Data Integrity in Distributed Systems
In a microservice architecture, you can get dependencies that impose restrictions on the services used.
For example, letās considera car rental serviceĀ that uses the database per service principle:
-
GeoareasĀ microserviceĀ owns data about different geographic polygons ā cities, and regions. The schema looks like this:Ā {id, geometry}
-
TariffsĀ microservice, in turn, manages the data of the rental price. Schema looks something like this:Ā {id, geoarea_id, price_per_minute}. It has a dependence onĀ the Geoareas microservice.
At some point, we need to delete an object fromĀ the Geoareas microserviceĀ ā call the endpoint:
DELETE /geoarea?id={id}.
This can lead to a number of problems, even including the inaccessibility of the service, since we still have tariffs referencing a removed geoarea.
An unpleasant dependence appears: in order to remove a geoarea fromĀ GeoareasĀ you need to make a request toĀ TariffsĀ at the time of removal to check which tariff depends on it. (sorry for this)
Dangerous cohesion appears ā with this approach, in the future,Ā GeoareasĀ will send requests to all microservices where geoareas are used.
By the way, databases haveĀ
1. Webhooks
The option implies creating a unified webhook mechanism in the microservice. The microservice will execute these hooks before modifying the object. If at least one hook fails, then action on the object is impossible.
An example of such a webhook would be a request for a third-party microservice with a predefined API.
For our example, the webhook inthe Geoareas microserviceĀ would look like this:
WEBHOOK target=āpre-deleteā action=āPOST tariffs/check_delete?geoarea_id={id}ā
InĀ the Tariffs microservice, respectively, you need to implement endpointĀ /check_deleteĀ to check that the zone can be deleted andĀ that the Tariffs microserviceĀ āis not againstā.
The uniformity of these hooks makes them easy to configure on the fly. When a new microservice that usesĀ GeoareasĀ appears, add a new check to the list of hooks.
Thus,Ā GeoareasĀ supports the mechanism of unified webhooks but knows nothing about what kind of business logic is behind these hooks.
2. Reference Counting
In this option, we will keep an eye on who usesĀ Geoareas.
Extending the API of our microservice with these new endpoints:
POST /hold?geoarea_id={id}&holder={holder}
POST /release?geoarea_id={id}&holder={holder}
Thus, if we want to create a new tariff in a zone, then before that we need to block this zone inĀ the Geoareas microservice, for example:
POST /hold?
geoarea_id=moscow&holder=tariffs_tariffmoscow1
Next to geoareas inĀ the Geoareas microservice, we store a list of those who āholdā these zones.
When trying to delete a geoarea, we check the list of holders and do not allow deleting if the list is not empty.
If the tariff that holds the geoarea is deleted, then after it is deleted, you need to release the lock, for example:
/release?geoarea_id=moscow&holder=tariffs_tariffmoscow1
Also published here.