spin Expose an Admin API

Expose an Admin API

Open ecumene opened this issue 2 years ago • 5 comments

Spin keeps its logs and manifest on the filesystem, which makes them opaque to anything outside system its hosted on. Could we expose an API for administration of Spin apps? I think it would be an aliasable route, and flagged off by default. Maybe on a path like http://localhost:3000/_spin/?

I don't know what the shape of this API would be, but for my purposes something like

/logs/:id?stdout&stderr - Exposes the logs of any component as a service, something like HTTPAppender
/ - Exposes the manifest as JSON

... would do the job!

May 26 '22 23:05 ecumene

I like this @ecumene ! I wonder how we handle AuthN/AuthZ on these privileged endpoints. Perhaps to expose something like this we should start a discussion for API security for Spin? What do you think?

Jun 04 '22 22:06 fibonacci1729

Perhaps to expose something like this we should start a discussion for API security for Spin?

Hasura exposes an admin console for their service, but it's a flag. Maybe that's something we could do?

Jun 04 '22 23:06 ecumene

I wouldn't be opposed to that! Would you be interested in putting together a SIP so we can gather broader feedback? Or do you feel more comfortable chatting this out in this issue for a bit?

Jun 05 '22 02:06 fibonacci1729

I'll take a crack at a SIP 😁

Jun 05 '22 10:06 ecumene

This sounds great! I think a flag to expose that initially sounds great — at some point we will have to integrate authz for the components / paths..

Looking forward to the SIP!

Jun 07 '22 00:06 radu-matei

spin spin copied to clipboard

Expose an Admin API

spin
spin copied to clipboard