Versions Compared

Version Old Version 6 New Version Current
Changes made by

Raman Auramau

Raman Auramau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Quality Attribute

NFR ID

Non-Functional Requirement

Notes and Comments

Status

Availability

NFR.Baseline.Availability.1

Modules are designed and implemented following the Stateless principle

https://wikifolio-org.folioatlassian.orgnet/wiki/display/DD/Stateless%2C+Horizontal+scaling%2C+and+High+Availability

Status
subtletrue
colourGreen
titleCOMPLIANT

NFR.Baseline.Availability.2

Load/performance testing must be conducted for at least 2 deployed instances of a module



Manageability

NFR.Baseline.Manageability.1

Application logs are collected in a unified form and location

https://wikifolio-org.folioatlassian.orgnet/wiki/display/DD/Folio+logging+solution

https://wikifolio-org.folioatlassian.orgnet/wiki/display/DD/Logging


NFR.Baseline.Manageability.2

All custom configuration values are placed in the settings, not in the program code



Performance

NFR.Baseline.Performance.1

Components are performance tested and compared to the prior release baseline; performance may not degrade more than 5% in exceptional cases

  • New functionality requires performance testing to determine baseline performance

  • Use perf-rancher for performance testing; save jmx to folio-perf-testing on GitHub

  • PTF can be invoked for testing for aggregated flows while perf testing of particular parts can be done by the dev team

  • :question_mark: Where to store perf testing reports?


Security

NFR.Baseline.Security.1

Tenant data must be isolated from other tenants

Kitfox - there is an option to create 2 tenants on the same rancher, so QA needs to create appropriate test cases and test them


NFR.Baseline.Security.2

Secrets (such as usernames, passwords, API keys, and/or their combinations) are not stored in source repositories (i.e. Github)

To get started - a simple search on the GitHub repository


NFR.Baseline.Security.3

No sensitive information in logs (logins, passwords, API keys)

This https://github.com/folio-org/personal-data-disclosure/blob/master/PERSONAL_DATA_DISCLOSURE.md#overview can be used as a source of information about PII/sensitive data

https://wikifolio-org.folioatlassian.orgnet/wiki/display/DD/Logging#Logging-Sensitiveinformation

(https://github.com/folio-org/folio-spring-base/blob/master/src/main/java/org/folio/spring/utils/LoggingUtils.java is a placeholder with no implementation)


Testability

NFR.Baseline.Testability.1

Unit-test coverage for new code created/changed during the implementation of the feature >= 80%



NFR.Baseline.Testability.2

E2E-test coverage - # of automated test cases from test rail to # of all test cases at a particular feature



NFR.Baseline.Testability.3

Karate-test coverage - # of test to # of new endpoints that were created (or existing endpoints that were changed) in the feature scope



...

Expand

Below are some NFRs that have been discussed but it was decided not to include them in the initial version of the NFR Scorecard:





NFR.Performance.2

Data schema migration must be tested on a sufficient amount of production-like data and fall within the allowed Release Window

:question_mark: https://issuesfolio-org.folioatlassian.orgnet/browse/RANCHER-191 is not ready yet


NFR.Reliability.1

SonarCloud quality gate conditions to new code are met

SonarCloud Quality Gates


NFR.Usability.1

FOLIO UI/UX guidelines are followed in UI modules

FOLIO UX docs ยท UX prototypes, guidelines & assets (though it seems to be pretty outdated at this point). Stripes-Components Storybook

:question_mark: Does this include accessibility & internationalization? Do we want explicit rows for these things?

NFR.Scalability.1

The ability of an application to scale horizontally (minimum 2 nodes) is tested and confirmed




...

  • (tick) Review the FOLIO NFR Scorecard with stakeholders and interested, agree on working and metrics,

  • (tick) Choose 2 features in the Poppy release to give a try in practice (different teams, SAs, POs),

    • (tick) Poppy R2 2023 - NFR Compliance Review - create a NFR epic in ARCH project - https://issuesfolio-org.folioatlassian.orgnet/browse/ARCH-45

    • (tick) Collect feedback and adjust the NFR Scorecard if needed, agree on particular features for piloting

    • (tick) Pilot NFR Scorecard

    • (tick) Collect feedback and adjust the NFR Scorecard if needed

  • Introduce the NFR Scorecard as a recommended practice in the Quesnelia release

    • (question) Develop a tool for monitoring and analysis

  • Collect feedback after Quesnelia and adjust the NFR Scorecard if needed

...