1 Mocks
2 Terminology
3 Architecture
4 APIs
- 4.1 List all Packages
- 4.2 Get Package Archive
- 4.3 Get Package Archive Signature
- 4.4 Get Package Spec
- 4.5 Get Package Spec Signature
- 4.6 Get Package Icon
- 4.7 Get Package License
5 Security
6 Package Spec
- 6.1 Action Spec
  - 6.1.1 create_artifact
  - 6.1.2 create_app
  - 6.1.3 create_stream
  - 6.1.4 create_dataset
  - 6.1.5 load_datapack
  - 6.1.6 install_package
- 6.2 Failures
7 Hosting a Custom Marketplace
8 Example Use Cases

Mocks

These mocks (not final) give an idea of the flow users will go through in order to install a package from the Cask Market.

The user clicks the '+' button, then selects a 'category' from the left sidebar to list 'packages' that can be installed.

When the user chooses a package to install, more information is displayed, including one or more steps involved in installing the package. Each step is a wizard for creating some CDAP entity.

Terminology

package - A collection of entities (artifacts, applications, datasets, streams) to add to CDAP. A package is identified by a name and version, and can be tagged with one or more categories. A package consists of an archive of resources (tarball) and a package spec.

package spec - A json file containing a list of actions to perform against CDAP. For example, a spec for the Purchase History example will include an action to add the Purchase History artifact, then an action to create an application from that artifact.

package archive - A zip containing any resources needed to perform the actions in the package spec. For example, if the spec contains an action to add an artifact, the archive must contain the jar file to add.

category - A package can be tagged with one or more categories. A category corresponds to one of the tabs on the left bar of the mocks.

Architecture

There will be a set of marketplace APIs that the UI will use to get categories and packages. In the first version of the market, the APIs will simply be static content served from S3. This essentially amounts to placing packages in a pre-determined directory structure, and generating a file that lists all packages in the repository.

There will be an internal process to push the entire market repository to S3. If a user wishes to host their own marketplace, they can do so by sticking a server (apache httpd for example) on top of a local directory structure.

APIs

The APIs are simply a contract about the directory structure of the marketplace. All APIs are relative to a base path. For example, cask.co/marketplace/v1. The structure is expected to be:

GET
<base>/v1/packages.json
<base>/v1/packages/<package-name>/<version>/icon.png
<base>/v1/packages/<package-name>/<version>/license.txt
<base>/v1/packages/<package-name>/<version>/spec.json
<base>/v1/packages/<package-name>/<version>/spec.json.asc
<base>/v1/packages/<package-name>/<version>/archive.zip
<base>/v1/packages/<package-name>/<version>/archive.zip.asc

The packages.json and signature files could be generated from all the package spec.json files using a tool.

List all Packages

GET /v1/<cdap-version>/packages.json
ex: GET /v1/packages.json
[
  {
    "name": "PurchaseExample",
    "label": "Purchase History",
    "description": "Example Application demonstrating usage of flows, workflows, mapreduce, and services.",
    "author": "Cask",
    "org": "Cask Data Inc.",
    "version": "4.0.1",
    "categories": [ "examples" ],
    "cdapVersion": "[4.0.0,4.1.0)
  },
  {
    "name": "HelloWorld",
    "label": "Hello World",
    "description": "Simple application demonstrating usage of flows and services.",
    "author": "Cask",
    "org": "Cask Data Inc.",
    "version": "4.0.0",
    "categories": [ "examples" ],
    "cdapVersion": "[4.0.0,4.1.0)"
  },
  ...
]

This list is not expected to change often. It can be cached by the UI if needed. The 'cdapVersion' specifies which versions of cdap the package is compatible with. If none is given, it is compatible with all versions.

This leaves grouping by category up to the UI. If needed, we could perhaps add packages-<category>.json files that only list the packages in a specific category.

This also leaves display of multiple versions of the same package up to the UI. Though it seems like most of the time we would only have one version of the package per cdap version so maybe it's not a big problem.

This also leaves filtering of packages incompatible with the cdap instance up to the UI.

Get Package Archive

GET /v1/packages/<package-name>/<version>/archive.zip
ex: GET /v1/packages/PurchaseExample/4.0.1/archive.zip
[ binary archive contents]

Get Package Archive Signature

GET /v1/packages/<package-name>/<version>/archive.zip.asc
ex: GET /v1/packages/PurchaseExample/4.0.1/archive.zip.asc
[ archive signature ]

Get Package Spec

GET /v1/packages/<package-name>/<version>/spec.json
ex: GET /v1/packages/PurchaseExample/4.0.0/spec.json
{
  "specVersion": "1.0",
  "name": "PurchaseExample",
  "label": "Purchase History",
  "description": "Example Application demonstrating usage of flows, workflows, mapreduce, and services.",
  "author": "Cask",
  "org": "Cask Data Inc.",
  "version": "4.0.0",
  "created": 1234567899,
  "cdapVersion": "[4.0.0,4.1.0)",
  "changelog": "fixed a small parsing bug",
  "categories": [ "examples" ],
  "actions": [
    {
      "type": "create_artifact",
      "arguments": [
        {
          "name": "name",
          "value": "PurchaseHistoryExample"
        },
        {
          "name": "version",
          "value": "4.0.1"
        },
        {
          "name": "scope",
          "value": "user"
        },
        {
          "name": "jar",
          "value": "PurchaseHistoryExample-4.0.1.jar"
        }
      ]
    },
    {
      "type": "create_app",
      "arguments": [
        {
          "name": "name",
          "default": "PurchaseHistory"
        }
      ]
    }
  ]
}

Get Package Spec Signature

GET /v1/packages/<package-name>/<version>/spec.asc
ex: GET /v1/packages/PurchaseExample/4.0.0/spec.asc
[ spec signature ]

Get Package Icon

GET /v1/packages/<package-name>/<version>/icon.png
ex: GET /v1/packages/PurchaseExample/4.0.0/icon.png
[ icon bytes ]

Get Package License

GET /v1/packages/<package-name>/<version>/license.txt
ex: GET /v1/packages/PurchaseExample/4.0.0/license.txt
Copyright © 2014-2016 Cask Data, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
...

Security

Since people will be able to download code from the marketplace, it is especially important that there is protection against malicious code. We can make use of PGP in order to sign both the package archive and the package spec that are downloadable from the marketplace. The Market UI will have to be configured to use a GPG key (for the public CDAP marketplace, we could re-use the GPG key used for CDAP rpms and debians or create another one). It can then use that public key along with the signature APIs to verify that the spec and archive were signed by the owner of the package. There will also be a setting that lets people turn off signature checking in case its not needed for internally hosted repositories.

Package Spec

The package spec contains some metadata about the spec itself, and a list of steps to perform on the CDAP instance. It is a JSON file of the following structure:

{
  "specVersion": "1.0"
  "name": "<name>",
  "version": "<version>",
  "label": "<label>",
  "description": "<description>",
  "org": "<org>",
  "categories": [ <categories> ],
  "cdapVersion": "<compatible-versions>",
  "changelog": "<changes>",
  "actions": [
    actionspec1,
    actionspec2,
    ...
  ]
}

The actions in the spec will correspond to steps in the UI wizard for installing the package.

Action Spec

Each action will contain a type, a list of arguments, and dependencies. Each type of action will require different arguments. In the first version, the following types will be supported: create_artifact, create_app, create_stream, create_dataset.

{
  "type": "create_artifact" | "create_app" | "create_stream" | "create_dataset" | "load_datapack" | "install_package"
  "arguments": [
    {
      "name": [argument name],
      "value": [argument value],
      "canModify": true | false (defaults to false)
    }
  ]
}

Some arguments can be modified by users in the resulting wizard. For example, the name of an application may be a field that the user should be able to edit.

create_artifact

Results in a call to http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/artifact.html#add-an-artifact

name	description	required?	default

name	description	required?	default
name	artifact name	yes
jar	name of jar file in package archive	no (if using externalArchive)
externalJar	link to download 3rd party jar	no	none
externalArchive	link to download 3rd party archive	no	none
externalArchiveSignature	link to get 3rd party archive signature	no	none
externalArchiveJar	path of the jar file in the external archive	no	none
scope	artifact scope (implies API to add system artifacts is added in 4.0)	no	user
version	artifact version to pass as Artifact-Version header	no	none
config	config file contains artifact parents, plugins, and properties	no	none

create_app

Results in a call to http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/lifecycle.html#create-an-application

name	description	required?	default

name	description	required?	default
name	app name	yes
artifact	scope, name, version of the artifact to create the app with	yes
config	app config (file in the package archive)	no	empty

create_stream

Results in a call to http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/stream.html#creating-a-stream

Depending on the arguments, subsequent calls to http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/stream.html#getting-and-setting-stream-properties (to set format, schema, ttl)

and http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/stream.html#sending-events-to-a-stream-in-batch (load data into a stream) may be made.

name	description	required?	default

name	description	required?	default
name	stream name	yes
description	stream description, results in call to set stream properties	no	empty
format	stream format as json object, results in call to set stream properties	no	empty
schema	stream schema, results in call to set stream properties	no	empty
ttl	stream ttl, results in call to set stream properties	no	empty
notification.threshold.mb	mb threshold for sending notifications, results in call to set stream properties	no	empty

create_dataset

Results in a call to http://docs.cdap.io/cdap/current/en/reference-manual/http-restful-api/dataset.html#creating-a-dataset

name	description	required?	default

name	description	required?	default
name	dataset name	yes
type	dataset type	yes
description	dataset description	no	empty
properties	json map of dataset properties	no	empty

load_datapack

Loads a datapack into some dataset or stream.

name	description	required?	default

name	description	required?	default
name	dataset/stream name	yes
files	files to load into the dataset/stream	yes

install_package

Installs another package from the marketplace.

name	description	required?	default

name	description	required?	default
name	package name	yes
version	package version	yes

Failures

Since a package spec can contain multiple actions, what happens if some actions succeed and then one action fails? We will not attempt rollback or anything like that. Instead, all the wizards that execute the actions must be idempotent. For example, if told to add an artifact and the artifact already exists, the step can simply be skipped.

Hosting a Custom Marketplace

To host a custom marketplace, users can run an apache httpd server on top of a local directory structure. To make this easier, we could create a github repository of all the public packages hosted by Cask. The repository will follow the directory structure documented here, and have a script at the top level that builds the zip, signs the zips and specs, and generates the packages.json file.

Example Use Cases

Scenario 1: Add a draft of a SFDC Lead Dump Hydrator pipeline

When the user clicks on the '+' button, the UI makes a call to get all the packages it can install:

GET /v1/packages.json
[
  ...,
  {
    "name": "sfdc-lead-dump",
    "label": "SFDC Lead Dump",
    "description": "Reads SFDC data from a CDAP Stream, filters invalid records, and dumps the data to a CDAP Table.",
    "author": "Cask",
    "org": "Cask Data Inc.",
    "version": "1.0.0",
    "categories": [ "hydrator-pipelines" ]
  },
  ...
]

Among that list is version 1.0.1 of the 'SFDC Lead Dump' package, which the user clicks on. The UI makes a call to get the license for that package:

GET /v1/packages/sfdc-lead-dump/1.0.0/license.txt
[ apache2 license ]

The user accepts the conditions, and the UI makes a call to get the spec for that package:

GET /v1/packages/sfdc-lead-dump/1.0.0/spec.json
{
  "name": "sfdc-lead-dump",
  "label": "SFDC Lead Dump",
  "description": "Reads SFDC data from a CDAP Stream, filters invalid records, and dumps the data to a CDAP Table.",
  "author": "Cask",
  "org": "Cask Data Inc.",
  "version": "1.0.1",
  "created": 1234567899,
  "changelog": "",
  "actions": [
    {
      "type": "create_artifact",
      "arguments": [
        {
          "name": "scope",
          "value": "user"
        },
        {
          "name": "name",
          "value": "sfdc-plugins"
        },
        {
          "name": "version",
          "value": "1.0.0"
        },
        {
          "name": "config",
          "value": "sfdc-plugins.json" // file in the archive
        },
        {
          "name": "jar",
          "value": "sfdc-plugins.jar" // file in the archive
        }
      ]
    },
    {
      "type": "create_app",
      "arguments": [
        {
          "name": "artifact",
          "value": {
            "scope": "system",
            "name": "cdap-data-pipeline",
            "version": "4.0.0"
          }
        },
        {
          "name": "name",
          "value": "SFDC Lead Dump",
          "canModify": true
        },
        {
          "name": "config",
          "value": "sfdc.json" // file in the archive
        }
      ]
    }
  ]
}

The UI also gets the spec signature to validate the spec:

GET /v1/packages/sfdc-lead-dump/1.0.1/spec.json.asc

The UI also fetches the package archive and signature. It validates the package, and unzips the archive to a local temporary directory so that it can use its resources to create the plugins artifact and create the hydrator draft

GET /v1/packages/sfdc-lead-dump/1.0.1/archive.zip
GET /v1/packages/sfdc-lead-dump/1.0.1/archive.zip.asc

Based on the package spec, the UI can setup the relevant wizards and make the relevant CDAP calls to first create the plugin artifact, and next create the Hydrator pipeline.

Scenario 7: Add MySQL jdbc driver as a Hydrator plugin.

When the user clicks on the '+' button, the UI makes a call to list all packages that can be added to CDAP:

GET /v1/packages.json
[
  ...,
  {
    "name": "mysql-jdbc-driver",
    "label": "MySQL JDBC Driver",
    "description": "JDBC Driver for MySQL databases.",
    "author": "MySQL",
    "org": "Oracle",
    "version": "5.1.39",
    "categories": [ "hydrator-plugins" ]
  },
  ...
]

Among the list is the MySQL JDBC Driver, which the user clicks on. The UI makes a call to get the license for that package:

GET /v1/packages/mysql-jdbc-driver/5.1.39/license.txt
[ gpl license ]