Summary
Atoti is the data analytics platform developed by ActiveViam especially for financial services organizations. This unique technology meets the specific needs of the industry in ways general-purpose databases and mass-market business intelligence tools do not.
The Financial Services industry is progressively adopting the cloud for use cases Atoti handles. Migrating their solutions to the cloud has brought new challenges to our clients in managing their Atoti applications. To assist them in this process, we have begun development of a new product, Atoti PaaS.
Atoti PaaS is a microservice based kubernetes application. Clients can connect to our UI to configure and manage their Atoti deployments. Allowing all our clients to connect to the same application requires the implementation of a fine-grained permission management system.
Objective
Atoti PaaS is currently in the beta-stage of its development. A simple permission management system has already been implemented to allow some early adopters to test the platform. However before going to production this permission management system needs to be enhanced. The objective of this internship is to:
- Design highly-configurable, fine grained permission management system. Clients need to be able to restrict access to resources and functionality based on users, resource type, resource ID, cloud account, etc.
- Implement the service in Atoti PaaS which will be responsible for managing permissions
- Implement a simple way of applying the restrictions to all the endpoints of Atoti PaaS without needing to manually perform checks on each endpoint
- Implement the UI allowing users to set up these permissions (optional depending on remaining time)
Technical Stack
Atoti PaaS is a microservice based application deployed with kubernetes. The microservices are implemented using Python and FastAPI. The UI is a React/Typescript application. Traffic inside the kubernetes application is routed using Ambassador Edge Stack. Ambassador also handles setting authentication on requests before they are forwarded to the relevant kubernetes services.