While DevOps have elevated delivery velocity to the level that only Sun is higher and made it the goal and work effectiveness criteria (regardless quality), they still claim they are agile. The article takes a look into Agile Manifesto and Scrum Guide for the role of velocity. Neither the Agile Manifesto nor the latest version of the Scrum Guide (2017) reveals velocity at all, but have many loopholes inherited by DevOps.
One of the major task of DevOps is a speedy delivery of Microservice into production. The major objective of QA and Testing is to find as many bugs as possible. Fixing these bugs slows down the delivery. The article describes this conflict in details, outlines problems in testing articulated by Mr Martin Fowler, proposes additional tests and explains how to improve quality of the released Microservices.
The task addressed in the article is about protecting Microservice’s functionality and resources in the inter-Microservice interactions. Known techniques like OpenID Connects, JWT and OAuth2 were reviewed from the perspective of Microservice interactions. It has been found that these techniques cannot be applied as-is to the Microservices either because unanswered questions to them or because of doubtful trustfulness of related workflows.
The article proposes two protective methods for Microservice (or service) that have sensitive functionality and/or resources. While the Basic Protection Method is just a classic identity verification and following access permission control, the method does not require single centralised Identity and Permission Authorities. The latter can be distributed as needed following the distribution of Microservice-based applications. The Closed Optimised Protection Method replaces Identity and Permission Authorities with Dependency Catalogue Service per application and provides full protection with performance comparable with OpenID-JWT/OAuth2.
The article briefly observes new risks, pros and cons for REST, gRPC and GraphQL interfaces for API and Microservices.