TC self evaluation for edge-erm

Please see TCR ticket here: https://folio-org.atlassian.net/browse/TCR-38

 

Criteria

Comments

Responsible

Evaluation Result

Evidence

Status

 

Criteria

Comments

Responsible

Evaluation Result

Evidence

Status

1

 Uses Apache 2.0 license

Added license link to POM.

@Steve Ellis

Acceptable

GitHub - folio-org/edge-erm

Done

2

 Module build MUST produce a valid module descriptor

mvn install causes module descriptor to be copied into target directory.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

3

Module descriptor MUST include interface requirements for all consumed APIs

This module only requires two interfaces, login and erm and both are provided in the ModuleDescriptor

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

4

 Third party dependencies use an Apache 2.0 compatible license

Please see attached the output of mvn license:third-party-report.

@Steve Ellis

Acceptable

 

Done

5

 Installation documentation is included

 

@Steve Ellis

Acceptable

It is a standard edge-module and as such is deployed like all edge-modules. However the configuration options are documented in the readme.

Done

6

 Personal data form is completed, accurate, and provided as PERSONAL_DATA_DISCLOSURE.md file

 

@Steve Ellis

Acceptable

Please see https://github.com/folio-org/edge-erm/blob/master/PERSONAL_DATA_DISCLOSURE.md

Done

7

 Sensitive and environment-specific information is not checked into git repository

 

@Steve Ellis

Acceptable

 

Done

8

 Module is written in a language and framework from the officially approved technologies page

Are we going to upgrade edge modules to spring boot version 3.2.x like the docs say we’re supposed to for other spring modules? Note edge-common-spring hasn’t been upgraded so…

@Steve Ellis

TODO

 

TODO

9

 Module only uses FOLIO interfaces already provided by previously accepted modules e.g. a UI module cannot be accepted that relies on an interface only provided by a back end module that hasn't been accepted yet

It is an edge module calling a couple of mod-agreements endpoints that are released.

@Steve Ellis

Acceptable

 

Done

10

Integration with any third party system (outside of the FOLIO environment) tolerates the absence of configuration / presence of the system gracefully

There is no 3rd party integration. It’s an edge module that talks to FOLIO mod-agreements.

@Steve Ellis

Acceptable

 

Done

11

 Sonarqube hasn't identified any security issues, major code smells, or excessive (>3%) duplication

See sonar report.

@Steve Ellis

Acceptable

https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-erm

Done

12

 Uses officially supported build tools

Is a maven project.

@Steve Ellis

 

 

Done

13

 Unit tests have 80% coverage or greater and are based on officially approved technologies

See sonar coverage report.

@Steve Ellis

Acceptable

https://sonarcloud.io/summary/new_code?id=org.folio%3Aedge-erm

Done

14

See repository.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

15

 Module includes executable implementations of all endpoints in the provides section of the Module Descriptor

Module does not have handlers defined in the provides array of the ModuleDescriptor like many other modules.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

16

Environment vars are documented in the ModuleDescriptor

Please see MD.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

17

 If a module provides interfaces intended to be consumed by other FOLIO Modules, they must be defined in the Module Descriptor "provides" section

Please see MD.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/descriptors/ModuleDescriptor-template.json

Done

18

 All API endpoints are documented in RAML or OpenAPI

OpenAPI is used.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-erm/blob/master/src/main/resources/swagger.api/edge-erm.yaml

Done

19

 All API endpoints protected with appropriate permissions as per the following guidelines and recommendations, e.g. avoid using *.all permissions, all necessary module permissions are assigned, etc.

There are no endpoints defined in module descriptor.

@Steve Ellis

Acceptable

https://github.com/folio-org/edge-dcb/blob/master/descriptors/ModuleDescriptor-template.json

 

20

 Module provides reference data (if applicable), e.g. if there is a controlled vocabulary where the module requires at least one value

There is no reference data for this module.

@Steve Ellis

Acceptable

 

Done

21

 If provided, integration (API) tests must be written in an officially approved technology

API tests are written in Junit 5.

@Steve Ellis

Acceptable

 

Done

22

 Data is segregated by tenant at the storage layer

The module does not store data but forwards requests to FOLIO.

@Steve Ellis

Acceptable

 

Done

23

 The module doesn't access data in DB schemas other than its own and public

See above.

@Steve Ellis

Acceptable

 

Done

24

 The module responds with a tenant's content based on x-okapi-tenant header

For an edge module only the API Key is needed.

@Steve Ellis

Acceptable

 

Done

25

 Standard GET /admin/health endpoint returning a 200 response

Has spring boot actuator.

TODO Test this

@Steve Ellis

Acceptable

See application.yml and pom.xml.

Done

26

 High Availability (HA) compliant

  • Possible red flags:

    • Connection affinity / sticky sessions / etc. are used

    • Local container storage is used

    • Services are stateful

The module has no state since it only makes requests to FOLIO.

@Steve Ellis

Acceptable

 

Done

27

 Module only uses infrastructure / platform technologies on the officially approved technologies list.

  • e.g. PostgreSQL, ElasticSearch, etc.

It’s an edge module so this doesn’t apply. There are no platform technologies in use.

@Steve Ellis

Acceptable

 

Done