Challenge Overview
Our client is a company that has many applications deployed via Heroku instances. As part of their company’s compliance rules, they have a need to monitor and report on these various instances as they pertain to a set of predefined compliance rules. They currently have an application that does this, however, it has some issues they are looking to address with the new application.
The new app we're building will query the Heroku API for app instances according to predefined rules and will provide reports for apps that are not following the rules. For example apps not following a speciffic naming convention, apps with number of users larger than X, etc. We will assume all the clients apps are under the same team account.
The new app must run on Heroku and Postgres should be used as backend database . The business rules (See Below) should be easily configurable and expandable. App will do two things: run a job to refresh app data and provide REST api for reporting purposes.
Refresh app data job should run daily (configurable interval) and there should be a way to trigger this job manually. It will query the Heroku API for details of team apps so it should first fetch the list of apps and then perform additional queries for each application according to the configured rules. Initially we will support the following rules:
- Application not following specific naming convention (regex)
- Pipelines not following specific naming convention (regex)
- Application not locked (app locked status field)
How you will implement rules configuration is up to you as long as the rules can be configured without changing the code that interacts with Heroku API for every new rule. One possible approach (just to start some ideas) is to define a "app" object that has all the info about the app from Heroku (app details, pipelines, dynos, config vars,etc) and then define rules as queries to that full app object (please use this just as an illustrative example, you don't need to follow it). One thing to note is that Heroku has strict API limits of 4500 requests/hour, so the rule evaluation HAS to take that into account. In the above example approach, a good idea would be not to populate app info if the rule does not require it (for example if there are no rules about app dynos then don't fetch dyno data). Also, the app should cache the responses from Heroku API (within one job run) so the API limit would not be exceeded. In case the app does get rate limited by Heroku for making too many requests, it should handle it gracefully, using a backoff timer - it will take longer for the job to complete, but it will not simply fail due to rate limits.
REST api will be very simple with three endpoints
Get configured rules (rule details, friendly name)
Get application status - returns list of apps that break the rules (grouped by each rule)
Get job info - returns info for the last job - time started and duration
Final Submission Guidelines
Submit the source code for the applicationSubmit a deployment and verification guide
Submit a postman collection for the api
Submit a short video (unlisted youtube link)