Restful Access to BIG-IP Subtables

Surely by now you have tasted the goodness that is tables.  No?  Stop now and go read up on the table command.  No, really, right now!  I’ll wait…

OK, now that you are a tables expert, it’s clear to you that this is very powerful, but as I’m sure you read in the fine print, there’s no way to get to the table data outside of tmm.  That means no shell access, no icontrol access, no nada.  But, as is often the case, iRules to the rescue! 

 

The REST interface

REST came about as a lightweight response to the heavyweight champ SOAP standard for web services.  With REST, the HTTP methods are used as an API.  I’ll use two approaches here.  The first is a cheat of sorts.  It’s pretty common for developers to put the parameters in the URI instead of using PUT and DELETE, so I’ll show that first.  With the second approach, I’ll use the normal REST methods (GET/POST/PUT/DELETE) to determine the operation.  The table below (no pun intended) shows the actions the iRule will take given the request.

The response to either approach should be formatted in xml, but I’ll leave that exercise to you.

Common Logic

As shown in the table above, for approach one, every request will be a get, so I need an action keyword to tell the iRule what table operation to use.  The actions are lookup, add, replace, & delete.  For the second approach, the HTTP method is used as the operator, so I only need to supply the table information.  I built a class to control which tables could be accessed and manipulated, but one should probably put more controls (source IP’s allowed, maybe some authentication) around it as well.  Finally, I’m using indefinite on the timeout and lifetime just so I don’t have to worry about my k/v pairs disappearing during testing.  This might not be desirable in a production environment as indefinite times X connections/second could lead to a very large and perhaps catastrophic memory footprint.

Approach 1

   1: # class p_subtables {
   2: #   "foo"
   3: #   "bar"
   4: # }
   5:  
   6: when HTTP_REQUEST {
   7:     
   8:   set full_uri [split [URI::path [HTTP::uri]] "/"]
   9:     
  10:   if { [class match [lindex $full_uri 1] equals p_subtables] } {
  11:         
  12:     switch [llength $full_uri] {
  13:       4 { scan [lrange $full_uri 1 end-1] %s%s tname action }
  14:       5 { scan [lrange $full_uri 1 end-1] %s%s%s tname action key }
  15:       6 { scan [lrange $full_uri 1 end-1] %s%s%s%s tname action key val }
  16:       default { HTTP::respond 200 content "<HTML><BODY>ERROR</BODY></HTML>" }
  17:     }
  18:     switch $action {
  19:       "lookup" {
  20:         if { [info exists tname] && [info exists key] } {
  21:           set kvpair [table lookup -notouch -subtable $tname $key]
  22:         } elseif { [info exists tname] } {
  23:             foreach tkey [table keys -subtable $tname] {
  24:               lappend kvpair "$tkey:[table lookup -notouch -subtable $tname $tkey]"
  25:             }
  26:         } else { HTTP::respond 200 content "<HTML><BODY>Table and/or Key information invalid</BODY></HTML>" }
  27:         HTTP::respond 200 content "<HTML><BODY>$kvpair</BODY></HTML>"
  28:       }
  29:       "add" { 
  30:         if { [info exists tname] && [info exists key] && [info exists val] } {
  31:           table add -subtable $tname $key $val indefinite indefinite
  32:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  33:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  34:       }
  35:       "replace" {
  36:         if { [info exists tname] && [info exists key] && [info exists val] } {
  37:           table replace -subtable $tname $key $val indefinite indefinite
  38:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  39:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  40:       }
  41:       "delete" {
  42:         if { [info exists tname] && [info exists key] } {
  43:           table delete -subtable $tname $key
  44:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  45:         } else { HTTP::respond 200 content "<HTML><BODY>Error! Must supply /table/key/</BODY></HTML>" }
  46:       }
  47:       default { HTTP::respond 200 content "<HTML><BODY>Not a valid method for this interface</BODY></HTML>" } 
  48:     }
  49:   } else { HTTP::respond 200 content "<HTML><BODY>Not Permitted</BODY></HTML>" }
  50: }

Approach 2

   1: # class p_subtables {
   2: #   "foo"
   3: #   "bar"
   4: # }
   5:  
   6: when HTTP_REQUEST {
   7:  
   8:   set full_uri [split [URI::path [HTTP::uri]] "/"]
   9:     
  10:   if { [class match [lindex $full_uri 1] equals p_subtables] } {
  11:         
  12:     switch [llength $full_uri] {
  13:       3 { set tname [lindex $full_uri 1] }
  14:       4 { scan [lrange $full_uri 1 end-1] %s%s tname key }
  15:       5 { scan [lrange $full_uri 1 end-1] %s%s%s tname key val }
  16:       default {    HTTP::respond 200 content "<HTML><BODY>ERROR</BODY></HTML>" }
  17:     }        
  18:     switch [HTTP::method] {
  19:       "GET" {
  20:         if { [info exists tname] && [info exists key] } {
  21:           set kvpair [table lookup -notouch -subtable $tname $key]
  22:         } elseif { [info exists tname] } {
  23:             foreach tkey [table keys -subtable $tname] {
  24:               lappend kvpair "$tkey:[table lookup -notouch -subtable $tname $tkey]"
  25:             }
  26:         } else { HTTP::respond 200 content "<HTML><BODY>Table and/or Key information invalid</BODY></HTML>" }
  27:         HTTP::respond 200 content "<HTML><BODY>$kvpair</BODY></HTML>"
  28:       }
  29:       "POST" {
  30:         if { [info exists tname] && [info exists key] && [info exists val] } {
  31:           table add -subtable $tname $key $val indefinite indefinite
  32:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  33:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  34:       }
  35:       "PUT" {
  36:         if { [info exists tname] && [info exists key] && [info exists val] } {
  37:           table replace -subtable $tname $key $val indefinite indefinite
  38:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  39:         } else { HTTP::respond 200 content "<HTML><BODY>Error!  Must supply /table/key/value/</BODY></HTML>" }
  40:       }
  41:       "DELETE" {
  42:         if { [info exists tname] && [info exists key] } {
  43:           table delete -subtable $tname $key
  44:           HTTP::respond 200 content "<HTML><BODY>SUCCESS</BODY></HTML>"
  45:         } else { HTTP::respond 200 content "<HTML><BODY>Error! Must supply /table/key/</BODY></HTML>" }
  46:       }
  47:       default { HTTP::respond 200 content "<HTML><BODY>Not a valid method for this interface</BODY></HTML>" }
  48:     }
  49:   } else { HTTP::respond 200 content "<HTML><BODY>Not Permitted</BODY></HTML>" }
  50: }

The Test

You can use a browser for the first approach as everything is a get method.  For the second method, cURL is great for the ease of method allocation.  I tested both approaches with cURL, results are below.

Approach 1

jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/add/client1/jasonrahm/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/add/client2/colinwalker/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/
<HTML><BODY>client1:jasonrahm client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/client1/
<HTML><BODY>jasonrahm</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/replace/client1/jeffbrowning/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/client1/
<HTML><BODY>jeffbrowning</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/delete/client2/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl http://10.10.20.50/foo/lookup/
<HTML><BODY>client1:jeffbrowning</BODY></HTML>

Approach 2

jrahm@jrahm-dev:~$ curl -X POST http://10.10.20.50/foo/client1/jasonrahm/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X POST http://10.10.20.50/foo/client2/colinwalker/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:jasonrahm client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X PUT http://10.10.20.50/foo/client1/joepruitt/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:joepruitt client2:colinwalker</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X DELETE http://10.10.20.50/foo/client2/
<HTML><BODY>SUCCESS</BODY></HTML>
jrahm@jrahm-dev:~$ curl -X GET http://10.10.20.50/foo/
<HTML><BODY>client1:joepruitt</BODY></HTML>

Impressive, no?  Much thanks to the genius that is Matt Cauthorn, who seeded the idea internally.  So, now that you have access, what will you do with such power?  I have several use cases I could share, but I'll wait to update until the mindshare flows in.  Comment away!

Published Aug 11, 2010
Version 1.0
  • Thats a lot of code when this will do...

     

     

    when HTTP_REQUEST {

     

    set page_header "Table data"

     

    set page_footer ""

     

    switch -regex [HTTP::URI] {

     

    "^/keys" {

     

     

    default {

     

     

    table [getfield [HTTP::URI] "/" 2] -subtable [getfield [HTTP::URI] "/" 3] [getfield [HTTP::URI] "/" 4] [getfield [HTTP::URI] "/" 5]

     

    }

     

     

    http://127.0.0.1/add/mytable/hello/there

     

    http://127.0.0.1/delete/mytable/hello/there

     

    http://127.0.0.1/delete/mytable/hello/-all