Category Archives: CS@Worcester

Why API Testing Matters: Ensuring Robust Software Performance

The blog post discusses why developers should use API testing and how it is becoming increasingly important, particularly as microservices architecture gains popularity. This technique necessitates that application components work separately, each with their own data storage and commands. As a result, software components can be updated fast without disrupting the whole system, allowing consumers to continue using the application flawlessly.

Most microservices are based on application programming interfaces (APIs), which specify how to connect with them. APIs usually use REST calls over HTTP to simplify data sharing. Despite this, many testers still rely on user interface (UI) testing, particularly using the popular Selenium automation tool. While UI testing is required to ensure interactive functioning, API testing is more efficient and dependable. It enables testers to edit information in real time and detect flaws early in the development process, even before the user interface is constructed. API testing is also important for identifying security flaws.

To effectively test APIs, it is critical to understand the fundamentals. APIs are REST calls that retrieve or update data from a database. Each REST request consists of an HTTP verb (which specifies the action), a URL (which indicates the target), HTTP headers (which provide additional information to the server), and a request body (which contains the data, usually in JSON or XML). Common HTTP methods are GET (retrieving a record), POST (creating a new record), PUT (altering a record), PATCH (partially updating a record), and DELETE. The URL specifies which data is affected, whereas the request body applies to actions such as POST, PUT, and PATCH.

When a REST request is made, the server responds with HTTP headers defining the response, a response code indicating if the request was successful, and, in certain cases, a response body containing extra data. The response codes are categorized as follows: 200-level codes represent success, 400-level codes indicate client-side issues, and 500-level codes signify server-side faults.

To effectively test APIs, testers must first understand the types of REST queries supported by the API and any limitations on their use. Developers can use tools like Swagger to document their APIs. Testers should ask clarifying questions about available endpoints, HTTP methods, authorization requirements, needed data, validation limits, and expected response codes.

API testing often begins with creating requests via a user-friendly tool like Postman, which allows for easy viewing of results. The initial tests should focus on “happy paths,” or typical user interactions. These tests should include assertions to ensure that the response code is proper and that the delivered data is accurate. Negative tests should then be run to confirm that the application handles problems correctly, such as erroneous HTTP verbs, missing headers, or illegal requests.

Finally, the blog underlines the necessity of API testing and encourages engineers to transition from UI testing to API testing. This shift enables faster and more reliable testing, which aids in the detection of data manipulation issues and improves security.

Blog: https://simpleprogrammer.com/api-testing/

From the blog CS@Worcester – Matchaman10 by tam nguyen and used with permission of the author. All other rights reserved by the author.

Path Testing in Software Engineering

Path Testing is a structural testing method used in software engineering to design test cases by analyzing the control flow graph of a program. This method helps ensure thorough testing by focusing on linearly independent paths of execution within the program. Let’s dive into the key aspects of path testing and how it can benefit your software development process.

The Path Testing Process

  1. Control Flow Graph: Begin by drawing the control flow graph of the program. This graph represents the program’s code as nodes (each representing a specific instruction or operation) and edges (depicting the flow of control from one instruction to the next). It’s the foundational step for path testing.
  2. Cyclomatic Complexity: Calculate the cyclomatic complexity of the program using McCabe’s formula: E−N+2PE – N + 2P, where EE is the number of edges, NN is the number of nodes, and PP is the number of connected components. This complexity measure indicates the number of independent paths in the program.
  3. Identify All Possible Paths: Create a set of all possible paths within the control flow graph. The cardinality of this set should equal the cyclomatic complexity, ensuring that all unique execution paths are accounted for.
  4. Develop Test Cases: For each path identified, develop a corresponding test case that covers that particular path. This ensures comprehensive testing by covering all possible execution scenarios.

Path Testing Techniques

  • Control Flow Graph: The initial step is to create a control flow graph, where nodes represent instructions and edges represent the control flow between instructions. This visual representation helps in identifying the structure and flow of the program.
  • Decision to Decision Path: Break down the control flow graph into smaller paths between decision points. By isolating these paths, it’s easier to analyze and test the decision-making logic within the program.
  • Independent Paths: Identify paths that are independent of each other, meaning they cannot be replicated or derived from other paths in the graph. This ensures that each path tested is unique, providing more thorough coverage.

Advantages of Path Testing

Path Testing offers several benefits that make it an essential technique in software engineering:

  • Reduces Redundant Tests: By focusing on unique execution paths, path testing minimizes redundant test cases, leading to more efficient testing.
  • Improves Test Case Design: Emphasizing the program’s logic and control flow helps in designing more effective and relevant test cases.
  • Enhances Software Quality: Comprehensive branch coverage ensures that different parts of the code are tested thoroughly, leading to higher software quality and reliability.

Challenges of Path Testing

While path testing is advantageous, it does come with its own set of challenges:

  • Requires Understanding of Code Structure: To effectively perform path testing, a solid understanding of the program’s code and structure is essential.
  • Increases with Code Complexity: As the complexity of the code increases, the number of possible paths also increases, making it challenging to manage and test all paths.
  • May Miss Some Conditions: There is a possibility that certain conditions or scenarios might not be covered if there are errors or omissions in identifying the paths.

Conclusion

Path Testing is a valuable technique in software engineering that ensures thorough coverage of a program’s execution paths. By focusing on unique and independent paths, this method helps reduce redundant tests and improve overall software quality. However, it requires a deep understanding of the code and may become complex with larger programs. Embracing path testing can lead to more robust and reliable software, ultimately benefiting both developers and end-users.

All of this comes from:

Path Testing in Software Engineering – GeeksforGeeks

From the blog CS@Worcester – aRomeoDev by aromeo4f978d012d4 and used with permission of the author. All other rights reserved by the author.

Equivalence Class Testing

Week 7 – 3/7/2025

This week, in my last class we had an activity for Equivalence Class Testing(ECT) under the POGIL activity. For the source of this week, I watched a YouTube video titled “Equivalence Class Testing Explained,” which gives us the essentials about this black-box testing method.

The host of the video defines ECT as a technique for partitioning input data into equivalence classes partitions where inputs are expected to yield similar results. To reduce redundant cases without sacrificing coverage, it is also possible to test one value per class. To demonstrate this reality, the presenter tested a function that takes in integers between 1 and 100. Classes in this example are invalid lower (≤0), invalid upper (≥101), and valid classes (1–100). Boundary value testing, in which values like 0, 1, 100, and 101 are applied to test for common problems in partition boundaries, was also accorded importance in the video.

I chose this video because ECT of the course we took included this topic and I wanted more information about the topic. Reading the course textbook it was difficult to follow. The class activity did make me do this topic, though this clarified it better to me. The video’s visual illustrations and step-by-step discussion clarified the practical application of ECT. The speaker’s observation about maintaining a balance between being thorough and being effective resonated with me, especially after spending hours of writing duplicate test cases for a recent project.

I thought that thorough testing had to test all possible inputs before watching. The video rebutted this by demonstrating how ECT reduces effort without losing effectiveness. I understood that my previous method of testing each edge case individually was not possible. Another fascinating thing was the difference between valid and invalid classes. I had neglected how the system handled wrong data in a previous project, dealing primarily with “correct” inputs. I realize how crucial both testing are for ensuring robustness after watching the demonstration of the video. Henceforth, in the future, I will adopt this approach to my future projects if needed.

My perception regarding testing has changed because of this movie, from a boring activity to a sensible activity. It serves the need of our course directly, i.e., providing efficient, scalable engineering practices. I can create fewer, yet stronger tests with the help of ECT, and that will surely help me as a software programmer. Equivalency class testing is a kit of wiser problem-solving, and I want to keep on practicing it. It’s not theory.

From the blog CS@Worcester – computingDiaries by hndaie and used with permission of the author. All other rights reserved by the author.

Sprint 1 – Reflection

During Sprint 1, I went through many ups and downs regarding time management. At first, I was not able to manage my time correctly in order to be more productive, which held me back slightly, and this happened over the course of a couple of weeks. Although, soon enough, I realized that in order to get some work done, I would have to organize my time better. This is when I began to write or research solutions that either I or some teammate needed. Sometimes, even during free time while waiting for something else, I would try to brainstorm for solutions.

Enthusiasm and anxiety were not the biggest help to me during Sprint 1. I got so excited that even before we had any meetings or anything figured out, I was already working on code. As much as the changes got implemented, this is not the best practice. This proved to be correct another time during the Sprint, where I did not realize that I implemented something without verification. As I mentioned in one of my commits, I implemented a way to store the inventory weight in a single database document instance. In order to remove or add any weight to it, that single instance would be modified. I was so excited and had so much work to put in, along with things that I thought could work, that I even forgot one of the most basic practices of programming. I forgot to make sure to add a way to prevent the inventory weight from becoming negative. Enthusiasm is good — it was not the problem. It is actually something that worked well for me. However, the problem was combining it with anxiety. It led to a mess of willingness to get something working against being proactive regarding limits.

Personally, I should try to improve my willingness to get something done while leaving aside the pressure of showing some work. Sometimes the pressure of having something done by the end of the week comes to mind, causing some faulty code to be written.

As a team, we went through many stages during the Sprint. There were stages where communication was missing from some parts. There were stages where not everyone would speak up their opinion. Thankfully, we are past those and seem to be moving on to a stage where there could be slightly more joking around than we should. I am taking myself out of this equation, although I believe that we are all guilty of this, even if not in the same amount. I believe that this should be the next thing our team should work on — to take meetings a little bit more seriously.

The pattern I chose is called The Deep End. It talks about challenging yourself with the work. Sometimes we may procrastinate the decision to go deep, to dive deep into problems. The only problem is that such behavior will only hold us back and lead to no result. You should not wait until you are ready and fully prepared. Always take your shot, go ahead, do it, and do your best.

This pattern relates to my experience since I decided to take this project as the biggest learning opportunity I have had so far. I decided to dive deep, not to look to the sides and overthink about drowning myself with all that there is to learn. This pattern is the literal reflection of how I decided to tackle this class. If I had read this pattern before, I would have come into Sprint 1 with a different mindset. I would understand that it is not just a learning opportunity, but also a chance for me to learn, break, and build without career-threatening risks.

Contributions done to the Project during Sprint 1

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/inventorybackend/-/merge_requests/54

  • Fixed lint indentation problem on openapi.yaml Added a line so lint ignores the API Version long pattern Changed all 401 responses to 400

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/inventorybackend/-/merge_requests/53

  • Changed inventory document instance creation to a single one. Allowing increment and decrement actions to be performed.

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/inventorybackend/-/merge_requests/55

  • Removed 2 difference endpoints for increment and decrement, made a single one for both actions.

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/inventorybackend/-/merge_requests/56

  • Changed where the verification if a document to store the weight exists in the database.

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/checkinventoryfrontend/-/merge_requests/27

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/checkoutguestfrontend/-/merge_requests/35

https://gitlab.com/LibreFoodPantry/client-solutions/theas-pantry/inventorysystem-weight-based/addinventoryfrontend/-/merge_requests/36

  • Updated devcontainer file with new image.

From the blog CS@Worcester – CS Today by Guilherme Salazar Almeida Nazareth and used with permission of the author. All other rights reserved by the author.

Combining Testing Methods

The blog post that I chose to write about this week is one that gives an overview of equivalence class and boundary analysis testing. The main reason why you would use these is to reduce the number of tests you run for a program while still testing full functionality and not sacrificing coverage. It does this by sectioning the range of inputs into different equivalency classes. Equivalency classes are groups of inputs that in theory should behave identically when put into the tested function. The blog then shows a helpful diagram showcasing what this looks like plotted on a number line. This way, tests will give better information by only testing the function where problems may arise and will detail the behavior of the function near edge cases better than other methods.

The blog post also details how you can represent the classes as functions themselves for where the inputs would be, for example, true, false, or valid, by defining ranges of values with interval notation. After then going over boundary test cases, the author explains how these two methods can be used together to efficiently test around the limits of the function behavior. The blog concludes with another example plotted on a table that shows how equivalence classes and boundary testing can be combined to use a minimum number of tests while also ensuring that you test the function at its most important parts where the process will change based on inputs.

I selected this blog to help refresh myself for the upcoming test about different testing methods and to reinforce what I had learned in class. I think that one of the more important takeaways from this blog is the emphasis the author puts on combining the two methods not just because they are two different methods but because they strengthen the overall testing procedure, and this will make me think about how new testing methods can be combined to lead to better and more efficient test cases. Demonstrating the testing in terms of models on number lines and as graphs help visualize what is actually happening and why it works, similar to the models taught in class but the added element of real numbers with example values helps demonstrate the importance of this kind of testing and how it can be useful for any kind of real-world situation. As an introductory post to the topic, and in my case a review, it works well but from here I would like to look more into the different combinations of testing methods that can work well together and some that may not as I learn more methods through the rest of the class.

https://www.testbench.com/blog/equivalence-class-partioning-and-limit-value-analysis/

From the blog CS@Worcester – Computer Science Blog by dzona1 and used with permission of the author. All other rights reserved by the author.

Sprint 1 Retrospective

In this post, I’ll be reflecting on my group’s first sprint towards developing an Identity Access Management System for Thea’s Pantry. Our focus in Sprint 1 was really to get a base understanding of Keycloak and to implement a basic framework that would allow us to integrate Keycloak with the pre-existing systems.

Some of my personal work towards that goal was as follows:

GitLab

  • Documenting our low-level issues in GitLab and assigning them accordingly. Epic

Backend

Frontend

  • Containerize the fake frontend in a way that allows it to interact with the backend for testing purposes. Containerization

  • Create a dummy frontend with buttons that send mock JWTs to the new backend endpoint for testing purposes. This frontend sends encoded JWTs that contain user roles, receives the encoded role from the backend, and redirects to one of three corresponding landing pages accordingly. Commits: 1 , 2

We got off to a relatively slow start, but this was to be expected in learning a fully new technology. None of us had prior experience with Keycloak, so brainstorming and researching how we might want to implement an authentication / IAM flow was not easy. After some initial barriers, something that worked incredibly well for us was taking the extra time to really break down the work into very small issues or tasks for an individual to do. It was a lot easier to “add an endpoint to the openapi.yaml file” and “create openapi schemas for authentication tokens” than to “create a fake backend that can handle token validation”. Breaking things down as a group really helped us isolate specific tasks with clear deliverables.

Something that didn’t work quite as well for us was our current working agreement. I feel strongly that our working agreement must either be modified heavily or adhered to with more focus. We could take some time to more clearly outline the expectations of each member of the group, which in turn will give us something to reference when we have feedback for each other. We can also improve our communication as a team; our Discord is relatively inactive, and it would benefit us greatly if we each contributed more to the Discord.

Something I could personally improve is my followership. Though we are obviously a team and all working together, a deliberate part of the exercise is to designate a Scrum Master for the sprint and to loosely follow the Scrum framework. I was not the Scrum Master for Sprint 1, and I have a tendency to step up into a leadership role when the opportunity presents itself or when I feel there is something I am able to contribute that is not already present. I think this has its place and value, but I think it is also detrimental in some ways to both the team (as it weakens the team structure) and to the individual designated as Scrum Master (as it removes the opportunity for him or her to lead). I can definitely work on being a follower when it is my turn to be a follower.

The pattern from the book that I’ve chosen to include here is Exposing Your Ignorance. The pattern describes how we all like to be seen as confident and competent and are therefore slow to ask for help when we need it, but the better way forward is to admit our inadequacies and put in the open all of our missing knowledge, as that is a quicker, more effective, and more honest way to deliver. I selected this pattern because I feel it would have been extremely useful to our group throughout the sprint; there were many instances where I felt we each should have asked for more help if we needed it, and instead we tended towards remaining silent so as not to admit that we were lost, even if that meant not completing the work we needed to. I strongly disagree with that method of tackling a problem, and I feel that if we had read this pattern, we may have been much quicker to admit to each other that we need help with X, Y, or Z.

From the blog Mr. Lancer 987's Blog by Mr. Lancer 987 and used with permission of the author. All other rights reserved by the author.

Sprint 1 Retrospective

In this post, I’ll be reflecting on my group’s first sprint towards developing an Identity Access Management System for Thea’s Pantry. Our focus in Sprint 1 was really to get a base understanding of Keycloak and to implement a basic framework that would allow us to integrate Keycloak with the pre-existing systems.

Some of my personal work towards that goal was as follows:

GitLab

  • Documenting our low-level issues in GitLab and assigning them accordingly. Epic

Backend

Frontend

  • Containerize the fake frontend in a way that allows it to interact with the backend for testing purposes. Containerization

  • Create a dummy frontend with buttons that send mock JWTs to the new backend endpoint for testing purposes. This frontend sends encoded JWTs that contain user roles, receives the encoded role from the backend, and redirects to one of three corresponding landing pages accordingly. Commits: 1 , 2

We got off to a relatively slow start, but this was to be expected in learning a fully new technology. None of us had prior experience with Keycloak, so brainstorming and researching how we might want to implement an authentication / IAM flow was not easy. After some initial barriers, something that worked incredibly well for us was taking the extra time to really break down the work into very small issues or tasks for an individual to do. It was a lot easier to “add an endpoint to the openapi.yaml file” and “create openapi schemas for authentication tokens” than to “create a fake backend that can handle token validation”. Breaking things down as a group really helped us isolate specific tasks with clear deliverables.

Something that didn’t work quite as well for us was our current working agreement. I feel strongly that our working agreement must either be modified heavily or adhered to with more focus. We could take some time to more clearly outline the expectations of each member of the group, which in turn will give us something to reference when we have feedback for each other. We can also improve our communication as a team; our Discord is relatively inactive, and it would benefit us greatly if we each contributed more to the Discord.

Something I could personally improve is my followership. Though we are obviously a team and all working together, a deliberate part of the exercise is to designate a Scrum Master for the sprint and to loosely follow the Scrum framework. I was not the Scrum Master for Sprint 1, and I have a tendency to step up into a leadership role when the opportunity presents itself or when I feel there is something I am able to contribute that is not already present. I think this has its place and value, but I think it is also detrimental in some ways to both the team (as it weakens the team structure) and to the individual designated as Scrum Master (as it removes the opportunity for him or her to lead). I can definitely work on being a follower when it is my turn to be a follower.

The pattern from the book that I’ve chosen to include here is Exposing Your Ignorance. The pattern describes how we all like to be seen as confident and competent and are therefore slow to ask for help when we need it, but the better way forward is to admit our inadequacies and put in the open all of our missing knowledge, as that is a quicker, more effective, and more honest way to deliver. I selected this pattern because I feel it would have been extremely useful to our group throughout the sprint; there were many instances where I felt we each should have asked for more help if we needed it, and instead we tended towards remaining silent so as not to admit that we were lost, even if that meant not completing the work we needed to. I strongly disagree with that method of tackling a problem, and I feel that if we had read this pattern, we may have been much quicker to admit to each other that we need help with X, Y, or Z.

From the blog Mr. Lancer 987's Blog by Mr. Lancer 987 and used with permission of the author. All other rights reserved by the author.

Sprint 1 Retrospective

In this post, I’ll be reflecting on my group’s first sprint towards developing an Identity Access Management System for Thea’s Pantry. Our focus in Sprint 1 was really to get a base understanding of Keycloak and to implement a basic framework that would allow us to integrate Keycloak with the pre-existing systems.

Some of my personal work towards that goal was as follows:

GitLab

  • Documenting our low-level issues in GitLab and assigning them accordingly. Epic

Backend

Frontend

  • Containerize the fake frontend in a way that allows it to interact with the backend for testing purposes. Containerization

  • Create a dummy frontend with buttons that send mock JWTs to the new backend endpoint for testing purposes. This frontend sends encoded JWTs that contain user roles, receives the encoded role from the backend, and redirects to one of three corresponding landing pages accordingly. Commits: 1 , 2

We got off to a relatively slow start, but this was to be expected in learning a fully new technology. None of us had prior experience with Keycloak, so brainstorming and researching how we might want to implement an authentication / IAM flow was not easy. After some initial barriers, something that worked incredibly well for us was taking the extra time to really break down the work into very small issues or tasks for an individual to do. It was a lot easier to “add an endpoint to the openapi.yaml file” and “create openapi schemas for authentication tokens” than to “create a fake backend that can handle token validation”. Breaking things down as a group really helped us isolate specific tasks with clear deliverables.

Something that didn’t work quite as well for us was our current working agreement. I feel strongly that our working agreement must either be modified heavily or adhered to with more focus. We could take some time to more clearly outline the expectations of each member of the group, which in turn will give us something to reference when we have feedback for each other. We can also improve our communication as a team; our Discord is relatively inactive, and it would benefit us greatly if we each contributed more to the Discord.

Something I could personally improve is my followership. Though we are obviously a team and all working together, a deliberate part of the exercise is to designate a Scrum Master for the sprint and to loosely follow the Scrum framework. I was not the Scrum Master for Sprint 1, and I have a tendency to step up into a leadership role when the opportunity presents itself or when I feel there is something I am able to contribute that is not already present. I think this has its place and value, but I think it is also detrimental in some ways to both the team (as it weakens the team structure) and to the individual designated as Scrum Master (as it removes the opportunity for him or her to lead). I can definitely work on being a follower when it is my turn to be a follower.

The pattern from the book that I’ve chosen to include here is Exposing Your Ignorance. The pattern describes how we all like to be seen as confident and competent and are therefore slow to ask for help when we need it, but the better way forward is to admit our inadequacies and put in the open all of our missing knowledge, as that is a quicker, more effective, and more honest way to deliver. I selected this pattern because I feel it would have been extremely useful to our group throughout the sprint; there were many instances where I felt we each should have asked for more help if we needed it, and instead we tended towards remaining silent so as not to admit that we were lost, even if that meant not completing the work we needed to. I strongly disagree with that method of tackling a problem, and I feel that if we had read this pattern, we may have been much quicker to admit to each other that we need help with X, Y, or Z.

From the blog Mr. Lancer 987's Blog by Mr. Lancer 987 and used with permission of the author. All other rights reserved by the author.

Sprint 1 Retrospective

In this post, I’ll be reflecting on my group’s first sprint towards developing an Identity Access Management System for Thea’s Pantry. Our focus in Sprint 1 was really to get a base understanding of Keycloak and to implement a basic framework that would allow us to integrate Keycloak with the pre-existing systems.

Some of my personal work towards that goal was as follows:

GitLab

  • Documenting our low-level issues in GitLab and assigning them accordingly. Epic

Backend

Frontend

  • Containerize the fake frontend in a way that allows it to interact with the backend for testing purposes. Containerization

  • Create a dummy frontend with buttons that send mock JWTs to the new backend endpoint for testing purposes. This frontend sends encoded JWTs that contain user roles, receives the encoded role from the backend, and redirects to one of three corresponding landing pages accordingly. Commits: 1 , 2

We got off to a relatively slow start, but this was to be expected in learning a fully new technology. None of us had prior experience with Keycloak, so brainstorming and researching how we might want to implement an authentication / IAM flow was not easy. After some initial barriers, something that worked incredibly well for us was taking the extra time to really break down the work into very small issues or tasks for an individual to do. It was a lot easier to “add an endpoint to the openapi.yaml file” and “create openapi schemas for authentication tokens” than to “create a fake backend that can handle token validation”. Breaking things down as a group really helped us isolate specific tasks with clear deliverables.

Something that didn’t work quite as well for us was our current working agreement. I feel strongly that our working agreement must either be modified heavily or adhered to with more focus. We could take some time to more clearly outline the expectations of each member of the group, which in turn will give us something to reference when we have feedback for each other. We can also improve our communication as a team; our Discord is relatively inactive, and it would benefit us greatly if we each contributed more to the Discord.

Something I could personally improve is my followership. Though we are obviously a team and all working together, a deliberate part of the exercise is to designate a Scrum Master for the sprint and to loosely follow the Scrum framework. I was not the Scrum Master for Sprint 1, and I have a tendency to step up into a leadership role when the opportunity presents itself or when I feel there is something I am able to contribute that is not already present. I think this has its place and value, but I think it is also detrimental in some ways to both the team (as it weakens the team structure) and to the individual designated as Scrum Master (as it removes the opportunity for him or her to lead). I can definitely work on being a follower when it is my turn to be a follower.

The pattern from the book that I’ve chosen to include here is Exposing Your Ignorance. The pattern describes how we all like to be seen as confident and competent and are therefore slow to ask for help when we need it, but the better way forward is to admit our inadequacies and put in the open all of our missing knowledge, as that is a quicker, more effective, and more honest way to deliver. I selected this pattern because I feel it would have been extremely useful to our group throughout the sprint; there were many instances where I felt we each should have asked for more help if we needed it, and instead we tended towards remaining silent so as not to admit that we were lost, even if that meant not completing the work we needed to. I strongly disagree with that method of tackling a problem, and I feel that if we had read this pattern, we may have been much quicker to admit to each other that we need help with X, Y, or Z.

From the blog Mr. Lancer 987's Blog by Mr. Lancer 987 and used with permission of the author. All other rights reserved by the author.

Sprint 1 Retrospective

In this post, I’ll be reflecting on my group’s first sprint towards developing an Identity Access Management System for Thea’s Pantry. Our focus in Sprint 1 was really to get a base understanding of Keycloak and to implement a basic framework that would allow us to integrate Keycloak with the pre-existing systems.

Some of my personal work towards that goal was as follows:

GitLab

  • Documenting our low-level issues in GitLab and assigning them accordingly. Epic

Backend

Frontend

  • Containerize the fake frontend in a way that allows it to interact with the backend for testing purposes. Containerization

  • Create a dummy frontend with buttons that send mock JWTs to the new backend endpoint for testing purposes. This frontend sends encoded JWTs that contain user roles, receives the encoded role from the backend, and redirects to one of three corresponding landing pages accordingly. Commits: 1 , 2

We got off to a relatively slow start, but this was to be expected in learning a fully new technology. None of us had prior experience with Keycloak, so brainstorming and researching how we might want to implement an authentication / IAM flow was not easy. After some initial barriers, something that worked incredibly well for us was taking the extra time to really break down the work into very small issues or tasks for an individual to do. It was a lot easier to “add an endpoint to the openapi.yaml file” and “create openapi schemas for authentication tokens” than to “create a fake backend that can handle token validation”. Breaking things down as a group really helped us isolate specific tasks with clear deliverables.

Something that didn’t work quite as well for us was our current working agreement. I feel strongly that our working agreement must either be modified heavily or adhered to with more focus. We could take some time to more clearly outline the expectations of each member of the group, which in turn will give us something to reference when we have feedback for each other. We can also improve our communication as a team; our Discord is relatively inactive, and it would benefit us greatly if we each contributed more to the Discord.

Something I could personally improve is my followership. Though we are obviously a team and all working together, a deliberate part of the exercise is to designate a Scrum Master for the sprint and to loosely follow the Scrum framework. I was not the Scrum Master for Sprint 1, and I have a tendency to step up into a leadership role when the opportunity presents itself or when I feel there is something I am able to contribute that is not already present. I think this has its place and value, but I think it is also detrimental in some ways to both the team (as it weakens the team structure) and to the individual designated as Scrum Master (as it removes the opportunity for him or her to lead). I can definitely work on being a follower when it is my turn to be a follower.

The pattern from the book that I’ve chosen to include here is Exposing Your Ignorance. The pattern describes how we all like to be seen as confident and competent and are therefore slow to ask for help when we need it, but the better way forward is to admit our inadequacies and put in the open all of our missing knowledge, as that is a quicker, more effective, and more honest way to deliver. I selected this pattern because I feel it would have been extremely useful to our group throughout the sprint; there were many instances where I felt we each should have asked for more help if we needed it, and instead we tended towards remaining silent so as not to admit that we were lost, even if that meant not completing the work we needed to. I strongly disagree with that method of tackling a problem, and I feel that if we had read this pattern, we may have been much quicker to admit to each other that we need help with X, Y, or Z.

From the blog Mr. Lancer 987's Blog by Mr. Lancer 987 and used with permission of the author. All other rights reserved by the author.