Java implementation spike

[malak-coforma]

Description

The goal is to get a skeleton project up by Monday August 1, then on Tuesday August 2 start DB and security stuff.

Requirements

• Investigate Springboot
• Integrate OpenAPI
• Hibernate for DB

Next Steps

• Document any decisions made.

Tech Notes

Security spike is split into another card: #8

Extra: Tech Challenge Instructions

Assumptions

The following assumptions should be considered when designing and implementing the Challenge submission:

1. It is not required that the solution is exclusively based on AWS services. Open-source tools, libraries and technologies can be used.
2. The scripts, tooling and instructions to instantiate any service to be hosted within the AWS region must be part of the Challenge submission.
3. For the scope of this challenge, the vendor can configure AWS environment to have inbound access from and outbound access to the Internet.
4. For the scope of this challenge, Internet-available repositories can be accessed and used (e.g. operating systems, packages, libraries, containers, etc.).
5. Consider the highest security standards as if receiving, sending and hosting Personal Identifiable Information and Protected Health Information, even for this Challenge. All system interfaces should be secured appropriately. Note: No PII or PHI shall be included in the submission.
6. CMS will not purchase or accept a purchased license for any product or service (e.g., domain names, HTTPS certificates, etc.) other than those provided to CMS by AWS. CMS will not accept licenses where using the product or service for this evaluation falls outside acceptable use.
7. No services that obligate future expenditures (such as reserved instances) are permitted.
8. For maintainability, the vendor must use Java as a programming language, AWS
   CloudFormation or Terraform for deploying infrastructure, and OpenAPI for documenting interface contracts.

AWS Installation Requirements

1. The Quoter's provided solution will be installed and operated in a single AWS provisioned account.
2. System infrastructure deployment should be done via AWS CloudFormation or Terraform.
3. Installation, testing, and uninstall scripts from the Quoter will be run from an EC2 T- series instance running Amazon Linux 2.
4. The Quoter shall provide an IAM policy file that can be applied to the EC2 instance for running all install/test/uninstall scripts.
5. All resources should be tagged to indicate the Quoter associated with the resource.
6. The solution must create and deploy to its own Virtual Private Cloud (VPC).
7. Solutions must choose from FedRAMP approved Cloud services.

[caoabunga]

Decision points:

• Springboot: Springboot is a highly extensible framework built on top of Spring that allows us to build enterprise grade production ready code fast. Reduces a lot of boilerplate code that comes from building robust Java projects. A lot of features, modules and libraries come right out of the box and can be auto-configured. Springboot is also a common framework and popular among Java developers so the learning curve is shallow and easy to adopt.
• Springboot has an openApi implementation to meet the requirements. This will provide us with API documentation, a testing harness and a pretty UI via Swagger UI libraries.
• Hibernate is a JPA implementation / Object-Relational Mapping (ORM) library that allows our application to map Plain Old Java Objects (POJOs) domain models to a relational database. It also provides methods for all the CRUD operations to the database without hand crafting sql statements.
• MySql was chosen for this application because it is an open source solution that is highly compatible with a lot of various platforms including AWS Aurora and AWS RDS. It is known to be a scalable, fast and reliable making it an optimal choice for web applications. It is a pure relational db management system as opposed to PostgreSql - object-relational db (more complex data types and more resource intensive)

[malak-coforma]

This spike is done, we're in implementation now and making improvements.