tibschemad Command Line Reference

The Schema Repository executable is installed in TIBCO_HOME/akd/repo/bin/.

The tibschemad command starts the Schema Repository component of TIBCO® Messaging - Apache Kafka Distribution.

Usage: tibschemad [flags]

tibschmad Flags

-backup string

Back up the schema database to a file

Use the file name "-" to send the backup to stdout.

-c string

Path to a JSON configuration file

Command line arguments override environment variables, which override configuration file arguments.

When absent, the Schema Repository first looks for ./.tibschemad, then ~/.tibschemad.

-compat string

Set compatibility level.

• strict (default) - Set to strict to guarantee compatibility with other TIBCO products and libraries.

• loose - Set to loose to relax requirements on client requests and attempt to accommodate a wider range of third-party tools.

-config string

Path to a JSON configuration file

Command line arguments override environment variables, which override configuration file arguments. When absent, the repository first looks for ./.tibschemad, then ~/.tibschemad.

-debug

When present, print debugging information.

-env

The repository prints the environment variables that would produce its current configuration and exits.

-force

Use with -restore to replace all existing schema data.

-ftl string

URL of the FTL realm server

The default is http://localhost:31500.

-l string

The repository listens for requests at this interface and port.

The default is localhost:31519.

-listen string

The repository listens for requests at this interface and port.

The default is localhost:31519.

-origins-allowed string

A comma separated list of origins allowed for cross origin resource sharing (CORS).

A value of "*" allows all origins. When absent, no origins other than the server itself are allowed access to the server's resources.

-p string

The repository authenticates itself to the realm server with this password. Supply one of the following forms:

stdin | env:<environment_variable_name> |

file:<password_file_path> | pass:<password>

For details, see the Password Security section.

-password string

The repository authenticates itself to the realm server with this password. Supply one of the following forms:

stdin | env:<environment_variable_name> |

file:<password_file_path> | pass:<password>

For details, see the Password Security section.

-q

When present, the Schema Repository prints minimal output.

-quiet

When present, the Schema Repository prints minimal output.

-readonly

When enabled, the schema repository functions in read-only mode. Any operations that would modify either schema data or configuration are disallowed regardless of user permissions.

Read operations (schema lookups, and so on) are still allowed subject to user permissions.

For details, see the Readonly section.

-restore string

Restore the database from a file.

Use the file name "-" to read the database from stdin.

-show-config

The repository prints the contents of a configuration file that would produce its current configuration and exits.

-store string

Type of backing store to use.

Choices are "ftlrealm", "ftlkv", or "memory". The default is "ftlkv".

-trust-everyone

The repository trusts any realm server without verifying trust in the realm server's certificate.

Caution: Do not use this parameter except for convenience in development and testing. It is not secure.

-trust-file string

Required only for TLS communication with a secure realm server.

When present, the repository process reads a trust file from this path, and uses that trust data in communications with the secure realm server.

For more information about security, see TIBCO FTL® Security guide.

-user string

User name for authentication.

The repository authenticates itself to the realm server with this user name.

-v

When present, the repository prints verbose output.

-verbose

When present, the repository prints verbose output.

-version

When present, the repository outputs version information and exits.

-X DELETE

A soft delete of a schema only deletes the version. The underlying schema ID is still available for lookup.

curl -X DELETE "https://localhost:8081/schema/v1/subjects/company-two" -H "accept: application/json"

-X DELETE and ?permanent=true

A hard delete of a schema removes all metadata, including the schema ID. You can hard delete all schema versions registered under a subject or on a specific version of a subject. To perform a hard delete, you must soft delete the schema then hard delete the schema.

curl -X DELETE "https://localhost:8081/schema/v1/subjects/company-two" -H "accept: application/json"

curl -X DELETE "https://localhost:8081/schema/v1/subjects/company-two?permanent=true" -H "accept: application/json"

To hard delete version 1 of a schema registered under the subject "time-value".

curl -X DELETE <schema-registry-api-key>:<schema-registry-api-secret> <schema-registry-url>/subjects/time-value/versions/1

curl -X DELETE <schema-registry-api-key>:<schema-registry-api-secret> <schema-registry-url>/subjects/time-value/versions/1/?permanent=true

To hard delete all versions of a schema under the subject "time-value".

curl -X DELETE <schema-registry-api-key>:<schema-registry-api-secret> <schema-registry-url>/subjects/time-value

curl -X DELETE <schema-registry-api-key>:<schema-registry-api-secret> <schema-registry-url>/subjects/time-value?permanent=true

Readonly

-readonly

When run without the -readonly command line option, schemas may be created, modified, or deleted if the user provides appropriate credentials. With this command line option, no modifications including new schemas, modifications to existing schemas, or schema deletions are possible regardless of the credentials provided by the user.

Use of this option allows the pre-loading of schemas when using the default settings of the Schema Repository. A subsequent restart of the Schema Repository with the read-only option will prevent any schema modifications during subsequent operation regardless of the credentials provided by the user.

Credential Handling Details

If a request is passed directly to the Schema Repository (not going through the FTL Server), any passed credentials are validated at the FTL Server and the Schema Repository will prevent any actions that would modify its contents unless the user supplies writeable credentials. Because the Schema Repository is doing the credential evaluation in the context of the REST request, non-modifying POST requests will work even with read-only credentials.

Use

To use this authorization approach, the applications should specify the URL(s) of the Schema Repository instead of the URL(s) of the FTL Server. This does not impact on high availability as the user can run multiple Schema Repositories and the applications will automatically switch to another Schema Repository instance, as required.

bin/tibschemad -ftl https://localhost:13131 -trust-file /path/to/ftl-server/srv1/ftl-trust.pem -u admin -p pass:admin-pw -l localhost:9696 -readonly

Once the readonly flag is set, only authorized users will be able to make changes to the database. If an unauthorized user tries to modify the schema, they will get the following error:

{"error_code":42205,"message":"Repository is in read-only mode"}

Steps to Start

1. Start the Schema Repository with the default setting.

2. Pre-load a schema.

3. Restart the Schema Repository with the read-only setting.

Steps if a Schema Needs to be Updated

1. Restart the Schema Repository with the default setting.

2. Update the schema.

3. Restart the Schema Repository with the read-only setting.

Note: If the read-only setting is stopping misbehaving applications with modify credentials from making schema updates, you may need to stop other applications during the maintenance window.