Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Python Architecture Patterns
  • Toc
  • feedback
Python Architecture Patterns

Python Architecture Patterns

By : Jaime Buelta
4.6 (22)
close
Python Architecture Patterns

Python Architecture Patterns

4.6 (22)
By: Jaime Buelta

Overview of this book

Developing large-scale systems that continuously grow in scale and complexity requires a thorough understanding of how software projects should be implemented. Software developers, architects, and technical management teams rely on high-level software design patterns such as microservices architecture, event-driven architecture, and the strategic patterns prescribed by domain-driven design (DDD) to make their work easier. This book covers these proven architecture design patterns with a forward-looking approach to help Python developers manage application complexity—and get the most value out of their test suites. Starting with the initial stages of design, you will learn about the main blocks and mental flow to use at the start of a project. The book covers various architectural patterns like microservices, web services, and event-driven structures and how to choose the one best suited to your project. Establishing a foundation of required concepts, you will progress into development, debugging, and testing to produce high-quality code that is ready for deployment. You will learn about ongoing operations on how to continue the task after the system is deployed to end users, as the software development lifecycle is never finished. By the end of this Python book, you will have developed "architectural thinking": a different way of approaching software design, including making changes to ongoing systems.
Table of Contents (23 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Share your thoughts
Free Chapter
1
Introduction to Software Architecture
chevron up
Introduction to Software Architecture
Defining the structure of a system
Division into smaller units
Conway's Law – Effects on software architecture
Application example – Overview
Security aspects of software architecture
Summary
2
Part I: Design
Part I: Design
3
API Design
API Design
Abstractions
RESTful interfaces
Authentication
Versioning the API
Frontend and backend
HTML interfaces
Designing the API for the example
Summary
4
Data Modeling
Data Modeling
Types of databases
Database transactions
Distributed relational databases
Schema design
Data indexing
Summary
5
The Data Layer
The Data Layer
The Model layer
Database migrations
Dealing with legacy databases
Summary
6
Part II: Architectural Patterns
Part II: Architectural Patterns
7
The Twelve-Factor App Methodology
The Twelve-Factor App Methodology
Intro to the Twelve-Factor App
Continuous Integration
Scalability
Configuration
The Twelve Factors
Containerized Twelve-Factor Apps
Summary
8
Web Server Structures
Web Server Structures
Request-response
Web architecture
Web servers
uWSGI
Python worker
External layers
Summary
9
Event-Driven Structures
Event-Driven Structures
Sending events
Asynchronous tasks
Subdividing tasks
Scheduled tasks
Queue effects
Celery
Summary
10
Advanced Event-Driven Structures
Advanced Event-Driven Structures
Streaming events
Pipelines
Defining a bus
More complex systems
Testing event-driven systems
Summary
11
Microservices vs Monolith
Microservices vs Monolith
Monolithic architecture
The microservices architecture
Which architecture to choose
The key factor – team communication
Moving from a monolith to microservices
Containerizing services
Orchestration and Kubernetes
Summary
12
Part III: Implementation
Part III: Implementation
13
Testing and TDD
Testing and TDD
Testing the code
Different levels of testing
Testing philosophy
Test-Driven Development
Introduction to unit testing in Python
Testing external dependencies
Advanced pytest
Summary
14
Package Management
Package Management
The creation of a new package
Trivial packaging in Python
The Python packaging ecosystem
Creating a package
Cython
Python package with binary code
Uploading your package to PyPI
Creating your own private index
Summary
15
Part IV: Ongoing operations
Part IV: Ongoing operations
16
Logging
Logging
Log basics
Producing logs in Python
Detecting problems through logs
Log strategies
Adding logs while developing
Log limitations
Summary
17
Metrics
Metrics
Metrics versus logs
Generating metrics with Prometheus
Querying Prometheus
Proactively working with metrics
Alerting
Summary
18
Profiling
Profiling
Profiling basics
Types of profilers
Profiling code for time
Partial profiling
Memory profiling
Summary
19
Debugging
Debugging
Detecting and processing defects
Investigation in production
Understanding the problem in production
Local debugging
Python introspection tools
Debugging with logs
Debugging with breakpoints
Summary
20
Ongoing Architecture
Ongoing Architecture
Adjusting the architecture
Scheduled downtime
Incidents
Load testing
Versioning
Backward compatibility
Feature flags
Teamwork aspects of changes
Summary
21
Other Books You May Enjoy
Other Books You May Enjoy
22
Index
Index

Security aspects of software architecture

An important element to take into consideration when creating an architecture is the security requirements. Not every application is the same, so some can be more relaxed in this aspect than others. For example, a banking application needs to be 100 times more secure than, say, an internet forum for discussing cats. The most common example of this is the storage of passwords. The most naive approach to passwords is to store them, in plain text, associated with a username or email address – say, in a file or a database table. When the user tries to log in, we receive the input password, compare it with the one stored previously, and, if they are the same, we allow the user to log in. Right?

Well, this is a very bad idea, because it can produce serious problems:

  • If an attacker has access to the storage for the application, they'll be able to read the passwords of all the users. Users tend to reuse passwords (even if it's a bad idea), so, paired with their emails, they'll be exposed to attacks on multiple applications, not only the breached one.

This may seem unlikely, but keep in mind that any copy of the data stored is susceptible to attack, including backups.

  • Another real issue is insider threats, workers who may have legitimate access to the system but copy data for nefarious purposes or by mistake. For very sensitive data, this can be a very important consideration.
  • Mistakes like displaying the password of a user in status logs.

To make things secure, data needs to be structured in a way that's as protected as possible from access or even copying, without exposing the real passwords of users. The usual solution to this is to have the following schema:

  1. The password itself is not stored. Instead, a cryptographical hash of the password is stored. This applies a mathematical function to the password and generates a replicable sequence of bits, but the reverse operation is computationally very difficult.
  2. As the hash is deterministic based on the input, a malicious actor could detect duplicated passwords, as their hashes are the same. To avoid this problem, a random sequence of characters, called a salt, is added for each account. This will be added to each password before hashing, meaning two users with the same password but different salts will have different hashes.
  3. Both the resulting hash and the salt are stored.
  4. When a user tries to log in, their input password is added to the salt, and the result is compared with the stored hash. If it's correct, the user is logged in.

Note that in this design, the actual password is unknown to the system. It's not stored anywhere and is only accepted temporarily to compare it with the expected hash, after being processed.

This example is presented in a simplified way. There are multiple ways of using this schema and different ways of comparing a hash. For example, the bcrypt function can be applied multiple times, increasing encryption each time, which can increase the time required to produce a valid hash, making it more resistant to brute-force attacks.

This kind of system is more secure than one that stores the password directly, as the password is not known by the people operating the system, nor is it stored anywhere.

The problem of mistakenly displaying the password of a user in status logs may still happen! Extra care should be taken to make sure that sensitive information is not being logged by mistake.

In certain cases, the same approach as for passwords can be taken to encrypt other stored data, so that only customers can access their own data. For example, you can enable end-to-end encryption for a communication channel.

Security has a very close relationship with the architecture of a system. As we saw before, the architecture defines which aspects are easy and difficult to change and can make some unsafe things impossible to do, like knowing the password of a user, as we described in the previous example. Other options include not storing data from the user to keep privacy or reducing the data exposed in internal APIs, for example. Software security is a very difficult problem and is often a double-edged sword, and trying to make a system more secure can have the side effect of making operations long-winded and inconvenient.

End of Section 6
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete