[Bug 2213] New: [STORY] Rework Web API

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Thu Feb 5 14:15:57 UTC 2015 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=2213

            Bug ID: 2213
           Summary: [STORY] Rework Web API
           Product: Thermostat
           Version: hg
          Hardware: x86_64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Thermostat
          Assignee: unassigned at icedtea.classpath.org
          Reporter: sgehwolf at redhat.com
                CC: thermostat at icedtea.classpath.org

The Web or HTTP API exposed by the web-endpoint in Thermostat 1.x series is
rather convoluted. It also makes performing authorization checks difficult.

Here is how the current API (roughly) works:

1. The web endpoint exposes an URL where WebStorage client post request to.
   For example http://host.example.com/thermostat/storage
   1.1. The following sub-paths are recognized:
          /prepare-statement
          /query-execute
          /write-execute
          /register-category
          /save-file
          /load-file
          /purge
          /ping
          /generate-token
          /verify-token
          /get-more
   1.2. Note that *all* queries enter via /query-execute and *all* writes enter
        via /write-execute
2. Some of the sub-URLs expect parameters in plain URL encoding only. Some
   sub-URLs expect parameter values to be in JSON serialized form and some use
   both variants, JSON serialized form and URL encoded text values.
3. What gets returned as a response is sometimes a JSON string and sometimes a
   plain URL encoded value.
4. Some sub-URLs add state to the end-point.

There are a couple of problems with this.

1. Query- and write-authorization is difficult, since there is no "path-based"
   access to resources. It would be easier if write/query endpoints are
   structured by a "path info" to the resource. This would allow for Servlet
   filter based authorization checks.
2. It's pretty verbose since only POST requests are recognized. By also using
   GET, DELETE and PUT, requests can be further segmented without extra
   path-info. See [1].
3. The format returned as a response isn't uniform. It should rather be
   in a format requested by the user (specified via a suffix or request
   attribute).
4. Authorization checks for save-file/load-file is difficult because no
   extra path-info is provided. This is somewhat similar to 1.

Possible solution(s):

Most (all?) thermostat resources are associated with (a) an agent or (b) a JVM
or (c) a host name (in a DNS A record sense). Since both, JVMs and Thermostat
agents can be identified uniquely it would make sense to segment resources by
either one of these. Everything that precedes an agent ID or JVM ID in
persistent storage is segmented by host name. Note that this might mean to have
a way to efficiently look-up more information about a JVM ID and/or an agent
ID. Other properties which can be derived from JVM IDs might be:
- *nix user name the JVM runs as
- PID of the JVM process
- some human-recognizable tag, such as "Apache-Tomcat-7",
  identifying a JVM or a group of JVMs
Similarly, properties which can be derived from agent IDs might be:
- host name where the agent runs (DNS A record)
- some human-recognizable tag, such as "Cloud-X-agents"

Examples. Consider a main storage URL of
http://new-thermostat-storage.example.com/storage. Then the API could look like
this:

POST /storage/<hostname>/numa (writes new numa record(s) to storage)
POST /storage/<hostname>/agents (writes new agent record(s) to storage)
GET  /storage/<hostname>/agents.json (gets all agents for his host name as
JSON)
PUT  /storage/<hostname>/agents/<agentId> (updates an existing agent record)
POST /storage/<agentID>/vms (writes new JVM record(s) to storage)
PUT  /storage/<agentID>/vms/<vmID> (updates an existing JVM record)
GET  /storage/<agentID>/vms.txt (get all JVMs for this agent as text)
POST /storage/<vmID>/threads (writes new thread record(s) for this JVM)
PUT  /storage/<vmID>/threads/<tid> (update a thread record for this JVM)
GET  /storage/<vmID>/files/<filename> (get the requested file for the JVM)

[1] https://en.wikipedia.org/wiki/Representational_state_transfer#Example

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20150205/f520b03f/attachment-0001.html>

More information about the distro-pkg-dev mailing list