mirror of https://github.com/01-edu/public.git
Browse Source
* docs: addes subject and audit for the travel-plan project * docs: adding more details to the audit and the subject files * docs: fixing typos and adding more details to the audit and the subject files * docs: fixing gammar error and adding ref links * docs: adding more details and improve some questions. * docs: fix typos and adding more details for clarity. * docs: fix typo and removing unnecessary question. * docs: removing unnecessary question.pull/2368/head
zanninso
10 months ago
committed by
GitHub
2 changed files with 167 additions and 0 deletions
@ -0,0 +1,69 @@
|
||||
## Travel-Plan |
||||
|
||||
### Objectives |
||||
|
||||
The primary goal of this project is to construct a robust and scalable environment for the Travel Management System and to develop a comprehensive Admin Dashboard that serves as the control center for travel management operations. |
||||
|
||||
### Instructions |
||||
|
||||
This is the first part of the last project and for this part, the students will be asked to build the working environment and implement the admin part to ease the last part of the project. |
||||
|
||||
#### 1. Environment Configuration |
||||
|
||||
##### Configure a Microservices Architecture: |
||||
- Follow industry best practices for scalability and high availability. |
||||
- Implement multiple replicas of each microservice for load balancing and failover mechanisms. |
||||
|
||||
##### Database Installation and Configuration: |
||||
- Set up PostgreSQL and Neo4j databases. |
||||
- Ensure databases are containerized to facilitate scalability and replication. |
||||
|
||||
##### Continuous Integration/Continuous Delivery (CI/CD) Pipeline: |
||||
- Employ Jenkins for CI/CD and unit testing. |
||||
- Employ SonarQube to automate code quality checks |
||||
|
||||
##### Use of Docker and Ansible: |
||||
- Docker to support automated provisioning and deployment of microservices. |
||||
- Ansible for creating playbooks to deploy all system elements consistently and in a scalable way. |
||||
|
||||
##### Logging |
||||
- Implement some sort of logging system to be able to track and trace requests across multiple services. |
||||
|
||||
##### Outcome: |
||||
- Achieve an automated, scalable infrastructure. |
||||
- Prepare the groundwork for Admin Dashboard development and additional features of the Travel Management System. |
||||
|
||||
#### 2. Development and Design |
||||
|
||||
- Craft an Admin Dashboard enabling administrators to oversee users, travels, and payment gateways. |
||||
- The admin should be able to add, edit or delete any user, travel, payment method and all the related parts correctly (think about database cascading update and delete). |
||||
- Ensure each travel entry includes a destination or multiple destinations, dates, duration, activities, accommodation, and transportation details. |
||||
- For the payment methods you can search about it to know what you need to do to support at least [Stripe](https://stripe.com/docs/development) and [PayPal](https://developer.paypal.com/home). |
||||
- Develop an authentication and authorization service to safeguard access and operations to the Admin Dashboard. |
||||
- Design a responsive and intuitive UI for the Admin Dashboard that shows well in different screen sizes, ensuring browser compatibility at least for Mozilla and Chrome. |
||||
- Utilize any beneficial packages to enhance development efficiency, with the expectation to justify package selections during project reviews. |
||||
- Every feature should have its unit tests to ensure the new modifications don't break the code. |
||||
|
||||
|
||||
#### 3. Best Practices & Ecosystem Familiarity |
||||
|
||||
- Adopt a collaborative development workflow using pull requests (PRs) for introducing changes and features. |
||||
- Perform thorough code reviews on each PR to maintain code integrity, security adherence, and best practice compliance. |
||||
- Integrate a CI/CD pipeline via Jenkins for seamless build, test, and deployment workflows of PRs. |
||||
- Ensure all PRs undergo a rigorous review process, securing approval before merging into the main codebase. |
||||
|
||||
#### 4. Security Measures |
||||
|
||||
- Implement SSL/TLS encryption for all data in transit. |
||||
- Ensure databases and services are accessible only within the internal network or via secure, authenticated endpoints. |
||||
- Use secret management tools like HashiCorp Vault to handle sensitive information like API keys and database credentials. |
||||
- Apply the principle of least privilege across all levels of the system, particularly in role-based access controls within the Admin Dashboard. |
||||
- Regularly update all components to patch known vulnerabilities and ensure compliance with security best practices. |
||||
|
||||
### Bonus |
||||
|
||||
- Compose clear and detailed documentation for the application and database schema. |
||||
- Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities. |
||||
- Implement integration and/or E2E tests |
||||
- Any other bonus that adds real value to the project. |
||||
|
@ -0,0 +1,98 @@
|
||||
|
||||
#### Comprehension |
||||
|
||||
##### Ask the student to describe the microservices architecture implemented. |
||||
|
||||
###### Have you clearly defined the boundaries for each microservice based on business domains? |
||||
|
||||
###### Do your microservices align directly with specific business functions? |
||||
|
||||
###### Are your microservices designed to operate independently of one another? |
||||
|
||||
###### Can each microservice be deployed, updated, and scaled without affecting others? |
||||
|
||||
###### Is your architecture designed to support the independent scalability of each microservice? |
||||
|
||||
###### Does your system maintain functionality even when one or more services fail? |
||||
|
||||
###### Is there an API Gateway in your architecture to manage incoming requests? |
||||
|
||||
###### Can you track and trace a request across multiple services easily? |
||||
|
||||
##### Ask the student to explain one of the Ansible playbook |
||||
|
||||
###### Did he/she clearly explain all the Ansible playbook? |
||||
|
||||
##### Discuss the CI/CD pipeline setup. |
||||
|
||||
###### Are there unit tests for each functionality and are the tests running for each new PR? |
||||
|
||||
###### Is the SonarQube report free from any error or warning that can break the CI/CD Process? |
||||
|
||||
##### Detail the security measures implemented. |
||||
|
||||
###### Were comprehensive security measures like SSL/TLS, secret management, and the principle of least privilege correctly implemented? |
||||
|
||||
##### Ask the student to explain the database schema for PostgreSQL and Neo4j. |
||||
|
||||
###### Did the data structure in PostgreSQL and Neo4j effectively support the application's requirements? |
||||
|
||||
#### Functional |
||||
|
||||
##### Verify the execution of Ansible playbooks. |
||||
|
||||
###### Did the Ansible playbooks execute without errors and configure the environment as intended? |
||||
|
||||
###### Were the playbooks able to handle re-running scenarios without causing disruptions or inconsistencies? |
||||
|
||||
##### Verify Docker and Ansible setup. |
||||
|
||||
###### Were Docker containers and Ansible playbooks set up correctly and functionally? |
||||
|
||||
##### Test each microservice API. |
||||
|
||||
###### Are all the microservices' APIs only accessible when logged in with an Admin profile? |
||||
|
||||
##### Admin should be able to perform CRUD operations for users, travelers and payment methods. For each "entity" try to create, read, update and delete. |
||||
|
||||
###### Is everything working as expected? |
||||
|
||||
###### Are errors handled correctly? |
||||
|
||||
##### Test Authentication and Authorization. |
||||
|
||||
###### Was the authentication service robust and did the role-based access control function correctly? |
||||
|
||||
##### Ask the student to Simulate load on microservices. |
||||
|
||||
###### Did the microservices demonstrate effective load balancing and failover under heavy traffic? |
||||
|
||||
##### Validate CI/CD pipeline and code quality. |
||||
|
||||
###### Did the CI/CD pipeline function correctly for build, test, and deployment processes, and were code quality standards maintained? |
||||
|
||||
##### Assess code review and best practices. |
||||
|
||||
###### Is the code consistent and well-structured? |
||||
|
||||
###### Are all pull requests following naming conventions such as (Camel Case, Pascal Case, ...), Consistency, clarity and descriptiveness? |
||||
|
||||
##### Check SonarQube logs in recent pull requests. |
||||
|
||||
###### Is the log free of warnings about unsupported or deprecated libraries? |
||||
|
||||
###### Are the security vulnerabilities found by SonarQube resolved in the pull requests? |
||||
|
||||
#### Bonus |
||||
|
||||
##### Documentation Quality |
||||
|
||||
###### +Did the students provide clear documentation about the application and the database? |
||||
|
||||
##### Kubernetes Incorporation |
||||
|
||||
###### +Did the students Incorporate Kubernetes alongside Ansible to enhance service management, orchestration, and load-balancing capabilities? |
||||
|
||||
##### Additional Bonuses |
||||
|
||||
###### +Did the student add any valuable bonuses and it works fine without any error |
Loading…
Reference in new issue