busya/ss-tools
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bdd376595c4e2c6ddf1815c9e1363218e92124e4
ss-tools/docs/adr/ADR-0003-orchestrator-pattern.md
busya bdd376595c tasks ready
2026-05-08 18:01:49 +03:00

58 lines
4.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# [DEF:ADR-0003:ADR]
# @STATUS ACTIVE
# @PURPOSE Definitively establish ss-tools as a standalone orchestrator service operating *above* Apache Superset environments rather than integrating into them. This is a reposhaping architectural decision that governs deployment topology, security boundary, release cycle independence, and technology stack freedom.
# @RELATION DEPENDS_ON -> [ADR-0001:ADR]
# @RELATION CALLS -> [ADR-0004:ADR]
# @RELATION CALLS -> [ADR-0005:ADR]
# @RATIONALE The core value proposition of ss-tools is multienvironment orchestration: moving dashboards, datasets, and configurations between independent Superset instances (Dev → Stage → Prod). Embedding this logic inside any single Superset instance would immediately create a "master controller" dependency — if that instance fails, all environment management is lost. An external orchestrator treats all Superset instances as equal endpoints.
# @RATIONALE Technology stack mismatch is irreversible: Superset uses Flask + React, ss-tools uses FastAPI + SvelteKit. Integration would require rewriting the entire Svelte frontend into React components and refactoring FastAPI dependency injection into Flask-AppBuilder patterns — a multimonth effort with zero business value and high regression risk.
# @RATIONALE Release cycle independence is nonnegotiable: Superset has a slow, complex release cadence. ss-tools must ship LLM plugins, Git integrations, and backup features on its own schedule without waiting for upstream Superset releases or maintaining a fork with perpetual merge conflicts.
# @RATIONALE Security isolation: ss-tools manages DevOps privileges (deployment, backup, migration) while Superset manages BI privileges (data viewing, chart creation). Mixing these in one system expands the blast radius of any security incident.
# @REJECTED Integration as a Superset plugin/extension — rejected for the four reasons above (orchestrator topology break, 100% frontend rewrite, Superset release cycle coupling, privilege boundary collapse).
# @REJECTED Superset fork with ss-tools baked in — rejected because maintaining a fork requires rebase on every Superset release, creating perpetual merge conflicts and making security patch adoption dangerously slow.
# @REJECTED Shared database with Superset — rejected because it couples ss-tools migrations to Superset's Alembic migration chain, preventing independent schema evolution and creating a single point of failure for both systems.
## Decision
ss-tools operates as a **standalone orchestrator microservice** with these defined boundaries:
### Deployment Topology
```
┌─────────────┐
│ ss-tools │ ← FastAPI + SvelteKit
│ PostgreSQL │ ← Own database
└──────┬──────┘
│ REST API calls
┌───────────────┼───────────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│Superset │ │Superset │ │Superset │
│ (Dev) │ │ (Stage) │ │ (Prod) │
└──────────┘ └──────────┘ └──────────┘
```
### Key Architectural Properties
| Property | Decision |
|----------|----------|
| **Topology** | External orchestrator above all Superset instances |
| **Communication** | Superset REST API (bearer token auth per environment) |
| **Database** | Dedicated PostgreSQL 16 instance (not Superset metadata DB) |
| **Frontend** | SvelteKit SPA (not integrated into Superset UI) |
| **Release cadence** | Independent Docker image releases |
| **Auth** | Own RBAC system with optional ADFS SSO (see ADR-0005) |
| **Plugins** | Own plugin lifecycle (see ADR-0004) |
### Consequences
- **Positive:** Fast independent development, modern stack, no Superset coupling, clear security boundary.
- **Negative:** Users have two separate UIs (Superset for BI, ss-tools for DevOps). Mitigated by consistent UX design and crosslinking.
- **Risk:** API compatibility if Superset changes its REST API. Mitigated by versioned API client with automated compatibility tests.
## Migration from Existing Document
This ADR supersedes and formalizes `docs/architecture_decision_superset_migration.md`. The original document contained the same recommendation and rationale but lacked the `[DEF:id:ADR]` contract structure, making it invisible to the semantic index and decisionmemory audit chain.
# [/DEF:ADR-0003:ADR]
Reference in New Issue View Git Blame Copy Permalink