-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfiguration.go
219 lines (186 loc) · 19.5 KB
/
configuration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
/*
Rudder API
Download OpenAPI specification: [openapi.yml](openapi.yml) **Other documentation sources**: * [Main documentation](https://docs.rudder.io) * [Internal relay API](https://docs.rudder.io/api/relay/) # Introduction Rudder exposes a REST API, enabling the user to interact with Rudder without using the webapp, for example, in scripts or cron jobs. ## Authentication The Rudder REST API uses simple API keys for authentication. All requests must be authenticated (except from a generic status API). The tokens are 32-character strings, passed in a `X-API-Token` header, like in: ```bash curl --header \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/latest/rules ``` The tokens are the API equivalent of a password, and must be secured just like a password would be. ### API accounts The accounts are managed in the Web interface. There are two possible types of accounts: * **Global API accounts**: they are not linked to a Rudder user, and are managed by Rudder administrators in the _Administration -> API accounts_ page. You should define an expiration date whenever possible. ![General API tokens settings](assets/api-tokens.png \"General API tokens settings\") * **User tokens**: they are linked to a Rudder user, and give the same rights the user has. There can be only one token by user. This feature is provided by the `api-authorizatons` plugin. ![User API token](assets/api-user.png \"User API token\") When an action produces a change of configuration on the server, the API account that made it will be recorded in the event log, like for a Web interaction. ### Authorization When using Rudder without the `api-authorizatons` plugin, only global accounts are available, with two possible privilege levels, read-only or write. With the `api-authorizatons` plugin, you also get access to: * User tokens, which have the same permissions as the user, using the Rudder roles and permissions feature. * Custom ACLs on global API accounts. They provide fine-grained permissions on every endpoint: ![Custom API ACL](assets/custom-acl.png \"Custom API ACL\") As a general principle, you should create dedicated tokens with the least privilege level for each different interaction you have with the API. This limits the risks of exploitation if a token is stolen, and allows tracking the activity of each token separately. Token renewal is also easier when they are only used for a limited purpose. ## Versioning Each time the API is extended with new features (new functions, new parameters, new responses, ...), it will be assigned a new version number. This will allow you to keep your existing scripts (based on previous behavior). Versions will always be integers (no 2.1 or 3.3, just 2, 3, 4, ...) or `latest`. You can change the version of the API used by setting it either within the url or in a header: * the URL: each URL is prefixed by its version id, like `/api/version/function`. ```bash # Version 10 curl -X GET -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/10/rules # Latest curl -X GET -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/latest/rules # Wrong (not an integer) => 404 not found curl -X GET -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/3.14/rules ``` * the HTTP headers. You can add the **X-API-Version** header to your request. The value needs to be an integer or `latest`. ```bash # Version 10 curl -X GET -H \"X-API-Token: yourToken\" -H \"X-API-Version: 10\" https://rudder.example.com/rudder/api/rules # Wrong => Error response indicating which versions are available curl -X GET -H \"X-API-Token: yourToken\" -H \"X-API-Version: 3.14\" https://rudder.example.com/rudder/api/rules ``` In the future, we may declare some versions as deprecated, in order to remove them in a later version of Rudder, but we will never remove any versions without warning, or without a safe period of time to allow migration from previous versions. <h4>Existing versions</h4> <table> <thead> <tr> <th style=\"width: 20%\">Version</th> <th style=\"width: 20%\">Rudder versions it appeared in</th> <th style=\"width: 70%\">Description</th> </tr> </thead> <tbody> <tr> <td class=\"code\">1</td> <td class=\"code\">Never released (for internal use only)</td> <td>Experimental version</td> </tr> <tr> <td class=\"code\">2 to 10 (deprecated)</td> <td class=\"code\">4.3 and before</td> <td>These versions provided the core set of API features for rules, directives, nodes global parameters, change requests and compliance, rudder settings, and system API</td> </tr> <tr> <td class=\"code\">11</td> <td class=\"code\">5.0</td> <td>New system API (replacing old localhost v1 api): status, maintenance operations and server behavior</td> </tr> <tr> <td class=\"code\">12</td> <td class=\"code\">6.0 and 6.1</td> <td>Node key management</td> </tr> <tr> <td class=\"code\">13</td> <td class=\"code\">6.2</td> <td><ul> <li>Node status endpoint</li> <li>System health check</li> <li>System maintenance job to purge software [that endpoint was back-ported in 6.1]</li> </ul></td> </tr> <tr> <td class=\"code\">14</td> <td class=\"code\">7.0</td> <td><ul> <li>Secret management</li> <li>Directive tree</li> <li>Improve techniques management</li> <li>Demote a relay</li> </ul></td> </tr> <tr> <td class=\"code\">15</td> <td class=\"code\">7.1</td> <td><ul> <li>Package updates in nodes</li> </ul></td> </tr> <tr> <td class=\"code\">16</td> <td class=\"code\">7.2</td> <td><ul> <li>Create node API included from plugin</li> <li>Configuration archive import/export</li> </ul></td> </tr> <tr> <td class=\"code\">17</td> <td class=\"code\">7.3</td> <td><ul> <li>Compliance by directive</li> <li>Path campaigns API included</li> </ul></td> </tr> <tr> <td class=\"code\">18</td> <td class=\"code\">8.0</td> <td><ul> <li>Allowed network </li> <li>Improve the structure of `/settings/allowed_networks` output</li> </ul></td> </tr> </tbody> </table> ## Response format All responses from the API are in the JSON format. ```json { \"action\": \"The name of the called function\", \"id\": \"The ID of the element you want, if relevant\", \"result\": \"The result of your action: success or error\", \"data\": \"Only present if this is a success and depends on the function, it's usually a JSON object\", \"errorDetails\": \"Only present if this is an error, it contains the error message\" } ``` * __Success__ responses are sent with the 200 HTTP (Success) code * __Error__ responses are sent with a HTTP error code (mostly 5xx...) ## HTTP method Rudder's REST API is based on the usage of [HTTP methods](http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html). We use them to indicate what action will be done by the request. Currently, we use four of them: * **GET**: search or retrieve information (get rule details, get a group, ...) * **PUT**: add new objects (create a directive, clone a Rule, ...) * **DELETE**: remove objects (delete a node, delete a parameter, ...) * **POST**: update existing objects (update a directive, reload a group, ...) ## Parameters ### General parameters Some parameters are available for almost all API functions. They will be described in this section. They must be part of the query and can't be submitted in a JSON form. #### Available for all requests <table> <thead> <tr> <th style=\"width: 30%\">Field</th> <th style=\"width: 10%\">Type</th> <th style=\"width: 70%\">Description</th> </tr> </thead> <tbody> <tr> <td class=\"code\">prettify</td> <td><b>boolean</b><br><i>optional</i></td> <td> Determine if the answer should be prettified (human friendly) or not. We recommend using this for debugging purposes, but not for general script usage as this does add some unnecessary load on the server side. <p class=\"default-value\">Default value: <code>false</code></p> </td> </tr> </tbody> </table> #### Available for modification requests (PUT/POST/DELETE) <table> <thead> <tr> <th style=\"width: 25%\">Field</th> <th style=\"width: 12%\">Type</th> <th style=\"width: 70%\">Description</th> </tr> </thead> <tbody> <tr> <td class=\"code\">reason</td> <td><b>string</b><br><i>optional</i> or <i>required</i></td> <td> Set a message to explain the change. If you set the reason messages to be mandatory in the web interface, failing to supply this value will lead to an error. <p class=\"default-value\">Default value: <code>\"\"</code></p> </td> </tr> <tr> <td class=\"code\">changeRequestName</td> <td><b>string</b><br><i>optional</i></td> <td> Set the change request name, is used only if workflows are enabled. The default value depends on the function called <p class=\"default-value\">Default value: <code>A default string for each function</code></p> </td> </tr> <tr> <td class=\"code\">changeRequestDescription</td> <td><b>string</b><br><i>optional</i></td> <td> Set the change request description, is used only if workflows are enabled. <p class=\"default-value\">Default value: <code>\"\"</code></p> </td> </tr> </tbody> </table> ### Passing parameters Parameters to the API can be sent: * As part of the URL for resource identification * As data for POST/PUT requests * Directly in JSON format * As request arguments #### As part of the URL for resource identification Parameters in URLs are used to indicate which resource you want to interact with. The function will not work if this resource is missing. ```bash # Get the Rule of ID \"id\" curl -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/latest/rules/id ``` CAUTION: To avoid surprising behavior, do not put a '/' at the end of a URL: it would be interpreted as '/[empty string parameter]' and redirected to '/index', likely not what you wanted to do. #### Sending data for POST/PUT requests ##### Directly in JSON format JSON format is the preferred way to interact with Rudder API for creating or updating resources. You'll also have to set the *Content-Type* header to **application/json** (without it the JSON content would be ignored). In a `curl` `POST` request, that header can be provided with the `-H` parameter: ```bash curl -X POST -H \"Content-Type: application/json\" ... ``` The supplied file must contain a valid JSON: strings need quotes, booleans and integers don't, etc. The (human-readable) format is: ```json { \"key1\": \"value1\", \"key2\": false, \"key3\": 42 } ``` Here is an example with inlined data: ```bash # Update the Rule 'id' with a new name, disabled, and setting it one directive curl -X POST -H \"X-API-Token: yourToken\" -H \"Content-Type: application/json\" https://rudder.example.com/rudder/api/rules/latest/{id} -d '{ \"displayName\": \"new name\", \"enabled\": false, \"directives\": \"directiveId\"}' ``` You can also pass a supply the JSON in a file: ```bash # Update the Rule 'id' with a new name, disabled, and setting it one directive curl -X POST -H \"X-API-Token: yourToken\" -H \"Content-Type: application/json\" https://rudder.example.com/rudder/api/rules/latest/{id} -d @jsonParam ``` Note that the general parameters view in the previous chapter cannot be passed in a JSON, and you will need to pass them a URL parameters if you want them to be taken into account (you can't mix JSON and request parameters): ```bash # Update the Rule 'id' with a new name, disabled, and setting it one directive with reason message \"Reason used\" curl -X POST -H \"X-API-Token: yourToken\" -H \"Content-Type: application/json\" \"https://rudder.example.com/rudder/api/rules/latest/{id}?reason=Reason used\" -d @jsonParam -d \"reason=Reason ignored\" ``` ##### Request parameters In some cases, when you have little, simple data to update, JSON can feel bloated. In such cases, you can use request parameters. You will need to pass one parameter for each data you want to change. Parameters follow the following schema: ``` key=value ``` You can pass parameters by two means: * As query parameters: At the end of your url, put a **?** then your first parameter and then a **&** before next parameters. In that case, parameters need to be https://en.wikipedia.org/wiki/Percent-encoding[URL encoded] ```bash # Update the Rule 'id' with a new name, disabled, and setting it one directive curl -X POST -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/rules/latest/{id}?\"displayName=my new name\"&\"enabled=false\"&\"directives=aDirectiveId\" ``` * As request data: You can pass those parameters in the request data, they won't figure in the URL, making it lighter to read, You can pass a file that contains data. ```bash # Update the Rule 'id' with a new name, disabled, and setting it one directive (in file directive-info.json) curl -X POST -H \"X-API-Token: yourToken\" https://rudder.example.com/rudder/api/rules/latest/{id} -d \"displayName=my new name\" -d \"enabled=false\" -d @directive-info.json ```
API version: 18
Contact: [email protected]
*/
// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
package rudder-golang
import (
"context"
"fmt"
"net/http"
"strings"
)
// contextKeys are used to identify the type of value in the context.
// Since these are string, it is possible to get a short description of the
// context key for logging and debugging using key.String().
type contextKey string
func (c contextKey) String() string {
return "auth " + string(c)
}
var (
// ContextAPIKeys takes a string apikey as authentication for the request
ContextAPIKeys = contextKey("apiKeys")
// ContextServerIndex uses a server configuration from the index.
ContextServerIndex = contextKey("serverIndex")
// ContextOperationServerIndices uses a server configuration from the index mapping.
ContextOperationServerIndices = contextKey("serverOperationIndices")
// ContextServerVariables overrides a server configuration variables.
ContextServerVariables = contextKey("serverVariables")
// ContextOperationServerVariables overrides a server configuration variables using operation specific values.
ContextOperationServerVariables = contextKey("serverOperationVariables")
)
// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
type BasicAuth struct {
UserName string `json:"userName,omitempty"`
Password string `json:"password,omitempty"`
}
// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
type APIKey struct {
Key string
Prefix string
}
// ServerVariable stores the information about a server variable
type ServerVariable struct {
Description string
DefaultValue string
EnumValues []string
}
// ServerConfiguration stores the information about a server
type ServerConfiguration struct {
URL string
Description string
Variables map[string]ServerVariable
}
// ServerConfigurations stores multiple ServerConfiguration items
type ServerConfigurations []ServerConfiguration
// Configuration stores the configuration of the API client
type Configuration struct {
Host string `json:"host,omitempty"`
Scheme string `json:"scheme,omitempty"`
DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
UserAgent string `json:"userAgent,omitempty"`
Debug bool `json:"debug,omitempty"`
Servers ServerConfigurations
OperationServers map[string]ServerConfigurations
HTTPClient *http.Client
}
// NewConfiguration returns a new Configuration object
func NewConfiguration() *Configuration {
cfg := &Configuration{
DefaultHeader: make(map[string]string),
UserAgent: "OpenAPI-Generator/0.0.1/go",
Debug: false,
Servers: ServerConfigurations{
{
URL: "https://rudder.example.local/rudder/api/latest",
Description: "Rudder server",
},
},
OperationServers: map[string]ServerConfigurations{
},
}
return cfg
}
// AddDefaultHeader adds a new HTTP header to the default header in the request
func (c *Configuration) AddDefaultHeader(key string, value string) {
c.DefaultHeader[key] = value
}
// URL formats template on a index using given variables
func (sc ServerConfigurations) URL(index int, variables map[string]string) (string, error) {
if index < 0 || len(sc) <= index {
return "", fmt.Errorf("index %v out of range %v", index, len(sc)-1)
}
server := sc[index]
url := server.URL
// go through variables and replace placeholders
for name, variable := range server.Variables {
if value, ok := variables[name]; ok {
found := bool(len(variable.EnumValues) == 0)
for _, enumValue := range variable.EnumValues {
if value == enumValue {
found = true
}
}
if !found {
return "", fmt.Errorf("the variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
}
url = strings.Replace(url, "{"+name+"}", value, -1)
} else {
url = strings.Replace(url, "{"+name+"}", variable.DefaultValue, -1)
}
}
return url, nil
}
// ServerURL returns URL based on server settings
func (c *Configuration) ServerURL(index int, variables map[string]string) (string, error) {
return c.Servers.URL(index, variables)
}
func getServerIndex(ctx context.Context) (int, error) {
si := ctx.Value(ContextServerIndex)
if si != nil {
if index, ok := si.(int); ok {
return index, nil
}
return 0, reportError("Invalid type %T should be int", si)
}
return 0, nil
}
func getServerOperationIndex(ctx context.Context, endpoint string) (int, error) {
osi := ctx.Value(ContextOperationServerIndices)
if osi != nil {
if operationIndices, ok := osi.(map[string]int); !ok {
return 0, reportError("Invalid type %T should be map[string]int", osi)
} else {
index, ok := operationIndices[endpoint]
if ok {
return index, nil
}
}
}
return getServerIndex(ctx)
}
func getServerVariables(ctx context.Context) (map[string]string, error) {
sv := ctx.Value(ContextServerVariables)
if sv != nil {
if variables, ok := sv.(map[string]string); ok {
return variables, nil
}
return nil, reportError("ctx value of ContextServerVariables has invalid type %T should be map[string]string", sv)
}
return nil, nil
}
func getServerOperationVariables(ctx context.Context, endpoint string) (map[string]string, error) {
osv := ctx.Value(ContextOperationServerVariables)
if osv != nil {
if operationVariables, ok := osv.(map[string]map[string]string); !ok {
return nil, reportError("ctx value of ContextOperationServerVariables has invalid type %T should be map[string]map[string]string", osv)
} else {
variables, ok := operationVariables[endpoint]
if ok {
return variables, nil
}
}
}
return getServerVariables(ctx)
}
// ServerURLWithContext returns a new server URL given an endpoint
func (c *Configuration) ServerURLWithContext(ctx context.Context, endpoint string) (string, error) {
sc, ok := c.OperationServers[endpoint]
if !ok {
sc = c.Servers
}
if ctx == nil {
return sc.URL(0, nil)
}
index, err := getServerOperationIndex(ctx, endpoint)
if err != nil {
return "", err
}
variables, err := getServerOperationVariables(ctx, endpoint)
if err != nil {
return "", err
}
return sc.URL(index, variables)
}