From 8be44ec001a8aca78a352169bead930b5ecc5eb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=C3=B6tzinger?= Date: Fri, 8 Sep 2017 22:53:55 +0200 Subject: [PATCH] Copy items that are not faded out --- radar/2017-10-01/akeneo.md | 18 ++++++++++ radar/2017-10-01/akka.md | 12 +++++++ radar/2017-10-01/angular-2.md | 16 +++++++++ radar/2017-10-01/ant.md | 9 +++++ radar/2017-10-01/anypoint-platform.md | 13 +++++++ radar/2017-10-01/api-first-design-approach.md | 18 ++++++++++ radar/2017-10-01/artifactory.md | 20 +++++++++++ radar/2017-10-01/aws-lambda.md | 9 +++++ radar/2017-10-01/babel.md | 35 ++++++++++++++++++ radar/2017-10-01/bower.md | 12 +++++++ radar/2017-10-01/client-side-error-logging.md | 12 +++++++ radar/2017-10-01/container-based-builds.md | 12 +++++++ radar/2017-10-01/dagger.md | 10 ++++++ ...decoupling-infrastructure-via-messaging.md | 9 +++++ radar/2017-10-01/devops-practices.md | 36 +++++++++++++++++++ radar/2017-10-01/docker.md | 18 ++++++++++ radar/2017-10-01/elasticsearch.md | 9 +++++ radar/2017-10-01/elk-stack.md | 16 +++++++++ radar/2017-10-01/evil-user-stories.md | 15 ++++++++ radar/2017-10-01/explicit-test-strategy.md | 21 +++++++++++ radar/2017-10-01/galen.md | 14 ++++++++ radar/2017-10-01/gatlin.md | 17 +++++++++ radar/2017-10-01/go-lang.md | 18 ++++++++++ radar/2017-10-01/gradle.md | 13 +++++++ radar/2017-10-01/groovy.md | 10 ++++++ radar/2017-10-01/grunt.md | 25 +++++++++++++ radar/2017-10-01/hal-hateoas.md | 24 +++++++++++++ radar/2017-10-01/hystrix.md | 17 +++++++++ radar/2017-10-01/infrastructure-as-code.md | 12 +++++++ radar/2017-10-01/jest.md | 18 ++++++++++ radar/2017-10-01/job-dsl.md | 11 ++++++ radar/2017-10-01/keycloak.md | 17 +++++++++ radar/2017-10-01/kubernetes.md | 10 ++++++ radar/2017-10-01/microservices.md | 23 ++++++++++++ radar/2017-10-01/node-js.md | 18 ++++++++++ radar/2017-10-01/npm.md | 26 ++++++++++++++ radar/2017-10-01/pin-external-dependencies.md | 22 ++++++++++++ radar/2017-10-01/pipeline-as-code.md | 12 +++++++ radar/2017-10-01/play-framework.md | 16 +++++++++ radar/2017-10-01/postcss.md | 18 ++++++++++ radar/2017-10-01/protobuf.md | 14 ++++++++ radar/2017-10-01/puppet-environments.md | 22 ++++++++++++ radar/2017-10-01/rabbitmq.md | 15 ++++++++ radar/2017-10-01/raml.md | 12 +++++++ radar/2017-10-01/react.md | 24 +++++++++++++ radar/2017-10-01/redux.md | 14 ++++++++ radar/2017-10-01/resilience-thinking.md | 20 +++++++++++ radar/2017-10-01/rest-assured.md | 12 +++++++ radar/2017-10-01/rxjava.md | 8 +++++ radar/2017-10-01/sass.md | 30 ++++++++++++++++ radar/2017-10-01/scala-lang.md | 14 ++++++++ radar/2017-10-01/settings-injection.md | 11 ++++++ radar/2017-10-01/spock_geb.md | 18 ++++++++++ radar/2017-10-01/spring-boot.md | 16 +++++++++ radar/2017-10-01/spring-rest-docs.md | 9 +++++ .../strategic-domain-driven-design.md | 19 ++++++++++ .../styleguide-driven-development.md | 13 +++++++ radar/2017-10-01/symfony-components.md | 10 ++++++ radar/2017-10-01/typescript.md | 22 ++++++++++++ radar/2017-10-01/vue.md | 12 +++++++ radar/2017-10-01/webpack.md | 26 ++++++++++++++ radar/2017-10-01/wiremock.md | 15 ++++++++ radar/2017-10-01/xmlunit.md | 9 +++++ 63 files changed, 1026 insertions(+) create mode 100644 radar/2017-10-01/akeneo.md create mode 100644 radar/2017-10-01/akka.md create mode 100644 radar/2017-10-01/angular-2.md create mode 100644 radar/2017-10-01/ant.md create mode 100644 radar/2017-10-01/anypoint-platform.md create mode 100644 radar/2017-10-01/api-first-design-approach.md create mode 100644 radar/2017-10-01/artifactory.md create mode 100644 radar/2017-10-01/aws-lambda.md create mode 100644 radar/2017-10-01/babel.md create mode 100644 radar/2017-10-01/bower.md create mode 100644 radar/2017-10-01/client-side-error-logging.md create mode 100644 radar/2017-10-01/container-based-builds.md create mode 100644 radar/2017-10-01/dagger.md create mode 100644 radar/2017-10-01/decoupling-infrastructure-via-messaging.md create mode 100644 radar/2017-10-01/devops-practices.md create mode 100644 radar/2017-10-01/docker.md create mode 100644 radar/2017-10-01/elasticsearch.md create mode 100644 radar/2017-10-01/elk-stack.md create mode 100644 radar/2017-10-01/evil-user-stories.md create mode 100644 radar/2017-10-01/explicit-test-strategy.md create mode 100644 radar/2017-10-01/galen.md create mode 100644 radar/2017-10-01/gatlin.md create mode 100644 radar/2017-10-01/go-lang.md create mode 100644 radar/2017-10-01/gradle.md create mode 100644 radar/2017-10-01/groovy.md create mode 100644 radar/2017-10-01/grunt.md create mode 100644 radar/2017-10-01/hal-hateoas.md create mode 100644 radar/2017-10-01/hystrix.md create mode 100644 radar/2017-10-01/infrastructure-as-code.md create mode 100644 radar/2017-10-01/jest.md create mode 100644 radar/2017-10-01/job-dsl.md create mode 100644 radar/2017-10-01/keycloak.md create mode 100644 radar/2017-10-01/kubernetes.md create mode 100644 radar/2017-10-01/microservices.md create mode 100644 radar/2017-10-01/node-js.md create mode 100644 radar/2017-10-01/npm.md create mode 100644 radar/2017-10-01/pin-external-dependencies.md create mode 100644 radar/2017-10-01/pipeline-as-code.md create mode 100644 radar/2017-10-01/play-framework.md create mode 100644 radar/2017-10-01/postcss.md create mode 100644 radar/2017-10-01/protobuf.md create mode 100644 radar/2017-10-01/puppet-environments.md create mode 100644 radar/2017-10-01/rabbitmq.md create mode 100644 radar/2017-10-01/raml.md create mode 100644 radar/2017-10-01/react.md create mode 100644 radar/2017-10-01/redux.md create mode 100644 radar/2017-10-01/resilience-thinking.md create mode 100644 radar/2017-10-01/rest-assured.md create mode 100644 radar/2017-10-01/rxjava.md create mode 100644 radar/2017-10-01/sass.md create mode 100644 radar/2017-10-01/scala-lang.md create mode 100644 radar/2017-10-01/settings-injection.md create mode 100644 radar/2017-10-01/spock_geb.md create mode 100644 radar/2017-10-01/spring-boot.md create mode 100644 radar/2017-10-01/spring-rest-docs.md create mode 100644 radar/2017-10-01/strategic-domain-driven-design.md create mode 100644 radar/2017-10-01/styleguide-driven-development.md create mode 100644 radar/2017-10-01/symfony-components.md create mode 100644 radar/2017-10-01/typescript.md create mode 100644 radar/2017-10-01/vue.md create mode 100644 radar/2017-10-01/webpack.md create mode 100644 radar/2017-10-01/wiremock.md create mode 100644 radar/2017-10-01/xmlunit.md diff --git a/radar/2017-10-01/akeneo.md b/radar/2017-10-01/akeneo.md new file mode 100644 index 0000000..e484805 --- /dev/null +++ b/radar/2017-10-01/akeneo.md @@ -0,0 +1,18 @@ +--- +title: "Akeneo" +ring: assess +quadrant: tools + +--- + +Akeneo is a Product Information Management system (also known as PIM, PCM or Product MDM) and helps centralize and harmonize all the technical and marketing information of products. + +We use Akeneo with success in our projects and products (For example in OM3), where it is responsible for: + +- Keeping product data separate from other applications - such as E-Commerce systems +- Managing livecycles of products and managing product portfolios with their category structures +- Managing attributes and families and therefore acting as attribute master for the suite + +The system has a modern and friendly user interface and product managers find things such as completenesscheck, translation views and mass editing very helpful. + +With delta export and import capabilities and the usage of Mongo DB as persitence backend, the performance is acceptable. We miss a richer API - but the system is extendable and based on PHP/Symfony 2. diff --git a/radar/2017-10-01/akka.md b/radar/2017-10-01/akka.md new file mode 100644 index 0000000..dd83dcd --- /dev/null +++ b/radar/2017-10-01/akka.md @@ -0,0 +1,12 @@ +--- +title: "Akka" +ring: trial +quadrant: languages-and-frameworks + +--- +With the growing adoption of microservice-based architecures, the interest in frameworks and tools that make building systems that follow the reactive manifesto possible has increased. + +Akka provides you a toolkit and runtime based on the Actor model known from Erlang to reach this goal. + +It's one of the most-adopted toolkits in its space with its key contributors beeing heavily involved in the overall movement of the reactive community as well. +At AOE, we use Akka when we need high-performance, efficient data processing or where its finite state machine plays nicely with the domain of the application. It is worth mentioning that the actor model might come with extra complexity and therefore should be used in problem spaces where the advantages of this approach bring enough value and no accidental complexity. diff --git a/radar/2017-10-01/angular-2.md b/radar/2017-10-01/angular-2.md new file mode 100644 index 0000000..04be7c3 --- /dev/null +++ b/radar/2017-10-01/angular-2.md @@ -0,0 +1,16 @@ +--- +title: "Angular 2" +ring: assess +quadrant: languages-and-frameworks + +--- + +The latest version of the Angular Framework, which is used for large single-page applications. + +[Angular 2](https://angular.io/) is a complete rewrite of Angular 1 — many things have changed compared to the first version. The latest best practices and toolings from the JavaScript community have found their way into Angular2. + +It supports DI (dependency injection), it has a clean inheritance and a good separation of concerns. Angular2 follows the [web component standards](https://www.w3.org/standards/techs/components#w3c_all) to avoid negative side effects between components. + +We think that Angular2+ is well-structured on both a development and an application level. + +When talking about Angular2, we must consider the [angular.cli](https://cli.angular.io/) as well, which provides a huge level of intelligent automation along the development process and project setup. diff --git a/radar/2017-10-01/ant.md b/radar/2017-10-01/ant.md new file mode 100644 index 0000000..e452578 --- /dev/null +++ b/radar/2017-10-01/ant.md @@ -0,0 +1,9 @@ +--- +title: "Ant" +ring: hold +quadrant: tools + +--- +Apache Ant was build in 1997 to have something like Make in the C/C++ world for Java. Ant uses xml files to describe steps required to produce executable artifacts from source code. The main concepts of tasks and targets are programmable in an imperative style. + +Apache Ant was and is widely used by large software projects. Our recommendation is to stop using Apache Ant for new projects. If you are free to choose, we recommend Gradle as an Apache Ant replacement. diff --git a/radar/2017-10-01/anypoint-platform.md b/radar/2017-10-01/anypoint-platform.md new file mode 100644 index 0000000..5c9ae8f --- /dev/null +++ b/radar/2017-10-01/anypoint-platform.md @@ -0,0 +1,13 @@ +--- +title: "Anypoint platform" +ring: trial +quadrant: tools + +--- +Anypoint platform (formally known as Mule or Mule ESB) is an Enterprise Integration Platform written in Java. + +Anypoint provide tools to use Enterprise Integration Patterns (EAI) and has a high number of ready-to-use connectors to communicate with software tools such as SAP, Salesforce, etc. + +Anypoint Community Version is Open Source and contribution is possible. The platform is pluggable with own connectors. Mulesoft is also driving the [raml](/tools/raml.html) specification and related Open Source tools. + +AOE is a Mulesoft Partner and we use both the Community and Enterprise Versions of Anypoint. We use Anypoint as an API Gateway to combine and transform data from multiple backends. We use it as ESB or Integration platform for loose coupling of software components. And we also use it as legacy modernization to provide modern APIs for legacy- or foreign software. diff --git a/radar/2017-10-01/api-first-design-approach.md b/radar/2017-10-01/api-first-design-approach.md new file mode 100644 index 0000000..ca4eb04 --- /dev/null +++ b/radar/2017-10-01/api-first-design-approach.md @@ -0,0 +1,18 @@ +--- +title: "API-First Design Approach" +ring: trial +quadrant: methods-and-patterns + +--- + +The API-First Design Approach puts the API design at the beginning of the implementation without any constraints, for example, from the current IT infrastructure or the implementation itself. The idea is to design the API in a way that it serves its purpose best and the consumers are enabled to work efficiently. + +There are several advantages to this approach. For example, it can help to avoid reflecting the internal structure of the application or any internal constraints. Furthermore, as one of the most important design aspects is consistency, one can define features such as the behavior of security, URL schemes, and API keys upfront. It also helps speed up parallel implementation. A team that consumes the API can start working directly after the API design because it can easily be mocked. + +There are several tools for modelling an API, but here at AOE we mainly use [RAML](/tools/raml.html) as it provides a rich set of tools for generating documentation, mocking and more. For mocking we use [Wiremock](/tools/wiremock.html), for example. + +Related to the "API-First" approach is the "Headless" approach where an existing application (with or without existing API) is used as a backend for a separate frontend. We used this with sucess for Magento-based E-Commerce platforms. This allows encapsulating the core features of that application, while integrating it into a larger landscape of components using its API as a unified way to interact between components. Decoupling the core logic from its presentation layer allows picking the best technology stack for the various parts independently. + +For further reading see: +* [Understanding API First Design](https://www.programmableweb.com/api-university/understanding-api-first-design) +* [When crafting your API strategy, put design first](http://www.techradar.com/news/software/applications/when-crafting-your-api-strategy-put-design-first-1262043?src=rss&attr=all) diff --git a/radar/2017-10-01/artifactory.md b/radar/2017-10-01/artifactory.md new file mode 100644 index 0000000..aa6479b --- /dev/null +++ b/radar/2017-10-01/artifactory.md @@ -0,0 +1,20 @@ +--- +title: "Artifactory" +ring: trial +quadrant: platforms-and-aoe-services + +--- +JFrog [Artifactory ](https://www.jfrog.com/open-source/)is a software tool, which, in the end, manages and stores (binary) artifacts. +In addition to storage, it provides a managing interface, which also allows to store build information, properties as well as dependencies per artifact which are organized within repositories. A fine grained security system enables easy management of which artifacts are available to whom. +The artifacts are exposed via an HTTP(S)-Url Artifactory, which can generate package-manager compatible manifests for the repositories. AOE utilizes Artifactory to serve Maven, Apt, Npm, Composer and Docker Repositories. + +In addition to storing own assets, Artifactory is able to proxy remote Repository for and cache resolved artifacts locally. +This results in an increased build performance and decouples builds from external service dependencies and ensures builds still work even if they utilize outdated dependencies that might not be publicly available anymore. + +Artifactory provides a powerful REST-API for managing Artifacts including a powerful search AQL. It is utilized to provide complex release processes based on QA-Attributes on an artifact level. + +Artifactory at AOE currently comes with some problems, too: +* Cleanup in Artifactory has to be done manually. Therefore, if every build is pushed to Artifactory it currently pollutes disk space since old or unused versions are never removed. +* The Composer Integration mirroring github proves to be slower than directly connecting to github. + +AOE is using the Professional version for a central instance that can be used by different teams. We encourage teams to use Artifactory instead of Jenkins to store and manage build artifacts - and to take care of cleaning up old artifacts automatically. diff --git a/radar/2017-10-01/aws-lambda.md b/radar/2017-10-01/aws-lambda.md new file mode 100644 index 0000000..0a7fbd8 --- /dev/null +++ b/radar/2017-10-01/aws-lambda.md @@ -0,0 +1,9 @@ +--- +title: "AWS Lambda" +ring: trial +quadrant: platforms-and-aoe-services + +--- +AWS Lambda is one of the exciting new "cloud-native" / serverless ways to run code without worrying about infrastructure. While it is possible to directly respond to web requests using the API Gateway, our teams are currently using AWS Lambda mostly for tasks outside the critical path. As a custom resource for CloudFormation, it allows us to manage all aspects of a deployment in an elegant way by simply deploying a new CloudFormation stack. Baking AMIs and doing green/blue switches are only two of the many use cases where AWS Lambda comes in very handy. + +In addition to deployment automation, we're using AWS Lambda to process incoming data. Being able to respond to events from various sources such as S3 Buckets, SNS topics, Kinesis streams and HTTP endpoints it's a perfect match to process, transform and forward incoming data in near-realtime at a fraction of the cost of running an ESB. diff --git a/radar/2017-10-01/babel.md b/radar/2017-10-01/babel.md new file mode 100644 index 0000000..24c6f7a --- /dev/null +++ b/radar/2017-10-01/babel.md @@ -0,0 +1,35 @@ +--- +title: "Babel" +ring: trial +quadrant: languages-and-frameworks + +--- + +[Babel](https://babeljs.io/) gives you the possibility to use the latest features from JavaScript ([ECMAScript](https://en.wikipedia.org/wiki/ECMAScript)) in the browser of your choice. + +Without Babel in the backbone; you had to use the feature set of your oldest browser or use feature detections such as [modernizr](https://modernizr.com/) or write polyfills on your own. + +In general, Babel is split in 2 ways to bring you the new goodies you want. + +1. New syntax will be compiled to old EcmaScript 5 code e.g.: + + * [arrow-functions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/Arrow_functions) + * [generators](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Generator) + * [destructing](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Destructuring_assignment) + * [template literals](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals) + * [...](https://babeljs.io/learn-es2015/) +2. New globals and functions are provided by [babel-polyfill](http://babeljs.io/docs/usage/polyfill/) e.g.: + + * [Promise](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise) + * [Array.find](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/find) + * [Array.includes](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/includes) + * [...](https://github.com/zloirock/core-js#index) + +The configuration is really simple due to the [plugin system](http://babeljs.io/docs/plugins/). You can choose which ECMAScript version and [stage presets](http://babeljs.io/docs/plugins/) you want to use. + +* for the latest ECMAScript version use [babel-preset-latest](https://babeljs.io/docs/plugins/preset-latest/) +* for version 2015 only use [babel-preset-2015](https://babeljs.io/docs/plugins/preset-es2015/) + +To know what you need you can practice ECMAScript 6 by doing it with [es6katas](http://es6katas.org/) and ask [caniuse](http://caniuse.com/). + +If you are using [TypeScript](/languages-and-frameworks/typescript.html), Babel is not necessary since you already get the new features with TypeScript. \ No newline at end of file diff --git a/radar/2017-10-01/bower.md b/radar/2017-10-01/bower.md new file mode 100644 index 0000000..2ad9356 --- /dev/null +++ b/radar/2017-10-01/bower.md @@ -0,0 +1,12 @@ +--- +title: "Bower" +ring: hold +quadrant: tools + +--- + +[Bower](https://bower.io/) is a package manager for frontend resources such as JavaScript libraries and CSS frameworks. Compared to [npm](https://www.npmjs.com/), it has a somewhat different approach to loading and resolving the packages, resulting in a smaller and cleaner folder structure. + +In small web projects, this approach is good and sufficient, but larger projects will need more dependencies such as task runners or testing frameworks, which are not available through Bower. As most of the frontend libraries are also available through npm, it's not suprising that we ask ourselves why Bower is still needed. + +At AOE, we decided to use npm as the only package manager to avoid having multiple tools doing similar things. Developers only need to deal with one solution, which makes the project easier to maintain. diff --git a/radar/2017-10-01/client-side-error-logging.md b/radar/2017-10-01/client-side-error-logging.md new file mode 100644 index 0000000..e7b0b11 --- /dev/null +++ b/radar/2017-10-01/client-side-error-logging.md @@ -0,0 +1,12 @@ +--- +title: "Client-side error logging" +ring: trial +quadrant: methods-and-patterns + +--- + +More and more business logic is done client-side with various web and app technologies. How do we know if everything works in production? We can easily track backend exceptions in the server logs, but what about client-side errors in the user's browser or mobile app? + +With client-side error logging, we send errors to a central server to see instantly what is going wrong. With this method errors can be found and resolved quickly before they affect even more users. + +At AOE, we use the Open Source solution [Sentry](https://sentry.io/welcome/).io. It can handle multiple projects and teams and integrates well with other services such as Mattemost/Slack and Issue Tracking Systems. diff --git a/radar/2017-10-01/container-based-builds.md b/radar/2017-10-01/container-based-builds.md new file mode 100644 index 0000000..067f721 --- /dev/null +++ b/radar/2017-10-01/container-based-builds.md @@ -0,0 +1,12 @@ +--- +title: "Container-based builds" +ring: assess +quadrant: methods-and-patterns + +--- + +Running your builds in isolated containers keeps your build servers clean. It allows you to even run them with multiple versions of a framework or programming language. You don't need additional machines like you would for running builds with PHP5 or PHP7 at the same time or running some legacy builds. + +Note that you need to think about some kind of caching mechanism for your depenendies to avoid downloading them in every build, which would cause long build times. + +At AOE, we are currently starting to use this approach for building services and it is especially useful if your build has special dependencies. Also, it's possible to use GitLab as a build tool or use Docker with the new Jenkinspipeline. For caching we are evaluating minio as a cache server. We noticed that our builds run quite rapidly and reliably with that. Also, the complexity of the builds decreased since we don't need any workarounds, which were caused by having everything installed on one build server. diff --git a/radar/2017-10-01/dagger.md b/radar/2017-10-01/dagger.md new file mode 100644 index 0000000..cbcc362 --- /dev/null +++ b/radar/2017-10-01/dagger.md @@ -0,0 +1,10 @@ +--- +title: "Dagger" +ring: adopt +quadrant: tools + +--- + +[Dagger](https://google.github.io/dagger/) is a fully static, compile-time [dependency injection](http://en.wikipedia.org/wiki/Dependency_injection) framework for both Java and Android. [Dagger](https://google.github.io/dagger/) doesn't use reflections at runtime, it saves resources. For us, it is a perfect match for Android development. + +We at AOE use it as a base framework for every Android project. diff --git a/radar/2017-10-01/decoupling-infrastructure-via-messaging.md b/radar/2017-10-01/decoupling-infrastructure-via-messaging.md new file mode 100644 index 0000000..e4acf92 --- /dev/null +++ b/radar/2017-10-01/decoupling-infrastructure-via-messaging.md @@ -0,0 +1,9 @@ +--- +title: "Decoupling Infrastructure via Messaging" +ring: trial +quadrant: methods-and-patterns + +--- +In [Microservices](/methods-and-patterns/microservices.html) we have already covered the trend that modern architectures are moving away more and more from big monolithic applications to distributed software suites. The result of splitting our software and infrastructure in smaller parts, is the need to communicate with each other. This can be done by direct communication or by message-based asynchronouous communication. While synchronuous communication allows for more plannable "real-time" response times of the overall systems, asynchronouos communication increases the resilience and stability of the system significantly and allows one to use other integration and scaling patterns. However, it often comes with additional complexity. + +Most of the IaaS Cloud providers offer messaging services such as AWS SQS which provide the possibility to decouple our infrastructure via Messaging. Also, we use [RabbitMQ](/tools/rabbitmq.html) as a Messaging and Broker solution within our applications. The decision of using messaging and messaging patterns as an integration strategy can be made as part of [strategic design](/methods-and-patterns/strategic-domain-driven-design.html) considerations. diff --git a/radar/2017-10-01/devops-practices.md b/radar/2017-10-01/devops-practices.md new file mode 100644 index 0000000..fc44692 --- /dev/null +++ b/radar/2017-10-01/devops-practices.md @@ -0,0 +1,36 @@ +--- +title: "Devops practices" +ring: adopt +quadrant: methods-and-patterns + +--- +DevOps is a term that has been around for some years now. We understand DevOps as a philosophy and culture with related practices and tools - all with the aim of bringing (IT) Operations closer to Development. + +Jez Humble described the devops movement like this: "a cross-functional community of practice dedicated to the study of building, evolving and operating rapidly changing, secure, resilient systems at scale". + +With the size of software projects and the effects of agile development, the need to also deliver operation and infrastructure in an agile way increases more and more. + +We have been using the following practices with success: + +**Crossfunctional Teams "you build it, you run it"** + +In the past year, we have moved from a more centralistic or standanlone IT and operations service team to crossfunctional teams with Infrastructure experts working in and with the development team (admins joining the project team). + +And, we changed to crossfunctional teams and a "you build it, you run it" approach for the bigger projects. We have seen that this leads to the following positive effects: +* Software application architecture demands a certain infrastructure and the other way around. Having all the know-how in one team leads to more major decisions and implementations. Also, solving of root causes for problems works better. +* Rotating operation and incident management inside the whole team brings everyone into closer contact with the day-to-day operation of their software. This results in a shared and improved responsibility and commitment to the complete platform in the team. In addition, this brings developers into contact with the customer - which is an important feedback loop as well. +* Increased flexibility in the infrastructure: Implementations and adjustments in the infrastructure are faster and can be done together with the ongoing agile development of the platform. +* Developers also explicitly think of operation issues when building the application - since they are responsible for operation. For example, logging concept, monitoring aspects and resilience patterns are now explicitly optimized continuously and improve faster. +Important enabler of such an approach is the size and available budget for the project (not every project allows for having a continuous crossfunctional teams that carries out ongoing development and operations). Also, this requires a certain amount of independence for the team. + +As always, we are establishing "community of interests" to improve and promote the knowledge transfer between different teams. + +**Increase of relevant tools** + +Another important aspect and also enabler of DevOps practices is the increase of certain tool and methods - some of them are also represented in the Tech Radar. For example: Puppet Environments; Docker; Cloud Services, Terraform, Consul etc. + +**DevSetup = Prod Setup, [Infrastructure as a Code](methods-and-patterns/infrastructure-as-code.html)** + +Keeping the development infrastructure setup close to production is also a commonly implemented practice and a direct result of the "Infrastructure as Code" method. Handling infrastructure and the required changes and innovations in ways similar to those used for applications is important; you can ready more about this here: Infrastructure as Code + +We encourage all teams to adopt devops practices in the teams and to take care that there is a true collaboration between the different experts in a team and no invisible wall. diff --git a/radar/2017-10-01/docker.md b/radar/2017-10-01/docker.md new file mode 100644 index 0000000..2fbc35c --- /dev/null +++ b/radar/2017-10-01/docker.md @@ -0,0 +1,18 @@ +--- +title: "Docker" +ring: assess +quadrant: platforms-and-aoe-services + +--- + +Docker is currently the most-used solution for creating and managing container-based infrastructures and deployments. + +Essentially, Docker is a platform to build container images, distribute them and run them as an isolated process (using Linux kernel cgroups, network namespaces and custom mounts). + +In a DevOps environment, this helps a lot as we can run the exact same software and runtime (such as PHP) on both production and locally while developing. This enables us to debug our software much easier. + +Also, Docker allows us to keep our development setup much smaller and faster; instead of VirtualBox setups on a per-project base, we can compose our project development setup out of small containers. A CI environment building the containers allows us to package and test the whole environment instead of different software components on different runtimes in a much more stable way. + +Backed by services such as [Kubernetes](/platforms-and-aoe-services/kubernetes.html), we can deploy Docker containers on a flexible infrastructure and enable our developers to test their software more easily in different environments. + +Here at AOE, we assess Docker in different projects to become more flexible and faster, which increases our focus on development of even better and more stable software. diff --git a/radar/2017-10-01/elasticsearch.md b/radar/2017-10-01/elasticsearch.md new file mode 100644 index 0000000..9378ce0 --- /dev/null +++ b/radar/2017-10-01/elasticsearch.md @@ -0,0 +1,9 @@ +--- +title: "Elasticsearch" +ring: trial +quadrant: platforms-and-aoe-services + +--- +Elasticsearch is a REST-based search and analytics engine based on Lucene. Unlike its competitor Apache Solr, it was developed in the beginning with clustering and scaling in mind. It allows you to create complex queries while still delivering results very fast. + +At AOE, we use Elasticsearch for logging as well as our own search solution [Searchperience](http://www.searchperience.com/). We recently moved the Searchperience stack from Solr to Elasticsearch and think this was the right decision. Especially in terms of scaling, ease of use and performance, Elasticsearch really shines. Also, the API design took some of the learnings from Apache SOLR into account - for example, the queryDSL is a powerful way of describing different search use cases with highly flexible support of aggregations, etc. diff --git a/radar/2017-10-01/elk-stack.md b/radar/2017-10-01/elk-stack.md new file mode 100644 index 0000000..bc86339 --- /dev/null +++ b/radar/2017-10-01/elk-stack.md @@ -0,0 +1,16 @@ +--- +title: "ELK Stack" +ring: adopt +quadrant: platforms-and-aoe-services + +--- + +The company behind Elasticsearch offers a very nice solution for logging and analysis of distributed data such as logfiles. + +In today's increasingly distributed IT systems, it's very helpful to have a central view of what is going on in your systems - and of course nobody can and wants to look in different logfiles on different servers. A central logging solution provides the option to detect potential relationships between different events more easily. Also, also it can be used to extract useful KPIs or to visualize information on dashboards. + +The abbreviation "[ELK](https://www.elastic.co/products) Stack" stands for the Tools Elasticsearch, Logstash and Kibana: Together, they provide a solution for collecting data the ability to search, visualize and analyze data in real time. + +Logstash is used to process and forward different data (or logfile) formats. Elasticsearch is used as a search index and together with the Kibana plugin you can configure highly individual dashboards. Recently, there are also the Beats Tools joining this toolstack to ship data to Elasticsearch. + +We have been using the ELK Stack for several years now in several projects and different infrastructure setups - we use it to visualize traffic, certain KPIs or just to analyze and search in application logs. We encourage all teams to use such a solution and take care to write useful logs in your applications. diff --git a/radar/2017-10-01/evil-user-stories.md b/radar/2017-10-01/evil-user-stories.md new file mode 100644 index 0000000..b99db56 --- /dev/null +++ b/radar/2017-10-01/evil-user-stories.md @@ -0,0 +1,15 @@ +--- +title: "Evil User Stories" +ring: assess +quadrant: methods-and-patterns + +--- +With Evil User Stories, we aim to raise the project teams' (PO, Dev-Team, QA) and clients' awareness for security topics and introduce a security-by-design principle. + +The first step is to identify business use cases of potential vulnerabilities in our software product. The next step is to write an Evil User Story for this use case, from the perspective of an evil persona, e.g. "John Badboy who wants to hack our software". The idea behind this is to take a look at specific parts (business logic) of the software from a perspective that would otherwise not be considered when working on standard user stories. + +So how would this work? To illustrate this, let's consider the following user story: "As Emma Shopping I am be able to pay for a product in my checkout using a credit card". To get that story done, we might have to persist some payment data somewhere. But within the context of an Evil user story we now also need to consider the security for the credit card and payment handling in our application. So, for that reason, we write an Evil User Story, which in this case could, for example, be "As John Badboy, I want to steal payment data" or more specifically "As John Badboy, I want to do to sql inject to get the payment token". + +Before implementation of this particular user story starts, developers should think about how they can secure potentially vulnerable parts of the software to prevent attacks such as sql injections. In this case, one approach should be the use of prepared statements for sql queries. When the development is finished, we should then be able to test the story using an automated testing approach with a penetration testing tool such as [sqlmap](http://sqlmap.org/) to confirm that our database queries are not vulnerable to sql injections. + +Additionally, both solutions should be checked during the development process using code reviews to identify and correct potentially buggy code. diff --git a/radar/2017-10-01/explicit-test-strategy.md b/radar/2017-10-01/explicit-test-strategy.md new file mode 100644 index 0000000..2ba695b --- /dev/null +++ b/radar/2017-10-01/explicit-test-strategy.md @@ -0,0 +1,21 @@ +--- +title: "Explicit test strategy" +ring: assess +quadrant: methods-and-patterns + +--- +According to the [ISTQB Glossar](http://glossar.german-testing-board.info/#teststrategie)- a **Test Strategy** is an abstract specification that comprises the designated test levels (unit, integration, system and acceptance tests) and the implementation of each level for a whole organization or for an application. This test strategy can be applicable to one or more projects. + +At AOE, we established an explicit test strategy for many of our projects. The coordination of the test levels improves the effectivity of test runs and helps to avoid testing gaps, double inspection and overhead. Every test level has a different focus. Tests that are executed on one level don't have to be implemented on others. + +These are the test levels that we implement as a standard in the software deployment pipeline of our projects and that handle multiple integrated components and services: + +- **Unit Test:** The unit level tests verify the functionality of a specific section of code, usually at the function level. We use static as well as dynamic test methods such as code reviews, style or complexity checks and white-box testing.  +- **Module Tests:** Module Tests focus on testing the functionality that a service or component provides in isolation to other components or services that this service depends on. This test stage finds errors in a component. It should never fail due to a consumed service that is not reachable or has been altered. Therefore, all dependencies of these components are mocked or stubbed on some level. Tests are most commonly conducted through interfaces using black-box testing. +- **Integration Tests:** On the integration level, individual software modules are combined and tested as a group. The integration testing verifies functional, performance and reliability requirements. These tests are also most commonly conducted through interfaces using black-box testing. In case there is a great number of (external) subsystems, we mock these systems outside of the defined context and use contract-based testing to verify the interfaces. All contract-based tests that focus on testing the interface contracts between services are also executed on this test level. +- **System Level Tests:** On the system level, tests are performed on a complete, integrated system, where they evaluate the system's compliance with its specified requirements. System tests not only verify the design, but they also check the system's behavior in general and even the assumed expectations of the customer. They are intended to test up to and beyond the bounds defined by the explicit system requirements. +- **Client Acceptance Tests:** The client acceptance level includes all testing done by the customer and is the last one in the succession of the five test levels. The objective is to evaluate the system's compliance with the business requirements and to assess whether it is acceptable for delivery. + +As a rule, we automate the execution of tests where it is feasible and sensible. Related to the test strategy are the test concept, test data management and the usage of a test case management tool that allows one to assess and categorize functional test cases. + +Due to the practical usefulness of having a sound test strategy for a project, we classify the explicit test strategy for projects with assess. diff --git a/radar/2017-10-01/galen.md b/radar/2017-10-01/galen.md new file mode 100644 index 0000000..74aef4a --- /dev/null +++ b/radar/2017-10-01/galen.md @@ -0,0 +1,14 @@ +--- +title: "Galen" +ring: assess +quadrant: tools + +--- + +With [Galen Framework](http://galenframework.com/), layout testing can be automated to save you a lot of manual work. With its own specification language (Galen Spec), you can write tests to verify the correct look of the web page as well as the location and alignment of specific elements on a page. + +So, you can write simple tests such as "The button should be green" as well as more complex behavior specifications such as "On mobile devices the button should be inside the viewport". Especially when testing a responsive website on multiple devices, browsers and resolutions, the manual testing effort gets expensive. To help with that, Galen runs its specifications fully automated with Selenium against the required browsers and devices. + +Whenever a test fails Galen writes a test report with screenshots to show the mismatching areas on the page to help testers and developers become aware of the problem. + +At AOE, the Galen Framework helps us to continuously test the UI for potential regression bugs introduced by new features. diff --git a/radar/2017-10-01/gatlin.md b/radar/2017-10-01/gatlin.md new file mode 100644 index 0000000..080c47a --- /dev/null +++ b/radar/2017-10-01/gatlin.md @@ -0,0 +1,17 @@ +--- +title: "Gatling" +ring: trial +quadrant: tools + +--- +[Gatling](http://gatling.io/) is a highly capable load testing tool. It is designed for ease of use, maintainability and high performance. + +Out of the box, Gatling comes with excellent support of the HTTP protocol that makes it a tool of choice for load testing any HTTP server. As the core engine is actually protocol agnostic, it is perfectly possible to implement support for other protocols. For example, Gatling currently also ships [JMS support](http://gatling.io/docs/current/). + +Gatling is built with [Scala Lang](https://extranet.aoe.com/confluence/display/knowledge/Scala+Lang) and [Akka](https://extranet.aoe.com/confluence/display/knowledge/Akka). By making good use of Scala's native language features (such as as the extensive type system), it makes writing tests feel natural and expressive, instead of writing load tests based on a DSL encoded in some special syntax. + +This allows us to use all native Scala features to work with, with the focus on the ability to structure your tests as pure code, and actually unit test your load tests. + +Besides the very good performance, we definitely like the pure code-based approach. Gatling creates HTML-based reports with nice graphs and metrics about how and what was tested. + +We use Gatling as an alternative to Jmeter with success in some of our projects. We encourage teams to try Gatling for future load testing. There is an integrated test recorder similiar to what other test frameworks have to get you started with a basic test case. diff --git a/radar/2017-10-01/go-lang.md b/radar/2017-10-01/go-lang.md new file mode 100644 index 0000000..004b2ff --- /dev/null +++ b/radar/2017-10-01/go-lang.md @@ -0,0 +1,18 @@ +--- +title: "Go / Golang" +ring: assess +quadrant: languages-and-frameworks + +--- + +2016 was the year of Go, with a lot of Open Source projects gaining a lot of attention and many companies started to use it. + +Go went from #54 to #13 on the [TIOBE index](http://www.tiobe.com/tiobe-index/) in January 2017, and it became the TIOBE programming language of the year 2016. + +Here at AOE, we use several services written in Go on a daily basis, such as Mattermost, Docker, Consul and Kubernetes. Also, more and more applications, such as Gitlab, incorporate Go-based services to "off load" heavy work. + +Go, as a programming language, has some very interesting features such as native support for concurrency (go routines), static compiled binaries with a very small memory footprint, cross compiling and much more. A big advantage of Go is the very flat learning curve, which allows developers from more dynamic languages such as PHP to be proficient in a very short time. + +If you want to get a feeling for Go, you should start with the [online tour](https://tour.golang.org/welcome/1), within a day you'll have a good understanding of the core concepts, syntax, etc. - that is also because the language often tries to provide only one simple way of doing things; an example for this is that code formatting and styling is defined (yet not enforced as in Python). Part of this is also that Go itself is very opinionated: So, for example, for object oriented programming in Go, composition is the prefered way of defining data structures, and some might miss advanced concepts such as inheritance. + +We currently use Go for projects and microservices where we need flexibility and performance. diff --git a/radar/2017-10-01/gradle.md b/radar/2017-10-01/gradle.md new file mode 100644 index 0000000..5fe7dbf --- /dev/null +++ b/radar/2017-10-01/gradle.md @@ -0,0 +1,13 @@ +--- +title: "Gradle" +ring: adopt +quadrant: tools + +--- +Gradle is a build automation tool originating in the Java space, providing declarative dependency management (like Maven) and support for custom functionality (like Ant). It has superb multi-project support and is extremely extensible via third-party plugins and also via self-written extensions and plugins that make it outstanding in its area. + +It uses a Groovy-based DSL to declaratively model your problem domain (Build automation) and provides a rich object model with extension points to customize the build logic. Because it is extremely easy to extend this DSL, you can easily provide a declarative interface to your customizations and add-ons. + +While providing plugins for building libs, apps and webapps in Java, Groovy and Scala out of the box it is not tied to the JVM as target platform, which is impressively shown by the native build support for C / C++. + +At AOE, it is used in various places already: to build [Anypoint](/tools/anypoint-platform.html)- and [Spring Boot-](/languages-and-frameworks/spring-boot.html) based applications; to build Android Apps; to automate the creation of Jenkins Jobs; to create Docker images and Debian packages and also do some deployment scripting with it. diff --git a/radar/2017-10-01/groovy.md b/radar/2017-10-01/groovy.md new file mode 100644 index 0000000..6d3b059 --- /dev/null +++ b/radar/2017-10-01/groovy.md @@ -0,0 +1,10 @@ +--- +title: "Groovy" +ring: trial +quadrant: languages-and-frameworks + +--- + +Groovy is a dynamically typed compiled language running on the JVM. It is easy to learn as it provides a familiar syntax for Java programmers, but also offers advanced features such as closures and makes some mandatory Java syntax requirements optional to enhance the conciseness of the code. These features make Groovy especially well-suited for scripting and domain-specific languages. This is used by popular tools such as Gradle or Spock. + +At AOE, Groovy is used in many projects and areas. We use Gradle as a build system, we carry out unit and integration testing with Spock and Geb, we generate Jenkins jobs with JobDSL and we implement complete services with Groovy and [Spring Boot](/languages-and-frameworks/spring-boot.html). diff --git a/radar/2017-10-01/grunt.md b/radar/2017-10-01/grunt.md new file mode 100644 index 0000000..bcdf36a --- /dev/null +++ b/radar/2017-10-01/grunt.md @@ -0,0 +1,25 @@ +--- +title: "Grunt" +ring: hold +quadrant: tools +--- + + +Grunt is a JavaScript task runner that automates repetitive tasks. While Grunt served us well for a good amount of projects, +other alternatives such as [Gulp](http://gulpjs.com/) emerged in the meantime and proved to be a better pick for the +majority of our teams. + +We have two main reasons for discarding Grunt in favor of other tools: + +### Speed +If a decent amount of tasks is reached, Grunt is known to run slower than other tools, because it heavily relies on I/O operations and +always stores the result of one task as files on the disk. + +### Configuration +On large projects where a lot of automation is required, it can get very tedious to maintain complex and parallel running tasks. +The grunt configuration files sometimes simply don´t gave us the flexibility that we needed. + +Currently our preferred way to go is either simply use [NPM scripts](https://docs.npmjs.com/misc/scripts) or rely on [Webpack loaders](https://webpack.js.org/concepts/loaders/) for file preprocessing. For non-webpack projects we also utilize Gulp. + + + diff --git a/radar/2017-10-01/hal-hateoas.md b/radar/2017-10-01/hal-hateoas.md new file mode 100644 index 0000000..ed784ec --- /dev/null +++ b/radar/2017-10-01/hal-hateoas.md @@ -0,0 +1,24 @@ +--- +title: "HAL / HATEOAS" +ring: assess +quadrant: methods-and-patterns + +--- +Hypermedia As The Engine Of Application State or in short HATEOAS is a pattern that helps to organize dependencies and resources in a RESTful API. The basic idea of HATEOAS is that an API consumer do not have to know how dependencies of resources are connected and how to get them. A consumer must only be familiar with the basics of hypermedia. + +Let's assume we have a bank account and an action to deposit money on that account. Everything you need to know is that the account resource has an action for a deposit. The URL of that action can then fetched from the link attribute with the corresponding relation. + +``` + + 12345 + -25.00 + + +``` + +Besides from HATEOAS there is an alternative implementation called Hypertext Application Language, in short HAL, which has much more features than the basic HATEOAS. + +With HAL you are allowed to also define parametrized links, embedded resources and documentation relations (which are called curies). You can find the specification here. +[http://stateless.co/hal_specification.html](http://stateless.co/hal_specification.html) + +If you want to link different api endpoints or ressource locations in your API responses you should use this standard. \ No newline at end of file diff --git a/radar/2017-10-01/hystrix.md b/radar/2017-10-01/hystrix.md new file mode 100644 index 0000000..5ed4dab --- /dev/null +++ b/radar/2017-10-01/hystrix.md @@ -0,0 +1,17 @@ +--- +title: "Hystrix " +ring: assess +quadrant: tools + +--- + +Hystrix is a very powerful library for handling failures, fallbacks and latency management within complex distributed environments. Netflix developed it and after years of experience, they are using it in almost each of their microservices. It evolved to a great library for handling resilience in complex architectures and covers solutions for the most common resilience patterns like: + +- Fail fasts +- Fail silent +- Circuit Breaker +- Fallbacks (Static, Stubbed) + +Beside from that purposes Hystrix also offers some helpful features like parallel and asynchronous execution, In-Request-Caching and other useful features for working with distributed systems. + +Another useful component that you are able to use with Hystrix is his dashboard that give you the ability of real time monitoring of external dependencies and how they behave. Alerting is also able via the dashboard. diff --git a/radar/2017-10-01/infrastructure-as-code.md b/radar/2017-10-01/infrastructure-as-code.md new file mode 100644 index 0000000..2f7a665 --- /dev/null +++ b/radar/2017-10-01/infrastructure-as-code.md @@ -0,0 +1,12 @@ +--- +title: "Infrastructure as Code" +ring: adopt +quadrant: methods-and-patterns + +--- + +Infrastructure as Code (IaC) describes the process of managing all infrastructure resources via code. Treating infrastructure code the same way we treat application code, we can benefit from the same advantages of having a history in our version control system, doing code reviews and rolling out updates via a Continuous Delivery pipeline in a way that closely approaches how we handle application deployments. + +Infrastructure code is often described in a declarative language und the target platforms figure out what to create, update or delete in order to get to the desired state, while doing this in a safe and efficient way. We've worked with [AWS CloudFormation](https://aws.amazon.com/de/cloudformation/) in the past, and while this is a great tool, you can only manage AWS resources with it and you need some more tooling around it in order to automate things nicely and embed it into other processes such as Jenkins Jobs. That's what we created [StackFormation](https://github.com/AOEpeople/StackFormation) for. Another tool that is actively developed is [Terraform](https://www.terraform.io/). Terraform comes with a lot of concepts that make managing environments easier out of the box and nicely embeds into other related tools. Also, Terraform allows you to manage a variety of different infrastructure providers. + +Infrastructure as code should cover everything from orchestration of your infrastructure resources, networking and provisioning as well as monitoring setup. The orchestration tools mentioned above are supplemented by other tools such as Puppet, Chef or simple Bash scripts that take over provisioning the instances after they are booted. diff --git a/radar/2017-10-01/jest.md b/radar/2017-10-01/jest.md new file mode 100644 index 0000000..8d66c90 --- /dev/null +++ b/radar/2017-10-01/jest.md @@ -0,0 +1,18 @@ +--- +title: "Jest " +ring: assess +quadrant: tools + +--- +[Jest](https://facebook.github.io/jest/) is a javascript testing framework by facebook to test javascript code **and** react applications / components. + +We started using Jest (and [watchmen](https://github.com/facebook/watchman)) instead of Karma because it: + +- gives us integrated mocking library +- gives us integrated support for testing "promises" +- gives us integrated code coverage report +- automatically runs tests related to changed files (instead of all tests) +- gives us parallel test execution +- gives us snapshot testing for react components + +It is easy to set up. And even if you have a running setup with karma/chai you can easily replace karma with jest. With a small [workaround](https://medium.com/@RubenOostinga/combining-chai-and-jest-matchers-d12d1ffd0303#.3callo273), chai and jest test matchers work fine together. diff --git a/radar/2017-10-01/job-dsl.md b/radar/2017-10-01/job-dsl.md new file mode 100644 index 0000000..05660a1 --- /dev/null +++ b/radar/2017-10-01/job-dsl.md @@ -0,0 +1,11 @@ +--- +title: "Job DSL (Jenkins)" +ring: trial +quadrant: tools + +--- +The [Job DSL ](https://wiki.jenkins-ci.org/display/JENKINS/Job+DSL+Plugin)is a plugin for the Jenkins automation server. Jenkins jobs that automate parts of a software project are usually configured using the web interface of Jenkins. If Jenkins is the choice for your project and the number of build jobs tend to grow, the Job DSL plugin is your friend. + +The plugin allows Jenkins jobs to be described by code (Groovy DSL). This code is then used for generating Jenkins jobs. As a consequence, job configuration can be part of the project's source code. During the generation step, existing jobs are synchronized, overwritten or left alone, depending on the configuration. The same configuration manages deleting or ignoring jobs that are not described in code anymore. Jobs can easily be restored in case of data loss and changed without clicking buttons for hours. The automation also makes it easy to seed large numbers of homogeneous components and builds on different branches. + +The ability to treat Jenkins jobs as code is a big advantage. We highly suggest that every team automate the setup of their jobs and their pipelines. Another way of expressing build pipelines as code is the new [Jenkins Pipeline](https://jenkins.io/doc/book/pipeline/) feature - but still we see the need of Job DSL seeder jobs to seed the Jenkins pipeline jobs themselves and any additional jobs. diff --git a/radar/2017-10-01/keycloak.md b/radar/2017-10-01/keycloak.md new file mode 100644 index 0000000..993c4f6 --- /dev/null +++ b/radar/2017-10-01/keycloak.md @@ -0,0 +1,17 @@ +--- +title: "Keycloak" +ring: trial +quadrant: tools + +--- +User management, authentication, authorization and Single Sign-On are part of most distributed systems nowadays. Building these sensitive and serious parts on your own might be a problem due to knowledge- and budget restrictions. Because of growing requirements in that field (social logins, single sign-on, federation, two-factor authentication, etc.), as well as growing security concerns, building these things on your own has become more challenging during the past decade. + +As a consequence, the recommendation is: use an existing solution and connect it with your project's codebase using provided standards. Our recommended solution is the Open Source project JBoss Keycloak. We use Keycloak in our OM3 suite for several authentication-related use cases - such as user management for system users and single sign-on for customers. The OAuth access tokens can be used to secure APIs that access sensitive information. + +Keyloak is based on standards such as OAuth2, OIDC and SAML2. Securing a distributed system is supported by adapters, which are provided by the Keycloak developers for different technology stacks. If there is no adapter for your technology stack, an integration on protocol level with a library is simple. A lot of configurable features require no coding in the integrated projects. + +By design, the Keycloak project offers customizability and extensibility via so-called SPIs, e.g. a custom authenticator can be implemented to address project specific problems. + +Keycloak normally runs standalone and can use various database products. A docker image is available to start in a containerized environment. + +Keycloak might be overkill, depending on your project needs. For a simple integration with, for instance, a social login provider (Facebock, Twitter, etc.) Keycloak might be too much. For a JVM project, the pac4j library might be an alternative. If a cloud-based solution is preferred and data privacy concerns are not an issue, Auth0 might be the choice. diff --git a/radar/2017-10-01/kubernetes.md b/radar/2017-10-01/kubernetes.md new file mode 100644 index 0000000..6f32bb2 --- /dev/null +++ b/radar/2017-10-01/kubernetes.md @@ -0,0 +1,10 @@ +--- +title: "Kubernetes" +ring: assess +quadrant: platforms-and-aoe-services + +--- + +Kubernetes is a container orchestration platform, which supports many different infrastructure providers. It allows you to deploy containers and takes care of running, scaling or self-healing your applications based on configurations you provide. It's based on years of knowledge and experience Google gained by using containers. + +At AOE, we started Kubernetes in a test environment on bare metal to experiment with it. It's currently used for running AOE internal apps such as dashboards as well as running builds in containers. We also started to use it for upcoming projects to run and manage several services. There are Tools to automate the setup of kubernetes in AWS like [Cops](https://kubernetes.io/docs/getting-started-guides/kops/). Another helpful tool is [Minikube](https://github.com/kubernetes/minikube), which allows to test and run kubernetes locally. diff --git a/radar/2017-10-01/microservices.md b/radar/2017-10-01/microservices.md new file mode 100644 index 0000000..4bc674f --- /dev/null +++ b/radar/2017-10-01/microservices.md @@ -0,0 +1,23 @@ +--- +title: "Microservices" +ring: trial +quadrant: methods-and-patterns + +--- + + +Microservices as an architecture style is getting very popular recently. At AOE, more and more teams are adding microservices to their existing application architecture or designing applications with microservices. + +We also like the term "self-contained systems" instead of microservices. + +The benefits we see are: + +* better handling of complexity compared to adding features in a monolithic approach +* beeing able to use the languages and framework that best fit the purpose of the service +* enabling better parallel work in big teams or multi-team projects +* flexibility in deploying changes to production - by just deploying the changed service + +Related patterns are [Strategic Domain Driven Design](/methods-and-patterns/strategic-domain-driven-design.html) as an approach to wisely cut your architecture according to useful bounded contexts and decide on the relevant communication and "translation" between the services. +In case you are looking for a small visualisation tool for your microservice architecture you might find [vistecture](https://github.com/AOEpeople/vistecture/) useful. + +Also [Resilience thinking](/methods-and-patterns/resilience-thinking.html) is especially important when designing an application as a suite of microservices. diff --git a/radar/2017-10-01/node-js.md b/radar/2017-10-01/node-js.md new file mode 100644 index 0000000..199d2c0 --- /dev/null +++ b/radar/2017-10-01/node-js.md @@ -0,0 +1,18 @@ +--- +title: "node.js" +ring: trial +quadrant: languages-and-frameworks + +--- + +Node.js is a no- browser JavaScript execution runtime. Its basis is Google's V8 engine. [Node](https://nodejs.org/en/) is event-driven and follows a non-blocking I/O model. + +It’s a good choice for restful APIs, realtime purposes or situations where many concurrent connections are expected, where each connection has a lightweight memory footprint. + +Node allows separation of concerns by using its package manager [npm](https://www.npmjs.com/), which is also the largest ecosystem of Open Source libraries (modules). + +Modules are added as dependencies and offer a wide range of functionalities in a range from simple helper functions to mature web frameworks such as [express.js](http://expressjs.com/de/). + +Many PaaS providers (AWS, Google Cloud Platform, Azure) support node, including deployment and monitoring services out of the box for scalable stateless applications. + +At AOE, we successfully use node.js-based applications for smaller services or internal tools such dashboards. diff --git a/radar/2017-10-01/npm.md b/radar/2017-10-01/npm.md new file mode 100644 index 0000000..a58e9a5 --- /dev/null +++ b/radar/2017-10-01/npm.md @@ -0,0 +1,26 @@ +--- +title: "NPM" +ring: adopt +quadrant: tools + +--- +[NPM](https://www.npmjs.com/) is one of, if not the most, popular package manager for JavaScript. Because of the big community, you can find nearly every dependency in npm. + +Instead of other package managers such as [bower](/tools/bower.html), you have to write your packages as [modules](https://en.wikipedia.org/wiki/CommonJS). This unifies the way you have to use, test and, of course, understand dependencies. + +NPM creates a tree for your dependencies and their nesting dependencies. Because of this, you don't need to handle version conflicts, since every dependency uses there own version of e.g. [webpack](/tools/webpack.html). + +With [shrinkwrap](https://docs.npmjs.com/cli/shrinkwrap) you have a robust tool to lock down and manage the versions of your dependencies - following the [Pin (external) dependencies](/methods-and-patterns/pin-external-dependencies.html) approach. + +For each package you have to classify your dependencies: + +- dependencies are needed for use without the need of pre compiling, e.g. [lodash](https://lodash.com/) +- devDependencies are needed for development only, e.g. testing frameworks or pre compiler e.g. [babel](/languages-and-frameworks/babel.html) +- peerDependencies you have to provide for using the package + +With [scripts](https://docs.npmjs.com/misc/scripts) you get support for the most common build lifecycle steps, e.g. build, start, test ... + +Other useful features: + +- mirror support for your own repository (e.g. [artifactory](/platforms-and-aoe-services/artifactory.html)) +- can be used for server and client JavaScript development (see [node.js](/languages-and-frameworks/node-js.html) ) diff --git a/radar/2017-10-01/pin-external-dependencies.md b/radar/2017-10-01/pin-external-dependencies.md new file mode 100644 index 0000000..99b6382 --- /dev/null +++ b/radar/2017-10-01/pin-external-dependencies.md @@ -0,0 +1,22 @@ +--- +title: "Pin external dependencies" +ring: adopt +quadrant: methods-and-patterns + +--- +A lot of applications have dependencies on other modules or components. We have used different approaches regarding how and when these dependencies are resolved and have agreed on using a method we call "Pin (External) dependencies". + +This is especially relevant for script languages, where the dependency management references the code and not immutable prebuild binaries - and therefore resolves the complete transient dependencies on the fly. + +Most of these package- or dependency management solutions support two artefacts: + +* a semantic dependency definition. This defines the compatible versions of the required dependencies. (Composer: composer.json / NPM: package.json) +* a lock file defining the exact revisions of the dependencies and the transient dependencies (dependencies of dependencies). This is created after running the tool. (Composer: composer.lock / NPM: npm-shrinkwrap.json). + +We suggest the following: + +* Keep the dependency definition AND the lock file in version control. This ensures that chained dependencies are also locked and you have changes of that file visible in your version control commit history. This helps finding issues or bugs that might relate to unintended updates in external modules or transient dependencies. +* Build Step: The application build step should use the the pinned versions (with the help of the lock file) to ensure that the same revisions of the dependent packages are used. +* It's also suggested to use local or central caches for the retrieval of packages. (E.g. [artifactory as composer and npm cache](/platforms-and-aoe-services/artifactory.html)) + +For updating of dependencies define a process in the team. This can either be done on the dev-system or in a seperate automated CI job - both resulting in updated dependency definitions in the applications VCS. \ No newline at end of file diff --git a/radar/2017-10-01/pipeline-as-code.md b/radar/2017-10-01/pipeline-as-code.md new file mode 100644 index 0000000..69c4e0e --- /dev/null +++ b/radar/2017-10-01/pipeline-as-code.md @@ -0,0 +1,12 @@ +--- +title: "Pipeline as Code" +ring: assess +quadrant: methods-and-patterns + +--- + +Continuous Integration and Delivery is a critical part of our development and deployment process at AOE. Using Jenkins for many years the "instructions" how to build, test and deploy applications were scattered between many custom scripts and the pipeline was often maintained by manual maintenance of Jenkins jobs. Soon, we realized that we need a more native way to express the full CI/CD pipeline process in code and manage it in version control. + +Being an important part of each project, the pipeline configuration should be managed as code and rolled out automatically - this also allows us to manage the pipeline itself applying the same standards that apply to application code. + +While some teams started using Jenkins' [JobDSL plugin,](https://wiki.jenkins-ci.org/display/JENKINS/Job+DSL+Plugin) others explored the new [Jenkins Pipeline](https://jenkins.io/doc/book/pipeline/) - in both ways, the build artifacts should be published to an artifact repository such as [Artifactory.](/platforms-and-aoe-services/artifactory.html) diff --git a/radar/2017-10-01/play-framework.md b/radar/2017-10-01/play-framework.md new file mode 100644 index 0000000..1c8e77a --- /dev/null +++ b/radar/2017-10-01/play-framework.md @@ -0,0 +1,16 @@ +--- +title: "Play Framework" +ring: adopt +quadrant: languages-and-frameworks + +--- + +The Play Framework is a lightweight (web)application framework for Java and [Scala](/languages-and-frameworks/scala-lang.html) programmers. + +A developer can choose from different modules to include necessary functionality such s accessing http resources, databases, and so on. As a consequence, the developer can choose, and is not distracted by or clobbered with irrelevant things. This approach is considered as minimalistic, but it is easy to include necessary functionality. + +Regarding the architecture, Play is stateless and built on Akka. As a consequence, Play applications have much lower resource consumption regarding CPU und memory and can scale easily. Play manages concurrency without binding a request to a thread until the response is ready. + +With the use of "[Futures](http://docs.scala-lang.org/overviews/core/futures.html)" in your code you can turn synchronous tasks (such as IO or API call to another service) into asynchronous and you can build non-blocking applications. It is recommended to understand the principles Play uses to achieve performance and scalability. + +Play can act as backend service delivering JSON, for esample. For building web applications. the [Twirl](https://www.playframework.com/documentation/2.5.x/ScalaTemplates) template engine enables server-side rendering of html pages. These html pages can include css and java script parts of your own choice. diff --git a/radar/2017-10-01/postcss.md b/radar/2017-10-01/postcss.md new file mode 100644 index 0000000..0ad09ec --- /dev/null +++ b/radar/2017-10-01/postcss.md @@ -0,0 +1,18 @@ +--- +title: "PostCSS" +ring: adopt +quadrant: languages-and-frameworks + +--- + +PostCSS is a tool for transforming stylesheets with JavaScript plugins. It comes with a parser that reads your CSS file into an AST, pipes it through the loaded plugins and finally +stringifies it back into a (transformed) CSS output file. + +We at AOE love PostCSS because it gives us the power to use [CSS Modules](https://github.com/css-modules/css-modules), which finally ends the curse of global CSS. + +It also has a huge list of more than 350 other [available plugins](http://postcss.parts/). +Sure, not all of them are useful, but the sheer number of plugins shows how easy it is to write your own plugin for it. +In fact, it´s just a matter of writing a single JS function. + +Finally, PostCSS is very fast and easy to setup because it runs 100% in JavaScript. +Compared to [SASS](/languages-and-frameworks/sass.html) as a preprocessor, it feels much more powerful but at the same time less bloated with superfluous functionality because everything comes in its own little plugin diff --git a/radar/2017-10-01/protobuf.md b/radar/2017-10-01/protobuf.md new file mode 100644 index 0000000..d95db18 --- /dev/null +++ b/radar/2017-10-01/protobuf.md @@ -0,0 +1,14 @@ +--- +title: "Protobuf" +ring: assess +quadrant: languages-and-frameworks + +--- + +In an increasingly microservice-oriented environment, it is crucial that all parties agree on a common language and wire format for data exchange. + +JSON and XML are two very well-known formats for serialization of data, however they come with a few drawbacks. JSON is completely dynamic without any validation (though there is json-schema) and XML uses an extremely heavyweight syntax, which carries a huge overhead, so parsing and transport becomes quite slow. + +Protobuf, amongst others, is an approach to solving this problem by using well-defined schemas to create language-specific code, which serializes/marshals and deserializes/unmarshals data. One of the key features is the built-in support for evolving schemas, it is easily possible to incrementally extend the definition while staying backwards-compatible and compose messages out of several sub-messages. + +If you are looking for a way to have different systems agree on a common protocol on top of a transport layer (such as AMQP or HTTP), Protobuf is definitely worth taking a look at and should be assessed. diff --git a/radar/2017-10-01/puppet-environments.md b/radar/2017-10-01/puppet-environments.md new file mode 100644 index 0000000..a500aab --- /dev/null +++ b/radar/2017-10-01/puppet-environments.md @@ -0,0 +1,22 @@ +--- +title: "Puppet Environments" +ring: assess +quadrant: platforms-and-aoe-services + +--- + +Puppet +------ + +Puppet is an Open Source configuration management tool. It is used by a wide range of different companies world-wide, e.g. the Wikimedia Foundation, Mozilla, Reddit, CERN, Dell, Rackspace, Twitter, the New York Stock Exchange, PayPal, Disney, Citrix Systems, Spotify, Oracle, the University of California Los Angeles, the University of North Texas, QVC, Intel, Google and others. + +Puppet has been the basic tool to address Continuous Configuration Automation (CCA) in AOE's [Infrastructure as Code](/methods-and-patterns/infrastructure-as-code.html) strategy (IaC) for more than 4 years. + +Puppet Environments +------------------- + +Intended to give projects the means to develop and maintain their own infrastructure, separated and not influenced by other projects, Puppet environments, together with Puppet module versioning and ENC, have been introduced.\ +Puppet Environments are rated "Trial". It supports our strategy of Infrastructure as Code (IaC) and links it to our DevOps approach, enabling project teams to set up and customize their own infrastructure.  + +Teams that want to use the Puppet Environments service from the AOE IT Team will find detailed information about the implemented CI/CD process for this. + diff --git a/radar/2017-10-01/rabbitmq.md b/radar/2017-10-01/rabbitmq.md new file mode 100644 index 0000000..adc85b2 --- /dev/null +++ b/radar/2017-10-01/rabbitmq.md @@ -0,0 +1,15 @@ +--- +title: "RabbitMQ" +ring: trial +quadrant: tools + +--- +RabbitMQ is an Open Source message broker - implementing the Advanced Message Queuing Protocol (AMQP) protocol. It provides a reliable and scalable way to transport data between loosely coupled applications, using different EAI patterns such as the Publish & Subscriber pattern. AMQP supports direct and fan-out exchanges (broadcasts) as well as topics. Queuing mechanisms allow for robust architectures, mitigating the risks of application downtimes. Typically, a RabbitMQ server can easily buffer millions of messages. RabbitMQ supports JMS in addition to AMQP. It is not intended to use JMS for new systems, but it makes RabbitMQ useful for integrating legacy systems. + +There are several alternative solutions to RabbitMQ, e. g. the free Apache ActiveMQ, which is integrated in [Anypoint platform](/tools/anypoint-platform.html). ActiveMQ implements a somewhat simpler routing concept than RabbitMQ, but offers more protocols. Commercial products in this area are offered by IBM (Websphere MQ), Fiorano and almost every vendor of ESB products. + +We use RabbitMQ internally for transferring messages safely in our logging ecosystem between [Logstash](/platforms-and-aoe-services/elk-stack.html) proxies and servers using direct and fan-out exchanges for delivering messages to appropriate destinations. RabbitMQ is also used to asynchronously trigger Jenkins jobs from our SCMs to mitigate heavy load on the SCMs, usually caused by Jenkins polls for SCM changes. Additionally, some critical events for monitoring are using RabbitMQ for guaranteed notification.  + +RabbitMQ is rated "Trial". It fits into our approach to build robust, [resilient systems](/methods-and-patterns/resilience-thinking.html) and use [asyncronous messages](/methods-and-patterns/decoupling-infrastructure-via-messaging.html) for loosely coupled communications between components. In practice, RabbitMQ proved to be stable and dealt well with service interruptions from failures and maintenance slots. A common pain point is RabbitMQ as a single point of failure disrupting the data flow in a system. This issue is currently approached by setting up a HA cluster for RabbitMQ. The outcome of this approach will clarify the extent of future usage of RabbitMQ in our systems. + + ![](/assets/images/rabbitmq.png) diff --git a/radar/2017-10-01/raml.md b/radar/2017-10-01/raml.md new file mode 100644 index 0000000..10e62b8 --- /dev/null +++ b/radar/2017-10-01/raml.md @@ -0,0 +1,12 @@ +--- +title: "RAML" +ring: adopt +quadrant: tools + +--- + +[RAML](http://raml.org/) (the RESTful API Modelling Language) is a YAML-based API specification language. It's now available in [version 1.0](https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#defining-types). The philosophy behind it is to [specify the API before implementation](/methods-and-patterns/api-first-design-approach.html). + +If you follow this philosophy, you can design your API and discuss it with your clients and team before implementing a single line of code. API consumers are able to implement against the API before it's really up and running. The [api-console](https://github.com/mulesoft/api-console) provides a beautiful online documentation with "try it" features for your raml definition. + +The RAML ecosystem provides a rich toolset for code generation (e.g. [online editor](http://rawgit.com/mulesoft/api-designer/master/dist/index.html#/?xDisableProxy=true);[ api-workbench](http://apiworkbench.com/)), automatically generated documentation, code generation (e.g. [go-raml](https://github.com/Jumpscale/go-raml)), mocking, testing and much more. We prefer RAML over Swagger because of this. diff --git a/radar/2017-10-01/react.md b/radar/2017-10-01/react.md new file mode 100644 index 0000000..961aba2 --- /dev/null +++ b/radar/2017-10-01/react.md @@ -0,0 +1,24 @@ +--- +title: "React.js" +ring: trial +quadrant: languages-and-frameworks + +--- + + +React claims to be "the V in MVC". But for us it is much more than that. React improved the way we approach frontend applications as we build them. Its functional way of writing components +and its declarative JSX syntax help us to build interactive UIs very efficiently. +React's one-way data flow keeps everything modular and fast and makes even large applications more readable. + +Components are the central point of React - once we fully started [thinking in react](https://facebook.github.io/react/docs/thinking-in-react.html), our components became smaller, more reusable and better testable. + +After some 1.5 years of experience with React and the steady growth of the community and ecosystem around it, +we can confidently say that we still see great protential to build upcoming projects with React. + + + + + + + + diff --git a/radar/2017-10-01/redux.md b/radar/2017-10-01/redux.md new file mode 100644 index 0000000..bfd4e40 --- /dev/null +++ b/radar/2017-10-01/redux.md @@ -0,0 +1,14 @@ +--- +title: "Redux" +ring: trial +quadrant: languages-and-frameworks + +--- + +[Redux](http://redux.js.org/) helps us to maintain state in our frontend applications in a more predictable and clearer way. It is extendable though middleware, it has a great documentation and some awesome [devtools](https://github.com/gaearon/redux-devtools) that are especially helpful when you are new to Redux. + +The functional concepts for updating the state, combined with immutable data, lead to extremely easy and enjoyable [unit tests](http://redux.js.org/docs/recipes/WritingTests.html) - this is maybe the biggest plus for us developers. + +The official [react-redux bindings](https://github.com/reactjs/react-redux) also made it straightforward to weave Redux into our React applications. For asynchronous actions we use [redux-sagas](https://redux-saga.github.io/redux-saga/) which has proven itself as a better alternative for [redux-thunk](https://github.com/gaearon/redux-thunk). + +Currently, we use Redux only in our React projects, but we are evaluating it together with other frameworks such as Angular or Vue.js, as well. diff --git a/radar/2017-10-01/resilience-thinking.md b/radar/2017-10-01/resilience-thinking.md new file mode 100644 index 0000000..e0a52bb --- /dev/null +++ b/radar/2017-10-01/resilience-thinking.md @@ -0,0 +1,20 @@ +--- +title: "Resilience thinking" +ring: trial +quadrant: methods-and-patterns + +--- + + +Resilience is the cabability of an application or service to resist different error scenarios. Especially for distributed systems - where a lot of communication between different services happen - it's very important to explicitly think of implementing resilience. + +There are a lot of different resilience patterns and it is also a matter of the overall software design. Typical patterns and methods used are: + +* Do not hide API calls or any other external communication in your application (for example with unnecessary abstraction) - instead make it explicit that an external communication happens - e.g. by using the Facade Pattern. On the one hand, this makes it obvious that a potential slow and errorprone communication is going to happen, and it makes it easier to implement error handling. +* Detect errors explicitly: Check the response message format and configure proper timeouts for external communication +* Handle errors in a smart way: Show a nice error message to your customer or, even better, graceful degrade features - e.g. by showing some fallback text +* Use Message-based communication where useful ([Decoupling Infrastructure via Messaging](/methods-and-patterns/decoupling-infrastructure-via-messaging.html)) +* Use Circuit Breaker to Isolate errors and allow system to recover +* Use short activation paths in your strategic architecture - so that there is only a minimal set of communications between your services required for certain features or business requests + +"Embrace Errors" should be the mindset - because its not a question if errors appear - it's just a question of when. \ No newline at end of file diff --git a/radar/2017-10-01/rest-assured.md b/radar/2017-10-01/rest-assured.md new file mode 100644 index 0000000..955768a --- /dev/null +++ b/radar/2017-10-01/rest-assured.md @@ -0,0 +1,12 @@ +--- +title: "Rest Assured (Testing)" +ring: assess +quadrant: tools + +--- + +**[REST-assured](https://github.com/rest-assured/rest-assured)** is a Java DSL for simplifying testing of REST-based services built on top of HTTP Builder. It supports the most important http request methods and can be used to validate and verify the response of these requests. + +At AOE, we use REST-assured with Spock to automate our API testing. We appreciate the easy-to-use DSL, which uses the Given-When-Then template (also known as Gherkin language). This template helps other project members to understand the code/test easily. + +Because of the seamless integration with Spock and our positive experience in one of our major projects, we classify REST-assured as *assess.* diff --git a/radar/2017-10-01/rxjava.md b/radar/2017-10-01/rxjava.md new file mode 100644 index 0000000..bc09a56 --- /dev/null +++ b/radar/2017-10-01/rxjava.md @@ -0,0 +1,8 @@ +--- +title: "RxJava" +ring: trial +quadrant: tools + +--- + +[RxJava](https://github.com/ReactiveX/RxJava) is the Open Source Java implementation of ReactiveX. The main concept heavily relies on the Observer- (and Subscriber)-Pattern. An Observer emits a stream of data, which can be consumed by Subscribers. The Subscriber reacts (That's where the 'Rx' comes from) asynchronously to those data events. Reactive Extensions were originally developed by Mircosoft's Erik Meijer and his team and have been ported to all major programming languages after being released to the public as Open Source software. We use RxJava (but actually RxAndroid to be precise) in the Congstar Android App to let the UI layer react to changes in the underlaying data layer. diff --git a/radar/2017-10-01/sass.md b/radar/2017-10-01/sass.md new file mode 100644 index 0000000..75d883c --- /dev/null +++ b/radar/2017-10-01/sass.md @@ -0,0 +1,30 @@ +--- +title: "SASS" +ring: adopt +quadrant: languages-and-frameworks + +--- + +SASS (Syntactically Awesome Style-Sheets) is an extension to native CSS, which, as a preprocessor, simplifies the generation of CSS by offering features that enable developers to more efficiently write robust, better readable and maintainable CSS. + +Core features of SASS are: + +* Nesting of rules: CSS rules can be indented, reducing redundancy of selectors and increasing readability due to shorter selectors. +* Use of variables: Commonly-used values such as colors can be stored in variables +* Mixins: Often-used CSS blocks can be referenced by using mixins, which work like functions +* Extends: CSS properties can be inherited +* SASS files can be split into modules, which leads to smaller files and better file structures +* Operators: Simple math calculations can be applied to CSS properties +* Easily to integrate in nodejs-environments and build tools such s [NPM](/tools/npm.html), [Gulp](/tools/gulp.html) and [Grunt](/tools/grunt.html). + +SASS has been widely adopted for many years and has evolved to an industry-standard backed by an active community since 2006. + +The learning curve is very smooth as SASS is fully compatible to CSS, meaning that all features are optional: Starting with SASS is as easy as renaming .css-files to .scss in a first step and then refactoring it step-by-step with the use of SASS features. + +At AOE, SASS has been recommended by the frontend COI and is used in nearly every current project. + +More information: + +* [SASS Language](http://sass-lang.com/) +* [SASSDoc](http://sassdoc.com/) +* [Improving Sass code quality on](https://www.theguardian.com/info/developer-blog/2014/may/13/improving-sass-code-quality-on-theguardiancom) [theguardian.com](http://theguardian.com) \ No newline at end of file diff --git a/radar/2017-10-01/scala-lang.md b/radar/2017-10-01/scala-lang.md new file mode 100644 index 0000000..507a555 --- /dev/null +++ b/radar/2017-10-01/scala-lang.md @@ -0,0 +1,14 @@ +--- +title: "Scala Lang" +ring: trial +quadrant: languages-and-frameworks + +--- + +Besides Java, Scala is the most mature language on the Java Virtual Machine. Its unique blend of object-oriented and functional language features and rich type system with advanced type inference enables one to write concise code. + +It is fully interoperable with Java but has a big ecosystem of tools and frameworks on its own. + +Scala provides one of the best high-level concurrency- and async features on the language level as well as on the framework level, making it the default choice of twitter and the like. + +At AOE, we already use Scala in various projects to create scalable backend systems (Play, Akka) or for batch processing (Spark). diff --git a/radar/2017-10-01/settings-injection.md b/radar/2017-10-01/settings-injection.md new file mode 100644 index 0000000..f56467f --- /dev/null +++ b/radar/2017-10-01/settings-injection.md @@ -0,0 +1,11 @@ +--- +title: "Settings Injection" +ring: adopt +quadrant: methods-and-patterns + +--- +While deploying applications to an environment, the application typically needs to be configured for that specific environment. Typical settings include domain names, database credentials and the location of other dependent services such as cache backends, queues or session storages. + +These settings should not be shipped with the build package. Instead, it's the environment - this build is being deployed to - that should expose these values to application. A common way to "inject" these values is by making them available as environment variables or dynamically creating configuration files for the application. You can achieve this pattern without special tools - but this concept of settings injection also works with tools such as [Consul](/tools/consul.html), [kubernetes](/platforms-and-aoe-services/kubernetes.html) (with configMaps and secrets) or [YAD](https://github.com/AOEpeople/YAD). + +In this manner, the build package can be independent from the environment it's being deployed to - making it easier to follow the "Build once, deploy often" CI/CD principle. diff --git a/radar/2017-10-01/spock_geb.md b/radar/2017-10-01/spock_geb.md new file mode 100644 index 0000000..9070ad7 --- /dev/null +++ b/radar/2017-10-01/spock_geb.md @@ -0,0 +1,18 @@ +--- +title: "Spock + Geb" +ring: adopt +quadrant: languages-and-frameworks + +--- + +[spockframework.org](http://www.spockframework.org) - Spock is a testing and specification framework for Java and Groovy applications. What makes it stand out from the crowd is its beautiful and highly expressive specification language. Thanks to its JUnit runner, Spock is compatible with most IDEs, build tools and continuous integration servers. Spock is inspired from JUnit, jMock, RSpec, Groovy, Scala, Vulcans, and other fascinating life forms. + +[gebish.org](http://www.gebish.org) - Geb is a browser automation solution. It brings together the power of WebDriver, the elegance of jQuery content selection, the robustness of Page Object modelling and the expressiveness of the Groovy language. It can be used for scripting, scraping and general automation or equally as a functional/web/acceptance testing solution via integration with testing frameworks such as Spock, JUnit & TestNG. + +At AOE, we use Spock in combination with Geb in various projects for black-box testing. Mainly, we implement our functional integration and acceptance testing automation with these frameworks, which work together seamlessly. And, we also like the convenience of extending the tests with Groovy built-ins or custom extensions. + +Because of the successful use in two of our large projects and the wide range of opportunities within the testing domain with Spock and Geb, we classify this combo with adopt. + + + + diff --git a/radar/2017-10-01/spring-boot.md b/radar/2017-10-01/spring-boot.md new file mode 100644 index 0000000..d709c45 --- /dev/null +++ b/radar/2017-10-01/spring-boot.md @@ -0,0 +1,16 @@ +--- +title: "Spring Boot" +ring: assess +quadrant: languages-and-frameworks + +--- + +With Spring Boot you create standalone Spring Applications with minimum configuration. [Spring Boot](https://projects.spring.io/spring-boot/) rapidly gets you up and running for production. + +With an embedded Tomcat, Jetty and Undertow you have everything you need to deploy your application out-of-the-box. + +The Spring Cloud ecosystem also gives you a lot of extension points for developing, deploying and running cloud applications. + +It's based on the rock-solid Spring framework and provides excellent documentation. + +At AOE, we use Spring Boot in a microservice architecture. Together with Groovy as the implementation Language, and some other Tools (Spring Security, Cloud, HATEOAS, Data, Session) from the Spring environment, we are able to create complex and powerful applications in no time. diff --git a/radar/2017-10-01/spring-rest-docs.md b/radar/2017-10-01/spring-rest-docs.md new file mode 100644 index 0000000..59dc6b5 --- /dev/null +++ b/radar/2017-10-01/spring-rest-docs.md @@ -0,0 +1,9 @@ +--- +title: "Spring REST Docs" +ring: assess +quadrant: tools + +--- +[Spring REST Docs](https://projects.spring.io/spring-restdocs/) auto generates [Asciidoctor](http://asciidoctor.org/) snippets with the help of [Spring MVC Test](http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle#spring-mvc-test-framework) or [RestAssured](https://extranet.aoe.com/confluence/pages/viewpage.action?pageId=86937862).  So you can be sure that your tests are inline with the documentation. + +At AOE, we use [Spring REST Docs](https://projects.spring.io/spring-restdocs/) to document our Rest Services and Hal Resources. We also use it to auto generate [Wiremock](/tools/wiremock.html) Stubs, so the consumer of the service can test against the exact API of the service. diff --git a/radar/2017-10-01/strategic-domain-driven-design.md b/radar/2017-10-01/strategic-domain-driven-design.md new file mode 100644 index 0000000..5868d2b --- /dev/null +++ b/radar/2017-10-01/strategic-domain-driven-design.md @@ -0,0 +1,19 @@ +--- +title: "Strategic Domain Driven Design" +ring: adopt +quadrant: methods-and-patterns + +--- + +Design of distributed applications need to be done wisely. Strategic Domain Driven Design is an approach for modelling large-scale applications and systems and is introduced in the last part of Eric Evans' book _**Domain Driven Design**_. + +Domain driven design is a well-known pattern family and has been established at AOE for quite some time now. Unlike Domain Driven Design, which focuses on the tactical design in an application, strategic domain driven design is an approach that is very helpful for the high-level strategic design of an application and distributed software architecture. + +It is a pattern familiy focused on using and defining Bounded Context and thinking explicitly of the different relationship patterns and the required "translation" of similar "concepts" between the bounded contexts. It is helpful to argue and find a good strategic architecture in alignment with the requirements, the domain and by considering Conway's Law. +A context map and a common conceptional core help to understand and improve the overall strategic picture. Especially with the [Microservice](/methods-and-patterns/microservices.html) approach, it is important to define and connect services following the low coupling - high cohesion principles by idendifying fitting bounded contexts. + +The following chart gives an overview of possible relationships between bounded contexts: +![strategic-domain-driven-design-relationships](/assets/images/strategic-domain-driven-design-relationships.png) + + +While we have found that this approach is especially useful in designing distributed systems and applications with [microservices](/methods-and-patterns/microservices.html), we have also extended this approach to provide guidlines for general enterprise architectures. \ No newline at end of file diff --git a/radar/2017-10-01/styleguide-driven-development.md b/radar/2017-10-01/styleguide-driven-development.md new file mode 100644 index 0000000..2d9b391 --- /dev/null +++ b/radar/2017-10-01/styleguide-driven-development.md @@ -0,0 +1,13 @@ +--- +title: "Styleguide Driven Development" +ring: trial +quadrant: methods-and-patterns + +--- +The goal of Styleguide Driven Development is to develop your application user Interface independently and reusable in a Pattern Library.\ +In the old days, the frontend was developed based on page-centric Photoshop files which made it hard to change things afterwards. With styleguide driven development you build smaller elements, which are reusable in all of your frontends. + +You can start developing your UI components (HTML/CSS/JavaScript) very early in the production phase without having to wait for a ready-to-use development system.\ +Designers and Testers can give feedback early and you can share the documentation and code with external teams. + +At AOE, we use [Hologram](https://trulia.github.io/hologram/) to build a living documentation right from the source files. Whenever a new UI Element is needed, a developer starts building it in the styleguide -- not in the actual application code. By writing the code for the new component, the documentation for it is created instantly. Any other developer can easily see which elements exist and how it can be used in the code. diff --git a/radar/2017-10-01/symfony-components.md b/radar/2017-10-01/symfony-components.md new file mode 100644 index 0000000..c51cc46 --- /dev/null +++ b/radar/2017-10-01/symfony-components.md @@ -0,0 +1,10 @@ +--- +title: "Symfony Components" +ring: trial +quadrant: languages-and-frameworks + +--- + +Symfony Components are part of the [Symfony Framework](https://symfony.com/) and they are designed as decoupled and reusable PHP components. + +Their use cases vary from simple little helpers such as a [beautified var_dump](http://symfony.com/doc/current/components/var_dumper.html) to more complex ones such as access control, list-based [security mechanisms](http://symfony.com/doc/current/components/security.html) and an easy-to-integrate [console component](http://symfony.com/doc/current/components/console.html) to give your already existing applications some CLI capabilities. They are [used by a lot of PHP-based projects](http://symfony.com/projects) such as Typo3, Magento, Composer, PHPUnit and Doctrine, with contributions continually taking place. If you are planning the next project with PHP components, you should have a look at the [Symfony Components list](http://symfony.com/components), which includes a lot of well-designed, decoupled [Open Source pieces of PHP code](https://github.com/symfony). diff --git a/radar/2017-10-01/typescript.md b/radar/2017-10-01/typescript.md new file mode 100644 index 0000000..040ddb7 --- /dev/null +++ b/radar/2017-10-01/typescript.md @@ -0,0 +1,22 @@ +--- +title: "Typescript" +ring: assess +quadrant: languages-and-frameworks + +--- + +[TypeScript](https://www.typescriptlang.org/) is a language that gets transpiled to native JavaScript code. + +It offers support for the latest EcmaScript features and has strict typing and support for interfaces built in. + +JavaScript scoping, which led into recurring workarounds such as **var self = this, myFunc.bind(this)_,_**was eliminated in TypeScript. + +In TypeScript **this** stays **this**, which leads to more readable and understandable code from an OOP perspective. + +TypeScript continues to be actively developed by Microsoft and is also well-Integrated in today's IDEs. + +The excellent structure and the possibilities for extension make it a good choice to consider for larger JavaScript projects. + +Typescript was the choice for [Angular 2+](/languages-and-frameworks/angular-2.html) and one can assume that it will get more traction with the success of Angular 2 in the future. + +There are also projects that support Typescript „code execution“ on the server such as [ts-node](https://www.npmjs.com/package/ts-node). diff --git a/radar/2017-10-01/vue.md b/radar/2017-10-01/vue.md new file mode 100644 index 0000000..2f0e308 --- /dev/null +++ b/radar/2017-10-01/vue.md @@ -0,0 +1,12 @@ +--- +title: "Vue.js" +ring: assess +quadrant: languages-and-frameworks + +--- + +Vue is a progressive, incrementally adoptable framework for building user interfaces maintained by Evan You. Unlike [other monolithic frameworks](http://vuejs.org/v2/guide/comparison.html), the core library is focused on the view layer only and is very easy to pick up and integrate with other libraries or existing projects. Vue is also perfectly capable of powering sophisticated single-page applications when used in combination with modern tooling and supporting libraries such as [vuex](https://vuex.vuejs.org/en/) and [vue-router](http://router.vuejs.org/en/). + +Vue uses an HTML-based template syntax that allows you to declaratively bind the rendered DOM to the underlying Vue instance’s data. Under the hood, Vue compiles the templates into Virtual DOM render functions. Combined with the [reactivity system](http://vuejs.org/v2/guide/reactivity.html) Vue is able to intelligently figure out the minimal amount of components to re-render and apply the minimal amount of DOM manipulations when the app state changes, which provides for very high performance. + +Applications can be split into [Single File Components](http://vuejs.org/v2/guide/single-file-components.html) - a single file containing the template (HTML), style (CSS) and functionality (JS) - which simplifies maintainability and testability of the code and promotes reusability across other projects. diff --git a/radar/2017-10-01/webpack.md b/radar/2017-10-01/webpack.md new file mode 100644 index 0000000..545b1a1 --- /dev/null +++ b/radar/2017-10-01/webpack.md @@ -0,0 +1,26 @@ +--- +title: "Webpack" +ring: trial +quadrant: tools + +--- +[Webpack](https://webpack.js.org/) is a web bundler for JavaScript applications. Instead of writing scripts to build and bundle your app like you would with [Gulp](/tools/gulp.html), you just define what files you want to load into your bundle. + +In the following example, we define that JavaScript files should be handled by babel-loader, excluding the files from node_modules. The logic behind the process comes from the [loader](https://webpack.js.org/concepts/loaders/). You can find the right loader in [npm](https://www.npmjs.com/search?q=loader%20webpack&page=1&ranking=optimal). + +``` +{ + test: /\.js$/, + loader: 'babel-loader', + exclude: /node_modules/, +} +``` + +On top of that you can use [plugins](https://webpack.js.org/plugins/) to optimize your bundle like uglifying your code or put your common libraries in a separate file. + +Under the hood, you've got nice features such as: + +- [tree shaking](https://webpack.js.org/guides/tree-shaking/) to just bundle the features from a library you need +- [chunk splitting](https://webpack.js.org/guides/code-splitting/) to split your code to manage the load prioritization + +The configuration is simple and there is excellent and extensive [documentation](https://webpack.js.org/configuration/). diff --git a/radar/2017-10-01/wiremock.md b/radar/2017-10-01/wiremock.md new file mode 100644 index 0000000..8b03b03 --- /dev/null +++ b/radar/2017-10-01/wiremock.md @@ -0,0 +1,15 @@ +--- +title: "Wiremock" +ring: trial +quadrant: tools + +--- +**[WireMock](http://wiremock.org/docs/)** is an HTTP mock server - it can be used to mock APIs for testing. + +At its core, it is a web server that can be prepared to serve canned responses to particular requests (stubbing), and that captures incoming requests so that they can be checked later (verification). It also has an assortment of other useful features including record/playback of interactions with other APIs, injection of faults and delays, simulation of stateful behavior.  + +It can be used as a library by any JVM application, or run as a standalone process either on the same host as the system under test or a remote server. All of WireMock's features are accessible via its REST (JSON) interface and its Java API. Additionally, the mock server can be configured via JSON files. + +At AOE, we use WireMock as a standalone server to mock APIs that are outside our system context to get a stable environment for testing and rapid feedback. Besides the decoupled test and development advantages, the mocked APIs can also be used in contract-based tests. We also use embedded WireMock in functional tests to stub external services. The explicit test of faults are especially helpful in building and testing the [resilience of your application](/methods-and-patterns/resilience-thinking.html). + +Because of the features such as flexible deployment, powerful request matching and record/payback interactions, as well as the fact that the server runs stable in our project environments, we classify WireMock as *trial*. diff --git a/radar/2017-10-01/xmlunit.md b/radar/2017-10-01/xmlunit.md new file mode 100644 index 0000000..0b9e936 --- /dev/null +++ b/radar/2017-10-01/xmlunit.md @@ -0,0 +1,9 @@ +--- +title: "XMLUnit" +ring: assess +quadrant: tools + +--- +[XMLUnit](http://www.xmlunit.org/) is a Java and .NET testing framework for XML documents. It is very useful for performing contract tests with SOAP interfaces or other XML-based message types. + +Comparing strings of XML can lead to instable tests because of the changing order of elements or changed values, etc. XMLUnit provides features to address these issues. It is possible to validate against an XML Schema, use XPath queries or compare against expected outcomes. It also comes with a nice diff-engine which makes it easy to check the parts of an XML document that are important.