The three challenges use the following technologies;
- GitHub for source control.
- Azure DevOps Service for Continuous Integration and Continuous Delivery
- Azure as the platform
- Terraform to define the infrastructure
- C# for the code
- ASP.NET Core for the example apps
- Azure App Service for Web Tier and API Tier
- Azure SQL Service for Data Tier
- Nuke.Build for CI build definitions
- Azure DevOps YAML CD pipeline definitions
At a high level the relevant urls are;
- Source Control: https://github.com/jaredfholgate/DevOpsTechChallenge
- CI Build Definitions: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.Web/build/Build.cs and https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.API/build/Build.cs
- CD Pipeline Definition: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/azure-pipelines.yml
- 3 Tier Infrastruction definition: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/Infrastructure/dotc.tf
- Pipeline results: https://jaredfholgate.visualstudio.com/DevOpsTechChallenge/_build?definitionId=5
- Live application API: https://jfh-dotc-api-as.azurewebsites.net/
- Live application Web: https://jfh-dotc-web-as.azurewebsites.net/
This challenge was completed using a Terraform defintion for the 3 Tier Infrastructure. The 3 Tiers are;
- Data: Azure SQL Service
- API: Azure App Service
- UI: Azure App Service
- The terraform defintion is here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/Infrastructure/dotc.tf
- The Azure DevOps Pipeline that runs the Terraform apply is here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/azure-pipelines.yml
- An example deployment where the infrastructure was created from scratch can be seen here: https://dev.azure.com/jaredfholgate/DevOpsTechChallenge/_build/results?buildId=213&view=logs&j=e5483be5-0b17-5c84-5a14-2851645699f7&t=42261f82-5dc6-542f-bc35-95201887d32f
- A live user interface to test is here: https://jfh-dotc-web-as.azurewebsites.net/
This challenge was completed using PowerShell run remotely via C#. A VM is provisioned using Terraform for the purpose of testing.
- The C# code and PowerShell can be seen here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.API/DevOpsTechChallenge.ChallengeTwo/VMQuery.cs
- Some integration tests are here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.API/DevOpsTechChallenge.ChallengeTwo.IntnTests/VMQueryTests.cs
- The VM Terraform is here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/Infrastructure/testvm.tf
- A live user interface to test is here: https://jfh-dotc-web-as.azurewebsites.net/
This challenge was completed using C#. I used JSON.NET, a well known Nuget package, to assist with parsing and finding the value defined by the key.
- The unit tests are here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.API/DevOpsTechChallenge.ChallengeThree.UnitTests/ParserTest.cs
- The implementation is here: https://github.com/jaredfholgate/DevOpsTechChallenge/blob/master/DevOpsTechChallenge.API/DevOpsTechChallenge.ChallengeThree/Parser.cs
- A live user interface to test is here: https://jfh-dotc-web-as.azurewebsites.net/
I limited the amount of time I spent on this, so couldn't achieve what I would for a fully production ready implementation. There are a number of improvements I would make to improve the solution, including but not limited to;
- Add an Application Gateway and WAF into the infrastructure design.
- Use a Hub and Spoke network design to enhance security.
- Implement robust monitoring and alerting, including cost alerts / quotas.
- Use a managed account to connect to SQL Server.
- Use Azure Key Vault for secrets.
- Add test environments and / or deployment slots.
- Approvals for production deployments if required.
- Branch polices in the GitHub repo for Pull Request enforcement.
- Static analysis for security (e.g. VeraCode), quality (e.g. SonarQube) and credential leaks.
- Make the User Interface a lot prettier and use a client library like React.
- Implement Authentication and Authorisation for the UI and API (OAuth).
- Better unit and integration test coverage for a production work load. Using SQL Lite or similar and self hosting to test at API layer.
- Consider the scale of the PaaS services based on predicted work load.
- SIEM implementation and dynamic security scanning or penetration testing.
- Better live documentation of the solution.
- Polices such as enforced tagging, restrictions on public ip addresses.
- Robust IAM, Multi Factor and PIM with AzureAD.
- Proper url and SSL certs for the Web and API apps.
- Regular checks for infrastructure integrity with Terraform.
- Better error handling and messages, especially in the API layer.
- Swagger, versioning and self documenting (HATEOAS) in the API.