Gohan

Nachi Ueno : [email protected]

https://github.com/cloudwan/gohan

mailto:[email protected]

REST API Service Definition Language

S

OpenAPI / Swagger ?Gohan Schema

Pet Model

List Pet

Update Pet

Delete Pet

Pet Controller

Pet TableShow Pet

Pet Sync (etcd)

OpenAPI

Pet Store exampleGohan Schemahttps://github.com/cloudwan/gohan/blob/master/etc/example_schema.yaml

Swagger filehttps://gist.github.com/nati/3ef08372717aaf0ae70e64175dcd4079

https://github.com/cloudwan/gohan/blob/master/etc/example_schema.yaml



WebUI

CLI

Gohan SchemaJSON Schema + useful functions

Inheritance

Schema Relation

Policy

Custom Logic (extension)

Gohan Schema: schemas: - …policies: - …extensions: - …- …

Schema- id: base plural: bases singular: base prefix: /v1.0 type: abstract title: Base Resource description: base resource definition schema: type: object properties: propertiesOrder :

JSON Schema

Properties Order- id: base plural: bases singular: base prefix: /v1.0 type: abstract title: Base Resource description: base resource definition schema: type: object properties: propertiesOrder : Applied in UI

(Table, Form )

Schema inheritance- id: pet plural: pet singular: pet prefix: /v1.0 extends: - base title: Pet description:

- id: base plural: bases singular: base prefix: /v1.0 type: abstract title: Base Resource description: baseBase

id name tenant_id

Pet status

Pet have id nametenant_id status

Permission id:

description: ID permission: - create title: ID type: string view: - detail

name: description: Name permission: - create - update title: Name type: string

Allowed only in create action

Allowed create and Update

Relation

DB: Foreign key constraint

UI: Select Form

RBAC Policy

action

Create, Read, Update and Delete

effect

Allow, deny

Principal Role name

Condition

Resource path

RBAC Policy examples

Members can only read pets

Members can only read their orders

Property value based policy

Member can only create order of which status is ”placed”

ExtensionYou can have custom logic in each API.

Pros Cons

Gohanscript (Ansible inspired)

Easy to read and writeFor non programmers

Slow (Still experimental)

Javascript(Otto based)

Easy to write & quick Too Slow

Go Fast and Reliable You need compile

API pipeline and extensionpre_create

post_create

pre_create_in_transaction

post_create_in_transaction

Policy_checkInput value

Validation(json

schema)

Policy_check Output value

Create in DB

Gohanscript example

Supported functions in Gohanscript• Conditional• Variable• Looping

• Concurrent execution

• Define function• Import• DB CRUD• External HTTP Connection• OpenStack / Contrail API access• Background job / Job Queue• Remote Debugger

Integration

EtcdYou can push REST API event to etcd, so that you can integrate worker such as confd. You can also use Gohan as worker

KeystoneYou can integrate IAM with OpenStack Keystone

Pet Store Benchmark

Client Gohan Mysql

Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz 4Core 8G

Bench-resthttps://github.com/jeffbski/bench-rest

100: Concurrent request10000: Total request

Create Pet: 524 req per sec mean: 189ms

List Pet: 1123 req per sec mean: 88 sec

Benchmark setup

Note: disabled JavaScript extension

Benchmark Result

Future workPerformance improvement

Go code generation

Support more authentication modeOpenID / OAuthSAMLv2.0

SummaryGohan : YAML-based REST API Service Definition Language

API Definition Generation (including Swagger)

DB Table Generation & OR Mapping

Support Custom Logic using Gohan Script (Javascript, and Go)

Extensible Role-Based Access Control

etcd integration

Software

Gohan