开发环境和API开发的最佳实践?

时间:2023-01-12 23:34:57

My current employer uses a 3rd party hosted CRM provider and we have a fairly sophisticated integration tier between the two systems. Amongst the capabilities of the CRM provider is for developers to author business logic in a Java like language and on events such as the user clicking a button or submitting a new account into the system, have validation and/or business logic fire off.

我现在的雇主使用第三方托管的CRM提供商,我们在两个系统之间有一个相当复杂的集成层。 CRM提供程序的功能之一是,开发人员可以使用类似Java的语言编写业务逻辑,也可以使用用户单击按钮或向系统提交新帐户等事件来创建验证和/或业务逻辑。

One of the capabilities that we make use of is for that business code running on the hosted provider to invoke web services that we host. The canonical example is a sales rep entering in a new sales lead and hitting a button to ping our systems to see if we can identify that new lead based on email address, company/first/last name, etc, and if so, return back an internal GUID that represents that individual. This all works for us fine, but we've run into a wall again and again in trying to setup a sane dev environment to work against.

我们使用的功能之一是在托管提供程序上运行的业务代码,以调用我们托管的Web服务。典型的例子是销售代表进入新的销售线索并按下按钮来ping我们的系统,以查看我们是否可以根据电子邮件地址,公司/名字/姓氏等识别新的潜在客户,如果是,请返回表示该个人的内部GUID。这一切对我们来说都很好,但我们一次又一次地试图设置一个理智的开发环境来反对。

So while our use case is a bit nuanced, this can generally apply to any development house that builds APIs for 3rd party consumption: what are some best practices when designing a development pipeline and environment when you're building APIs to be consumed by the outside world?

因此,虽然我们的用例有点细微差别,但这通常适用于为第三方消费构建API的任何开发公司:在构建开发管道和环境时,当您构建API以供外部使用时,有哪些最佳实践世界?

At our office, all our devs are behind a firewall, so code in progress can't be hit by the outside world, in our case the CRM provider. We could poke holes in the firewall but that's less than ideal from a security surface area standpoint. Especially if the # of devs who need to be in a DMZ like area is high. We currently are trying a single dev machine in the DMZ and then remoting into it as needed to do dev work, but that's created a resource scarcity issue if multiple devs need the box, let alone they're making potentially conflicting changes (e.g. different branches).

在我们的办公室,我们所有的开发人员都在防火墙后面,因此正在进行的代码不会受到外部世界的影响,在我们的案例中是CRM提供商。我们可以在防火墙上挖洞,但从安全表面区域来看,这不太理想。特别是如果需要在像DMZ这样的区域的开发人员的数量很高。我们目前正在尝试在DMZ中使用单个开发机器,然后根据需要进行远程工作以进行开发工作,但如果多个开发人员需要这个框,那就造成了资源稀缺问题,更不用说他们正在进行潜在的冲突变更(例如,不同的分支机构) )。

We've considered just mocking/faking incoming requests by building fake clients for these services, but that's a pretty major overhead in building out feature sets (though it does by nature reinforce a testability of our APIs). This also doesn't obviate the fact that sometimes we really do need to diagnose/debug issues coming from the real client itself, not some faked request payload.

我们考虑过通过为这些服务构建虚假客户端来模拟/伪造传入请求,但这是构建功能集的相当大的开销(尽管它本质上强化了我们API的可测试性)。这也无法避免这样的事实,即有时我们确实需要诊断/调试来自真实客户端本身的问题,而不是某些伪造的请求有效负载。

What have others done in these types of scenarios? In this day and age of mashups, there have to be a lot of folks out there w/ experiences of developing APIs--what's worked (and not worked so) well for the folks out there?

其他人在这些类型的场景中做了什么?在混搭的这个时代,必须有很多人有开发API的经验 - 对那些人来说有什么用(而且没有这么做)?

2 个解决方案

#1


1  

In the occasions when this has been relevant to me (which, truth be told, is not often) we have tended to do a combination of hosting a dev copy of the solution in-house and mocking what we can't host.

在这与我有关的事件中(事实上,事实并非如此),我们倾向于组合在内部托管解决方案的开发副本并嘲笑我们无法托管的内容。

I personally think that the more you can host on individual dev boxes the better-- if your dev's PCs are powerful enough to have the entire thing running plus whatever else they need to develop then they should be doing this. It allows them to have tonnes of flexability to develop without worrying about other people.

我个人认为你可以越多地在个人开发盒上托管 - 如果你的开发者的PC足够强大,可以运行整个东西以及他们需要开发的任何其他东西,那么他们应该这样做。它允许他们在不担心其他人的情况下开发出大量的灵活性。

#2


1  

For dev, it would make sense to use mock objects and write good unit tests that define the task at hand. It would help to ensure that the developers understand the business requirements. The mock libraries are very sophisticated and help solve this problem.

对于dev,使用模拟对象并编写定义手头任务的良好单元测试是有意义的。这将有助于确保开发人员了解业务需求。模拟库非常复杂,有助于解决这个问题。

Then perhaps a continuous build process that moves the code to the dev box in the DMZ. A robust QA process would make sense plus general UAT testing.

然后可能是一个连续的构建过程,将代码移动到DMZ中的开发框。一个强大的QA过程将有意义加上一般的UAT测试。

Also, for general debugging, you again need to have access the machine in the DMZ where you remote in.

此外,对于一般调试,您还需要访问远程进入的DMZ中的计算机。

This is probably an "ideal" situation, but you did ask for best practices :).

这可能是一个“理想”的情况,但你确实要求最佳实践:)。

#1


1  

In the occasions when this has been relevant to me (which, truth be told, is not often) we have tended to do a combination of hosting a dev copy of the solution in-house and mocking what we can't host.

在这与我有关的事件中(事实上,事实并非如此),我们倾向于组合在内部托管解决方案的开发副本并嘲笑我们无法托管的内容。

I personally think that the more you can host on individual dev boxes the better-- if your dev's PCs are powerful enough to have the entire thing running plus whatever else they need to develop then they should be doing this. It allows them to have tonnes of flexability to develop without worrying about other people.

我个人认为你可以越多地在个人开发盒上托管 - 如果你的开发者的PC足够强大,可以运行整个东西以及他们需要开发的任何其他东西,那么他们应该这样做。它允许他们在不担心其他人的情况下开发出大量的灵活性。

#2


1  

For dev, it would make sense to use mock objects and write good unit tests that define the task at hand. It would help to ensure that the developers understand the business requirements. The mock libraries are very sophisticated and help solve this problem.

对于dev,使用模拟对象并编写定义手头任务的良好单元测试是有意义的。这将有助于确保开发人员了解业务需求。模拟库非常复杂,有助于解决这个问题。

Then perhaps a continuous build process that moves the code to the dev box in the DMZ. A robust QA process would make sense plus general UAT testing.

然后可能是一个连续的构建过程,将代码移动到DMZ中的开发框。一个强大的QA过程将有意义加上一般的UAT测试。

Also, for general debugging, you again need to have access the machine in the DMZ where you remote in.

此外,对于一般调试,您还需要访问远程进入的DMZ中的计算机。

This is probably an "ideal" situation, but you did ask for best practices :).

这可能是一个“理想”的情况,但你确实要求最佳实践:)。