Philosophy & Architecture - SUSE/aimaas GitHub Wiki
Are you familiar with PIM systems for eCommerce? They are central hubs for product information and related media. They can be the primary authority for this information or an intermediary between systems providing the data (e.g. a company's internal system) and systems consuming the data (e.g. a web-shop on the internet).
With aimaas we want pick up this solution and transform it into an abstract and general-purpose solution. With such an abstract foundation we want to cover as many simple use cases as possible so that we only need to create additional modules for highly specialized use cases.
aimaas wants to allow users to define their own object types with different attributes and value types such that every change is traceable and reviewable. In addition we want it to make easy to access aimaas via an API.
There are already several tools out there serving very similar purposes. The closest candidate is PostgREST. It would fulfill all our needs for the use cases described below with a few exceptions/caveats:
- It does not allow the desired tracking of changes and review process out of the box.
- Instead of imposing a schema on a EAV data model one can just define the desired data model, but to do so would require permissions on the DB and knowledge of SQL.
Instead we would like to provide an easy to use (and intuitive) application to users.
The Value
table in the diagram represents a set of tables; one for each data type (e.g.
integers, floats, foreign key, ...)
In a typical CRUD approach the update
operation writes changes directly to the target database
table and field. In aimaas we want to be able to deviate from this approach and review changed
data before it is actually written to its destination:
- Starting from a typical EAV model aimaas must extend the structure to include multiple schemas allowing entities to have different attribute sets.
- Similar to database tables the schema must define ...
- whether attributes are required.
- whether attributes have unique values.
-
aimaas must keep track of changes.
- Changes to fields of
Entity
,Value
andAttributeDefinition
must be tracked.
- Changes to fields of
-
aimaas must offer the possibility to review changes before they are written to the target.
- It must be possible to enable the review feature on the schema level.
- When the feature is enabled:
- A value must not be changed until the review is accepted.
- Aimaas must warn about pending changes/reviews when an entity is being edited.
-
create
,update
anddelete
operations should be encapsulated using database transactions and locks.
aimaas is considered a place where humans and machines exchange data. Therefore, we choose a server - client architecture:
The backend of aimaas is the generic service holding data. It's primary purpose is to provide access to data for other systems as well as humans.
- The backend should connect to a PostgreSQL database.
- The backend must be written in Python.
- The backend should be implemented with a major framework (e.g. Django, Fast API, Flask).
- The backend must provide an API (CRUD).
- The API must dynamically adapt to changes to schemas and allow filtering.
- The API must provide a dynamically created documentation, which reflects the schema-dependent fields and filters.
- The backend should not render HTML templates except for the frontend client.
- Entities must not be deleted from the database. They must be marked as deleted instead.
aimaas needs to authenticate users and manage permissions.
- The backend must ensure authentication.
- The backend must enforce permissions.
- Permissions must be pre-defined for entities and schemas.
- Permissions must be additive/hereditary, e.g.
- a user can have permission to add/update entities for schema X, but only permission to update a specific entity for schema Y.
- A permission granted on the schema cannot be revoked on the entity level.
- A permission granted to a group cannot be revoked for a member of this group.
- It must be possible to create and delete groups.
- It must be possible to add users to and remove users from groups.
- It must be possible to add groups to and remove groups from groups.
- It must be possible to grant permissions to and remove permissions from users and groups.
- Users without permission to change/update an entity may request a change, but not review (i.e. accept/reject) it.
The frontend is the primary interface for interaction with humans. It is a client for the API provided by the backend.
- The frontend must be a web application written in HTML, CSS and Javascript.
- The frontend should be implemented with a major framework (e.g. Vue.js, Angular, React).
- The frontend must contain a generic mode, which allows:
- Switching between schemas.
- Showing a list of entities (with primary attributes) and single entities (with all attributes).
- Editing entities and schemas.
- Approving/Rejecting changes.
- Granting/Revoking of permissions.
- Managing of groups (i.e. create, delete, add user, add subgroup...).
- The frontend must allow to be extended with usecase-specific modes (e.g. showing a table with product LCM dates and a graph of module dependencies).
- The frontend should be designed with the SUSE Product Brand.
The application should be written with container-technology in mind.
- The application can be built as container image or Python package.
- The application should be configurable via environment variables.
Despite it's abstract and generic nature, there are already use cases for which aimaas will be needed.
- Generic data: Name, Type, CPE, LCM Status, ...
- LCM dates: First release, End of Life, ...
The relations (not only dependencies) between products and available modules or extensions are important during automated testing of modularized products. Besides the most important relation (module X requires module Y), other relation information (e.g. module X cannot be installed together with module Z) is also very important:
The above requirements describe the abstract, feature-complete core application. The minimal viable product must contain the following features:
- Create schema with attribute definitions.
- Create, list, update entities and attributes.
- Authentication of users (no groups, permissions).
The minimal viable product must allow to create the schemas and entities for the use cases described above.