Robust Contract Evolution in a TypeSafe MicroService Architectures

• Main Authors: Ferrão, L. (Author), Ferreira, C. (Author), Ferreira, P. (Author), Lourenço, H. (Author), Seco, J.C (Author)
• Format: Article
• Language: English
• Published: AOSA Inc. 2020
• Subjects: microservices; service compatibility; software evolution; type safety
• Online Access: View Fulltext in Publisher

 Microservice architectures allow for short deployment cycles and immediate effects, but offer no safety mechanisms for service contracts when they need to be changed. Maintaining the soundness of microservice architectures is an error-prone task that is only accessible to the most disciplined development teams. The strategy to evolve a producer service without disrupting its consumers is often to maintain multiple versions of the same interface and dealing with an explicitly managed handoff period and its inherent disadvantages. We present a microservice management system that statically verifies service interface signatures against their references and supports the seamless evolution of compatible interfaces. We define a compatibility relation΀on types that captures real evolution patterns and embodies known good practices on the evolution of interfaces. Namely, we allow for addition, removal, and renaming of data fields of a producer module without breaking or needing to upgrade consumer services. The evolution of interfaces is supported by runtime generated proxy components that dynamically adapt data exchanged between services to match with the statically checked service code. The model proposed in this paper is instantiated in a core programming language whose semantics is defined by a labelled transition system and a type system that prevents breaking changes from being deployed. Standard soundness results for the core language entail the existence of adapters, and hence ensure the absence of adaptation errors and the correctness of the management model. This adaptive approach allows for gradual deployment of modules, without halting the whole system and avoiding losing or misinterpreting data exchanged between system nodes. Experimental data shows that an average of 57% of deployments that would require adaptation and recompilation are safe under our approach. © João Costa Seco, Paulo Ferreira, Hugo Lourenço, Carla Ferreira, and Lúcio Ferrão.