Mod-dcb Module submission self-evaluation

  • Step 1 - select one of the 3 results below against each criteria:
  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE
  • Step 2 - provide evidence 

CriteriaComments/ Action ItemsResponsible
  • Evaluation result: 
  • ACCEPTABLE
  • UNACCEPTABLE
  • INAPPLICABLE
  • Evidence:


Status:

To Do

In Progress

Done

1

 Uses Apache 2.0 license


Acceptablehttps://github.com/folio-org/mod-dcb/blob/master/LICENSEDone
2

 Module build MUST produce a valid module descriptor


Acceptable

Done
3

 Module descriptor MUST include interface requirements for all consumed APIs


Acceptable

Done
4

 Third party dependencies use an Apache 2.0 compatible license

Attached is the result of license scan: mvn license:third-party-repor

Acceptable

Done
5

 Installation documentation is included

Create Jira for README file. Deployment process should be described

Unacceptable

To Do
6

 Personal data form is completed, accurate, and provided as PERSONAL_DATA_DISCLOSURE.md file

 The file is missing in the module.

Unacceptable
To Do
7

 Sensitive and environment-specific information is not checked into git repository


ACCEPTABLEhttps://github.com/folio-org/mod-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
8

 Module is written in a language and framework from the officially approved technologies page


ACCEPTABLE
DONE
9

 Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet

Note - New module mod-circulation-item is the new module which will be required by mod-dcbACCEPTABLEhttps://github.com/folio-org/mod-dcb/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
10

 Module gracefully handles the absence of third party systems or related configuration


ACCEPTABLE



11

 Sonarqube hasn't identified any security issues, major code smells or excessive (>3%) duplication


ACCEPTABLEhttps://sonarcloud.io/summary/new_code?id=org.folio%3Amod-dcbDONE
12

 Uses officially supported build tools


ACCEPTABLE

https://github.com/folio-org/mod-dcb/blob/master/pom.xml#L26

https://github.com/folio-org/mod-dcb/blob/master/Dockerfile

DONE
13

 Unit tests have 80% coverage or greater and are based on officially approved technologies


ACCEPTABLEhttps://sonarcloud.io/summary/new_code?id=org.folio%3Amod-dcb

https://github.com/folio-org/mod-dcb/blob/master/pom.xml#L53

https://github.com/folio-org/mod-dcb/blob/master/pom.xml#L176

https://github.com/folio-org/mod-dcb/blob/master/pom.xml#L187


DONE
14
ACCEPTABLEhttps://github.com/folio-org/mod-circulation-item/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
15

 Module includes executable implementations of all endpoints in the provides section of the Module Descriptor


ACCEPTABLEhttps://github.com/folio-org/mod-circulation-item/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
16

Environment vars are documented in the ModuleDescriptor


ACCEPTABLEhttps://github.com/folio-org/mod-circulation-item/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
17

 If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section


ACCEPTABLEhttps://github.com/folio-org/mod-circulation-item/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
18

 All API endpoints are documented in RAML or OpenAPI


ACCEPTABLEhttps://github.com/folio-org/mod-circulation-item/blob/master/descriptors/ModuleDescriptor-template.jsonDONE
19

 All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using *.all permissions, all necessary module permissions are assigned, etc.

As per the below statement from the given link,

The name of an interface (its id) uses hyphen-separated strings. It is normally the same as the set of pathPatterns for which it provides handlers.

We need to change the mod-dcb  interface name from mod-dcb to transactions

ACCEPTABLE


DONE
20

 Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value

As per the discussion with serhii Nosko, it looks like the reference data will be created only when the loadReference/loadSample will send as true. But today our code will check and create the reference data at the time of enabling tenant.ACCEPTABLE
Done
21

 If provided, integration (API) tests must be written in an officially approved technology

The karate tests are not completed yet. Still In progress.ACCEPTABLE
Done
22

 Data is segregated by tenant at the storage layer


ACCEPTABLE

23

 The module doesn't access data in DB schemas other than its own and public


ACCEPTABLE

24

 The module responds with a tenant's content based on x-okapi-tenant header


ACCEPTABLEEnabled mod-dcb for new tenant in rancher and verified this behavior. Based on x-okapi-tenant with valid token, we got the valid data from database Done
25

 Standard GET /admin/health endpoint returning a 200 response

Need to check list of endpoints needs to be added in addition to health

exposure:
include: info,health,env,httptrace
MODDCB-79 - Getting issue details... STATUS
ACCEPTABLE

Module have the spring boot actuator dependency and health endpoint is enabled. It is accessible in local but unable to test it in rancher. 

https://github.com/folio-org/mod-dcb/blob/master/pom.xml#L86

https://github.com/folio-org/mod-dcb/blob/master/src/main/resources/application.yml#L70

To Do
26

 High Availability (HA) compliant

    • Possible red flags:
      • Connection affinity / sticky sessions / etc. are used
      • Local container storage is used
      • Services are stateful

ACCEPTABLE

27

 The module only uses infrastructure/platform technologies on the officially approved technologies list.

    • e.g. PostgreSQL, ElasticSearch, etc.

ACCEPTABLEDR-000037 - TESTCONTAINERS_POSTGRES_IMAGEDONE