~~# Amorphie vNext~~ ## Ilk Kurulum Ilk kurulum ile birlikte Master, Master Authn & Authz runtime kurulumlari gerceklesir. ```plantuml @startuml node "Master" as master node "Master Authn & Authz" as mastera master -(0)- mastera @enduml ``` Bu kurulumla ile birlikte sistem uzerinde olusan servis asagida ozetlenmistir. #### Tum Workflow Runtime dagirimlari icin ortak * **Workflow**: Is akisi olarak tanimli servislerin akis olarak yurumesi. * **Page**: Izleme ekranlari icin repo. ### Master Authn & Authz * **User**: Sistem kullanicilarini tanimlar, sifre, cihaz tokenlari, temel ozluk bilgileri icerir. * **Client**: Erisecek istemci ve entegrasyon nokta bilgilerini tasir. * **Scope**: Erisilecek ana kaynak bilgisidir. Bankamiz kurulumunda bu deger musteri kaydidir. * **Consent**: Bir kullanicinin erisecegi scope ve rol kaydidir. * **Role**: Kullanicilarin alabilecegi rolleri icerir. * **Resource**: Sistem tarafinda erisilebilir her bir servis/transition tanimidir. Yetkilenme icin temeldir. RBAC * **Prilivage**: Parametre temelli yetkilendirme tanimladiridir. ABAC ### Master * **Service**: Her bir workflow ve page icin kullanilan urun agaci yapisi. * **Navigation**: Her bir workflow ve page icin kullanilan urun agaci yapisi. * **Component**: Tum dis sistem bilesenleri icin tanimlardir. Redis, Apisix, kafka gibi. * **Database**: Verilerin saklanacagi ve runtime'lar tarafindan kullanilacak veritabani tanimlaridir. * **Pipeline**: Ortamlar arasi dagitim akislari. workflow, page ve component dagitimlari icin kulllanilir. * **Package**: Version bazli ortamlar arasi dagitim paketleri olusturmaya ve calismaya yarar. Birden fazla workflow, page ve component paketlenir. Blue/Green deployment seklinde dagirimlari, ve rollback senaryolarini destekler. * **Tenant**: Her bir workflow runtime kurulumunun kaydinin iceririr. Icerikte her bir component configurasyonu, iliskileri kayit altindadir. Bir pod/runtime ayaga kalkaarken buradan config alarak ayaga kalkar. * **Workflow Runtime**: Is akislarinin dagitiminin yapildigu is akisinin hizmetini veren temel kume. #### Workflow Tum is akis tanimlarida bir **workflow** tanimi olarak yonetilir. Master workflow runtime uzerindeki workflow isimli instance akislar icin master repodur. Tenantlar uzerine dagitimi yapilan is akislari sadece izlenebilir. ##### Master Repo Akisi ```plantuml @startuml hide empty description [*] -> draft : save draft --> draft : update draft --> approval : request-approve approval -> active : approve approval -> draft : recheck active -> disabled : disable disabled -> active : enable @enduml ``` ##### Tenant Repo Akisi ```plantuml @startuml hide empty description [*] -> active : deploy active -> active : re-deploy active --> disabled : disable disabled -> active : enable @enduml ``` ```json { "id": "d5b6626c-40ee-4fe2-93a9-9d433bce8d2d", "name": "workflow", "state": "active", "version": { "release": "2.1", "workflow": "2.1.1-dev", "runtime": "6.0.0.1", "dotnet": "9.0.0-preview.7", "dapr": "1.14.0" }, "definition": { "state": [] } } ``` #### Page Tum is akis tanimlarida kullanilan state ve transition viewler icin temel repodur. Bir is akisi ile iliskili olmayan view lerde yine bu repo uzerinde tutulur. ```plantuml @startuml hide empty description [*] -> draft : save draft --> draft : update draft --> approval : request-approve approval -> active : approve approval -> draft : recheck active -> disabled : disable disabled -> active : enable @enduml ``` ```json { "id": "45b6626c-40ee-4fe2-93a9-9d433bce8d2d", "name": "page", "state": "active", "version": { "workflow": "2.1.1-dev", "release": "2.1", "runtime": "6.0.0.1", "dotnet": "9.0.0-preview.7", "dapr": "1.14.0" }, "configuration": { "type": "dynamic-flutter", "content": {} } } ``` #### Workflow Runtime ```json { "id": "d5b6626c-40ee-4fe2-93a9-9d433bce8d2d", "name": "iam-dev", "state": "active", "version": { "workflow":"2.1.1-dev", "runtime": "6.0.0.1", "dotnet": "0.8.0.2", "dapr": "0.1.4.7" }, "components": [ { "type": "orchestrator", "package": "zeebe", "id": "iam-dev-zeebe" }, { "type": "cache", "package": "redis", "id": "iam-dev-redis" }, { "type": "upstream-gateway", "package": "apisix", "id": "iam-dev-up-apisix" }, { "type": "downstream-gateway", "package": "apisix", "id": "iam-dev-down-apisix" } ], "database": "iam-dev-database" } ``` #### Tenant ```json { "id": "11897db7-5fd2-45d3-9b77-71849c763b83", "name": "account-dev", "version": { "workflow":"2.1.1-dev", "runtime": "6.0.0.1", "dotnet": "0.8.0.2", "dapr": "0.1.4.7" }, "state": "active", "iam-runtime": "iam-dev", "workflow-runtime": [ "saving-account-dev", "deposit-account-dev" ] } ``` #### Database ```json { "id": "d5b6626c-40ee-4fe2-93a9-9d433bce8d2d", "name": "iam-dev-database", "state": "active", "version": { "workflow":"2.1.1-dev", "runtime": "6.0.0.1", "dotnet": "0.8.0.2", "dapr": "0.1.4.7" }, "type": "postgres", "version": { "engine": "6.0.0.1", "schema": "0.1.0.2" }, "connection-string": { "vault": "hashicorp", "key": "iam-dev-database:connection-string" }, "configuration": {} } ``` #### Component Bilesenler uygulama tarafindan tuketilen bilesenleri tanimlamak icin kullanilir. Bu urunler workflow runtime ayaga kalkarken kullanilir. Urune ozel konfigurasyon bilgileri package Bilesen tipleri; * **gateway**: API guvenlik kontrolu ve erisimleri icin gateway urunu. * Apache APISIX * **orchestrator**: is akislarinda her bir transitionin karsilanmasi icin kullanilir. * Zeebe * n8n * Http Call * Circle *-Pipeline akislarinda kullanmak icin* * **cache**: Verilerin ilgili sistemde cache configurasyonlari icin kullanilir. * Redis * **stream**: Event log, yada cdc gibi ihtiyaclarda kullanilir. * Redis Stream ```plantuml @startuml hide empty description [*] -> registration : register registration -> approval : request-approve approval -> active : approve approval --> registration : recheck active -> active : deploy active -> disabled : disable disabled --> active : enable @enduml ``` ```json { "id": "a5b6626c-40ee-4fe2-93a9-9d433bce8d2d", "name": "gateway-apisix", "state": "active", "type": "gateway", "package": "apisix", "pipeline": "gateway-apisix-deployment", "configuration": {} } ``` ----- [BELOW IS OBSOLUTE] ----- ## Ornek Kurulum ```plantuml @startuml node "Master Definitions" as master node "Master Runtime" as mruntime node "Master Authn & Authz" as maruntime master - mruntime maruntime - mruntime node "Development Authn & Authz" as devaruntime node "Development Runtime 1" as dev1 node "Development runtime 2" as dev2 master -- dev1 master -- dev2 dev1 -- devaruntime dev2 -- devaruntime node "Testing Authn & Authz" as testaruntime node "Test Runtime 1" as test1 node "Test Runtime 2" as test2 node "UAT Runtime" as uat master -- test1 master -- test2 master -- uat test1 -- testaruntime test2 -- testaruntime uat -- testaruntime node "Prod Runtime" as prodruntime { artifact "1. Partial Runtime" as wfprodpartialruntime1 artifact "2. Partial Runtime" as wfprodpartialruntime2 } master -- prodruntime prodruntime -- maruntime @enduml ``` ```plantuml @startuml left to right direction card "Management" as master { component "Services" as service component "Tenants & Environments" as tenant component "Workflow Definitions" as workflow component "Component Definitions" as component component "Database Definitions" as database component "Page Definitions" as page component "Navigation Definitions" as navigation } service - workflow service -- page tenant -- database tenant -- component tenant -- workflow tenant -- page tenant -- navigation card "Master Runtime" as mruntime { component "Workflow Runtime" as wfmaster component "Page Runtime" as pagemaster component "Navigation" as navmaster } card "Master Authn & Authz" as maruntime { component "Authentication" as authnmaster component "Authorization" as authzmaster } master -- maruntime master -- mruntime maruntime -- mruntime card "Development Authn & Authz" as devaruntime { component "Authentication" as authndev component "Authorization" as authzdev } card "Tenant Development 1" as dev1 { component "Workflow Runtime" as wfdev1 component "Page Runtime" as pagedev1 component "Navigation" as navdev1 } card "Tenant Development 2" as dev2 { component "Workflow Runtime" as wfdev2 component "Page Runtime" as pagedev2 component "Navigation" as navdev2 } master -- dev1 master -- dev2 dev1 -- devaruntime dev2 -- devaruntime @enduml ``` ## Generic Service Tree Örnek servis ağacı ve içeriği; * Customer 360 * Dashboard * Information * Atm Finder * ekyc * Application * Application Tracking * Recall * Account * Calculator * Listing * Opening * Deposit * Saving * Detail * Permission * Closing * Create * Transactions * Loans Servisler altında ya sayfa tanımları veya workflow tanımları bulunur. ```json { "id": "49779689-0ba2-4d5a-90fa-45b030dde700", "name": "account", "type": "group", "urn": "urn:amorphie:service:account", "child": [ { "id": "59779689-0ba2-4d5a-90fa-45b030dde700", "name": "account-listing", "type": "page", "urn": "urn:amorphie:service:account:page:account-listing" }, { "id": "69779689-0ba2-4d5a-90fa-45b030dde700", "name": "account-listing", "type": "workflow", "urn": "urn:amorphie:service:account:workflow:account-opening:saving" } ] } ``` ## Tenants Definition ```plantuml @startuml left to right direction interface IOrchestrator #aliceblue;line:blue;line.dotted;text:blue class Orchestrator annotation Zeebe annotation n8n IOrchestrator +-- Zeebe IOrchestrator +-- n8n IOrchestrator . Orchestrator interface IGateway #aliceblue;line:blue;line.dotted;text:blue class Gateway annotation APISIX annotation Kong IGateway +-- APISIX IGateway +-- Kong IGateway . Gateway interface IVault #aliceblue;line:blue;line.dotted;text:blue class Vault annotation Hashicorp IVault +-- Hashicorp IVault . Vault interface IStorage #aliceblue;line:blue;line.dotted;text:blue class Storage annotation Postgress annotation ClickHouse IStorage +-- Postgress IStorage +-- ClickHouse IStorage . Storage interface IComponent #aliceblue;line:blue;line.dotted;text:blue class Component annotation Redis annotation Kafka IComponent +-- Redis IComponent +-- Kafka IComponent . Component class Environment class Tenant { Kurum içerisinde kurulu tüm Amorhie ve bağlı bileşenlerin tanımlı olduğu merkezi tanım merkezidir. .. Temel beklentiler; * Ortamlar arası dağıtımların otomatize edilmesi * Aynı tanımları paylaşan birden fazla ortam dağıtılabilmesi. * Uygulama tanımlarını ortamlardan izole etmek. * Ortamlar arası uygulama tanımlarında versiyon yönetimi yapabilmek. } Tenant o-- Gateway Tenant o-- Orchestrator Tenant o-- Vault Tenant o-- Storage Tenant o-- Component Tenant --* Environment @enduml ```