Giter VIP home page Giter VIP logo

sello's Introduction

Sello

Build status License

Sello is a fictious company that is running a SaaS platform for selling products.

Everything is deployed automatically through all stages by using Visual Studio Team Services Release Management.

Scenario

API Overview

Sello exposes all their APIs via API Management in order to decouple the physical API from the endpoints that their customers are using.

This also enables them to only expose the APIs that 3rd parties need and keep the management APIs internally.

In Azure API Management we have the following setup:

3rd Party Management Operations
Product Name Sello (Free & Premium) Sello - Management Sello - Operations
Published in Developer Portal
Subscription Required
Subscription Approval
Throttling ✅, Product-level ✅, only on health-endpoint
API(s)
  • Sello API
  • Sello API
  • Sello Management API
  • Sello Operations API

These will communicate with the physical API that is hosted in an Azure Web App.

🚨 Security
For the sake of the demo there are some gaps in API security:
  • Physical API has no authentication and authorization
  • Physical API is publically reachable
  • No security between Azure API Management & the physical API
This is not safe for production workloads and thus not recommended.

You can find the details of the setup here.

Automating Azure API Management

We are currently automatically importing the Swagger specification for both the public & management API.

This can be achieved as following:

Import-AzureRmApiManagementSwaggerDefinition.ps1 -apiManagementInstanceName "<instance-name>" -resourceGroupName "<resource-group-name>" -swaggerDefinitionPath "<swagger-definition-path>" -apiId "<api-management-api-id>" -apiUrlSuffix "<logical-api-suffix>" -apiUrl "<url-physical-api>" -apiDefaultName "<default-api-name-in-swagger-definition>" -apiName "<desired-logical-api-name>"

Policies can be applied to both products and operations. Here is how you automatically apply policies on a product-level:

Set-AzureRmApiManagementPolicy.ps1 -apiManagementInstanceName "<instance-name>" -resourceGroupName "<resource-group-name>" -policyDefinitionPath "<policy-definition-path>" -policyType "product" -productId "<api-management-product-id>"

Simulating failures

For the sake of the demo you can simulate API failures by unleashing the chaos monkeys.

This can be achieved via:

  • Configuring the Demo.UnleashChaosMonkey application setting to true on the API
  • Sending the X-Inject-Chaos-Monkey custom header with a bogus value

This will result in operations throwing exceptions and the health endpoint to fail

License Information

This is licensed under The MIT License (MIT). Which means that you can use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the web application. But you always need to state that Codit is the original author of this web application.

sello's People

Contributors

imgbot[bot] avatar tomkerkhove avatar

Stargazers

avatar

Watchers

avatar avatar avatar avatar

Forkers

samneirinck-test ykankaya 5l1v3r1

sello's Issues

Provide documentation on repository structure

Provide documentation on repository structure.

  • What is it - Business scenario + functional requirements + technical details
  • Where is the code stored
  • Where are the deployment scripts stored
  • What testing is available
  • How to run it locally
  • How to import it in own VSTS subscription

Provide health endpoint

Provide health endpoint so that we can check the current health of the API.

API Specifications:

  • Verb: GET
  • Uri: /api/v1/health
  • Scope: Operations
  • Throttling: 10 calls per 1 min
  • Response Codes
    • 200 OK - API is healthy
    • 500 Internal Server Error - The API is not available

Resources:

Optimize mapping between DB+Domain & Domain+API

Optimize mapping between DB+Domain & Domain+API.

Points to improve:

  • API needs to know the details of DB+Domain mapping
  • Initialization for unit tests should be improved so that they all run the mapping initialation, when applicable

Support for smoke testing

Support for smoke testing after deployment.

  • Provide smoke testing
  • Trigger smoke tests after deployment

Provide free & premium tier products in Azure API Management

Provide premium & free tier products in Azure API Management.

This allows us to illustrate how you can throttle based on the pricing plan they have with Sello.

Throttling needs to be applied:

  • Premium Plan : 10k calls per second
  • Free Plan: 10 calls per minute

Task List:

  • Create Premium Product
  • Create Free Product
  • Add generic throttling policy
  • Apply throttling policy for Premium
  • Apply throttling policy for Free
  • Update documentation

Depends on #4

Add ARM template for resource provisioning

Add ARM template for resource provisioning.

Should provision the following resources on a per-tenant basis:

  • App Service Plan
  • Web App
  • Sql Database (added to pool)
  • Key Vault
  • Application Insights
  • API Management Group
  • API Management Policy
  • API Management API

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.