Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: addes subject and audit for the travel-plan project #2282

Merged
merged 8 commits into from
Jan 4, 2024
69 changes: 69 additions & 0 deletions subjects/java/projects/travel-plan/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
## Travel-Plan

### Objectives

The primary goal of this project is to construct a robust and scalable environment for the Travel Management System and to develop a comprehensive Admin Dashboard that serves as the control center for travel management operations.

### Instructions

This is the first part of the last project and for this part, the students will be asked to build the working environment and implement the admin part to ease the last part of the project.

#### 1. Environment Configuration
nprimo marked this conversation as resolved.
Show resolved Hide resolved

##### Configure a Microservices Architecture:
- Follow industry best practices for scalability and high availability.
- Implement multiple replicas of each microservice for load balancing and failover mechanisms.

##### Database Installation and Configuration:
- Set up PostgreSQL and Neo4j databases.
- Ensure databases are containerized to facilitate scalability and replication.

##### Continuous Integration/Continuous Delivery (CI/CD) Pipeline:
- Employ Jenkins for CI/CD and unit testing.
- Employ SonarQube to automate code quality checks

##### Use of Docker and Ansible:
- Docker to support automated provisioning and deployment of microservices.
- Ansible for creating playbooks to deploy all system elements consistently and in a scalable way.

##### Logging
- Implement some sort of logging system to be able to track and trace requests across multiple services.

##### Outcome:
- Achieve an automated, scalable infrastructure.
- Prepare the groundwork for Admin Dashboard development and additional features of the Travel Management System.

#### 2. Development and Design
nprimo marked this conversation as resolved.
Show resolved Hide resolved

- Craft an Admin Dashboard enabling administrators to oversee users, travels, and payment gateways.
- The admin should be able to add, edit or delete any user, travel, payment method and all the related parts correctly (think about database cascading update and delete).
- Ensure each travel entry includes a destination or multiple destinations, dates, duration, activities, accommodation, and transportation details.
- For the payment methods you can search about it to know what you need to do to support at least [Stripe](https://stripe.com/docs/development) and [PayPal](https://developer.paypal.com/home).
- Develop an authentication and authorization service to safeguard access and operations to the Admin Dashboard.
- Design a responsive and intuitive UI for the Admin Dashboard that shows well in different screen sizes, ensuring browser compatibility at least for Mozilla and Chrome.
- Utilize any beneficial packages to enhance development efficiency, with the expectation to justify package selections during project reviews.
- Every feature should have its unit tests to ensure the new modifications don't break the code.


#### 3. Best Practices & Ecosystem Familiarity

- Adopt a collaborative development workflow using pull requests (PRs) for introducing changes and features.
- Perform thorough code reviews on each PR to maintain code integrity, security adherence, and best practice compliance.
- Integrate a CI/CD pipeline via Jenkins for seamless build, test, and deployment workflows of PRs.
- Ensure all PRs undergo a rigorous review process, securing approval before merging into the main codebase.

#### 4. Security Measures

- Implement SSL/TLS encryption for all data in transit.
- Ensure databases and services are accessible only within the internal network or via secure, authenticated endpoints.
- Use secret management tools like HashiCorp Vault to handle sensitive information like API keys and database credentials.
- Apply the principle of least privilege across all levels of the system, particularly in role-based access controls within the Admin Dashboard.
- Regularly update all components to patch known vulnerabilities and ensure compliance with security best practices.

### Bonus

- Compose clear and detailed documentation for the application and database schema.
- Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities.
- Implement integration and/or E2E tests
- Any other bonus that adds real value to the project.

98 changes: 98 additions & 0 deletions subjects/java/projects/travel-plan/audit/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@

#### Comprehension

##### Ask the student to describe the microservices architecture implemented.

###### Have you clearly defined the boundaries for each microservice based on business domains?

###### Do your microservices align directly with specific business functions?

###### Are your microservices designed to operate independently of one another?

###### Can each microservice be deployed, updated, and scaled without affecting others?

###### Is your architecture designed to support the independent scalability of each microservice?

###### Does your system maintain functionality even when one or more services fail?

###### Is there an API Gateway in your architecture to manage incoming requests?
nprimo marked this conversation as resolved.
Show resolved Hide resolved

###### Can you track and trace a request across multiple services easily?
nprimo marked this conversation as resolved.
Show resolved Hide resolved

##### Ask the student to explain one of the Ansible playbook

###### Did he/she clearly explain all the Ansible playbook?

##### Discuss the CI/CD pipeline setup.

###### Are there unit tests for each functionality and are the tests running for each new PR?

###### Is the SonarQube report free from any error or warning that can break the CI/CD Process?

##### Detail the security measures implemented.

###### Were comprehensive security measures like SSL/TLS, secret management, and the principle of least privilege correctly implemented?

##### Ask the student to explain the database schema for PostgreSQL and Neo4j.

###### Did the data structure in PostgreSQL and Neo4j effectively support the application's requirements?

#### Functional

##### Verify the execution of Ansible playbooks.
nprimo marked this conversation as resolved.
Show resolved Hide resolved

###### Did the Ansible playbooks execute without errors and configure the environment as intended?

###### Were the playbooks able to handle re-running scenarios without causing disruptions or inconsistencies?
nprimo marked this conversation as resolved.
Show resolved Hide resolved

##### Verify Docker and Ansible setup.

###### Were Docker containers and Ansible playbooks set up correctly and functionally?

##### Test each microservice API.
nprimo marked this conversation as resolved.
Show resolved Hide resolved

###### Are all the microservices' APIs only accessible when logged in with an Admin profile?

##### Admin should be able to perform CRUD operations for users, travelers and payment methods. For each "entity" try to create, read, update and delete.

###### Is everything working as expected?

###### Are errors handled correctly?

##### Test Authentication and Authorization.

###### Was the authentication service robust and did the role-based access control function correctly?

##### Ask the student to Simulate load on microservices.
nprimo marked this conversation as resolved.
Show resolved Hide resolved

###### Did the microservices demonstrate effective load balancing and failover under heavy traffic?

##### Validate CI/CD pipeline and code quality.

###### Did the CI/CD pipeline function correctly for build, test, and deployment processes, and were code quality standards maintained?

##### Assess code review and best practices.

###### Is the code consistent and well-structured?

###### Are all pull requests following naming conventions such as (Camel Case, Pascal Case, ...), Consistency, clarity and descriptiveness?

##### Check SonarQube logs in recent pull requests.

###### Is the log free of warnings about unsupported or deprecated libraries?

###### Are the security vulnerabilities found by SonarQube resolved in the pull requests?

#### Bonus

##### Documentation Quality

###### +Did the students provide clear documentation about the application and the database?

##### Kubernetes Incorporation

###### +Did the students Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities?

##### Additional Bonuses

###### +Did the student add any valuable bonuses and it works fine without any error
Loading