-
Notifications
You must be signed in to change notification settings - Fork 2
Workspace Bucket Creation Webhook
With helm chart version 1.3.1 of the workspace-api the approach to bucket creation has been re-architected to use a webhook approach.
During workspace creation the workspace-api needs to create an object storage bucket for the user. The method by which the bucket is created is a function of the hosting infrastructure object storage layer - i.e. there is no 'common' approach for the workspace-api to perform the bucket creation.
In order to allow this bucket creation step to be customised by the platform integrator, the workspace-api is configured with a webhook endpoint that is invoked to effect the bucket creation on behalf of the workspace-api.
The workspace-api is configured by the following value in its helm chart deployment, e.g...
bucketEndpointUrl: "http://my-bucket-webhook:8080/bucket"
The webhook service must implement the following REST interface...
method: POST
content-type: application/json
data:
{
bucketName: str
secretName: str
secretNamespace: str
}
There are two possible approaches to implement this request, distinguished by the response code...
-
200
The bucket is created and the credentials are included in the response body.
In this case only the suppliedbucketNameis relevant to fulfil the request. -
201
The bucket will be created (asychronously) and the outcome is provided by the webhook via a Kubernetes secret, as per thesecretNameandsecretNamespacerequest parameters
200 Response
In case 200 response, the response body should communicate the credentials with an application/json content-type in the form...
{
"bucketname": "...",
"access_key": "...",
"access_secret": "....",
"projectid": "...",
}
In this case the workspace-api will create the appropriate bucket secret using the returned credentials.
201 Response
In case 201 response, the secret should be created in the form...
data:
bucketname: "..."
access: "..."
secret: "..."
projectid: "..."
In this case the workspace-api will wait for the (asynchronous) creation of the specified secret before continuing with the workspace creation.
Overall Outcome
In both cases the ultimate outcome is the creation of the bucket in the back-end object storage, and the creation of a Kubernetes secret that maintains the credentials for access to the bucket. The existence of the bucket secret is prerequisite to the continuation of the user workspace creation.