-
Notifications
You must be signed in to change notification settings - Fork 42
Configuration Dataservice
The Configuration Dataservice is an essential component of the zLUX framework which acts as a JSON resource storage service, and is accessible externally by REST API and internally to the server by Dataservices.
It allows for saving preferences of apps, management of defaults and privileges within a zLUX ecosystem, and bootstrapping configuration of the server's dataservices.
As the fundamental element of extensibility of the zLUX framework is a Plugin, the Configuration Dataservice works with data for Plugins. That is, every resource stored in the Configuration Service is stored for a particular Plugin, and valid resources to be accessed are determined by the definition of each Plugin in how it uses the Configuration Dataservice.
The behavior of the Configuration Dataservice is dependent upon the Resource structure for a zLUX Plugin. Each Plugin lists what resources are valid, and the administrators can set permissions on who can view or modify these resources.
- Resource Scope
- REST API
- App API
- Internal & Bootstrapping Use
- Plugin Definition
- Aggregation Policies
- Relevant Source Code
Data is stored within the Configuration Dataservice according to the Scope chosen.
The intent of Scope within the Dataservice is to facilitate company-wide administration and privilege management of zLUX data.
When a user requests an resource, the resource that is retrieved is either override or an aggregation of the broader Scopes that encompass the Scope they are viewing the data from.
When a user stores an resource, the resource is stored within a Scope but only if the user has access privilege to update within that Scope.
Scope is one of:
- Product: Configuration defaults that come with the Product. Cannot be modified.
- Site: Data that can be used between multiple instances of the zLUX server.
- Instance: Data within an individual zLUX server
- Group: Data shared between multiple users in a group (Pending)
- User: Data for an individual user (Pending)
Note: While Authorization tuning can allow for settings such as GET from Instance to work without login, User and Group scope queries will be rejected if not logged in due to needing to pull resources from a specific user. Because of this, User & Group Scopes will not be functional until the Security Framework is merged into mainline
Where Product is the broadest and User is the narrowest.
When using scope user, the service will manage configuration for your particular username, using the authentication of the session. This way, the User scope is always mapped to your current username.
Consider a case where a user wants to access preferences for their text editor. One way they could do this is to use the REST API to retrieve the settings resource from the Instance scope.
The Instance scope may contain editor defaults that their administrator set. But, if there were no defaults in Instance, then the data in Group and finally User would be checked.
Therefore, the data the user receives would be no broader than what is stored in the Instance scope, but may have only been the settings they had saved within their own User scope if the broader scopes had no data for the resource.
Later, perhaps the user wants to save changes, and they try to save in the Instance scope. Most likely, this is rejected due to preferences by the administrator to disallow changes to the Instance scope by ordinary users.
When reaching the Configuration Service through a REST API, HTTP methods are used to perform the operation desired. The HTTP URL scheme for the configuration dataservice is:
<Server>/ZLUX/plugins/com.rs.configjs/services/data/<plugin ID>/<Scope>/<resource>/<optional subresources>?<query>
Where the resources are one or more levels deep, using as many layers of subresources as needed.
You can think of a resource as a collection of elements, or a directory. If you need to access just a single element, you must use the query parameter "name="
- Name (string): Used to get or put a single element rather than a collection
- Recursive (boolean): When performing a DELETE, specifies whether to delete subresources too
- Listing (boolean): When performing a GET against a resource with content subresources,
listing=true
will provide the names of the subresources rather than both the names and contents.
Below is an explanation of each type of REST call currently implemented. Each API call includes an example request & response against a hypothetical App: the "code editor".
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>?name=<element>
-
This returns JSON with the attribute "content" being a JSON resource that is the entire configuration requested.
-
Example:
/ZLUX/plugins/com.rs.configjs/services/data/org.openmainframe.zowe.codeeditor/user/sessions/default?name=tabs
-
The parts of this URL can be broken down as follows:
- Plugin: org.openmainframe.zowe.codeeditor
- Scope: user
- Resource: sessions
- Subresource: default
- Element = tabs
-
Response body is a JSON config:
"_objectType" : "com.rs.config.resource",
"_metadataVersion" : "1.1",
"resourceID" : "org.openmainframe.zowe.codeeditor/USER/sessions/default",
"contents" : {
"_metadataVersion" : "1.1",
"_objectType" : "org.openmainframe.zowe.codeeditor.sessions.tabs",
"tabs" : [{
"title" : "TSSPG.REXX.EXEC(ARCTEST2)",
"filePath" : "TSSPG.REXX.EXEC(ARCTEST2)",
"isDataset" : true
}, {
"title" : ".profile",
"filePath" : "/u/tsspg/.profile"
}
]
}
}
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>
- This returns JSON with the attribute "content" being a JSON object that has each attribute being another JSON object which is a single configuration element.
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>
when subresources exist
- This returns a listing of subresources that can in turn be queried.
PUT /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>?name=<element>
- Stores a single element (Must be a JSON object {...}) within the requested scope, ignoring aggregation policies, as long as the privilege of the user allows for this.
- Example:
/ZLUX/plugins/com.rs.configjs/services/data/org.openmainframe.zowe.codeeditor/user/sessions/default?name=tabs
- Body:
{
"_metadataVersion" : "1.1",
"_objectType" : "org.openmainframe.zowe.codeeditor.sessions.tabs",
"tabs" : [{
"title" : ".profile",
"filePath" : "/u/tsspg/.profile"
}, {
"title" : "TSSPG.REXX.EXEC(ARCTEST2)",
"filePath" : "TSSPG.REXX.EXEC(ARCTEST2)",
"isDataset" : true
}, {
"title" : ".emacs",
"filePath" : "/u/tsspg/.emacs"
}
]
}
- Response:
{
"_objectType" : "com.rs.config.resourceUpdate",
"_metadataVersion" : "1.1",
"resourceID" : "org.openmainframe.zowe.codeeditor/USER/sessions/default",
"result" : "Replaced item."
}
DELETE /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>?recursive=true
- Deletes all files in all leaf resources below the resource specified
DELETE /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>?name=<element>
- Deletes a single file in a leaf resource
DELETE /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/<scope>/<resource>
- Deletes all files in a leaf resource
- Does not delete the folder on disk
By means not discussed here, but instead handled by the server's authentication and authorization code, a user may be privileged to access or modify items that they do not own.
In the simplest case, this could just mean that the user is able to do a PUT, POST, or DELETE to a level above User, such as Instance.
The more interesting case is accessing another user's contents. In this case, the shape of the URL is different. Compare these two commands:
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/user/<resource>
- Gets the content for the current user
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/users/<username>/<resource>
- Gets the content for a specific user if authorized
This is the same structure that is or will be used for the Group scope. When requesting content from the Group scope, the user will be checked to see if they are authorized to make the request for the specific group. For example:
GET /ZLUX/plugins/com.rs.configjs/services/data/<plugin>/group/<groupname>/<resource>
- Gets the content for the given group, if the user is authorized for it.
Retrieves and stores configuration information from specific scopes. This should only be used for configuration administration user interfaces.
ZLUX.UriBroker.pluginConfigForScopeUri(pluginDefinition: ZLUX.Plugin, scope: string, resourcePath:string, resourceName:string): string;
A shortcut for the preceding method, and the preferred method when you are retrieving configuration information simply to "consume" it. It "asks" for configurations using the "user" scope, and lets the configuration service decide which configuration information to retrieve and how to aggregate it (see below on how the configuration service evaluates what to return for this kind of request).
ZLUX.UriBroker.pluginConfigUri(pluginDefinition: ZLUX.Plugin, resourcePath:string, resourceName:string): string;
Some Dataservices within Plugins can take configuration that affects their behavior. This configuration is stored within the Configuration Dataservice structure, but is not accessible via the REST API.
Within the deploy directory of a zLUX installation, each plugin may optionally have an _internal directory. An example of such a path would be:
deploy/instance/ZLUX/pluginStorage/<pluginName>/_internal
Within each _internal folder, the following folders may exist:
-
services/<servicename>
: Configuration resources for the specific service - plugin: Configuration resources visible to all services in the plugin
The JSON contents within these directories will be provided as Objects to dataservices via the dataservice context Object.
Since the Configuration Dataservices stores data on a per-Plugin basis, each zLUX Plugin must define their resource structure in order to make use of the Configuration Dataservice. This definition is included within the Plugin's pluginDefinition.json file.
For each resource and subresource, you can define an aggregationPolicy control how the data of a broader Scope alters the resource data returned to a user when requesting a resource from a narrower Scope.
Example:
"configurationData": { //is a direct attribute of the pluginDefinition JSON
"resources": { //always required
"preferences": {
"locationType": "relative", //this is the only option for now, but later absolute paths may be accepted
"aggregationPolicy": "override" //override and none for now, but more in the future
},
"sessions": { //the name at this level represents the name used within a URL, such as /plugins/com.rs.configjs/services/data/org.openmainframe.zowe.codeeditor/user/sessions
"aggregationPolicy": "none",
"subResources": {
"sessionName": {
"variable": true, //if variable=true is present, the resource must be the only one in that group but the name of the resource is substituted for the name given in the REST request, so it represents more than one
"aggregationPolicy": "none"
}
}
}
}
}
Aggregation Policies determine how the Configuration Dataservice will aggregate JSON objects from different Scopes together when a user requests a resource. If the user requests a resource from the User scope, the data from the User scope may replace, or be merged with the data from a broader scope such as Instance, to make a combined resource object that is returned to the user.
Aggregation Policies are not intended to be user configurable, but rather something defined by a Plugin developer, as it is set in the Plugin's definition for the Configuration Service, as the attribute "aggregationPolicy" within a resource.
The currently implemented Aggregation Policies are:
- NONE: If the Configuration Dataservice is called for Scope User, only user-saved settings will be sent, unless there are no user-saved settings for the query, in which case the Dataservice will attempt to send data found at a more broad scope.
- OVERRIDE: The Configuration Dataservice will get data for the resource requested at the broadest level found, and join together the resource's properties from more narrow scopes, overriding broader attributes with narrower ones when found.
Implementation
Example code