spin
spin copied to clipboard
Expose an Admin API
Spin keeps its logs and manifest on the filesystem, which makes them opaque to anything outside system its hosted on. Could we expose an API for administration of Spin apps? I think it would be an aliasable route, and flagged off by default. Maybe on a path like http://localhost:3000/_spin/
?
I don't know what the shape of this API would be, but for my purposes something like
-
/logs/:id?stdout&stderr
- Exposes the logs of any component as a service, something like HTTPAppender -
/
- Exposes the manifest as JSON
... would do the job!
I like this @ecumene ! I wonder how we handle AuthN/AuthZ on these privileged endpoints. Perhaps to expose something like this we should start a discussion for API security for Spin? What do you think?
Perhaps to expose something like this we should start a discussion for API security for Spin?
I wouldn't be opposed to that! Would you be interested in putting together a SIP so we can gather broader feedback? Or do you feel more comfortable chatting this out in this issue for a bit?
I'll take a crack at a SIP 😁
This sounds great! I think a flag to expose that initially sounds great — at some point we will have to integrate authz for the components / paths..
Looking forward to the SIP!