Proxy

The proxy serves a few primary purposes for Data Fabric clients, including:

Each proxied service must first be [enabled from the Catalog]({{< ref "/ui/catalog#enabling-a-data-source" >}}). During enablement, the Data Fabric user (or system account) provides the credentials necessary to authenticate with the target service.

The credentials are then stored securely in a Kubernetes Secret, and used by Data Fabric to invoke the target service on behalf of the user (or system account).

If a client attempts to invoke a proxied service without first enabling it, Data Fabric will respond with a 407 Proxy Authentication Required error code and a message indicating the service has not been enabled for that client.

One of the benefits to going through the Data Fabric proxy is leveraging the built-in cache. For any given request, the response from its upstream service is cached locally. Upon the next request for the same data, the proxy responds with the previously cached response. Once the response expires from the cache, the next request will again attempt to fetch from the upstream service (and cache the new response).

If a response came from the cache, the proxy will add a Cache-Ttl header to the response. The value will be the time left until the response expires from the cache.

The absence of Cache-Ttl in the response indicates the response was fetched from the upstream service.

There may be scenarios where you want to invalidate or skip over the cache for a particular request (testing a new upstream service, forcing a cache update, etc.).

To do this, the Data Fabric proxy supports an optional Cache-Mode request header which can have one of the following values.