- Introduction
- Installation
- Usage
- Docker Setup
- Testing
- API Documentation
- Cloud Deployment
- CI/CD Pipeline with GitHub Actions
TThis project is a backend service for managing security-related data, developed for MediaMarktSaturn. It provides a scalable and secure RESTful API for CRUD operations on security records. The service is implemented using Django and Django REST Framework and is designed to be deployable on Kubernetes.
To set up the project locally, follow these steps:
-
Clone the repository from GitHub: Repository Link
-
Navigate to the project directory.
-
Create a virtual environment:
python -m venv env
-
Activate the virtual environment:
On Windows:
.\env\Scripts\activate
On macOS and Linux:
source env/bin/activate
-
Install dependencies:
pip install -r requirements.txt
-
Run migrations to apply database schema:
python manage.py migrate
-
(Optional) Load initial data:
python manage.py loaddata initial_data.json
-
Start the development server:
python manage.py runserver
-
Access the API Root at http://127.0.0.1:8000/api/
To register a new user, send a POST request to the following endpoint:
POST http://127.0.0.1:8000/register/
Content-Type: application/json
{
"username": "TestUser",
"password": "TestPassword",
"email": "testEmail@domain.com"
}
To obtain a token for authentication, send a POST request to the following endpoint:
POST http://127.0.0.1:8000/api-token-auth/
Content-Type: application/json
{
"username": "TestUser",
"password": "TestPassword"
}
To test that unauthenticated users cannot list security records, send a GET request to the following endpoint:
GET http://127.0.0.1:8000/api/security-records/
To test that unauthenticated users cannot retrieve a security record by ID, send a GET request to the following endpoint:
GET http://127.0.0.1:8000/api/security-records/5/
To test that unauthenticated users cannot create a new security record, send a POST request to the following endpoint:
POST http://127.0.0.1:8000/api/security-records/
Content-Type: application/json
{
"name": "New Security Record",
"description": " Description of the new security record."
}
To test that unauthenticated users cannot update a security record, send a PUT request to the following endpoint:
PUT http://127.0.0.1:8000/api/security-records/1/
Content-Type: application/json
{
"name": "Updated Security Record",
"description": "Updated description of the security record."
}
To test that unauthenticated users cannot delete a security record, send a DELETE request to the following endpoint:
DELETE http://127.0.0.1:8000/api/security-records/1/
To test that authenticated users can list security records, send a GET request to the following endpoint with the authorization token:
GET http://127.0.0.1:8000/api/security-records/
Authorization: Token <token>
To test that authenticated users can retrieve a security record by ID, send a GET request to the following endpoint with the authorization token:
PUT http://127.0.0.1:8000/api/security-records/1/
Authorization: Token <token>
To test that authenticated users can create a new security record, send a POST request to the following endpoint with the authorization token:
POST http://127.0.0.1:8000/api/security-records/
Content-Type: application/json
Authorization: Token <token>
{
"name": "New Security Record",
"description": " Description of the new security record."
}
To test that authenticated users can update a security record, send a PUT request to the following endpoint with the authorization token:
PUT http://127.0.0.1:8000/api/security-records/1/
Content-Type: application/json
Authorization: Token <token>
{
"name": "Updated Security Record",
"description": "Updated description of the security record."
}
To test that authenticated users can delete a security record, send a DELETE request to the following endpoint with the authorization token:
DELETE http://127.0.0.1:8000/api/security-records/1/
Authorization: Token <token>
To run the project using Docker, follow these steps:
-
Install Docker and Docker Compose if you haven't already.
-
Clone the repository from GitHub: Repository Link
-
Navigate to the project directory.
-
Build the Docker image:
docker-compose build
-
Run the Docker containers:
docker-compose up
The 'tests.py' file contains test cases for the API endpoints defined in the Django application. These test cases are written using Django's testing framework and the Django REST Framework's 'APITestCase'.
The 'setUp' method is called before each test case to set up the necessary objects and configurations for testing. In this setup:
- An instance of 'APIClient' is created to simulate HTTP requests.
- A test user is created using Django's 'User' model.
- An authentication token is generated for the test user using Django REST Framework's 'Token' model.
- A test security record is created using the application's 'SecurityRecord' model.
The test cases are organized into two main sections:
- Test Access for 'Unauthenticated' Users
- Test Access for 'Authenticated' Users
These test cases ensure that unauthenticated users cannot perform certain actions (CRUD) on the API endpoints.
test_list_records_unauthenticated
: Checks that unauthenticated users cannot list security records.test_retrieve_record_unauthenticated
: Checks that unauthenticated users cannot retrieve a security record by ID.test_create_record_unauthenticated
: Checks that unauthenticated users cannot create a new security record.test_update_record_unauthenticated
: Checks that unauthenticated users cannot update a security record.test_delete_record_unauthenticated
: Checks that unauthenticated users cannot delete a security record.
(5 Tests)
These test cases ensure that authenticated users can perform actions on the API endpoints after authentication.
test_list_records_authenticated
: Checks that authenticated users can list security records.test_retrieve_record_authenticated
: Checks that authenticated users can retrieve a security record by ID.test_create_record_authenticated
: Checks that authenticated users can create a new security record.test_update_record_authenticated
: Checks that authenticated users can update a security record.test_delete_record_authenticated
: Checks that authenticated users can delete a security record.
(5 Tests)
The API endpoints are documented using 'drf-spectacular'. You can access the API documentation in two format:
Swagger UI provides an interactive interface for exploring the API. You can access it at:
Redoc provides a different view of the API documentation. You can access it at:
Both interfaces allow you to explore the available endpoints, view request and response schemas, and interact with the API directly from the documentation.
To deploy this project on a Kubernetes:
-
For Google Cloud Platform (GKE)
-
For AWS (EKS)
-
For Microsoft Azure (AKS)
-
Verify the deployment and get the external IP of the service:
- Ensure you have 'kubectl' installed and configured for your cloud provider.
- Apply the Development and Service file
kubectl apply -f development.yaml kubectl apply -f service.yaml
- verify that the pods are running:
kubectl get pods
- Get the external IP address of the service:
kubectl get svc SERVICE_NAME
- Access the Django application using the external IP.
This project uses GitHub Actions to automate CI process. The CI/CD pipeline is set up to run tests automatically whenever code changes are pushed to the main
branch.