2019-04-29 14:25:45 +02:00
# hsadminNg Development
2019-04-01 13:14:56 +02:00
2022-07-30 14:41:11 +02:00
This documents gives an overview of the development environment and tools.
For architecture consider the files in the `doc` and `adr` folder.
2022-07-29 15:39:35 +02:00
<!-- generated TOC begin: -->
- [Setting up the Development Environment ](#setting-up-the-development-environment )
2022-07-29 16:13:38 +02:00
- [PostgreSQL Server ](#postgresql-server )
- [Markdown ](#markdown )
- [Render Markdown embedded PlantUML ](#render-markdown-embedded-plantuml )
2022-10-03 11:09:36 +02:00
- [Render Markdown Embedded Mermaid Diagrams ](#render-markdown-embedded-mermaid-diagrams )
2022-08-26 16:54:46 +02:00
- [IDE Specific Settings ](#ide-specific-settings )
- [IntelliJ IDEA ](#intellij-idea )
2022-07-29 16:13:38 +02:00
- [Other Tools ](#other-tools )
2022-07-29 15:39:35 +02:00
- [Running the SQL files ](#running-the-sql-files )
2022-07-29 16:13:38 +02:00
- [For RBAC ](#for-rbac )
- [For Historization ](#for-historization )
2022-08-26 16:54:46 +02:00
- [Coding Guidelines ](#coding-guidelines )
- [Directory and Package Structure ](#directory-and-package-structure )
- [General Directory Structure ](#general-directory-structure )
- [Source Code Package Structure ](#source-code-package-structure )
2024-01-04 14:06:11 +01:00
- [Run Tests from Command Line ](#run-tests-from-command-line )
2022-08-26 16:54:46 +02:00
- [Spotless Code Formatting ](#spotless-code-formatting )
- [JaCoCo Test Code Coverage Check ](#jacoco-test-code-coverage-check )
- [PiTest Mutation Testing ](#pitest-mutation-testing )
2022-09-08 16:15:59 +02:00
- [Remark ](#remark )
2022-08-26 16:54:46 +02:00
- [OWASP Security Vulnerability Check ](#owasp-security-vulnerability-check )
- [Dependency-License-Compatibility ](#dependency-license-compatibility )
- [Dependency Version Upgrade ](#dependency-version-upgrade )
- [How To ... ](#how-to-... )
2022-10-03 11:09:36 +02:00
- [How to Configure .pgpass for the Default PostgreSQL Database? ](#how-to-configure-.pgpass-for-the-default-postgresql-database? )
2022-09-14 12:28:18 +02:00
- [How to Run the Tests Against a Local User-Space Podman Daemon? ](#how-to-run-the-tests-against-a-local-user-space-podman-daemon? )
2022-09-08 16:15:59 +02:00
- [Install and Run Podman ](#install-and-run-podman )
- [Use the Command Line to Run the Tests Against the Podman Daemon ](#use-the-command-line-to-run-the-tests-against-the-podman-daemon- )
- [Use IntelliJ IDEA Run the Tests Against the Podman Daemon ](#use-intellij-idea-run-the-tests-against-the-podman-daemon )
- [~/.testcontainers.properties ](#~/.testcontainers.properties )
2022-09-14 12:28:18 +02:00
- [How to Run the Tests Against a Remote Podman or Docker Daemon? ](#how-to-run-the-tests-against-a-remote-podman-or-docker-daemon? )
2022-09-08 16:15:59 +02:00
- [How to Run the Application on a Different Port? ](#how-to-run-the-application-on-a-different-port? )
2022-08-26 16:54:46 +02:00
- [How to Use a Persistent Database for Integration Tests? ](#how-to-use-a-persistent-database-for-integration-tests? )
2022-10-03 11:09:36 +02:00
- [How to Amend Liquibase SQL Changesets? ](#how-to-amend-liquibase-sql-changesets? )
- [How to Re-Generate Spring-Controller-Interfaces from OpenAPI specs? ](#how-to-re-generate-spring-controller-interfaces-from-openapi-specs? )
2024-01-04 14:06:11 +01:00
- [How to Generate Database Table Diagrams? ](#how-to-generate-database-table-diagrams? )
2022-08-26 16:54:46 +02:00
- [Further Documentation ](#further-documentation )
2022-07-29 15:39:35 +02:00
<!-- generated TOC end. -->
2019-04-29 14:25:45 +02:00
## Setting up the Development Environment
2019-04-01 13:14:56 +02:00
2022-07-30 14:41:11 +02:00
All instructions assume that you're using a current _Linux_ or _MacOS_ operating system.
Everything is tested on _Ubuntu Linux 22.04_ and _MacOS Monterey (12.4)_ .
2022-07-29 09:03:21 +02:00
To be able to build and run the Java Spring Boot application, you need the following tools:
2024-01-04 09:13:27 +01:00
- Docker 20.x (on MacOS you also need *Docker Desktop* or similar) or Podman
2024-01-06 18:12:25 +01:00
- optionally: PostgreSQL Server 15.5-bookworm
2022-08-05 13:10:11 +02:00
(see instructions below to install and run in Docker)
2024-02-01 14:48:15 +01:00
- The matching Java JDK at will be automatically installed by Gradle toolchain support to `~/.gradle/jdks/` .
2024-01-06 18:12:25 +01:00
- You also might need an IDE (e.g. *IntelliJ IDEA* or *Eclipse* or *VS Code* with *[STS](https://spring.io/tools)* and a GUI Frontend for *PostgreSQL* like *Postbird* .
2022-07-29 09:03:21 +02:00
2024-01-04 22:46:40 +01:00
If you have at least Docker and the Java JDK installed in appropriate versions and in your `PATH` , then you can start like this:
2022-07-29 09:03:21 +02:00
cd your-hsadmin-ng-directory
2024-12-03 12:39:19 +01:00
source .aliases # creates some comfortable bash aliases, e.g. 'gw'='./gradlew'
gw # initially downloads the configured Gradle version into the project
2022-07-29 09:03:21 +02:00
2024-12-03 12:39:19 +01:00
gw test # compiles and runs unit- and integration-tests - takes >10min even on a fast machine
gw scenarioTests # compiles and scenario-tests - takes ~1min on a decent machine
2022-07-29 09:03:21 +02:00
2023-07-19 09:43:06 +02:00
# if the container has not been built yet, run this:
2024-12-23 12:49:43 +01:00
pg-sql-run # downloads + runs PostgreSQL in a Docker container on localhost:5432
2024-12-03 12:39:19 +01:00
# if the container has been built already and you want to keep the data, run this:
2024-01-02 09:50:02 +01:00
pg-sql-start
2023-07-19 09:43:06 +02:00
2024-12-23 12:49:43 +01:00
Next, compile and run the application without CAS-authentication on `localhost:8080` :
export HSADMINNG_CAS_SERVER=
gw bootRun
For using the REST-API with CAS-authentication, see `bin/cas-curl` .
Now we can access the REST API, e.g. using curl:
2022-07-29 09:03:21 +02:00
2022-07-29 15:39:35 +02:00
# the following command should reply with "pong":
2024-12-23 12:49:43 +01:00
curl -f -s http://localhost:8080/api/ping
2022-07-29 15:39:35 +02:00
2022-07-29 16:13:38 +02:00
# the following command should return a JSON array with just all customers:
2024-12-23 12:49:43 +01:00
curl -f -s\
2024-09-16 15:36:37 +02:00
-H 'current-subject: superuser-alex@hostsharing .net' \
2024-12-03 12:39:19 +01:00
http://localhost:8080/api/test/customers \
| jq # just if `jq` is installed, to prettyprint the output
2022-07-29 09:03:21 +02:00
2022-08-25 11:06:24 +02:00
# the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
2024-12-23 12:49:43 +01:00
curl -f -s\
2024-09-17 14:21:43 +02:00
-H 'current-subject: superuser-alex@hostsharing .net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN ' \
2024-12-03 12:39:19 +01:00
http://localhost:8080/api/test/packages \
| jq
2022-07-29 16:13:38 +02:00
2022-08-02 14:31:48 +02:00
# add a new customer
2024-12-23 12:49:43 +01:00
curl -f -s\
2024-09-16 15:36:37 +02:00
-H 'current-subject: superuser-alex@hostsharing .net' -H "Content-Type: application/json" \
2022-08-25 11:06:24 +02:00
-d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt .example.com" }' \
2024-12-03 12:39:19 +01:00
-X POST http://localhost:8080/api/test/customers \
| jq
2022-08-02 14:31:48 +02:00
2022-09-14 09:56:22 +02:00
If you wonder who 'superuser-alex@hostsharing .net' and 'superuser-fran@hostsharing .net' are and where the data comes from:
2022-08-31 09:42:40 +02:00
Mike and Sven are just example global admin accounts as part of the example data which is automatically inserted in Testcontainers and Development environments.
2022-08-25 11:06:24 +02:00
Also try for example 'admin@xxx .example.com' or 'unknown@example .org'.
2022-07-29 09:03:21 +02:00
2022-07-30 14:41:11 +02:00
If you want a formatted JSON output, you can pipe the result to `jq` or similar.
2022-07-29 15:39:35 +02:00
2025-01-08 12:34:18 +01:00
And to see the full, currently implemented, API, open http://localhost:8081/actuator/swagger-ui/index.html (uses management-port and thus bypasses authentication).
2022-08-03 09:06:21 +02:00
2022-07-29 09:03:21 +02:00
If you still need to install some of these tools, find some hints in the next chapters.
2022-07-22 13:31:37 +02:00
### PostgreSQL Server
2019-05-01 14:37:22 +02:00
2024-01-06 18:12:25 +01:00
You could use any PostgreSQL Server (version 15) installed on your machine.
2022-07-29 09:03:21 +02:00
You might amend the port and user settings in `src/main/resources/application.yml` , though.
2022-07-28 10:43:49 +02:00
2022-07-29 09:03:21 +02:00
But the easiest way to run PostgreSQL is via Docker.
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
Initially, pull an image compatible to current PostgreSQL version of Hostsharing:
2019-05-01 14:37:22 +02:00
2024-01-02 13:28:56 +01:00
docker pull postgres:15.5-bookworm
2019-05-01 14:37:22 +02:00
2022-07-28 10:43:49 +02:00
< big > **& #9888 ; **</ big >
If we switch the version, please also amend the documentation as well as the aliases file. Thanks!
2022-07-22 13:31:37 +02:00
Create and run a container with the given PostgreSQL version:
2019-05-01 14:37:22 +02:00
2024-01-02 13:28:56 +01:00
docker run --name hsadmin-ng-postgres -e POSTGRES_PASSWORD=password -p 5432:5432 -d postgres:15.5-bookworm
2019-05-01 14:37:22 +02:00
2022-07-28 10:43:49 +02:00
# or via alias:
pg-sql-run
2022-07-22 13:31:37 +02:00
To check if the PostgreSQL container is running, the following command should list a container with the name "hsadmin-ng-postgres":
2019-05-01 14:37:22 +02:00
2022-07-28 10:43:49 +02:00
docker container ls
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
Stop the PostgreSQL container:
docker stop hsadmin-ng-postgres
2022-07-28 10:43:49 +02:00
# or via alias: pg-sql-stop
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
Start the PostgreSQL container again:
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
docker container start hsadmin-ng-postgres
2022-07-28 10:43:49 +02:00
# or via alias: pg-sql-start
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
Remove the PostgreSQL container:
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
docker rm hsadmin-ng-postgres
2022-07-28 10:43:49 +02:00
# or via alias:
pg-sql-remove
To reset to a clean database, use:
pg-sql-stop; pg-sql-remove; pg-sql-run
# or via alias:
pg-sql-reset
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
After the PostgreSQL container is removed, you need to create it again as shown in "Create and run ..." above.
2019-05-01 14:37:22 +02:00
2022-07-26 13:19:17 +02:00
Given the container is running, to create a backup in ~/backup, run:
2022-07-28 10:43:49 +02:00
docker exec -i hsadmin-ng-postgres /usr/bin/pg_dump --clean --create -U postgres postgres | gzip -9 > ~/backup/hsadmin-ng-postgres.sql.gz
# or via alias:
pg-sql-backup >~/backup/hsadmin-ng-postgres.sql.gz
2022-07-26 13:19:17 +02:00
Again, given the container is running, to restore the backup from ~/backup, run:
gunzip --stdout --keep ~/backup/hsadmin-ng-postgres.sql.gz | docker exec -i hsadmin-ng-postgres psql -U postgres -d postgres
2022-07-28 10:43:49 +02:00
# or via alias:
pg-sql-restore < ~/backup/hsadmin-ng-postgres.sql.gz
2022-07-26 13:19:17 +02:00
2022-07-29 15:39:35 +02:00
### Markdown
2019-05-01 14:37:22 +02:00
2022-07-29 15:39:35 +02:00
To generate the TOC (Table of Contents), a little bash script from a
[Blog Article ](https://medium.com/@acrodriguez/one-liner-to-generate-a-markdown-toc-f5292112fd14 ) was used.
2022-10-03 11:09:36 +02:00
Given this is in PATH as `md-toc` , use:
```shell
2024-01-04 14:06:11 +01:00
md-toc < README.md 2 4 | cut -c5- '
2022-10-03 11:09:36 +02:00
```
2022-07-29 15:39:35 +02:00
To render the Markdown files, especially to watch embedded PlantUML diagrams, you can use one of the following methods:
#### Render Markdown embedded PlantUML
Can you see the following diagram right in your IDE?
2022-07-30 14:41:11 +02:00
I mean a real graphic diagram, not just some markup code.
2019-05-08 10:56:48 +02:00
2022-07-22 13:31:37 +02:00
```plantuml
@startuml
me -> you: Can you see this diagram?
you -> me: Sorry, I don't :-(
me -> you: Install some tooling!
@enduml
```
2019-05-08 10:56:48 +02:00
2022-07-22 13:31:37 +02:00
If not, you need to install some tooling.
2019-05-08 10:56:48 +02:00
2022-07-29 15:39:35 +02:00
##### for IntelliJ IDEA (or derived products)
2019-05-08 10:56:48 +02:00
2022-08-04 14:56:19 +02:00
You just need the bundled Markdown plugin enabled and install and activate the PlantUML plugin in its [settings ](jetbrains://idea/settings?name=Languages+%26+Frameworks--Markdown ).
2019-05-08 10:56:48 +02:00
2022-07-22 13:31:37 +02:00
You might also need to install Graphviz on your operating system.
For Debian-based Linux systems this might work:
2019-05-08 10:56:48 +02:00
2022-07-22 13:31:37 +02:00
```sh
sudo apt install graphviz
```
2019-05-08 10:56:48 +02:00
2022-07-29 15:39:35 +02:00
##### Ubuntu Linux command line
2019-05-08 10:56:48 +02:00
2024-01-04 13:24:04 +01:00
1. Install Pandoc with some extra libraries:
```shell
sudo apt-get install pandoc texlive-latex-base texlive-fonts-recommended texlive-extra-utils texlive-latex-extra pandoc-plantuml-filter
2022-07-22 13:31:37 +02:00
```
2019-05-01 14:37:22 +02:00
2024-01-04 13:24:04 +01:00
2. Install mermaid-filter, e.g. this way:
```shell
npm install -g mermaid-filter
```
3. Run Pandoc to generate a PDF from a Markdown file with PlantUML and Mermaid diagrams:
```shell
pandoc --filter mermaid-filter --filter pandoc-plantuml rbac.md -o rbac.pdf
2022-07-22 13:31:37 +02:00
```
2019-05-01 14:37:22 +02:00
2022-07-29 15:39:35 +02:00
##### for other IDEs / operating systems
2019-05-01 14:37:22 +02:00
2022-07-22 13:31:37 +02:00
If you have figured out how it works, please add instructions above this section.
2022-07-28 10:43:49 +02:00
2022-10-03 11:09:36 +02:00
#### Render Markdown Embedded Mermaid Diagrams
2024-01-04 13:24:04 +01:00
The source of RBAC role diagrams are much easier to read with Mermaid than with PlantUML or GraphViz, that's also the main reason Mermaid is used.
2022-10-03 11:09:36 +02:00
Can you see the following diagram right in your IDE?
I mean a real graphic diagram, not just some markup code.
@startuml
me -> you: Can you see this diagram?
you -> me: Sorry, I don't :-(
me -> you: Install some tooling!
@enduml
```mermaid
graph TD;
A[Can you see this diagram?];
A --> yes;
A --> no;
no --> F[Follow the instructions below!]
F --> yes
yes --> E[Then everything is fine.]
```
If not, you need to install some tooling.
##### for IntelliJ IDEA (or derived products)
2024-01-04 13:24:04 +01:00
1. Activate the bundled Jebrains Markdown PlantUML Extension via
[File | Settings | Languages & Frameworks | Markdown ](jetbrains://idea/settings?name=Languages+%26+Frameworks--Markdown )
2. Install the Jetbrains Mermaid plugin: https://plugins.jetbrains.com/plugin/20146-mermaid, it also works embedded in Markdown files.
2022-10-03 11:09:36 +02:00
2024-01-04 13:24:04 +01:00
Now the above diagram should be rendered.
2022-10-03 11:09:36 +02:00
##### for other IDEs / command-line / operating systems
If you have figured out how it works, please add instructions above this section.
2022-08-05 13:10:11 +02:00
### IDE Specific Settings
#### IntelliJ IDEA
2024-01-04 14:06:11 +01:00
##### Build Settings
2022-08-05 13:10:11 +02:00
Go to [Gradle Settings}(jetbrains://idea/settings?name=Build%2C+Execution%2C+Deployment--Build+Tools--Gradle) and select "Build and run using" and "Run tests using" both to "gradle".
Otherwise, settings from `build.gradle` , like compiler arguments, are not applied when compiling through *IntelliJ IDEA* .
2024-01-04 14:06:11 +01:00
##### Annotation Processor
2022-08-05 13:10:11 +02:00
Go to [Annotations Processors ](jetbrains://idea/settings?name=Build%2C+Execution%2C+Deployment--Compiler--Annotation+Processors ) and activate annotation processing.
Otherwise, *IntelliJ IDEA* can't see *Lombok* generated classes
and will show false errors (missing identifiers).
2024-01-04 14:06:11 +01:00
##### Suggested Plugins
- [Jetbrains Mermaid Integration ](https://plugins.jetbrains.com/plugin/20146-mermaid )
- [Vojtěch Krása PlantUML Integration ](https://plugins.jetbrains.com/plugin/7017-plantuml-integration )
2022-07-29 15:39:35 +02:00
### Other Tools
2022-07-30 14:41:11 +02:00
**jq**: a JSON formatter.
On _Debian_ 'oid systems you can install it with `sudo apt-get install jq` .
On _MacOS_ you can install it with `brew install jq` , given you have _brew_ installed.
2022-07-28 10:43:49 +02:00
## Running the SQL files
### For RBAC
2022-07-29 09:03:21 +02:00
The Schema is automatically created via *Liquibase* , a database migration library.
Currently, also some test data is automatically created.
2022-07-28 10:43:49 +02:00
2022-07-29 09:03:21 +02:00
To increase the amount of test data, increase the number of generated customers in `2022-07-28-051-hs-customer.sql` and run that
2022-07-28 10:43:49 +02:00
If you already have data, e.g. for customers 0..999 (thus with reference numbers 10000..10999) and want to add another 1000 customers, amend the for loop to 1000...1999 and also uncomment and amend the `CONTINUE WHEN` or `WHERE` conditions in the other test data generators, using the first new customer reference number (in the example that's 11000).
### For Historization
2022-07-29 09:03:21 +02:00
The historization is not yet integrated into the *Liquibase* -scripts.
You can explore the prototype as follows:
2022-07-28 10:43:49 +02:00
- start with an empty database
(the example tables are currently not compatible with RBAC),
2022-07-29 09:03:21 +02:00
- then run `historization.sql` in the database,
- finally run `examples.sql` in the database.
2022-08-02 11:51:36 +02:00
2022-08-04 09:41:27 +02:00
## Coding Guidelines
### Directory and Package Structure
2022-08-05 13:10:11 +02:00
#### General Directory Structure
2022-08-08 17:57:02 +02:00
`.aliases`
Shell-aliases for common tasks.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`build/`
Output directory for gradle build results. Ignored by git.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`build.gradle`
Gradle build-file. Contains dependencies and build configurations.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`doc/`
Contains project documentation.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`.editorconfig`
Rules for indentation etc. considered by many code editors.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`etc/`
Miscellaneous configurations, as long as these don't need to be in the rood directory.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`.git/`
Git repository. Do not temper with this!
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`.gitattributes`
Git configurations regarding text file format conversion between operating systems.
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`.gitignore`
Git configuration regarding which files and directories should be ignored (not checked in).
2022-08-05 13:10:11 +02:00
2022-08-08 17:57:02 +02:00
`.gradle/`
Config files created by `gradle wrapper` . Ignored by git.
`gradle/`
The gradle distribution downloaded by `gradle wrapper` . Ignored by git.
`gradlew` and `gradlew.bat` use these batches to run gradle for builds etc.
`.idea/` (optional)
Config and cache files created by *IntelliJ IDEA* . Ignore by git.
`LICENSE.md`
Contains the license used for this software.
`out/` (optional)
Build output created by *IntelliJ IDEA". Ignored by git.
`README.md`
Contains an overview about how to build the project and the used tools.
`.run/` (optional)
Created by *IntelliJ IDEA* to contain run and debug configurations.
`settings.gradle`
Configuration file for gradle.
`sql/`
Contains SQL scripts for experiments and useful tasks.
Most of this will sooner or later be moved to Liquibase-scripts.
`src/`
The actual source-code, see [Source Code Package Structure ](#source-code-package-structure ) for details.
`tools/`
Some shell-scripts to useful tasks.
2022-08-05 13:10:11 +02:00
#### Source Code Package Structure
For the source code itself, the general standard Java directory structure is used, where productive and test code are separated like this:
2022-08-04 09:41:27 +02:00
```
src
main/
java/
net.hostsharing.hasadminng/
resources/
test/
java/
net.hostsharing.hasadminng/
resources/
```
The Java package structure below contains:
- config and global (utility) packages,
these should not access any other packages within the project
- rbac, containing all packages related to the RBAC subsystem
- hs, containing Hostsharing business object related packages
Underneath of rbac and hs, the structure is business oriented, NOT technical / layer -oriented.
Some of these rules are checked with *ArchUnit* unit tests.
2022-08-04 12:26:41 +02:00
2024-01-02 11:21:22 +01:00
### Run Tests from Command Line
Run all tests which have not yet been passed with the current source code:
```shell
gw test
```
Force running all tests:
```shell
gw cleanTest test
```
2022-08-04 09:41:27 +02:00
### Spotless Code Formatting
Code formatting for Java is checked via *spotless* .
The formatting style can be checked with this command:
```shell
gw spotlessCheck
```
2022-08-04 12:26:41 +02:00
This task is also included in `gw build` and `gw check` .
2022-08-04 09:41:27 +02:00
To apply formatting rules, use:
```shell
gw spotlessApply
```
2022-08-19 10:11:19 +02:00
### JaCoCo Test Code Coverage Check
This project uses the JaCoCo test code coverage report with limit checks.
It can be executed with:
```shell
gw jacocoTestReport
```
This task is also automatically run after `gw test` .
It is configured in [build.gradle ](build.gradle ).
A report is generated under [build/reports/jacoco/tests/test/index.html ](./build/reports/jacoco/test/html/index.html ).
Additionally, quality limits are checked via:
```shell
gw jacocoTestCoverageVerification
```
This task is also executed as part of `gw check` .
2022-08-26 16:54:46 +02:00
### PiTest Mutation Testing
PiTest mutation testing is configured for unit tests.
It can be executed with:
```shell
gw pitest
```
Classes to be scanned, tests to be executed and thresholds are configured in [build.gradle ](build.gradle ).
A report is generated under [build/reports/pitest/index.html ](./build/reports/pitest/index.html ).
A link to the report is also printed after the `pitest` run.
This task is also executed as part of `gw check` .
#### Remark
In this project, there is little business logic in *Java* code;
most business code is in *plsql*
and *Java* ist mostly used for mapping REST calls to database queries.
This mapping ist mostly done through *Spring* annotations and other implicit code.
Therefore, there are only few unit tests and thus mutation testing has limited value.
We'll see if this changes when the project progresses and more validations are added.
2022-08-04 12:26:41 +02:00
### OWASP Security Vulnerability Check
2024-10-10 09:31:43 +02:00
An OWASP security vulnerability is configured, but you need an API key.
Fetch it from https://nvd.nist.gov/developers/request-an-api-key.
Then add it to your `~/.gradle/gradle.properties` file:
```
OWASP_API_KEY=........-....-....-....-............
```
Now you can run the dependency vulnerability check:
2022-08-04 12:26:41 +02:00
```shell
2024-10-10 09:31:43 +02:00
gw dependencyCheckUpdate
2022-08-04 12:26:41 +02:00
gw dependencyCheckAnalyze
```
This task is also included in `gw build` and `gw check` .
It is configured in [build.gradle ](build.gradle ).
Often vulnerability reports don't apply to our use cases.
Therefore, reports can be [suppressed ](./etc/owasp-dependency-check-suppression.xml ).
In case of suppression, a note must be added to explain why it does not apply to us.
See also: https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html.
2022-08-08 10:03:26 +02:00
### Dependency-License-Compatibility
2022-08-04 09:41:27 +02:00
2022-08-08 10:03:26 +02:00
The `gw check` phase depends on a dependency-license-compatibility check.
If any dependency violates the configured [list of allowed licenses ](etc/allowed-licenses.json ), the build will fail.
New licenses can be added to that list after a legal investigation.
< big > **& #9888 ; **</ big >
*GPL* (*GNU General Public License*) is only allowed with classpath exception.
Do < u > not</ u > use any dependencies under *GPL* without this exception,
2022-08-08 12:12:02 +02:00
except if these offer an alternative license which is allowed.
*LGPL* (*GNU < u > Library< / u > General Public License*) is also allowed.
2022-08-08 10:03:26 +02:00
To run just the dependency-license-compatibility check, use:
```shell
gw checkLicense
```
If the check fails, a report can be found here: The generated license can be found under [dependencies-without-allowed-license.json ](/build/reports/dependency-license/dependencies-without-allowed-license.json ).
And to generate a report, use:
```shell
gw generateLicenseReport
```
The generated license can be found here: [index.html ](build/reports/dependency-license/index.html ).
More information can be found on the [project's website ](https://github.com/jk1/Gradle-License-Report ).
2022-08-24 18:27:40 +02:00
### Dependency Version Upgrade
Dependency versions can be automatically upgraded to the latest available version:
```shell
gw useLatestVersions
```
2024-09-26 10:51:27 +02:00
Afterward, `gw check` is automatically started.
2022-08-24 18:27:40 +02:00
Please only commit+push to master if the check run shows no errors.
2022-09-14 12:28:18 +02:00
More infos, e.g. on blacklists see on the [project's website ](https://github.com/patrikerdes/gradle-use-latest-versions-plugin ).
2022-08-24 18:27:40 +02:00
2024-09-26 10:51:27 +02:00
## Biggest Flaws in our Architecture
### The RBAC System is too Complicated
Now, where we have a better experience with what we really need from the RBAC system, we have learned
that and creates too many (grant- and role-) rows and too even tables which could be avoided completely.
The basic idea is always to always have a fixed set of ordered role-types which apply for all DB-tables under RBAC,
e.g. OWNER>ADMIN>AGENT\[>PROXY?\]>TENENT>REFERRER.
2024-11-25 16:06:24 +01:00
Grants between these for the same DB-row would be implicit by order comparison.
2024-09-26 10:51:27 +02:00
This way we would get rid of all explicit grants within the same DB-row
and would not need the `rbac.role` table anymore.
We would also reduce the depth of the expensive recursive CTE-query.
This has to be explored further.
For now, we just keep it in mind and
### The Mapper is Error-Prone
Where `org.modelmapper.ModelMapper` reduces bloat-code a lot and has some nice features about recursive data-structure mappings,
it often causes strange errors which are hard to fix.
E.g. the uuid of the target main object is often taken from an uuid of a sub-subject.
(For now, use `StrictMapper` to avoid this, for the case it happens.)
2024-11-25 16:06:24 +01:00
### Too Many Business-Rules Implemented in Controllers
Some REST-Controllers implement too much code for business-roles.
This should be extracted to services.
2022-08-08 10:03:26 +02:00
## How To ...
2024-11-25 16:06:24 +01:00
Besides the following *How Tos* you can also find several *How Tos* in the source code:
```sh
grep -r HOWTO src
```
2022-09-22 12:33:54 +02:00
### How to Configure .pgpass for the Default PostgreSQL Database?
To access the default database schema as used during development, add this line to your `.pgpass` file in your users home directory:
```
localhost:5432:postgres:postgres:password
```
Amend host and port if necessary.
2022-09-08 16:15:59 +02:00
2022-09-14 12:28:18 +02:00
### How to Run the Tests Against a Local User-Space Podman Daemon?
2022-09-08 16:15:59 +02:00
2022-09-14 12:28:18 +02:00
Using a normal Docker daemon running as root has some security issues.
2022-09-08 16:15:59 +02:00
As an alternative, this chapter shows how you can run a Podman daemon in user-space.
#### Install and Run Podman
You can find directions in [this project on Github ](https://stackoverflow.com/questions/71549856/testcontainers-with-podman-in-java-tests )
Summary for Debian-based Linux systems:
1. Install Podman, e.g. like this:
```shell
2022-09-14 12:28:18 +02:00
sudo apt-get -y install podman
2022-09-08 16:15:59 +02:00
```
2024-01-02 12:20:19 +01:00
It is possible to move the storage directory to /tmp, e.g. to increase performance or to avoid issues with NFS mounted home directories:
```shell
cat .config/containers/storage.conf
[storage]
driver = "vfs"
graphRoot = "/tmp/containers/storage"
```
2. Then start it like this:
2022-09-15 11:19:04 +02:00
```shell
2022-09-08 16:15:59 +02:00
systemctl --user enable --now podman.socket
systemctl --user status podman.socket
ls -la /run/user/$UID/podman/podman.sock
2022-09-15 11:19:04 +02:00
```
These commands are also available in `.aliases` as `podman-start` .
2022-09-08 16:15:59 +02:00
#### Use the Command Line to Run the Tests Against the Podman Daemon
1. In a local shell. in which you want to run the tests, set some environment variables:
```shell
export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"
export TESTCONTAINERS_RYUK_DISABLED=true
```
2022-09-15 11:19:04 +02:00
These commands are also available in `.aliases` as `podman-use` .
2022-09-08 16:15:59 +02:00
Disabling RYUK is necessary, because it's not supported by Podman.
Supposedly this means that containers are not properly cleaned up after test runs,
but I could not see any remaining containers after test runs.
If we are running into problems with stale containers,
we need to register a shutdown-hook in the test source code.
2. Now You Can Run the Tests
```shell
2024-01-02 11:21:22 +01:00
gw test # gw is from the .aliases file
2022-09-08 16:15:59 +02:00
```
#### Use IntelliJ IDEA Run the Tests Against the Podman Daemon
2022-09-14 12:28:18 +02:00
To run the tests against a Podman Daemon in IntelliJ IDEA too, you also need to set the environment variables `DOCKER_HOST` and `TESTCONTAINERS_RYUK_DISABLED` as show above.
2022-09-08 16:15:59 +02:00
This can either be done in the environment from which IDEA is started.
2022-09-14 13:02:57 +02:00
Or you can use the run config template for gradle to set these variables:
![IntelliJ IDEA Gradle Run Template ](./doc/.images/intellij-idea-gradle-run-template.png )
If you already have Gradle run configs, you need to delete them, so they get re-created from the template.
Alternatively you need to add the environment varibles here too:
![IntelliJ IDEA Gradle Run Config Example ](./doc/.images/intellij-idea-gradle-run-config.png )
2022-09-08 16:15:59 +02:00
Find more information [here ](https://www.jetbrains.com/help/idea/run-debug-configuration.html ).
2022-09-14 13:02:57 +02:00
2022-09-08 16:15:59 +02:00
#### ~/.testcontainers.properties
It should be possible to set these environment variables in `~/.testcontainers.properties` ,
but it did not work so far.
Maybe a problem with quoting.
If you manage to make it work, please amend this documentation, thanks.
2022-09-14 12:28:18 +02:00
### How to Run the Tests Against a Remote Podman or Docker Daemon?
2022-09-08 16:15:59 +02:00
2022-09-14 12:28:18 +02:00
1. On the remote host, you need to have a Podman or Docker daemon running on a port accessible from the Internet.
2022-09-08 16:15:59 +02:00
Probably, you want to protect it with a VPN, but that's not part of this documentation.
e.g. to make Podman listen to a port, run this:
```shell
podman system service -t 0 tcp:HOST:PORT # please replace HOST+PORT
```
2. In a local shell. in which you want to run the tests, set some environment variables:
```shell
export DOCKER_HOST=tcp://HOST:PORT # please replace HOST+PORT again
export TESTCONTAINERS_RYUK_DISABLED=true # only for Podman
```
Regarding RYUK, see also in the directions for a locally running Podman, above.
3. Now you can run the tests:
```shell
gw clean test # gw is from the .aliases file
```
2022-09-14 12:28:18 +02:00
For information about how to run the tests in IntelliJ IDEA against a remote Podman daemon, see also in the chapter above just with the HOST:PORT-based DOCKER_HOST.
2022-09-08 16:15:59 +02:00
### How to Run the Application on a Different Port?
2022-08-04 13:07:16 +02:00
By default, `gw bootRun` starts the application on port 8080.
This port can be changed in
[src/main/resources/application.yml ](src/main/resources/application.yml ) through the property `server.port` .
2022-08-02 11:51:36 +02:00
### How to Use a Persistent Database for Integration Tests?
Usually, the `DataJpaTest` integration tests run against a database in a temporary docker container.
As soon as the test ends, the database is gone; this might make debugging difficult.
2022-08-04 13:07:16 +02:00
Alternatively, a persistent database could be used by amending the
[resources/application.yml ](src/main/resources/application.yml ) through the property `spring.datasource.url` in [src/test/resources/application.yml ](src/test/resources/application.yml ) , e.g. to the JDBC-URL from [src/main/resources/application.yml ](src/main/resources/application.yml ).
2022-08-02 11:51:36 +02:00
If the persistent database and the temporary database show different results, one of these reasons could be the cause:
1. You might have some changesets only running in either context,
check the `context: ...` in the changeset control lines.
2. You might have changes in the database which interfere with the tests,
e.g. from a previous run of tests or manually applied.
It's best to run `pg-sql-reset && gw bootRun` before each test run, to have a clean database.
2022-10-03 11:09:36 +02:00
### How to Amend Liquibase SQL Changesets?
2022-08-02 14:31:48 +02:00
Liquibase changesets are meant to be immutable and based on each other.
That means, once a changeset is written, it never changes, not even a whitespace or comment.
Liquibase is a *database migration tool* , not a *database initialization tool* .
This, if you need to add change a table, stored procedure or whatever,
create a new changeset and apply `ALTER` , `DROP` , `CREATE OR REPLACE` or whatever SQL commands to perform your changes.
These changes will be automatically applied once the application starts up again.
This way, any staging or production database will always match the application code.
But, during initial development that can be a big hassle because the database structure changes a lot in that stage.
Also, the actual structure of the database won't be easily recognized anymore through lots of migration changesets.
Therefore, during initial development, it's good approach just to amend the existing changesets and delete the database:
```shell
pg-sql-reset
gw bootRun
```
< big > **& #9888 ; **</ big >
Just don't forget switching to the migration mode, once there is a production database!
2022-08-04 10:35:28 +02:00
2022-10-03 11:09:36 +02:00
### How to Re-Generate Spring-Controller-Interfaces from OpenAPI specs?
The API is described as OpenAPI specifications in `src/main/resources/api-definition/` .
Once generated, the interfaces for the Spring-Controllers can be found in `build/generated/sources/openapi` .
These interfaces have to be implemented by subclasses named `*Controller` .
2022-10-28 15:57:06 +02:00
All gradle tasks which need the generated interfaces depend on the Gradle task `openApiGenerate` which controls the code generation.
2022-10-03 11:09:36 +02:00
It can also be executed directly:
```shell
2022-10-28 15:57:06 +02:00
gw openApiGenerate
2022-10-03 11:09:36 +02:00
```
2022-10-16 18:50:32 +02:00
### How to Generate Database Table Diagrams?
Some overview documentation about the database can be generated via [postgresql_autodoc ](https://github.com/cbbrowne/autodoc" ).
To make it easier, the command line is included in the `.aliases` , just call:
```shell
postgres-autodoc
```
The output will list the generated files.
2022-10-03 11:09:36 +02:00
2024-12-23 12:49:43 +01:00
### How to Add (Real) Admin Users
```sql
DO $$
DECLARE
-- replace with your admin account names
admin_users TEXT[] := ARRAY['admin-1', 'admin-2', 'admin-3'];
admin TEXT;
BEGIN
-- run as superuser
call base.defineContext('adding real admin users', null, null, null);
-- for all new admin accounts
FOREACH admin IN ARRAY admin_users LOOP
call rbac.grantRoleToSubjectUnchecked(
rbac.findRoleId(rbac.global_ADMIN()), -- granted by role
rbac.findRoleId(rbac.global_ADMIN()), -- role to grant
rbac.create_subject(admin)); -- creates the new admin account
END LOOP;
END $$;
```
2022-08-04 10:35:28 +02:00
## Further Documentation
- the `doc` directory contains architecture concepts and a glossary
2024-04-02 13:14:46 +02:00
- the `ideas` directory contains unstructured ideas for future development or documentation