Generic Extensions (actions)

[rhodie27]

See issue #114.

First draft of the generic actions (aka extensions) proposal on a per-service-instance basis.

A couple notes:

1. In addition to updating Provisioning, I added a separate section for Extensions at the bottom b/c I suspect we will add actions/extensions at the service (and broker) level next. A lot of this can likely be handled in the same way so it made sense to me to separate it out now.
2. The OpenAPI, Auth & adheres_to sections obviously need more content/wording, but I wanted to get some quick feedback on the direction.
3. I haven't really looked at any changes required outside of spec.md yet.
4. I'm an awful speller today, so good luck.

[cfdreddbot]

Hey rhodie27!

Thanks for submitting this pull request!

All pull request submitters and commit authors must have a Contributor License Agreement (CLA) on-file with us. Please sign the appropriate CLA (individual or corporate).

When sending signed CLA please provide your github username in case of individual CLA or the list of github usernames that can make pull requests on behalf of your organization.

If you are confident that you're covered under a Corporate CLA, please make sure you've publicized your membership in the appropriate Github Org, per these instructions.

Once you've publicized your membership, one of the owners of this repository can close and reopen this pull request, and dreddbot will take another look.

[rhodie27]

Reopen please, my org was private for some reason. I fixed the CI issues.

[cfdreddbot]

Hey rhodie27!

Thanks for submitting this pull request! I'm here to inform the recipients of the pull request that you and the commit authors have already signed the CLA.

[duglin]

Can you wrap non-table lines at 80 columns to be consistent with the rest of the doc?

[duglin]

if present, each item in the extension_apis array MUST include a discovery_url property.

[duglin]

Although, I think this MUST is redundant with the REQUIRED aspect of the discovery_url you mention in the table below. So it might be best to remove here so we're not duplicating requirements.

[rhodie27]

I think I got these.

[duglin]

s/required for invocation/needed for invocation/

[duglin]

Should probably use the '*' pattern to indicate that its a required field.

[duglin]

Rather than "The Platform MUST execute...", which sounds like the platform is required to invoke these even if it has no need to, I would suggest that we remove that sentence from here. Instead, since this is really more of a generic statement about the entire concept and not about this one field, let's add a sentence to the intro section at line 849 about this issue. And perhaps there say something like:

These APIs are extensions to the Open Service Broker API. As such they are intended to be invoked by the Platform on behalf of its clients.

I tried to think of a way to make it normative but it felt a bit odd. I don't think we ever say that the normal OSBAPIs MUST be invoked by the Platform, although its implied. So I think we can probably live with the same non-normative-ness in these too. WDYT?

[rhodie27]

I think it makes sense. I changed it.

[duglin]

If not present, the same authentication mechanism used for the normal Open Service Broker APIs MUST work for the new endpoint(s).

[rhodie27]

Done.

[duglin]

I wonder if instead of "pointing" (which sort of implies there has to be a server listening at the endpoint), we should say "referring". Almost the same but perhaps wishy-washy enough to then allow us to add: While this property is a URI, there is no requirement for there to be an actual server listening at that endpoint. This value is meant to provide a unique identifier representing the set of extensions APIs supported.

[rhodie27]

Done. Wishy-washy it is!

[duglin]

add comma

[rhodie27]

Yup. Got it.

[duglin]

s/can assume.../MUST use....

I assume that its just the host (localhost) that is swapped out in favor of the original host/port, right? meaning any path stuff in the OpenAPI doc should still be used right? We should probably say that if so. You may want to also say that any port number specified will be replace too if "localhost" is used - if that's your intent.

[rhodie27]

I'm talking specifically about the server object, https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#serverObject, url. It can or cannot include a port. I'm think we want to say that if the doc just says http://localhost for url that signifies that it should run on the SB host/port. However, there is an issue if the OAPI doc provides more than one url. Perhaps we can say the doc should provide a url with a description "Service Broker host" to clearly identify the right one, whether it's localhost or other...

I need to think about this more, so I didn't modify it. Can get to it tomorrow.

[duglin]

This is a dup from what's above - I would suggest that we only say it once - and I think the one from above is good enough. You may be able to just move all of this section up above - not sure its worthy enough for just one para. Actually, would it read better to just move this entire "Extension" section into what we have above since it kind of feels like a repeat of the same material and anything new could just be sprinkled up there. Just a thought.

[rhodie27]

Yeah, I wasn't sure. Like I wrote in PR, while writing this I separated it out b/c a lot of it seemed like it would be redundant if we added extensions on other resources down the line. But, obviously, we could always abstract it out at that point in time.

[rhodie27]

I did it your way, for now. If others chime in and want it separated out I can always revert.

[duglin]

@rhodie27 overall I think it looks good! Just some editorial suggestions.

[duglin]

@rhodie27 any chance of addressing the comments before tomorrow's call?

[duglin]

may want to backtick localhost

[duglin]

should we s/can assume/MUST assume/ ?

[rhodie27]

Done. I think that makes sense. I can't think of a reason they wouldn't want to assume that.

[duglin]

I think you need to add a * and the * Fields with an asterisk are REQUIRED. sentence after the description of the fields.

[rhodie27]

Yup, I thought I did. Must've reverted. There now.

[gberche-orange]

I would suggest the specs to clarify when an extension_api should be defined and used by broker authors w.r.t. to asking 1st class support in the OSB API.

Are platforms expected to provide UI/CLI tooling for any declared extensions (i.e. dynamically generating UI from the openAPI document) ? Would generated UIs and user workflows be restricted to single API endpoint calls, or would instead spawn across multiple API calls (e.g. list backups, restore backup, delete backup) ?

Are platforms instead expected to additionally support specific curated extensions and bring optimized user experience for them? If so, where/how would such curated extensions be defined and published ?

Can the specs recommend use-cases for extensions such as:
1- operator specific extensions : a platform operators is adding custom features to a broker and brings custom UI on along it.
2- service specific extensions (say stop/resume operation) that only applies to a category of services
3- vendor specific extensions (say K8S/CF vendor X way of offering backup which differ from vendor Y)
4- platform specific extensions (e.g. CF AR service metrics ingestion which differs from K8S metrics ingestion) that can't be supported by platform-specific profiles

Would the mentioned day 2 operations seem be fitting some of the cases above?

• Backup, Restore: vendor specific extensions
• Stop, Start, Restart and Pause: service specific extensions

[n3wscott]

I would suggest the specs to clarify when an extension_api should be defined and used by broker authors w.r.t. to asking 1st class support in the OSB API.

The current thinking is it is entirely up to the broker author, and the platform can choose to provide, at minimum, the OpenAPI UI (or even just the OpenAPI url). Then platforms can extend the UI based on 'adheres_to'.

Are platforms expected to provide UI/CLI tooling for any declared extensions (i.e. dynamically generating UI from the openAPI document) ? Would generated UIs and user workflows be restricted to single API endpoint calls, or would instead spawn across multiple API calls (e.g. list backups, restore backup, delete backup) ?

We had talked about how to batch calls but it became clear that this could be designed forever and we decided to support just the single endpoint as a first step, but nothing stops a clever broker from providing batch/aggregation on their own.

Are platforms instead expected to additionally support specific curated extensions and bring optimized user experience for them? If so, where/how would such curated extensions be defined and published ?

adheres_to is the mechanism we think will do this. If it is proven that this is not enough we can always revisit the spec to add what is lacking.

Can the specs recommend use-cases for extensions such as:
1- operator specific extensions : a platform operators is adding custom features to a broker and brings custom UI on along it.
2- service specific extensions (say stop/resume operation) that only applies to a category of services
3- vendor specific extensions (say K8S/CF vendor X way of offering backup which differ from vendor Y)
4- platform specific extensions (e.g. CF AR service metrics ingestion which differs from K8S metrics ingestion) that can't be supported by platform-specific profiles

I suspect this is out of scope for the current PR, at least until we see some real world emergent behavior for generic actions.

[duglin]

I believe we were supposed to find out how much interest we each had on this one... from our side we are still interested in the idea in general but have no immediate need for it. I guess that means its a "nice to have" but not a "show stopper" or "must have" for us right now.

[Samze]

After a period of inactivity we are now revisiting generic instance extensions. There is a new proposal doc here.

[mattmcneeney]

Closing this as we are planning on moving forward with #670