New operations admin APIs and revamped change-event listener on admin WebSocket

[peterbroadhurst]

The policy engine described in hyperledger/firefly-ethconnect#149 (comment) is starting to come together, with some evolved architecture.

The intention is for this to be a separate microservice, so it can be pluggable with different implementations easily, have a separate scaling model, and be closer to EthConnect in where it sits in the architecture than to the core.

However, the source of truth for the completion of operations is still FireFly. So this is more like an augmented component of FireFly, than it is a plugin/connector that performs a particular task on behalf of FireFly. So as such I believe it should connect in to FireFly to perform actions.

Currently (before this PR) we have some of things it would need - with gaps:

• Operations API - query only, and limited to one namespace.
• Operation change events - oddly side-car attached to the main application events, without sophisticated filtering

So this PR proposes we create a proper separation of concerns between the components that have super-access to update FireFly state, because they are part of it (the admin API already exists for this), and the external API that applications use.

• Adding GET /admin/api/v1/operations routes - including a PUT to update operation status (per same rules that apply to internal plugins like Data Exchange today)
• Moving the database change events firehose WebSocket to /admin/ws with extra options, and a simplified no-confirm model. It's best effort up to a buffer size, and then operation of the core is prioritized over avoiding any event loss, and always ephemeral. No guarantees.

[codecov-commenter]

Codecov Report

Merging #668 (5d9f3f8) into main (6631ae7) will decrease coverage by 0.03%.
The diff coverage is 97.38%.

❗ Current head 5d9f3f8 differs from pull request most recent head fa55726. Consider uploading reports for the commit fa55726 to get more accurate results

@@             Coverage Diff             @@
##              main     #668      +/-   ##
===========================================
- Coverage   100.00%   99.96%   -0.04%     
===========================================
  Files          316      320       +4     
  Lines        19437    19586     +149     
===========================================
+ Hits         19437    19579     +142     
- Misses           0        5       +5     
- Partials         0        2       +2     

Impacted Files	Coverage Δ
...rnal/apiserver/route_admin_delete_config_record.go	100.00% <ø> (ø)
internal/apiserver/route_admin_get_config.go	100.00% <ø> (ø)
...nternal/apiserver/route_admin_get_config_record.go	100.00% <ø> (ø)
...ternal/apiserver/route_admin_get_config_records.go	100.00% <ø> (ø)
...nternal/apiserver/route_admin_put_config_record.go	100.00% <ø> (ø)
internal/apiserver/route_admin_put_config_reset.go	100.00% <ø> (ø)
...l/definitions/definition_handler_identity_claim.go	100.00% <ø> (ø)
internal/events/event_manager.go	100.00% <ø> (ø)
pkg/fftypes/operation.go	100.00% <ø> (ø)
pkg/fftypes/subscription.go	100.00% <ø> (ø)
... and 19 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6631ae7...fa55726. Read the comment docs.

[nguyer]

I like the idea of the separation of APIs (no apostrophe). Perhaps maybe the name admin is a bit out of place now? The original intent of the admin API was for administrators of the system to have a way to perform "superuser" type actions. Perhaps it should be renamed to internal? It looks like it is evolving into an API for things inside FireFly to use now. I'm not sure that has to be in this PR, but food for thought.

[nguyer]

Approved, but I still have the question about whether it should still be called the admin API or not. But we can defer that decision if you want.

[nguyer]

I'll just add this to my list of things to write descriptions for 🙂

[peterbroadhurst]

😳 🙇

[nguyer]

🙏

[nguyer]

So ChangeEventListeners are not a distinct concept anymore? ChangeEvents are just a thing that you get on the admin websocket now?

[peterbroadhurst]

Mixing together application level events, and these change events, on the same WebSocket with different payloads has been removed. It felt really confusing, and the danger of opening a firehose you can't cope with is now pretty self-evident.

So I guess I think of it as more distinct now, in that you have a whole separate WebSocket to listen to.

So it's got nothing to do with the events plugin at all - it's a system-level thing built into the core.

[peterbroadhurst]

I agree with the admin question, but renaming it is a significant change.
The CLI uses it. I think we should defer this (for today at least)