Post a message into a Teams Channel using any HTTP client

Overview:  I need to post messages into Teams channels from my application, it is extremely easy to do and took me 15 minutes. 

Steps to Post a message from Postman into a specific Teams Channel:

1. Setup a channel to accept POST requests

Add a connector to the Channel

Find the "Incoming Webhook" connector

Create/Configure the new Webhook

Copy the webhook endpoint

2. Send a postman POST HTTP request to push the data into the Teams Channel

3. Verify the result in the teams Channel

The custom message is displayed in the channel.

Tip: Format the card/message using these instructions.

SaaS Azure Testing Thoughts

 Tooling:

1. API Automation - Postman, Newman
2. UI Automation - Selenium
3. IDE - Visual Studio 2019
4. Test Organization - Azure DevOps Test Plan
5. CI/CD - Azure DevOps

Code reviews:

Code review is used as a verification technique to ensure that each unit is coded as per standards and expected business logic and inline with coding standards and best practices.  Automate code review built into Azure Pipelines should include:  

• SonarQube - Static Analysis, 
• Blackduck - Open-Source Scanning (OSS) tool.  Used to look for license risks and unused references.
• Checkmarx - Static Application Security Testing (SAST) tool benefits include: Detect security vulnerabilities, Improve developer practices, and reports on code ownership.  Static code anaylsis.  VeraCode is a competitor product.
• BugSuite

Code should pass OWASP (Open Web Application Security Project) shows the most common code vulnerabilities.  Also ASVS (Application Security Verification Standard) - framework for controls when building applications to cover functional and NFR's.

Unit testing:

Unit tests are written to ensure every unit of code is working as expected, and to prevent a defect from going to the next level on all C# code.  Xunit and Moq are the tools to be used for unit testing using the standard Arrange > Act > Assert pattern.

As long as Unit test coverage is high and of a good standard, I don't mind if the tests are written before the code (TDD) or as most developers tend to do the tests after the code is written.

API testing:

All API must use Postman collections and Environments for local testing.  The tests need to cover all API's dealing with authentication, authorisation, checking status codes, body responses, headers, data persistence, and post test clean-up.  Use Newman to integrate postman tests into Azure pipelines:

https://www.npmjs.com/package/newman-reporter-htmlextra

Selenium testing:

Code for UI must be automated where possible.

SonarQube: "automatic code review tool to detect bugs, vulnerabilities, and code smells in your code" SonarQube documentation

Enterprise Service Bus and Message Queue thoughts

Message Queues have been around for many years and I've implemented message queue using: SonicMQ, MSMQ,  IBM MQ.  I like to keep my architecture as simple as possible so I still use queues but deciding between your "eventing" architecture brings Enterprise Service Buses (ESB) into picture and all the other players.  It come down to what you are trying to achieve, are you going to need more functionality later, what does you business have available and the skills you have to work with.

I like Azure Storage Queues, they are cheap, simple to setup and understand so for simple message queue capability:

Azure Naming Conventions

 My Format (I simplify for smaller companies)

<Company>-<BusinessUnit>-<Region>-<Environment>-<ResourceType>-<Project>-<Instance>

GS-IT-UK-PR-RGP-Treetops-001

GS-HR-US-DV-NSG-Cloud-001

I like to enforce the same length for each part, just because it makes it easier to read in a list.  i.e. Region - Could be the 2 digit country code 

Environment is my DTAP environment i.e. DV = Development, TS = Test, AS = Acceptance, PR=Production

Resource Type is the Azure Resource Type e.g. Network Security Group = NSG.   It is worth publishing a list as application services could be app or aps.

Tip: In azure sometime you can't use hypens or need to use lowercase.  If I am forced, then I keep the same convention but merely abide by the rules of the service.

The key is just keep it consistent.  I find organisation use Tags poorly so with the naming convention, it helps replace the need for Tags or tags can easily be added as it gives the info away in the name.

Microsoft Recommends Azure naming convention:

Power Apps using Excel in One Drive or SharePoint

Overview:  A Canvas Power App can easily connect to Excel held with SharePoint of OneDrive.   It is great for getting values in, or for reading static values from a list.

Limitations: 

1. You need to create a table in Excel to connect from Power Apps.  The problem is the table cannot contain any formulas.  I wanted to input a value, use Excel formulas to get a calculate risk value.  It can't connect.  The work around is to build the formulas in Power Apps but for my customer complex Excel sheet I don't want to spend weeks re-engineering the logic from code.

Excel: Trying to read field B19 that reference my calculation:

Power Apps: Trying to connect to the Excel table results in the "Excel file containing formula are currently not supported" error message:

2. Size limit, max 2 MB Excel file.  This may be bigger now.

Summary:  You can't work with large data sets and you can read from calculation cells in tables o Excel is fine for inputting into an Excel document that will be used as excel but pretty useless as a data store for Power Apps.  Rather use a SharePoint list but this doesn't help if you actually want to use Excel as it contains complex logic.

Building Response Canvas Power App

Problem:  Power Apps is great but historically you either build for the tablet or the phone and then the end users get an alright experience on the other device type.  Microsoft have Horizonal and Vertical containers and it is a greate way to build Resposnvie/Progressive applications.  

On the Power App make the following settings changes:

• Settings > Advanced Settings > Enable "Layout Containers"
• Settings > Screensize + Orientation > Diable "Scale to Fit"
• Settings > Screensize + Orientation > Diable "Lock Orientation"

Layout controls: Horizontal container & Vertical container, use these 2 controls to get a Responsive Design.  Screen layouts are only available for the Tablet layout. 

WIP

APIM Authentication and authorisation

Overview:  APIM provides two methods for secure access to an API operations:

1. Subscription: passed in the header or the query string (generated primary and secondary subscription key for each subscription), and 
2. Client Certificates.

WIP