Overview
This section covers the details of each type of export that Tranquil Data supports. Each export is defined by configuration written in JSON and submitted to Tranquil Data via the export API. Each export is given a unique identifier (for management) and network port (for clients to connect) that are returned to the caller. Port allocation is defined through process configuration.
Export Configuration#
Each export type has its own specific configuration format that extends this base set of properties:
| Field Name | Type | Required | Default |
|---|---|---|---|
| type | string | ||
| version | SemVer | 1.0.0 |
|
| resolverGroup | string | default mapping group | |
| policyEvaluationMode | string | configured mode | |
| anonymous | boolean | ||
| metadata | map of string to object |
The value of type is the type of export being requested.
The value of version is the syntax version used to express export configuration. This section describes the syntax for configuration version 1.1.0.
The value of resolverGroup is the name of the group, from the model used by the domain where the datastore is exported, that is used to resolve fields. If no group is named then the service will use the default group from the domain's model. For the Tranquil DataTM Trusted Flow Edition there is only one domain and model, so the resolver group is the name of a mapping group.
The value of policyEvaluationMode is the mode to use when evaluating the input record. Valid values are enforce, validate, filter, and redact. If absent, then the service will use the engine's configured default mode. For the Tranquil DataTM Trusted Flow Edition the default is always redact.
The value of anonymous is true if requests issued to this export should be anonymous in context, meaning that context is neither read nor formed for the associated record. If anonymous is false then the service will attempt to resolve and maintain record context for the request. The Change Graph can be configured to include anonymous records for the purpose of audit.
The value of metadata (if present) is a map from property name to value that becomes the default Request Metadata for any evaluation done through this exported interface. These values may be overridden by auth token assertions or header injection.
Security Support#
Most exported interfaces may take full advantage of the Auth Framework to support terminating authentication, audit logging, and Request Metadata injection based on security tokens. The full list of supported components is in the auth documentation.
Each export type supports specific security capabilities to connect and communicate with backing stores. For details, see the documentation for the given export type.
Metadata Injection#
For any exports types that expose an HTTP interface, Request Metadata may be injected via HTTP headers. Any header prefixed with X-TQD-Meta- will be interpreted as Request Metadata and made available to policy evaluation. For example, the header X-TQD-Meta-Country: US will be interpreted by Tranquil Data as the metadata variable country with a value US. The special metadata key subject is used to identify the Query Subject. Note that in HTTP header keys aren't case sensitive, so X-TQD-Meta-Country will be interpreted the same as x-tqd-meta-country.