add srs and sds documents
This commit is contained in:
Othman H. Suseno
143
srs-sds/SRS_v1.md
Normal file
143
srs-sds/SRS_v1.md
Normal file
@@ -0,0 +1,143 @@
|
||||
# Cloud Infrastructure Management Platform
|
||||
## Software Requirements Specification (SRS)
|
||||
**Version: 1.0 (V1 – Enterprise Foundation)**
|
||||
|
||||
---
|
||||
|
||||
## 1. Purpose & Vision
|
||||
|
||||
This document defines the Software Requirements Specification (SRS) for the Cloud Infrastructure Management Platform (CIMP).
|
||||
|
||||
The platform is designed to deliver enterprise-grade, IaaS-like cloud capabilities inspired by AWS, GCP, and Azure, primarily targeting private and managed cloud environments.
|
||||
|
||||
Version 1 focuses on strong architectural foundations, governance, and security, while maintaining a controlled and achievable feature scope.
|
||||
|
||||
---
|
||||
|
||||
## 2. Target Users & Roles
|
||||
|
||||
### 2.1 Tenant Roles
|
||||
- Tenant Owner
|
||||
- Project Admin
|
||||
- Project Operator
|
||||
- Project Viewer
|
||||
|
||||
### 2.2 Provider / Operator Roles
|
||||
- Cloud Operator
|
||||
- Infrastructure Administrator
|
||||
- Security / Audit Administrator
|
||||
- Break-glass Super Administrator
|
||||
|
||||
---
|
||||
|
||||
## 3. Scope Definition
|
||||
|
||||
### 3.1 In Scope (V1)
|
||||
- Multi-tenant and multi-project architecture
|
||||
- Identity and Access Management (RBAC)
|
||||
- Compute service (Virtual Machine lifecycle)
|
||||
- Basic virtual networking
|
||||
- Basic storage service (block or object)
|
||||
- Asynchronous job execution
|
||||
- Audit logging (append-only)
|
||||
- Usage metering and reporting
|
||||
- Provider / operations management console
|
||||
|
||||
### 3.2 Out of Scope (V1)
|
||||
- Public cloud federation
|
||||
- Auto-scaling and elasticity
|
||||
- Kubernetes and container orchestration
|
||||
- Application marketplace
|
||||
- Billing or payment gateway
|
||||
- Advanced SDN automation (BGP / EVPN)
|
||||
|
||||
---
|
||||
|
||||
## 4. Functional Requirements
|
||||
|
||||
### 4.1 Identity & Access Management
|
||||
- The system SHALL support Organizations (Tenants), Projects, Users, Roles, and Role Bindings.
|
||||
- The system SHALL enforce strict separation between tenant and provider scopes.
|
||||
- The system SHALL use token-based API authentication.
|
||||
- The system SHOULD be extensible to support external Identity Providers (OIDC).
|
||||
|
||||
---
|
||||
|
||||
### 4.2 Project & Resource Management
|
||||
- Tenants SHALL be able to create and manage projects.
|
||||
- Projects SHALL support quota assignment.
|
||||
- Every resource SHALL belong to exactly one project.
|
||||
- All resources SHALL include ownership and lifecycle metadata.
|
||||
|
||||
---
|
||||
|
||||
### 4.3 Compute Service
|
||||
- Tenants SHALL be able to create Virtual Machines from predefined images.
|
||||
- The system SHALL support start, stop, reboot, and delete operations.
|
||||
- VM provisioning SHALL be asynchronous.
|
||||
- VM lifecycle states SHALL be exposed through the API.
|
||||
|
||||
---
|
||||
|
||||
### 4.4 Network Service
|
||||
- Tenants SHALL be able to create virtual networks per project.
|
||||
- Virtual networks SHALL enforce isolation between projects.
|
||||
- Virtual machines SHALL be attachable to one or more virtual networks.
|
||||
|
||||
---
|
||||
|
||||
### 4.5 Storage Service
|
||||
- Tenants SHALL be able to create storage volumes or object buckets.
|
||||
- Storage resources SHALL be attachable to compute resources where applicable.
|
||||
- Snapshot functionality MAY be supported depending on backend capability.
|
||||
|
||||
---
|
||||
|
||||
### 4.6 Job & Workflow Management
|
||||
- All infrastructure-impacting operations SHALL be executed via an asynchronous job system.
|
||||
- Each job SHALL return a job identifier.
|
||||
- Job execution status SHALL be queryable.
|
||||
|
||||
---
|
||||
|
||||
### 4.7 Audit Logging
|
||||
- The system SHALL record all control-plane actions.
|
||||
- Audit logs SHALL include actor, action, target resource, timestamp, and result.
|
||||
- Audit logs SHALL be immutable and append-only.
|
||||
|
||||
---
|
||||
|
||||
### 4.8 Metering & Reporting
|
||||
- The system SHALL collect usage metrics for compute, network, and storage.
|
||||
- Usage reports SHALL be generated per project and tenant.
|
||||
- Billing integration is out of scope for V1.
|
||||
|
||||
---
|
||||
|
||||
### 4.9 Provider / Operations Management
|
||||
- Operators SHALL be able to onboard infrastructure clusters.
|
||||
- Operators SHALL be able to define global policies and catalogs.
|
||||
- Operators SHALL have visibility into tenant activities for auditing and troubleshooting.
|
||||
|
||||
---
|
||||
|
||||
## 5. Non-Functional Requirements
|
||||
|
||||
### 5.1 Security
|
||||
- RBAC enforcement at the API layer.
|
||||
- Encryption for sensitive data at rest.
|
||||
- Full auditability of administrative actions.
|
||||
|
||||
### 5.2 Availability
|
||||
- Control plane services SHALL be stateless.
|
||||
- The system SHALL tolerate service restarts without data loss.
|
||||
|
||||
### 5.3 Scalability
|
||||
- Horizontal scalability for API services.
|
||||
- Asynchronous processing for long-running tasks.
|
||||
|
||||
### 5.4 Maintainability
|
||||
- Modular service architecture.
|
||||
- Clear separation between control plane and data plane.
|
||||
|
||||
---
|
||||
Reference in New Issue
Block a user