Thursday, October 5, 2017

Book Review: RESTful Web Clients

RESTful Web Clients is written by guru Mike Amundsen who amongst other things co-authored RESTful Web APIs with REST guru Leonard Richardson and Sam Ruby.

The book's primary focus is on the hypermedia aspect of REST, particularly from the client's perspective.   As Roy Fielding detailed in this famous blog post "if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST APIand let's face it, we have all seen APIs purporting to be REST with no hypermedia whatsoever with lots of coupling between client and server.  Some of this is just down to basic ignorance and some of it probably down to misunderstanding the Richardson Maturity Model

Rather than begin with a summary of Fielding's dissertation like most material on REST, this book  begins with details of a simple web application that uses JSON RPC APIs.  From the simple example Amundsen shows that while the JSON RPC approach functionally works, it results in a lot of coupling between client and server meaning that if the APIs need to change it will be difficult to do that easily as the client(s) with all its hardcoded of contracts will be impacted.  And we know software does need to change from time to time right?

Amundsen distills the coupling with the JSON RPC approach into three distinct types which can be considered and assessed individually:
  • Objects - the JSON objects that appear in API responses.  Clients need to be able to understand them to handle a simple a response to a GET request
  • Addresses - the URLs clients needs to know to invoke requests
  • Actions  - details methods and arguments for all non-trivial operations. Again clients need to know this before invoking requests.  
With the coupling clearly demonstrated, the scene is nicely set to move onto one of key advantages of a REST style archictecture: reducing coupling through hypermedia.

To explain this advantage, Amundsen again uses the approach of specific examples.  Firstly, by detailing the  JSON hypermedia type HAL.   Using this approach reduces the Address coupling and examples of how generic response handling can be written on the client to leverage and take advantage of this decoupling are detailed.  However HAL doesn't solve everything.  Without a custom extension there is still coupling to the JSON Objects and the possible Actions available to the client.  A work around to this is given and I would highly recommend anyone considering using HAL to read Chapter 4.

Next up is another JSON hypermedia type known as SirenKevin Swiber designed Siren and registered it with IANA in 2012.

Siren splits response entities into:
  • class  - this is an array, the values of which indicate what the current resource represents e.g. Customer, Person
  • properties - set of name-value pairs
  • entities - a list of linked and representational sub entities
  • actions - contains a set of valid operations of the associated entity and how to invoke those operations including a list of fields which match HTML5 input types (hidden, text, number).  This is something not in HAL that helps reduce client-server coupling further
  • links - links to other resources.  Each link has a class, href, rel, title, type property
Siren  reduces coupling to Addresses and Actions, however it does not reduce coupling to Objects.  There is no meta-data specification for the class type meaning the client has to hardcode the structure of the object somewhere.   Like HAL it is possible to create a custom extension but this is not part of the Siren specification.
The third hypermedia type detailed is Collection+JSON format (Cj). Interestingly, this format was designed by the author himself.    The basic elements of a Cj message are:
  • Links - Simlar to HAL and Siren links
  • Items - Similar to HAL and Siren properties and also includes meta data about the properties
  • Queries - Information on how to construct various reads (HTTP GETs)
  • Templates - Information on how to construct various writes (HTTP POSTs, PUTs, DELETEs...)
  • error - information ref errors
The key point here is that since Cj includes the metadata about the items, it decouples the client from the Objects in the JSON responses something both HAL and Siren could only achieve with custom extensions.
So which format? Well two good points to make here:
  1. That can be a practical decision and not just a technical one.  You may prefer Cj because out of the box it achieves most decoupling, but your customer may be used to and prefer HAL.
  2. Rather than trying to support every possible format, think about architecting so it possible to support extra formats if you need to.  The approach suggested is described in the Amundsen's Representor pattern - which is inspired from the Message Translator  Pattern
So in summary, this is another great REST book from O'Reilly.  The style of the book in general is pragmatic rather than academic.  It really emphasizes and demostrates the importance of hypermedia in REST APIs and is backed up with practical examples.  The central argument in the book is that Cj achieves the most decoupling.  Even if it was written by the author, the argument is well made and I don't think it would be fair to make accusations of any selection bias since he does detail how you can extend Siren and HAL to achieve the same level of decoupling.

Bottom line - if you want to understand the hypermedia aspects of REST, read this book.

Sunday, August 13, 2017

From Developer to Architect: Patterns, Architecture Types, Soft Skills, and Continuous Delivery (Video Tutorial)

O’Reilly don’t just publish great technology books they also do some great video tutorials which are available from Safari.  I recently just finished the series: From Developer to Architect: Patterns, Architecture Types, Soft Skills, and Continuous Delivery which consists of tutorial style videos about architectural patterns and anti-patterns, soft skills and a run through of some DevOps ideas and best practices.  All the 17 tutorials are presented by two seasoned Architects Mark Richards and Neil Ford and take about
Neil Ford

Even though the course is more at the fundamental / introductory level there are some topics and nuggets of information that are still useful either because you never had exposure to them (for example, not many projects use event driven architectures extensively) or you have just forgotten them - in which case the course serves as an excellent refresher.

Some highlights:
  1. The differences between Application, Integration and Enterprise Architecture are well detailed.  
  2. The Expand and Contract pattern is one mechanism to get over the DB coupling the Shared Database pattern introduces.
  3. Shared database has a problem if the disparate applications all use their own caching. It becomes even more complex to determine when applications aren't looking at the latest data. 
  4. Even though ReST is generally stateless from the client's perspective, the resources have state and therefor using ETag is a good idea.  Consideration should also be given to use 409 / 412 HTTP status codes when clients are using the wrong version of the Resource.
  5. In a classical layered architecture, an open layer is one that can be by-passed e.g. Service Layer.  However, having too many open layers completely defeats the purpose of a layered architecture.
  6. Different patterns in Event Driven Architectures:
    • Event processor / Mediator topology: Useful when ordering is required, achieved through orchestration
    • Broker topology: No central mediator, custom process components receive events directly
  7. Long running feature branches are anti-thetical to CI.  In my own humble opinion this is another reason why if you want to really to do CI use a tool that is good for branching  / merging - GIT. 
  8. Dierzler's law this is an excellent application architecture which reminds people not to be fooled by the initial illusions of progress in rapid prototyping.   The user wants a full solution and doing a full solution is more difficult than the initial stages.  I really believe anyone involved with rapid prototyping, hackathons or any form agile development should know this law inside out / upside down. 
  9. The Anti Corruption layer is a good pattern to use a facade / adapter approach to hide away bad legacy code.
Mark Richards
A common theme throughout the course, is no matter what the architecture or technology you need to be prepared to change it and that means you need to be careful to get the level of coupling right.  I would add to that an architecture that has a lot of tight coupling will struggle to deal with technical debt because if you need to fix one little part you impact everything. 

So any criticisms?  Well not much.  Perhaps some of the explanations are too abstract. For example, the Space architecture would be better explained with more specfics using a NoSql database to achieve the data splits. Other than that, there are large amounts dedicated to soft skills.  While I don't doubt these to be important, you can get a lot of this by having a cup of coffee with a decent project manager or development manager and personally I prefer the technical stuff.  Overall it's a great series for an into to software architecture and perhaps it would be nice to see a follow up with more deep diving.  I would suspect that is exactly what the follow up series Software Architecture Fundamentails Beyond the Basics entails

Lastly, although this tutorial series is primarily aimed at Developers who want to be (or have become) Architects, I think anyone involved with any sort of SDLC can benefit from it.  Project, Dev Managers and Product Owners should all understand Dietzler's law for example.

  1.  Software Architecture Patterns   
  2.  Software Architecture Fundamentals - Neil Ford PDF  
  3.  Software Architecture Fundamentals beyond the basics

Sunday, July 16, 2017

Outputting the given, when, then, Extending Spock

Spock is a Java testing framework, created in 2008 by Peter Niederwieser a software engineer with GradleWare, which facilitates amongst other things BDD.  Leveraging this example, a story may be defined as:
Story: Returns go to stock

As a store owner
In order to keep track of stock
I want to add items back to stock when they're returned.

Scenario 1: Refunded items should be returned to stock
Given that a customer previously bought a black sweater from me
And I have three black sweaters in stock.
When he returns the black sweater for a refund
Then I should have four black sweaters in stock.

Scenario 2: Replaced items should be returned to stock
Given that a customer previously bought a blue garment from me
And I have two blue garments in stock
And three black garments in stock.
When he returns the blue garment for a replacement in black
Then I should have three blue garments in stock
And three black garments in stock.
Spock makes it possible to map tests very closely to scenario specifications using the same given, when, then format. In Spock we could implement the first scenario as:
class SampleSpec extends Specification{
    def "Scenario 1: Refunded items should be returned to stock"() {
        given: "that a customer previously bought a black sweater from me"
        // ... code 
        and: "I have three black sweaters in stock."
        // ... code
        when: "he returns the black sweater for a refund"
        // ... code
        then: "I should have four black sweaters in stock."
        // ... code

What would be nice would be to ensure accurate mapping of test scenario requirements to test scenario implementation. We could get someway down this path if we could output the syntax of the given, when, then from our test.  Spock allows us to add this functionality through its extension framework.

So, let's say our BA is really curious and wants more confidence from the developer that they stuck to the same given, when, then format and their code is in-sync. They want to get this information easily.   Developer could provide this information by first defining this annotation
import java.lang.annotation.*
import org.spockframework.runtime.extension.ExtensionAnnotation

@interface LogScenarioDescription {}
Followed by this implementation:
import org.apache.log4j.Logger
import org.spockframework.runtime.AbstractRunListener
import org.spockframework.runtime.extension.AbstractAnnotationDrivenExtension
import org.spockframework.runtime.model.FeatureInfo
import org.spockframework.runtime.model.SpecInfo

class LogScenarioDescriptionExtension extends AbstractAnnotationDrivenExtension; {
    final static Logger logger = Logger.getLogger("scenarioLog." + ReportExtension.class);

    void visitSpecAnnotation(Report annotation, SpecInfo spec) {
        spec.addListener(new AbstractRunListener() {
            void afterFeature(FeatureInfo feature) {
                if (System.getEnv("logScenarios")) {
          "***SCENARIO TEST:*** " +
                    for (block in feature.blocks) {
                        for (text in block.texts) {
This will then be applied to the test
class SampleSpec extends Specification{
When the test is executed it gives the following output:
***SCENARIO TEST:*** Scenario 1: Refunded items should be returned to stock
that a customer previously bought a black sweater from me
I have three black sweaters in stock.
he returns the black sweater for a refund
I should have four black sweaters in stock.
output to a specific logfile for scenario logging by using the following log4j:
log4j.rootLogger=INFO, stdout

log4j.logger.scenarioLog.extension.custom=INFO, scenarioLog


and now you have a logfile that your BA, QA can read! This helps foster an Agile culture of collaboration and ATDD where it possible to check that test scenarios implemented with those that were agreed.

Tuesday, June 13, 2017

CoderDojo, so what's the point?

Initially I was skeptical of CoderDojo. Here's another thing IT professionals are doing for free. Why isn't there Economics Dojo,
Medical Dojo, Legal Dojo?  Why is a profession that at times is
extremely competitive, has long demanding hours, low job security being glamorized beyond a point of credible fiction?  Why are people being told they need to code when there are plenty of careers where you will never need to code and always will be?  And shouldn't our kids be out getting exercise, exploring nature?  At least that's what Steve Jobs thought.

It didn't stop there.  There is this trap that all parents fall for that if they get their kids involved something young they'll be a step ahead and if they don't they'll be a step behind.  CoderDojo is not immune to this quasi chimera.  So, I started thinking over my many glorious years in the IT profession, I have worked with a range of coders from the exceptional to the cryptically insane.  If I was to differentiate between a good coder and a not so good coder the number one differentiator is habits.   Yes habits.  Good coders follow good habits:
  1. They write unit tests first.
  2. They are always seeking feedback on their code.
  3. If something complex is happening, they seek to build consensus.
  4. They follow agreed conventions and industry standards.
These good habits mean you end up with something maintainable.   On the other side, coders with bad habits:
  1. They never write adequate tests.
  2. They don't take feedback well (usually because they are not used to it).
  3. If something complex is happening, they hack something up and you find out about it later than you should.
  4. They don't follow conventions - just stick to they way they do things that only makes sense to them.
So someone with the same aptitude, the same I.Q., the same hairstyle ends up producing something
that is much more difficult to maintain.

Don't get me wrong, there was a time when aptitude was much more important.  Complex C++ memory management, any assembly code required serious aptitude and a base level will always be needed.  There are about 50 important principles from encapsulation to recursion that you need some sort of aptitude to get.  But now with Stackoverflow, Google, lots of great libraries and frameworks mean it is really more about habits.  Pick a technology everyone is using and you get lots of support for free.

So learning to code at age 9, is that going to do anything to help you get good habits? Of course it isn't.  So then what's the point?  The point is for one thing only: fun.

As a friend recently said, it is the new mechano and lego.  Let them code but make sure they still play with lego and mechano.

So in my case, my older son (age 7) recently came home from school crying because he wanted to learn scratch. My wife gave him an old laptop and after reading a few PDFs he was away coding a little game talking about loops, scripts and wanting to change the mp3 files.  I was a bit shocked watching him stare at the screen trying to figure out his own code, coming out with tech babble and being able to get something working all by himself.  Next his friend was over. Is this pair programming for kids?

Anyway, no doubt, this new generation will have more information available to them than any before. This provides all sorts of creative avenues not just in code.  However, I can't agree with articles such as this recent one from RTE, telling us why your kid should code?

Kids should do what is healthy, safe and fun.  If they find Economics, Law or Medicine more stimulating than coding great.  Perhaps, the experts in those professions could also run free classes for all kids.   Alas, I somewhat doubt that will ever happen...