AWS hypermedia controls
24 views
Skip to first unread message
Dustin Getz
Aug 18, 2017, 10:31:22 AM8/18/17
to Collection+JSON
This is really cool! Pretty great example of HATEOAS in the wild. Sharing because it is probably of interest to others on this list!
AWS's huge surface area of APIs is driven by this model: https://github.com/boto/botocore/tree/develop/botocore/data . For example, here is S3's service model. Link following everywhere! C-f "requestUri" in the S3 model. here's where the models are loaded by the generic command line interface driver, and then used to generate the command line help text.
mca
Aug 18, 2017, 11:02:19 AM8/18/17
to collect...@googlegroups.com
Dustin:
cool.
so, the action descriptions are in the service.json files, right? this looks a lot like RAML/OAI/WSDL but, instead of build time resolution (e.g. generating a client with code tightly-bound to the actions) this uses runtime resolution (e.g. read the service.json on boot up and render the actions that appear).
i see how this works well for the command-line help support. not sure how a client "knows" which actions in the service.json is "available" at any moment in the running API (e.g. "is DELETE valid right now?" "do I have access rights to add a new record?", etc).
is there some other thing at runtime that solves for those cases?
do you know of any other AWS services that use this model?
On Fri, Aug 18, 2017 at 10:31 AM, Dustin Getz <dusti...@gmail.com> wrote:
This is really cool! Pretty great example of HATEOAS in the wild. Sharing because it is probably of interest to others on this list!AWS's huge surface area of APIs is driven by this model: https://github.com/boto/botocore/tree/develop/botocore/data . For example, here is S3's service model. Link following everywhere! C-f "requestUri" in the S3 model. here's where the models are loaded by the generic command line interface driver, and then used to generate the command line help text.
--
You received this message because you are subscribed to the Google Groups "Collection+JSON" group.
To unsubscribe from this group and stop receiving emails from it, send an email to collectionjson+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Dustin Getz
Aug 18, 2017, 11:54:55 AM8/18/17
to collectionjson
AFAICT from the first botocore/data link, all of the public AWS services use this model! I don't know any more than you do about AWS, I just had a hunch and spent an hour poking around.
how does it know "is delete valid right now" great question, i just poked around trying to figure it out. ... OK I've been poking around for 20 mins. Each operation does declare its dependencies, there's a type-system like thing where each dependency is given an identity and a "shape" (form), it seems as if any operation is allowed if its listed dependencies are satisfied, subject to their Policy layer which is a separate abstraction of grants and acls and such. It doesn't seem like there is any actual code that can express "You can only delete this bucket if it is empty" - rather, the semantics are "If you delete this bucket, you're also going to delete its contents". In EC2 service i also found the notion of "Dry Run" which "checks if you have permissions for the request" - weird. Maybe the policy system is so abstract that it can't be declared as model data.
mca
Aug 18, 2017, 11:57:38 AM8/18/17
to collect...@googlegroups.com
ok, no problem. we're both in about the same boat, then.
since i know AWS supports HAL responses, they must have something going on there that brings some of this together.
i'll queue this up in my "research" pile and add to this thread if/when i get to it.
feel free to keep poking around and sharing what you find.
good stuff.
On Fri, Aug 18, 2017 at 11:54 AM, Dustin Getz <dusti...@gmail.com> wrote:
AFAICT from the first botocore/data link, all of the public AWS services use this model! I don't know any more than you do about AWS, I just had a hunch and spent an hour poking around.how does it know "is delete valid right now" great question, i just poked around trying to figure it out. ... OK I've been poking around for 20 mins. Each operation does declare its dependencies, there's a type-system like thing where each dependency is given an identity and a "shape" (form), it seems as if any operation is allowed if its listed dependencies are satisfied, subject to their Policy layer which is a separate abstraction of grants and acls and such. It doesn't seem like there is any actual code that can express "You can only delete this bucket if it is empty" - rather, the semantics are "If you delete this bucket, you're also going to delete its contents". In EC2 service i also found the notion of "Dry Run" which "checks if you have permissions for the request" - weird. Maybe the policy system is so abstract that it can't be declared as model data.
--
Reply all
Reply to author
Forward
0 new messages