raychorn/Self-Deploying_Microservice_Architecture_for_Python_3.doc

## Self-Deploying_Microservice_Architecture_for_Python_3.doc
### Features:

Pluggable via Python Modules via Python Package(s).

Low Amount of code required to deploy and thus self-deploying.

Django Framework + Django Rest Framework.

Plug-in Python Module and either Introspect or use Metadata in the Module to define the specific functions to expose via REST.
Each function becomes a separate and distinct REST Web Service via a Smart APIView subclass that encapsulates the Security Model
and the end-points.

End-Points are as easy as the following URL found in the urls.py file:

'''
urlpatterns = [
    path('rest/', restful.RestProjectAPI.as_view()),
    path('rest/<slug:funcName>/', restful.RestProjectAPI.as_view()),
    path('rest/<slug:funcName>/<slug:var1>/', restful.RestProjectAPI.as_view()),
]
'''
all_modules = iterate_the_directory_tree_and_import_modules_dynamically()

Sample Class definition:
'''

class RestAbstractAPI(APIView):
    """
    Encapsulates the Security Model.
    """
    def get_payload(self, request):
        try:
            payload_data = json.loads(request.body)
        except Exception as ex:
            payload_data = {'exception' : ex}

        return payload_data

    def check_security(self, request):
        try:
            response = {'valid' : False}
            response[token] = generate_signed_topt() # this token will be sent back to the client
            pass # put stuff here to handle the security model - check TOPT from client.
                 # web client uses MASM function to validate the signed TOPT.
                 # TOPT signing method uses self-decrypting envelope (proprietary).
        except Exception as ex:
            response = {'exception' : ex}

        return response

class RestProjectAPI(RestAbstractAPI):
    """
    Encapsulates the actual end-points.
    """

    def post(self, request, **kwargs):
        response = {}
        # gather the URL parameters, if any.
        funcName = kwargs.get('funcName')
        var1 = kwargs.get('var1')
        security = self.check_security(request)
        if (security.get('valid', False)):
          data = self.get_payload(request)
          funcName = data.get('funcName', funcName)  # this ensures there is a funcName either from the URL param or the payload.
          for module in all_modules:
            for func in module.get_list_of_functions():
              if (funcName == func):
                response['results'] = module.func() # **kwargs makes this work. result is JSON serializable data.
        response['valid'] = security.get('valid', False)
        return Response(response, status=status.HTTP_200_OK, content_type='application/json')
'''

### Extensible.
Plug-in Python Modules that provide the required meta-data.

Some programming is required.  This is just the Architecture and high-level overview.

All this has been in Python for a very long time so nothing new here.  It has always been possible to import Python Modules dynamically.

The Security Model is the real special sauce here.  TOPT is not new.  Self-Descrypting TOPT Tokens is the real special sauce.

Web-based Clients can use WASM via GOLANG to keep the security details hidden.  This means the WASM code handles the incoming token
and generates the out-going TOKEN.  The server via the above Architecture validates the incoming Signed TOPT Token and generates the
out-going Signed TOPT Token.  Tokens are valid for a short time.  Signing method is self-decrypting but not obviously so.  Both the
client and server use the same TOPT Keys.  Keys can be assigned per user for multi-tenant deployments.  TOPT Keys can be made to change
at regular intervals using the same system so clients and servers need not pass Keys via the Internet however doing so via the
self-decrypting signing method makes this secure.

GOLANG cross-compiles to WASM.

(c). Copyright, Ray C Horn, All Rights Reserved.
	### Features:

	Pluggable via Python Modules via Python Package(s).

	Low Amount of code required to deploy and thus self-deploying.

	Django Framework + Django Rest Framework.

	Plug-in Python Module and either Introspect or use Metadata in the Module to define the specific functions to expose via REST.
	Each function becomes a separate and distinct REST Web Service via a Smart APIView subclass that encapsulates the Security Model
	and the end-points.

	End-Points are as easy as the following URL found in the urls.py file:

	'''
	urlpatterns = [
	path('rest/', restful.RestProjectAPI.as_view()),
	path('rest/<slug:funcName>/', restful.RestProjectAPI.as_view()),
	path('rest/<slug:funcName>/<slug:var1>/', restful.RestProjectAPI.as_view()),
	]
	'''
	all_modules = iterate_the_directory_tree_and_import_modules_dynamically()

	Sample Class definition:
	'''

	class RestAbstractAPI(APIView):
	"""
	Encapsulates the Security Model.
	"""
	def get_payload(self, request):
	try:
	payload_data = json.loads(request.body)
	except Exception as ex:
	payload_data = {'exception' : ex}

	return payload_data

	def check_security(self, request):
	try:
	response = {'valid' : False}
	response[token] = generate_signed_topt() # this token will be sent back to the client
	pass # put stuff here to handle the security model - check TOPT from client.
	# web client uses MASM function to validate the signed TOPT.
	# TOPT signing method uses self-decrypting envelope (proprietary).
	except Exception as ex:
	response = {'exception' : ex}

	return response

	class RestProjectAPI(RestAbstractAPI):
	"""
	Encapsulates the actual end-points.
	"""

	def post(self, request, **kwargs):
	response = {}
	# gather the URL parameters, if any.
	funcName = kwargs.get('funcName')
	var1 = kwargs.get('var1')
	security = self.check_security(request)
	if (security.get('valid', False)):
	data = self.get_payload(request)
	funcName = data.get('funcName', funcName) # this ensures there is a funcName either from the URL param or the payload.
	for module in all_modules:
	for func in module.get_list_of_functions():
	if (funcName == func):
	response['results'] = module.func() # **kwargs makes this work. result is JSON serializable data.
	response['valid'] = security.get('valid', False)
	return Response(response, status=status.HTTP_200_OK, content_type='application/json')
	'''

	### Extensible.
	Plug-in Python Modules that provide the required meta-data.

	Some programming is required. This is just the Architecture and high-level overview.

	All this has been in Python for a very long time so nothing new here. It has always been possible to import Python Modules dynamically.

	The Security Model is the real special sauce here. TOPT is not new. Self-Descrypting TOPT Tokens is the real special sauce.

	Web-based Clients can use WASM via GOLANG to keep the security details hidden. This means the WASM code handles the incoming token
	and generates the out-going TOKEN. The server via the above Architecture validates the incoming Signed TOPT Token and generates the
	out-going Signed TOPT Token. Tokens are valid for a short time. Signing method is self-decrypting but not obviously so. Both the
	client and server use the same TOPT Keys. Keys can be assigned per user for multi-tenant deployments. TOPT Keys can be made to change
	at regular intervals using the same system so clients and servers need not pass Keys via the Internet however doing so via the
	self-decrypting signing method makes this secure.

	GOLANG cross-compiles to WASM.

	(c). Copyright, Ray C Horn, All Rights Reserved.