Service Provider
App developers can define the ProviderRegistry
in TAC or request permission to call other providers.
Define Provider
yaml
apiVersion: sys.bytetrade.io/v1alpha1
kind: ProviderRegistry
metadata:
# Provider name. A namespace is required to prevent duplication.
name: provider-{{ .Release.Namespace }}
# provider registry needs to be installed under user-system
namespace: user-system-{{ .Values.bfl.username}}
spec:
version: v2 #The latest version is v2, but the system remains compatible with v1.
# dataType of provider, it is recommended to add app name to prevent duplication.
dataType: legacy_{{ .Release.Name }}
deployment: {{ .Release.Name }}
description: {{ .Release.Name }} legacy api v2
# accessible service from the provider. Usually it is <appServiceName>.<appNameSpace>:<servicePort>
endpoint: {{ .Release.Name }}-svc.{{ .Release.Namespace }}:1234
# group of the provider; it is recommended to add the app name to prevent duplication.
group: api.{{ .Release.Name }}
kind: provider
namespace: "{{ .Release.Namespace }}"
opApis:
# name of the provided API
- name: AppApi
# URL of the API
uri: /api
status:
state: active
Request Permission to Call Provider
You can configure it in the TerminusManifest.yaml as follows:
Yaml
sysData:
- appName: providerapp # The appname of the api provider. Required for ProviderRegistry v2.
port: 8888 # The port of the provider service
# The default domain of provider is <appName>-svc.<appName>-<username>:<port>, if the service name and app namespace is not in default format, you can specify it in following field
svc: app-svc # Name of the service. Optional for ProviderRegistry v2.
namespace: ns # Namespace of the app. Optional for ProviderRegistry v2.
version: v2 # version of the ProviderRegistry
dataType: legacy_{{ .Release.Name }} # dataType defined in ProviderRegistry
group: api.{{ .Release.Name }} # group defined in ProviderRegistry
ops:
- AppApi # name of opApis defined in ProviderRegistry
Once configured, you can add the access key
and access secret
to the templates in TAC. They will be injected during installation for authorized usage.
yaml
env:
- name: OS_SYSTEM_SERVER
value: system-server.user-system-{{ .Values.bfl.username }}
- name: OS_APP_SECRET
# The appname is defined in the TAC
value: "{{ .Values.os.<appnane>.appSecret }}"
- name: OS_APP_KEY
value: "{{ .Values.os.<appname>.appKey }}"
You can use these three environment variables in the code to call the Provider. Take curl
as an example:
Get the
access token
, which has a valid duration of 5 minutes. Token encryption algorithm: bcrypt(app key
timestamp
app secret
), default cost 10.shnow=$(date +%s) token=$(htpasswd -nbBC 10 USER "${OS_APP_KEY}${now}${OS_APP_SECRET}"|awk -F":" '{print $2}') curl -X POST http://${OS_SYSTEM_SERVER}/permission/v1alpha1/access -H "content-type: application/json" \ -d "{ \ \"app_key\": \"${OS_APP_KEY}\", \ \"timestamp\": ${now}, \ \"token\": \"${token}\", \ \"perm\": { \ \"group\": \"service.bfl\", \ \"dataType\": \"app\", \ \"version\": \"v1\", \ \"ops\": [ \ \"InstallDevApp\" \ ] \ } \ }'
You will receive a response like:
json{ "code": 0, "message": "success", "data": { "access_token": "JDJ5JDEwJE5Wbk9vbFpoLjJlSGxhUUpRY1IwRmVZVjFBWmUxUi5LOXNuQWJmVjRnN29xNWVVaFhPWmV5" } }
You can then use the token to call the provider's API
sh# API URL format http://${OS_SYSTEM_SERVER}/system-server/v1alpha1/<dataType>/<group>/<version>/<op> curl http://${OS_SYSTEM_SERVER}/system-server/v1alpha1/app/service.bfl/v1/InstallDevApp \ -H "content-type: application/json" \ -H "X-Access-Token: ${access_token}" \ -d '{"data":"post to provider"}'