Mod-reading-room Module submission self-evaluation

 Uses Apache 2.0 license

 Module build MUST produce a valid module descriptor

 Module descriptor MUST include interface requirements for all consumed APIs

 Third party dependencies use an Apache 2.0 compatible license

 Installation documentation is included

• -note: read more at https://github.com/folio-org/mod-search/blob/master/README.md

 Personal data form is completed, accurate, and provided as PERSONAL_DATA_DISCLOSURE.md file

 Sensitive and environment-specific information is not checked into git repository

 Module is written in a language and framework from the officially approved technologies page

 Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet

 Module gracefully handles the absence of third party systems or related configuration

Acceptable

 Sonarqube hasn't identified any security issues, major code smells or excessive (>3%) duplication

 Uses officially supported build tools

https://github.com/folio-org/mod-reading-room/blob/e117ae4e11e31978681fab19687642cfd724c9ef/pom.xml#L27

https://github.com/folio-org/mod-reading-room/blob/master/Dockerfile

 Unit tests have 80% coverage or greater and are based on officially approved technologies

• Module's repository includes a compliant Module Descriptor
  • -note: read more at https://github.com/folio-org/okapi/blob/master/okapi-core/src/main/raml/ModuleDescriptor.json

 Module includes executable implementations of all endpoints in the provides section of the Module Descriptor

Environment vars are documented in the ModuleDescriptor

• • -note: read more at https://folio-org.atlassian.net/wiki/pages/viewpage.action?pageId=1778314

 If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section

 All API endpoints are documented in RAML or OpenAPI

 All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using *.all permissions, all necessary module permissions are assigned, etc.

• • -note: read more at https://dev.folio.org/guidelines/naming-conventions/ and https://folio-org.atlassian.net/wiki/display/DD/Permission+Set+Guidelines

https://github.com/folio-org/mod-reading-room/blob/e117ae4e11e31978681fab19687642cfd724c9ef/descriptors/ModuleDescriptor-template.json#L22

 Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value

Inapplicable

 If provided, integration (API) tests must be written in an officially approved technology

• • -note: while it's strongly recommended that modules implement integration tests, it's not a requirement
  • -note: these tests are defined in https://github.com/folio-org/folio-integration-tests

 Data is segregated by tenant at the storage layer

 The module doesn't access data in DB schemas other than its own and public

 The module responds with a tenant's content based on x-okapi-tenant header

 Standard GET /admin/health endpoint returning a 200 response

• -note: read more at https://folio-org.atlassian.net/wiki/display/DD/Back+End+Module+Health+Check+Protocol

https://github.com/folio-org/mod-reading-room/blob/e117ae4e11e31978681fab19687642cfd724c9ef/pom.xml#L68

https://github.com/folio-org/mod-reading-room/blob/e117ae4e11e31978681fab19687642cfd724c9ef/src/main/resources/application.yml#L49

 High Availability (HA) compliant

• • Possible red flags:
    • Connection affinity / sticky sessions / etc. are used
    • Local container storage is used
    • Services are stateful

 The module only uses infrastructure/platform technologies on the officially approved technologies list.

• • e.g. PostgreSQL, ElasticSearch, etc.