Generic Extensions (actions) #431
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -841,11 +841,47 @@ For success responses, the following fields are defined: | |
| | --- | --- | --- | | ||
| | dashboard_url | string | The URL of a web-based management user interface for the Service Instance; we refer to this as a service dashboard. The URL MUST contain enough information for the dashboard to identify the resource being accessed (`9189kdfsk0vfnku` in the example below). Note: a Service Broker that wishes to return `dashboard_url` for a Service Instance MUST return it with the initial response to the provision request, even if the service is provisioned asynchronously. If present, MUST be a non-empty string. | | ||
| | operation | string | For asynchronous responses, Service Brokers MAY return an identifier representing the operation. The value of this field MUST be provided by the Platform with requests to the [Last Operation](#polling-last-operation) endpoint in a percent-encoded query parameter. If present, MUST be a non-empty string. | | ||
| | extension_apis | array-of-objects | For extensions to the Service Broker API on a per Service Instance basis, Service Brokers MAY return one or more objects that describe additional API endpoints via an OpenAPI document. See [Extension APIs Object](#extension-apis-object) for more information. | | ||
|
|
||
| ##### Extension APIs Object | ||
|
|
||
| The `extension_apis` object MAY be used to describe any additional endpoint | ||
| to the Open Service Broker API. An example of this could be lifecycle | ||
| management of a Service Instance, (e.g. "Day Two Operations"), like Backup, | ||
| Restore, Stop, Start, Restart and Pause. | ||
|
There was a problem hiding this comment. Some of these example operations seem like they would be long-running. Is there any way for a broker to report status of a long running action back to the platform? There was a problem hiding this comment. Related to this, is there a way brokers can provide either success or failure messages for the platform to display when an operation is run? Ideally if the request fails, the UI can give a specific error about what went wrong instead of a generic failed error. There was a problem hiding this comment. Async ops, if enabled, would be defined via the swagger file. The platform could detect and subscribe to ops based on the returned swagger. There was a problem hiding this comment.
I'm not sure how a platform can detect it only from the swagger. A human looking at it might notice an endpoint called As an end user, I'd be worried if I couldn't check the status of an operation like "Restore" and know that it completed successfully. I could see it if the platform recognized the There was a problem hiding this comment. I think the short answer is it's not going to be possible across the board for all APIs. My thought was that the platform could recognize a callback object in the openapi doc, (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.1.md#callbackObject) and other openapi patterns to figure out what it needs, but we won't know until someone tries. It's the main issue with going the generic route on extensions. |
||
|
|
||
| The Service Instance provisioning request will return a URI to an OpenAPI 3.0+ | ||
|
There was a problem hiding this comment. perhaps s/request will return/response will include/ since its not the request that contains the data. There was a problem hiding this comment. To me this reads that there's only one object returned: I was thinking that there is an object: So, there's the struct that rerepresents a single discovery_url (with creds) and there can be an array of them. Somehow reading this however, I think there's only one. |
||
| document that the Platform can use to determine the new endpoint(s), | ||
| parameter(s), authentication mechanism and server URL. The new APIs are | ||
| extensions to the Open Service Broker API. As such they are indended to be | ||
| invokved by the Platform on behalf of its clients. | ||
|
|
||
| Extension API endpoints MAY be executed on a remote server, however the OpenAPI | ||
| document MUST include a Server Object with an accurate `url` parameter and a | ||
| `description` field labeled, "Service Broker Extensions Server". If no Server | ||
| Object `description` field contains, "Service Broker Extensions Server", the | ||
| Platform MUST assume the extension API endpoints are to be invoked using the | ||
| Service Broker host and port. See [OpenAPI Server Object](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#serverObject) for more information. | ||
|
|
||
| | Response Field | Type | Description | | ||
| | --- | --- | --- | | ||
| | discovery_url* | string | A URI pointing to a valid OpenAPI 3.0+ document describing the API extension(s) to the Open Service Broker API including server location, endpoints, parameters and any other detail the platform needs for invocation. The location of the API extension endpoint(s) can be local to the Service Broker or on a remote server. MUST be a valid URI. The returned OpenAPI document MUST be in json format. See the [OpenAPI Specification](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md) for more information. | | ||
|
There was a problem hiding this comment. for the dashboardURL we say this "The URL MUST contain enough information for the dashboard to identify the resource being accessed". I think we need something similar here, and possible about the endpoints returned within the swagger doc, because it doesn't really make sense for two instances to be given the same set of URLs - otherwise how will the server know which instance is being operated on. There was a problem hiding this comment. For
I think we need something in this PR that allows tells people that something needs to be unique in all of the URLs/data being passed around, otherwise how does the generic action endpoint know which instance is being operated on. There was a problem hiding this comment. I don't agree that we MUST do this, but I will bow to the group decision. An example I can think of is you want to return the same swagger for every service instance and pass the service instance details via a body parameter, (as defined by the swagger). There was a problem hiding this comment. We can do that, IF we also define how someone can programmatically know which parameter in the swagger represents the instance ID. W/o that I wouldn't know how to write code to do it. So, note I said "URL/data" - meaning I'm ok with a statement about instance-unique URLs, or other text talking about how to know which param to set - either is fine - we just need to be clear about how to do it. There was a problem hiding this comment. I think the latest addresses your concerns. There was a problem hiding this comment. @rhodie27 thanks - need to think more about it, at at first glace yes I think it does. if we have an aggregation service broker in the path between the platform and the real service broker, I'm assuming the aggregation SB might need to twiddle relative URLs provided so they're not relative to the aggregation SB but point to the real one. Is this something we should say in here or is it obvious and we can leave that as an exercise for the dev? There was a problem hiding this comment. I'd lean towards "up to the dev". I could see the aggregation SB actually hosting the openapi doc itself instead of passing the request through. And it could have any combination of local and remote endpoints. There was a problem hiding this comment. In case of a local URI, I assume this is a path. Is this path relative to the broker host oder relative to the URL the broker was registered with? There was a problem hiding this comment. Good question, I hadn't thought of that. I would assume the former b/c of /broker1 is the path you are executing the provisioning from. I could add something like, "If discovery_url is a path, the Platform can assume it is to be called from the basepath of the Service Broker." There was a problem hiding this comment. Sounds good. I guess we need something similar also for the |
||
| | credentials | object | A Service Broker MAY return authentication details for running any of the extension API calls, especially for those running on remote servers. If not present, the same authentication mechanism used for the normal Open Service Broker APIs MUST work for the new endpoint(s). If the Service Broker wants to use alternate methods of authentication, (e.g. on remote servers) it MUST provide details to that mechanism in the OpenAPI document, (e.g. an OAuth Flow Object), and the appropriate credential(s), (e.g. bearer token), as part of the `extensions_api` object within the `credentials` field. If credentials are present in an `extensions_api` object, the Platform will need to verify the authentication method from the OpenAPI document. | | ||
| | adheres_to | string | A URI refering to a specification detailing the implementation guidelines for the OpenAPI document hosted at the `discovery_url`. While this property is a URI, there is no requirement for there to be an actual server listening at that endpoint. This value is meant to provide a unique identifier representing the set of extensions APIs supported. If present, MUST be a valid URI. | | ||
|
There was a problem hiding this comment. The semantics of this column could be clarified a little bit - what is the advantage of specifying a URI that points to a location where no server is running? There was a problem hiding this comment. Sorry, I don't follow. Which part are you referencing? There was a problem hiding this comment.
Am I write in thinking that this field is going to be used to allow clients to spot "common" operations that they could do, say, in bulk across multiple service instances? There was a problem hiding this comment. Often people push for unique IDs to be URIs so that they avoid strings that too simplistic - like "backup". By making it a URI its trying to force people to namespace things by including some domain name in the URI. While I've heard bulk ops as one reason for this, to me the bigger reason is that a platform (or its UI) can know when it comes across some actions that it knows about and may want to do some special processing for. E.g. perhaps it has a dedicated UI for them. W/o some well defined URI to say "yes, these are the set of ops that's been defined by spec xxx" the platform can't really be sure what those ops do. Checking (strcmp) the names of the ops alone doesn't really guarantee anything. There was a problem hiding this comment. As per Paul's suggestion I will add some text here about what the Platform can do with this information. Should clear this up, (mildly). |
||
|
|
||
| \* Fields with an asterisk are REQUIRED. | ||
|
|
||
| ``` | ||
| { | ||
| "dashboard_url": "http://example-dashboard.example.com/9189kdfsk0vfnku", | ||
| "operation": "task_10", | ||
| "extension_apis":[{ | ||
| "discovery_url": "http://example-openapi-doc.example.com/extensions", | ||
| "credentials":[{ | ||
| "tokenURL": "https://example.com/api/oauth/token" | ||
| }], | ||
| "adheres_to": "http://example-specification.example.com" | ||
| }] | ||
| } | ||
| ``` | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would suggest the specs to clarify when an extension_api should be defined and used by broker authors w.r.t. to asking 1st class support in the OSB API.
Are platforms expected to provide UI/CLI tooling for any declared extensions (i.e. dynamically generating UI from the openAPI document) ? Would generated UIs and user workflows be restricted to single API endpoint calls, or would instead spawn across multiple API calls (e.g. list backups, restore backup, delete backup) ?
Are platforms instead expected to additionally support specific curated extensions and bring optimized user experience for them? If so, where/how would such curated extensions be defined and published ?
Can the specs recommend use-cases for extensions such as:
1- operator specific extensions : a platform operators is adding custom features to a broker and brings custom UI on along it.
2- service specific extensions (say stop/resume operation) that only applies to a category of services
3- vendor specific extensions (say K8S/CF vendor X way of offering backup which differ from vendor Y)
4- platform specific extensions (e.g. CF AR service metrics ingestion which differs from K8S metrics ingestion) that can't be supported by platform-specific profiles
Would the mentioned day 2 operations seem be fitting some of the cases above?
Backup, Restore: vendor specific extensionsStop, Start, Restart and Pause: service specific extensionsThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current thinking is it is entirely up to the broker author, and the platform can choose to provide, at minimum, the OpenAPI UI (or even just the OpenAPI url). Then platforms can extend the UI based on 'adheres_to'.
We had talked about how to batch calls but it became clear that this could be designed forever and we decided to support just the single endpoint as a first step, but nothing stops a clever broker from providing batch/aggregation on their own.
adheres_tois the mechanism we think will do this. If it is proven that this is not enough we can always revisit the spec to add what is lacking.I suspect this is out of scope for the current PR, at least until we see some real world emergent behavior for generic actions.