Sidecar
Sidecar is a tiny service that runs alongside your main application, acting as a proxy between the host and the Stigg API. The service provices low latency entitlement checks, handles caching and subscribes to real-time entitlements and usage data updates.
The benefits of deploying the Sidecar service:
- Less CPU consumption and memory footprint for the host application when compared to embedding the SDK directly
- Language neutral API defined in Protocol Buffers accessible over gRPC
- Support for in-memory cache or external cache (like Redis) for entitlements and usage data
- Scaled together with the main application, or independently if deployed as a standalone service
- Synergy with persistent-cache-service
Sidecar SDK
Read about sending requests to the Sidecar service in the Sidecar SDK page.
Overview
The sidecar service can be deployed together with the host application/service by utilizing the sidecar pattern - meaning each application has a sidecar container next to it which it can send requests to.
Alternatively it can be deployed as a standalone service which can be accessed remotely over an exposed port.
The service can be scaled horizontally to support a higher volume of requests, but keep in mind that if in-memory cache is used, there will be a higher ratio of cache misses. In case of a cache miss, the service will fetch the data over the network directly from API, and update the cache to serve future requests.
The sidecar is not intended to be exposed to the internet or to be accessed from a browser.
Sidecar service can be deployed in the same network namespace (or same K8 Pod), as the main application.
Once entitlement data is fetched from the Stigg API, it is persisted in the local or external cache.
Local cache invalidation is handled by the Sidecar service. If using an external cache, an instance of the persistent-cache-service must be deployed as well to handle cache updates, as illustrated below:
Running the service
Prerequisites
- Docker
- Redis instance, if a persistent cache is in use
Usage
Login to AWS ECR:
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/stigg
Run the service:
docker run -it -p 8443:8443 \
-e SERVER_API_KEY="<SERVER_API_KEY>" \
public.ecr.aws/stigg/sidecar:latest
Available options
| Environment Variable | Type | Default | Description |
|---|---|---|---|
| SERVER_API_KEY | String* | Environment Server API key | |
| API_URL | String | https://api.stigg.io | Stigg API address URL |
| EDGE_ENABLED | Boolean | TRUE | Enables Edge API |
| EDGE_API_URL | String | https://edge.api.stigg.io | Edge API URL |
| WS_ENABLED | Boolean | TRUE | Enables WebSockets API |
| WS_URL | String | wss://api.stigg.io | WebSockets API URL |
| REDIS_ENVIRONMENT_PREFIX | String | Identifier of the environment, used to prefix the keys in Redis. If provided, Redis will be as the cache layer. | |
| REDIS_HOST | String | localhost | Redis host |
| REDIS_PORT | Number | 6379 | Redis port |
| REDIS_DB | Number | 0 | Redis DB identifier |
| REDIS_USERNAME | String | Redis username | |
| REDIS_PASSWORD | String | Redis password | |
| REDIS_KEYS_TTL_IN_SECS | Number | 604,800 (7 days) | Time period for Redis to keep the data before eviction, in milliseconds |
| ENTITLEMENTS_FALLBACK | String | Fallback entitlements in a JSON string format | |
| PORT | Number | 8433 | Service port |
| CACHE_MAX_SIZE_BYTES | Number | 50% of total available memory size | Size of the in-memory cache |
| HEALTH_ENDPOINT_URL | String | livez | Health endpoint URL |
| READY_ENDPOINT_URL | String | readyz | Ready endpoint URL |
| LOG_LEVEL | String | warn | Log level, can one of: error | warn | info | debug |
*Required fields
Health
The service exposes two endpoints accessible via HTTP:
GET /livez
GET /livezReturns 200 if the service is alive.
Healthy response: {"status":"UP"}
GET /readyz
GET /readyzReturns 200 if the service is ready.
Healthy response: {"status":"UP"}
Usage with Sidecar SDK
To interact with a running Sidecar service, you can pass the remote sidecar host and post parameters:
import os
from stigg_sdk import Stigg, ApiConfig
stigg = Stigg(
ApiConfig(
api_key='<SERVER_API_KEY>',
),
# set remote sidecar host and port:
remote_sidecar_host='localhost',
remote_sidecar_port=8443
)
Once configured, the Sidecar SDK will not launch a sidecar service as a sub-process, and send requests to the remote address instead.
Persistent cache
In order for the cached data to survive service restarted, or shared across multiple instances of the Sidecar service, you can use Redis as the cache layer by providing the REDIS_* environment variables:
docker run -it -p 8443:8443 \
-e SERVER_API_KEY="<SERVER_API_KEY>" \
-e REDIS_ENVIRONMENT_PREFIX="production" \
-e REDIS_HOST="localhost" \
public.ecr.aws/stigg/sidecar:latest
To keep the cache up-to-date, you will also need to run a persistent cache service in a separate process.
Global fallback strategy
Global fallback strategy can be set by providing the Sidecar service with the ENTITLEMENTS_FALLBACK environment variable. It expects a value in a JSON object in a string format.
For example, the following global fallback configuration JSON structure:
{
'feature-01-templates': {
hasAccess: true,
usageLimit: 1000,
},
'feature-02-campaigns': {
hasAccess: true,
isUnlimited: true
}
}
Can be formatted using JSON.stringify and then set as value of ENTITLEMENTS_FALLBACK when running the container:
docker run -it -p 8443:8443 \
-e SERVER_API_KEY="<SERVER_API_KEY>" \
-e ENTITLEMENTS_FALLBACK='{"feature-01-templates":{"hasAccess":true,"usageLimit":1000},"feature-02-campaigns":{"hasAccess":true,"isUnlimited":true}}' \
public.ecr.aws/stigg/sidecar:latest
Sidecar API
Sidecar service expects to handle requests as described in the following Proto file:
syntax = "proto3";
package stigg.sidecar.v1;
import "google/protobuf/empty.proto";
import "google/protobuf/timestamp.proto";
enum AccessDeniedReason {
ACCESS_DENIED_REASON_UNSPECIFIED = 0;
ACCESS_DENIED_REASON_UNKNOWN = 1;
ACCESS_DENIED_REASON_CUSTOMER_IS_ARCHIVED = 2;
ACCESS_DENIED_REASON_CUSTOMER_NOT_FOUND = 3;
ACCESS_DENIED_REASON_CUSTOMER_RESOURCE_NOT_FOUND = 4;
ACCESS_DENIED_REASON_FEATURE_NOT_FOUND = 5;
ACCESS_DENIED_REASON_NO_ACTIVE_SUBSCRIPTION = 6;
ACCESS_DENIED_REASON_NO_FEATURE_ENTITLEMENT_IN_SUBSCRIPTION = 7;
ACCESS_DENIED_REASON_REQUESTED_USAGE_EXCEEDING_LIMIT = 8;
}
enum FeatureType {
FEATURE_TYPE_UNSPECIFIED = 0;
FEATURE_TYPE_BOOLEAN = 1;
FEATURE_TYPE_NUMBER = 2;
}
enum MeterType {
METER_TYPE_UNSPECIFIED = 0;
METER_TYPE_NONE = 1;
METER_TYPE_FLUCTUATING = 2;
METER_TYPE_INCREMENTAL = 3;
}
enum EntitlementResetPeriod {
ENTITLEMENT_RESET_PERIOD_UNSPECIFIED = 0;
ENTITLEMENT_RESET_PERIOD_DAY = 1;
ENTITLEMENT_RESET_PERIOD_HOUR = 2;
ENTITLEMENT_RESET_PERIOD_MONTH = 3;
ENTITLEMENT_RESET_PERIOD_WEEK = 4;
ENTITLEMENT_RESET_PERIOD_YEAR = 5;
}
enum UsageUpdateBehavior {
USAGE_UPDATE_BEHAVIOR_UNSPECIFIED = 0;
USAGE_UPDATE_BEHAVIOR_DELTA = 1;
USAGE_UPDATE_BEHAVIOR_SET = 2;
}
message EntitlementFeature {
string id = 1;
FeatureType feature_type = 2;
optional string units = 3;
optional string units_plural = 4;
MeterType meter_type = 5;
bool is_metered = 6;
}
message BooleanEntitlement {
optional EntitlementFeature feature = 4;
}
message NumericEntitlement {
optional EntitlementFeature feature = 4;
optional int32 value = 5;
bool is_unlimited = 6;
}
message MeteredEntitlement {
optional EntitlementFeature feature = 4;
optional double usage_limit = 5;
bool is_unlimited = 6;
double current_usage = 7;
optional EntitlementResetPeriod reset_period = 9;
optional google.protobuf.Timestamp next_reset_date = 10 [deprecated=true];
optional google.protobuf.Timestamp usage_period_anchor = 11;
optional google.protobuf.Timestamp usage_period_start = 12;
optional google.protobuf.Timestamp usage_period_end = 13;
}
message Entitlement {
oneof entitlement {
BooleanEntitlement boolean = 1;
NumericEntitlement numeric = 2;
MeteredEntitlement metered = 3;
}
}
message GetEntitlementsRequest {
string customer_id = 1;
optional string resource_id = 2;
}
message GetEntitlementsResponse {
repeated Entitlement entitlements = 1;
}
message BooleanEntitlementFallback {
bool has_access = 1;
}
message BooleanEntitlementOptions {
optional BooleanEntitlementFallback fallback = 1;
}
message GetBooleanEntitlementRequest {
string customer_id = 1;
string feature_id = 2;
optional string resource_id = 3;
optional BooleanEntitlementOptions options = 4;
}
message GetBooleanEntitlementResponse {
bool has_access = 1;
bool is_fallback = 2;
optional AccessDeniedReason access_denied_reason = 3;
BooleanEntitlement entitlement = 4;
}
message NumericEntitlementFallback {
bool has_access = 1;
optional int32 value = 2;
optional bool is_unlimited = 3;
}
message NumericEntitlementOptions {
optional NumericEntitlementFallback fallback = 1;
}
message GetNumericEntitlementRequest {
string customer_id = 1;
string feature_id = 2;
optional string resource_id = 3;
optional NumericEntitlementOptions options = 4;
}
message GetNumericEntitlementResponse {
bool has_access = 1;
bool is_fallback = 2;
optional AccessDeniedReason access_denied_reason = 3;
NumericEntitlement entitlement = 4;
}
message MeteredEntitlementFallback {
bool has_access = 1;
optional double usage_limit = 2;
optional bool is_unlimited = 3;
}
message MeteredEntitlementOptions {
optional double requested_usage = 1;
optional MeteredEntitlementFallback fallback = 2;
}
message GetMeteredEntitlementRequest {
string customer_id = 1;
string feature_id = 2;
optional string resource_id = 3;
optional MeteredEntitlementOptions options = 4;
}
message GetMeteredEntitlementResponse {
bool has_access = 1;
bool is_fallback = 2;
optional AccessDeniedReason access_denied_reason = 3;
double requested_usage = 4;
MeteredEntitlement entitlement = 5;
}
message RedisOptions {
string environment_prefix = 1;
optional string host = 2;
optional int32 port = 3;
optional int32 db = 4;
optional string username = 5;
optional string password = 6;
optional int32 ttl = 7;
}
message EntitlementFallback {
oneof fallback {
BooleanEntitlementFallback boolean = 1;
NumericEntitlementFallback numeric = 2;
MeteredEntitlementFallback metered = 3;
}
}
message ApiConfig {
string api_key = 1;
optional string api_url = 2;
optional bool edge_enabled = 3;
optional string edge_api_url = 4;
}
message LocalSidecarConfig {
optional bool ws_enabled = 5;
optional string ws_url = 6;
optional RedisOptions redis = 7;
map<string, EntitlementFallback> entitlements_fallback = 8;
optional int64 cache_max_size_bytes = 9;
}
message ReportUsageRequest {
string customer_id = 1;
optional string resource_id = 2;
string feature_id = 3;
double value = 4;
optional UsageUpdateBehavior update_behavior = 5;
}
message EventDimensionValue {
oneof value {
string string_value = 1;
double number_value = 2;
bool boolean_value = 3;
}
}
message Event {
string event_name = 1;
string customer_id = 2;
string idempotency_key = 3;
optional string resource_id = 4;
map<string, EventDimensionValue> dimensions = 5;
optional google.protobuf.Timestamp timestamp = 6;
}
message ReportUsageResponse {
string measurement_id = 1;
}
message ReportEventsRequest {
repeated Event events = 1;
}
message ReloadEntitlementsRequest {
string customer_id = 1;
optional string resource_id = 2;
}
message ReloadEntitlementsResponse {
bool entitled_entity_exists = 1;
}
service SidecarService {
rpc GetEntitlements(GetEntitlementsRequest) returns (GetEntitlementsResponse);
rpc GetBooleanEntitlement(GetBooleanEntitlementRequest) returns (GetBooleanEntitlementResponse);
rpc GetNumericEntitlement(GetNumericEntitlementRequest) returns (GetNumericEntitlementResponse);
rpc GetMeteredEntitlement(GetMeteredEntitlementRequest) returns (GetMeteredEntitlementResponse);
rpc ReportUsage(ReportUsageRequest) returns (ReportUsageResponse);
rpc ReportEvents(ReportEventsRequest) returns (google.protobuf.Empty);
rpc ReloadEntitlements(ReloadEntitlementsRequest) returns (ReloadEntitlementsResponse);
}
Sidecar SDK
Read about sending requests to the Sidecar service in the Sidecar SDK page.
Updated about 1 month ago