Policy Agent REST API

About REST API

Policy agent REST API (“REST API”) enables you to interact with the policy agent instance using HTTP-requests.

REST API offers a read-only access to the policy agent operational data. Via REST API you can retrieve agent configuration, operational status of agent’s interfaces and connections, information on application’s network and service endpoints, records stored in agent’s DNS resolver database. All responses are returned in json.

Additionally, REST API allows you to add and delete network endpoints. This functionality is used by Kubernetes CNI plugins to dynamically set up network endpoint for each pod. As such, it is highly recommended to keep REST API bound to the localhost interface, to which it is attached by default.

Policy Agent REST API

Fig. 105 FIG. Workload node with policy agent

Also, policy agent REST API works as an interface between Resolver and Policy Agent database with DNS records.

REST API is set up automatically when the agent starts on the workload node. By default, REST API is exposed on 127.0.0.1:5500. You can change the interface address and port number in the agent configuration file using a text editor or agent’s ib-configure utility. To apply the new configuration you need to reload the agent.

Configuring REST API

Configuration file

REST API configuration is stored in the ib-agent.conf file located on the workload node at:

~/etc/ib-agent.conf

The file contains REST API configuration details in the section titled [rest]. To verify information in the configuration file, run the command:

]$ cat /etc/ib-agent.conf
[agent]
controller = controller-texas2270.texasinc.poc.bayware.io
location = azr1
local_domain = ib.loc
token_file = /opt/bayware/ib-agent/conf/tokens.dat
log_file = /var/log/ib-agent/ib-agent.log
log_level = INFO

[net_iface]
name = ib-fab0
address = 192.168.250.0/24

[ctl_iface]
name = ib-ctl0

[mirror_iface]
name = ib-mon0

[cert]
ca_cert = /opt/bayware/certs/ca.crt
node_cert = /opt/bayware/certs/node.crt
node_key = /opt/bayware/certs/node.key

[rest]
rest_ip = 127.0.0.1
rest_port = 5500
log_file = /var/log/ib-agent/ib-agent-rest.log
log_level = WARNING

[resolver]
log_file = /var/log/ib-agent/ib-agent-resolver.log
log_level = WARNING
file_size = 100000
backup_count = 5
dns_port = 5053

Configuration commands

To change REST API configuration, use the policy agent configuration tool called ib-configure and located on the workload node at:

~/opt/bayware/ib-agent/bin/ib-configure

The tool enables you to change the IP address and/or TCP port on which Agent exposes its REST API.

The following commands require super-user privileges, so become root:

]$ sudo su -

Now, to bind the REST API to a different network interface on the node, run the command:

]# /opt/bayware/ib-agent/bin/ib-configure -a <IPv4_address>

To bind the REST API to a different TCP port on the same interface, run the command:

]# /opt/bayware/ib-agent/bin/ib-configure -r <TCP_port>

On a successful command execution, the tool will return the response as shown below:

]# /opt/bayware/ib-agent/bin/ib-configure -r 5500
agent configuration completed successfully

To apply the configuration changes, you need to reload the agent using the command:

]# systemctl reload ib-agent

Getting started with REST API

Making the first request

Here is an example of the REST API request and response (jq in this and other examples is used only for formatting):

]$  curl -s http://127.0.0.1:5500/api/v1/service/resolver | jq
{
  "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  },
  "aws2.originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  },
  "originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  }
}

Available resources

Policy agent REST API supports various categories of information, or various resources, that can be returned, such as:

  • CERT
  • CONNECTION
  • IFACE
  • NETWORK_ENDPOINT
  • SERVICE
  • STATUS
/cert
Certificate is used to verify a node certificate employed by the policy agent. You can only fetch data.
/connection
Connection is used to verify a current operational status of the logical connection between the workload and processor established by the policy agent. You can only fetch data.
/iface
Iface is used to verify a current operational status of the network interfaces managed by the policy agent. You can only fetch data.
/network_endpoint
Network endpoint is used to verify a current operational status of the network endpoints managed by the policy agent. You can only fetch data.
/service
Service is used to verify a current operational status of the service endpoints managed by the policy agent. You can only fetch data.
/status
Status is used to verify a current operational status of the policy agent. You can only fetch data.

Using REST API

Certificate object

Certificate object has only one endpoint.

GET /cert

Get the certificate.

HTTP request for this endpoint is shown below.

GET /api/v1/service/cert HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/cert | jq -R 'split("\\n")'
[
  "{\"result\":{\"x509\":\"Certificate:",
  "    Data:",
  "        Version: 3 (0x2)",
  "        Serial Number:",
  "            1e:f6:87:56:6d:7f:97:d7:27:d7:50:70:50:d7:b8:b5:dc:da:13:de",
  "        Signature Algorithm: sha256WithRSAEncryption",
  "        Issuer: O=texasinc, DC=texas2270, CN=texas-c0",
  "        Validity",
  "            Not Before: Aug 14 21:10:35 2019 GMT",
  "            Not After : Aug 11 21:10:35 2029 GMT",
  "        Subject: O=texasinc, DC=texas2270, DC=workload, CN=azr1-w01-texas2270",
  "        Subject Public Key Info:",
  "            Public Key Algorithm: rsaEncryption",
  "                RSA Public-Key: (2048 bit)",
  "                Modulus:",
  "                    00:be:01:be:35:18:b7:85:fc:8e:c8:9d:da:d2:27:",
  "                    57:13:6b:8c:ab:cb:cf:39:15:f9:cf:b3:5d:d4:3e:",
  "                    b3:9d:82:aa:1d:86:f5:b0:98:58:7f:32:18:50:f8:",
  "                    61:ae:60:f6:43:2a:28:3f:99:83:cc:15:dd:ec:aa:",
  "                    84:ac:c0:00:df:4d:a8:84:14:0a:94:ba:a8:37:3d:",
  "                    84:c6:9c:ad:d5:ac:43:01:d0:86:07:36:c7:b6:5c:",
  "                    c5:78:4b:de:ca:a5:d9:83:60:a9:bb:c1:1d:05:b0:",
  "                    e8:71:5e:7f:45:98:77:3d:07:58:42:16:f1:0e:79:",
  "                    5b:a4:22:95:0e:6c:cb:98:20:b7:d8:75:f6:69:1f:",
  "                    88:c3:07:5c:56:96:12:d0:6f:00:60:14:3e:33:cc:",
  "                    67:22:26:bf:ba:2e:59:a8:a2:e9:25:97:bc:6c:35:",
  "                    54:ee:ef:e7:c3:fd:26:dd:5f:8b:40:71:9a:f0:63:",
  "                    61:ac:b1:be:d2:3f:1e:98:50:6f:49:58:c9:12:51:",
  "                    1f:48:61:5a:50:9a:45:51:4b:8a:fe:39:01:8e:df:",
  "                    33:b3:68:34:da:a5:96:94:c1:16:4f:ae:d4:75:91:",
  "                    0b:fc:ca:b6:69:97:a2:e8:ba:98:17:e7:ef:e6:5d:",
  "                    1f:96:0c:58:d9:91:13:51:f6:4e:f9:9f:80:1d:c3:",
  "                    43:c9",
  "                Exponent: 65537 (0x10001)",
  "        X509v3 extensions:",
  "            X509v3 Key Usage: critical",
  "                Digital Signature, Key Encipherment",
  "            X509v3 Extended Key Usage: ",
  "                TLS Web Server Authentication, TLS Web Client Authentication",
  "            X509v3 Basic Constraints: critical",
  "                CA:FALSE",
  "            X509v3 Subject Key Identifier: ",
  "                55:E5:A6:58:32:83:D6:D6:64:3A:E8:87:BC:BE:63:71:BC:72:B4:A6",
  "            X509v3 Authority Key Identifier: ",
  "                keyid:C1:F6:2F:CD:CF:70:9F:99:8B:2E:F8:B1:54:1E:08:C4:46:73:AA:19",
  "",
  "    Signature Algorithm: sha256WithRSAEncryption",
  "         a1:3e:76:a6:d1:62:a3:c2:73:e4:2a:9d:b6:12:2a:22:48:1f:",
  "         63:f5:f1:c4:f6:5f:e7:66:63:51:e4:9e:bc:02:87:a6:90:cd:",
  "         e7:39:04:ec:ac:9d:58:42:95:ff:f0:34:72:a2:f1:4a:67:bf:",
  "         f7:da:6f:ee:b9:bc:f8:51:27:5d:6e:e7:e9:89:c1:88:e9:f8:",
  "         73:fd:b4:1c:fd:f8:41:66:5a:a7:51:bf:c8:dc:92:27:6a:e5:",
  "         d4:59:60:70:6e:c2:2b:3d:e5:47:55:67:44:69:5f:0a:61:8a:",
  "         4a:03:43:70:67:61:ec:bc:00:e1:80:35:b1:2d:32:bb:ba:0a:",
  "         40:e3:b0:f4:c0:fe:fb:23:9d:c3:80:2a:df:23:9a:e5:81:ce:",
  "         ea:22:1e:15:78:7b:4e:ab:2c:cd:b9:5e:cd:1e:57:89:07:f6:",
  "         be:fd:a1:a0:e3:99:c5:0f:8f:1f:58:d2:e2:6f:e4:e6:1d:05:",
  "         d0:1a:98:6e:ba:b5:b7:6e:90:67:c8:85:33:cd:7a:34:31:f6:",
  "         e4:17:8f:cf:f4:3a:1b:48:95:56:5f:a0:da:31:23:9e:22:da:",
  "         c8:f1:b8:8e:06:c7:23:7b:34:cb:12:a2:ca:42:17:65:12:2c:",
  "         9b:a9:d9:6b:1e:e6:86:48:ed:41:4f:07:d8:6c:b5:2f:6d:da:",
  "         b7:7d:ee:7a:4e:6f:b4:b4:6b:da:dd:71:cd:6b:90:52:61:d8:",
  "         b6:8a:42:43:5c:29:75:fe:b8:e6:ec:73:80:35:66:72:32:e0:",
  "         3e:a3:c0:84:bb:71:7e:34:d5:df:b8:de:7d:30:cb:fb:c7:1b:",
  "         4d:60:0a:ca:d6:eb:cb:82:0b:5e:53:db:ad:4a:bc:8e:a3:f9:",
  "         b4:de:bb:72:78:8e:b2:ee:75:14:33:08:bf:f4:8d:ab:19:2c:",
  "         f9:a8:cf:1b:e0:79:05:e8:55:da:35:1b:c3:fe:c8:b6:ec:3a:",
  "         37:e8:13:2b:15:90:c5:83:11:ae:38:a2:18:26:fb:50:8a:1c:",
  "         2b:c4:83:54:10:8a:35:05:f9:18:f7:13:e3:a6:13:1d:10:b4:",
  "         ff:27:77:a8:f9:6e:81:f9:1d:d9:c5:b5:3f:78:82:ad:71:6f:",
  "         82:74:89:76:ef:5e:91:8a:f7:fa:b4:ef:7f:a1:20:2f:15:bf:",
  "         27:8a:85:1d:ae:f3:10:26:45:d1:fa:be:e6:69:94:e6:4d:3b:",
  "         5c:53:76:32:8f:11:73:5b:2b:a4:82:45:74:4f:38:29:67:49:",
  "         f6:d2:6a:55:0f:c9:96:42:63:cb:75:3f:cf:93:60:26:96:76:",
  "         59:10:d2:9d:3c:5a:39:3a:50:44:f3:e7:54:15:9b:9c:e2:e8:",
  "         9e:ee:56:79:96:d6:e4:e8",
  "\"}}"
]

Connection object

Connection object has only one endpoint.

GET /connection

Get information about the current connection status.

HTTP request for this endpoint is shown below.

GET /api/v1/connection HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$ curl -s http://127.0.0.1:5500/api/v1/connection | jq
{
  "result": {
    "304": {
      "keepalive_timestamp": "Fri, 23 Aug 2019 22:29:21 GMT",
      "local_conn": 304,
      "local_port": 1,
      "nonce_timestamp": "Fri, 23 Aug 2019 22:29:19 GMT",
      "remote_address": "fd3210d7b78fea9d20c9c41f59347aed",
      "remote_conn": 258,
      "remote_mac": "16c2b80359c1",
      "remote_node_role": "processor",
      "remote_port": 32,
      "remote_portname": "ib_0a000206",
      "status": "active"
    }
  }
}

Iface object

Iface object has three endpoints.

Control interface

GET /iface/ctl_iface

Get information about the current control interface status.

HTTP request for this endpoint is shown below.

GET /api/v1/iface/ctl_iface HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$ curl -s http://127.0.0.1:5500/api/v1/iface/ctl_iface | jq -R 'split("\\n")'
[
  "{\"result\":{\"ctl_iface\":\"",
  "",
  "203: ib-ctl0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel
  state DOWN group default qlen 1000",
  "    link/ether 06:55:44:13:ff:35 brd ff:ff:ff:ff:ff:ff",
  "    RX: bytes  packets  errors  dropped overrun mcast   ",
  "    0          0        0       0       0       0       ",
  "    TX: bytes  packets  errors  dropped carrier collsns ",
  "    0          0        0       0       0       0\"}}"
]

Mirror interface

GET /iface/mirror_iface

Get information about the current mirror interface status.

Note: The Rx bytes and packets counters will show non-zero values only if you have the port mirroring enabled in the specification of at least one contract role whose service endpoint(s) present on the node.

HTTP request for this endpoint is shown below.

GET /api/v1/iface/mirror_iface HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$ curl -s http://127.0.0.1:5500/api/v1/iface/mirror_iface | jq -R 'split("\\n")'
[
  "{\"result\":{\"mirror_iface\":\"",
  "",
  "204: ib-mon0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state
  UNKNOWN group default qlen 1000",
  "    link/ether 06:72:48:6c:8f:6d brd ff:ff:ff:ff:ff:ff",
  "    inet6 fe80::472:48ff:fe6c:8f6d/64 scope link ",
  "       valid_lft forever preferred_lft forever",
  "    RX: bytes  packets  errors  dropped overrun mcast   ",
  "    0          0        0       0       0       0       ",
  "    TX: bytes  packets  errors  dropped carrier collsns ",
  "    12460      178      0       0       0       0\"}}"
]

Network interface

GET /iface/net_iface

Get information about the current network interface status.

HTTP request for this endpoint is shown below.

GET /api/v1/iface/net_iface HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$ curl -s http://127.0.0.1:5500/api/v1/iface/net_iface | jq -R 'split("\\n")'
[
  "{\"result\":{\"net_iface\":\"",
  "",
  "207: ib-fab0@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc
  fq_codel state UNKNOWN group default qlen 1000",
  "    link/ether 96:9e:eb:10:c7:31 brd ff:ff:ff:ff:ff:ff",
  "    inet 192.168.250.1/30 scope global ib-fab0",
  "       valid_lft forever preferred_lft forever",
  "    RX: bytes  packets  errors  dropped overrun mcast   ",
  "    439537314  2251739  0       0       0       0       ",
  "    TX: bytes  packets  errors  dropped carrier collsns ",
  "    325448824  2091568  0       0       0       0\"}}"
]

Network endpoint object

Network endpoint object has multiple endpoints.

Network endpoint status

GET /network_endpoint

Get information about the current network endpoint status.

HTTP request for this endpoint is shown below.

GET /api/v1/network_endpoint HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/network_endpoint | jq
{
  "result": [
    {
      "cga": "fd32:10d7:b78f:7699:242e:1b2e:0e61:d882",
      "cga_params": {
        "ccount": 0,
        "ext": "",
        "modifier": 2.850508822951617e+38,
        "prefix": "fd32:10d7:b78f:7699::"
      },
      "ip": "192.168.250.1",
      "mac": "96:9e:eb:10:c7:31",
      "name": "azr1-w01-texas2270",
      "ne_id": 1554,
      "ne_instance": "azr1-w01-texas2270"
    }
  ]
}

Create network endpoint

PUT /network_endpoint/{ne_instance}

Create network endpoint. API is used by CNI plugin.

HTTP request for this endpoint is shown below.

PUT /api/v1/network_endpoint/instance123 HTTP/1.1
Host: 127.0.0.1:5500

Additional parameters must be sent in the request body in JSON format as shown in the example below.

{
   "name":"nginx-deployment-77f588df6b-jck2q",
   "ip_address":"10.10.110.82",
   "mac":"6a:49:c9:11:4c:60",
   "tokens":[
     "2646f16e-0dec-4577-9e43-076b7be1b0ab:ac6edaac2f926a8fa25c84605ca6b9e9"
   ]
}

Delete network endpoint

DELETE /network_endpoint/{ne_instance}

Delete network endpoint. API is used by CNI plugin.
DELETE /api/v1/network_endpoint/instance123 HTTP/1.1
Host: 127.0.0.1:5500

Service object

Service object has multiple endpoints.

Available local service endpoints

GET /service/available

Get information about the available local service endpoints.

HTTP request for this endpoint is shown below.

GET /api/v1/service/available HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/available | jq
{
  "azr1-w01-texas2270": {
    "ne_cfg_hash": "0612947c582c4cf105ac3428c3f5b613a4a5",
    "services": [
      {
        "contract": "weather-api",
        "contract_id": 3221325477,
        "contract_role": "Responder",
        "domain": "getaway-app",
        "endpoint_rules": [
          {
            "protocol": "icmp"
          },
          {
            "ports": [
              8080,
              5201
            ],
            "protocol": "tcp"
          }
        ],
        "is_multicast": false,
        "port_mirror_enabled": false,
        "propagation_interval": 5,
        "remote_endpoint_rules": [
          {
            "protocol": "icmp"
          },
          {
            "protocol": "tcp"
          }
        ],
        "role_index": 1,
        "se_cfg_hash": "46eeb901fb5ad0a0027f4c2b9d351b85",
        "service_rdn": "responder.weather-api.getaway-app",
        "stat_enabled": false
      }
    ],
    "success": true,
    "type": "serviceResponse"
  }
}

Registered local service endpoints

GET /service/registered

Get information about the registered local service endpoints.

HTTP request for this endpoint is shown below.

GET /api/v1/service/registered HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/registered | jq
{
  "azr1-w01-texas2270": [
    {
      "contract": "weather-api",
      "contract_role": "Responder",
      "domain": "getaway-app",
      "filtration": {
        "bpf_maps": {
          "MAP_F_IN_PORT": [
            {
              "key": "612a8633-5114-06",
              "val": "00"
            },
            {
              "key": "612a8633-901f-06",
              "val": "00"
            }
          ],
          "MAP_F_IN_PROTO": [
            {
              "key": "612a8633-3a",
              "val": "00"
            }
          ],
          "MAP_F_OUT_PROTO": [
            {
              "key": "612a8633-06",
              "val": "00"
            },
            {
              "key": "612a8633-01",
              "val": "00"
            }
          ],
          "MAP_IN_UNI_SE": [
            {
              "key": "242e1b2e0e61d882-c00186a5",
              "val": "612a8633-b0-c0a8fa01000000000000000000000000-969eeb10c731"
            }
          ],
          "MAP_OUT_V4_SE": [
            {
              "key": "c0a8fa01-400186a5",
              "val": "612a8633-a0-fd3210d7b78f7699242e1b2e0e61d882-0a8633"
            }
          ]
        },
        "endpoint_rules": {
          "egress": [
            {
              "protocol": "icmp"
            },
            {
              "protocol": "tcp"
            }
          ],
          "ingress": [
            {
              "protocol": "icmp"
            },
            {
              "ports": [
                8080,
                5201
              ],
              "protocol": "tcp"
            }
          ]
        }
      },
      "flow_label": 689715,
      "flow_label_hex": "0xa8633",
      "group_id": 3221325477,
      "group_id_hex": "0xc00186a5",
      "role_index": 1,
      "service_resolve": "responder.weather-api.getaway-app"
    }
  ]
}

Remote service endpoints

GET /service/remote

Get information about the current remote service endpoints.

HTTP request for this endpoint is shown below.

GET /api/v1/service/remote HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/remote | jq
{
  "remote_service_endpoints": [
    {
      "bpf_maps": {
        "MAP_IN_UNI": [
          {
            "key": "fd3210d7b78fdb9530e6ae3ff3e72973-069e86",
            "val": "c00186a5-c0a8fa07-00000000000000000000000000000000"
          }
        ],
        "MAP_OUT_V4_DST": [
          {
            "key": "c0a8fa07",
            "val": "400186a5-fd3210d7b78fdb9530e6ae3ff3e72973-16c2b80359c1"
          }
        ]
      },
      "hop_limit": 253,
      "last_update": "2019-08-23 22:40:15.516714 GMT",
      "local_group_id": 3221325477,
      "remote_cga": "fd32:10d7:b78f:db95:30e6:ae3f:f3e7:2973",
      "remote_flow_label": 433798,
      "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
      "unicast_ip": "192.168.250.7"
    }
  ]
}

Fetch all resolver database records

GET /service/resolver

Get all records from the resolver database.

HTTP request for this endpoint is shown below.

GET /api/v1/service/resolver HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/resolver | jq
{
  "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  },
  "aws2.originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  },
  "originator.weather-api.getaway-app.ib.loc": {
    "hop_limit": 253,
    "last_update": "2019-08-23 22:42:48.665033 GMT",
    "service_domain_name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
    "unicast_ip": "192.168.250.7"
  }
}

Resolve name into IP address

GET /service/resolver/{service_RDN}.{local_domain}

Get IP address for the specified DNS name. API is used by the policy agent resolver.

HTTP request for this endpoint is shown below.

GET /api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc | jq
{
  "host": "192.168.250.7",
  "success": true
}

Service endpoint statistics

GET /service/stat

Get the current service endpoint statistics.

Note: To see statistics on a particular service endpoint you need to enable it in the specification of the contract role associated with the endpoint.

HTTP request for this endpoint is shown below.

GET /api/v1/service/stat HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

{
   "stat": [
       {
           "name": "aws2-w02-texas2270.aws2.originator.weather-api.getaway-app",
           "bytes_in": 2300,
           "bytes_out": 1200,
           "pkts_in": 98,
           "pkts_out": 123,
           "drops_in": 0,
           "drops_out": 8
       }
   ]
}

eBPF Maps

GET /service/ebpfmaps

Get content of the eBPF maps.

HTTP request for this endpoint is shown below.

GET /api/v1/service/ebpfmaps HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$  curl -s http://127.0.0.1:5500/api/v1/service/ebpfmaps | jq
{
  "MAP_CONFIG": [
    {
      "key": "01",
      "val": "fd3210d7b78f7699"
    },
    {
      "key": "06",
      "val": "cc00000000000000"
    },
    {
      "key": "05",
      "val": "969eeb10c7310000"
    },
    {
      "key": "07",
      "val": "38f122bb7af79677"
    },
    {
      "key": "02",
      "val": "cb00000000000000"
    },
    {
      "key": "04",
      "val": "cf00000000000000"
    },
    {
      "key": "03",
      "val": "06554413ff350000"
    }
  ],
  "MAP_F_IN_PORT": [
    {
      "key": "612a8633-5114-06",
      "val": "00"
    },
    {
      "key": "612a8633-901f-06",
      "val": "00"
    }
  ],
  "MAP_F_IN_PROTO": [
    {
      "key": "612a8633-3a",
      "val": "00"
    }
  ],
  "MAP_F_OUT_PORT": [],
  "MAP_F_OUT_PROTO": [
    {
      "key": "612a8633-01",
      "val": "00"
    },
    {
      "key": "612a8633-06",
      "val": "00"
    }
  ],
  "MAP_IN_SSM": [],
  "MAP_IN_SSM_SE": [],
  "MAP_IN_SSM_T1": [],
  "MAP_IN_UNI": [
    {
      "key": "fd3210d7b78fdb9530e6ae3ff3e72973-069e86",
      "val": "c00186a5-c0a8fa07-00000000000000000000000000000000"
    }
  ],
  "MAP_IN_UNI_SE": [
    {
      "key": "242e1b2e0e61d882-c00186a5",
      "val": "612a8633-b0-c0a8fa01000000000000000000000000-969eeb10c731"
    }
  ],
  "MAP_OUT_V4_DST": [
    {
      "key": "c0a8fa07",
      "val": "400186a5-fd3210d7b78fdb9530e6ae3ff3e72973-16c2b80359c1"
    }
  ],
  "MAP_OUT_V4_SE": [
    {
      "key": "c0a8fa01-400186a5",
      "val": "612a8633-a0-fd3210d7b78f7699242e1b2e0e61d882-0a8633"
    }
  ],
  "MAP_OUT_V6_DST": [],
  "MAP_OUT_V6_SE": []
}

Status object

Status object has only one endpoint.

GET /status

Get information about the current policy agent status.

HTTP request for this endpoint is shown below.

GET /api/v1/status HTTP/1.1
Host: 127.0.0.1:5500

Here is an example of the REST API request and response:

]$ curl -s http://127.0.0.1:5500/api/v1/status | jq
{
  "controller": "controller-texas2270.texasinc.poc.bayware.io",
  "host_id": "fd3210d7b78f769938f122bb7af79677",
  "hostname": "azr1-w01-texas2270",
  "local_domain": "ib.loc",
  "location": "azr1",
  "ready": true,
  "registered": true,
  "version": "1.2.0"
}

Quick Reference

GET /cert

http://127.0.0.1:5500/api/v1/certificate

Get the certificate.

GET /connection

http://127.0.0.1:5500/api/v1/connection

Get information about the current connection status.

GET /iface/ctl_iface

http://127.0.0.1:5500/api/v1/iface/ctl_iface

Get information about the current control interface status.

GET /iface/mirror_iface

http://127.0.0.1:5500/api/v1/iface/mirror_iface

Get information about the current mirror interface status.

GET /iface/net_iface

http://127.0.0.1:5500/api/v1/iface/net_iface

Get information about the current network interface status.

GET /network_endpoint

http://127.0.0.1:5500/api/v1/network_endpoint

Get information about the current network endpoint status.

PUT /network_endpoint/{ne_instance}

http://127.0.0.1:5500/api/v1/network_endpoint/instance123

Create network endpoint.

DELETE /network_endpoint/{ne_instance}

http://127.0.0.1:5500/api/v1/network_endpoint/instance123

Delete network endpoint.

GET /service/available

http://127.0.0.1:5500/api/v1/service/available

Get information about the available local service endpoints.

GET /service/registered

http://127.0.0.1:5500/api/v1/service/registered

Get information about the registered local service endpoints.

GET /service/remote

http://127.0.0.1:5500/api/v1/service/remote

Get information about the current remote service endpoints.

GET /service/resolver

http://127.0.0.1:5500/api/v1/service/resolver

Get all records from the resolver database.

GET /service/resolver/{service_RDN}.{local_domain}

http://127.0.0.1:5500/api/v1/service/resolver/originator.weather-api.getaway-app.ib.loc

Get IP address for the specified DNS name.

GET /service/stat

http://127.0.0.1:5500/api/v1/service/stat

Get the current service endpoint statistics.

GET /service/ebpfmaps

http://127.0.0.1:5500/api/v1/service/ebpfmaps

Get content of the eBPF maps.

GET /status

http://127.0.0.1:5500/api/v1/status

Get information about the current policy agent status.