Archive: 2018

Should we spike or should we change how we do product backlog refinement?

Posted on by  
Jasper Bogers

The Scrum guide by scrum.org doesn’t mention spikes, but it has something else: the Product Backlog Refinement. And this often gets mistaken for a Scrum Event that puts the entire Development Team in a room with the Product Owner for half a day a week. The entire team then looks at the top of the product backlog and tries to uncover all the details there. They do this until enough uncertainties are uncovered and the team feels confident it can estimate. It gets worse when there is a project manager on board who needs estimations to discuss budgets and delivery dates before deciding whether he wants a story at all. This way, you end up spending a lot of time on value you’re not delivering. At some point, somebody will say: This is taking too long; let’s make it a spike and move on. And that’s not what spikes are for.

A spike is a concept from Extreme Programming (XP) where the team does a technical examination of possible solutions before committing to one to solve a requirement. Like many concepts from XP (for example: Daily Standup vs Daily Scrum), it’s found its way into many Scrum projects. The Scrum Alliance adopts and expands the concept by saying it is a story-like backlog item that yields information rather than a working increment of software. This information can be both technical or functional and is deemed necessary before deciding on whether or not to implement a functional story. And if so, it ensures that enough information is available to know how. The Scrum Alliance warns that a spike should be used sparingly, if at all.

Continue reading →

Transcoding gRPC to HTTP/JSON using Envoy

Posted on by  
Christophe Hesters

When building a service in gRPC you define the message and service definition in a .proto file. gRPC generates client, server and DTO implementations automatically for you in multiple languages. At the end of this post you will understand how to make your gRPC API also accessible via HTTP JSON by using Envoy as a transcoding proxy. You can test it out yourself by running the Java code in the attached github repo. For a quick introduction on gRPC itself, please read gRPC as an alternative to REST.

Once you have a working gRPC service, you can expose a gRPC service as an HTTP JSON API by simply adding some extra annotations to your service definition. Then you need a proxy that translates your HTTP JSON calls and passes them to your gRPC service. We call this process transcoding. Your service is then accessible via gRPC and via HTTP/JSON. I would prefer using gRPC most of the time because it’s more convenient and safer to work with type-safe generated code that follows the ‘contract’, but sometimes transcoding can come in handy:

  1. Your webapp can talk to your gRPC service using HTTP/JSON calls. https://github.com/grpc/grpc-web is a JavaScript gRPC implementation that can be used from within the browser. This project is promising but is not yet mature.

  2. Because gRPC uses a binary format on the wire, it can be hard to see what is actually being sent and received. Exposing it as an HTTP/JSON API makes it easier to inspect a service by using for example cURL or postman.

  3. If you are using a language for which no gRPC compiler exists, you can access it via HTTP/JSON.

  4. It paves the way for a smoother adoption of gRPC in your projects, allowing other teams to gradually transition.

Continue reading →

Micronaut Mastery: Configuration Property Name Is Lowercased And Hyphen Separated

Posted on by  
Hubert Klein Ikkink

In Micronaut we can inject configuration properties in different ways into our beans. We can use for example the @Value annotation using a string value with a placeholder for the configuration property name. If we don’t want to use a placeholder we can also use the @Property annotation and set the name attribute to the configuration property name. We have to pay attention to the format of the configuration property name we use. If we refer to a configuration property name using @Value or @Property we must use lowercased and hyphen separated names (also known as kebab casing). Even if the name of the configuration property is camel cased in the configuration file. For example if we have a configuration property sample.theAnswer in our application.properties file, we must use the name sample.the-answer to get the value.

In the following Spock specification we see how to use it in code. The specification defines two beans that use the @Value and @Property annotations and we see that we need to use kebab casing for the configuration property names, even though we use camel casing to set the configuration property values:

Continue reading →

Compliance as code using Ansible

Posted on by  
Jasper Bogers

Most companies have security compliance requirements that you need to take into account when creating your software. Similarly to how you can express infrastructure and tests as code, you can shift left security compliance concerns into your development team. This blog shows how a team I worked in used Ansible in a (GitLab) delivery pipeline to create compliant Amazon Machine Images (AMI) containing our application.

There are institutions that have taken it upon themselves to come up with security benchmarks that companies can start from. For example:

  • The Center for Internet Security (CIS) offers benchmarks for oft-used applications and operations systems.

  • The Defense Information Systems Agency (DISA) offers “technical guidance to lock down information systems/software that might otherwise be vulnerable to a malicious computer attack“ through their Security Technical Implementation Guides (STIGs).

Both contain builds of compliant operating systems that you could use as the basis of your machine image. The company I worked for required CentOS 7, and I went and looked for a CIS benchmark for that. The CIS website has a list of hardened images, but I took a different route for several reasons.

  1. We had to pick from a predefined list of (hardened) in-company images.

  2. I wanted to understand the CIS benchmark and be able to deviate where desirable, for example, if required in order for a COTS application to run.

  3. We had to make sure that once our development team was done making changes, the resulting image could be checked once more for CIS compliance. This was part of the compliance requirement for autonomy, meaning that if your team can prove it can manage compliance, it gets the seal of approval.

Continue reading →

Reduce the code to noise ratio of maven POMs

Posted on by  
Sander Smeman

I really like maven for the structured way it provides for defining and building a project. But sometimes I wish for a less verbose notation than the XML of the Project Object Model (POM). For example, gradles dependency notation is far shorter than mavens dependency declaration. Looking for a less verbose way to declare a maven POM, I discovered polyglot maven. It are maven extensions that allow the maven POM to eb written in another dialect than XML. Since you see YAML more and more I decided to try that dialect, and see if my maven descriptor would be clearer.

  1. Create a directory to work in, {projectdir}, and change into it.

  2. To register the extensions for maven, create a file {projectdir}/.mvn/extensions.xml and add the extension:

  3. Now it’s possile to write the maven POM in YAML, {projectdir}/pom.yml:

    By using the yaml inline map. or dictionary notation declaring a dependency uses way less characters then when using XML.

Continue reading →

Java's difficulties with Functional Programming

Posted on by  
Ties van de Ven

In my early days I spent most of my time fixing bugs on a huge enterprise application, so by now I learned from experience that a lot of bugs could have been easily prevented. This is why I prefer a Functional Programming style, I love how FP handles state. As a software consultant I get to switch companies and teams quite regularly and most projects I have been working on use java 7 or 8. This almost always leads to a few dicussions regarding programming style. So today I would like to talk about good FP principles, and how Java makes them hard (and why languages like Kotlin are awesome).

Most of my variables (95%+) are usually immutable, and I would like my compiler to check this for me. In Kotlin we have val and var to declare variables, val being immutable and val being mutable. To make a variable non-mutable in Java, we need to use the final keyword before all variables, including parameters to get the behaviour I desire.

Continue reading →

Infrastructure Automation on Google Cloud Platform

Posted on by  
Erik Pronk

Infrastructure automation basically is the process of scripting environments — from installing an OS to installing and configuring servers on instances. It also includes configuring how the instances and software communicate with one another, and much more. Automation allows you to redeploy your infrastructure or rebuild it from scratch, because you have a repeatable documented process. It also allows you to scale the same configuration to a single node or to thousands of nodes. In the past years, several open source and commercial tools have emerged to support infrastructure automation. These tools include Ansible, Chef, Terraform and Puppet. They support cloud platforms, but also virtual and physical environments. On Google Cloud Platform you have the possibility to use Cloud Deployment Manager. The Cloud Deployment Manager allows you to automate the configuration and deployment of your Google Cloud with parallel, repeatable deployments and template-driven configurations.

Continue reading →

Micronaut Mastery: Consuming Server-Sent Events (SSE)

Posted on by  
Hubert Klein Ikkink

Normally we would consume server-sent events (SSE) in a web browser, but we can also consume them in our code on the server. Micronaut has a low-level HTTP client with a SseClient interface that we can use to get server-sent events. The interface has an eventStream method with different arguments that return a Publisher type of the Reactive Streams API. We can use the RxSseClient interface to get back RxJava2 Flowable return type instead of Publisher type. We can also use Micronaut’s declarative HTTP client, which we define using the @Client annotation, that supports server-sent events with the correct annotation attributes.

In our example we first create a controller in Micronaut to send out server-sent events. We must create method that returns a Publisher type with Event objects. These Event objects can contains some attributes like id and name, but also the actual object we want to send:

Continue reading →

Securing Spring Microservices with Keycloak – Part 2

Posted on by  
Joost van Weenen

In the first part we setup a local Keycloak instance. In this blog we will see how we can leverage Keycloak to secure our frontend. For this purpose we will create a small Spring Boot application that will serve a webpage. The next and last blog will show how authentication can be used between services.

As mentioned we will create a small Spring Boot microservice and secure it using Spring Security and Keycloak. The service that we will create in this blog is the "frontend" Spring Service. It serves a simple web page that displays a hello message including the users email adres as registered in Keycloak. The next blog we will build the service and propagate the authorization from to frontend to service we cal. This way we build a complete Single Sign-On solution.

Continue reading →

Software Architecture in an Agile World

Posted on by  
Niels Dommerholt

"We’re agile! Just build it!" Or on the other hand; "agile does not support Software Architecture so we should stop doing agile". Two very different opinions that you can sometimes hear within the same company. Which one is right? Or are they both wrong? Should we stop doing architecture to be more agile? Why do we even need architecture? In this post I’ll give my view on the matter and hope to inspire you to combine Agile and Architecture in your organisation.

So what is Architecture? I like the quote by Ralph Johnson because it’s a clear and succinct definition:

Architecture is the decisions that you wish you could get right early in a project
— Ralph Johnson

Another quote I like that stresses the importance of thinking ahead:

Big design up front is dumb, but doing no design up front is even dumber
— Dave Thomas

So, according to Johnson and Thomas we want to get some bits and pieces right early in the project. We do want to think ahead before we build something, but we don’t want to fall into the trap of designing a system that, by the time it’s built, won’t fit what the business needs anymore.

On the other hand we have an agile process where we need to deliver something 'of value' to the customer every couple of weeks. How do we reconcile these two, since sitting in front of a whiteboard for days doesn’t really produce anything of direct value to the customer?

Continue reading →

Testing the Architecture: ArchUnit in Practice

Posted on by  
Niels Dommerholt

While many of the architectural challenges we have to deal with are big hard choices, there are also many smaller simpler ones.

From "don’t call repository classes from controllers" to "don’t have cyclic dependencies". In most projects I’ve worked on these are unwritten rules. But why not write them down in a way that we can also see if the rules get broken? Can we test these rules?

Continue reading →

shadow-left