Gatekeeper cloud design pattern

The gatekeeper cloud design pattern protects an application by placing all services behind a single facade, similar to a firewall.

Benefits

  • All services and data are private and hidden behind a single public endpoint, which significantly reduces the attack surface.
  • Request validation and malicious communication rejection is implemented in a single place.
  • The backend services can be optimised and scaled to handle legitimate requests only.
  • If any breach does occur, the exposure is limited to the sensitive information on the gatekeeper itself, which should be kept to a minimum.

Issues

  • The gatekeeper is a single point of failure for the entire application, and must be appropriately managed for high availability and redundancy.
  • The gatekeeper may affect performance by increasing latency, increasing load and introducing a bottleneck.

 

Azure example implementation

  • Place all backend services in a private virtual network.
  • Place the web app endpoint in an App Service Environment which includes an Application Gateway, from which we can make use of the Web Application Firewall which blocks many common security vulnerabilities.

gatekeeper

Python’s enumerate

enumerate(sequence, start=0)
  • Takes as input a sequence (string, unicode string, list, tuple, bytearray, buffer or xrange) or iterable, and an arbitrary start index
  • Returns an iterator which provides tuples containing the count and value
  • Useful to generate the index corresponding to each element:
for i, animal in enumerate(["cat", "dog", "mouse"], 1):
    print("Animal #{} is a {}".format(i, animal))
PEP 279 — The enumerate() built-in function
enumerate(sequence, start=0)

Covariance vs. Contravariance

Covariance and Contravariance are two dual concepts, which enable implicit type assignment for arrays, delegates and generic type arguments.

  • Covariance is when a type can be replaced by a less derived type
  • The out keyword on a type parameter denotes a covariant type e.g. IEnumerable<out T>
  • An IEnumerable<string> outputs a string, which can be assigned to an object reference, as a string is an object
  • Contravariance is when a type can be replaced by a more derived type
  • The in keyword on a type parameter denotes a contravariant type e.g. Action<in T>
  • An Action<object> takes an object as in input, so it will happily take a string reference, as a string is an object
Covariance and Contravariance (C# and Visual Basic)
IEnumerable<T> Interface
Action<T> Delegate

Rx ReplaySubject

  • ReplaySubject is a Subject with memory
  • It can have temporal or spacial memory:
    • Construct it with an int and it will have a buffer of that size
    • Constuct it with a TimeSpan and it will have a buffer of that duration
    • Construct it with both and it will have both
  • It’s main use is when publishes occur before subscriptions, and some history is required
  • ReplaySubject(1) can be used to pass in a dependency as IObservable<FooDependency>
    • Useful when the creation of FooDependency is potentially long running
    • And when useful work can be done without FooDependency (e.g. bring up a UI or load other modules
ReplaySubject<T> Class

Law of Demeter

  • aka The Principal of Least Knowledge
  • Give clients exactly what they asked for, not some object they can use to query what they want
  • Tenet of loose coupling
  • Classes only know about the neighbours, and don’t have to talk to strangers
  • Results in less brittle, more maintainable and adaptable code
  • But, quickly results in bloat, as each type/method in a chain needs to marshal values to/from their neighbours

Command Query Separation (CQS)

Logical separation of methods on an object into either a command or a query.

Command

  • Performs an action
  • Changes some externally observable state
  • Does not return a value

Query

  • Queries and returns a value to the caller
  • Does not affecting any externally observable state
  • Must be referentially transparent
  • Has no side effects and therefore calls can be added, removed or re-ordered without affecting the output

 

  • “Asking a question does not change the answer”
  • Enforces separation of concerns
  • Any kind of query logging or metric generation becomes impossible

Benefits of Powershell

Powershell (PoSH) is Microsoft’s new shell and scripting language

  • Easily discoverable and consistent due to the Verb-Noun structure (e.g. Invoke-WebRequest) with fixed list of verbs (Get-Verb to view them)
  • Microsoft’s strategic solution going forward, with modules available for components such as ISS, Windows Update, Azure etc. as well as external applications like Facebook
  • Works using an object pipeline with named fields, instead of just passing pure text between functions
  • Includes whatif functionality to view the output of a command without actually executing it
  • Includes shortcut commands and default unnamed parameters