diff --git a/schema/openapi.yaml b/schema/openapi.yaml index e5c381664..85ed2d981 100644 --- a/schema/openapi.yaml +++ b/schema/openapi.yaml @@ -598,6 +598,23 @@ components: - labels - annotations type: object + TargetStub: + properties: + alias: + type: string + connectUrl: + format: uri + type: string + credential: + allOf: + - $ref: '#/components/schemas/Credential' + nullable: true + type: object + password: + type: string + username: + type: string + type: object Target_Flat: properties: agent: @@ -666,6 +683,9 @@ openapi: 3.0.3 paths: /api/beta/diagnostics/targets/{targetId}/gc: post: + description: | + Request the remote target to perform a garbage collection. The target JVM is free to ignore this + request. This is generally equivalent to a System.gc() call made within the target JVM. parameters: - in: path name: targetId @@ -682,6 +702,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Initiate a garbage collection on the specified target tags: - Diagnostics /api/beta/fs/recordings: @@ -701,6 +722,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List all archived recordings grouped by target tags: - Archived Recordings /api/beta/fs/recordings/{jvmId}: @@ -726,6 +748,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List all archived recordings belonging to the specified target tags: - Archived Recordings /api/beta/fs/recordings/{jvmId}/{filename}: @@ -750,12 +773,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete an archived recording by name belonging to the specified target tags: - Archived Recordings /api/beta/recordings/{connectUrl}/{filename}: delete: parameters: - - in: path + - description: the connection URL associated with the target + in: path name: connectUrl required: true schema: @@ -774,6 +799,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete an archived recording belonging to the specified target tags: - Archived Recordings /api/beta/recordings/{jvmId}: @@ -799,9 +825,13 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List archived recordings belonging to the specified target tags: - Archived Recordings post: + description: | + Upload a JFR binary file into the archives, associating the archived recording with a particular + target JVM. This is primarily used by the Cryostat Agent for pushing harvested recording files. parameters: - in: path name: jvmId @@ -830,10 +860,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Upload a JFR binary file to archives, associated with a particular target tags: - Archived Recordings /api/v4.1/metrics/reports: get: + description: | + Retrieve the latest aggregate report data across all targets with recent automated analysis reports + scores. These are multi-dimensional metrics in Prometheus format. responses: "200": content: @@ -849,10 +883,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve the latest aggregate report data tags: - Analysis Report Aggregator /api/v4.1/metrics/reports/{jvmId}: get: + description: | + Retrieve the latest aggregate report data for a given target's recent automated analysis reports + scores. These are multi-dimensional metrics in Prometheus format. parameters: - in: path name: jvmId @@ -872,10 +910,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve the latest aggregate report data for the specified target tags: - Analysis Report Aggregator /api/v4.1/targets/{targetId}/reports: get: + description: | + Get the current cached automated analysis report for the specified target, if any. If no such + report currently exists for the specified target then the response will be an HTTP 404 Not Found, + and automated analysis report generation will not be triggered. parameters: - in: path name: targetId @@ -898,9 +941,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve current automated analysis report for a target tags: - Reports post: + description: | + Composite action that 1) creates a Snapshot active recording on the specified target, 2) archives + that Snapshot immediately, 3) performs automated analysis report generation on the archived file. + The response will include a Location header pointing the client to an endpoint where the report can + be retrieved, which may require the client to wait for a Job UUID notification. parameters: - in: path name: targetId @@ -927,10 +976,16 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Perform "target analysis" on the specified target tags: - Reports /api/v4/activedownload/{id}: get: + description: | + Given a recording ID and a remote recording ID within that target, Cryostat will open a remote + connection to the target and pipe back a data stream containing the Flight Recording binary file + format for that recording. The client can feed this data to other tooling which ingests the JFR + binary file format. parameters: - in: path name: id @@ -952,10 +1007,18 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Download a Flight Recording binary file tags: - Active Recordings Download /api/v4/auth: post: + description: | + In modern Cryostat deployments it is customary to deploy Cryostat behind an authenticating reverse + proxy, so authentication is not actually handled by Cryostat itself. This endpoint is used by the + Cryostat Web UI client to send an authenticated client request, including some authentication + headers, to the Cryostat server so that it can extract information about the logged-in user. The + response contains the current user's username if it can be determined, or else an empty string. + This is only used for display in the Web UI. API clients do not need to use this endpoint. responses: "200": content: @@ -963,10 +1026,15 @@ paths: schema: $ref: '#/components/schemas/AuthResponse' description: OK + summary: Authenticate to the Cryostat server tags: - Auth /api/v4/credentials: get: + description: | + Returns a list of match results. A match result includes the Stored Credential's ID, + its Match Expression, and a list of currently discovered Targets which match that expression + and are therefore candidates for Cryostat to select this Credential. responses: "200": content: @@ -982,9 +1050,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List information about all of the available Stored Credentials. tags: - Credentials post: + description: | + Define a new Stored Credential. Requires a match expression which defines which targets require + this credential, and the username and password to use to pass authentication checks on those + targets. Stored Credentials are stored in an encrypted keyring using symmetric encryption and an + encryption key configured on the Cryostat database. requestBody: content: application/x-www-form-urlencoded: @@ -1010,6 +1084,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Define a new Stored Credential tags: - Credentials /api/v4/credentials/test/{targetId}: @@ -1044,6 +1119,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Test if the supplied username/password are valid credentials for the specified target. tags: - Credentials /api/v4/credentials/{id}: @@ -1064,9 +1140,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete a Stored Credential tags: - Credentials get: + description: | + Get match result information about a specific Stored Credential. A match result includes the Stored + Credential's ID, its Match Expression, and a list of currently discovered Targets which match that + expression and are therefore candidates for Cryostat to select this Credential. parameters: - in: path name: id @@ -1087,6 +1168,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get information about a Stored Credential tags: - Credentials /api/v4/discovery: @@ -1104,9 +1186,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve the entire discovery tree. tags: - Discovery post: + description: | + Register a new discovery plugin, or refresh an existing plugin's registration and generate a new + token. New registrations require the realm and callback fields. Registration refreshers + additionally require the id and token fields, which are supplied in the response to the original + registration. requestBody: content: application/json: @@ -1125,10 +1213,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Register as a new discovery plugin or refresh existing registration tags: - Discovery /api/v4/discovery/{id}: delete: + description: | + Delete the plugin's registration along with its discovery Realm node and all of its children. This + is used when a discovery plugin is shutting down. parameters: - in: path name: id @@ -1142,9 +1234,13 @@ paths: responses: "204": description: No Content + summary: Delete the given plugin's registration tags: - Discovery get: + description: | + Endpoint for discovery plugins to check their own current registration status, ie. whether their + registration ID is still known and their current token is still valid. parameters: - in: path name: id @@ -1164,9 +1260,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Endpoint for discovery plugins to check their own registration status tags: - Discovery post: + description: | + Using its plugin ID and current token, a discovery plugin uses this endpoint to publish a JSON + request body containing a list of discovery nodes. The discovery plugin itself is a Realm node in + the overall discovery tree, so the published list of nodes here will replace the plugin Realm + node's list of children. parameters: - in: path name: id @@ -1187,10 +1289,13 @@ paths: responses: "201": description: Created + summary: Publish updated target discovery information tags: - Discovery /api/v4/discovery_plugins: get: + description: | + Retrieve a list of currently registered discovery plugins only, not including their subtrees. parameters: - in: query name: realm @@ -1211,10 +1316,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List currently registered discovery plugins tags: - Discovery /api/v4/discovery_plugins/{id}: get: + description: | + Retrieve information about a specific discovery plugin, including its discovery Realm node and + subtree. parameters: - in: path name: id @@ -1234,10 +1343,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve a specific discovery plugin tags: - Discovery /api/v4/download/{encodedKey}: get: + description: | + Get a download URL for an archived recording. The response will be an HTTP redirect with a Location + header pointing to the location where the client can download the recording JFR binary file. parameters: - in: path name: encodedKey @@ -1260,10 +1373,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get a download URL for an archived recording tags: - Archived Recordings /api/v4/event_templates: get: + description: | + Retrieve a list of templates available on this Cryostat server. These templates can be applied to + recordings started on any discovered target, but any event configurations within the template which + reference events that do not exist on the target will be ignored. responses: "200": content: @@ -1279,9 +1397,12 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List server event templates tags: - Event Templates post: + description: | + Upload a new custom event template to the server. This must be in OpenJDK .jfc (XML) format. requestBody: content: application/x-www-form-urlencoded: @@ -1303,10 +1424,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Upload a custom event template tags: - Event Templates /api/v4/event_templates/{templateName}: delete: + description: | + Delete a custom event template from the server. Only previously uploaded custom event templates can + be deleted. parameters: - in: path name: templateName @@ -1322,6 +1447,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete a custom event template tags: - Event Templates /api/v4/event_templates/{templateType}: @@ -1347,10 +1473,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List server event templates of the given type tags: - Event Templates /api/v4/event_templates/{templateType}/{templateName}: get: + description: | + Get the .jfc (XML) file definition for the given server event template. This is the same type of + event configuration file that ships with OpenJDK distributions. parameters: - in: path name: templateName @@ -1375,10 +1505,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get a specific event template tags: - Event Templates /api/v4/grafana/{encodedKey}: post: + description: | + Upload an archived recording to the jfr-datasource for later online analysis in the associated + Grafana dashboard. parameters: - in: path name: encodedKey @@ -1403,10 +1537,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Upload an archived recording to Grafana for online analysis tags: - Archived Recordings /api/v4/grafana_dashboard_url: get: + description: | + Returns the URL for the associated Grafana dashboard instance. If there is an internally-accessible + (for Cryostat) URL and an externally-accessible URL (for users) URL, the externally-accessible URL + is preferred. If neither are configured then the response is an HTTP 400 Bad Request. responses: "200": content: @@ -1414,10 +1553,15 @@ paths: schema: $ref: '#/components/schemas/DashboardUrl' description: OK + summary: Return the URL which users can visit to access the associated Grafana dashboard instance. tags: - Health /api/v4/grafana_datasource_url: get: + description: | + Returns the URL for the jfr-datasource instance which Cryostat is configured to use. This datasource + accepts JFR file uploads from Cryostat and allows the Grafana dashboard to perform queries on the + data within the recording file. responses: "200": content: @@ -1425,6 +1569,7 @@ paths: schema: $ref: '#/components/schemas/DatasourceUrl' description: OK + summary: Return the URL to the associated jfr-datasource instance. tags: - Health /api/v4/logout: @@ -1435,10 +1580,15 @@ paths: application/json: schema: {} description: OK + summary: OAuth2 sign out. Invalidate the current user session tags: - Auth /api/v4/matchExpressions: get: + description: | + Retrieve a list of all currently defined Match Expressions. These objects cannot be created + independently in the current API definition, so each of these expressions will be associated with + an Automated Rule or Stored Credential. responses: "200": content: @@ -1455,9 +1605,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve a list of all currently defined Match Expressions tags: - Match Expressions post: + description: | + Given a list of Target IDs, retrieve each Target instance from the database, then return the list + filtered by the Targets which satisfy the Match Expression. If a given ID does not exist in the + database then the whole request will fail. The expression must evaluate to a boolean value for each + target. The match expression will not be stored. requestBody: content: application/json: @@ -1476,6 +1632,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Test a MatchExpression against a list of Targets tags: - Match Expressions /api/v4/matchExpressions/{id}: @@ -1500,6 +1657,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve a single Match Expression tags: - Match Expressions /api/v4/probes: @@ -1513,9 +1671,15 @@ paths: $ref: '#/components/schemas/ProbeTemplateResponse' type: array description: OK + summary: List defined probe templates tags: - JMC Agent Templates post: + description: |2 + Create a probe template. This requires a probe template file upload in XML format. See + https://github.com/openjdk/jmc/blob/master/agent/README.md and + https://github.com/openjdk/jmc/blob/master/agent/src/main/resources/org/openjdk/jmc/agent/impl/jfrprobes_schema.xsd + for more information about this file format. requestBody: content: application/x-www-form-urlencoded: @@ -1533,6 +1697,7 @@ paths: schema: $ref: '#/components/schemas/ProbeTemplate' description: OK + summary: Create a probe template tags: - JMC Agent Templates /api/v4/probes/{probeTemplateName}: @@ -1546,10 +1711,13 @@ paths: responses: "204": description: No Content + summary: Delete the specified probe template tags: - JMC Agent Templates /api/v4/recordings: get: + description: | + List all archived recordings from all targets, including (re-)uploaded files. responses: "200": content: @@ -1565,9 +1733,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List all archived recordings tags: - Archived Recordings post: + description: | + (Re-)upload a JFR binary file into the archives. This allows for the restoration of archived files + after they have been otherwise removed, or for portability across Cryostat instances or between + Cryostat version upgrades. This can also be used to upload JFR files which were not collected by + Cryostat, so that Cryostat can be used to perform online analysis of the file. requestBody: content: application/x-www-form-urlencoded: @@ -1592,10 +1766,12 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Upload a JFR binary file to archives tags: - Archived Recordings /api/v4/recordings/{filename}: delete: + deprecated: true parameters: - in: path name: filename @@ -1611,10 +1787,19 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete an archived recording by filename tags: - Archived Recordings /api/v4/reports/{encodedKey}: get: + description: | + Given an encoded key from another endpoint, request an actual automated analysis report. If the + requested report already exists in one of the tiered caching layers then the report will be + directly returned as a JSON response body. If the report does not yet exist then the response will + contain a Job UUID as a plain text response body. Cryostat will emit a WebSocket notification later + using the same Job UUID to indicate that the report generation has been completed and the document + is now available. The client may then re-issue a request to this endpoint with the same encoded key + to retrieve the report document. parameters: - in: path name: encodedKey @@ -1635,6 +1820,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get an automated analysis report tags: - Reports /api/v4/rules: @@ -1654,6 +1840,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List all Automated Rules tags: - Rules post: @@ -1739,6 +1926,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Create a new Automated Rule tags: - Rules /api/v4/rules/{name}: @@ -1762,6 +1950,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete an Automated Rule by name tags: - Rules get: @@ -1784,9 +1973,12 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get an Automated Rule by name tags: - Rules patch: + description: | + Update Automated Rule parameters, such as whether the rule is currently active or not. parameters: - in: path name: name @@ -1815,10 +2007,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Update an Automated Rule tags: - Rules /api/v4/targets: get: + description: | + Get a list of the currently discovered targets. These are essentialy the same as the leaf nodes of + the discovery tree. See 'GET /api/v4/discovery'. responses: "200": content: @@ -1834,9 +2030,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List currently discovered targets tags: - Targets post: + description: | + Create a target definition given a JSON request body target stub. The target stub must contain the + connectUrl and alias, and optionally contain a username and password to create a Stored Credential + associated with this target. The dryrun parameter can be used to perform this operation as a check, + to verify if such a target could be created (no connectUrl conflict and acceptable credentials). parameters: - in: query name: dryrun @@ -1850,7 +2052,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Target' + $ref: '#/components/schemas/TargetStub' application/x-www-form-urlencoded: schema: properties: @@ -1890,10 +2092,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Create a target definition tags: - Custom Discovery /api/v4/targets/{id}: delete: + description: | + Delete the specified target by ID. Only allows deletion of targets that were defined by the same + Custom Target discovery API. Other targets must be removed by the discovery mechanisms which + discovered them. parameters: - in: path name: id @@ -1910,9 +2117,12 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete the specified target tags: - Custom Discovery get: + description: | + Get details about a particular target given its ID. parameters: - in: path name: id @@ -1933,10 +2143,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get a target by ID tags: - Targets /api/v4/targets/{id}/event_templates: get: + description: | + Retrieve a list of event templates available on the given target when starting recordings on the + same target. This includes all of the server's available templates, plus the templates available + specifically from the target (ex. within /usr/lib/jvm/java/lib/jfr). parameters: - in: path name: id @@ -1959,10 +2174,13 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Retrieve a list of event templates available on the given target tags: - Target Event Templates /api/v4/targets/{id}/event_templates/{templateType}/{templateName}: get: + description: | + Get the .jfc (XML) file definition for the given target event template. parameters: - in: path name: id @@ -1993,10 +2211,16 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get a specific event template tags: - Target Event Templates /api/v4/targets/{id}/events: get: + description: | + Retrieve a list of JFR event types registered within the given target. This will include all + built-in JFR types emitted by the target JVM, as well as custom event types specific to that + target JVM if they are correctly registered. Custom event types, or event types emitted by plugins + and extensions, may not always appear in this list. parameters: - in: path name: id @@ -2023,6 +2247,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List JFR event types registered within the given target tags: - Events /api/v4/targets/{id}/probes: @@ -2037,6 +2262,7 @@ paths: responses: "204": description: No Content + summary: Remove all loaded probes from the specified target tags: - JMC Agent Probes get: @@ -2056,10 +2282,13 @@ paths: $ref: '#/components/schemas/ProbeResponse' type: array description: OK + summary: List loaded probes on the specified target tags: - JMC Agent Probes /api/v4/targets/{id}/probes/{probeTemplateName}: post: + description: | + Activate a probe template (specified by template name) on the specified target (specified by ID). parameters: - in: path name: id @@ -2075,10 +2304,13 @@ paths: responses: "201": description: Created + summary: Activate a probe template on the specified target tags: - JMC Agent Probes /api/v4/targets/{targetId}/recordingOptions: get: + description: | + Retrieve a map of the current options for the specified target. parameters: - in: path name: targetId @@ -2100,9 +2332,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get the current set of options for the specified target tags: - Recording Options patch: + description: | + Set default recording options for the specified target. These options will be applied to any + recordings started on this target if no override values are specified when the recording is + created. parameters: - in: path name: targetId @@ -2136,10 +2373,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Update the recording options for the specified target tags: - Recording Options /api/v4/targets/{targetId}/recordings: get: + description: | + Retrieve a list of active recordings currently present on the specified target. This may initiate + a new remote connection to the target to update Cryostat's model of available recordings. parameters: - in: path name: targetId @@ -2162,9 +2403,17 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: List active recordings on the specified target tags: - Active Recordings post: + description: | + Create a new Flight Recording on the specified target. The recording will be immediately started + and begin capturing Flight Recording data. + The recording must be given a name (unique within the + target). An event specifier string must be included, which follows the format + "template={name},(type={type})". The type parameter is optional and the template name is required. + See the Event Templates API for more information about the values that can be used here. parameters: - in: path name: targetId @@ -2223,10 +2472,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Start a new recording on the specified target tags: - Active Recordings /api/v4/targets/{targetId}/recordings/{remoteId}: delete: + description: | + Delete a recording from the specified target. This will remove it both from Cryostat's database + as well as remove the recording and release all resources in the remote target JVM. parameters: - in: path name: remoteId @@ -2249,9 +2502,15 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Delete a recording from the specified target tags: - Active Recordings get: + description: | + Given a recording ID and a remote recording ID within that target, Cryostat will open a remote + connection to the target and pipe back a data stream containing the Flight Recording binary file + format for that recording. The client can feed this data to other tooling which ingests the JFR + binary file format. parameters: - in: path name: remoteId @@ -2279,9 +2538,13 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Download a Flight Recording binary file tags: - Active Recordings patch: + description: | + Remote recordings can be stopped by sending the request body "stop", or copied to archives by + sending the request body "save". The body is case-insensitive. parameters: - in: path name: remoteId @@ -2313,10 +2576,14 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Update a remote recording on the specified target tags: - Active Recordings /api/v4/targets/{targetId}/recordings/{remoteId}/upload: post: + description: | + Upload the current data stream of the specified recording to the jfr-datasource for online analysis + in the associated Grafana dashboard. parameters: - in: path name: remoteId @@ -2348,10 +2615,16 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Upload a recording for analysis in Grafana dashboard tags: - Active Recordings /api/v4/targets/{targetId}/reports/{recordingId}: get: + description: | + Request an automated analysis report for a particular active recording on the specified target. If + such a report already exists it will be returned directly as a JSON response body. If the report + does not yet exist then an asynchronous task for it will be started, and a Job UUID will be + sent as the plaintext response body. parameters: - in: path name: recordingId @@ -2379,6 +2652,7 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Get an automated analysis report for a particular recording on the specified target tags: - Reports /api/v4/targets/{targetId}/snapshot: @@ -2403,10 +2677,16 @@ paths: description: Not Allowed security: - SecurityScheme: [] + summary: Create a JFR Snapshot on the specified target tags: - Snapshots /api/v4/tls/certs: get: + description: | + In addition to the standard system/OpenJDK certificate trust store, Cryostat can be configured to + trust additional certificates which may be presented by target JVM JMX servers or by Cryostat Agent + HTTPS servers. This endpoint returns a list of local file paths to additional certificate files, + which Cryostat will have loaded into an additional trust store at startup. responses: "200": content: @@ -2416,10 +2696,16 @@ paths: type: string type: array description: OK + summary: List additional trusted SSL/TLS certificates tags: - Trust Store /health: get: + description: | + Returns a map indicating whether various external components (ex. + jfr-datasource, grafana-dashboard) are configured and whether those + components can be reached by the Cryostat application. Also includes + application semantic version and build information. responses: "200": content: @@ -2427,12 +2713,26 @@ paths: schema: $ref: '#/components/schemas/ApplicationHealth' description: OK + summary: Check the overall status of the application tags: - Health /health/liveness: get: + description: | + Performs a no-op on a worker thread. This is a simply check to determine if + the application has available threads to service requests. HTTP 204 No Content + is the only expected response. If the application is not live and no worker + threads are available, then the client will never receive a response. responses: "204": description: No Content + summary: Check if the application is able to accept and respond to requests. tags: - Health +tags: + - description: | + Endpoints for Discovery Plugins to register with a Cryostat instance, refresh their registration + token, publish information about known targets, and unregister themselves. + + The reference implementation of a Discovery Plugin is the Cryostat Agent. + name: Discovery diff --git a/schema/schema.graphql b/schema/schema.graphql index 28f05aeaa..c9595a134 100644 --- a/schema/schema.graphql +++ b/schema/schema.graphql @@ -50,7 +50,9 @@ type Annotations { type ArchivedRecording { archivedTime: BigInteger! + "Delete an archived recording" doDelete: ArchivedRecording! + "Update the metadata associated with an archived recording" doPutMetadata(metadataInput: MetadataLabelsInput): ArchivedRecording! downloadUrl: String jvmId: String @@ -160,6 +162,7 @@ type OperatingSystemMetrics { "Query root" type Query { + "List archived recordings" archivedRecordings(filter: ArchivedRecordingsFilterInput): ArchivedRecordings "Get all environment nodes in the discovery tree with optional filtering" environmentNodes(filter: DiscoveryNodeFilterInput): [DiscoveryNode] @@ -177,7 +180,9 @@ type RecordingAggregateInfo { } type Recordings { + "List and optionally filter active recordings belonging to a Target" active(filter: ActiveRecordingsFilterInput): ActiveRecordings + "List and optionally filter archived recordings belonging to a Target" archived(filter: ArchivedRecordingsFilterInput): ArchivedRecordings } @@ -226,10 +231,12 @@ type Suggestion { } type Target { + "Retrieve a list of active recordings currently available on the target" activeRecordings(filter: ActiveRecordingsFilterInput): ActiveRecordings agent: Boolean! alias: String! annotations: Annotations! + "Retrieve a list of archived recordings belonging to the target" archivedRecordings(filter: ArchivedRecordingsFilterInput): ArchivedRecordings connectUrl: String! "Create a new Flight Recorder Snapshot on the specified Target" @@ -246,6 +253,12 @@ type Target { mbeanMetrics: MBeanMetrics "Get the active and archived recordings belonging to this target" recordings: Recordings + """ + Retrieve an automated analysis report from the selected target(s). If there is no report currently + available then this request will not cause a report to be generated, and instead it will return an empty + result. Report generation may be an expensive operation, especially if many reports are to be generated at + once, and should not be triggered by broad GraphQL selections. + """ report: Report } diff --git a/src/main/java/io/cryostat/BuildInfo.java b/src/main/java/io/cryostat/BuildInfo.java index 36343cb23..06f9cd2ba 100644 --- a/src/main/java/io/cryostat/BuildInfo.java +++ b/src/main/java/io/cryostat/BuildInfo.java @@ -25,6 +25,7 @@ import jakarta.inject.Inject; import org.jboss.logging.Logger; +/** Describes the current build of the application. Contains information about the VCS commit. */ @ApplicationScoped public class BuildInfo { diff --git a/src/main/java/io/cryostat/ConfigProperties.java b/src/main/java/io/cryostat/ConfigProperties.java index f78921829..929f7f128 100644 --- a/src/main/java/io/cryostat/ConfigProperties.java +++ b/src/main/java/io/cryostat/ConfigProperties.java @@ -15,6 +15,7 @@ */ package io.cryostat; +/** Java constants corresponding to configuration keys set in application.properties. */ public class ConfigProperties { public static final String AWS_BUCKET_NAME_ARCHIVES = "storage.buckets.archives.name"; public static final String AWS_BUCKET_NAME_EVENT_TEMPLATES = diff --git a/src/main/java/io/cryostat/Cryostat.java b/src/main/java/io/cryostat/Cryostat.java index 09b3ce8c2..01832ed48 100644 --- a/src/main/java/io/cryostat/Cryostat.java +++ b/src/main/java/io/cryostat/Cryostat.java @@ -23,6 +23,10 @@ import io.quarkus.runtime.QuarkusApplication; import io.quarkus.runtime.annotations.QuarkusMain; +/** + * Main application entrypoint. Perform any required early initialization tasks, then kick off the + * webserver. + */ @QuarkusMain public class Cryostat { diff --git a/src/main/java/io/cryostat/ExceptionMappers.java b/src/main/java/io/cryostat/ExceptionMappers.java index 03139f07b..dba1b2ea8 100644 --- a/src/main/java/io/cryostat/ExceptionMappers.java +++ b/src/main/java/io/cryostat/ExceptionMappers.java @@ -37,6 +37,14 @@ import software.amazon.awssdk.services.s3.model.NoSuchKeyException; import software.amazon.awssdk.services.s3.model.S3Exception; +/** + * Map uncaught exceptions at the endpoint level to REST responses. For example, without a + * corresponding exception mapper, an uncaught jakarta.persistence.NoResultException would result in + * the web server responding with an HTTP 500 Internal Server Error (the default behaviour for all + * uncaught exceptions). Defining a mapper for NoResultException allows the global behaviour to be + * overridden to an HTTP 404 Not Found response. Individual endpoints may still use standard + * try-catch handling to deal with NoResultExceptions in other ways as needed. + */ public class ExceptionMappers { @Inject Logger logger; diff --git a/src/main/java/io/cryostat/Health.java b/src/main/java/io/cryostat/Health.java index b9a867753..bb6f74d1e 100644 --- a/src/main/java/io/cryostat/Health.java +++ b/src/main/java/io/cryostat/Health.java @@ -37,8 +37,10 @@ import jakarta.ws.rs.core.MediaType; import org.apache.commons.lang3.StringUtils; import org.eclipse.microprofile.config.inject.ConfigProperty; +import org.eclipse.microprofile.openapi.annotations.Operation; import org.jboss.logging.Logger; +/** Status and configuration verification for the application. */ @Path("") class Health { @@ -70,6 +72,15 @@ class Health { @Blocking @Path("/health") @PermitAll + @Operation( + summary = "Check the overall status of the application", + description = + """ + Returns a map indicating whether various external components (ex. + jfr-datasource, grafana-dashboard) are configured and whether those + components can be reached by the Cryostat application. Also includes + application semantic version and build information. + """) public ApplicationHealth health() { CompletableFuture datasourceAvailable = new CompletableFuture<>(); CompletableFuture dashboardAvailable = new CompletableFuture<>(); @@ -113,12 +124,31 @@ public ApplicationHealth health() { @Blocking @Path("/health/liveness") @PermitAll + @Operation( + summary = "Check if the application is able to accept and respond to requests.", + description = + """ + Performs a no-op on a worker thread. This is a simply check to determine if + the application has available threads to service requests. HTTP 204 No Content + is the only expected response. If the application is not live and no worker + threads are available, then the client will never receive a response. + """) public void liveness() {} @GET @Path("/api/v4/grafana_dashboard_url") @PermitAll @Produces({MediaType.APPLICATION_JSON}) + @Operation( + summary = + "Return the URL which users can visit to access the associated Grafana" + + " dashboard instance.", + description = + """ + Returns the URL for the associated Grafana dashboard instance. If there is an internally-accessible + (for Cryostat) URL and an externally-accessible URL (for users) URL, the externally-accessible URL + is preferred. If neither are configured then the response is an HTTP 400 Bad Request. + """) public DashboardUrl grafanaDashboardUrl() { String url = dashboardExternalURL.orElseGet( @@ -130,6 +160,14 @@ public DashboardUrl grafanaDashboardUrl() { @Path("/api/v4/grafana_datasource_url") @PermitAll @Produces({MediaType.APPLICATION_JSON}) + @Operation( + summary = "Return the URL to the associated jfr-datasource instance.", + description = + """ + Returns the URL for the jfr-datasource instance which Cryostat is configured to use. This datasource + accepts JFR file uploads from Cryostat and allows the Grafana dashboard to perform queries on the + data within the recording file. + """) public DatasourceUrl grafanaDatasourceUrl() { String url = datasourceURL.orElseThrow(() -> new BadRequestException()); return new DatasourceUrl(url); diff --git a/src/main/java/io/cryostat/JsonRequestFilter.java b/src/main/java/io/cryostat/JsonRequestFilter.java index affac89d9..86eb74663 100644 --- a/src/main/java/io/cryostat/JsonRequestFilter.java +++ b/src/main/java/io/cryostat/JsonRequestFilter.java @@ -34,6 +34,7 @@ import jakarta.ws.rs.ext.Provider; @Provider +/** Filter incoming request bodies or outgoing response bodies to scrub particular content. */ public class JsonRequestFilter implements ContainerRequestFilter { static final Set disallowedFields = Set.of("id"); diff --git a/src/main/java/io/cryostat/ProgressInputStream.java b/src/main/java/io/cryostat/ProgressInputStream.java index 075cdbec1..f11f6b3e0 100644 --- a/src/main/java/io/cryostat/ProgressInputStream.java +++ b/src/main/java/io/cryostat/ProgressInputStream.java @@ -20,6 +20,10 @@ import org.apache.commons.io.input.ProxyInputStream; +/** + * An InputStream which informs a provided {@link java.util.function.Consumer} about the number of + * bytes read each time a chunk is read from this stream. + */ public class ProgressInputStream extends ProxyInputStream { private final Consumer onUpdate; diff --git a/src/main/java/io/cryostat/StorageBuckets.java b/src/main/java/io/cryostat/StorageBuckets.java index 87b9fa9bd..dc8c8e7fc 100644 --- a/src/main/java/io/cryostat/StorageBuckets.java +++ b/src/main/java/io/cryostat/StorageBuckets.java @@ -35,6 +35,10 @@ import software.amazon.awssdk.services.s3.model.CreateBucketRequest; import software.amazon.awssdk.services.s3.model.HeadBucketRequest; +/** + * Utility for interacting with S3 object storage buckets. Use to ensure that the S3 object storage + * meets the application requirements, ex. that the expected buckets exist. + */ @ApplicationScoped public class StorageBuckets { diff --git a/src/main/java/io/cryostat/credentials/Credential.java b/src/main/java/io/cryostat/credentials/Credential.java index 324efaa9d..f5c3b834a 100644 --- a/src/main/java/io/cryostat/credentials/Credential.java +++ b/src/main/java/io/cryostat/credentials/Credential.java @@ -42,6 +42,21 @@ import org.hibernate.annotations.ColumnTransformer; import org.projectnessie.cel.tools.ScriptException; +/** + * Stored Credentials are used for communicating with secured remote targets. Target JMX servers may + * (should) be configured to require authentication from clients like Cryostat. Cryostat needs to be + * able to establish connections to these targets and pass their authentication checks, and needs to + * be able to do so without prompting a user for credentials every time, therefore the credentials + * for remote targets are stored in this encrypted keyring. Each Credential instance has a single + * username and password, as well as a {@link io.cryostat.expressions.MatchExpression} which should + * evaluate to match one or more target applications which Cryostat has discovered or will discover. + * The entire database table containing these credentials is encrypted using the Postgres 'pgcrypto' + * module and pgp symmetric encryption/decryption. The encryption key is set by configuration on the + * database deployment. Whenever Cryostat attempts to open a network connection to a target (see + * {@link io.cryostat.targets.TargetConnectionManager}) it will first check for any Credentials that + * match the target, then use the first matching Credential (see + * https://github.com/cryostatio/cryostat/issues/376) + */ @Entity @EntityListeners(Credential.Listener.class) public class Credential extends PanacheEntity { diff --git a/src/main/java/io/cryostat/credentials/Credentials.java b/src/main/java/io/cryostat/credentials/Credentials.java index 984408015..26d95026f 100644 --- a/src/main/java/io/cryostat/credentials/Credentials.java +++ b/src/main/java/io/cryostat/credentials/Credentials.java @@ -49,6 +49,7 @@ import jakarta.ws.rs.core.Context; import jakarta.ws.rs.core.UriInfo; import org.eclipse.microprofile.config.inject.ConfigProperty; +import org.eclipse.microprofile.openapi.annotations.Operation; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.RestForm; import org.jboss.resteasy.reactive.RestPath; @@ -117,6 +118,10 @@ private void createFromFile(java.nio.file.Path path) { @Blocking @RolesAllowed("read") @Path("/test/{targetId}") + @Operation( + summary = + "Test if the supplied username/password are valid credentials for the specified" + + " target.") public Uni checkCredentialForTarget( @RestPath long targetId, @RestForm String username, @RestForm String password) throws URISyntaxException { @@ -155,6 +160,14 @@ public Uni checkCredentialForTarget( @Blocking @GET @RolesAllowed("read") + @Operation( + summary = "List information about all of the available Stored Credentials.", + description = + """ + Returns a list of match results. A match result includes the Stored Credential's ID, + its Match Expression, and a list of currently discovered Targets which match that expression + and are therefore candidates for Cryostat to select this Credential. + """) public List list() { return Credential.listAll().stream() .map( @@ -174,6 +187,14 @@ public List list() { @GET @RolesAllowed("read") @Path("/{id}") + @Operation( + summary = "Get information about a Stored Credential", + description = + """ + Get match result information about a specific Stored Credential. A match result includes the Stored + Credential's ID, its Match Expression, and a list of currently discovered Targets which match that + expression and are therefore candidates for Cryostat to select this Credential. + """) public CredentialMatchResult get(@RestPath long id) { try { Credential credential = Credential.find("id", id).singleResult(); @@ -187,6 +208,15 @@ public CredentialMatchResult get(@RestPath long id) { @Transactional @POST @RolesAllowed("write") + @Operation( + summary = "Define a new Stored Credential", + description = + """ + Define a new Stored Credential. Requires a match expression which defines which targets require + this credential, and the username and password to use to pass authentication checks on those + targets. Stored Credentials are stored in an encrypted keyring using symmetric encryption and an + encryption key configured on the Cryostat database. + """) public RestResponse create( @Context UriInfo uriInfo, @RestForm String matchExpression, @@ -209,6 +239,7 @@ public RestResponse create( @DELETE @RolesAllowed("write") @Path("/{id}") + @Operation(summary = "Delete a Stored Credential") public void delete(@RestPath long id) { Credential.find("id", id).singleResult().delete(); } diff --git a/src/main/java/io/cryostat/credentials/CredentialsFinder.java b/src/main/java/io/cryostat/credentials/CredentialsFinder.java index 52239c820..3148a4de5 100644 --- a/src/main/java/io/cryostat/credentials/CredentialsFinder.java +++ b/src/main/java/io/cryostat/credentials/CredentialsFinder.java @@ -31,6 +31,10 @@ import org.jboss.logging.Logger; import org.projectnessie.cel.tools.ScriptException; +/** + * Utility for mapping and caching {@link io.cryostat.targets.Target} to associated {@link + * io.cryostat.credentials.Credential}. + */ @ApplicationScoped public class CredentialsFinder { diff --git a/src/main/java/io/cryostat/diagnostic/Diagnostics.java b/src/main/java/io/cryostat/diagnostic/Diagnostics.java index 1ae118f41..b729922f3 100644 --- a/src/main/java/io/cryostat/diagnostic/Diagnostics.java +++ b/src/main/java/io/cryostat/diagnostic/Diagnostics.java @@ -23,6 +23,7 @@ import jakarta.inject.Inject; import jakarta.ws.rs.POST; import jakarta.ws.rs.Path; +import org.eclipse.microprofile.openapi.annotations.Operation; import org.jboss.resteasy.reactive.RestPath; @Path("/api/beta/diagnostics/targets/{targetId}") @@ -34,6 +35,13 @@ public class Diagnostics { @RolesAllowed("write") @Blocking @POST + @Operation( + summary = "Initiate a garbage collection on the specified target", + description = + """ + Request the remote target to perform a garbage collection. The target JVM is free to ignore this + request. This is generally equivalent to a System.gc() call made within the target JVM. + """) public void gc(@RestPath long targetId) { targetConnectionManager.executeConnectedTask( Target.getTargetById(targetId), diff --git a/src/main/java/io/cryostat/discovery/ContainerDiscovery.java b/src/main/java/io/cryostat/discovery/ContainerDiscovery.java index a959749e6..60e399039 100644 --- a/src/main/java/io/cryostat/discovery/ContainerDiscovery.java +++ b/src/main/java/io/cryostat/discovery/ContainerDiscovery.java @@ -70,6 +70,7 @@ import org.eclipse.microprofile.config.inject.ConfigProperty; import org.jboss.logging.Logger; +/** Discovery mechanism for Docker and Podman container engines. */ @ApplicationScoped class PodmanDiscovery extends ContainerDiscovery { @ConfigProperty(name = "cryostat.discovery.podman.enabled") diff --git a/src/main/java/io/cryostat/discovery/CustomDiscovery.java b/src/main/java/io/cryostat/discovery/CustomDiscovery.java index 0367a65c3..669c97170 100644 --- a/src/main/java/io/cryostat/discovery/CustomDiscovery.java +++ b/src/main/java/io/cryostat/discovery/CustomDiscovery.java @@ -52,6 +52,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.exception.ExceptionUtils; import org.eclipse.microprofile.config.inject.ConfigProperty; +import org.eclipse.microprofile.openapi.annotations.Operation; import org.hibernate.exception.ConstraintViolationException; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.RestForm; @@ -60,6 +61,13 @@ import org.jboss.resteasy.reactive.RestResponse; import org.jboss.resteasy.reactive.RestResponse.ResponseBuilder; +/** + * Discovery implementation that allows user-defined {@link io.cryostat.target.Target} definitions. + * These can be created or deleted at will by any authenticated and authorized user. This is mainly + * intended for ad-hoc connections to short-lived target instances, or cases where Cryostat is only + * deployed for a short term. For long-lived Cryostat installations monitoring regular target + * applications other discovery mechanisms should be preferred. + */ @ApplicationScoped @Path("") public class CustomDiscovery { @@ -81,6 +89,15 @@ public class CustomDiscovery { @Path("/api/v4/targets") @Consumes(MediaType.APPLICATION_JSON) @RolesAllowed("write") + @Operation( + summary = "Create a target definition", + description = + """ + Create a target definition given a JSON request body target stub. The target stub must contain the + connectUrl and alias, and optionally contain a username and password to create a Stored Credential + associated with this target. The dryrun parameter can be used to perform this operation as a check, + to verify if such a target could be created (no connectUrl conflict and acceptable credentials). + """) public RestResponse create( @Context UriInfo uriInfo, TargetStub target, @@ -94,6 +111,15 @@ public RestResponse create( @Path("/api/v4/targets") @Consumes({MediaType.MULTIPART_FORM_DATA, MediaType.APPLICATION_FORM_URLENCODED}) @RolesAllowed("write") + @Operation( + summary = "Create a target definition", + description = + """ + Create a target definition given a form (url-encoded or multipart) containing a target connectUrl + and alias, and optional username and password. The dryrun parameter can be used to perform this + operation as a check, to verify if such a target could be created (no connectUrl conflict and + acceptable credentials). + """) public RestResponse createForm( @Context UriInfo uriInfo, @RestForm URI connectUrl, @@ -194,6 +220,14 @@ RestResponse doCreate( @DELETE @Path("/api/v4/targets/{id}") @RolesAllowed("write") + @Operation( + summary = "Delete the specified target", + description = + """ + Delete the specified target by ID. Only allows deletion of targets that were defined by the same + Custom Target discovery API. Other targets must be removed by the discovery mechanisms which + discovered them. + """) public void delete(@RestPath long id) throws URISyntaxException { Target target = Target.find("id", id).singleResult(); DiscoveryNode realm = DiscoveryNode.getRealm(REALM).orElseThrow(); diff --git a/src/main/java/io/cryostat/discovery/Discovery.java b/src/main/java/io/cryostat/discovery/Discovery.java index d0afeaa84..60156c379 100644 --- a/src/main/java/io/cryostat/discovery/Discovery.java +++ b/src/main/java/io/cryostat/discovery/Discovery.java @@ -67,6 +67,8 @@ import jakarta.ws.rs.core.UriBuilder; import org.apache.commons.lang3.StringUtils; import org.eclipse.microprofile.config.inject.ConfigProperty; +import org.eclipse.microprofile.openapi.annotations.Operation; +import org.eclipse.microprofile.openapi.annotations.tags.Tag; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.RestPath; import org.jboss.resteasy.reactive.RestQuery; @@ -154,6 +156,7 @@ void onStop(@Observes ShutdownEvent evt) throws SchedulerException { @GET @Path("/api/v4/discovery") @RolesAllowed("read") + @Operation(summary = "Retrieve the entire discovery tree.") public DiscoveryNode get() { return DiscoveryNode.getUniverse(); } @@ -161,6 +164,14 @@ public DiscoveryNode get() { @GET @Path("/api/v4/discovery/{id}") @RolesAllowed("read") + @Tag(ref = "Discovery") + @Operation( + summary = "Endpoint for discovery plugins to check their own registration status", + description = + """ + Endpoint for discovery plugins to check their own current registration status, ie. whether their + registration ID is still known and their current token is still valid. + """) public void checkRegistration( @Context RoutingContext ctx, @RestPath UUID id, @RestQuery String token) { DiscoveryPlugin plugin = DiscoveryPlugin.find("id", id).singleResult(); @@ -183,6 +194,24 @@ public void checkRegistration( @Consumes(MediaType.APPLICATION_JSON) @RolesAllowed("write") @SuppressFBWarnings("DLS_DEAD_LOCAL_STORE") + @Tag( + name = "Discovery", + description = + """ + Endpoints for Discovery Plugins to register with a Cryostat instance, refresh their registration + token, publish information about known targets, and unregister themselves. + + The reference implementation of a Discovery Plugin is the Cryostat Agent. + """) + @Operation( + summary = "Register as a new discovery plugin or refresh existing registration", + description = + """ + Register a new discovery plugin, or refresh an existing plugin's registration and generate a new + token. New registrations require the realm and callback fields. Registration refreshers + additionally require the id and token fields, which are supplied in the response to the original + registration. + """) public PluginRegistration register(@Context RoutingContext ctx, JsonObject body) throws SchedulerException { String pluginId = body.getString("id"); @@ -350,6 +379,16 @@ public PluginRegistration register(@Context RoutingContext ctx, JsonObject body) @Path("/api/v4/discovery/{id}") @Consumes(MediaType.APPLICATION_JSON) @PermitAll + @Tag(ref = "Discovery") + @Operation( + summary = "Publish updated target discovery information", + description = + """ + Using its plugin ID and current token, a discovery plugin uses this endpoint to publish a JSON + request body containing a list of discovery nodes. The discovery plugin itself is a Realm node in + the overall discovery tree, so the published list of nodes here will replace the plugin Realm + node's list of children. + """) public void publish( @Context RoutingContext ctx, @RestPath UUID id, @@ -411,6 +450,14 @@ public void publish( @DELETE @Path("/api/v4/discovery/{id}") @PermitAll + @Tag(ref = "Discovery") + @Operation( + summary = "Delete the given plugin's registration", + description = + """ + Delete the plugin's registration along with its discovery Realm node and all of its children. This + is used when a discovery plugin is shutting down. + """) public void deregister(@Context RoutingContext ctx, @RestPath UUID id, @RestQuery String token) throws SchedulerException { DiscoveryPlugin plugin = DiscoveryPlugin.find("id", id).singleResult(); @@ -441,6 +488,13 @@ public void deregister(@Context RoutingContext ctx, @RestPath UUID id, @RestQuer @JsonView(DiscoveryNode.Views.Flat.class) @Path("/api/v4/discovery_plugins") @RolesAllowed("read") + @Tag(ref = "Discovery") + @Operation( + summary = "List currently registered discovery plugins", + description = + """ + Retrieve a list of currently registered discovery plugins only, not including their subtrees. + """) public List getPlugins(@RestQuery String realm) { // TODO filter for the matching realm name within the DB query return DiscoveryPlugin.findAll().list().stream() @@ -451,10 +505,24 @@ public List getPlugins(@RestQuery String realm) { @GET @Path("/api/v4/discovery_plugins/{id}") @RolesAllowed("read") + @Tag(ref = "Discovery") + @Operation( + summary = "Retrieve a specific discovery plugin", + description = + """ + Retrieve information about a specific discovery plugin, including its discovery Realm node and + subtree. + """) public DiscoveryPlugin getPlugin(@RestPath UUID id) { return DiscoveryPlugin.find("id", id).singleResult(); } + /** + * Check that discovery plugins are still alive/reachable and prompt them to regenerate expiring + * tokens. Plugins are issued short-lived tokens at registration time. Cryostat periodically + * pings plugins to ensure they are still alive/reachable and to prompt them to request a fresh + * token if their token will be expiring soon. + */ @SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE") static class RefreshPluginJob implements Job { @Inject Logger logger; diff --git a/src/main/java/io/cryostat/discovery/DiscoveryNode.java b/src/main/java/io/cryostat/discovery/DiscoveryNode.java index a8967f868..ebead587a 100644 --- a/src/main/java/io/cryostat/discovery/DiscoveryNode.java +++ b/src/main/java/io/cryostat/discovery/DiscoveryNode.java @@ -61,6 +61,15 @@ import org.hibernate.type.SqlTypes; import org.jboss.logging.Logger; +/** + * Represents a node in the overall discovery tree. Nodes either have a {@link + * io.cryostat.targets.Target} reference or a list of children (which are also DiscoveryNodes), + * never both. A node with a target, known as a TargetNode, represents a discovered JVM process. A + * node with a list of children, known as an EnvironmentMode, represents some intermediate object + * such as a {@link io.cryostat.discovery.DiscoveryPlugin}, a Podman Pod, a Kubernetes Deployment, + * etc. All {@link io.cryostat.targets.Target} instances are associated with a DiscoveryNode which + * places them in the tree. + */ @Entity @EntityListeners(DiscoveryNode.Listener.class) @NamedQueries({ diff --git a/src/main/java/io/cryostat/discovery/DiscoveryPlugin.java b/src/main/java/io/cryostat/discovery/DiscoveryPlugin.java index cd6c2a630..f62cae5a5 100644 --- a/src/main/java/io/cryostat/discovery/DiscoveryPlugin.java +++ b/src/main/java/io/cryostat/discovery/DiscoveryPlugin.java @@ -55,6 +55,12 @@ import org.hibernate.annotations.GenericGenerator; import org.jboss.logging.Logger; +/** + * DiscoveryPlugin instances track registrations of discovery plugins. The reference implementation + * for a discovery plugin is the Cryostat Agent. Plugins communicate with Cryostat via the {@link + * io.cryostat.discovery.Discovery} API endpoints. Registration through that API generates a + * DiscoveryPlugin record to place that plugin into the discovery tree. + */ @Entity @EntityListeners(DiscoveryPlugin.Listener.class) public class DiscoveryPlugin extends PanacheEntityBase { diff --git a/src/main/java/io/cryostat/discovery/JDPDiscovery.java b/src/main/java/io/cryostat/discovery/JDPDiscovery.java index 9cbfe1106..7295c0710 100644 --- a/src/main/java/io/cryostat/discovery/JDPDiscovery.java +++ b/src/main/java/io/cryostat/discovery/JDPDiscovery.java @@ -45,6 +45,7 @@ import org.eclipse.microprofile.config.inject.ConfigProperty; import org.jboss.logging.Logger; +/** Discovery mechanism for the Java Discovery Protocol (multicast). */ @ApplicationScoped public class JDPDiscovery implements Consumer { diff --git a/src/main/java/io/cryostat/discovery/KubeApiDiscovery.java b/src/main/java/io/cryostat/discovery/KubeApiDiscovery.java index 938289cb3..150ad85d7 100644 --- a/src/main/java/io/cryostat/discovery/KubeApiDiscovery.java +++ b/src/main/java/io/cryostat/discovery/KubeApiDiscovery.java @@ -67,6 +67,14 @@ import org.eclipse.microprofile.config.inject.ConfigProperty; import org.jboss.logging.Logger; +/** + * Discovery mechanism for Kubernetes and derivatives. Uses a Kubernetes client to communicate with + * the k8s API server. This works by querying for Endpoint objects, which represent + * tuples on k8s Services and therefore map to Pods (and therefore containers running JVMs), then + * constructing a subtree by chasing owner references from the Endpoint object until the ownership + * chain either ends or hits a Namespace object. Intermediate nodes across these chains are reused + * so that common ancestors are shared and a tree is formed, rather than a list of lists. + */ @ApplicationScoped public class KubeApiDiscovery implements ResourceEventHandler { diff --git a/src/main/java/io/cryostat/events/EventTemplates.java b/src/main/java/io/cryostat/events/EventTemplates.java index 7a7a95a7b..647f82aad 100644 --- a/src/main/java/io/cryostat/events/EventTemplates.java +++ b/src/main/java/io/cryostat/events/EventTemplates.java @@ -41,6 +41,7 @@ import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.UriInfo; import org.apache.commons.lang3.StringUtils; +import org.eclipse.microprofile.openapi.annotations.Operation; import org.jboss.logging.Logger; import org.jboss.resteasy.reactive.RestForm; import org.jboss.resteasy.reactive.RestPath; @@ -69,6 +70,14 @@ public class EventTemplates { @GET @Blocking @RolesAllowed("read") + @Operation( + summary = "List server event templates", + description = + """ + Retrieve a list of templates available on this Cryostat server. These templates can be applied to + recordings started on any discovered target, but any event configurations within the template which + reference events that do not exist on the target will be ignored. + """) public List