Arrowhead (and its continuation, Productive4.0) is an ambitious holistic innovation project, meant to open the doors to the potentials of Digital Industry and to maintain a leadership position of the industries in Europe. All partners involved will work on creating the capability to efficiently design and integrate hardware and software of Internet of Things (IoT) devices. Linking the real with the digital world takes more than just adding software to the hardware.
Please be aware, that 4.1.3 is NOT backwards compatible with 4.1.2. If you have older systems please refer to the Migration Guide
- Quick Start Guide
- Migration Guide 4.1.2 -> 4.1.3
- Certificates
- Gatekeeper and Gateway Setup with ActiveMQ Relay
- How to Contribute
- Documentation
Note: A system with 4GB of RAM is advised.
- Docker
- Docker Compose
Don't forget to create a volume for mysql: docker volume create --name=mysql
Don't forget to copy the initSQL.sh
script next to the docker-compose file and execute it! On the first run it initializes the Database!
Example copy command which does this for you, execute from the project root directory.
cp scripts/initSQL.sh docker/
cd docker
./initSQL.sh
Inside the docker
folder an example is provided.
Example Core System Configuration files are available in this folder.
Note: Don't forget to set
domain.name
anddomain.port
properties!
Example Docker Compose file is located here. The interesting part is the volumes section. Format is /path/on/your/local/machine:/path/inside/docker/container
You may want to copy the config files elsewhere with the compose file too. If you copy them, please don't forget to change the volume mounting point, but DON'T change the volume mounting point inside the container, otherwise it will start up with default config.
To update the images: execute docker-compose pull
command in the directory where the compose file is.
To start the containers: execute docker-compose up -d
command in the directory where the compose file is.
Don't forget to check, are all containers up and running?
If all of their is Up, you are all set. If they die, please check their logs.
If you change your config you have to restart the appropriate container
docker restart <containerName>
Command | Description |
---|---|
docker ps -a |
List all containers |
docker images |
List all images |
docker-compose up -d |
Starts the Docker containers |
docker-compose down |
Destroys the Docker containers |
docker logs <containerName> |
Shows logs for the container |
docker volume create --name=<volumeName> |
Creates a named volume |
docker volume rm <volumeName> |
Removes the specified named volume |
Q: MySQL won't start. What did went wrong?
A: Probably you missed to copy the init SQL script next to the compose file, or you have a typo in its name. Solution: https://github.com/arrowhead-f/core-java-spring/issues/105
The Debian installer files are located in the deb-installer/package/arrowhead-installers-4.1.3 folder. Please follow this guide to install them: Debian Installer Guide
Note: Preferred installation mode for Raspberry Pi.
Note: A system with 2GB of RAM is advised.
The project has the following dependencies:
- JRE/JDK 11 Download from here
- Maven 3.5+ Download from here | Install guide
- MySQL server 5.7+ (other SQL databases can work with Hibernate ORM, but the
common module pom.xml
has to include the appropriate connector dependency to use them)
Verify that you have Java (java -version
), Maven (mvn -version
), MySQL installed properly!
Pull this code and enter the directory.
git clone https://github.com/arrowhead-f/core-java-spring.git
Got to the scripts
folder, execute mysql -u root -p < create_empty_arrowhead_db.sql
MySQL script. If you won't run this script first, the project won't build.
cd core-java-spring
Execute mvn install -DskipTests
command. Wait until the build succeeds.
This command builds all available projects.
After the build is complete, the jars with the appropriate application.properites
will be available in their directory.
Change directory to:
- serviceregistry/target directory.
cd serviceregistry/target
and execute:java -jar arrowhead-serviceregistry-4.1.3.jar
- authorization/target directory.
cd authorization/target
and execute:java -jar arrowhead-authorization-4.1.3.jar
- orchestrator/target directory.
orchestrator/target
and execute:java -jar arrowhead-orchestrator-4.1.3.jar
After successful build enter the scripts folder and execute start_core_systems.sh
or start_core_systems.bat
depending on your operating system.
Wait until servers start...
Note: By default servers start in SECURE mode. To access them, you need to use an example certificate, provided in the
certificate
directory.
Note: If you wish to change the the configuration, do it by by modifying the
application.properties
file in thetarget
directory! Don't forget to change all of them!
Service Registry will be available on https://localhost:8443
Authorization will be available on https://localhost:8445
Orchestrator will be available on https://localhost:8441
Event Handler will be available on https://localhost:8455
Gatekeeper will be available on https://localhost:8449
Gateway will be available on https://localhost:8453
Swagger with API documentation is available in the root route.
To start in insecure mode, you have to change the server.ssl.enabled property to false. You'll have to do it for each core system, under the path target/application.properties. Note that if you recompile after the changes, the target/application.properties file will be overwritten by the default ones in the src/main/resources/application.properties.
The Gatekeeper and Gateway use encryption based on the certificates, hence there is no way to start the Gatekeeper and Gateway in insecure mode. But you can use the local cloud without these core systems. All you have to do is to set gatekeeper_is_present=false in the application.properties of the ochestrator, and start the script start_coresystems_local.bat or start_coresystems_local.sh depending on your operating system.
4.1.3 is NOT backwards compatible with 4.1.2! Earlier it was redundant and contained gaps. Now the database and the endpoints are redesigned, they are clean, more logical and easier to use.
You can migrate your existing database manually. See the Quick Start Guide, how to deploy the Core Systems.
Major endpoint changes:
The following endpoints no longer exist, instead use the ones on the right:
-
PUT /mgmt/services
->POST /serviceregistry/mgmt/services
-
PUT /mgmt/systems
->POST /serviceregistry/mgmt/systems
-
GET /serviceregistry/mgmt/systemId/{systemId}
->GET /serviceregistry/mgmt/systems/{id}
-
GET /serviceregistry/mgmt/serviceId/{serviceId}/providers
-
PUT /serviceregistry/mgmt/query
->POST /serviceregistry/query
-
PUT /serviceregistry/mgmt/subscriptions/{id}
-
PUT /serviceregistry/support/remove
->DELETE /serviceregistry/unregister
-
DELETE /serviceregistry/mgmt/all
-
serviceregistry/register - data structure changed
Description for this endpoint is available here: Register
Old payload, which is no longer usable
{
"providedService" : {
"serviceDefinition" : "IndoorTemperature",
"interfaces" : [ "JSON", "XML" ],
"serviceMetadata" : {
"unit" : "celsius"
}
},
"provider" : {
"systemName" : "InsecureTemperatureSensor",
"address" : "192.168.0.2",
"port" : 8080
},
"serviceURI" : "temperature",
"version" : 1,
"udp" : false,
"ttl" : 0
}
New payload - you can easily map the old fields to the new ones.
{
"serviceDefinition": "IndoorTemperature",
"providerSystem": {
"systemName": "InsecureTemperatureSensor",
"address": "192.168.0.2",
"port": 8080,
"authenticationInfo": "eyJhbGciOiJIUzI1Ni..."
},
"serviceUri": "temperature",
"endOfValidity": "2019-12-05T12:00:00",
"secure": "TOKEN",
"metadata": {
"unit": "celsius"
},
"version": 1,
"interfaces": [
"HTTP-SECURE-JSON"
]
}
- /mgmt/intracloud - data structure changed
- /mgmt/intercloud - data structure changed
How to Add Intracloud rules
How to Add Intercloud rules
- /mgmt/store - data structure changed
- /orchestrator/orchestration - data structure changed
Description for this endpoint is available here: Orchestration
Old payload, which is no longer usable
{
"requesterSystem" : {
"systemName" : "client1",
"address" : "localhost",
"port" : 0,
"authenticationInfo" : "null"
},
"requestedService" : {
"serviceDefinition" : "IndoorTemperature",
"interfaces" : [ "json" ],
"serviceMetadata" : {
"unit" : "celsius"
}
},
"orchestrationFlags" : {
"onlyPreferred" : false,
"overrideStore" : true,
"externalServiceRequest" : false,
"enableInterCloud" : true,
"enableQoS" : false,
"matchmaking" : false,
"metadataSearch" : true,
"triggerInterCloud" : false,
"pingProviders" : false
},
"preferredProviders" : [ ],
"requestedQoS" : { },
"commands" : { }
}
New payload - you can easily map the old fields to the new ones.
{
"requesterSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"requestedService": {
"serviceDefinitionRequirement": "string",
"interfaceRequirements": [
"string"
],
"securityRequirements": [
"NOT_SECURE", "CERTIFICATE", "TOKEN"
],
"metadataRequirements": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"versionRequirement": 0,
"maxVersionRequirement": 0,
"minVersionRequirement": 0
},
"preferredProviders": [
{
"providerCloud": {
"operator": "string",
"name": "string"
},
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0
}
}
],
"orchestrationFlags": {
"additionalProp1": true,
"additionalProp2": true,
"additionalProp3": true
}
}
Arrowhead Framework's security is relying on SSL Certificate Trust Chains. The Arrowhead trust chain consists of three level:
- Master certificate:
arrowhead.eu
- Cloud certificate:
my_cloud.my_company.arrowhead.eu
- Client certificate:
my_client.my_cloud.my_company.arrowhead.eu
The certificate naming convention have strict rules:
- The different parts are delimited by dots, therefore parts are not allowed to contain any of them.
- A cloud certificate name has to consist of four part and the last two part have to be 'arrowhead' and 'eu'.
- A client certificate name has to consist of five part and the last two part have to be 'arrowhead' and 'eu'.
The trust chain is created by issuing the cloud certificate from the master certificate and the client certificate from the cloud certificate. With other words, the cloud certificate is signed by the master certificate's private key and the client certificate is signed by the cloud certificate's private key which makes the whole chain trustworthy.
The Key-Store is intended to store the certificates and/or key-pair certificates. Key-pair certificates are contain the certificate chain with some additinal data, such as the private-public keys, which are necessary for the secure operation. Certificates located in this store (without the keys) will be attached to the outcoming HTTPS requests. Arrowhead Framework is designed for handling the p12
type of Key-Stores.
(Note: When you creating a new key-pair certificate, then the key-password
and the key-store-password
must be the same.)
The Trust-Store is containing those certificates, what the web-server considers as trusted ones. Arrowhead Framework is designed for handling the p12
type of Trust-Stores. Typically your Trust-Store should contain only the cloud certificate, which ensures that only those incoming HTTPS requests are authorized to access, which are having this certificate within their certificate chain.
Currently Arrowhead community have the possibility to create only "self signed" certifications. See the tutorials:
- Create Arrowhead Cloud Self Signed Certificate
- Create Arrowhead Client Self Signed Certificate
- Create Trust Store
The System Operator Certificate is a special client certificate with the naming convention of sysop.my_cloud.my_company.arrowhead.eu
.
SysOp certificate allows the client to use the management endpoints of the Arrowhead Core Systems. Typical usage of SysOp certificate is by front end applications running in a web browser.
The following guide describes step by step, how to include your own certificates into a Docker container.
Please follow this guide to setup the Arrowhead Gatekeeper and Gateway core systems: Gatekeeper & Gateway Setup Guide with ActiveMQ Relay
All work on Arrowhead repositories happens directly on GitHub. Both core team members and external contributors send pull requests which go through the same review process.
The latest version of the core systems are available in the master
branch. The code for the next release is merged in the development
branch. If you would like to contribute, please check out the development
branch. Create a new branch from development
. Don't forget do write documentation, unit and integration tests. When finished, create a pull request back into development
. If accepted, your contribution will be in the next release. :)
We are using GitHub Issues for our public bugs. We keep a close eye on this and try to make it clear when we have an internal fix in progress. Before filing a new task, try to make sure your problem doesn’t already exist.
The best way to get your bug fixed is to provide a reduced test case.
Join our developer team on Slack. Write an email to [email protected] for an invite.
This System provides the database, which stores information related to the currently actively offered Services within the Local Cloud.
The purpose of this System is therefore to allow:
- Application Systems to register what Services they offer at the moment, making this announcement available to other Application Systems on the network.
- They are also allowed to remove or update their entries when it is necessary.
- All Application Systems can utilize the lookup functionality of the Registry to find Public Core System Service offerings in the network, otherwise the Orchestrator has to be used.
However, it is worth noting, that within this generation the lookup functionality of Services is integrated within the “orchestration process”. Therefore, in the primary scenario, when an Application System is looking for a Service to consume, it shall ask the Orchestrator System via the Orchestration Service to locate one or more suitable Service Providers and help establish the connection based on metadata submitted in the request. Direct lookups from Application Systems within the network is not advised in this generation, due to security reasons.
However, the lookup of other Application Systems and Services directly is not within the primary use, since access will not be given without the Authorization JWT (JSON Web Token). The use of the TokenGeneration is restricted to the Orchestrator for general System accountability reasons.
This System only provides one Core Service the Service Discovery
There are two use case scenarios connected to the Service Registry.
- Service registration, de-registration
- Service Registry querying (lookup)
The register method is used to register services. The services will contain various metadata as well as a physical endpoint. The various parameters are representing the endpoint information that should be registered.
The unregister method is used to unregister service instances that were previously registered in the Registry. The instance parameter is representing the endpoint information that should be removed.
The query method is used to find and translate a symbolic service name into a physical endpoint, for example an IP address and a port. The query parameter is used to request a subset of all the registered services fulfilling the demand of the user of the service. The returned listing contains service endpoints that have been fulfilling the query.
There is another functionality that does not bound to any Services, just an internal part of the Service Registry. There are two optional cleanup tasks within the Service Registry, which can be used to remove old, inactive service offerings. The first task is based on pinging the service provider and if the provider does not respond to the ping, its offered services will be deleted. The second task is based on a feature, called “Time to Live”. Service providers upon registration can provide a timestamp called “end_of_validity” number, which specifies how long the service will be offered by the provider, making the service de-registrations unnecessary, if this task is active. The task is used to remove expired services. The third task is using a feature called "Heartbeat" (Not yet implemented), where the Service provider periodically signals to the Service Registry that it is still alive. When it misses it will be removed. All of these internal tasks can be configured in the application.properties file.
This System can be secured via the HTTPS protocol. If it is started in secure mode, it verifies whether the Application System possesses a proper X.509 identity certificate and whether that certificate is Arrowhead compliant in its making. This certificate structure and creation guidelines ensure:
- Application System is properly bootstrapped into the Local Cloud
- The Application System indeed belongs to this Local Cloud
- The Application System then automatically has the right to register its Services in the Registry.
If these criteria are met, the Application System’s registration or removal message is processed. An Application System can only delete or alter entries that contain the Application System as the Service Provider in the entry.
The Service Registry offers three types of endpoints. Client, Management and Private.
Swagger API documentation is available on: https://<host>:<port>
The base URL for the requests: http://<host>:<port>/serviceregistry
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Echo | /echo | GET | - | OK |
Query | /query | POST | ServiceQueryForm | ServiceQueryList |
Register | /register | POST | ServiceRegistryEntry | ServiceRegistryEntry |
Unregister | /unregister | DELETE | Address, Port, Service Definition, System Name in query parameters | OK |
These services can only be used by other core services, therefore they are not part of the public API.
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Query System | /query/system | POST | System | System |
Query System By ID | /query/system/{id} | GET | ID | System |
There endpoints are mainly used by the Management Tool and Cloud Administrators.
The following endpoints no longer exist:
PUT /mgmt/services
PUT /mgmgt/systems
GET /serviceregistry/mgmt
GET /serviceregistry/mgmt/systemId/{systemId}
GET /serviceregistry/mgmt/serviceId/{serviceId}/providers
PUT /serviceregistry/mgmt/query
PUT /serviceregistry/mgmt/subscriptions/{id}
PUT /serviceregistry/support/remove
DELETE /serviceregistry/mgmt/all
GET /serviceregistry/echo
Returns a "Got it" message with the purpose of testing the core service availability.
Note: 4.1.2 version: GET /serviceregistry
POST /serviceregistry/query
Returns ServiceQueryList that fits the input specification. Mainly used by the Orchestrator.
ServiceQueryForm is the input
{
"serviceDefinitionRequirement": "string",
"interfaceRequirements": [
"string"
],
"securityRequirements": [
"NOT_SECURE"
],
"metadataRequirements": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"versionRequirement": 0,
"maxVersionRequirement": 0,
"minVersionRequirement": 0,
"pingProviders": true
}
Field | Description | Mandatory |
---|---|---|
serviceDefinitionRequirement |
Name of the required Service Definition | yes |
interfaceRequirements |
List of required interfaces | no |
securityRequirements |
List of required security settings | no |
metadataRequirements |
Key value pairs of required metadata | no |
versionRequirement |
Required version number | no |
maxVersionRequirement |
Maximum version requirement | no |
minVersionRequirement |
Minimum version requirement | no |
pingProviders |
Return only available providers | no |
Note: Valid
interfaceRequirements
name pattern: protocol-SECURE or INSECURE format. (e.g.: HTTPS-SECURE-JSON)
Note: Possible values for
securityRequirements
are:
NOT_SECURE
CERTIFICATE
TOKEN
- not defined, if you don't want to filter on security type
Returns a ServiceQueryList
{
"serviceQueryData": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
],
"unfilteredHits": 0
}
Field | Description |
---|---|
serviceQueryData |
The array of objects containing the data |
id |
ID of the entry, used by the Orchestrator |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp. |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
unfilteredHits |
Number of hits based on service definition without filters |
Note: 4.1.2 version: PUT /serviceregistry /query
This version always returned the records in an array of JSON objects. The response did not contain any information about the unfiltered hits and the objects did not contain any modification related timestamp information. Interfaces and metadata were bound to the service definition and security type was not defined. Service Registry object did contain an "udp" flag beside the interface definition.
POST /serviceregistry/register
Registers a service. A provider is allowed to register only its own services. It means that provider system name and certificate common name must match for successful registration.
ServiceRegistryEntry is the input
{
"serviceDefinition": "string",
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
"string"
]
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | yes |
providerSystem |
Provider System | yes |
serviceUri |
URI of the service | yes |
endOfValidity |
Service is available until this UTC timestamp | no |
secure |
Security info | no |
metadata |
Metadata | no |
version |
Version of the Service | no |
interfaces |
List of the interfaces the Service supports | yes |
Note: Valid
interfaces
name pattern: protocol-SECURE or INSECURE format. (e.g.: HTTPS-SECURE-JSON)
Note:
authenticationInfo
is the public key of the system. In Insecure mode you can omit sending this key.
Note: Possible values for
secure
are:
NOT_SECURE
(default value if field is not defined)CERTIFICATE
TOKEN
Returns a ServiceRegistryEntry
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /serviceregistry/register
In this version interfaces and metadata were bound to the service definition and security type was not defined at all. The response object did not contain any modification related time stamp information. Service Registry object did contain an "udp" flag beside the interface definition.
DELETE /serviceregistry/unregister
Removes a registered service. A provider is allowed to unregister only its own services. It means that provider system name and certificate common name must match for successful unregistration.
Query params:
Field | Description | Mandatory |
---|---|---|
service_definition |
Name of the service to be removed | yes |
system_name |
Name of the Provider | yes |
address |
Address of the Provider | yes |
port |
Port of the Provider | yes |
Note: 4.1.2 version: PUT /serviceregistry/remove
In this version the input was a JSON object with many unnecessary information.
POST /serviceregistry/query/system
This service can only be used by other core services, therefore is not part of the public API.
GET /serviceregistry/system/{id}
This service can only be used by other core services, therefore is not part of the public API.
GET /serviceregistry/mgmt
Returns a list of Service Registry records. If page
and item_per_page
are not defined, returns all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a ServiceRegistryEntryList
{
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
],
"count": 0
}
Field | Description |
---|---|
data |
Array of ServiceRegistryEntry |
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
count |
Number of entries found |
Note 4.1.2 version: GET /serviceregistry/mgmt/all
This version always returned the records in an array of JSON objects. The objects did not contain any modification related time stamp information. Interfaces and metadata were bound to the service definition and security type was not defined. Service Registry object did contain an "udp" flag beside the interface definition.
POST /serviceregistry/mgmt
Creates service registry record and returns the newly created record.
ServiceRegistryEntry is the input
{
"serviceDefinition": "string",
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
"string"
]
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | yes |
providerSystem |
Provider System | yes |
serviceUri |
URI of the Service | no |
endOfValidity |
Service is available until this UTC timestamp. | no |
secure |
Security info | no |
metadata |
Metadata | no |
version |
Version of the Service | no |
interfaces |
List of the interfaces the Service supports | yes |
Note: Valid
interfaces
name pattern: protocol-SECURE or INSECURE format. (e.g.: HTTPS-SECURE-JSON)
Note: Possible values for
secure
are:
NOT_SECURE
(default value if field is not defined)CERTIFICATE
TOKEN
Returns a ServiceRegistryEntry
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /serviceregistry/support/register
It was available for clients as well, not only for the system operator of the local cloud. Interfaces and metadata were bound to the service definition and security type was not defined at all. The response object did not contain any modification related time stamp information. Service Registry object did contain an "udp" flag beside the interface definition.
GET /serviceregistry/mgmt/{id}
Returns the Service Registry Entry specified by the ID path parameter.
Returns a ServiceRegistryEntry
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /serviceregistry/mgmt/id/{id}
In this version interfaces and metadata were bound to the service definition and security type was not defined at all. The response object did not contain any modification related time stamp information. Service Registry object did contain an "udp" flag beside the interface definition.
PUT /serviceregistry/mgmt/{id}
Updates and returns the modified service registry record specified by the id path parameter. Not defined fields are going to be updated to "null" value.
ServiceRegistryEntry is the input
{
"serviceDefinition": "string",
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
"string"
]
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | yes |
providerSystem |
Provider System | yes |
serviceUri |
URI of the Service | no |
endOfValidity |
Service is available until this UTC timestamp. | no |
secure |
Security info | no |
metadata |
Metadata | no |
version |
Version of the Service | no |
interfaces |
List of the interfaces the Service supports | yes |
Note: Valid
interfaces
name pattern: protocol-SECURE or INSECURE format. (e.g.: HTTPS-SECURE-JSON)
Note: Possible values for
secure
are:
NOT_SECURE
(default value if field is not defined)CERTIFICATE
TOKEN
Returns a ServiceRegistryEntry
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: PUT /serviceregistry/mgmt/update/{id}
In this version interfaces and metadata were bound to the service definition and security type was not defined at all. The response object did not contain any modification related time stamp information. Service Registry object did contain an "udp" flag beside the interface definition.
PATCH /serviceregistry/mgmt/{id}
Updates and returns the modified service registry record specified by the id path parameter. Not defined fields are NOT going to be updated.
ServiceRegistryEntry is the input
{
"serviceDefinition": "string",
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
"string"
]
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | no |
providerSystem |
Provider System | no |
serviceUri |
URI of the Service | no |
endOfValidity |
Service is available until this UTC timestamp. | no |
secure |
Security info | no |
metadata |
Metadata | no |
version |
Version of the Service | no |
interfaces |
List of the interfaces the Service supports | no |
Note: Valid
interfaces
name pattern: protocol-SECURE or INSECURE format. (e.g.: HTTPS-SECURE-JSON)
Note: Possible values for
secure
are:
NOT_SECURE
(default value if field is not defined)CERTIFICATE
TOKEN
Returns a ServiceRegistryEntry
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: Not existed
DELETE /serviceregistry/mgmt/{id}
Remove the service registry record specified by the id path parameter.
Note: 4.1.2 version: DELETE /serviceregistry/mgmt/{entryId}
This version did return Http 404 (not found), when record was not found by id.
GET /serviceregistry/mgmt/grouped
Returns all Service Registry Entries grouped for the purpose of the Management Tools' Service Registry view:
- autoCompleteData
- servicesGroupedByServiceDefinition
- servicesGroupedBySystems
Returns a ServiceRegistryGrouped
{
"autoCompleteData": {
"interfaceList": [
{
"id": 0,
"value": "string"
}
],
"serviceList": [
{
"id": 0,
"value": "string"
}
],
"systemList": [
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
]
},
"servicesGroupedByServiceDefinition": [
{
"serviceDefinitionId": 0,
"serviceDefinition": "string",
"providerServices": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
],
"servicesGroupedBySystems": [
{
"systemId": 0,
"systemName": "string",
"address": "string",
"port": 0,
"services": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
]
}
Field | Description |
---|---|
autocompleteData |
Data for the Management Tools' autocomplete engine |
servicesGroupedByServiceDefinitionAndInterface |
Services Grouped by Service Definition and Interface |
servicesGroupedBySystems |
Services Grouped By Systems |
Note: 4.1.2 version: Not existed
GET /serviceregistry/mgmt/servicedef/{serviceDefinition}
Returns a list of Service Registry records specified by the serviceDefinition path parameter. If page
and item_per_page
are not defined, returns all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a ServiceRegistryEntryList
{
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"endOfValidity": "string",
"secure": "NOT_SECURE",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"version": 0,
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
],
"count": 0
}
Field | Description |
---|---|
data |
Array of ServiceRegistryEntry |
id |
ID of the ServiceRegistryEntry |
serviceDefinition |
Service Definition |
provider |
Provider System |
serviceUri |
URI of the Service |
endOfValidity |
Service is available until this UTC timestamp |
secure |
Security info |
metadata |
Metadata |
version |
Version of the Service |
interfaces |
List of the interfaces the Service supports |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
count |
Number of entries found |
Note: 4.1.2 version: GET /serviceregistry/mgmt/servicedef/{serviceDefinition}
This version always returned the records in an array of JSON objects. The objects did not contain any modification related time stamp information. Interfaces and metadata were bound to the service definition and security type was not defined. Service Registry object did contain an "udp" flag beside the interface definition.
GET /serviceregistry/mgmt/services
Returns a list of Service Definition records. If page
and item_per_page
are not defined, returns all
records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a ServiceDefinitionList
{
"data": [
{
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"count": 0
}
Note: 4.1.2 version: GET /mgmt/services
This version always returned the records in an array of JSON objects. The objects did not contain any modification related time stamp information. Interfaces and metadata were part of the service definition entity.
POST /serviceregistry/mgmt/services
Creates service definition record and returns the newly created record.
Service Definition is the input
{
"serviceDefinition": "string"
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | yes |
Returns a Service Definition
{
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
serviceDefinition |
Service Definition |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /mgmt/services
In this version interfaces and metadata were part of the service definition entity. The response object did not contain any modification related time stamp information.
GET /serviceregistry/mgmt/services/{id}
Returns the Service Definition record specified by the id path parameter.
Returns a ServiceDefinition
{
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
serviceDefinition |
Service Definition |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /mgmt/services/{serviceId} The response object did not contain any modification related time stamp information. Interfaces and metadata were part of the service definition entity.
PUT /serviceregistry/mgmt/services/{id}
Updates and returns the modified Service Definition record specified by the ID path parameter.
ServiceDefinition is the input
{
"serviceDefinition": "string"
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | yes |
Returns a ServiceDefinition
{
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
serviceDefinition |
Service Definition |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: PUT /mgmt/services/{serviceId}
The response object did not contain any modification related time stamp information. Interfaces and metadata were part of the service definition entity.
PATCH /serviceregistry/mgmt/services/{id}
Updates and returns the modified Service Definition record specified by the ID path parameter.
ServiceDefinition is the input
{
"serviceDefinition": "string"
}
Field | Description | Mandatory |
---|---|---|
serviceDefinition |
Service Definition | no |
Returns a ServiceDefinition
{
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
serviceDefinition |
Service Definition |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: Not existed
DELETE /serviceregistry/mgmt/services/{id}
Removes the service definition record specified by the id path parameter.
Note: 4.1.2 version: DELETE /mgmt/services/{serviceId} This version did return HTTP 404 (Not Found), when record was not found by ID.
GET /serviceregistry/mgmt/systems
Returns a list of System records. If page
and item_per_page
are not defined, it returns all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a SystemList
{
"data": [
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"count": 0
}
Field | Description |
---|---|
id |
ID of the entry |
systemName |
Name of the System |
address |
Address |
port |
Port |
authenticationInfo |
Authentication Info |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /mgmt/systems This version always returned the records in an array of JSON objects. The objects did not contain any modification related time stamp information.
POST /serviceregistry/mgmt/systems
Creates a System record and returns the newly created record.
System is the input
{
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
}
Field | Description | Mandatory |
---|---|---|
systemName |
Name of the System | yes |
address |
Address | yes |
port |
Port | yes |
authenticationInfo |
Authentication Info | no |
Returns a System
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
systemName |
Name of the System |
address |
Address |
port |
Port |
authenticationInfo |
Authentication Info |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /mgmt/systems
In this version the response object did not contain any modification related time stamp information.
GET /serviceregistry/systems/{id}
Returns the System record specified by the ID path parameter.
Returns a System
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
systemName |
Name of the System |
address |
Address |
port |
Port |
authenticationInfo |
Authentication Info |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /mgmt/systems/{systemId}
In this version the response object did not contain any modification related time stamp information
PUT /serviceregistry/mgmt/systems/{id}
Updates and returns the modified System record specified by the ID path parameter. Not defined fields are going to be updated to "null" value.
System is the input
{
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
}
Field | Description | Mandatory |
---|---|---|
systemName |
Name of the System | yes |
address |
Address | yes |
port |
Port | yes |
authenticationInfo |
Authentication Info | no |
Returns a System
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
systemName |
Name of the System |
address |
Address |
port |
Port |
authenticationInfo |
Authentication Info |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: PUT /mgmt/systems/{systemId}
In this version the response object did not contain any modification related time stamp information.
PATCH /serviceregistry/mgmt/systems/{id}
Updates and returns the modified system record specified by the id path parameter. Not defined fields are going to be NOT updated.
System is the input
{
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
}
Field | Description | Mandatory |
---|---|---|
systemName |
Name of the System | no |
address |
Address | no |
port |
Port | no |
authenticationInfo |
Authentication Info | no |
Returns a System
{
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
systemName |
Name of the System |
address |
Address |
port |
Port |
authenticationInfo |
Authentication Info |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: Not existed
DELETE /serviceregistry/mgmt/systems/{id}
Removes the System record specified by the ID path parameter.
Note: 4.1.2 version: DELETE /mgmt/systems/{systemId}
This version did return HTTP 404 (Not Found), when record was not found by ID.
This System has:
- A database that describes which Application System can consume what Services from which Application Systems (Intra-Cloud access rules)
- A database that describes which other Local Clouds are allowed to consume what Services from this Cloud (Inter-Cloud authorization rules)
The purpose of this System is therefore to:
- Provide AuthorizationControl Service (both intra- and inter-Cloud)
- Provide a TokenGeneration Service for allowing session control within the Local Cloud
The purpose of the TokenGeneration functionality is to create session control functionality through the Core Sytems. The output is JSON Web Token that validates the Service Consumer system when it will try to access the Service from another Application System (Service Provider). This Token shall be primarily generated during the orchestration process and only released to the Service Consumer when all affected Core Systems are notified and agreed to the to-be-established Service connection.
This System (in line with all core Systems) utilizes the X.509 certificate Common Name naming convention in order to work.
This System only provides two Core Services:
- AuthorizationControl
- TokenGeneration
There are two use cases connected to the Authorization System:
- Check access rights (invoke the AuthorizationControl)
- Generate an access token (the Orchestrator invokes the TokenGeneration)
Figure 1. Authorization crosscheck during orchestration process
The AuthorizationControl Service provides 2 different interfaces to look up authorization rights:
- Intra-Cloud authorization: defines an authorization right between a consumer and provider system in the same Local Cloud for a specific Service.
- Inter-Cloud authorization: defines an authorization right for an external Cloud to consume a specific Service from the Local Cloud.
The Authorization offers three types of endpoints. Client, Management and Private.
Swagger API documentation is available on: https://<host>:<port>
The base URL for the requests: http://<host>:<port>/authorization
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Echo | /echo | GET | - | OK |
Get Public Key | /publickey | GET | - | Public Key |
These services can only be used by other core services, therefore they are not part of the public API.
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Check an Intercloud rule | /intercloud/check | POST | InterCloudRule | InterCloudResult |
Check an Intracloud rule | /intracloud/check | POST | IntraCloudRule | IntraCloudResult |
Generate Token | /token | POST | TokenRule | TokenData |
There endpoints are mainly used by the Management Tool and Cloud Administrators.
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Get all Intracloud rules | /mgmt/intracloud | GET | - | IntracloudRuleList |
Add Intracloud rules | /mgmt/intracloud | POST | IntracloudRuleForm | IntracloudRuleList |
Get an Intracloud rule by ID | /mgmt/intracloud/{id} | GET | IntracloudRuleID | IntracloudRule |
Delete an Intracloud rule by ID | /mgmt/intracloud/{id} | DELETE | IntracloudRuleID | - |
Get all Intercloud rules | /mgmt/intercloud | GET | - | IntercloudRuleList |
Add Intercloud rules | /mgmt/intercloud | POST | IntercloudRuleForm | IntercloudRuleList |
Get an Intercloud rule by ID | /mgmt/intercloud/{id} | GET | IntercloudRuleID | IntercloudRuleList |
Delete an Intercloud rule by ID | /mgmt/intercloud/{id} | DELETE | IntercloudRuleID | - |
The following services no longer exist:
GET /authorization/mgmt/intracloud/systemId/{systemId}/services
GET /authorization/mgmt/intracloud/systemId/{systemId}
GET /authorization/mgmt/intracloud/servicedef/{serviceDefinition}
PUT /authorization/mgmt/intracloud
DELETE /authorization/mgmt/intracloud/systemId/{systemId}
GET /authorization/mgmt/intercloud/operator/{operator}/cloudname/{cloudName}/services
GET /authorization/mgmt/intercloud/operator/{operator}/cloudname/{cloudName}
GET /authorization/mgmt/intercloud/servicedef/{serviceDefinition}
PUT /authorization/mgmt/intercloud
DELETE /authorization/mgmt/intercloud/operator/{operator}/cloudname/{cloudName}
GET /authorization/echo
Returns a "Got it" message with the purpose of testing the core service availability.
Note: 4.1.2 version: GET /authorization/mgmt It was only available for the system operator of the local cloud.
GET /authorization/publickey
Returns the public key of the Authorization core service as a (Base64 encoded) text. This service is necessary for providers if they want to utilize the token based security.
Note:: 4.1.2 version: GET /authorization/mgmt/publickey It was only available for system operator of the local cloud.
POST /authorization/intercloud/check
This service can only be used by other core services, therefore is not part of the public API.
Checks whether a Cloud is authorized to use a Service
InterCloudRule is the input
{
"cloud": {
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
],
"name": "string",
"neighbor": true,
"operator": "string",
"secure": true
},
"providerIdsWithInterfaceIds": [
{
"id": 0,
"idList": [
0
]
}
],
"serviceDefinition": "string"
}
Field | Description | Mandatory |
---|---|---|
cloud |
Cloud | yes |
providerIdsWithInterfaceIds |
Provider IDs with Interface IDs | yes |
Returns an InterCloudResult
{
"authorizedProviderIdsWithInterfaceIds": [
{
"id": 0,
"idList": [
0
]
}
],
"cloud": {
"authenticationInfo": "string",
"createdAt": "string",
"id": 0,
"name": "string",
"neighbor": true,
"operator": "string",
"ownCloud": true,
"secure": true,
"updatedAt": "string"
},
"serviceDefinition": "string"
}
Field | Description |
---|---|
authorizedProviderIdsWithInterfaceIds |
Authorized Provider IDs with Interface IDs |
cloud |
Cloud |
POST /authorization/intracloud/check
This service can only be used by other core services, therefore is not part of the public API.
Checks whether the consumer System can use a Service from a list of provider Systems
IntraCloudRule is the input
{
"consumer": {
"address": "string",
"authenticationInfo": "string",
"port": 0,
"systemName": "string"
},
"providerIdsWithInterfaceIds": [
{
"id": 0,
"idList": [
0
]
}
],
"serviceDefinitionId": 0
}
Field | Description | Mandatory |
---|---|---|
consumer |
Consumer | yes |
providerIdsWithInterfaceIds |
Provider IDs with Interface IDs | yes |
serviceDefinitionId |
Service Definition ID | yes |
Returns a IntraCloudResult
{
"authorizedProviderIdsWithInterfaceIds": [
{
"id": 0,
"idList": [
0
]
}
],
"consumer": {
"address": "string",
"authenticationInfo": "string",
"createdAt": "string",
"id": 0,
"port": 0,
"systemName": "string",
"updatedAt": "string"
},
"serviceDefinitionId": 0
}
Field | Description |
---|---|
authorizedProviderIdsWithInterfaceIds |
Authorized Provider IDs with Interface IDs |
consumer |
Consumer |
serviceDefinitionId |
Service Definition ID |
POST /authorization/token
This service can only be used by other core services, therefore is not part of the public API.
Generates a JWT for Authentication
TokenRule is the input
{
"consumer": {
"address": "string",
"authenticationInfo": "string",
"port": 0,
"systemName": "string"
},
"consumerCloud": {
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
],
"name": "string",
"neighbor": true,
"operator": "string",
"secure": true
},
"duration": 0,
"providers": [
{
"provider": {
"address": "string",
"authenticationInfo": "string",
"port": 0,
"systemName": "string"
},
"serviceInterfaces": [
"string"
]
}
],
"service": "string"
}
Field | Description | Mandatory |
---|---|---|
consumer |
Consumer | yes |
consumerCloud |
Cloud of the Consumer | yes |
duration |
Validity duration of the Token | yes |
providers |
Providers | yes |
service |
Service | yes |
Returns a TokenData
{
"tokenData": [
{
"providerAddress": "string",
"providerName": "string",
"providerPort": 0,
"tokens": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
}
]
}
Field | Description |
---|---|
tokenData |
Token Data |
###Get all Intracloud rules
GET /authorization/mgmt/intracloud
Returns a list of Intracloud authorization records. If page
and item_per_page
are not
defined, it returns all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns an IntracloudRuleList
{
"count": 0,
"data": [
{
"id": 0,
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
number of records |
data |
An array containing the data |
id |
ID of the entry |
consumerSystem |
Consumer System |
providerSystem |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: Authorization is a little stricter than before: the access now depends on specific interfaces besides provider and service.
Note: 4.1.2 version: GET /authorization/mgmt/intracloud
This version always returned all records in an array of JSON objects. The objects did not contain any time information. Access didn't depend on interface.
POST /authorization/mgmt/intracloud
Creates Intracloud authorization rules and returns the newly created rules.
IntracloudRuleForm is the input
{
"consumerId": 0,
"providerIds": [
0
],
"interfaceIds": [
0
],
"serviceDefinitionIds": [
0
]
}
Note: This is a very general stucture, however only two possible combinations are allowed:
- One provider ID, one interface ID with multiple service definition IDs
- Multiple provider IDs, multiple interface IDs with one service definition ID.
Field | Description | Mandatory |
---|---|---|
consumerId |
ID of the consumer | yes |
providerIds |
IDs of the providers | yes |
interfaceIds |
IDs of the interfaces | yes |
serviceDefinitionIds |
IDs of the Service Definitions | yes |
Returns an IntracloudRuleList
{
"count": 0,
"data": [
{
"id": 0,
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
number of records |
data |
An array containing the data |
id |
ID of the entry |
consumerSystem |
Consumer System |
providerSystem |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /authorization/mgmt/intracloud
This version required whole JSON objects as consumer, provider and service instead of ids and didn't use interface restrictions.
GET /authorization/mgmt/intracloud/{id}
Returns the Intracloud related authorization rule specified by the ID path parameter.
Returns an IntraCloudRule
{
"id": 0,
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the entry |
consumerSystem |
Consumer System |
providerSystem |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /authorization/mgmt/intracloud/{id}
The returned structure did not contain time information and interface restrictions
DELETE /authorization/mgmt/intracloud/{id}
Removes the Intracloud related authorization rule specified by the ID path parameter.
Note: 4.1.2 version: DELETE /authorization/mgmt/intracloud/{id} Same the new version.
GET authorization/mgmt/intercloud
Returns a list of Intercloud related authorization rules. If page
and item_per_page
are not
defined, it returns all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns an IntercloudRuleList
{
"count": 0,
"data": [
{
"id": 0,
"cloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": true,
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
number of records |
data |
An array containing the data |
id |
ID of the entry |
cloud |
Cloud information |
provider |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: Authorization is stricter than before: the access now depends on specific provider and interfaces besides service.
Note: 4.1.2 version: GET /authorization/mgmt/intercloud
This version always returned all records in an array of JSON objects. The objects did not contain any time information. Access didn't depend on provider and interface.
POST /authorization/mgmt/intercloud
Creates Intercloud authorization rules and returns the newly created rules.
Input is IntercloudRuleForm
{
"cloudId": 0,
"providerIdList": [
0
],
"interfaceIdList": [
0
],
"serviceDefinitionIdList": [
0
]
}
Note: This is a very general stucture, however only two possible combinations are allowed:
- One provider ID, one interface ID with multiple service definition IDs
- Multiple provider IDs, multiple interface IDs with one service definition ID.
Field | Description | Mandatory |
---|---|---|
cloudId |
ID of the Cloud | yes |
providerIds |
IDs of the providers | yes |
interfaceIds |
IDs of the interfaces | yes |
serviceDefinitionIds |
IDs of the Service Definitions | yes |
Returns an IntercloudRuleList
{
"count": 0,
"data": [
{
"id": 0,
"cloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": true,
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
number of records |
data |
An array containing the data |
id |
ID of the entry |
cloud |
Cloud information |
provider |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /authorization/mgmt/intercloud
This version required whole JSON objects as consumer cloud and service instead of ids and didn't use provider and interface restrictions.
GET /authorization/mgmt/intercloud/{id}
Returns the Intercloud related authorization record specified by the ID path parameter.
Returns an IntercloudRuleList
{
"count": 0,
"data": [
{
"id": 0,
"cloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": true,
"createdAt": "string",
"updatedAt": "string"
},
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
number of records |
data |
An array containing the data |
id |
ID of the entry |
cloud |
Cloud information |
provider |
Provider System |
serviceDefinition |
Service Definition |
interfaces |
Interfaces |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /authorization/mgmt/intercloud/{id}
The returned structure did not contain time information, provider and interface restrictions.
Removes the Intercloud related authorization record specified by the ID path parameter.
Note: 4.1.2 version: DELETE /authorization/mgmt/intercloud/{id} Same as the new version.
The Orchestrator provides runtime (late) binding between Application Systems.
The primary purpose for the Orchestrator System is to provide Application Systems with orchestration information: where they need to connect to. The outcome of the "Orchestration Service" include rules that will tell the Application System what Service provider System(s) it should connect to and how (acting as a Service Consumer). Such orchestration rules include:
- Accessibility information details of a Service provider (e.g network address and port),
- Details of the Service instance within the provider System (e.g. base URL, IDD specification and other metadata),
- Authorization-related information (e.g. access token and signature),
- Additional information that is necessary for establishing connection.
This orchestration rule information can reach the given Application System (consumer) in two different ways: the System itself can request it ("pull") or the Orchestrator itself can update the System when it is needed ("push method"). However, in both cases, there shall be an underlying, hidden process ("orchestration process"), which ensures the consistence of state between the various Core Systems.
In G4.0, only the pull method is implemented and the Orchestrator shall negotiate with the other Core Systems while trying to facilitate the new service request (or trying to push a new status). This is necessary for the following cases and requirements (basically, when ad hoc, unsupervised connections are not allowed):
- When accountability is required for all Systems in the Local Cloud: connections cannot be established without the knowledge, approval and logged orchestration events of the Core Systems ("central governance").
- QoS and resource management reasons: ad hoc peer-to-peer connections cannot be allowed in certain managed networks and deployment scenarios. Every connection attempt shall be properly authorized and its QoS expectations (resource reservations) handled.
- Inter-Cloud orchestration can only happen via negotiations between the two Core System sets. Ad hoc inter-cloud connections shall not be allowed in the Arrowhead framework.
In these cases, when the Orchestrator is the sole entry point to establishing new connections within the Local Cloud, Application Systems do not have the possibility to skip any of the control loops with all the appropriate Core Systems. When such security and safety concerns are not present, the orchestration process might be cut back or these interactions between Core Systems might be limited. Within G4.0, this is not the primary use case, but it is allowed. With the proper self-implemented (modified) and a self-compiled Orchestrator can fit the deployment best.
Therefore, the Orchestrator provides two core Services and may consume many other ones, but at least two -- again, depending on its deployment. This figure depicts the mandatory and optional interfaces of this System.
In here, the provided Services are:
- Orchestration Service
- OrchestrationStoreManagement Service
Meanwhile the consumed Services can vary, depending on the instantiation/installation of this System. For example, the Orchestrator can utilize the services of:
- ServiceDiscovery Service from the ServiceRegistry,
- AuthorizationControl Service from the Authorization System,
- TokenGeneration Service from the Authorization System,
- GlobalServiceDiscovery from the Gatekeeper,
- Inter-CloudNegotiations from the Gatekeeper,
- QoSVerify from the QoS Manager,
- QoSReserve from the QoS Manager,
- Logging services from other supporting Systems, e.g. Historian,
- and any other service from Core Systems that are necessary to settle during orchestration.
The Orchestrator mainly consumes services from other Core Systems in order to fulfil its primary functionality: provide connection targets for Application Systems in a secure and resource managed manner -- hence build an SoS.
During this orchestration process the Orchestrator either facilitates a service request from an Application System or processes a system-of-systems (SoS) level choreography push from the Plant Description Engine ("Choreographer"). For the latter case, the Orchestrator System consumes the OrchestrationPush from affected Application Systems in order to deliver a renewed set of connection rules to them.
Within the Orchestrator, there is a database which captures design time bindings between Application Systems, the Orchestration Store. Operators of the Cloud and other System-of-Systems designer tools ("SoS Choreographers") are allowed to modify the rules stored in the Orchestration Store, other generic Application Systems are not.
The ServiceDiscovery Service is used to publish the Orchestration Service in the Service Registry. This Service is also used to query the Service Registry and fetch (metadata) information on other Application Systems.
The Services of the Authorization System can be used to verify access control and implement other security-related administration tasks.
The Services of the Gatekeeper can be utilized when inter-Cloud collaboration, servicing is required.
The Services of the QoS management System can be used to manage device, network and service-level Quality of Service agreements and configurations.
Orchestrator can be used in two ways. The first one uses predefined rules (coming from the Orchestrator Store DB) to find the appropriate providers for the consumer. The second option is the dynamic orchestration in which case the core service searches the whole local cloud (and maybe some other clouds) to find matching providers.
- requester system is mandatory,
- requested service and all the other parameters are optional,
- if requested service is not specified, then this service returns the top priority local provider of all services contained by the orchestrator store database for the requester system. if requested service is specified, then you have to define the service definition and exactly one interface (all other service requirements are optional). In this case, it returns all accessible providers from the orchestrator store database that provides the specified service via the specified interface to the specified consumer.
- requester system is mandatory,
- requested service is mandatory, but just the service definition part, all other parameters of the requested service are optional,
- all other parameters are optional
matchmaking
: the service automatically selects exactly one provider from the appropriate providers (if any),metadataSearch
: query in the Service Registry uses metadata filtering,onlyPreferred
: the service filters the results with the specified provider list,pingProviders
: the service checks whether the returning providers are online and remove the unaccessible ones from the results,overrideStore
: Services uses dynamic orchestration if this flag is true, otherwise it uses the orchestration store,enableInterCloud
: the service can search another clouds for providers if none of the local cloud providers match the requirements,triggerInterCloud
: the service skipped the search in the local cloud and tries to find providers in other clouds instead.
For the Orchestrator System, the primary scenario is to provide Application Systems with orchestration information upon request (Service Request). The outcome (Orchestration Response) include orchestration rules that will tell the Application System what service provider(s) it should connect to and how.
An alternative, secondary version of this scenario involves the same information, however, provided by a connection initialized by the Orchestrator, rather than the Application Service itself ("orchestration push"). This is used to relay changes made in the Orchestration Store to the Application Systems ("changes information exchange setup within the SoS").
Another scenario is when the Orchestration Store (that stores design time orchestration-related information) of the Orchestrator is being configured via an HMI or via the Plant Description Engine (SoS Choreographer) by the operators of the Local Cloud.
Use case 1: Service Request From Application System
Name | Description |
---|---|
ID | Orchestration Pull |
Brief Description | An Application System requests a Service |
Primary Actors | Service Consumer System |
Secondary Actors | - the other Core System instances of the Local Cloud - the Core Systems instance of another Local Cloud (in case of inter-Cloud orchestration) |
Preconditions | - |
Main Flow | - The Application System requests orchestration. - The Orchestrator System begins the orchestration process with the other Core Systems. - The Orchestrator System responds to the Application System based on the request. |
Postconditions | - |
Use case 2: Orchestration information pushed to Application System
Name | Description |
---|---|
ID | Orchestration Push |
Brief Description | The Orchestrator pushes new information on Application Systems |
Primary Actors | Orchestrator |
Secondary Actors | the other Core Systems instances of the Local Cloud |
Preconditions | Change in the Orchestration Store. |
Main flow | - The Orchestrator detects a change in the Orchestration Store. - The Orchestrator begins the orchestration process with the other Core Systems for every change in the Store. - The orchestrator pushes new connection rules to the Application Systems based on the new Store entry. |
Postconditions | - |
Use case 3: Orchestration information pushed to Application System
Name | Description |
---|---|
ID | Orchestration Push |
Brief Description | The Orchestrator pushes new information on Application Systems |
Primary Actors | Orchestrator |
Secondary Actors | the other Core Systems instances of the Local Cloud |
Preconditions | Change in the Orchestration Store. |
Main flow | - The Orchestrator detects a change in the Orchestration Store. - The Orchestrator begins the orchestration process with the other Core Systems for every change in the Store. - The orchestrator pushes new connection rules to the Application Systems based on the new Store entry. |
Postconditions | - |
The Orchestrator offers three types of endpoints. Client, Management and Private.
Swagger API documentation is available on: https://<host>:<port>
The base URL for the requests: http://<host>:<port>/orchestrator
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Echo | /echo | GET | - | OK |
Orchestration | /orchestration | POST | ServiceRequestForm | Orchestration Response |
Start store Orchestration by ID | /orchestration/{id} | GET | StoreEntryID | Orchestration Response |
These services can only be used by other core services, therefore they are not part of the public API.
Function | URL subpath | Method | Input | Output |
---|
There endpoints are mainly used by the Management Tool and Cloud Administrators.
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Get all Store Entries | /mgmt/store | GET | - | StoreEntryList |
Add Store Entries | /mgmt/store | POST | StoreRules | StoreEntryList |
Get Store Entry by ID | /mgmt/store/{id} | GET | StoreEntryID | StoreEntry |
Delete Store Entry by ID | /mgmt/store/{id} | DELETE | StoreEntryID | - |
Get Entries by Consumer | /mgmt/store/ all_by_consumer |
POST | ConsumerRule | StoreEntryList |
Get Top Priority Entries | /mgmt/store/ all_top_priority |
GET | - | StoreEntryList |
Modify Priorities | /mgmt/store/ modify_priorities |
POST | PriorityList | - |
The following services no longer exist:
GET /orchestrator/mgmt/store/default/{id}
PUT /orchestrator/mgmt/store/update/{id}
DELETE /orchestrator/mgmt/store/consumerId/{systemId}
GET /orchestrator/echo
Returns a "Got it" message with the purpose of testing the core service availability.
Note: 4.1.2 version: GET /orchestrator/orchestration It was basically the same with a slightly different return message
POST /orchestrator/orchestration
Initializes the orchestration process in which the Orchestrator Core System tries to find providers that match the specified requirements (and the consumer have right to use them).
ServiceRequestForm is the input
{
"requesterSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"requestedService": {
"serviceDefinitionRequirement": "string",
"interfaceRequirements": [
"string"
],
"securityRequirements": [
"NOT_SECURE", "CERTIFICATE", "TOKEN"
],
"metadataRequirements": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"versionRequirement": 0,
"maxVersionRequirement": 0,
"minVersionRequirement": 0
},
"preferredProviders": [
{
"providerCloud": {
"operator": "string",
"name": "string"
},
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0
}
}
],
"orchestrationFlags": {
"additionalProp1": true,
"additionalProp2": true,
"additionalProp3": true
}
}
Field | Description | Mandatory |
---|---|---|
requesterSystem |
Requester System | yes |
requestedService |
Requested Service | no |
preferredProviders |
Preferred Providers | no |
orchestrationFlags |
Orchestration Flags | no |
Orchestrator can be used in two ways. The first one uses predefined rules (coming from the Orchestrator Store DB) to find the appropriate providers for the consumer. The second option is the dynamic orchestration in which case the core service searches the whole local cloud (and maybe some other clouds) to find matching providers.
- requester system is mandatory,
- requested service and all the other parameters are optional,
- if requested service is not specified, then this service returns the top priority local provider of all services contained by the orchestrator store database for the requester system. if requested service is specified, then you have to define the service definition and exactly one interface (all other service requirements are optional). In this case, it returns all accessible providers from the orchestrator store database that provides the specified service via the specified interface to the specified consumer.
Field | Description | Mandatory |
---|---|---|
requesterSystem |
Requester System | yes |
requestedService |
Requested Service | no |
preferredProviders |
Preferred Providers | no |
orchestrationFlags |
Orchestration Flags | no |
- requester system is mandatory,
- requested service is mandatory, but just the service definition part, all other parameters of the requested service are optional,
- all other parameters are optional
Field | Description | Mandatory |
---|---|---|
requesterSystem |
Requester System | yes |
requestedService |
Requested Service | yes |
preferredProviders |
Preferred Providers | no |
orchestrationFlags |
Orchestration Flags | no |
Orchestration flags:
matchmaking
: the service automatically selects exactly one provider from the appropriate providers (if any),metadataSearch
: query in the Service Registry uses metadata filtering,onlyPreferred
: the service filters the results with the specified provider list,pingProviders
: the service checks whether the returning providers are online and remove the unaccessible ones from the results,overrideStore
: Services uses dynamic orchestration if this flag is true, otherwise it uses the orchestration store,enableInterCloud
: the service can search another clouds for providers if none of the local cloud providers match the requirements,triggerInterCloud
: the service skipped the search in the local cloud and tries to find providers in other clouds instead.
Returns an Orchestration Response
{
"response": [
{
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"service": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"secure": "TOKEN",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"interfaces": [
{
"id": 0,
"createdAt": "string",
"interfaceName": "string",
"updatedAt": "string"
}
],
"version": 0,
"authorizationTokens": {
"interfaceName1": "token1",
"interfaceName2": "token2"
},
"warnings": [
"FROM_OTHER_CLOUD", "TTL_UNKNOWN"
]
}
]
}
Field | Description |
---|---|
resposne |
Array containing the data |
provider |
Provider System |
service |
Service |
serviceUri |
URI of the Service |
secure |
Security info |
metadata |
Metadata |
interfaces |
List of the interfaces the Service supports |
version |
Version of the Service |
authorizationTokens |
Authorization Tokens |
warnings |
Warnings |
Note:
authorizationTokens
object only appears if the provider requires token authentication,authorizationTokens
is interface-specific
Note:
warnings array
can contains the following texts:
FROM_OTHER_CLOUD
(if the provider is in an other cloud)TTL_EXPIRED
(the provider is no longer accessible)TTL_EXPIRING
(the provider will be inaccessible in a matter of minutes),TTL_UNKNOWN
(the provider does not specified expiration time)
Note: 4.1.2 version: POST /orchestrator/orchestration
It was basically the same, however security requirement was not available.
GET /orchestrator/rchestration/{id}
If the consumer knows its' ID, it can used this service as shortcut for store-based orchestration when the service returns the top priority local provider of all services contained by the orchestrator store database for the requester system (identified by the ID)
Returns an Orchestration Response
{
"response": [
{
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"service": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"secure": "TOKEN",
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"interfaces": [
{
"id": 0,
"createdAt": "string",
"interfaceName": "string",
"updatedAt": "string"
}
],
"version": 0,
"authorizationTokens": {
"interfaceName1": "token1",
"interfaceName2": "token2"
},
"warnings": [
"FROM_OTHER_CLOUD", "TTL_UNKNOWN"
]
}
]
}
Field | Description |
---|---|
resposne |
Array containing the data |
provider |
Provider System |
service |
Service |
serviceUri |
URI of the Service |
secure |
Security info |
metadata |
Metadata |
interfaces |
List of the interfaces the Service supports |
version |
Version of the Service |
authorizationTokens |
Authorization Tokens |
warnings |
Warnings |
Note:
authorizationTokens
object only appears if the provider requires token authentication,authorizationTokens
is interface-specific
Note:
warnings array
can contains the following texts:
FROM_OTHER_CLOUD
(if the provider is in an other cloud)TTL_EXPIRED
(the provider is no longer accessible)TTL_EXPIRING
(the provider will be inaccessible in a matter of minutes),TTL_UNKNOWN
(the provider does not specified expiration time)
GET /orchestrator/mgmt/store
Returns a list of orchestrator store rule records. If page
and item_per_page
are not defined, returns
all records.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a StoreEntryList
{
"count": 0,
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"foreign": true,
"providerCloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": false,
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceInterface": {
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
},
"priority": 1,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of records found |
data |
Array of data |
id |
ID of the Store Entry |
serviceDefinition |
Service Definition |
consumerSystem |
Consumer System |
foreign |
Provider System in Foreign Cloud |
providerCloud |
Provider Cloud |
providerSystem |
Provider System |
serviceInterface |
Service Interface |
priority |
Priority |
metadata |
Metadata |
attribute |
Attributes |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: Rules are a little stricter than before: the service interface is also part of it. But the defaultEntry flag is no longer supported; now, entries with priority 1 is considered as defaults.
Note: 4.1.2 version: GET /orchestrator/mgmt/store/all
This version always returned all records in an array of JSON objects. The objects did not contain any time information. Rules didn't depend on interface.
POST /orchestrator/mgmt/store
Creates Orchestrator Store records and returns the newly created records.
StoreRules is the input
[
{
"serviceDefinitionName": "string",
"consumerSystemId": 0,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"providerSystem": {
"systemName": "string",
"address": "string",
"port": 0
},
"cloud": {
"operator": "string",
"name": "string"
},
"serviceInterfaceName": "string",
"priority": 1
}
]
Field | Description | Mandatory |
---|---|---|
serviceDefinitionName |
Service Definition | yes |
consumerSystemId |
Consumer System ID | yes |
attribute |
Attributes | no |
providerSystem |
Provider System | yes |
cloud |
Cloud | yes |
serviceInterfaceName |
Service Interface Name | yes |
priority |
Priority | yes |
Returns a StoreEntryList
{
"count": 0,
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"foreign": true,
"providerCloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": false,
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceInterface": {
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
},
"priority": 1,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of records found |
data |
Array of data |
id |
ID of the Store Entry |
serviceDefinition |
Service Definition |
consumerSystem |
Consumer System |
foreign |
Provider System in Foreign Cloud |
providerCloud |
Provider Cloud |
providerSystem |
Provider System |
serviceInterface |
Service Interface |
priority |
Priority |
metadata |
Metadata |
attribute |
Attributes |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: POST /orchestrator/mgmt/store<br/ > This version required whole JSON objects as consumer instead of id and didn't contains interface names. Also, it used defaultEntry flags.
GET /orchestrator/mgmt/store/{id}
Returns the orchestrator store rule record specified by the ID path parameter.
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"foreign": true,
"providerCloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": false,
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceInterface": {
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
},
"priority": 1,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the Store Entry |
serviceDefinition |
Service Definition |
consumerSystem |
Consumer System |
foreign |
Provider System in Foreign Cloud |
providerCloud |
Provider Cloud |
providerSystem |
Provider System |
serviceInterface |
Service Interface |
priority |
Priority |
metadata |
Metadata |
attribute |
Attributes |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /orchestrator/mgmt/store/{id}
The returned structure did not contain time information and interface names
DELETE /orchestrator/mgmt/store/{id}
Removes the Orchestrator Store rule record specified by the ID path parameter.
Note: 4.1.2 version: DELETE /orchestrator/mgmt/store/{id}
Same as the new version.
GET /orchestrator/mgmt/store/all_by_consumer
Returns a list of Orchestrator Store rule records related to consumer, service definition and
optionally service interface. If page
and item_per_page
are not defined, no paging is involved.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
ConsumerRule is the input
{
"consumerSystemId": 0,
"serviceDefinitionName": "string",
"serviceInterfaceName": "string"
}
Field | Description | Mandatory |
---|---|---|
consumerSystemId |
ID of the Consumer | yes |
serviceDefinitionName |
Service Definition | yes |
serviceInterfaceName |
Service Interface | no |
Returns a StoreEntryList
{
"count": 0,
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"foreign": true,
"providerCloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": false,
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceInterface": {
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
},
"priority": 1,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of records found |
data |
Array of data |
id |
ID of the Store Entry |
serviceDefinition |
Service Definition |
consumerSystem |
Consumer System |
foreign |
Provider System in Foreign Cloud |
providerCloud |
Provider Cloud |
providerSystem |
Provider System |
serviceInterface |
Service Interface |
priority |
Priority |
metadata |
Metadata |
attribute |
Attributes |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: PUT /orchestrator/mgmt/store
This version always returned all matching records in an array of JSON objects. The objects did not contain any time information and filtering by interface name was not available.
GET /orchestrator/mgmt/store/all_top_priority
Returns a list of orchestrator store rule records whose priority is 1. If page
and item_per_page
are
not defined, no paging is involved.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
Returns a StoreEntryList
{
"count": 0,
"data": [
{
"id": 0,
"serviceDefinition": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"consumerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"foreign": true,
"providerCloud": {
"id": 0,
"operator": "string",
"name": "string",
"authenticationInfo": "string",
"secure": true,
"neighbor": true,
"ownCloud": false,
"createdAt": "string",
"updatedAt": "string"
},
"providerSystem": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceInterface": {
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
},
"priority": 1,
"attribute": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of records found |
data |
Array of data |
id |
ID of the Store Entry |
serviceDefinition |
Service Definition |
consumerSystem |
Consumer System |
foreign |
Provider System in Foreign Cloud |
providerCloud |
Provider Cloud |
providerSystem |
Provider System |
serviceInterface |
Service Interface |
priority |
Priority |
metadata |
Metadata |
attribute |
Attributes |
createdAt |
Creation date of the entry |
updatedAt |
When the entry was last updated |
Note: 4.1.2 version: GET /orchestrator/mgmt/store/all_default
This version always returned all records where defaultEntry flag is true in an array of JSON objects. The objects did not contain any time information.
POST /orchestrator/mgmt/store/modify_priorities
Changes the priority field of the specified entries.
PriorityList is the input
{
"priorityMap": {
"{id1}": 1,
"{id2}": 2,
"{id3}": 3
}
}
Field | Description | Mandatory |
---|---|---|
priorityMap |
Priority List | yes |
Note: The keys of the map are Orcherstrator store rule IDs, the values are the new priorities.
Note: 4.1.2 version: PUT /orchestrator/mgmt/store/priorities
Same as the new version
placeholder
placeholder
placeholder
placeholder
This supporting core system has the purpose of providing inter-Cloud servicing capabilities in the Arrowhead Framework by its following services:
- Global Service Discovery (GSD)
- Inter-Cloud Negotiation (ICN)
These Services are part of the inter-Cloud orchestration process, but the Gatekeeper is only available for the other core systems. Gatekeeper is the only one core system which has the functionality of discovering other Clouds via Relay systems. Neighbor Clouds and Relay systems are stored in the MySQL database of this module.
During the inter-Cloud orchestration, the Global Service Discovery is the first process which aims to collect the known clouds with providers serving the specified service. After GSD, the Inter Cloud Negotiation process steps in place with the purpose of establishing the way of collaboration. Working together with the Orchestrators of both Clouds, at the end a servicing instace can be created.
Please follow this guide to setup the Arrowhead Gatekeeper and Gateway core systems: Gatekeeper & Gateway Setup Guide with ActiveMQ Relay
Use case 1: Global Service Discovery request
Name | Description |
---|---|
ID | GSD-1 |
Brief Description | The Gatekeeper is tasked to find a Service in other Local Clouds |
Primary Actors | Gatekeeper |
Secondary Actors | - Relays used by the Gatekeeper - The Gatekeeper instances of another Clouds |
Preconditions | Orchestration process was started by an Application System. |
Main Flow | - The Orchestrator consumes the GSD Initialization Service of its local Gatekeeper. - Gatekeeper collects the preferred or neighbor Clouds and one of its Relays. - The Gatekeeper queries the other Gatekeepers via the Relays. - These Gatekeepers verify whether they could facilitate this request or not. - The requester Gatekeeper collects these answers and respond via the GSD Initialization Service to its Orchestrator |
Postconditions | The Orchestrator has a list of other Local Clouds that can provide the Service we are looking for. |
Use case 2: Inter-Cloud Negotiation request
Name | Description |
---|---|
ID | ICN-1 |
Brief Description | The Gatekeeper is tasked to start negotiating with another Cloud. |
Primary Actors | Gatekeeper |
Secondary Actors | - Relays used by the Gatekeeper - The Gatekeeper instances of another Clouds - The other Orchestrator from the second Cloud |
Preconditions | Orchestration process was started by an Application System. The GSD process has ended, the requester Orchestrator has chosen a partnering Cloud, where it wants to connect to. |
Main Flow | - The Orchestrator consumes the ICN Initialization Service of its local Gatekeeper. - The Gatekeeper consumes the other Gatekeeper's ICN Proposal service via an Relay. - The secondary Gatekeeper validates the AuthorizationControl and requests Orchestration from its own Orchestrator - The secondary Orhestrator responds to the secondary Gatekeeper with an Orchestration result. - The secondary Gatekeeper responds to the primary, requester Gatekeeper. - Additional administrative tasks are executed (e.g. configuration of the Gateway modules) - The primary, requester Orchestrator is receiving the response via the ICN initialization service. |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Echo | /echo | GET | - | OK |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Init GSD | /gatekeeper/init_gsd | POST | GSDQueryForm | GSDQueryResult |
Init ICN | /gatekeeper/init_icn | POST | ICNRequestForm | ICNResult |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Get all Cloud entries | /mgmgt/clouds | GET | - | CloudWithRelaysListResponse |
Get Cloud by ID | /mgmgt/clouds/{id} | GET | cloudId | CloudWithRelaysResponse |
Register Clouds | /mgmgt/clouds | POST | CloudRequest list | CloudWithRelaysListResponse |
Update Cloud | /mgmgt/clouds/{id} | PUT | CloudRequest | CloudWithRelaysResponse |
Assign Relays to Cloud | /mgmgt/clouds/assign | POST | CloudRelaysAssignmentRequest | CloudWithRelaysResponse |
Delete Cloud | /mgmgt/clouds/{id} | DELETE | cloudId | - |
Get all Relay entries | /mgmgt/relays | GET | - | RelayListResponse |
Get Relay by ID | /mgmgt/relays/{id} | GET | relayId | RelayResponse |
Get Relay by Address and Port | /mgmgt/relays/{address}/{port} | GET | address, port | RelayResponse |
Register Relays | /mgmgt/relays | POST | RelayRequest list | RelayListResponse |
Update Relay | /mgmgt/relays/{id} | PUT | RelayRequest | RelayResponse |
Delete Relay | /mgmgt/relays/{id} | DELETE | relayId | - |
The following endpoints no longer exist:
GET /gatekeeper/mgmt/neighborhood/operator/{operator}/cloudname/{cloudName}
DELETE /gatekeeper/mgmt/neighborhood/operator/{operator}/cloudname/{cloudName}
GET /gatekeeper/mgmt/brokers/brokername/{brokerName}
GET /gatekeeper/mgmt/brokers/address/{address}
GET /gatekeeper/echo
Returns a "Got it" message with the purpose of testing the core service availability.
POST /gatekeeper/init_gsd
Returns the result of Global Service Discovery.
GSDQueryForm is the input
{
"requestedService": {
"serviceDefinitionRequirement": "string",
"interfaceRequirements": [
"string"
],
"securityRequirements": [
"NOT_SECURE"
],
"versionRequirement": 0,
"maxVersionRequirement": 0,
"minVersionRequirement": 0,
"pingProviders": true,
"metadataRequirements": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
},
"preferredClouds": [
{
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
}
]
}
Field | Description | Mandatory |
---|---|---|
requestedService |
Object describes the requested service | yes |
serviceDefinitionRequirement |
Service Definition | yes |
interfaceRequirements |
List of interfaces | no |
securityRequirements |
List of required security levels | no |
versionRequirement |
Version of the Service | no |
maxVersionRequirement |
Maximum version of the Service | no |
minVersionRequirement |
Minimum version of the Service | no |
pingProviders |
Whether or not the providers should be pinged | no |
metadataRequirements |
Metadata | no |
preferredClouds |
List of preferred clouds | no |
GSDQueryResult is the output
{
"results": [
{
"providerCloud": {
"id": 0,
"name": "string",
"operator": "string",
"authenticationInfo": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"createdAt": "string",
"updatedAt": "string"
},
"requiredServiceDefinition": "string",
"availableInterfaces": [
"string"
],
"serviceMetadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"numOfProviders": 0
}
],
"unsuccessfulRequests": 0
}
Field | Description |
---|---|
results |
List of result objects |
providerCloud |
Cloud where the result coming from |
requiredServiceDefinition |
Service Definition |
availableInterfaces |
List of available interfaces |
serviceMetadata |
Metadata |
numOfProviders |
Number of providers serving the service within the cloud |
unsuccessfulRequests |
Number of clouds not responded |
POST /gatekeeper/init_icn
Returns the result of Inter-Cloud Negotiation.
ICNRequestForm is the input
{
"targetCloudId": 0,
"requestedService": {
"serviceDefinitionRequirement": "string",
"interfaceRequirements": [
"string"
],
"securityRequirements": [
"NOT_SECURE"
],
"versionRequirement": 0,
"maxVersionRequirement": 0,
"minVersionRequirement": 0,
"pingProviders": true,
"metadataRequirements": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
}
},
"preferredSystems": [
{
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
}
],
"requesterSystem": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"negotiationFlags": {
"additionalProp1": true,
"additionalProp2": true,
"additionalProp3": true
}
}
Field | Description | Mandatory |
---|---|---|
targetCloudId |
Local ID of the target cloud | yes |
requestedService |
Object describes the requested service | yes |
serviceDefinitionRequirement |
Service Definition | yes |
interfaceRequirements |
List of interfaces | no |
securityRequirements |
List of required security levels | no |
versionRequirement |
Version of the Service | no |
maxVersionRequirement |
Maximum version of the Service | no |
minVersionRequirement |
Minimum version of the Service | no |
pingProviders |
Whether or not the providers should be pinged | no |
metadataRequirements |
Metadata | no |
preferredSystems |
List of perferred systems | no |
requesterSystem |
Requester Cloud details (Own cloud) | yes |
negotiationFlags |
Orchestration flags | no |
ICNResult is the output
{
"response": [
{
"service": {
"id": 0,
"serviceDefinition": "string",
"createdAt": "string",
"updatedAt": "string"
},
"serviceUri": "string",
"provider": {
"id": 0,
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string"
},
"interfaces": [
{
"id": 0,
"interfaceName": "string",
"createdAt": "string",
"updatedAt": "string"
}
],
"secure": "NOT_SECURE",
"version": 0,
"metadata": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"authorizationTokens": {
"additionalProp1": "string",
"additionalProp2": "string",
"additionalProp3": "string"
},
"warnings": [
"FROM_OTHER_CLOUD"
]
}
]
}
Field | Description |
---|---|
results |
List of result objects |
service |
Required service |
serviceUri |
URI of the service |
provider |
Provider details |
interfaces |
List of available interfaces |
secure |
Level of security |
version |
Version number |
metadata |
Service metadata |
authorizationTokens |
Authorization Tokens per interfaces |
warnings |
Warnings |
GET /gatekeeper/mgmgt/clouds
Returns Cloud entries by the given paging parameters. If page
and item_per_page
are
not defined, no paging is involved.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
CloudWithRelaysListRespone is the output.
{
"count": 0,
"data": [
{
"id": 0,
"name": "string",
"operator": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string",
"gatekeeperRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
],
"gatewayRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
]
}
Field | Description |
---|---|
count |
Number of record found |
data |
Array of data |
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
ownCloud |
Whether or not it is the own Cloud |
secure |
Whether or not it is a secured Cloud/Relay |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelays |
List of Relays uesd by Gatekeeper |
gatewayRelays |
List of Relays uesd by Gateway |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
GET /gatekeeper/mgmgt/clouds/{id}
Returns the Cloud Entry specified by the ID path parameter.
CloudWithRelaysResponse is the output.
{
"id": 0,
"name": "string",
"operator": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string",
"gatekeeperRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
],
"gatewayRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
ownCloud |
Whether or not it is the own Cloud |
secure |
Whether or not it is a secured Cloud/Relay |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelays |
List of Relays used by Gatekeeper |
gatewayRelays |
List of Relays used by Gateway |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
POST /gatekeeper/mgmgt/clouds
Returns created Cloud entries.
CloudRequest list is the input.
[
{
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
}
]
Field | Description |
---|---|
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
secure |
Whether or not it is a secured Cloud |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelayIds |
List of Relay IDs used by Gatekeeper |
gatewayRelayIds |
List of Relay IDs used by Gateway |
CloudWithRelaysListResponse is the output.
{
"count": 0,
"data": [
{
"id": 0,
"name": "string",
"operator": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string",
"gatekeeperRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
],
"gatewayRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
]
}
Field | Description |
---|---|
count |
Number of record found |
data |
Array of data |
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
ownCloud |
Whether or not it is the own Cloud |
secure |
Whether or not it is a secured Cloud/Relay |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelays |
List of Relays uesd by Gatekeeper |
gatewayRelays |
List of Relays uesd by Gateway |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
PUT /gatekeeper/mgmgt/clouds/{id}
Returns updated Cloud entry specified by the ID path parameter.
CloudRequest is the input.
{
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
}
Field | Description |
---|---|
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
secure |
Whether or not it is a secured Cloud |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelayIds |
List of Relay IDs used by Gatekeeper |
gatewayRelayIds |
List of Relay IDs used by Gateway |
CloudWithRelaysResponse is the output.
{
"id": 0,
"name": "string",
"operator": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string",
"gatekeeperRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
],
"gatewayRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
ownCloud |
Whether or not it is the own Cloud |
secure |
Whether or not it is a secured Cloud/Relay |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelays |
List of Relays uesd by Gatekeeper |
gatewayRelays |
List of Relays uesd by Gateway |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
POST /gatekeeper/mgmgt/clouds/assign
Returns updated Cloud entry.
CloudRelaysAssignmentRequest is the input.
{
"cloudId": 0,
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
}
Field | Description |
---|---|
cloudId |
ID of the cloud |
gatekeeperRelayIds |
List of Relay IDs used by Gatekeeper |
gatewayRelayIds |
List of Relay IDs used by Gateway |
CloudWithRelaysResponse is the output.
{
"id": 0,
"name": "string",
"operator": "string",
"neighbor": true,
"ownCloud": true,
"secure": true,
"authenticationInfo": "string",
"createdAt": "string",
"updatedAt": "string",
"gatekeeperRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
],
"gatewayRelays": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
name |
Name of the cloud |
operator |
Operator of the cloud |
neighbor |
Whether or not it is a neighbor Cloud |
ownCloud |
Whether or not it is the own Cloud |
secure |
Whether or not it is a secured Cloud/Relay |
authenticationInfo |
Base64 encoded public key of the Cloud |
gatekeeperRelays |
List of Relays used by Gatekeeper |
gatewayRelays |
List of Relays used by Gateway |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
DELETE /gatekeeper/mgmgt/clouds/{id}
Remove requested Cloud entry
GET /gatekeeper/mgmgt/relays
Returns Relay entries by the given paging parameters. If page
and item_per_page
are
not defined, no paging is involved.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
sort_field |
sorts by the given column | no |
direction |
direction of sorting | no |
Note: Default value for
sort_field
isid
. All possible values are:
id
createdAt
updatedAt
Note: Default value for
direction
isASC
. All possible values are:
ASC
DESC
RelayListResponse is the output.
{
"count": 0,
"data": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of record found |
data |
Array of data |
id |
ID of the Relay |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
GET /gatekeeper/mgmgt/relays/{id}
Returns the Relay Entry specified by the ID path parameter.
RelayResponse is the output.
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the Relay |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
GET /gatekeeper/mgmgt/relays/{address}/{port}
Returns the Relay Entry specified by the address and port path parameter.
RelayResponse is the output.
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the Relay |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
POST /gatekeeper/mgmgt/relays
RelayRequest list is the input
[
{
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
Field | Description |
---|---|
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
RelayListResponse is the output.
{
"count": 0,
"data": [
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
]
}
Field | Description |
---|---|
count |
Number of record found |
data |
Array of data |
id |
ID of the Relay |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
PUT /gatekeeper/mgmgt/relays/{id}
Returns updated Relay entry specified by the ID path parameter.
RelayRequest is the input.
{
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
RelayResponse is the output.
{
"id": 0,
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEKEEPER_RELAY",
"createdAt": "string",
"updatedAt": "string"
}
Field | Description |
---|---|
id |
ID of the Relay |
address |
Host of the Relay |
port |
Port of the Relay |
exclusive |
Whether or not is is a not public Relay |
secure |
Whether or not it is a secured Relay |
type |
Type of the Relay (Possible values: 'GENERAL_RELAY, 'GATEKEEPER_RELAY', 'GATEWAY_RELAY') |
DELETE /gatekeeper/mgmgt/relays/{id}
Remove requested Relay entry.
This supporting core system has the purpose of establishing a secured datapath - if required - between a consumer and a provider located in different clouds by its following services:
- Connect to Consumer
- Connect to Provider
These Services are part of the Inter-Cloud Negotiation (ICN) process initiated by the requester cloud's Gatekeeper. During the ICN process, when a Gateway is required by one of the cloud, then the Gatekeepers in both cloud establish a new datapath to their application systems and ensure the data exchange via a Relay system.
Please follow this guide to setup the Arrowhead Gatekeeper and Gateway core systems: Gatekeeper & Gateway Setup Guide with ActiveMQ Relay
Use case 1: Connect to Consumer
Name | Description |
---|---|
ID | Connect-To-Consumer |
Brief Description | The Gateway is tasked to connect to the Consumer and mediate between the Relay and the Consumer. |
Primary Actors | Gatekeeper |
Secondary Actors | - Arrowhead compliant ActiveMQ Relay |
Preconditions | Inter-Cloud orchestration process was started by a consuming Application System. |
Main Flow | - The Gatekeeper sends a ConnectToConsumerRequest to the Gateway. - The Gateway internally creates a new ActiveSession object. - The Gateway starts a new thread. - The Gateway creates a sslServerSocket. - The Consumer connects to the port of the serverSocket. - The Gateway gets the request from the Consumer through the SSLSocket forwards it to the Relay. - The Gateway gets the response from the Provider via the Relay, decrypts and forwards it to the Consumer through the socket. - The Gateway checks the control messages from the Relay and if a "close" message is received, than close the session. |
Use case 2: Connect to Provider
Name | Description |
---|---|
ID | Connect-To-Provider |
Brief Description | The Gateway is tasked to connect to the Provider and mediate between the Relay and the Provider. |
Primary Actors | Gatekeeper |
Secondary Actors | - Arrowhead compliant ActiveMQ Relay |
Preconditions | Inter-Cloud orchestration process was started by a consuming Application System. |
Main Flow | - The Gatekeeper sends a ConnectToProviderRequest to the Gateway. - The Gateway internally creates a new ActiveSession object with new queues for a choosen Relay. - The Gateway starts a new thread. - The Gateway creates a sslServerSocket. - The Gateway gets the request from the Consumer through the Relay. - The Gateway gets the response from the Provider via the SSLSocket, then encrypts and forwards it to the Relay. - The Gateway checks the control messages from the Relay and if a "close" message is received, than close the session. |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Echo | /echo | GET | - | OK |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Connect To Consumer | /connect_consumer | POST | GatewayConsumerConnectionRequest | Server Port number |
Connect To Provider | /connect_provider | POST | GatewayProviderConnectionRequest | GatewayProviderConnectionResponse |
Get Public Key | /publickey | GET | - | Public Key string |
Function | URL subpath | Method | Input | Output |
---|---|---|---|---|
Get Active Sessions | /mgmgt/sessions | GET | - | ActiveSessionList |
Close Session | /mgmgt/sessions/close | POST | ActiveSession | OK |
GET /gateway/echo
Returns a "Got it" message with the purpose of testing the core service availability.
POST /gateway/connect_consumer
Creates a ServerSocket between the given Relay and Consumer and return the ServerSocket port.
GatewayConsumerConnectionRequest is the input.
{
"consumer": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"consumerCloud": {
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"provider": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"providerCloud": {
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"providerGWPublicKey": "string",
"peerName": "string",
"queueId": "string",
"relay": {
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "string"
},
"serviceDefinition": "string"
}
Field | Description |
---|---|
consumer |
Consumer Application System |
consumerCloud |
Cloud of Consumer Application System |
provider |
Provider Application System |
providerCloud |
Cloud of Provider Application System |
providerGWPublicKey |
Base64 encoded public key of provider cloud's Gateway |
peerName |
Server Common Name of provider cloud's Gateway |
queueId |
ID of the message queue in the Relay created by the provider |
relay |
Messaging Relay system |
serviceDefinition |
Definition of the service. |
POST /gateway/connect_provider
Creates a Socket and Message queue between the given Relay and Provider and returns the necessary connection information.
GatewayProviderConnectionRequest is the input.
{
"consumer": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"consumerCloud": {
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"provider": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"providerCloud": {
"name": "string",
"operator": "string",
"neighbor": true,
"secure": true,
"authenticationInfo": "string",
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"consumerGWPublicKey": "string",
"relay": {
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "string"
},
"serviceDefinition": "string"
}
Field | Description |
---|---|
consumer |
Consumer Application System |
consumerCloud |
Cloud of Consumer Application System |
provider |
Provider Application System |
providerCloud |
Cloud of Provider Application System |
consumerGWPublicKey |
Base64 encoded public key of consumer cloud's Gateway |
relay |
Messaging Relay system |
serviceDefinition |
Definition of the service. |
GatewayProviderConnectionResponse is the output.
{
"peerName": "string",
"queueId": "string",
"providerGWPublicKey": "string"
}
Field | Description |
---|---|
peerName |
Server Common Name of provider cloud's Gateway |
queueId |
ID of the message queue in the Relay created by the provider |
providerGWPublicKey |
Base64 encoded public key of provider cloud's Gateway |
GET /gateway/publickey
Returns the public key of the Gateway core service as a Base64 encoded text.
GET /gateway/mgmgt/sessions
Returns active Gateway sessions by the given paging parameters. If page
and item_per_page
are
not defined, no paging is involved.
Query params:
Field | Description | Mandatory |
---|---|---|
page |
zero based page index | no |
item_per_page |
maximum number of items returned | no |
ActiveSessionList is the output.
{
"count": 0,
"data": [
{
"queueId": "string",
"peerName": "string",
"consumer": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"consumerCloud": {
"name": "string",
"operator": "string",
"authenticationInfo": "string",
"neighbor": true,
"secure": true,
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"provider": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"providerCloud": {
"name": "string",
"operator": "string",
"authenticationInfo": "string",
"neighbor": true,
"secure": true,
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"serviceDefinition": "string",
"relay": {
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY"
},
"requestQueue": "string",
"requestControlQueue": "string",
"responseQueue": "string",
"responseControlQueue": "string",
"sessionStartedAt": "string",
"consumerServerSocketPort": 0
}
]
}
Field | Description |
---|---|
count |
Number of record found |
data |
Array of data |
queueId |
ID of the message queue in the Relay created by the provider |
peerName |
Server Common Name of provider cloud's Gateway |
consumer |
Consumer Application System |
consumerCloud |
Cloud of Consumer Application System |
provider |
Provider Application System |
providerCloud |
Cloud of Provider Application System |
serviceDefinition |
Definition of the service. |
relay |
Messaging Relay system |
requestQueue |
request messaging queue through the the Relay |
requestControlQueue |
control queue of request messaging through the the Relay |
responseQueue |
response messaging queue through the the Relay |
responseControlQueue |
control queue of response messaging through the the Relay |
sessionStartedAt |
Time stamp of session start |
consumerServerSocketPort |
Port number delegated to consumer connection |
POST /gateway/mgmgt/sessions/close
Closing the requested active gateway session.
ActiveSession is the output.
{
"queueId": "string",
"peerName": "string",
"consumer": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"consumerCloud": {
"name": "string",
"operator": "string",
"authenticationInfo": "string",
"neighbor": true,
"secure": true,
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"provider": {
"systemName": "string",
"address": "string",
"port": 0,
"authenticationInfo": "string"
},
"providerCloud": {
"name": "string",
"operator": "string",
"authenticationInfo": "string",
"neighbor": true,
"secure": true,
"gatekeeperRelayIds": [
0
],
"gatewayRelayIds": [
0
]
},
"serviceDefinition": "string",
"relay": {
"address": "string",
"port": 0,
"exclusive": true,
"secure": true,
"type": "GATEWAY_RELAY"
},
"requestQueue": "string",
"requestControlQueue": "string",
"responseQueue": "string",
"responseControlQueue": "string",
"sessionStartedAt": "string",
"consumerServerSocketPort": 0
}
Field | Description |
---|---|
queueId |
ID of the message queue in the Relay created by the provider |
peerName |
Server Common Name of provider cloud's Gateway |
consumer |
Consumer Application System |
consumerCloud |
Cloud of Consumer Application System |
provider |
Provider Application System |
providerCloud |
Cloud of Provider Application System |
serviceDefinition |
Definition of the service. |
relay |
Messaging Relay system |
requestQueue |
request messaging queue through the the Relay |
requestControlQueue |
control queue of request messaging through the the Relay |
responseQueue |
response messaging queue through the the Relay |
responseControlQueue |
control queue of response messaging through the the Relay |
sessionStartedAt |
Time stamp of session start |