JSON Connection Configuration Document
Core+ clients connect to the Deephaven authentication server, Persistent Query controller, and the underlying query workers. To initiate communications with the Deephaven server, the clients first download a connection.json file from the Web API service. Typically, for clusters without Envoy, the URL is of the form https://deephaven-infra-host.example.com:8123/iris/connection.json, or, for clusters with Envoy, https://deephaven-infra-host.example.com:8000/iris/connection.json.
An example JSON document for an Envoy cluster is:
{
"auth_host": ["deephaven-infra-host.example.com"],
"auth_port": 8000,
"controller_port": 8000,
"controller_host": "deephaven-infra-host.example.com",
"truststore_url": "https://deephaven-infra-host.example.com:8000/iris//resources/truststore-iris.pem",
"override_authorities": false,
"acl_write_server": "https://deephaven-infra-host.example.com:8000/acl/",
"authentication_service_config": "{\n \"methodConfig\": [\n {\n \"name\": [\n {\n \"service\": \"io.deephaven.proto.auth.grpc.AuthApi\"\n }\n ],\n\n \"retryPolicy\": {\n \"maxAttempts\": 60,\n \"initialBackoff\": \"0.1s\",\n \"maxBackoff\": \"2s\",\n \"backoffMultiplier\": 2,\n \"retryableStatusCodes\": [\n \"UNAVAILABLE\"\n ]\n },\n\n \"waitForReady\": true,\n \"timeout\": \"60s\"\n }\n ]\n}\n",
"controller_service_config": "{\n \"methodConfig\": [\n {\n \"name\": [\n {\n \"service\": \"io.deephaven.proto.controoler.grpc.ControllerApi\"\n }\n ],\n\n \"retryPolicy\": {\n \"maxAttempts\": 60,\n \"initialBackoff\": \"0.1s\",\n \"maxBackoff\": \"10s\",\n \"backoffMultiplier\": 2,\n \"retryableStatusCodes\": [\n \"UNAVAILABLE\"\n ]\n },\n\n \"waitForReady\": true,\n \"timeout\": \"60s\"\n }\n ]\n}\n"
}
A similar example of a cluster without Envoy is:
{
"auth_host": ["deephaven-authentication-server.example.com"],
"auth_port": 9031,
"controller_port": 20126,
"controller_host": "deephaven-controller.example.com",
"truststore_url": "https://deephaven-infra-host.example.com:8443/iris/resources/truststore-iris.pem",
"override_authorities": true,
"controller_authority": "controller",
"auth_authority": "authserver",
"acl_write_server": "https://deephaven-infra-host.example.com:9044/acl/",
"authentication_service_config": "{\n \"methodConfig\": [\n {\n \"name\": [\n {\n \"service\": \"io.deephaven.proto.auth.grpc.AuthApi\"\n }\n ],\n\n \"retryPolicy\": {\n \"maxAttempts\": 60,\n \"initialBackoff\": \"0.1s\",\n \"maxBackoff\": \"2s\",\n \"backoffMultiplier\": 2,\n \"retryableStatusCodes\": [\n \"UNAVAILABLE\"\n ]\n },\n\n \"waitForReady\": true,\n \"timeout\": \"60s\"\n }\n ]\n}\n",
"controller_service_config": "{\n \"methodConfig\": [\n {\n \"name\": [\n {\n \"service\": \"io.deephaven.proto.controoler.grpc.ControllerApi\"\n }\n ],\n\n \"retryPolicy\": {\n \"maxAttempts\": 60,\n \"initialBackoff\": \"0.1s\",\n \"maxBackoff\": \"10s\",\n \"backoffMultiplier\": 2,\n \"retryableStatusCodes\": [\n \"UNAVAILABLE\"\n ]\n },\n\n \"waitForReady\": true,\n \"timeout\": \"60s\"\n }\n ]\n}\n"
}
See the table below for the definition of the field.
| Field | Type | Description |
|---|---|---|
auth_host | String Array | List of authentication servers. |
auth_port | Integer | Port of the authentication server. |
controller_host | String Array | Hostname of the active Persistent Query controller. |
controller_port | Integer | Port of the Persistent Query controller. |
truststore_url | String | URL for the trust store PEM file that contains the required certificates to connect to this Deephaven cluster. |
override_authorities | Boolean | Whether or not the client should override the authority for the TLS connection to the authentication server and the controller. In Deephaven versions earlier than 1.20231218 (Vermilion+), if true, the hardcoded value "authserver" is used for the authority override. In 1.20240517 (Grizzly) and later, the authority override value is found in the auth_authority and controller_authority fields. |
auth_authority | String | The authority to use for TLS connections to the authentication server; only used if override_authorities is set. Python client support is available in Grizzly (1.20240517) or Vermilion+ after 1.20231218.397. |
controller_authority | String | The authority to use for TLS connections to the Persistent Query controller; only used if override_authorities is set. Python client support is available in Grizzly (1.20240517) or Vermilion+ after 1.20231218.397. |
acl_write_server | String | The ACL write server API URL. |
saml_sso_uri | String | The value of the authentication.client.samlauth.login.url parameter. |
authentication_service_config | String | A string containing the JSON gRPC service configuration to use with the authentication server channel. The service configuration is necessary for the gRPC client to automatically retry on UNAVAILABLE errors. This value is only set and used by clients in 1.20240517 (Grizzly) or later. |
controller_service_config | String | A string containing the JSON gRPC service configuration to use with the controller channel. The service configuration is necessary for the gRPC client to automatically retry on UNAVAILABLE errors. This value is only set or used by clients in 1.20240517 (Grizzly) or later. |