Currently, naming patterns for topics, consumer groups etc. can only be configured in an inconsistent and not very flexible way. Additionally, in the frontend, not everything configured in the backend for the naming patterns is considered correctly (especially when deviating from the Hermes default values).
As a Galapagos administrator, I want to be able to centrally configure patterns and naming rules for
- Topic names
- Internal Topic prefixes
- Consumer Group prefixes
- Transactional ID prefixes
As a Galapagos user, I want to easily get an overview over the prefixes which are valid for my application. Also, I want to see the applicable naming convention for Topic names directly in the UI, as far as feasible.
Naming persistence
Galapagos should persist the prefixes associated with an application, although this would not be necessary from a "naming logic" point of view. The relevant information what prefixes are valid for use by an application are determined by
- Galapagos Configuration
- Name of the (known) Application
- Potential aliases of the (known) Application
KnownApplications are entities which are provided by external means, e.g. via JSON Import or via external tooling writing them directly to galapagos.internal.known-applications
topic. These may change at any time, but an application should not (immediately) lose the right to write to its internal topics only because its name changed in an external (e.g. Enterprise Architecture) system. So we must decouple this a bit.
Additionally, there is an Admin Job for updating application ACLs from stored metadata. As this may - in principle - also be called at any time, this should also not change application rights "only" because its metadata in an external system changed.
For this reason, even the current implementation already stores valid prefixes for an application in ApplicationMetadata
and thus in the internal topic galapagos.internal.application-metadata
. This is stored when the certificate for the application is created on a given environment.
When streamlining the naming logic, the metadata should include all valid prefixes at the time of certificate creation on the first environment. When creating certificates for later stages, the prefixes of the first stage shall be copied automatically.
Update process
When e.g. the name of the KnownApplication changes for an already "registered" application and a user wants to make use of the changed prefix, they will have to recreate (or "extend") the certificate on the first environment, and then on all following stages. This is not completely intuitive, but still logical, as the first environment usually is where the new prefix will be used first.
As this may also cause previous rights to be revoked, the user shall get an explicit notification about changes in rights when these are detected, every time a certificate is issued / extended.
Open Questions
Even during certificate extension, rights on the affected stage may be revoked immediately also for the running production application (as the ACLs are assigned to the "user names" in the certificates, not to the certificates themselves). This is not following the Principle of least surprise, and should be mitigated somehow. Potential solutions are:
- Offer user the option to keep previous prefixes
- Issue a new identity even when creating extension certificates, with changed rights only assigned to new identity. Would require some "housekeeping" to remove previous identities after certificate expiry.