFlags()

ConfigureFlags configures the additional flags defined by the handlers. Needs to be called before the parser.Parse

func (*Server) Fatalf ΒΆ

func (s *Server) Fatalf(f string, args ...interface{})

Fatalf logs message either via defined user logger or via system one if no user logger is defined. Exits with non-zero status after printing

func (*Server) GetHandler ΒΆ

func (s *Server) GetHandler() http.Handler

GetHandler returns a handler useful for testing

func (*Server) HTTPListener ΒΆ

func (s *Server) HTTPListener() (net.Listener, error)

HTTPListener returns the http listener

func (*Server) Listen ΒΆ

func (s *Server) Listen() error

Listen creates the listeners for the server

func (*Server) Logf ΒΆ

func (s *Server) Logf(f string, args ...interface{})

Logf logs message either via defined user logger or via system one if no user logger is defined.

func (*Server) Serve ΒΆ

func (s *Server) Serve() (err error)

Serve the api

func (*Server) SetAPI ΒΆ

func (s *Server) SetAPI(api *operations.ArcherAPI)

SetAPI configures the server with the specified API. Needs to be called before Serve

func (*Server) SetHandler ΒΆ

func (s *Server) SetHandler(handler http.Handler)

SetHandler allows for setting a http handler on this server

func (*Server) Shutdown ΒΆ

func (s *Server) Shutdown() error

Shutdown server and clean up resources

func (*Server) TLSListener ΒΆ

func (s *Server) TLSListener() (net.Listener, error)

TLSListener returns the https listener

func (*Server) UnixListener ΒΆ

func (s *Server) UnixListener() (net.Listener, error)

UnixListener returns the domain socket listener

Directories ΒΆ

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL