public/subjects/java/projects/travel-plan/audit/README.md


#### Comprehension

##### Ask the student to describe the microservices architecture implemented.

###### Have you clearly defined the boundaries for each microservice based on business domains?

###### Do your microservices align directly with specific business functions?

###### Are your microservices designed to operate independently of one another?

###### Can each microservice be deployed, updated, and scaled without affecting others?

###### Is your architecture designed to support the independent scalability of each microservice?

###### Does your system maintain functionality even when one or more services fail?

###### Is there an API Gateway in your architecture to manage incoming requests?

###### Can you track and trace a request across multiple services easily?

##### Ask the student to explain one of the Ansible playbook

###### Did he/she clearly explain all the Ansible playbook?

##### Discuss the CI/CD pipeline setup.

###### Are there unit tests for each functionality and are the tests running for each new PR?

###### Is the SonarQube report free from any error or warning that can break the CI/CD Process?

##### Detail the security measures implemented.

###### Were comprehensive security measures like SSL/TLS, secret management, and the principle of least privilege correctly implemented?

##### Ask the student to explain the database schema for PostgreSQL and Neo4j.

###### Did the data structure in PostgreSQL and Neo4j effectively support the application's requirements?

#### Functional

##### Verify the execution of Ansible playbooks.

###### Did the Ansible playbooks execute without errors and configure the environment as intended?

###### Were the playbooks able to handle re-running scenarios without causing disruptions or inconsistencies?

##### Verify Docker and Ansible setup.

###### Were Docker containers and Ansible playbooks set up correctly and functionally?

##### Test each microservice API.

###### Are all the microservices' APIs only accessible when logged in with an Admin profile?

##### Admin should be able to perform CRUD operations for users, travelers and payment methods. For each "entity" try to create, read, update and delete.

###### Is everything working as expected?

###### Are errors handled correctly?

##### Test Authentication and Authorization.

###### Was the authentication service robust and did the role-based access control function correctly?

##### Ask the student to Simulate load on microservices.

###### Did the microservices demonstrate effective load balancing and failover under heavy traffic?

##### Validate CI/CD pipeline and code quality.

###### Did the CI/CD pipeline function correctly for build, test, and deployment processes, and were code quality standards maintained?

##### Assess code review and best practices.

###### Is the code consistent and well-structured?

###### Are all pull requests following naming conventions such as (Camel Case, Pascal Case, ...), Consistency, clarity and descriptiveness?

##### Check SonarQube logs in recent pull requests.

###### Is the log free of warnings about unsupported or deprecated libraries?

###### Are the security vulnerabilities found by SonarQube resolved in the pull requests?

#### Bonus

##### Documentation Quality

###### +Did the students provide clear documentation about the application and the database?

##### Kubernetes Incorporation

###### +Did the students Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities?

##### Additional Bonuses

###### +Did the student add any valuable bonuses and it works fine without any error
docs: addes subject and audit for the travel-plan project (#2282) * docs: addes subject and audit for the travel-plan project * docs: adding more details to the audit and the subject files * docs: fixing typos and adding more details to the audit and the subject files * docs: fixing gammar error and adding ref links * docs: adding more details and improve some questions. * docs: fix typos and adding more details for clarity. * docs: fix typo and removing unnecessary question. * docs: removing unnecessary question. 9 months ago
			`#### Comprehension`

			`##### Ask the student to describe the microservices architecture implemented.`

			`###### Have you clearly defined the boundaries for each microservice based on business domains?`

			`###### Do your microservices align directly with specific business functions?`

			`###### Are your microservices designed to operate independently of one another?`

			`###### Can each microservice be deployed, updated, and scaled without affecting others?`

			`###### Is your architecture designed to support the independent scalability of each microservice?`

			`###### Does your system maintain functionality even when one or more services fail?`

			`###### Is there an API Gateway in your architecture to manage incoming requests?`

			`###### Can you track and trace a request across multiple services easily?`

			`##### Ask the student to explain one of the Ansible playbook`

			`###### Did he/she clearly explain all the Ansible playbook?`

			`##### Discuss the CI/CD pipeline setup.`

			`###### Are there unit tests for each functionality and are the tests running for each new PR?`

			`###### Is the SonarQube report free from any error or warning that can break the CI/CD Process?`

			`##### Detail the security measures implemented.`

			`###### Were comprehensive security measures like SSL/TLS, secret management, and the principle of least privilege correctly implemented?`

			`##### Ask the student to explain the database schema for PostgreSQL and Neo4j.`

			`###### Did the data structure in PostgreSQL and Neo4j effectively support the application's requirements?`

			`#### Functional`

			`##### Verify the execution of Ansible playbooks.`

			`###### Did the Ansible playbooks execute without errors and configure the environment as intended?`

			`###### Were the playbooks able to handle re-running scenarios without causing disruptions or inconsistencies?`

			`##### Verify Docker and Ansible setup.`

			`###### Were Docker containers and Ansible playbooks set up correctly and functionally?`

			`##### Test each microservice API.`

			`###### Are all the microservices' APIs only accessible when logged in with an Admin profile?`

			`##### Admin should be able to perform CRUD operations for users, travelers and payment methods. For each "entity" try to create, read, update and delete.`

			`###### Is everything working as expected?`

			`###### Are errors handled correctly?`

			`##### Test Authentication and Authorization.`

			`###### Was the authentication service robust and did the role-based access control function correctly?`

			`##### Ask the student to Simulate load on microservices.`

			`###### Did the microservices demonstrate effective load balancing and failover under heavy traffic?`

			`##### Validate CI/CD pipeline and code quality.`

			`###### Did the CI/CD pipeline function correctly for build, test, and deployment processes, and were code quality standards maintained?`

			`##### Assess code review and best practices.`

			`###### Is the code consistent and well-structured?`

			`###### Are all pull requests following naming conventions such as (Camel Case, Pascal Case, ...), Consistency, clarity and descriptiveness?`

			`##### Check SonarQube logs in recent pull requests.`

			`###### Is the log free of warnings about unsupported or deprecated libraries?`

			`###### Are the security vulnerabilities found by SonarQube resolved in the pull requests?`

			`#### Bonus`

			`##### Documentation Quality`

			`###### +Did the students provide clear documentation about the application and the database?`

			`##### Kubernetes Incorporation`

			`###### +Did the students Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities?`

			`##### Additional Bonuses`

			`###### +Did the student add any valuable bonuses and it works fine without any error`