yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

save

Browse source
This commit is contained in:
Yann Esposito (Yogsototh) 2024-02-01 15:16:14 +01:00
parent 7a9a9e9805
commit 0110eee062
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
72 changed files with 14761 additions and 2962 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
.attach/b7/7d688a-2ef2-4f0c-b345-22f41a714525/_20230925_155643famille.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 4.8 MiB

2
.orgids
View file

File diff suppressed because one or more lines are too long

BIN
Cisco.org.gpg
View file

Binary file not shown.

1803
archives/TODO.archive.org
View file

File diff suppressed because it is too large Load diff

BIN
death.org.gpg Normal file
View file

Binary file not shown.

472
famille.html Normal file
View file

@ -0,0 +1,472 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2019-09-05 Thu 16:06 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Vers l'autonomie</title>
<meta name="generator" content="Org mode" />
<meta name="author" content="Yann Esposito" />
<style type="text/css">
<!--/*--><![CDATA[/*><!--*/
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #ccc;
box-shadow: 3px 3px 3px #eee;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: visible;
padding-top: 1.2em;
}
pre.src:before {
display: none;
position: absolute;
background-color: white;
top: -10px;
right: 10px;
padding: 3px;
border: 1px solid black;
}
pre.src:hover:before { display: inline;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { width: 90%; }
/*]]>*/-->
</style>
<script type="text/javascript">
/*
@licstart The following is the entire license notice for the
JavaScript code in this tag.
Copyright (C) 2012-2019 Free Software Foundation, Inc.
The JavaScript code in this tag is free software: you can
redistribute it and/or modify it under the terms of the GNU
General Public License (GNU GPL) as published by the Free Software
Foundation, either version 3 of the License, or (at your option)
any later version. The code is distributed WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU GPL for more details.
As additional permission under GNU GPL version 3 section 7, you
may distribute non-source (e.g., minimized or compacted) forms of
that code without the copy of the GNU GPL normally required by
section 4, provided you include this license notice and a URL
through which recipients can access the Corresponding Source.
@licend The above is the entire license notice
for the JavaScript code in this tag.
*/
<!--/*--><![CDATA[/*><!--*/
function CodeHighlightOn(elem, id)
{
var target = document.getElementById(id);
if(null != target) {
elem.cacheClassElem = elem.className;
elem.cacheClassTarget = target.className;
target.className = "code-highlighted";
elem.className = "code-highlighted";
}
}
function CodeHighlightOff(elem, id)
{
var target = document.getElementById(id);
if(elem.cacheClassElem)
elem.className = elem.cacheClassElem;
if(elem.cacheClassTarget)
target.className = elem.cacheClassTarget;
}
/*]]>*///-->
</script>
</head>
<body>
<div id="content">
<h1 class="title">Vers l'autonomie</h1>
<div id="table-of-contents">
<h2>Table of Contents</h2>
<div id="text-table-of-contents">
<ul>
<li><a href="#org13f23d3">1. <span class="todo TODO">TODO</span> Quotidien <code>[0/3]</code></a>
<ul>
<li><a href="#org37d43f4">1.1. <span class="todo TODO">TODO</span> Rangement, propreté <code>[0/3]</code></a>
<ul>
<li><a href="#orgae65bbb">1.1.1. <span class="todo TODO">TODO</span> Faire sa chambre le matin <code>[0/6]</code></a></li>
<li><a href="#orga408d95">1.1.2. <span class="todo TODO">TODO</span> Repas <code>[0/8]</code></a></li>
<li><a href="#org7f235ad">1.1.3. <span class="todo TODO">TODO</span> Zones communes <code>[0/5]</code></a></li>
</ul>
</li>
<li><a href="#org9ea9bdc">1.2. <span class="todo TODO">TODO</span> Hygiène <code>[0/4]</code></a>
<ul>
<li><a href="#orgc4daf23">1.2.1. <span class="todo TODO">TODO</span> Se brosser les dents</a></li>
<li><a href="#orge52dc87">1.2.2. <span class="todo TODO">TODO</span> Se doucher</a></li>
<li><a href="#org7c00c4b">1.2.3. <span class="todo TODO">TODO</span> Dîner si possible en famille</a></li>
<li><a href="#org6dbc3cb">1.2.4. <span class="todo TODO">TODO</span> Se laver les mains avant de manger et de mettre la table</a></li>
</ul>
</li>
<li><a href="#org187ba7f">1.3. <span class="todo TODO">TODO</span> Travail scolaire / permis / obligations diverses <code>[0/2]</code></a>
<ul>
<li><a href="#orgc9b81ca">1.3.1. <span class="todo TODO">TODO</span> Se lever à l'heure pour <code>[0/7]</code></a></li>
<li><a href="#org4e937ea">1.3.2. <span class="todo TODO">TODO</span> Après les cours <code>[0/4]</code></a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div id="outline-container-org13f23d3" class="outline-2">
<h2 id="org13f23d3"><span class="section-number-2">1</span> <span class="todo TODO">TODO</span> Quotidien <code>[0/3]</code></h2>
<div class="outline-text-2" id="text-1">
</div>
<div id="outline-container-org37d43f4" class="outline-3">
<h3 id="org37d43f4"><span class="section-number-3">1.1</span> <span class="todo TODO">TODO</span> Rangement, propreté <code>[0/3]</code></h3>
<div class="outline-text-3" id="text-1-1">
</div>
<div id="outline-container-orgae65bbb" class="outline-4">
<h4 id="orgae65bbb"><span class="section-number-4">1.1.1</span> <span class="todo TODO">TODO</span> Faire sa chambre le matin <code>[0/6]</code></h4>
<div class="outline-text-4" id="text-1-1-1">
</div>
<ol class="org-ol">
<li><a id="orgb55b7fd"></a><span class="todo TODO">TODO</span> Faire le lit<br /></li>
<li><a id="org9d72b26"></a><span class="todo TODO">TODO</span> mettre ses habits sales au sale<br /></li>
<li><a id="orge59a0d2"></a><span class="todo TODO">TODO</span> ramasser les décher et les mettre à la poubelle<br /></li>
<li><a id="org6ed78f6"></a><span class="todo TODO">TODO</span> ne pas laisser de vaisselle dans la chambre<br /></li>
<li><a id="org9897efe"></a><span class="todo TODO">TODO</span> ne pas laisser de bouteille d'eau dans la chambre<br /></li>
<li><a id="org882c18d"></a><span class="todo TODO">TODO</span> ne pas laisser de nourriture dans la chambre<br /></li>
</ol>
</div>
<div id="outline-container-orga408d95" class="outline-4">
<h4 id="orga408d95"><span class="section-number-4">1.1.2</span> <span class="todo TODO">TODO</span> Repas <code>[0/8]</code></h4>
<div class="outline-text-4" id="text-1-1-2">
</div>
<ol class="org-ol">
<li><a id="orgae915b2"></a><span class="todo TODO">TODO</span> Participer à mettre la table <code>[0/6]</code><br />
<ol class="org-ol">
<li><a id="orgcab862f"></a><span class="todo TODO">TODO</span> Assiettes<br /></li>
<li><a id="orgb2e7822"></a><span class="todo TODO">TODO</span> Couverts<br /></li>
<li><a id="org5874eae"></a><span class="todo TODO">TODO</span> Verres<br /></li>
<li><a id="orgdc41765"></a><span class="todo TODO">TODO</span> Plat principal<br /></li>
<li><a id="org6bc2bfb"></a><span class="todo TODO">TODO</span> Eau<br /></li>
<li><a id="org62f73dd"></a><span class="todo TODO">TODO</span> Condiments (sel, poivre, vinaigrette, etc&#x2026;)<br /></li>
</ol>
</li>
<li><a id="org5413814"></a><span class="todo TODO">TODO</span> Nettoyer après avoir manger <code>[0/2]</code><br />
<ol class="org-ol">
<li><a id="org6798ae9"></a><span class="todo TODO">TODO</span> ranger sa table <code>[0/3]</code><br />
<ol class="org-ol">
<li><a id="orgd6871ad"></a><span class="todo TODO">TODO</span> son assiette / bols / etc&#x2026;<br /></li>
<li><a id="orgb70852c"></a><span class="todo TODO">TODO</span> ses couverts<br /></li>
<li><a id="orgad6a301"></a><span class="todo TODO">TODO</span> son verre<br /></li>
</ol>
</li>
<li><a id="orgce1c471"></a><span class="todo TODO">TODO</span> débarrasser la table <code>[0/6]</code><br />
<ol class="org-ol">
<li><a id="org59260f8"></a><span class="todo TODO">TODO</span> l'eau à re-remplir, remettre au frais pour le lendemain<br /></li>
<li><a id="org20b2480"></a><span class="todo TODO">TODO</span> débarrasser le plat principal<br />
<div class="outline-text-7" id="text-1-1-2-2-2-2">
<ul class="org-ul">
<li>si il reste beaucoup remettre le plat au frigo (le laisser refroidir)</li>
<li>si il en reste peu, ou qu'on n'en remangera pas, vider le reste du plat
principal dans un autre récipient plus petit et le mettre soi au frigo,
soit au congélateur pour le manger plus tard. Et nettoyer, à la main, le
grand récipient (plat à gratin, saladier, marmite, etc&#x2026;)</li>
</ul>
</div>
</li>
<li><a id="org25f773b"></a><span class="todo TODO">TODO</span> débarrasser le pain et le remettre à sa place<br /></li>
<li><a id="org2149c96"></a><span class="todo TODO">TODO</span> débarrasser les condiments (sel, moutarde, etc&#x2026;)<br /></li>
<li><a id="orgc7f2d06"></a><span class="todo TODO">TODO</span> essuyer la table<br />
<div class="outline-text-7" id="text-1-1-2-2-2-5">
<ul class="org-ul">
<li>vérifier qu'il ne reste plus rien</li>
<li>essuyer sur les rebords de la table</li>
<li>nettoyer les miettes par terre ou essuyer si c'est vraiment sale</li>
<li>après avoir passer l'éponge, essuyer avec une serviette pour ne pas
laisser des traces d'humidité</li>
</ul>
</div>
</li>
<li><a id="org9552813"></a><span class="todo TODO">TODO</span> Mettre au recyclage vs poubelle<br /></li>
</ol>
</li>
</ol>
</li>
<li><a id="org9ced883"></a><span class="todo TODO">TODO</span> Savoir mettre correctement la vaisselle dans le lave vaisselle<br />
<div class="outline-text-5" id="text-1-1-2-3">
<ul class="org-ul">
<li>les verres jamais dans le mauvais sens</li>
<li>les bols et les assiettes creusent ne doivent pas être obstruées</li>
<li>il vaut mieux nettoyer une gros élément à la main que lancer le lave
vaisselle inutilement 2x</li>
</ul>
</div>
</li>
<li><a id="org9a61e72"></a><span class="todo TODO">TODO</span> Savoir si on doit lancer le lave vaisselle<br /></li>
<li><a id="org4ef5935"></a><span class="todo TODO">TODO</span> Savoir lancer le lave vaisselle si nécessaire<br /></li>
<li><a id="org072d04a"></a><span class="todo TODO">TODO</span> Savoir si on doit débarrasser le lave vaisselle<br /></li>
<li><a id="org74ab453"></a><span class="todo TODO">TODO</span> Débarrasser le lave vaisselle<br /></li>
</ol>
</div>
<div id="outline-container-org7f235ad" class="outline-4">
<h4 id="org7f235ad"><span class="section-number-4">1.1.3</span> <span class="todo TODO">TODO</span> Zones communes <code>[0/5]</code></h4>
<div class="outline-text-4" id="text-1-1-3">
</div>
<ol class="org-ol">
<li><a id="org7f38b2a"></a><span class="todo TODO">TODO</span> Salon/cuisine <code>[0/6]</code><br />
<ol class="org-ol">
<li><a id="orga63f110"></a><span class="todo TODO">TODO</span> Si le sol est sale lancer le robot<br /></li>
<li><a id="orge897183"></a><span class="todo TODO">TODO</span> Savoir vider et nettoyer le robot<br /></li>
<li><a id="org04a9a3f"></a><span class="todo TODO">TODO</span> Si la poubelle est pleine, jeter la poubelle, savoir la remplacer<br /></li>
<li><a id="orgdd46e2a"></a><span class="todo TODO">TODO</span> Si la poubelle coule et salit le sol, savoir nettoyer le sol<br /></li>
<li><a id="orga09ff08"></a><span class="todo TODO">TODO</span> Savoir nettoyer la poubelle si elle est sale<br /></li>
<li><a id="orgfb4c5e4"></a><span class="todo TODO">TODO</span> Savoir passer l'aspirateur et la pièce<br /></li>
</ol>
</li>
<li><a id="orgfb9dd2a"></a><span class="todo TODO">TODO</span> Savoir s'il faut arroser les plantes et les arroser si nécessaire<br /></li>
<li><a id="org183a86d"></a><span class="todo TODO">TODO</span> Salle de bain <code>[0/7]</code><br />
<ol class="org-ol">
<li><a id="orgbe826e2"></a><span class="todo TODO">TODO</span> Savoir ranger sa sale de bain<br /></li>
<li><a id="org8523378"></a><span class="todo TODO">TODO</span> Savoir plier et ranger sa serviette<br /></li>
<li><a id="org98b43f8"></a><span class="todo TODO">TODO</span> Nettoyer le sol après la douche<br /></li>
<li><a id="orge41e156"></a><span class="todo TODO">TODO</span> Nettoyer le siphon de la douche si nécessaire<br /></li>
<li><a id="orgfcf6f09"></a><span class="todo TODO">TODO</span> Nettoyer le lavabo<br /></li>
<li><a id="org515a214"></a><span class="todo TODO">TODO</span> Savoir ranger les produit d'hygiène, jeter et prévoir<br /></li>
<li><a id="orgc1e8ef6"></a><span class="todo TODO">TODO</span> Savoir utiliser les produits d'entretiens<br /></li>
</ol>
</li>
<li><a id="org7f0b5f9"></a><span class="todo TODO">TODO</span> Toilettes <code>[0/4]</code><br />
<ol class="org-ol">
<li><a id="orge6b5f0f"></a><span class="todo TODO">TODO</span> Jeter les rouleau usagés<br /></li>
<li><a id="orgcc50c43"></a><span class="todo TODO">TODO</span> Nettoyer le sol sale des toilettes si besoin<br /></li>
<li><a id="org688a0f3"></a><span class="todo TODO">TODO</span> Vérifier et nettoyer les traces sous l'abattant<br /></li>
<li><a id="org4b51873"></a><span class="todo TODO">TODO</span> Savoir acheter du papier toilette (ne pas attendre qu'il soit trop tard)<br /></li>
</ol>
</li>
<li><a id="org935868a"></a><span class="todo TODO">TODO</span> Entrée <code>[0/4]</code><br />
<ol class="org-ol">
<li><a id="orgeee79e8"></a><span class="todo TODO">TODO</span> ranger ses chaussures dès l'entrée dans l'appartement<br /></li>
<li><a id="org3e1f95c"></a><span class="todo TODO">TODO</span> pendre ses manteaux/gilets dans la penderie<br /></li>
<li><a id="org690222f"></a><span class="todo TODO">TODO</span> ranger ses bonnets / gants / accessoires dans la penderie<br /></li>
<li><a id="org4f27d29"></a><span class="todo TODO">TODO</span> ramasser et ranger ce qui traîne<br /></li>
</ol>
</li>
</ol>
</div>
</div>
<div id="outline-container-org9ea9bdc" class="outline-3">
<h3 id="org9ea9bdc"><span class="section-number-3">1.2</span> <span class="todo TODO">TODO</span> Hygiène <code>[0/4]</code></h3>
<div class="outline-text-3" id="text-1-2">
</div>
<div id="outline-container-orgc4daf23" class="outline-4">
<h4 id="orgc4daf23"><span class="section-number-4">1.2.1</span> <span class="todo TODO">TODO</span> Se brosser les dents</h4>
</div>
<div id="outline-container-orge52dc87" class="outline-4">
<h4 id="orge52dc87"><span class="section-number-4">1.2.2</span> <span class="todo TODO">TODO</span> Se doucher</h4>
</div>
<div id="outline-container-org7c00c4b" class="outline-4">
<h4 id="org7c00c4b"><span class="section-number-4">1.2.3</span> <span class="todo TODO">TODO</span> Dîner si possible en famille</h4>
</div>
<div id="outline-container-org6dbc3cb" class="outline-4">
<h4 id="org6dbc3cb"><span class="section-number-4">1.2.4</span> <span class="todo TODO">TODO</span> Se laver les mains avant de manger et de mettre la table</h4>
</div>
</div>
<div id="outline-container-org187ba7f" class="outline-3">
<h3 id="org187ba7f"><span class="section-number-3">1.3</span> <span class="todo TODO">TODO</span> Travail scolaire / permis / obligations diverses <code>[0/2]</code></h3>
<div class="outline-text-3" id="text-1-3">
</div>
<div id="outline-container-orgc9b81ca" class="outline-4">
<h4 id="orgc9b81ca"><span class="section-number-4">1.3.1</span> <span class="todo TODO">TODO</span> Se lever à l'heure pour <code>[0/7]</code></h4>
<div class="outline-text-4" id="text-1-3-1">
</div>
<ol class="org-ol">
<li><a id="orgb5c14c2"></a><span class="todo TODO">TODO</span> prendre le petit déjeuner<br /></li>
<li><a id="org07de6a5"></a><span class="todo TODO">TODO</span> nettoyer le petit déjeuner<br /></li>
<li><a id="orgee1f2b2"></a><span class="todo TODO">TODO</span> faire son lit<br /></li>
<li><a id="orgac7419c"></a><span class="todo TODO">TODO</span> ranger sa chambre<br /></li>
<li><a id="org18fdc28"></a><span class="todo TODO">TODO</span> mettre ses affaires sales au sale<br /></li>
<li><a id="orgd44897c"></a><span class="todo TODO">TODO</span> avoir ses affaires scolaires prêtes<br /></li>
<li><a id="org0da2c3d"></a><span class="todo TODO">TODO</span> préparer sa gamelle/ses en cas<br /></li>
</ol>
</div>
<div id="outline-container-org4e937ea" class="outline-4">
<h4 id="org4e937ea"><span class="section-number-4">1.3.2</span> <span class="todo TODO">TODO</span> Après les cours <code>[0/4]</code></h4>
<div class="outline-text-4" id="text-1-3-2">
</div>
<ol class="org-ol">
<li><a id="org4e79e12"></a><span class="todo TODO">TODO</span> réviser le code<br /></li>
<li><a id="org3cd800d"></a><span class="todo TODO">TODO</span> réviser le travail scolaire<br /></li>
<li><a id="orgce25a98"></a><span class="todo TODO">TODO</span> ranger ses livres et cahier<br /></li>
<li><a id="org4d6b7dd"></a><span class="todo TODO">TODO</span> ranger ses affaires de sport<br /></li>
</ol>
</div>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="author">Author: Yann Esposito</p>
<p class="date">Created: 2019-09-05 Thu 16:06</p>
<p class="validation"><a href="http://validator.w3.org/check?uri=referer">Validate</a></p>
</div>
</body>
</html>

1065
inbox.org
View file

File diff suppressed because it is too large Load diff

BIN
journal.org.gpg Normal file
View file

Binary file not shown.

BIN
logs.org
View file

Binary file not shown.

BIN
notes.org.gpg
View file

Binary file not shown.

2
notes/alternative_nets.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 463c0152-b16a-4cfb-8590-acc0bf71d0c8
:END:
Alternative Nets
#+Title: Alternative Nets
#+Author: Yann Esposito
#+Date: [2023-07-29]
- tags :: [[id:e7f8ce2b-3c40-4f5d-bed7-fe6b97e7a460][small-web]]

3
notes/chien_d_assistance.org
View file

@ -1,4 +1,7 @@
:PROPERTIES:
:ID: c26339f6-e0bc-40e3-8fe3-94e4b41b61b0
:END:
PROPERTIES:
:ID: 2a3d68cc-4a14-442c-b7f9-c602a2cd25bf
:END:
#+title: chien d'assistance

236
notes/chien_espoir_handicap_ag.org
View file

@ -5,10 +5,47 @@
#+Author: Yann Esposito
#+Date: [2023-06-13]
- tags ::
- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
- source ::
* Contacts
| Nom | email | telephone | addresse |
|-----------------------------+---------------------------------+------------+--------------------------------------------|
| Matthieu Delpeuch | chien.espoir.handicap@gmail.com | 0651597922 | Antibes |
| Mélodie Durand | melody.durandbernard@gmail.com | 0664335877 | 138 impasse Camatte 06410 Biot |
| Claire Mainguené Costa-Foru | claire.mainguene@wanadoo.fr | 0661092711 | 11 route du Mont Agel, 06320, La Turbie |
| Lionel Rebière | lrebi@yahoo.com | 0686263291 | 13320, Bouc-bel-Air |
| Joëlle Rebière | | 0637629720 | |
| Krystelle Esposito | krystelle.esposito@gmail.com | 0662203951 | 12, allée du Fer à Cheval, 13500 Martigues |
| Yann Esposito | yann@esposito.host | 0650845271 | 12, allée du Fer à Cheval, 13500 Martigues |
| username | password |
|-----------+----------|
| matthieu | ginette |
| melodie | flondine |
| claire | lacie |
| lionel | anleika |
| joelle | anleika |
| yann | annapo |
| krystelle | annapo |
#+begin_comment
htpasswd -b -c htpasswd_chien.tmp.1 matthieu ginette
htpasswd -b -c htpasswd_chien.tmp.2 melodie flondine
htpasswd -b -c htpasswd_chien.tmp.3 claire lacie
htpasswd -b -c htpasswd_chien.tmp.4 lionel anleika
htpasswd -b -c htpasswd_chien.tmp.5 joelle anleika
htpasswd -b -c htpasswd_chien.tmp.6 yann annapo
htpasswd -b -c htpasswd_chien.tmp.7 krystelle annapo
cat htpasswd_chien.tmp.* > htpasswd_chien
rm
#+end_comment
* [2023-06-13 Tue]
- Matt
- Melo
- Yann & Krystelle
@ -41,3 +78,200 @@ Prévoir entretient avec Melo.
- dogue femelle
- femelle berger australien
- jeune croisé labrador
* [2023-10-03 Tue]
** Lettre Val
** Nouveau Contrat
- Une personne sans chien et qui l'adopte
- Une personne avec un chien existant
Ajouter des détails dans le contrat.
Comment faire les changements d'ICADE via l'association ?
Psychologue, elle est motivée pour faire passer les entretiens.
Livret Captt.
** Nouvelle personne dans l'asso
Ancienne médecin. Peut-être remplacer Melo.
* [2023-11-23 Thu]
- Présentation Médecin
- Présentation de tous
** Resumé
- Gamin & Victoria
- Idée: Premier RDV avec Psychologue, Milena.
** TODO Site mettre à jour
Ajouter des binômes:
- Rose
- ????
- Gamin en cours de formation
- Changer les couleurs du logo et du site (bleu)
** TODO Contrat
- Relire et check logo
* [2024-01-12 Fri]
** Personnes presentent:
- Matthieu
- Clara
- Claire
- Joëlle
- Krystelle
- Yann
** Notes
- Demande coordonnées pour ajout au tableau des membres du bureau
- Gamin toujours en formation cette année
- Mal passé avec le 2nd chien.
Le conjoint de cette personne a rebroussé chemin en disant que le chien
faisait des dégats. Non prêt à avoir un chiot non éduqué.
Elle est totalement dépendante, elle a décidé de ne pas garder ce chien (Zuko).
Essayer de le replacer sur une famille avec le reseau de Lionel, sur Nice.
Mais ça c'est aussi mal passé.
Le chien est à la SPA de nouveau.
*Conclusions*: faire un entretient avec bilan avant d'accepter un nouveau beneficiaire.
Avec une psychologue (Milena).
Demander à rencontrer l'entourage.
#+begin_quote
- @Claire questionner la motivation des gens.
- @Clara: Les parents étaient très confiants. Les parents n'ont pas réussi à réguler
le chien.
- @Matt il faut mettre en avant les problèmes liés aux chiens de refuges.
- @Matt: remarque on m'appelle pour réeduquer un chien de chez handichien.
Le chien ne détecte pas les crises.
- @Matt: Nouvelles demandes. Soit on refuse tout ce qui vient de trop loin
>40km d'Antibes. Soit on fait comme Lionel et on fait un réseau.
Tout est en stand-by, aucune claire et précise. Une connaissance de Victoria
habite à la montage, Husky et Malamute, voudrait utiliser un des Husky.
Demande de la Drôme. Je connais un éducateur un peu rustre mais qui pourrait
être intéressé.
Se lancer avec un réseau d'éducateur.
- @Krystelle: avons-nous les épaules?
- @Matt: on peut rester à petite échelle.
- @Claire: centre plus vers Mandelieu / Frejus. Peut-être peut-on élargir le périmètre.
- @Matt: demandes à l'autre bout de la France, difficile à gérer.
- @Claire: Toi et Clara êtes d'excellents éducateurs, c'est difficile à déléguer.
- @Clara: Même si les méthodes peuvent convenir, on a pas la main dessus.
C'est compliqué de travailler à distance.
- @Matt Yann on devrait ajouter sur le site qu'on ne travaille qu'avec des
gens sur le secteur ou prêts à se déplacer.
- @Matt: Education avec Anne se passe très bien.
- @Clara: on peut avoir une antenne où se trouve Anne
- @Matt: Céline est top autour d'Aix. Elle a fait 15 ans de chien guide et a
repris une association. Elle est très forte en apprentissage et chien
d'assistance.
- @Matt: Soit on fait un petit réseau de 3 ou 4 éducateurs.
Je délègue déjà.
- @Krystelle: partenariat avec Céline ?
- @Matt: Déjà fait en 2020 pour Prince.
Pour les demandes autour d'Aix-en-Provence.
Donc on pourrait avoir Anne région Parisienne.
- @Clara: pour la coordination ? Des points réguliers ?
- @Matt: Ca se passe sans trop d'effort. Par exemple avec Anne une relation de
confiance, de même pour Céline.
- @Joelle: Aujourd'hui c'est toi qui certifie tous les chiens et c'est ce
qu'il faudrait garder.
- @Matt: Oui. Peut-être un contrat ?
- @Krystelle: Il faut prendre le temps d'écrire.
- @Matt: Je n'ai pas envie de pénaliser l'association sous prétexte que je
n'ai pas beaucoup de temps à accorder à ça.
Céline serait très motivé, Anne est débordée mais on peut lui en demander.
Clara au plus elle en fait au mieux c'est.
Ce me permet de ne pas refuser sans me charger.
- @Matt: Sur Paris, voir combien de suivi annuel par éducateur.
- @Krystelle: Au contrat, que faut-il y mettre.
- @Matt: Demander à Lionel un contrat pour les éducateurs.
- @Clara: J'ai déjà mon propre contrat.
- @Krystelle: Ce serait bien qu'on prenne ce contrat comme exemple.
- @Matt: éducateur sur la Drome. Il faut que je lui demande.
- @Krystelle: comment ça se passe pour accepter un nouveau bénéficiaire.
- @Matt: demander au bénéficiaire de venir nous rencontrer pour faire
l'évaluation et le bilan.
Une fois validé l'éducateur local prendra la main.
- @Yann: voir le lieu de vie.
- @Matt: demander à l'éducateur de s'occuper du premier RDV.
- @Krystelle: demander le bilan psy puis domicile.
- @Claire: inverser, d'abord domicile puis local.
- @Yann: difficulté pour certaines personne de venir à Antibes.
- @Clara: essayer la gestion au domicile avec la psy en visio si possible
pour avoir une idée globale de plusieurs professionnels.
- @Matt: Exemple de demande qui me donne envie de répondre favorablement.
Une asperger de 22 ans, demande par handichien
sans réponse.
Elle a toujours eu des thérapie avec des animaux, école d'éleveur, elle ne
peut pas travailler.
Elle vie sur le terrain de ses parent de 2500m2.
En terme de besoins: présence, accompagnement, pressoterapie, guidage,
comportement dangereux.
Exactement ce que faisaient Pô et Leika.
- @Clara: quel secteur ?
- @Matt: Dans la Drôme, voir si Laurent serait intéressé.
- @Krystelle: on m'a contacté pour avoir un chien.
Une maman de 3 enfants qui a une petite fille autiste de 7 ans sourde muette.
La maman est seule, ça me parait difficile.
- @Clara: sourde muette rend la communication difficile
- @Matt: dire aux gens on part sur un chien d'eveil, pas forcément de
certification, pas d'assistance.
Comme Hope.
Maintenant que j'ai vécu un échec avec Zuko, ça m'a fait prendre conscience
qu'il ne faut pas prendre trop de risques.
On a perdu du temps et de l'argent.
Le chien a fait SPA, 2 familles, retour SPA.
Je préfère bien sélectionner et assurer.
Au final, la SPA a accepté tout de suite de pouvoir ramener le chien en cas
de problème. Donc la SPA est un très bon partenaire.
- @Krystelle: La maman de Gaïa a envoyé un message pour faire un don à l'association.
Soient ils passent par helloasso, soit via le RIB de l'association.
- @Matt: le virement c'est le mieux.
- @Claire: Quel est le budget annuel des dons?
- @Matt: Sur helloasso. Virement mensuel de 15€.
- @Clara: Si on parle d'augmenter le nombre de beneficiaires. Peut-être
chercher des entreprises pour du partenariat. Monter un dossier.
- @Matt: Melodie c'était occupé de tout ça, elle l'a fait pour une autre
association et pour nous avec. C'est vraiment elle qui s'occupe de ces
dossiers et subventions.
- @Clara: il nous faut une base pour aller démarcher.
- @Matt: Une assocation d'infirmières nous a donné 2400€.
On a actuellement >4000€ sur le compte.
Par educateur, 1500€ ou 2000€ l'année.
- @Matt: Hormis helloasso, est-il possible de faire un don en direct ?
- @Yann: oui c'est possible. Avec un formulaire.
- @Claire: facile de faire un don via virement.
- @Matt: changer la couleur en bleu.
Ajouter le logo sur le site.
Mettre le logo avec un lien vers un don.
Les nouvelles cartes.
Mettre le texte dans le logo.
#+end_quote
** TODO Taches
- Matt:
- Envoyer la trame de la nouvelle carte
- Clara:
- envoyer le contrat à yann@esposito.host
- Claire:
- Trouver la date pour le prochain RDV
- Krystelle:
- Envoyer la nouvelle carte pour tous les bénéficiaires.
- Relancer Matthieu pour inviter Milena
- Yann
- Changer les couleurs du site web.
- Ajouter le périmetre d'accueil sur le site web.
- Ajouter un lien pour faire un don.

437
notes/cisco_custom_roles.html Normal file
View file

@ -0,0 +1,437 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="author" content="Yann Esposito" />
<title>Custom Roles</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
pre > code.sourceCode { white-space: pre; position: relative; }
pre > code.sourceCode > span { display: inline-block; line-height: 1.25; }
pre > code.sourceCode > span:empty { height: 1.2em; }
.sourceCode { overflow: visible; }
code.sourceCode > span { color: inherit; text-decoration: inherit; }
div.sourceCode { margin: 1em 0; }
pre.sourceCode { margin: 0; }
@media screen {
div.sourceCode { overflow: auto; }
}
@media print {
pre > code.sourceCode { white-space: pre-wrap; }
pre > code.sourceCode > span { text-indent: -5em; padding-left: 5em; }
}
pre.numberSource code
{ counter-reset: source-line 0; }
pre.numberSource code > span
{ position: relative; left: -4em; counter-increment: source-line; }
pre.numberSource code > span > a:first-child::before
{ content: counter(source-line);
position: relative; left: -1em; text-align: right; vertical-align: baseline;
border: none; display: inline-block;
-webkit-touch-callout: none; -webkit-user-select: none;
-khtml-user-select: none; -moz-user-select: none;
-ms-user-select: none; user-select: none;
padding: 0 4px; width: 4em;
color: #aaaaaa;
}
pre.numberSource { margin-left: 3em; border-left: 1px solid #aaaaaa; padding-left: 4px; }
div.sourceCode
{ }
@media screen {
pre > code.sourceCode > span > a:first-child::before { text-decoration: underline; }
}
code span.al { color: #ff0000; font-weight: bold; } /* Alert */
code span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
code span.at { color: #7d9029; } /* Attribute */
code span.bn { color: #40a070; } /* BaseN */
code span.bu { color: #008000; } /* BuiltIn */
code span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
code span.ch { color: #4070a0; } /* Char */
code span.cn { color: #880000; } /* Constant */
code span.co { color: #60a0b0; font-style: italic; } /* Comment */
code span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
code span.do { color: #ba2121; font-style: italic; } /* Documentation */
code span.dt { color: #902000; } /* DataType */
code span.dv { color: #40a070; } /* DecVal */
code span.er { color: #ff0000; font-weight: bold; } /* Error */
code span.ex { } /* Extension */
code span.fl { color: #40a070; } /* Float */
code span.fu { color: #06287e; } /* Function */
code span.im { color: #008000; font-weight: bold; } /* Import */
code span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
code span.kw { color: #007020; font-weight: bold; } /* Keyword */
code span.op { color: #666666; } /* Operator */
code span.ot { color: #007020; } /* Other */
code span.pp { color: #bc7a00; } /* Preprocessor */
code span.sc { color: #4070a0; } /* SpecialChar */
code span.ss { color: #bb6688; } /* SpecialString */
code span.st { color: #4070a0; } /* String */
code span.va { color: #19177c; } /* Variable */
code span.vs { color: #4070a0; } /* VerbatimString */
code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
</style>
<style>code {opacity:80%; font-size: 75%; background-color: rgba(127,127,127,0.3);body{font-family:"CMU Typewriter"} :root {--r-heading-font: Futura,sans-serif; --r-main-font-size: 36px; --r-main-font: Futura,sans-serif;}</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Custom Roles</h1>
<p class="subtitle">XDR IROH</p>
<p class="author">Yann Esposito</p>
<p class="date">[2023-10-03 Tue 15:30]</p>
</header>
<h1 id="current-state">Current state</h1>
<h2 id="listing-roles-already-by-org">Listing Roles (already by
org)</h2>
<p><code class="verbatim">GET /iroh/profile/roles</code></p>
<p>Provide a data structure with describing all roles for an Org:</p>
<ul>
<li>3 roles for XDR (admin, user, sat)</li>
<li>2 roles for SX (admin, user)</li>
</ul>
<h2 id="role-permissions">⚠ Role ≠ Permissions</h2>
<p>The role associated to a user do not necessarily matches the user
permission.</p>
<p>The role is only one of the component to use to determine a token or
even a user permissions. The permissions are represented by
<em>scopes</em> which are computed using:</p>
<ul>
<li>the user role</li>
<li>the org properties (activated or not, XDR or not etc…)</li>
<li>entitlements (not in use but will probably be the case in the
future)</li>
</ul>
<h2 id="role-permissions-tokens">⚠ Role ≠ Permissions (Tokens)</h2>
<ul>
<li>the user scopes</li>
<li>as well as the client scopes</li>
<li>as well as the scopes requested during the OAuth2 authorization
flow</li>
</ul>
<h2 id="current-response-for-an-xdr-enabled-org">Current response for an
XDR-enabled org</h2>
<div class="sourceCode" id="cb1"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a>GET /iroh/profile/roles</span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;administrator&quot;</span>,</span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb1-4"><a href="#cb1-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Administrator&quot;</span>,</span>
<span id="cb1-5"><a href="#cb1-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an administrator&quot;</span>},</span>
<span id="cb1-6"><a href="#cb1-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Administrator&quot;</span>,</span>
<span id="cb1-7"><a href="#cb1-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb1-8"><a href="#cb1-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;An admin of users.&quot;</span>,</span>
<span id="cb1-9"><a href="#cb1-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb1-10"><a href="#cb1-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:sat</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;security analyst&quot;</span>,</span>
<span id="cb1-11"><a href="#cb1-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;a&quot;</span>,</span>
<span id="cb1-12"><a href="#cb1-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Security Analyst&quot;</span>,</span>
<span id="cb1-13"><a href="#cb1-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;a security analyst&quot;</span>},</span>
<span id="cb1-14"><a href="#cb1-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Security Analyst&quot;</span>,</span>
<span id="cb1-15"><a href="#cb1-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;sat&quot;</span>,</span>
<span id="cb1-16"><a href="#cb1-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span></span>
<span id="cb1-17"><a href="#cb1-17" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;No account admin. SXO read only + run existing workflows.&quot;</span>,</span>
<span id="cb1-18"><a href="#cb1-18" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;incident responder&quot;</span>,</span>
<span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Incident Responder&quot;</span>,</span>
<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an incident responder&quot;</span>},</span>
<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Incident Responder&quot;</span>,</span>
<span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span></span>
<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a> <span class="st">&quot;This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows&quot;</span>,</span>
<span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>}}</span></code></pre></div>
<h2 id="current-response-for-an-sx-only-org">Current response for an
SX-only org</h2>
<div class="sourceCode" id="cb2"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a>GET /iroh/profile/roles</span>
<span id="cb2-2"><a href="#cb2-2" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb2-3"><a href="#cb2-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;an&quot;</span>,</span>
<span id="cb2-4"><a href="#cb2-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;Admin&quot;</span>,</span>
<span id="cb2-5"><a href="#cb2-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;an admin&quot;</span>},</span>
<span id="cb2-6"><a href="#cb2-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;Admin&quot;</span>,</span>
<span id="cb2-7"><a href="#cb2-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;admin&quot;</span>,</span>
<span id="cb2-8"><a href="#cb2-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;An admin of users.&quot;</span>,</span>
<span id="cb2-9"><a href="#cb2-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>},</span>
<span id="cb2-10"><a href="#cb2-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> {<span class="at">:english</span> {<span class="at">:only-role-name</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb2-11"><a href="#cb2-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:adjective</span> <span class="st">&quot;a&quot;</span>,</span>
<span id="cb2-12"><a href="#cb2-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:only-role-name-capitalized</span> <span class="st">&quot;User&quot;</span>,</span>
<span id="cb2-13"><a href="#cb2-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:english-role-name</span> <span class="st">&quot;a user&quot;</span>},</span>
<span id="cb2-14"><a href="#cb2-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-name</span> <span class="st">&quot;User&quot;</span>,</span>
<span id="cb2-15"><a href="#cb2-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="st">&quot;user&quot;</span>,</span>
<span id="cb2-16"><a href="#cb2-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;A standard user.&quot;</span>,</span>
<span id="cb2-17"><a href="#cb2-17" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;public&quot;</span>}}</span></code></pre></div>
<h2 id="what-the-api-already-support">What the API already support</h2>
<ul>
<li>list all roles for every Org</li>
<li>change the role of a user</li>
<li>support roles during invitation and Org access request</li>
<li>expose a permissions endpoint to check permission access
independently of the role</li>
<li>read/write access restriction</li>
<li>fine grained <em>resource</em> target in the scopes
<code>enrich</code><code>enrich/observables/observe:write</code></li>
</ul>
<h2 id="what-the-api-does-not-support">What the API does not
support</h2>
<ul>
<li>No support for create+update but not delete.</li>
<li>No support for multiple roles</li>
<li>No support for custom role creation (obviously)
<ul>
<li>No scopes API for roles</li>
</ul></li>
</ul>
<h1 id="expected-changes">Expected Changes</h1>
<h2 id="new-api-exhaustive-scopes-list">New API: (exhaustive scopes
list)</h2>
<p>Exhaustive list of scopes as a forest structure</p>
<div class="sourceCode" id="cb3"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a>[{<span class="at">:scope</span> <span class="st">&quot;global-intel&quot;</span></span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a> (optional <span class="at">:description</span>) ,,,</span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]</span>
<span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:sub-scopes</span> [{<span class="at">:scope</span> <span class="st">&quot;global-intel/incident&quot;</span></span>
<span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]}</span>
<span id="cb3-6"><a href="#cb3-6" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope</span> <span class="st">&quot;global-intel/sighting&quot;</span></span>
<span id="cb3-7"><a href="#cb3-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;read&quot;</span>]}</span>
<span id="cb3-8"><a href="#cb3-8" aria-hidden="true" tabindex="-1"></a> ,,,]}</span>
<span id="cb3-9"><a href="#cb3-9" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope</span> <span class="st">&quot;private-intel&quot;</span></span>
<span id="cb3-10"><a href="#cb3-10" aria-hidden="true" tabindex="-1"></a> (optional <span class="at">:description</span>) ,,,</span>
<span id="cb3-11"><a href="#cb3-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:accessors</span> [<span class="st">&quot;rw&quot;</span>,<span class="st">&quot;read&quot;</span>,<span class="st">&quot;write&quot;</span>]</span>
<span id="cb3-12"><a href="#cb3-12" aria-hidden="true" tabindex="-1"></a> <span class="at">:sub-scopes</span> [{,,,}]}]</span></code></pre></div>
<h2 id="new-api-maybe">New API (maybe?)</h2>
<p>Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc
team:</p>
<div class="sourceCode" id="cb4"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a>[{<span class="at">:scope-alias</span> <span class="st">&quot;threat-hunt&quot;</span></span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a> <span class="at">:scopes</span> [<span class="st">&quot;enrich/observables/observe:read&quot;</span>,<span class="st">&quot;inspect&quot;</span>,<span class="st">&quot;investigation&quot;</span>]</span>
<span id="cb4-3"><a href="#cb4-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:description</span> ,,,,}</span>
<span id="cb4-4"><a href="#cb4-4" aria-hidden="true" tabindex="-1"></a> {<span class="at">:scope-alias</span> <span class="st">&quot;incidents&quot;</span></span>
<span id="cb4-5"><a href="#cb4-5" aria-hidden="true" tabindex="-1"></a> <span class="at">:scopes</span> [<span class="st">&quot;private-intel&quot;</span>,<span class="st">&quot;global-intel:read&quot;</span>]</span>
<span id="cb4-6"><a href="#cb4-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:description</span> ,,,}</span>
<span id="cb4-7"><a href="#cb4-7" aria-hidden="true" tabindex="-1"></a> ,,, ]</span></code></pre></div>
<h2 id="new-api-crudsearch">New API: CRUD+Search</h2>
<p>API to manage new custom roles</p>
<div class="sourceCode" id="cb5"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a>(s/defschema NewRole</span>
<span id="cb5-2"><a href="#cb5-2" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> s/Str</span>
<span id="cb5-3"><a href="#cb5-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> s/Str</span>
<span id="cb5-4"><a href="#cb5-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:provided-scopes</span> Scopes})</span>
<span id="cb5-5"><a href="#cb5-5" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb5-6"><a href="#cb5-6" aria-hidden="true" tabindex="-1"></a>(s/defschema Role</span>
<span id="cb5-7"><a href="#cb5-7" aria-hidden="true" tabindex="-1"></a> (st/merge NewRole</span>
<span id="cb5-8"><a href="#cb5-8" aria-hidden="true" tabindex="-1"></a> {<span class="at">:id</span> s/Str</span>
<span id="cb5-9"><a href="#cb5-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:created-at</span> Date</span>
<span id="cb5-10"><a href="#cb5-10" aria-hidden="true" tabindex="-1"></a> <span class="at">:updated-at</span> Date}))</span></code></pre></div>
<h2 id="existing-apis">Existing APIs</h2>
<p>The <code class="verbatim">GET /iroh/profile/roles</code> will look
like today + added the new custom roles that will look like:</p>
<div class="sourceCode" id="cb6"><pre
class="sourceCode clojure"><code class="sourceCode clojure"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a>{<span class="at">:admin</span> ...</span>
<span id="cb6-2"><a href="#cb6-2" aria-hidden="true" tabindex="-1"></a> <span class="at">:sat</span> ...</span>
<span id="cb6-3"><a href="#cb6-3" aria-hidden="true" tabindex="-1"></a> <span class="at">:user</span> ...</span>
<span id="cb6-4"><a href="#cb6-4" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-d394db9e-613f-11ee-aff9-325096b39f47</span></span>
<span id="cb6-5"><a href="#cb6-5" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> <span class="st">&quot;My Company Custom Role&quot;</span></span>
<span id="cb6-6"><a href="#cb6-6" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;This is a role that is read only except for workflows&quot;</span></span>
<span id="cb6-7"><a href="#cb6-7" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="at">:role-d394db9e-613f-11ee-aff9-325096b39f47</span></span>
<span id="cb6-8"><a href="#cb6-8" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;org&quot;</span></span>
<span id="cb6-9"><a href="#cb6-9" aria-hidden="true" tabindex="-1"></a> <span class="at">:associated-scopes</span> #{<span class="st">&quot;inspect:read&quot;</span> <span class="st">&quot;ao&quot;</span> <span class="st">&quot;insights:read&quot;</span> <span class="st">&quot;profile:read&quot;</span>}}</span>
<span id="cb6-10"><a href="#cb6-10" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb6-11"><a href="#cb6-11" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-8891b9f4-6140-11ee-8e1a-325096b39f47</span></span>
<span id="cb6-12"><a href="#cb6-12" aria-hidden="true" tabindex="-1"></a> {<span class="at">:role-name</span> <span class="st">&quot;Manager&quot;</span></span>
<span id="cb6-13"><a href="#cb6-13" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-description</span> <span class="st">&quot;Only for Sam who manage this team but should not directly act&quot;</span></span>
<span id="cb6-14"><a href="#cb6-14" aria-hidden="true" tabindex="-1"></a> <span class="at">:role-id</span> <span class="at">:role-8891b9f4-6140-11ee-8e1a-325096b39f47</span></span>
<span id="cb6-15"><a href="#cb6-15" aria-hidden="true" tabindex="-1"></a> <span class="at">:visibility</span> <span class="st">&quot;org&quot;</span></span>
<span id="cb6-16"><a href="#cb6-16" aria-hidden="true" tabindex="-1"></a> <span class="at">:associated-scopes</span> #{<span class="st">&quot;inspect:read&quot;</span> <span class="st">&quot;ao:read&quot;</span> <span class="st">&quot;insights:read&quot;</span> <span class="st">&quot;profile:read&quot;</span> <span class="st">&quot;users&quot;</span> <span class="st">&quot;profile&quot;</span>}}}</span></code></pre></div>
<ul>
<li><code>visibility</code>; <code>org</code> for custom,
<code>public</code> for global.</li>
<li><code>associated-scopes</code>; only for role management UI</li>
</ul>
<h2 id="introduce-sub-accessors-maybe">Introduce sub-accessors
(maybe?)</h2>
<p>Today: <code>read</code>, <code>write</code></p>
<pre><code>inspect = inspect:rw
= inspect:read + inspect:write.
</code></pre>
<p>Tomorrow: introduce <code>read:get</code>, <code>read:search</code>,
<code>write:create</code>, <code>write:update</code>,
<code>write:delete</code>, <code>write:execute</code>.</p>
<h3 id="equivalence-of-new-accessors">Equivalence of new accessors</h3>
<div class="sourceCode" id="cb8"><pre
class="sourceCode python"><code class="sourceCode python"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a>rw <span class="op">=</span> read <span class="op">+</span> write</span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a></span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a>read <span class="op">=</span> read:get <span class="co"># GET by id</span></span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> read:search <span class="co"># GET/POST search entities</span></span>
<span id="cb8-5"><a href="#cb8-5" aria-hidden="true" tabindex="-1"></a>write <span class="op">=</span> write:create <span class="co"># POST create new entity</span></span>
<span id="cb8-6"><a href="#cb8-6" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:update <span class="co"># PUT/PATCH</span></span>
<span id="cb8-7"><a href="#cb8-7" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:delete <span class="co"># DELETE</span></span>
<span id="cb8-8"><a href="#cb8-8" aria-hidden="true" tabindex="-1"></a> <span class="op">+</span> write:execute <span class="co"># POST to trigger action</span></span></code></pre></div>
<h1 id="most-important-points">Most important points</h1>
<ul>
<li>Dynamic role <code>ids</code>. <strong>Must use the API</strong>
<ul>
<li>when you call <code
class="verbatim">/iroh/profile/whoami</code></li>
<li>when you look into the JWT</li>
<li><strong>note</strong>: potentially a list of roles!</li>
</ul></li>
<li><code>associated-scopes</code> field only useful for the Role
Management UI.</li>
<li>Use <code class="verbatim">/iroh/profile/permissions</code></li>
<li>can also use <code>scopes</code> claim if present</li>
</ul>
<h2 id="multiple-roles">Multiple Roles</h2>
<p>Expect the role to be a sorted comma separated role ids like;
<code>admin,role-344,sat,user</code> (which would be equivalent to
<code>admin</code> here) in the tokens and not a list to prevent
breaking changes. But it will probably be a list in the
<code>/whoami</code> response.</p>
</body>
</html>

233
notes/cisco_custom_roles.org Normal file
View file

@ -0,0 +1,233 @@
:PROPERTIES:
:ID: 13070c29-3c00-43f2-a73d-dedc056fb503
:END:
#+title: Custom Roles
#+subtitle: XDR IROH
#+Author: Yann Esposito
#+Date: [2023-10-03 Tue 15:30]
#+Options: toc:nil tags:t
#+tags: :cisco:xdr:
#+HTML_HEAD: <style>code {opacity:80%; font-size: 75%; background-color: rgba(127,127,127,0.3);body{font-family:"CMU Typewriter"} :root {--r-heading-font: Futura,sans-serif; --r-main-font-size: 36px; --r-main-font: Futura,sans-serif;}</style>
* Current state
** Listing Roles (already by org)
=GET /iroh/profile/roles=
Provide a data structure with describing all roles for an Org:
- 3 roles for XDR (admin, user, sat)
- 2 roles for SX (admin, user)
** ⚠ Role ≠ Permissions
The role associated to a user do not necessarily matches the user permission.
The role is only one of the component to use to determine a token or even a user permissions.
The permissions are represented by /scopes/ which are computed using:
- the user role
- the org properties (activated or not, XDR or not etc…)
- entitlements (not in use but will probably be the case in the future)
** ⚠ Role ≠ Permissions (Tokens)
- the user scopes
- as well as the client scopes
- as well as the scopes requested during the OAuth2 authorization flow
** Current response for an XDR-enabled org
#+REVEAL_HTML: <div style="font-size: 60%;">
#+BEGIN_SRC clojure
GET /iroh/profile/roles
{:admin {:english {:only-role-name "administrator",
:adjective "an",
:only-role-name-capitalized "Administrator",
:english-role-name "an administrator"},
:role-name "Administrator",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:sat {:english {:only-role-name "security analyst",
:adjective "a",
:only-role-name-capitalized "Security Analyst",
:english-role-name "a security analyst"},
:role-name "Security Analyst",
:role-id "sat",
:role-description
"No account admin. SXO read only + run existing workflows.",
:visibility "public"},
:user {:english {:only-role-name "incident responder",
:adjective "an",
:only-role-name-capitalized "Incident Responder",
:english-role-name "an incident responder"},
:role-name "Incident Responder",
:role-id "user",
:role-description
"This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
:visibility "public"}}
#+END_SRC
#+REVEAL_HTML: </div>
** Current response for an SX-only org
#+REVEAL_HTML: <div style="font-size: 60%;">
#+begin_src clojure
GET /iroh/profile/roles
{:admin {:english {:only-role-name "admin",
:adjective "an",
:only-role-name-capitalized "Admin",
:english-role-name "an admin"},
:role-name "Admin",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:user {:english {:only-role-name "user",
:adjective "a",
:only-role-name-capitalized "User",
:english-role-name "a user"},
:role-name "User",
:role-id "user",
:role-description "A standard user.",
:visibility "public"}}
#+end_src
#+REVEAL_HTML: </div>
** What the API already support
- list all roles for every Org
- change the role of a user
- support roles during invitation and Org access request
- expose a permissions endpoint to check permission access independently of the role
- read/write access restriction
- fine grained /resource/ target in the scopes ~enrich~~enrich/observables/observe:write~
** What the API does not support
- No support for create+update but not delete.
- No support for multiple roles
- No support for custom role creation (obviously)
- No scopes API for roles
* Expected Changes
** New API: (exhaustive scopes list)
Exhaustive list of scopes as a forest structure
#+begin_src clojure
[{:scope "global-intel"
(optional :description) ,,,
:accessors ["read"]
:sub-scopes [{:scope "global-intel/incident"
:accessors ["read"]}
{:scope "global-intel/sighting"
:accessors ["read"]}
,,,]}
{:scope "private-intel"
(optional :description) ,,,
:accessors ["rw","read","write"]
:sub-scopes [{,,,}]}]
#+end_src
** New API (maybe?)
Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
#+begin_src clojure
[{:scope-alias "threat-hunt"
:scopes ["enrich/observables/observe:read","inspect","investigation"]
:description ,,,,}
{:scope-alias "incidents"
:scopes ["private-intel","global-intel:read"]
:description ,,,}
,,, ]
#+end_src
** New API: CRUD+Search
API to manage new custom roles
#+begin_src clojure
(s/defschema NewRole
{:role-name s/Str
:role-description s/Str
:provided-scopes Scopes})
(s/defschema Role
(st/merge NewRole
{:id s/Str
:created-at Date
:updated-at Date}))
#+end_src
** Existing APIs
The =GET /iroh/profile/roles= will look like today + added the new custom roles
that will look like:
#+REVEAL_HTML: <div style="font-size: 60%;">
#+BEGIN_SRC clojure
{:admin ...
:sat ...
:user ...
:role-d394db9e-613f-11ee-aff9-325096b39f47
{:role-name "My Company Custom Role"
:role-description "This is a role that is read only except for workflows"
:role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
:role-8891b9f4-6140-11ee-8e1a-325096b39f47
{:role-name "Manager"
:role-description "Only for Sam who manage this team but should not directly act"
:role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
#+END_SRC
#+REVEAL_HTML: </div>
- ~visibility~; ~org~ for custom, ~public~ for global.
- ~associated-scopes~; only for role management UI
** Introduce sub-accessors (maybe?)
Today: ~read~, ~write~
#+begin_src
inspect = inspect:rw
= inspect:read + inspect:write.
#+end_src
Tomorrow: introduce ~read:get~, ~read:search~, ~write:create~, ~write:update~,
~write:delete~, ~write:execute~.
*** Equivalence of new accessors
#+begin_src python
rw = read + write
read = read:get # GET by id
+ read:search # GET/POST search entities
write = write:create # POST create new entity
+ write:update # PUT/PATCH
+ write:delete # DELETE
+ write:execute # POST to trigger action
#+end_src
* Most important points
- Dynamic role ~ids~. *Must use the API*
- when you call =/iroh/profile/whoami=
- when you look into the JWT
- *note*: potentially a list of roles!
- ~associated-scopes~ field only useful for the Role Management UI.
- Use =/iroh/profile/permissions=
- can also use ~scopes~ claim if present
** Multiple Roles
Expect the role to be a sorted comma separated role ids like;
~admin,role-344,sat,user~ (which would be equivalent to ~admin~ here) in the tokens
and not a list to prevent breaking changes.
But it will probably be a list in the ~/whoami~ response.

BIN
notes/cisco_custom_roles.pdf Normal file
View file

Binary file not shown.

BIN
notes/cisco_custom_roles.pptx Normal file
View file

Binary file not shown.

269
notes/cisco_custom_roles.tex Normal file
View file

@ -0,0 +1,269 @@
% Created 2023-10-04 Wed 14:01
% Intended LaTeX compiler: pdflatex
\documentclass[11pt]{article}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
\usepackage{graphicx}
\usepackage{longtable}
\usepackage{wrapfig}
\usepackage{rotating}
\usepackage[normalem]{ulem}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{capt-of}
\usepackage{hyperref}
\author{Yann Esposito}
\date{\textit{[2023-10-03 Tue 15:30]}}
\title{Custom Roles\\\medskip
\large XDR IROH}
\hypersetup{
pdfauthor={Yann Esposito},
pdftitle={Custom Roles},
pdfkeywords={},
pdfsubject={},
pdfcreator={Emacs 29.1 (Org mode 9.7)},
pdflang={English}}
\begin{document}
\maketitle
\section{Current state}
\label{sec:org5577c77}
\subsection{Listing Roles (already by org)}
\label{sec:org3475552}
\texttt{GET /iroh/profile/roles}
Provide a data structure with describing all roles for an Org:
\begin{itemize}
\item 3 roles for XDR (admin, user, sat)
\item 2 roles for SX (admin, user)
\end{itemize}
\subsection{⚠ Role ≠ Permissions}
\label{sec:org45793d5}
The role associated to a user do not necessarily matches the user permission.
The role is only one of the component to use to determine a token or even a user permissions.
The permissions are represented by \emph{scopes} which are computed using:
\begin{itemize}
\item the user role
\item the org properties (activated or not, XDR or not etc…)
\item entitlements (not in use but will probably be the case in the future)
\end{itemize}
\subsection{⚠ Role ≠ Permissions (Tokens)}
\label{sec:org0374daf}
\begin{itemize}
\item the user scopes
\item as well as the client scopes
\item as well as the scopes requested during the OAuth2 authorization flow
\end{itemize}
\subsection{Current response for an XDR-enabled org}
\label{sec:orga98ced4}
\begin{verbatim}
GET /iroh/profile/roles
{:admin {:english {:only-role-name "administrator",
:adjective "an",
:only-role-name-capitalized "Administrator",
:english-role-name "an administrator"},
:role-name "Administrator",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:sat {:english {:only-role-name "security analyst",
:adjective "a",
:only-role-name-capitalized "Security Analyst",
:english-role-name "a security analyst"},
:role-name "Security Analyst",
:role-id "sat",
:role-description
"No account admin. SXO read only + run existing workflows.",
:visibility "public"},
:user {:english {:only-role-name "incident responder",
:adjective "an",
:only-role-name-capitalized "Incident Responder",
:english-role-name "an incident responder"},
:role-name "Incident Responder",
:role-id "user",
:role-description
"This is the closest to current user role:- no account administration- cannot create/change modules- SXO read only, but can run and edit workflows",
:visibility "public"}}
\end{verbatim}
\subsection{Current response for an SX-only org}
\label{sec:org8122353}
\begin{verbatim}
GET /iroh/profile/roles
{:admin {:english {:only-role-name "admin",
:adjective "an",
:only-role-name-capitalized "Admin",
:english-role-name "an admin"},
:role-name "Admin",
:role-id "admin",
:role-description "An admin of users.",
:visibility "public"},
:user {:english {:only-role-name "user",
:adjective "a",
:only-role-name-capitalized "User",
:english-role-name "a user"},
:role-name "User",
:role-id "user",
:role-description "A standard user.",
:visibility "public"}}
\end{verbatim}
\subsection{What the API already support}
\label{sec:orgc601aac}
\begin{itemize}
\item list all roles for every Org
\item change the role of a user
\item support roles during invitation and Org access request
\item expose a permissions endpoint to check permission access independently of the role
\item read/write access restriction
\item fine grained \emph{resource} target in the scopes \texttt{enrich}\texttt{enrich/observables/observe:write}
\end{itemize}
\subsection{What the API does not support}
\label{sec:orga19776c}
\begin{itemize}
\item No support for create+update but not delete.
\item No support for multiple roles (not sure what it means yet)
\item No support for custom role creation (obviously)
\begin{itemize}
\item No scopes API for roles
\end{itemize}
\end{itemize}
\section{Expected Changes}
\label{sec:org591e358}
\subsection{New API: (exhaustive scopes list)}
\label{sec:orgad4cfdd}
Exhaustive list of scopes as a forest structure
\begin{verbatim}
[{:scope "global-intel"
(optional :description) ,,,
:accessors ["read"]
:sub-scopes [{:scope "global-intel/incident"
:accessors ["read"]}
{:scope "global-intel/sighting"
:accessors ["read"]}
,,,]}
{:scope "private-intel"
(optional :description) ,,,
:accessors ["rw","read","write"]
:sub-scopes [{,,,}]}]
\end{verbatim}
\subsection{New API (maybe?)}
\label{sec:org7dbeae2}
Expose only a subset of scopes aliases pre-negociated with UX/UI/Doc team:
\begin{verbatim}
[{:scope-alias "threat-hunt"
:scopes ["enrich/observables/observe:read","inspect","investigation"]
:description ,,,,}
{:scope-alias "incidents"
:scopes ["private-intel","global-intel:read"]
:description ,,,}
,,, ]
\end{verbatim}
\subsection{New API: CRUD+Search}
\label{sec:orgc22dbdb}
API to manage new custom roles
\begin{verbatim}
(s/defschema NewRole
{:role-name s/Str
:role-description s/Str
:provided-scopes Scopes})
(s/defschema Role
(st/merge NewRole
{:id s/Str
:created-at Date
:updated-at Date}))
\end{verbatim}
\subsection{Existing APIs}
\label{sec:org8b0636c}
The \texttt{GET /iroh/profile/roles} will look like today + added the new custom roles
that will look like:
\begin{verbatim}
{:admin ...
:sat ...
:user ...
:role-d394db9e-613f-11ee-aff9-325096b39f47
{:role-name "My Company Custom Role"
:role-description "This is a role that is read only except for workflows"
:role-id :role-d394db9e-613f-11ee-aff9-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao" "insights:read" "profile:read"}}
:role-8891b9f4-6140-11ee-8e1a-325096b39f47
{:role-name "Manager"
:role-description "Only for Sam who manage this team but should not directly act"
:role-id :role-8891b9f4-6140-11ee-8e1a-325096b39f47
:visibility "org"
:associated-scopes #{"inspect:read" "ao:read" "insights:read" "profile:read" "users" "profile"}}}
\end{verbatim}
\begin{itemize}
\item \texttt{visibility}; \texttt{org} for custom, \texttt{public} for global.
\item \texttt{associated-scopes}; only for role management UI
\end{itemize}
\subsection{Introduce sub-accessors (maybe?)}
\label{sec:org6e45fe3}
Today: \texttt{read}, \texttt{write}
\begin{verbatim}
inspect = inspect:rw
= inspect:read + inspect:write.
\end{verbatim}
Tomorrow: introduce \texttt{read:get}, \texttt{read:search}, \texttt{write:create}, \texttt{write:update},
\texttt{write:delete}, \texttt{write:execute}.
\subsubsection{Equivalence of new accessors}
\label{sec:org312e35c}
\begin{verbatim}
rw = read + write
read = read:get # GET by id
+ read:search # GET/POST search entities
write = write:create # POST create new entity
+ write:update # PUT/PATCH
+ write:delete # DELETE
+ write:execute # POST to trigger action
\end{verbatim}
\section{Most important points}
\label{sec:org072056b}
\begin{itemize}
\item Dynamic role \texttt{ids}. \textbf{Must use the API}
\begin{itemize}
\item when you call \texttt{/iroh/profile/whoami}
\item when you look into the JWT
\item \textbf{note}: potentially a list of roles!
\end{itemize}
\item \texttt{associated-scopes} field only useful for the Role Management UI.
\item Use \texttt{/iroh/profile/permissions}
\item can also use \texttt{scopes} claim if present
\end{itemize}
\subsection{Multiple Roles}
\label{sec:org27898f0}
\begin{itemize}
\item if union of roles for the same user:
Expect the role to be a sorted comma separated role ids like;
\texttt{admin,role-344,sat,user} (which would be equivalent to \texttt{admin} here)
\item if one role per session, then we will use different \texttt{user-id} and thus the role
must appear in the UIs (Registration UI, Org switching, etc…)
\end{itemize}
\end{document}

443
notes/cisco_staging_environment_doc.org Normal file
View file

@ -0,0 +1,443 @@
:PROPERTIES:
:ID: c33df84f-9b64-47a8-b716-fcadc0ec4f8c
:END:
#+Title: Cisco Staging Environment Doc
#+Author: Yann Esposito
#+Date: [2023-10-17]
- tags ::
- source ::
* Node static configuration (config.edn)
** Static/Dynamic cyclic dependency
Some static configuration need to be generated after some dynamic configuration
has been made.
Typically you should first create many modules via the API and only then
retrieve the generated module-ids to be used in the configuration.
** IROH Auth Configuration
*** Example in PROD NAM
#+begin_src clojure
:iroh-auth
{:activation-url
"https://visibility.amp.cisco.com/account-activation",
:allowed-login-origins
#{"http://dev.9dcdd4915aad0ae7d12b8618:1957"
"http://dev.9dcdd4915aad0ae7d12b8618:1958"
"http://dev.9dcdd4915aad0ae7d12b8618:3000"
"http://dev.9dcdd4915aad0ae7d12b8618:3001"
"http://dev.9dcdd4915aad0ae7d12b8618:3002"
"http://dev.9dcdd4915aad0ae7d12b8618:3003"
"http://dev.9dcdd4915aad0ae7d12b8618:3004"
"http://dev.9dcdd4915aad0ae7d12b8618:4000"
"http://dev.9dcdd4915aad0ae7d12b8618:4001"
"http://dev.9dcdd4915aad0ae7d12b8618:4002"
"http://dev.9dcdd4915aad0ae7d12b8618:4003"
"http://dev.9dcdd4915aad0ae7d12b8618:4004"
"http://dev.9dcdd4915aad0ae7d12b8618:4005"
"http://dev.9dcdd4915aad0ae7d12b8618:4006"
"http://dev.9dcdd4915aad0ae7d12b8618:4008"
"http://dev.9dcdd4915aad0ae7d12b8618:4010"
"https://consumer.orbital.amp.cisco.com"
"https://dev.9dcdd4915aad0ae7d12b8618:1957"
"https://dev.9dcdd4915aad0ae7d12b8618:1958"
"https://dev.9dcdd4915aad0ae7d12b8618:4000"
"https://dev.9dcdd4915aad0ae7d12b8618:4001"
"https://dev.9dcdd4915aad0ae7d12b8618:4002"
"https://dev.9dcdd4915aad0ae7d12b8618:4003"
"https://dev.9dcdd4915aad0ae7d12b8618:4004"
"https://dev.9dcdd4915aad0ae7d12b8618:4005"
"https://dev.9dcdd4915aad0ae7d12b8618:4006"
"https://dev.9dcdd4915aad0ae7d12b8618:4008"
"https://dev.9dcdd4915aad0ae7d12b8618:4010"
"https://iroh-adm.ap-northeast-1.prod.iroh.site"
"https://iroh-adm.eu-west-1.prod.iroh.site"
"https://iroh-adm.int.iroh.site"
"https://iroh-adm.test.iroh.site"
"https://iroh-adm.us-east-1.prod.iroh.site"
"https://orbital.amp.cisco.com"
"https://registration.us.security.cisco.com"
"https://securex-ui-dashboard.us.security.cisco.com"
"https://securex.us.security.cisco.com"
"https://tactical-portal.us.security.cisco.com"
"https://threatresponse.security.cisco.com"
"https://threatresponse.us.security.cisco.com"
"https://visibility.amp.cisco.com"
"https://xdr.us.security.cisco.com"},
:cache-store-ids
{:codes "auth-codes",
:requests "auth-requests",
:responses "auth-responses"},
:idps
{"idb-amp"
{:allow-all-role-to-login false,
:auth-kind :oidc,
:authorize-uri
"https://csaidb.us.security.cisco.com/oauth2/default/v1/authorize",
:client-id "0oapp4bnkk3coKe3T696",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/idb-amp/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table
{:is-admin? [:amp_user_admin],
:org-id [:business_guid],
:org-name [:organization_name],
:sub [:user_id],
:user-email [:email],
:user-name [:name]},
:grant-type :code,
:id "idb-amp",
:idp-account-url "https://castle.amp.cisco.com/my/account",
:idp-logout-url "https://auth.amp.cisco.com/auth/session/logout",
:legacy true,
:msg "For existing Threat Response & AMP users.",
:name "Cisco Security Account",
:position 1,
:safe-for-emails-verification true,
:scim-id :nam,
:scopes ["profile" "email" "iroh_auth"],
:token-uri
"https://csaidb.us.security.cisco.com/oauth2/default/v1/token"},
"idb-tg"
{:admin-roles #{"admin" "org-admin"},
:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
:client-id "9e1e759e-8d17-496e-8ae6-bc70b03fc023",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/idb-tg/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table
{:org-id [:threatgrid :organization_id],
:org-name [:threatgrid :organization_name],
:role [:threatgrid :role],
:user-name [:threatgrid :name]},
:grant-type :code,
:id "idb-tg",
:idp-logout-url "https://panacea.threatgrid.com/logout",
:legacy true,
:msg "For Secure Malware Analytics users.",
:name "Cisco Secure Malware Analytics",
:org-namespace "threatgrid",
:position 2,
:scopes ["threatgrid:profile" "email"],
:token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"},
"sxso"
{:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
:client-id "0oa4dovqtv0MMc797357",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:grant-type :code,
:id "sxso",
:idp-account-url "https://me.security.cisco.com",
:idp-logout-url "https://sign-on.security.cisco.com/login/signout",
:manage-orgs false,
:msg "For new and existing SecureX users.",
:name "Security Cloud Sign On",
:position 0,
:safe-for-emails-verification true,
:scopes ["profile" "email" "iroh_auth"],
:token-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/token"},
"threatgrid"
{:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
:client-id "4fe0068b-eb2a-4918-871f-dd9c9592990e",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/threatgrid/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table {:org-id [:tg_org]},
:grant-type :code,
:hidden true,
:id "threatgrid",
:name "Secure Malware Analytics",
:org-namespace "threatgrid",
:token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"}},
:invite
{:first-url-sx "https://securex.us.security.cisco.com",
:first-url-xdr "https://xdr.us.security.cisco.com",
:help-url
"https://www.cisco.com/c/en/us/td/docs/security/secure-sign-on/sso-quick-start-guide.html",
:idp-id "sxso",
:invite-lifetime-in-days 7,
:mail-source "no-reply@security.cisco.com",
:store-id "invites"},
:login-filters-store-id "auth-login-filters",
:login-uri-prefix
"https://visibility.amp.cisco.com/iroh/iroh-auth/login",
:org-access-request-confirmation-url
"https://registration.us.security.cisco.com/org-access-request-status.html",
:provisioning
{:onboardings
{:csc {:http {:url "https://admin.prod.nam.csc.cisco.com/onboard"}},
:di
{:http {:url "https://insights-api.us.security.cisco.com/api"}},
:sca
{:http
{:url
"https://tr-relay-production.obsrvbl.obsrvbl.com/onboard"}}}},
:redirect-uri
"https://visibility.amp.cisco.com/iroh/iroh-auth/login",
:registration-url
"https://registration.us.security.cisco.com/auth-ui.html",
:signup-url-sx
"https://sign-on.security.cisco.com/home/bookmark/0oa4erf174FSrO1jd357/2557",
:signup-url-xdr
"https://sign-on.security.cisco.com/home/bookmark/0oasvqwo7jgaATJcM357/2557",
:spa-orgs
{:matching-admins-limit 1000, :pagination-admins-limit 1000},
:url "https://visibility.amp.cisco.com"}
#+end_src
*** IdPs (Identity Providers)
From far away
#+begin_src clojure
{,,,
:iroh-auth ;; IROH-Auth is a bundle of big services (not http services)
{,,,
:idps
{"idb-amp" ,,,
"idb-tg" ,,,
"sxso" ,,,
;; never really knew why but threatgrid IdP is mandatory
;; if you remove it, something breaks, but I never knew exactly what
;; nor why
"threatgrid" {,,, :hidden true ,,,}}
,,,}
,,,}
#+end_src
Here is the current PROD NAM config for IdPs:
#+begin_src clojure
{,,,
:idps
{"idb-amp"
{:allow-all-role-to-login false,
:auth-kind :oidc,
:authorize-uri
"https://csaidb.us.security.cisco.com/oauth2/default/v1/authorize",
:client-id "0oapp4bnkk3coKe3T696",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/idb-amp/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table
{:is-admin? [:amp_user_admin],
:org-id [:business_guid],
:org-name [:organization_name],
:sub [:user_id],
:user-email [:email],
:user-name [:name]},
:grant-type :code,
:id "idb-amp",
:idp-account-url "https://castle.amp.cisco.com/my/account",
:idp-logout-url "https://auth.amp.cisco.com/auth/session/logout",
:legacy true,
:msg "For existing Threat Response & AMP users.",
:name "Cisco Security Account",
:position 1,
:safe-for-emails-verification true,
:scim-id :nam,
:scopes ["profile" "email" "iroh_auth"],
:token-uri
"https://csaidb.us.security.cisco.com/oauth2/default/v1/token"},
"idb-tg"
{:admin-roles #{"admin" "org-admin"},
:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
:client-id "9e1e759e-8d17-496e-8ae6-bc70b03fc023",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/idb-tg/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table
{:org-id [:threatgrid :organization_id],
:org-name [:threatgrid :organization_name],
:role [:threatgrid :role],
:user-name [:threatgrid :name]},
:grant-type :code,
:id "idb-tg",
:idp-logout-url "https://panacea.threatgrid.com/logout",
:legacy true,
:msg "For Secure Malware Analytics users.",
:name "Cisco Secure Malware Analytics",
:org-namespace "threatgrid",
:position 2,
:scopes ["threatgrid:profile" "email"],
:token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"},
"sxso"
{:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
:client-id "0oa4dovqtv0MMc797357",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:grant-type :code,
:id "sxso",
:idp-account-url "https://me.security.cisco.com",
:idp-logout-url "https://sign-on.security.cisco.com/login/signout",
:manage-orgs false,
:msg "For new and existing SecureX users.",
:name "Security Cloud Sign On",
:position 0,
:safe-for-emails-verification true,
:scopes ["profile" "email" "iroh_auth"],
:token-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/token"},
"threatgrid"
{:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri "https://panacea.threatgrid.com/oauth2/authorize",
:client-id "4fe0068b-eb2a-4918-871f-dd9c9592990e",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/threatgrid/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:correlation-table {:org-id [:tg_org]},
:grant-type :code,
:hidden true,
:id "threatgrid",
:name "Secure Malware Analytics",
:org-namespace "threatgrid",
:token-uri "https://panacea.threatgrid.com/api/v3/oauth/token"}}
,,,}
#+end_src
**** SCSO
Contact Ryan, ask him to create the OAuth2 client and the Okta bookmarks
***** The actual config in PROD NAM
#+begin_src clojure
{,,,
"sxso"
{:allow-all-role-to-login true,
:auth-kind :oidc,
:authorize-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/authorize",
:client-id "0oa4dovqtv0MMc797357",
:client-secret
"[[ with secret "iroh/data/iroh_auth/idps/sxso/client_secret" ]][[ .Data.data.value ]][[ end ]]",
:grant-type :code,
:id "sxso",
:idp-account-url "https://me.security.cisco.com",
:idp-logout-url "https://sign-on.security.cisco.com/login/signout",
:manage-orgs false,
:msg "For new and existing SecureX users.",
:name "Security Cloud Sign On",
:position 0,
:safe-for-emails-verification true,
:scopes ["profile" "email" "iroh_auth"],
:token-uri
"https://sign-on.security.cisco.com/oauth2/default/v1/token"}
,,,}
#+end_src
**** AMP
Contact Ryan and perhaps Secure Endpoint team to create an OIDC client in Okta
that connects to the SAML client from AMP
**** TG
Contact Austin Haas from SMA (Secure Malware Analytics) to create a new OIDC client.
Apparently OIDC clients created for IROH are no more supported by Threatgrid.
You must use *magic* to create/update these clients.
Sync with Austin Haas for help.
* Dynamic Configuration
** Create Master users
**** Ops-only
In order to be able to access the admin API which is a must-have to configure
the nodes you first need to configure a first master user.
Easiest method, copy an existing master user from another env to the new env by
copying the Org and User row in the DB.
Change the ~email-address~ to match the one you would like to use.
The important field for the user to be a master user is to have
~additional-scopes~ set to ~["iroh-master","iroh-admin","cisco"]~.
**** Using the API
1. Launch a node
2. Login via AMP (or TG) for auto Org creation
3. Retrieve user-id (see response from API after login)
4. change node conf to add user-id to admin-filters configuration
5. restart the node and login again
6. Use the admin API to PATCH the user with ={additional-scopes: ["iroh-master","iroh-admin","cisco"]}=
7. change the node conf to remove admin-filters
Add new masters:
1. Invite new users to the first main Org then PATCH then using the admin API
** Provisioning
*** Official Provisioning OAuth2 Clients
You must create PIAM team a new Org with ~additional-scopes~
containing ~cisco/platform~.
Then add the user from the contact of the PIAM team that should create its own
OAuth2 client for provisioning.
*** Internal Org Provisioning
Create a new client with the scopes ~["cisco/platform" "cisco/tac"]~ and use the
scripts in ~xdr-provisioning~ (Adapt them to use the new Stage env).
** SSE Integration
*** SSE Client ! Claim Aliases
SSE OIDC client expect some specific claims so we should configure the client to
copy and replace the content accordingly to their expectation
** DI Integration
*** OAuth2 Client
- audience
- trusted
- allow-all-role-to-login
*** Webhooks
** Automation Integration
See ~config.edn~, configuration of the iroh-ao API/bootstrap
See Mark for help.
*** OAuth2 Client
- audience
- trusted
- allow-user-sopces
- short tokesn
- org-level-authorization
*** Webhooks
** 1-click module setup integrations
Every team should have a dedicated Org.
At least one dev of this team should create an OAuth2 client to be used.
Once the dev could test for its own org, the client should be promoted to
availability everyone.
And after the client should be marked as trusted.
The team should also create the module-type that should be then promoted as
visbility global.
* Maintenance
Every dynamic change must be made on all environments, often needing master-user privileges.
Typically:
- module-type change.
- OAuth2 client change (URL)
- create specific tenant for PMs/Tests
Expect a few hours a week.

59
notes/cisco_staging_environment_kick_off.org Normal file
View file

@ -0,0 +1,59 @@
:PROPERTIES:
:ID: aa8ba7b5-d4e5-48c0-9e7a-2a5adb504d38
:END:
#+title: Cisco: Staging Environment Kick Off
#+Author: Yann Esposito
#+Date: [2023-10-03]
* Staging
As I understand. Exactly the same as TEST, but with the same ops machine than prod.
Main issue is that TEST/PROD have different configuration.
With this strategy of STAGING, this does not solve this issue.
Because by construction STAGING will also be different from PROD.
Differences with PROD:
- content of the DB
- URL of all integrations
- OAuth2 Clients
- Specific Technical Orgs
- Customers Data (Orgs, Users, objects)
- configuration of the API
- URL of all integrations
- OAuth2 Clients
What does it take to re-configure a new environment?
It took many *years* of work from many different teams, where most point of
contact have disappeared now.
So an undefined amount of work not only from Ops, but mostly from IROH + every
other team that integrated with IROH (SecureX / XDR).
If possible it will take a non trivial amount of time from every team involved.
* Instead a proposal: Canary release
Create a Proxy that will redirect some predefined users to the new deployed nodes.
So QA users will use v2 while customers are still using v1.
Once QA is successful, take 10% of users and move them to v2.
Once charge is verified and ok, move 100% of users and move them to v2.
Deployment finished, test made in real PROD by QA.
Not only this is a lot better for QA, but this looks possible while initializing
a new Staging does not appear doable at all if we want to achieve the goals of
improving releases quality.
* Requirements
@Anthony_Brandelli
- cross-integration environment (test - prod / int - test)
Not looking for big scaled prod env for staging.
* Concerns
What is IROH the backend that makes XDR/SecureX possible.
This is a platform.

33
notes/cisco_staging_environment_presentation.org Normal file
View file

@ -0,0 +1,33 @@
:PROPERTIES:
:ID: 83380ee8-f90a-41e0-955f-473b81a043d0
:END:
#+title: Cisco Staging Environment Presentation
#+Author: Yann Esposito
#+Date: [2023-10-18]
- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]]
- related :: [[id:c33df84f-9b64-47a8-b716-fcadc0ec4f8c][Cisco Staging Environment Doc]]
* Short History
1. Environment deployment was always a 3rd class citizen.
2. Node administration was always a 2nd class citizen, we had to build that ourselves
in the middle of feature work.
3. 1st class citizen: "Integration" (make a Platform)
1. Login
+ Use external IdP for user management (first without internal user DB)
- supported SAML (deprecated now)
- support OpenID Connect (as client)
2. Share tokens
+ OAuth2 Client Credential Grant. (One client per user)
+ OAuth2 Authorization Code Grant. (One client per integration and
multiple users, need a dedicated URL)
+ OAuth2 device grant. (One client per integration and multiple users, no
dedicated URL)
3. Share Identity
+ OpenID Connect Provider
4. Use external APIs
+ Modules:
+ module-record (backend used)
+ module-type (one by integration, one for VirusTotal, Crowdstrike, etc…)
+ module-instance (one by org)
* Demo ~config.edn~

4
notes/cookie_clicker_save.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 3d75e1da-3fc4-414d-90f8-c3266eed3ddc
:END:
Cookie Clicker save
#+Title: Cookie Clicker save
#+Author: Yann Esposito
#+Date: [2023-07-27]
@ -9,4 +9,4 @@ Cookie Clicker save
- source ::
* Save
Mi4wNTJ8fDE2OTA0OTk2MDI0OTM7MTY5MDQ5OTYwMjQ5MzsxNjkwNTAwODMxODQxO0ZhbnRhc3RpYyBTbG90aDt3dndhcDswLDEsMCwwLDAsMCwwfDExMTExMTAxMTAwMTAxMTAwMTAxMDExMDAwMXwxNzc2My4wNTU0OTk5OTkwMTY7MzgzMzAyLjA1NTUwMDAyOTk7MjI0NzsyOzEwMTE1OzA7MDswOzA7MDswOzA7MDswOzA7MjswOzA7MDswOzA7MDs7MDswOzA7MDswOzA7MDstMTstMTstMTstMTstMTswOzA7MDswOzc1OzA7MDstMTstMTsxNjkwNDk5NjAyNDkzOzA7MDs7NDE7MDswOzg3NDs1MDswOzA7fDQwLDQwLDE1MTA3LDAsLDAsNDA7MzAsMzAsNzAzMDEsMCwsMCwzMDsyMCwyMCwxMzg3ODYsMCwsMCwyMDs2LDYsMTQ4MTA3LDAsLDAsNjswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7fDExMTExMTEwMDAwMDAwMTExMTExMTExMDAwMDAwMDAwMTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMTAwMDEwMTAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDB8MTExMDAwMDAwMDAwMDAwMDExMTAwMDAwMDAwMDAwMTAwMDExMDAwMDEwMDEwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMHx8
Mi4wNTJ8fDE2OTA0OTk2MDI0OTM7MTY5MDQ5OTYwMjQ5MzsxNjk1OTMxOTM2Njg4O0ZhbnRhc3RpYyBTbG90aDt3dndhcDswLDEsMCwwLDAsMCwwfDExMTExMTAxMTAwMTAxMTAwMTAxMDExMDAwMXwxMzgzMDM5LjEyMzk2NjUxNDg7MTM4NjM5NDYuMTIzOTY2NTg0OzU0Mzc7MzszNjM3NTQuOTMxODAwMDAyNDsyOzA7MDswOzA7MDswOzA7MDswOzM7MDswOzA7MDswOzA7OzA7MDswOzA7MDswOzA7LTE7LTE7LTE7LTE7LTE7MDswOzA7MDs3NTswOzA7LTE7LTE7MTY5MDQ5OTYwMjQ5MzswOzA7OzQxOzA7MDsxNzMxMS40OzUwOzA7MDt8NjAsNjAsNzIzMDUwLDAsLDAsNjA7NDAsNDAsMTMwNDk1MywwLCwwLDQwOzMwLDMwLDMzMzIwNTIsMCwsMCwzMDsyMCwyMCwzODk5OTE0LDAsLDAsMjA7MTAsMTAsMzIxODUwMywwLCwwLDEwOzIsMiwxMDIwODMwLDAsLDAsMjswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwOzAsMCwwLDAsLDAsMDswLDAsMCwwLCwwLDA7MCwwLDAsMCwsMCwwO3wxMTExMTExMTEwMDAwMDExMTExMTExMTExMTExMTAwMDExMTEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAxMTEwMTAxMDEwMDAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMTExMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAxMTEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMTAxMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwfDExMTEwMDAwMDAwMDAwMDAxMTExMTAwMDAwMDAwMDExMDAxMTEwMDAxMDAxMDAxMDAxMDAwMDAwMDAwMDAwMDAwMDAxMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDEwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDB8fA%3D%3D%21END%21

399
notes/create_long_running_dashboard.html Normal file
View file

@ -0,0 +1,399 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-12-15 Fri 15:38 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>Create Long Running Dashboard</title>
<meta name="author" content="Yann Esposito" />
<meta name="generator" content="Org Mode" />
<style>
#content { max-width: 60em; margin: auto; }
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #e6e6e6;
border-radius: 3px;
background-color: #f2f2f2;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: auto;
}
pre.src:before {
display: none;
position: absolute;
top: -8px;
right: 12px;
padding: 3px;
color: #555;
background-color: #f2f2f299;
}
pre.src:hover:before { display: inline; margin-top: 14px;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-authinfo::before { content: 'Authinfo'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { }
</style>
</head>
<body>
<div id="content" class="content">
<h1 class="title">Create Long Running Dashboard</h1>
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#orgb4b5d9e">1. Summary</a></li>
<li><a href="#orga23c1ac">2. Working Example on INT</a></li>
</ul>
</div>
</div>
<div id="outline-container-orgb4b5d9e" class="outline-2">
<h2 id="orgb4b5d9e"><span class="section-number-2">1.</span> Summary</h2>
<div class="outline-text-2" id="text-1">
<ol class="org-ol">
<li>Once the user is logged, use his session token to make the first call to <code>/oauth2/custom/tokens</code>.</li>
<li>You should get an access and refresh token. That refresh token expiration
date will be far away (a lot later than in 24h)</li>
<li>Use this new access token to display the dashboard.</li>
<li>When the access token expires, request a new one by using the refresh token
and calling <code>/oauth/token</code>.</li>
</ol>
</div>
</div>
<div id="outline-container-orga23c1ac" class="outline-2">
<h2 id="orga23c1ac"><span class="section-number-2">2.</span> Working Example on INT</h2>
<div class="outline-text-2" id="text-2">
<div class="org-src-container">
<pre class="src src-elisp" id="org674c6e5"><span style="color: #50a14f;">"https://visibility.int.iroh.site"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-elisp" id="org7848209"><span style="color: #50a14f;">"cisco-internal-71c1b24be4210aac731cef41664f15e3"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-elisp" id="orgd68d7b1"><span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http" id="org4e6b316"><span style="color: #b751b6;">POST</span> <span style="color: #a626a4;">${envorigin}/iroh/oauth2/custom/tokens</span>
<span style="color: #6a1868;">Accept</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">Content-Type</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">User-Agent</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">ob-http</span>
<span style="color: #6a1868;">Authorization</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">Bearer ${userjwt}</span>
<span style="color: #9ca0a4;">{</span><span style="color: #50a14f;">"client_id"</span><span style="color: #9ca0a4;">:</span><span style="color: #50a14f;">"${clientid}"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"client_secret"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"dashboard"</span><span style="color: #9ca0a4;">}</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http"><span style="color: #9ca0a4;">{</span>
<span style="color: #50a14f;">"access_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1MzM3NCwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tMzI3Njk3ZjUtMWRkYi00MjhiLTg3ODQtMjAzNGQ0ODJlNGYwIiwibmJmIjoxNzAyNjQ5NzE0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NDk3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.qw0hHP73wExZLvzlzv60Y7eAOCsO4TGASvCkEtmXogQ1LgReyh8YSqPQVZX5wP0OBfhjQ4-smEu54EcMC9Lf_wC9-vRrtRjq-NwoEL6wNsoruvWEtPoeHYWjrpGdV14Z_AOrlLwPANiN8boOFq452rBNgWj2RdfyDfR2uhT_fvJmrOyVJ8QL4ZLOMZZx2N3-Bh2ZLWJSCIa8Rxmvld5uI_ZDwAQ2XNC5Bs5BCZLAaROPZ-xq8Hslc4ZMgINYruSSQ6l7DVIklCZmyyRoLfKROej-tBYRrbRosfckd7o72LQLV1h7Jf-jDNVtujb5vjfxB9yWClt-gmgCPO7mb3xSbh_bzrsY-CWMg5C_XfLjmiE2Jm9asuZWX6nZkBmLSIXz5tIT0NyyZeW4PByjOxO9OPcYYHI2PjxYy36kxQqnViYSbaK6zAZGPkqOLcmJmK5G00MSZL23jw52au_rpH1vkKJHYcb61CH3Uzat6yplxpYQm6pW-8eKMnXUa21LHCkoOzdPx_SQ9_Z4bMsyAy7h7A1cjCBiiUU1X34te544zUH88s5Nr-j_vR8A1CqI3iTGVaqMg1mMui9H2gIycfLFNzCMgjE6RI9f7EvWxAvIbDZiHj7I4_NKhsjP96YIoXISQmxOXaPCgbL5EbItgcADf-dGQOYk2MeadfNq8mlj-Gs"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"scope"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"token_type"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"bearer"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"expires_in"</span><span style="color: #9ca0a4;">:</span> 3600<span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"refresh_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"</span>
<span style="color: #9ca0a4;">}</span>
</pre>
</div>
<p>
decoded refresh token
</p>
<div class="org-src-container">
<pre class="src src-nil">Token header
------------
{
"typ": "JWT",
"alg": "RS256",
"kid": "2lrcbtLUyB7hTUCBFMZoYOUy6SY8HybU70WVI6g7Zbk"
}
Token claims
------------
{
"aud": [
"cisco-internal-71c1b24be4210aac731cef41664f15e3"
],
"email": "yaesposi@cisco.com",
"exp": 1705328173,
"https://schemas.cisco.com/iroh/identity/claims/oauth/client/id": "cisco-internal-71c1b24be4210aac731cef41664f15e3",
"https://schemas.cisco.com/iroh/identity/claims/oauth/grant": "auth-code",
"https://schemas.cisco.com/iroh/identity/claims/oauth/kind": "refresh-token",
"https://schemas.cisco.com/iroh/identity/claims/oauth/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/org/id": "047a89bf-5d2e-4392-b770-ad4821a82acf",
"https://schemas.cisco.com/iroh/identity/claims/scopes": [
"event:read",
"private-intel:read",
"feedback:read",
"orbital:read",
"vault/configs:read",
"collect:read",
"users:read",
"enrich:read",
"insights:read",
"investigation:read",
"integration:read",
"registry",
"ao:read",
"ui-settings:read",
"vault/config/metadata:read",
"sse:read",
"admin:read",
"inspect:read",
"casebook:read",
"telemetry:write",
"global-intel:read",
"profile:read",
"webhook:read",
"vault/config/posture:read",
"notification:read",
"asset:read",
"response:read",
"playbook:read"
],
"https://schemas.cisco.com/iroh/identity/claims/user/email": "yaesposi@cisco.com",
"https://schemas.cisco.com/iroh/identity/claims/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/user/name": "Yann - Master",
"https://schemas.cisco.com/iroh/identity/claims/user/role": "admin",
"iat": 1702649773,
"iss": "IROH Auth",
"jti": "refresh-da00f48d-bedb-451a-b86b-9b357bf3749a",
"nbf": 1702649713
}
</pre>
</div>
<p>
Where we can see that <code>exp - iat</code> claims is
</p>
<div class="org-src-container">
<pre class="src src-elisp"><span style="color: #4078f2;">(</span><span style="color: #b751b6;">-</span> <span style="color: #da8548; font-weight: bold;">1705328173</span> <span style="color: #da8548; font-weight: bold;">1702649773</span><span style="color: #4078f2;">)</span>
</pre>
</div>
<p>
Which is
</p>
<div class="org-src-container">
<pre class="src src-elisp"><span style="color: #4078f2;">(</span><span style="color: #b751b6;">/</span> <span style="color: #da8548; font-weight: bold;">2678400</span> <span style="color: #a626a4;">(</span><span style="color: #b751b6;">*</span> <span style="color: #da8548; font-weight: bold;">60</span> <span style="color: #da8548; font-weight: bold;">60</span> <span style="color: #da8548; font-weight: bold;">24</span><span style="color: #a626a4;">)</span><span style="color: #4078f2;">)</span>
</pre>
</div>
<p>
31 days.
</p>
<p>
Note also the access token lifetime is 3600 seconds (instead of the default 300s).
After 1 hour, the access token will fail, from now on you could request another
access token with:
</p>
<div class="org-src-container">
<pre class="src src-elisp" id="orgaa6539d"><span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http" id="orgb6309b2"><span style="color: #b751b6;">POST</span> <span style="color: #a626a4;">${envorigin}/iroh/oauth2/token</span>
<span style="color: #6a1868;">Accept</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/json</span>
<span style="color: #6a1868;">Content-Type</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">application/x-www-form-urlencoded</span>
<span style="color: #6a1868;">User-Agent</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">ob-http</span>
<span style="color: #6a1868;">client_id</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">${clientid}</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">client_secret</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">dashboard</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">grant_type</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">refresh_token</span><span style="color: #9ca0a4;">&amp;</span><span style="color: #6a1868;">refresh_token</span><span style="color: #9ca0a4;">=</span><span style="color: #50a14f;">${refreshtoken}</span>
</pre>
</div>
<div class="org-src-container">
<pre class="src src-http"><span style="color: #9ca0a4;">{</span>
<span style="color: #50a14f;">"access_token"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1NDQ2NiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tYzYwZjYzZmMtZWRiYi00YThjLTlkMDQtODE2ZjBjN2I4NzdmIiwibmJmIjoxNzAyNjUwODA2LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NTA4NjYsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.cem4Kt5uwVFv11YhlpOCesPxlo-AfeOcIl8agwe7RP8bBrWI0O7L2coETjZb8a8axXwbWTpsBe2fgut7TjE8byAfRJwhW9jiAD31svw8RMRdRy07d54dVSiCoCfiaFBf79gKSgx0QjMsE1SCd1VJ7vaicp9k-q6a63BDMvp-7hsC1sIXmrsHhHX1wDkOQCrX7EWnOU8LDNhmcjIAgQqCk3TCZK_B-tM_1VNYEpZ6kYQHO1qhwTB6rHE1gh_Vxz0EUTt2H_7f1lj8Rp2ov5LFFi1VIBj7AIOwuTZeifUhJzNmZeeJNzWO3Ejd-Mh4saOGGuJxQqAQ5koxiD6IWZ25K810ojDt0AO-uSadZdbFpfjyox5v0ii-BWs303QQcHpjIzPQXnSq0jDLP6HnOauofHEs2LFimb2omkkUvhppRjpdewbFV6IV7F2lpw4XsiYBfwHLSWLa34PJqgVZ09Oiy7opVQo-tu9jho17RdJkNQYbyv5xCfwV8NKKSjXSFLv3TItmGENvnD_iWBxwFK9kRvCE1n0JoStnRqdpTWf-pkbU70TV71C7DsTlkmaJtporaBhAvF4rgJEWYrxPhEVTRt-ZpQ_hNFDkTWJxPOkSmmEWBjUiXwDWlu2kw0OXXSnndzsa3xIVYvOCNMDClj5gMFASS7DbvHvBAqe8au_bE4I"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"scope"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"token_type"</span><span style="color: #9ca0a4;">:</span> <span style="color: #50a14f;">"bearer"</span><span style="color: #9ca0a4;">,</span>
<span style="color: #50a14f;">"expires_in"</span><span style="color: #9ca0a4;">:</span> 3600
<span style="color: #9ca0a4;">}</span>
</pre>
</div>
<p>
Yipie! A new access token that only has read-only authorizations (exceptipon for
registry).
</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="date">Date: 2023-12-15 Fri 00:00</p>
<p class="author">Author: Yann Esposito</p>
<p class="date">Created: 2023-12-15 Fri 15:38</p>
</div>
</body>
</html>

186
notes/create_long_running_dashboard.org Normal file
View file

@ -0,0 +1,186 @@
:PROPERTIES:
:ID: edf18b30-3f82-4d1b-8d1e-3cc64f2b762b
:END:
#+Title: Create Long Running Dashboard
#+Author: Yann Esposito
#+Date: [2023-12-15]
* Summary
1. Once the user is logged, use his session token to make the first call to ~/oauth2/custom/tokens~.
2. You should get an access and refresh token. That refresh token expiration
date will be far away (a lot later than in 24h)
3. Use this new access token to display the dashboard.
4. When the access token expires, request a new one by using the refresh token
and calling ~/oauth/token~.
* Working Example on INT
#+NAME: envorigin
#+begin_src elisp
"https://visibility.int.iroh.site"
#+end_src
#+RESULTS: envorigin
: https://visibility.int.iroh.site
#+NAME: clientid
#+begin_src elisp
"cisco-internal-71c1b24be4210aac731cef41664f15e3"
#+end_src
#+RESULTS: clientid
: cisco-internal-71c1b24be4210aac731cef41664f15e3
#+NAME: userjwt
#+begin_src elisp
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY"
#+end_src
#+RESULTS: userjwt
: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImlyb2gtdWkiLCJsb2dpbiJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwic3ViIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9yZWZyZXNoLXRva2VuLWp0aSI6InJlZnJlc2gtMjVlYjI1YTYtYzZjYS00ODdkLWI4M2YtMjA2ZWRjNjRjZTgwIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiaXJvaC1hZG1pbiIsImV2ZW50OnJlYWQiLCJpbnNpZ2h0cyIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImludGVncmF0aW9uIiwicHJpdmF0ZS1pbnRlbCIsImFkbWluIiwicHJvZmlsZSIsImluc3BlY3QiLCJhc3NldCIsImZlZWRiYWNrIiwiaXJvaC1tYXN0ZXIiLCJzc2UiLCJyZWdpc3RyeSIsInVzZXJzIiwiaW52ZXN0aWdhdGlvbiIsImNpc2NvIiwiaW52aXRlIiwicGxheWJvb2siLCJjYXNlYm9vayIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwib3JiaXRhbCIsImVucmljaCIsIm9hdXRoIiwiY29sbGVjdCIsInJlc3BvbnNlIiwidWktc2V0dGluZ3MiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJvcGVuaWQiLCJub3RpZmljYXRpb24iLCJnbG9iYWwtaW50ZWw6cmVhZCIsIndlYmhvb2siLCJ2YXVsdC9jb25maWcvcG9zdHVyZTpyZWFkIiwiYW8iXSwiZXhwIjoxNzAyNzM1MjM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9uYW1lIjoiVGhyZWF0IFJlc3BvbnNlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoibG9naW4iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29yZy9uYW1lIjoiWWFubiBBRE1JTiBPUkciLCJqdGkiOiJ0b2tlbi0xMGVjYjk4NC1jMjk5LTRkNzItYjVlMC01ODA0Mjg4Njc4YmUiLCJuYmYiOjE3MDI2NDg3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9uYW1lIjoiWWFubiAtIE1hc3RlciIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvY2xpZW50L2lkIjoiaXJvaC11aSIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdmVyc2lvbiI6InYyLjEwLWM2ZDljZmM4NTU3OTg2NTA1YjkxIiwiaWF0IjoxNzAyNjQ4ODM0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJzZXNzaW9uLXRva2VuIn0.aUM6fPSkcEh7wlD5se328l6GGeaqLFuNZTR5XjP5dA79RXSwXxDuPHQbr5VveLUQRd7cl-5yAMlcEumjv5AuozafcBzLRdc2OBPtXBFzSxOinZKmbk4mNZ2FVHLdSRqEBzGfWpcw5ZoG2DbYy0Ygqh9s5kMvF789zrNz0DYituUMM7Wf37AQAJ1oFWfDHBGAND22FkhsHd7QrnJDQhtPkCTTWiMjHSfAXnrUuJ6kNZCPdAwa4HlTTmmlTBqI4TA6GGbwUDmBGeSEed9N01MLrOgbtJK3M8mdchxGb9lA2ZnkI8QfdXPEa_ppJ5CUUnYw1sOqFq-PeLoDEDDtkDPHg6115SPdfckbLYsOsxnBRcm2FwxP2hHunPXDEkJrT0osjU6t8MMi3FoDV-9ISdDdD6Ldhe9NM7WPNFofVp9XwYMyuqcejHX6V5AW8eb5GK6Xk_nwzLBTUxThvFi1FJSlDj5bdj7jnjMWv7wHtvUU1bMwSMOPkA0xSlM0pmD0CdfrSk3Os-RYHpcYLqrdXVvjau40beSCCoFlgjdebidux8RC6Ln4l6cauNepnyKxyLWqr-UfdAhiFe3U-F0gGPVwhUvqTfbpeujCd3go0037akaSOtUIXid08HPSCRHhEXANeR8GO1zT86XCz3h74uLyfqRSWEkR_tbvMAik942bQWY
#+HEADER: :var userjwt=userjwt envorigin=envorigin clientid=clientid
#+NAME: tokens
#+begin_src http :pretty :exports both :results value code :eval no-export
POST ${envorigin}/iroh/oauth2/custom/tokens
Accept: application/json
Content-Type: application/json
User-Agent: ob-http
Authorization: Bearer ${userjwt}
{"client_id":"${clientid}",
"client_secret": "dashboard"}
#+end_src
#+RESULTS: tokens
#+begin_src http
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1MzM3NCwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tMzI3Njk3ZjUtMWRkYi00MjhiLTg3ODQtMjAzNGQ0ODJlNGYwIiwibmJmIjoxNzAyNjQ5NzE0LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NDk3NzQsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.qw0hHP73wExZLvzlzv60Y7eAOCsO4TGASvCkEtmXogQ1LgReyh8YSqPQVZX5wP0OBfhjQ4-smEu54EcMC9Lf_wC9-vRrtRjq-NwoEL6wNsoruvWEtPoeHYWjrpGdV14Z_AOrlLwPANiN8boOFq452rBNgWj2RdfyDfR2uhT_fvJmrOyVJ8QL4ZLOMZZx2N3-Bh2ZLWJSCIa8Rxmvld5uI_ZDwAQ2XNC5Bs5BCZLAaROPZ-xq8Hslc4ZMgINYruSSQ6l7DVIklCZmyyRoLfKROej-tBYRrbRosfckd7o72LQLV1h7Jf-jDNVtujb5vjfxB9yWClt-gmgCPO7mb3xSbh_bzrsY-CWMg5C_XfLjmiE2Jm9asuZWX6nZkBmLSIXz5tIT0NyyZeW4PByjOxO9OPcYYHI2PjxYy36kxQqnViYSbaK6zAZGPkqOLcmJmK5G00MSZL23jw52au_rpH1vkKJHYcb61CH3Uzat6yplxpYQm6pW-8eKMnXUa21LHCkoOzdPx_SQ9_Z4bMsyAy7h7A1cjCBiiUU1X34te544zUH88s5Nr-j_vR8A1CqI3iTGVaqMg1mMui9H2gIycfLFNzCMgjE6RI9f7EvWxAvIbDZiHj7I4_NKhsjP96YIoXISQmxOXaPCgbL5EbItgcADf-dGQOYk2MeadfNq8mlj-Gs",
"scope": "admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"
}
#+end_src
decoded refresh token
#+begin_src
Token header
------------
{
"typ": "JWT",
"alg": "RS256",
"kid": "2lrcbtLUyB7hTUCBFMZoYOUy6SY8HybU70WVI6g7Zbk"
}
Token claims
------------
{
"aud": [
"cisco-internal-71c1b24be4210aac731cef41664f15e3"
],
"email": "yaesposi@cisco.com",
"exp": 1705328173,
"https://schemas.cisco.com/iroh/identity/claims/oauth/client/id": "cisco-internal-71c1b24be4210aac731cef41664f15e3",
"https://schemas.cisco.com/iroh/identity/claims/oauth/grant": "auth-code",
"https://schemas.cisco.com/iroh/identity/claims/oauth/kind": "refresh-token",
"https://schemas.cisco.com/iroh/identity/claims/oauth/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/org/id": "047a89bf-5d2e-4392-b770-ad4821a82acf",
"https://schemas.cisco.com/iroh/identity/claims/scopes": [
"event:read",
"private-intel:read",
"feedback:read",
"orbital:read",
"vault/configs:read",
"collect:read",
"users:read",
"enrich:read",
"insights:read",
"investigation:read",
"integration:read",
"registry",
"ao:read",
"ui-settings:read",
"vault/config/metadata:read",
"sse:read",
"admin:read",
"inspect:read",
"casebook:read",
"telemetry:write",
"global-intel:read",
"profile:read",
"webhook:read",
"vault/config/posture:read",
"notification:read",
"asset:read",
"response:read",
"playbook:read"
],
"https://schemas.cisco.com/iroh/identity/claims/user/email": "yaesposi@cisco.com",
"https://schemas.cisco.com/iroh/identity/claims/user/id": "00010924-e1bc-4b03-b600-89c6cf52757c",
"https://schemas.cisco.com/iroh/identity/claims/user/name": "Yann - Master",
"https://schemas.cisco.com/iroh/identity/claims/user/role": "admin",
"iat": 1702649773,
"iss": "IROH Auth",
"jti": "refresh-da00f48d-bedb-451a-b86b-9b357bf3749a",
"nbf": 1702649713
}
#+end_src
Where we can see that ~exp - iat~ claims is
#+begin_src elisp
(- 1705328173 1702649773)
#+end_src
#+RESULTS:
: 2678400
Which is
#+begin_src elisp
(/ 2678400 (* 60 60 24))
#+end_src
#+RESULTS:
: 31
31 days.
Note also the access token lifetime is 3600 seconds (instead of the default 300s).
After 1 hour, the access token will fail, from now on you could request another
access token with:
#+NAME: refreshtoken
#+begin_src elisp
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo"
#+end_src
#+RESULTS: refreshtoken
: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJlbWFpbCI6InlhZXNwb3NpQGNpc2NvLmNvbSIsImF1ZCI6WyJjaXNjby1pbnRlcm5hbC03MWMxYjI0YmU0MjEwYWFjNzMxY2VmNDE2NjRmMTVlMyJdLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvcm9sZSI6ImFkbWluIiwiaXNzIjoiSVJPSCBBdXRoIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9zY29wZXMiOlsiZXZlbnQ6cmVhZCIsInByaXZhdGUtaW50ZWw6cmVhZCIsImZlZWRiYWNrOnJlYWQiLCJvcmJpdGFsOnJlYWQiLCJ2YXVsdC9jb25maWdzOnJlYWQiLCJjb2xsZWN0OnJlYWQiLCJ1c2VyczpyZWFkIiwiZW5yaWNoOnJlYWQiLCJpbnNpZ2h0czpyZWFkIiwiaW52ZXN0aWdhdGlvbjpyZWFkIiwiaW50ZWdyYXRpb246cmVhZCIsInJlZ2lzdHJ5IiwiYW86cmVhZCIsInVpLXNldHRpbmdzOnJlYWQiLCJ2YXVsdC9jb25maWcvbWV0YWRhdGE6cmVhZCIsInNzZTpyZWFkIiwiYWRtaW46cmVhZCIsImluc3BlY3Q6cmVhZCIsImNhc2Vib29rOnJlYWQiLCJ0ZWxlbWV0cnk6d3JpdGUiLCJnbG9iYWwtaW50ZWw6cmVhZCIsInByb2ZpbGU6cmVhZCIsIndlYmhvb2s6cmVhZCIsInZhdWx0L2NvbmZpZy9wb3N0dXJlOnJlYWQiLCJub3RpZmljYXRpb246cmVhZCIsImFzc2V0OnJlYWQiLCJyZXNwb25zZTpyZWFkIiwicGxheWJvb2s6cmVhZCJdLCJleHAiOjE3MDUzMjgxNzMsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgvdXNlci9pZCI6IjAwMDEwOTI0LWUxYmMtNGIwMy1iNjAwLTg5YzZjZjUyNzU3YyIsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb3JnL2lkIjoiMDQ3YTg5YmYtNWQyZS00MzkyLWI3NzAtYWQ0ODIxYTgyYWNmIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9ncmFudCI6ImF1dGgtY29kZSIsImp0aSI6InJlZnJlc2gtZGEwMGY0OGQtYmVkYi00NTFhLWI4NmItOWIzNTdiZjM3NDlhIiwibmJmIjoxNzAyNjQ5NzEzLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaWF0IjoxNzAyNjQ5NzczLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2tpbmQiOiJyZWZyZXNoLXRva2VuIn0.SpwTOO_Ze2dLY1EVpq86RefnHz5OKL2HQS8pjK32Ei2nELAZdSoJaMhtUriXF05Y5G-s1wtBItR0kRXDrDDSFyon6wVxaqwtTBd6vUWgKLJOzM6tLBrdQDd3-XnOuH3v2Zvsd4h7ritTlkCj5cA6aiuvBrhkyEpZE4OhJ-YRTXvMsiepZnAAiRHMaB9gRAMovMuXrCHYN_-hdVXh0uOrDF5ARTwmh9GC9fhQpgzOSL2YbTyj0u0uF9tBOsmc8JmfdR_BxwBk6A7QiygUhzT5w23VkzPZ1W842UyPWVeOprHgWjpb_eUZKAnmL5s3-uT58bv_llHg1JVNPTUtp1yXaWPUGeKe83qlUf3ySdOPD04BLcjG1J1RZ4vMzVW0MboyqairgoCRl5fnA9aUVBM-28E2qDR6zjzAG6XLz3tYFgb2ltKYHi9sOgzdRxhn_879R3W09jjNRh_n-_vEouL1QUWTLDX5ZwPyvIEbaZMvDKocjTQ1VIsQeRhKNvqsoy019Y7aixfm4XvEWrfjArbB-i3O7iLwdJEDRsYpFvif2kltTApKgdIUt6_1JS3oqzInJc7G8itd_T_IE2UQo6zf6J2OuL-Y4nuUlAhtMfS2pHgIfWXbCRJL2xDD3Zu2ukUL7WzdKA974zc0qB30ZuSaN3QxsNu2m_pDRX4KjFXftuo
#+HEADER: :var refreshtoken=refreshtoken envorigin=envorigin clientid=clientid
#+NAME: newtokens
#+begin_src http :pretty :exports both :results value code :eval no-export
POST ${envorigin}/iroh/oauth2/token
Accept: application/json
Content-Type: application/x-www-form-urlencoded
User-Agent: ob-http
client_id=${clientid}&client_secret=dashboard&grant_type=refresh_token&refresh_token=${refreshtoken}
#+end_src
#+RESULTS: newtokens
#+begin_src http
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6IjJscmNidExVeUI3aFRVQ0JGTVpvWU9VeTZTWThIeWJVNzBXVkk2ZzdaYmsifQ.eyJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvZW1haWwiOiJ5YWVzcG9zaUBjaXNjby5jb20iLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWRwL2lkIjoic3hzbyIsImVtYWlsIjoieWFlc3Bvc2lAY2lzY28uY29tIiwiYXVkIjpbImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIl0sImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvdXNlci9yb2xlIjoiYWRtaW4iLCJzdWIiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJpc3MiOiJJUk9IIEF1dGgiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL3JlZnJlc2gtdG9rZW4tanRpIjoicmVmcmVzaC1kYTAwZjQ4ZC1iZWRiLTQ1MWEtYjg2Yi05YjM1N2JmMzc0OWEiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3Njb3BlcyI6WyJldmVudDpyZWFkIiwicHJpdmF0ZS1pbnRlbDpyZWFkIiwiZmVlZGJhY2s6cmVhZCIsIm9yYml0YWw6cmVhZCIsInZhdWx0L2NvbmZpZ3M6cmVhZCIsImNvbGxlY3Q6cmVhZCIsInVzZXJzOnJlYWQiLCJlbnJpY2g6cmVhZCIsImluc2lnaHRzOnJlYWQiLCJpbnZlc3RpZ2F0aW9uOnJlYWQiLCJpbnRlZ3JhdGlvbjpyZWFkIiwicmVnaXN0cnkiLCJhbzpyZWFkIiwidWktc2V0dGluZ3M6cmVhZCIsInZhdWx0L2NvbmZpZy9tZXRhZGF0YTpyZWFkIiwic3NlOnJlYWQiLCJhZG1pbjpyZWFkIiwiaW5zcGVjdDpyZWFkIiwiY2FzZWJvb2s6cmVhZCIsInRlbGVtZXRyeTp3cml0ZSIsImdsb2JhbC1pbnRlbDpyZWFkIiwicHJvZmlsZTpyZWFkIiwid2ViaG9vazpyZWFkIiwidmF1bHQvY29uZmlnL3Bvc3R1cmU6cmVhZCIsIm5vdGlmaWNhdGlvbjpyZWFkIiwiYXNzZXQ6cmVhZCIsInJlc3BvbnNlOnJlYWQiLCJwbGF5Ym9vazpyZWFkIl0sImV4cCI6MTcwMjY1NDQ2NiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvbmFtZSI6IjEgTW9udGggRGFzaGJvYXJkIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC91c2VyL2lkIjoiMDAwMTA5MjQtZTFiYy00YjAzLWI2MDAtODljNmNmNTI3NTdjIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvaWQiOiIwNDdhODliZi01ZDJlLTQzOTItYjc3MC1hZDQ4MjFhODJhY2YiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2dyYW50IjoiYXV0aC1jb2RlIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vYXV0aC9jbGllbnQvb3duZXIvaWQiOiJjaXNjby1pbnRlcm5hbC11aS1kYXNoYm9hcmRzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy9vcmcvbmFtZSI6Illhbm4gQURNSU4gT1JHIiwianRpIjoidG9rZW4tYzYwZjYzZmMtZWRiYi00YThjLTlkMDQtODE2ZjBjN2I4NzdmIiwibmJmIjoxNzAyNjUwODA2LCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvbmFtZSI6Illhbm4gLSBNYXN0ZXIiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL3VzZXIvaWQiOiIwMDAxMDkyNC1lMWJjLTRiMDMtYjYwMC04OWM2Y2Y1Mjc1N2MiLCJodHRwczovL3NjaGVtYXMuY2lzY28uY29tL2lyb2gvaWRlbnRpdHkvY2xhaW1zL29hdXRoL2NsaWVudC9pZCI6ImNpc2NvLWludGVybmFsLTcxYzFiMjRiZTQyMTBhYWM3MzFjZWY0MTY2NGYxNWUzIiwiaHR0cHM6Ly9zY2hlbWFzLmNpc2NvLmNvbS9pcm9oL2lkZW50aXR5L2NsYWltcy92ZXJzaW9uIjoidjIuMTAtYzZkOWNmYzg1NTc5ODY1MDViOTEiLCJpYXQiOjE3MDI2NTA4NjYsImh0dHBzOi8vc2NoZW1hcy5jaXNjby5jb20vaXJvaC9pZGVudGl0eS9jbGFpbXMvb2F1dGgva2luZCI6ImFjY2Vzcy10b2tlbiJ9.cem4Kt5uwVFv11YhlpOCesPxlo-AfeOcIl8agwe7RP8bBrWI0O7L2coETjZb8a8axXwbWTpsBe2fgut7TjE8byAfRJwhW9jiAD31svw8RMRdRy07d54dVSiCoCfiaFBf79gKSgx0QjMsE1SCd1VJ7vaicp9k-q6a63BDMvp-7hsC1sIXmrsHhHX1wDkOQCrX7EWnOU8LDNhmcjIAgQqCk3TCZK_B-tM_1VNYEpZ6kYQHO1qhwTB6rHE1gh_Vxz0EUTt2H_7f1lj8Rp2ov5LFFi1VIBj7AIOwuTZeifUhJzNmZeeJNzWO3Ejd-Mh4saOGGuJxQqAQ5koxiD6IWZ25K810ojDt0AO-uSadZdbFpfjyox5v0ii-BWs303QQcHpjIzPQXnSq0jDLP6HnOauofHEs2LFimb2omkkUvhppRjpdewbFV6IV7F2lpw4XsiYBfwHLSWLa34PJqgVZ09Oiy7opVQo-tu9jho17RdJkNQYbyv5xCfwV8NKKSjXSFLv3TItmGENvnD_iWBxwFK9kRvCE1n0JoStnRqdpTWf-pkbU70TV71C7DsTlkmaJtporaBhAvF4rgJEWYrxPhEVTRt-ZpQ_hNFDkTWJxPOkSmmEWBjUiXwDWlu2kw0OXXSnndzsa3xIVYvOCNMDClj5gMFASS7DbvHvBAqe8au_bE4I",
"scope": "admin:read ao:read asset:read casebook:read collect:read enrich:read event:read feedback:read global-intel:read insights:read inspect:read integration:read investigation:read notification:read orbital:read playbook:read private-intel:read profile:read registry response:read sse:read telemetry:write ui-settings:read users:read vault/config/metadata:read vault/config/posture:read vault/configs:read webhook:read",
"token_type": "bearer",
"expires_in": 3600
}
#+end_src
Yipie! A new access token that only has read-only authorizations (exceptipon for
registry).

241
notes/deploy_new_environment_staging.org Normal file
View file

@ -0,0 +1,241 @@
:PROPERTIES:
:ID: 7b35763c-84af-41fa-bad5-b407b33ff020
:END:
#+Title: Deploy New Environment
#+Author: Yann Esposito
#+Date: [2023-11-28]
- tags ::
- source ::
* Start the node with one admin [still needed]
Dependencies:
- [ops] all DB runnings: (riemann, ES, Postgres, Redis, etc…)
- [ops] configure the node to use DBFixtures, then remove db-fixture service from
bootstrap.cfg then restart the node. If configured correctly the DB will now
contain an admin user. The org must have the following additional scopes:
~cisco, iroh-admin, iroh-master, global-intel~.
- IROH / IROH-Async is running
* Engineering Admin Access [still needed]
- [ops] Provide VPN Access to the new Environment
- [ops] Must create the first accounts for every engineer involved in the
initial configuration of the new environment
* Support Provisioning (via PIAM) [not needed anymore]
- [ops] update Vault with the OAuth2 client creds from PIAM
- [engineering] configure PIAM Universal Provisioning in IROH (URLs, etc…)
assumptions:
- we will have OAuth2 client creds from PIAM configured.
- PIAM configured their server to point to the new URL for the Universal
Provisioning API
- We will use the PIAM Universal Provisioning
* Support essential XDR modules (DI, CSC, SE, SXO, SCA, SSX)
** Deploy a Private Intel (CTIA) node [still needed]
- [ops] This is needed for most integrations (DI SE).
- [engineering] updated the URL in tenzin-config with the new private-intel URL
** SXO (cc @Mark)
*** Onboarding (todo) [still needed]
- dependency: SXO: will provide an onboarding API URL
- [engineering] Onboarding configuration in ~config.edn~.
Ask Automation to provide the onboarding URL.
*** Module Type (cc @Matthieu) [Replicated]
- [engineering] Creating the SXO Module Type, with the correct URLs, configuration
*** OAuth2 Client [Replicated]
- [engineering] Create an IROH OAuth2 client for SXO.
Copy the values from other deployed environment except replace the redirect URI.
In particular, take care of the audiences, it should be configured with
~allow-partial-user-scopes?~ to true.
This client must be trusted. Add the client-id to the list of trusted clients by
using the admin API ~/admin/oauth/~
** DI
*** OAuth2 Client [Replicated]
Create an IROH OAuth2 client for DI.
Copy the values from other deployed environment except replace the redirect URI.
In particular, take care of the audiences, it should be configured with
~allow-partial-user-scopes?~ to true as well as ~org-level-authorization?~.
This client must be trusted. Add the client-id to the list of trusted clients by
using the admin API ~/admin/oauth/~
*** Module Type creation (cc @Matthieu) [Replicated]
*** Onboarding [still needed or DI should route using geo from the JWT]
Onboarding configuration in ~config.edn~.
Ask DI to provide the onboarding URL.
** SCA
*** OAuth2 Client [replicated]
Create an IROH OAuth2 client for DI.
Copy the values from other deployed environment except replace the redirect URI.
In particular, take care of the audiences, it should be configured with
~allow-partial-user-scopes?~ to true.
This client must be trusted. Add the client-id to the list of trusted clients by
using the admin API ~/admin/oauth/~
*** module conf (cc @Matthieu) [Replicated]
*** Onboarding [SCA route using JWT or still needed]
Onboarding configuration in ~config.edn~.
Ask SCA to provide the onboarding URL.
** SSX
*** OAuth2 client (claim aliases) [Replicated]
1. Ask SSX to deploy a Stage Environment and provide the corresponding URLs:
In the rest of this doc we suppose it will be:
- https://admin.sta.sse.itd.cisco.com
- https://devops.sta.sse.itd.cisco.com
but SSX could provide some different URLs to use.
2. Create a dedicated Org for SSX
3. Via the API directly, create a new API Client using the following payload.
Notice some value could change depending on the SSX configuration of the prefixes.
You need to ask SSX what are the expected IdP Mapping they would like.
I took on me that if a user login via AMP (CSA) SSX expect the tenant claim
to be ~AMP-STA~.
Then you should create a client via the API with the following
#+begin_src js
{
"scopes": ["integration", "private-intel", "admin", "profile", "inspect", "iroh-master",
"iroh-auth", "sse", "users", "casebook", "orbital", "enrich", "oauth", "global-intel",
"collect", "response", "ui-settings", "openid", "ao"],
"description": "NEW Environment for Security Services Exchange Admin Console",
"redirects": [
"https://admin.sta.sse.itd.cisco.com/*/*",
"https://admin.sta.sse.itd.cisco.com/*/*/*",
"https://admin.sta.sse.itd.cisco.com/*",
"https://admin.sta.sse.itd.cisco.com/*/*/*/*",
"https://devops.sta.sse.itd.cisco.com/*/*",
"https://devops.sta.sse.itd.cisco.com/*/*/*",
"https://devops.sta.sse.itd.cisco.com/*",
"https://devops.sta.sse.itd.cisco.com/*/*/*/*",
"https://devops.sta.sse.itd.cisco.com"
],
"availability": "everyone",
"access-token-lifetime-in-sec": 86400,
"id-token-lifetime-in-sec": 86400,
"name": "sse-ui-new-client",
"grants": ["auth-code"],
"client-type": "confidential",
"id-token-aliases": [
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG-STA",
"idb-amp": "AMP-STA"
},
"default-value": "AMP-STA",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/idp/id"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG-STA",
"idb-amp": "AMP-STA"
},
"claim-to-alias": "idp-mapping-idp"
},
{
"alias": "spId",
"case-value": {
"sxso": "SXSO",
"idb-tg": "TG-STA",
"idb-amp": "AMP-STA"
},
"claim-to-alias": "old-idp-mapping-idp"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/id"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "idp-mapping-organization-id"
},
{
"alias": "companyId",
"replace-value": [
[
"^threatgrid[:]",
""
]
],
"claim-to-alias": "old-idp-mapping-organization-id"
},
{
"alias": "companyName",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/org/name"
},
{
"alias": "user_name",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/name"
},
{
"alias": "user_email",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/email"
},
{
"alias": "role",
"case-value": {
"admin": "admin",
"master": "admin",
"iroh-admin": "admin"
},
"default-value": "user",
"claim-to-alias": "https://schemas.cisco.com/iroh/identity/claims/user/role"
}
]
}
#+end_src
Once the client is created.
Go to the admin API, and bless the client to approve it.
Also still via the Admin API, add the client to the trusted clients.
Ask QA to verify cross launch is working as expected for the 3 IdPs.
* UI
- Check the registration UI would still work
- Check some URLs with normal frontend

257
notes/dossier_mdph_anna_2023.html Normal file
View file

@ -0,0 +1,257 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<!-- 2023-11-13 Mon 23:01 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<title>dossier MDPH Anna 2023</title>
<meta name="author" content="Yann Esposito" />
<meta name="generator" content="Org Mode" />
<style>
#content { max-width: 60em; margin: auto; }
.title { text-align: center;
margin-bottom: .2em; }
.subtitle { text-align: center;
font-size: medium;
font-weight: bold;
margin-top:0; }
.todo { font-family: monospace; color: red; }
.done { font-family: monospace; color: green; }
.priority { font-family: monospace; color: orange; }
.tag { background-color: #eee; font-family: monospace;
padding: 2px; font-size: 80%; font-weight: normal; }
.timestamp { color: #bebebe; }
.timestamp-kwd { color: #5f9ea0; }
.org-right { margin-left: auto; margin-right: 0px; text-align: right; }
.org-left { margin-left: 0px; margin-right: auto; text-align: left; }
.org-center { margin-left: auto; margin-right: auto; text-align: center; }
.underline { text-decoration: underline; }
#postamble p, #preamble p { font-size: 90%; margin: .2em; }
p.verse { margin-left: 3%; }
pre {
border: 1px solid #e6e6e6;
border-radius: 3px;
background-color: #f2f2f2;
padding: 8pt;
font-family: monospace;
overflow: auto;
margin: 1.2em;
}
pre.src {
position: relative;
overflow: auto;
}
pre.src:before {
display: none;
position: absolute;
top: -8px;
right: 12px;
padding: 3px;
color: #555;
background-color: #f2f2f299;
}
pre.src:hover:before { display: inline; margin-top: 14px;}
/* Languages per Org manual */
pre.src-asymptote:before { content: 'Asymptote'; }
pre.src-awk:before { content: 'Awk'; }
pre.src-authinfo::before { content: 'Authinfo'; }
pre.src-C:before { content: 'C'; }
/* pre.src-C++ doesn't work in CSS */
pre.src-clojure:before { content: 'Clojure'; }
pre.src-css:before { content: 'CSS'; }
pre.src-D:before { content: 'D'; }
pre.src-ditaa:before { content: 'ditaa'; }
pre.src-dot:before { content: 'Graphviz'; }
pre.src-calc:before { content: 'Emacs Calc'; }
pre.src-emacs-lisp:before { content: 'Emacs Lisp'; }
pre.src-fortran:before { content: 'Fortran'; }
pre.src-gnuplot:before { content: 'gnuplot'; }
pre.src-haskell:before { content: 'Haskell'; }
pre.src-hledger:before { content: 'hledger'; }
pre.src-java:before { content: 'Java'; }
pre.src-js:before { content: 'Javascript'; }
pre.src-latex:before { content: 'LaTeX'; }
pre.src-ledger:before { content: 'Ledger'; }
pre.src-lisp:before { content: 'Lisp'; }
pre.src-lilypond:before { content: 'Lilypond'; }
pre.src-lua:before { content: 'Lua'; }
pre.src-matlab:before { content: 'MATLAB'; }
pre.src-mscgen:before { content: 'Mscgen'; }
pre.src-ocaml:before { content: 'Objective Caml'; }
pre.src-octave:before { content: 'Octave'; }
pre.src-org:before { content: 'Org mode'; }
pre.src-oz:before { content: 'OZ'; }
pre.src-plantuml:before { content: 'Plantuml'; }
pre.src-processing:before { content: 'Processing.js'; }
pre.src-python:before { content: 'Python'; }
pre.src-R:before { content: 'R'; }
pre.src-ruby:before { content: 'Ruby'; }
pre.src-sass:before { content: 'Sass'; }
pre.src-scheme:before { content: 'Scheme'; }
pre.src-screen:before { content: 'Gnu Screen'; }
pre.src-sed:before { content: 'Sed'; }
pre.src-sh:before { content: 'shell'; }
pre.src-sql:before { content: 'SQL'; }
pre.src-sqlite:before { content: 'SQLite'; }
/* additional languages in org.el's org-babel-load-languages alist */
pre.src-forth:before { content: 'Forth'; }
pre.src-io:before { content: 'IO'; }
pre.src-J:before { content: 'J'; }
pre.src-makefile:before { content: 'Makefile'; }
pre.src-maxima:before { content: 'Maxima'; }
pre.src-perl:before { content: 'Perl'; }
pre.src-picolisp:before { content: 'Pico Lisp'; }
pre.src-scala:before { content: 'Scala'; }
pre.src-shell:before { content: 'Shell Script'; }
pre.src-ebnf2ps:before { content: 'ebfn2ps'; }
/* additional language identifiers per "defun org-babel-execute"
in ob-*.el */
pre.src-cpp:before { content: 'C++'; }
pre.src-abc:before { content: 'ABC'; }
pre.src-coq:before { content: 'Coq'; }
pre.src-groovy:before { content: 'Groovy'; }
/* additional language identifiers from org-babel-shell-names in
ob-shell.el: ob-shell is the only babel language using a lambda to put
the execution function name together. */
pre.src-bash:before { content: 'bash'; }
pre.src-csh:before { content: 'csh'; }
pre.src-ash:before { content: 'ash'; }
pre.src-dash:before { content: 'dash'; }
pre.src-ksh:before { content: 'ksh'; }
pre.src-mksh:before { content: 'mksh'; }
pre.src-posh:before { content: 'posh'; }
/* Additional Emacs modes also supported by the LaTeX listings package */
pre.src-ada:before { content: 'Ada'; }
pre.src-asm:before { content: 'Assembler'; }
pre.src-caml:before { content: 'Caml'; }
pre.src-delphi:before { content: 'Delphi'; }
pre.src-html:before { content: 'HTML'; }
pre.src-idl:before { content: 'IDL'; }
pre.src-mercury:before { content: 'Mercury'; }
pre.src-metapost:before { content: 'MetaPost'; }
pre.src-modula-2:before { content: 'Modula-2'; }
pre.src-pascal:before { content: 'Pascal'; }
pre.src-ps:before { content: 'PostScript'; }
pre.src-prolog:before { content: 'Prolog'; }
pre.src-simula:before { content: 'Simula'; }
pre.src-tcl:before { content: 'tcl'; }
pre.src-tex:before { content: 'TeX'; }
pre.src-plain-tex:before { content: 'Plain TeX'; }
pre.src-verilog:before { content: 'Verilog'; }
pre.src-vhdl:before { content: 'VHDL'; }
pre.src-xml:before { content: 'XML'; }
pre.src-nxml:before { content: 'XML'; }
/* add a generic configuration mode; LaTeX export needs an additional
(add-to-list 'org-latex-listings-langs '(conf " ")) in .emacs */
pre.src-conf:before { content: 'Configuration File'; }
table { border-collapse:collapse; }
caption.t-above { caption-side: top; }
caption.t-bottom { caption-side: bottom; }
td, th { vertical-align:top; }
th.org-right { text-align: center; }
th.org-left { text-align: center; }
th.org-center { text-align: center; }
td.org-right { text-align: right; }
td.org-left { text-align: left; }
td.org-center { text-align: center; }
dt { font-weight: bold; }
.footpara { display: inline; }
.footdef { margin-bottom: 1em; }
.figure { padding: 1em; }
.figure p { text-align: center; }
.equation-container {
display: table;
text-align: center;
width: 100%;
}
.equation {
vertical-align: middle;
}
.equation-label {
display: table-cell;
text-align: right;
vertical-align: middle;
}
.inlinetask {
padding: 10px;
border: 2px solid gray;
margin: 10px;
background: #ffffcc;
}
#org-div-home-and-up
{ text-align: right; font-size: 70%; white-space: nowrap; }
textarea { overflow-x: auto; }
.linenr { font-size: smaller }
.code-highlighted { background-color: #ffff00; }
.org-info-js_info-navigation { border-style: none; }
#org-info-js_console-label
{ font-size: 10px; font-weight: bold; white-space: nowrap; }
.org-info-js_search-highlight
{ background-color: #ffff00; color: #000000; font-weight: bold; }
.org-svg { }
</style>
</head>
<body>
<div id="content" class="content">
<h1 class="title">dossier MDPH Anna 2023</h1>
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#org6e4afd7">1. Documents</a></li>
</ul>
</div>
</div>
<div id="outline-container-org6e4afd7" class="outline-2">
<h2 id="org6e4afd7"><span class="section-number-2">1.</span> Documents</h2>
<div class="outline-text-2" id="text-1">
<p>
Madame, Monsieur,
</p>
<p>
Veuillez trouver ci-joint le dossier de demande à la MDPH de notre fille Anna Esposito&#x2013;Basso.
Celui-ci comprend les documents suivants :
</p>
<ul class="org-ul">
<li class="off"><code>[&#xa0;]</code> Dossier MDPH rempli (20 pages)</li>
<li class="off"><code>[&#xa0;]</code> Certificat médical de moins de 6 mois pour demandes MDPH (8 pages)</li>
<li class="off"><code>[&#xa0;]</code> Bilan Auditif (3 pages)</li>
<li class="off"><code>[&#xa0;]</code> Certificat médical auditif - Dr Oddon (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Photocopie de la Carte d&rsquo;identité d&rsquo;Anna Esposito&#x2013;Basso (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Justificatif de domicile; Photocopie de facture d&rsquo;électricité EDF (1 page) ainsi
qu&rsquo;une attestation sur l&rsquo;honneur d&rsquo;hébergement. (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Justificatif aide animalière ; certificat chien d&rsquo;assistance (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Contrat de travail de l&rsquo;aidant familial (9 pages) + Fiche de salaire de
l&rsquo;aidant familial prouvant un temps partiel (80%)</li>
<li class="off"><code>[&#xa0;]</code> Devis Ergothérapeute - Mme Pradura (1 page)</li>
<li class="off"><code>[&#xa0;]</code> Factures et devis Coach de vie - Mme Arboucalot (3 pages)</li>
<li class="off"><code>[&#xa0;]</code> Feuille remboursement Mutuelle Audio prothèses (reste à charge 740€, 380€
par prothèse)</li>
<li class="off"><code>[&#xa0;]</code> Projet de vie (2 pages)</li>
<li class="off"><code>[&#xa0;]</code> Bilan Neuropsychologique</li>
<li class="off"><code>[&#xa0;]</code> Comptes rendu bilan Ergothérapeute</li>
<li class="off"><code>[&#xa0;]</code> Bilan du CRA des Alpes Maritimes</li>
<li class="off"><code>[&#xa0;]</code> Facture Psychiatre - Dr Guidi (1 page)</li>
</ul>
<p>
En vous en souhaitant bonne réception.
</p>
<p>
Krystelle &amp; Yann Esposito</p>
</div>
</div>
</div>
<div id="postamble" class="status">
<p class="date">Date: 2023-06-19 Mon 00:00</p>
<p class="author">Author: Yann Esposito</p>
<p class="date">Created: 2023-11-13 Mon 23:01</p>
</div>
</body>
</html>

98
notes/dossier_mdph_anna_2023.org
View file

@ -4,7 +4,7 @@
#+title: dossier MDPH Anna 2023
#+Author: Yann Esposito
#+Date: [2023-06-19]
#+lang: fr
#+Lang: fr
- tags ::
- source ::
@ -13,7 +13,6 @@
- Formulaires: https://www.mdph13.fr/Pages/Formulaires.aspx
- https://mdphenligne.cnsa.fr/mdph/13
- dossier: [[file:~/Library/Mobile Documents/com~apple~CloudDocs/Documents/1-Administration/MDPH/MDPH-2023][dossier 2023]]
** Addresse
Maison Départementale des Personnes Handicapées des Bouches du Rhône
@ -24,3 +23,98 @@ accueil.information.mdph@mdph13.fr
Accueil Physique : du lundi au jeudi de 9h00 à 16h00
Accueil Téléphonique : du lundi au vendredi de 9h00 à 12h30 et de 13h30 à 17h00 (appel gratuit depuis un poste fixe)
* Documents Ecrit Dossier
** Projet de Vie
Anna est une jeune fille autiste sans déficience intellectuelle diagnostiquée à
lâge de 17 ans.
Elle souffre de troubles anxieux généralisés qui furent difficiles à gérer
pendant le collège et qui lui ont finalement fait quitter la scolarité publique
lors de son entrée au lycée.
Bien quintellectuellement très capable, il lui est pour linstant impossible de
passer des examens à cause de son anxiété de performance.
Aujourdhui les efforts de toute la famille et des professionnels sont
concentrés pour laider à se socialiser et à gagner en autonomie.
Pour soutenir Anna dans ses efforts de sociabilisation et dautonomie elle a
besoin davoir son chien dassistance.
Pour cela il lui faut avoir la carte CMI invalidité et donc une reconnaissance
de handicap dau moins 80%.
Hors du domicile son chien dassistance est son unique moyen de calmer ses
crises en faisant de la pressothérapie.
En effet lors dune crise, personne ne peut la toucher.
Pas même ses proches qui sont dans limpossibilité de la mettre en sécurité.
La chienne écarte les personnes qui pourraient bousculer ou toucher Anna.
La chienne fait du guidage et elle peut lamener vers ses parents.
Depuis que lanimal est là, elle arrive, à petite dose, à rentrer dans un
magasin pour faire quelques courses et à se rendre à ses rendez-vous médicaux en
présence dun de ses deux parents.
Avoir la carte CMI Stationnement à aussi été à de nombreuses reprises une aide
très précieuse qui lui permet dêtre mise en sécurité rapidement en cas de
crise.
Sachant que lors de ses crises nous ne pouvons pas la toucher et quil lui
arrive de sécrouler sur le sol, la distance gagnée savère profondément utile.
Nous avons déménagés du département 06 vers le 13 en février 2023 dans le but
davoir un soutient familial.
Depuis nous recherchons activement un psychologue spécialisé dans les troubles
autistiques ainsi que des groupes dhabiletés sociales.
Nous avons retrouvé un ensemble de professionnels pour laider dont:
- un psychiatre (actuellement en passation entre le psychiatre de Mougins (06)
et celui dAix-en-Provence)
- une coach professionnelle pour un accès à lemploi
- une ergothérapeute pour un support général de gestion de ses hypersensibilités
- un ORL pour atténuer ses hypersensibilités auditives
- un éducateur canin pour renforcer léducation de la chienne dassistance tout
en la socialisant
Lautisme et les troubles anxieux dAnna ne disparaîtront jamais.
Cest pourquoi nous demandons la reconnaissance des droits MDPH à vie.
Ces aides lui permettront daccomplir ses projets:
- *Gagner en Autonomie personnelle* : arriver sans aide ni stimulation parentale à
prendre soin delle (hygiène, alimentation, santé, organisation,
déplacements).
- *Se socialiser* : avec le soutient de professionnels pour avoir des contacts et
des relations avec lextérieur. Avoir une activité de loisir (ex: canicross).
- *Accès à la vie active* : avec laide de sa coach professionnelle Anna travaille
sur un accès à la vie active en fonction de ses besoins (formation, emploi).
** Documents
Madame, Monsieur,
Veuillez trouver ci-joint le dossier de demande à la MDPH de notre fille Anna Esposito--Basso.
Celui-ci comprend les documents suivants :
- [ ] Dossier MDPH rempli (20 pages)
- [ ] Certificat médical de moins de 6 mois pour demandes MDPH (8 pages)
- [ ] Bilan Auditif (3 pages)
- [ ] Certificat médical auditif - Dr Oddon (1 page)
- [ ] Photocopie de la Carte d'identité d'Anna Esposito--Basso (1 page)
- [ ] Justificatif de domicile; Photocopie de facture d'électricité EDF (1 page) ainsi
qu'une attestation sur l'honneur d'hébergement. (1 page)
- [ ] Justificatif aide animalière ; certificat chien d'assistance (1 page)
- [ ] Contrat de travail de l'aidant familial (9 pages) + Fiche de salaire de
l'aidant familial prouvant un temps partiel (80%)
- [ ] Devis Ergothérapeute - Mme Pradura (1 page)
- [ ] Factures et devis Coach de vie - Mme Arboucalot (3 pages)
- [ ] Feuille remboursement Mutuelle Audio prothèses (reste à charge 740€, 380€
par prothèse)
- [ ] Projet de vie (2 pages)
- [ ] Bilan Neuropsychologique
- [ ] Comptes rendu bilan Ergothérapeute
- [ ] Bilan du CRA des Alpes Maritimes
- [ ] Facture Psychiatre - Dr Guidi (1 page)
En vous en souhaitant bonne réception.
Krystelle & Yann Esposito
** TODO [#B] Faire Signer la demande MDPH à Anna (Page 4/20)
DEADLINE: <2023-11-14 Tue 10:00>
** Projet Professionnel
Les différentes prises en charges auprès des professionnels ont pour but de
permettre à Anna de se socialiser mais surtout de trouver une orientation
professionnelle qui lui permettrait de s'autonomiser financièrement.

96
notes/dynamic_service_architecture_for_big_software.org Normal file
View file

@ -0,0 +1,96 @@
:PROPERTIES:
:ID: cdf1dfad-99f0-42d6-9eda-7a04dd275c20
:END:
#+Title: Dynamic Service Architecture for big Software
#+Author: Yann Esposito
#+Date: [2024-01-03]
- tags ::
- source ::
* Introduction
???
Plan attempt
* Plan
** Introduction
Talk about composability in real-word application.
How we can think of it in a static way vs a dynamic way.
Why part of dynamicity is mandatory.
How could this be achieved?
Maybe talk about meta-programming with yesod for example.
** Evolution of Code Architecture
Why do we need to provide code architecture patterns?
Try and errors, and learning from them.
By doing so we discovered a few important architecture design patterns.
1. spaghetti code. Mix everything, everything is coupled. If you change one line
of code this will impact other places. Only survival strategy, copy/paste,
become a master of massive search and replace.
2. Externalize state. You want to make it a lot easier to scale.
So you keep your business logic data in an external DB hopefully choosing one
that could scale. So you could easily spawn a new node and the charge will be distributed.
This is basic Ops hygiene that gave birth to 12 factor application methodology.
3. MVC. Once you took care of externalizing the state, you then discover that
you don't want to mix the business logic with its presentation. So you add a
view layer. One very nice property of MVC is that it can be organized and
even better composed in components.
Each component will provide the three aspects, Model View and Controller. And
you can create a framework that will compose them.
4. Last step but not the least, Controllers is where you take care of your
business logic. And some will share common usage, you naturally ends up with
building the same common components or libraries.
So now, you will start to have a lot of components that will not have views
and only Controller and optionally a Model saved in DB.
Worse, every of these component have a lifecycle. They start and initialize
their internal state, then they live, and finally they could be removed and
be deleted. So you will end up with a complex mess of internal state that is
not business logic state, but only technical local state.
To solve this problem you have different architectures proposed but in the
functional world this could be components.
So you split your logic into different services. Each of them will take care
of their own technical internal state.
How does this work?
** Components / Services
Service Lifecycle. Every service pass through different phases.
1. init
2. start
3. live
4. stop
There is a distinction between init and start which could be useful for some
technical reason.
Every component also declare its dependency over other components.
Every dependency can be either mandatory or optional.
On top of this every component also exposes a public API.
But that's not all.
Every component should be organized into:
- schemas / data-structure
- service declaration
- service implementation
- optional associated web service declaration / implementation
- different default configs per option. LOCAL, DEV, CI, TEST, PROD
- tests:
- implementation (short)
- service (big)
- web service
- default test configs TEST_SELF_CONTAINED, TEST_INTEGRATION
But that's not all. For modern application you need:
1. Structured traces/logs
2. Very good state layer
3. Centralized business logic

49
notes/elegance.org Normal file
View file

@ -0,0 +1,49 @@
:PROPERTIES:
:ID: f3e7b5bf-81a1-4592-89fa-f2094a8136d5
:END:
#+Title: Élégance
#+Author: Yann Esposito
#+Date: [2023-11-09]
#+LANG: fr
* Élégance
Peut-être est-ce là, l'élégance qui fait la différence entre le bien et le mal.
Le bonheur et le malheur.
La raison de vivre cachée, celle qui surpasse une fois que l'on a tout le reste.
Dans sa nouvelle surreal numbers, Donald Knuth commence le roman en métant deux
personnages qui ont tous leurs besoins comblés.
Les besoins basiques et humain.
Une fois qu'on vous donne tout ce qui vous reste à désirer, et bien, on peut
trouver plusieurs chemins.
L'un d'entre eux est l'ennuie, la débauche et le laisser aller.
Un autre chemin qui semble plus vertueux est celui de la recherche de l'élégance.
Dans surreal numbers il s'agit de la recherche d'une élégance mathématique.
Mais n'est-il pas de l'élégance dans bien d'autres domaines.
Les languages de programmation.
Des algorithmes.
De l'art.
Des méthodes d'UX.
Et ce qui fait la différence, ce qui marque.
Ce sont ces preuves de créativités qui tombent pile au bon endroit de
l'élégance.
Je pense qu'on peut voir pourquoi, on peut dire que Clojure est plus élégant
qu'Haskell. Que les languages de programmation fonctionnelles sont plus élégants
que les languages orientés objets, eux-même plus élégant que les langages
impératifs, eux même plus élégants que les languages machines.
L'élégance de mac OS X face à Linux ou pire Windows.
L'élégance d'une attitude Française face à un comportement Américain; je me
souviens de la remarque de Cartier qui disait que les Américains manquent
cruellement d'élégance. Pour vendre ils écrasent par les moyens, font moins
cher, en grand nombre. Au lieu de gagner par la finesse et la supériorité de la
qualité.
Par la force et la coercion, et non pas par la persuasion.

189
notes/events_circular_service_dependency_handlers_service.org Normal file
View file

@ -0,0 +1,189 @@
:PROPERTIES:
:ID: d494276b-97a5-4415-be58-20e908a84f19
:END:
#+Title: Events, Circular Service Dependency, Handlers Service
#+Author: Yann Esposito
#+Date: [2023-12-05]
- tags ::
- source ::
* The Problem
Imagine you have a program that is constituted of sub-services.
A service can be seen like a Singleton Object in the OOP and is a lot more
natural in the Functional Programming paradigm. I feel it also has a lot better
generic composability properties. Instead of dealing with thousand of similar
states, you have few services, and every one of them keep their own internal state.
And a full application becomes a set of services, you can decide at init which
services you want to run, which you do not want, and for each service, you can
have multiple different implementations so you could switch some service
implementation during testing or depending on the context you are running your
whole application.
Now you want to split and organize your service not necessarily by technical
detail but more by functional feature.
Now imagine that you have a sane organisation, every service declare the list of
dependent service. The one you would like to use.
If your service dependency graph is non-cyclic this has a lot of beneficial
effects.
In particular for initialization order, as well as stopping order.
Now imagine the following example:
AssetService -> PriceService -> BasketService
So BasketService depends on PriceService
And PriceService depends on AssetService.
The AssetService internal state is about the description of assets, some might
contain a price table or things a bit complex to read right away.
The PriceService uses the AssetService to retrieve the price of an asset using a
potentially complex price table description from the Asset service.
The BasketService, want to show the actual price of the assets in the Basket by
using the Price service.
Now, the issue. We want the state of Basket service to be updated when the asset
service state change. Say the price table change for some asset.
As PriceService depends on AssetService, AssetService cannot trigger any method
exposed by PriceService otherwise it would create a circular dependency.
So how could we achieve the expected result?
* Solutions
** Refactorization
If you have Service2 that depend on Service1, but want somehow to call a method
of Service2 from Service1, that is not possible.
One solution is to reorganize your services.
Split Service 2, with Service2a and Service2b. Move Service2b as a dependency of
both Service2a and Service1. Now Service1 know about Service2b.
That could be a solution, but it might be at the price of Buisness Logic organization.
Maybe it makes sense technical to have Service2 splitted, but this is not
natural in the Functional organization of your application. And thus it will
make it harder to understand the organization of your system if you do so.
** Hooks
You can expose a few hook methods in parent services.
If you have S3 that depends on S2 that depends on S1.
You can create a hooks method in S1. So during init, once S1 finished to be
initialized, S2 init will be run. During the init, S2 will call:
~S1.addOnAssetChangeHook(S2.updatePrice)~.
And the same between S3 and S2.
And in S1, inside the method ~S1.assetUpdated~ you need to have something like:
#+begin_src
method assetUpdated (newAsset):
,,, ;; do stuff
foreach hook in S1.assetChangeHooks;
hook(newAsset)
#+end_src
And you have to repeat this in every service that need this kind of mechanism.
Which could quickly become tedious.
** Events
Another option is to centralize an EventService.
This is a bit similar to the hook but instead of having every service writing
their own hook mechanism, you centralize this in a single service.
So if we take our previous example we will have
#+begin_src
method assetUpdated (newAsset):
,,, ;; do stuff
pushEvent("assets/changed", {asset: newAsset})
#+end_src
And the event service will keep track of consumer of different events and
redistribute the events to the consumers.
But with 3 services there could be an issue.
Say we have S1 -> S2 -> S3.
S3 uses S2, but only S1 trigger events.
Imagine the following scenario:
S1 -> push asset changed event
EventService -> run concurrently S2.assetUpdated and S3.assetUpdated
But S3, uses S2 to compute the basket value. The problem, S2 might not have the
time to update its internal state to reflect the changes made by S1.
BUG...
So here the solution is to make S2 send events after S1 updated has been handled, and S3 only react to S2 events.
That will work, but.. it doesn't look very nice. Now in your code we have an issue.
Instead of having something like:
#+begin_src
S1.assetUpdated (newAsset):
,,, doStuff
S2.updateAsset(newAsset)
S3.updateAsset(newAsset)
#+end_src
or
#+begin_src
S1.assetUpdated (newAsset):
,,, doStuff
S2.updateAsset(newAsset)
...
S2.assetUpdated (newAsset)
,,, doStuff
S3.updateAsset(newAsset)
#+end_src
Your business logic is hidden behind the event consumer graph.
As this is done dynamically (to prevent statical circular dependency), it is a
lot more difficult to think about the behaviour of your application.
Mainly from S1 assetUpdated you can not discover from reading the code that this
will have an impact on S2 nor S3.
You could only discover that from the other way around from S3 or S2.
** HandlersService
Another option is to use a messaging system.
This look a lot like the event system, but this time we keep a handler service
that contain a list of published handler that could be called independently of
the normal service dependency graph.
Here is the main idea:
#+begin_src
S1.assetUpdated(newAsset):
,,, doStuff
handlerService.S2.updateAsset(newAsset)
handlerService.S3.updateAsset(newAsset)
#+end_src
now, it is visible from the code that S1 update will have an effect on S2 and S3.
And you could follow the system.
Unlike with events, you should run these synchronously (non concurrently).
And this should greatly ease your understanding of the system.
The other option is also to:
#+begin_src
S1.assetUpdated(newAsset):
,,, doStuff
handlerService.S2.updateAsset(newAsset)
S2.assetUpdated(newAsset):
,,, doStuff
handlerService.S3.updateAsset(newAsset)
#+end_src
But both are easier to understand than to discover that, the method create an
event, and then looking in the whole code what are the services that are
consumer of this specific event.

196
notes/fy24q3_iroh_team.org Normal file
View file

@ -0,0 +1,196 @@
:PROPERTIES:
:ID: 3daa143e-5a5c-47bc-8cb7-2756f0f00c33
:END:
#+Title: FY24Q3-iroh-team
#+Author: Yann Esposito
#+Date: [2024-01-10]
- tags ::
- source ::
* Intro
Document trying to keep track of current state.
Big Topic <=> People
* XDR Program Q3FY24 Engineering Plans
- PM Prios https://airtable.com/appZKQe0zXhVMepC8/shr5iesEcBD2MN7EI/tblUdgSlzjcABBtzj
|-----------------------------+------------------+-----------------------------------------|
| Topic | People | Size |
|-----------------------------+------------------+-----------------------------------------|
| PM Prios | | |
|-----------------------------+------------------+-----------------------------------------|
| SCA Integration | Matt | XS conf change |
| PIAM Universal Brownfield | Wanderson | L |
| JAMF Integration | Matt | XS ask for merge? |
| MITRE | GE + Olivier | XL |
| Design (on prem iroh proxy) | Matt | S |
| new modules (x7) | Shafiq | L (Ransomware) |
| Notifications | Kirill | settings (webex) (XL) |
| new auth (x7) | Shafiq | L (Checkpoint) |
| Integration Admins | Matt | (SOAR, Palo Alto, CheckPoint) |
| Meraki (1-click) | Yann/Jyoti | XS (maintenance, help, client creation) |
| Default Modules for SMA | Matt | S (conf) |
| IOPS | Matt | help @Garima |
| AO webhook dependency | Matt/Yann? | help @Lisa |
| IROH Multi Tenancy APIs | Yann | M (design) |
| [[https://github.com/advthreat/iroh/issues/8579][#8579]] | Shafiq | S |
|-----------------------------+------------------+-----------------------------------------|
| SUSTAINING | | |
|-----------------------------+------------------+-----------------------------------------|
| Push logs to datadog | ? | |
| ES Performance | Mario + Ambrose | |
| ES Perf ops | Jerome + Patrick | |
| PG Perf ops | Jerome + Patrick | |
| Alerting + Monitoring ops | Jerome + Patrick | |
| Kafka | Jerome | auth kafka |
| Module type doc patch | ? | |
| Impersonation | Yann | |
|-----------------------------+------------------+-----------------------------------------|
- Multi tenancy: https://ciscosecurity.aha.io/epics/XDR-E-85
* Notes
- Open DBs for IOPS
** Q2 Rollovers?
*** [...] Incident Summary related work
- spikes in incident summary generation failures
- summarize incident at bundle import
- fix missing attack pattern in incident summary
- add status_disposition to search filter on incident summaries and incidents
*** [...] Rescoring (Incident / Incident Summary )
** Maribelle Questions Capacity Planning Q3
Commits:
Incident Enhancement
DevNet Compliance:
TODO: follow-up https://ciscosecurity.aha.io/features/XDR-89 ; ping Guy
** Sustaining items
Hi Jyoti here is a list of sustainable items: **edited with design items**
- Design: IROH proxy working with on-prem devices
- https://github.com/advthreat/iroh/issues/8700 Push our log to datadog
- ES Performance issues
- https://github.com/advthreat/iroh/issues/8501 NGFW spikes
- Ops
- ES perf
- Postgres perf (indexes)
- https://github.com/advthreat/iroh-ops/issues/23 Alerting Improvement & documentation
- https://github.com/advthreat/iroh-ops/issues/104 Authenticated Kafka
- https://github.com/advthreat/iroh/issues/8280 ModuleType Admin API: Add a dedicated route to patch documentation
- https://github.com/advthreat/iroh/issues/7324 Impersonation (TAC)
** Unexpected tasks
*** Mario
- https://github.com/advthreat/iroh/issues/8795
*** Performance Issue
- SE Pused too many incidents
** Align Priorities Q3 meetings Notes
@Namrata: look all priorities, on the table.
Update to everybody around Oort.
Being planned for Q3, chalenges from PM.
*** Top Priorities
1. Breach Suite outcomes
- AI related initiative, SOC assistant
- MITRE Visualisation
- Ooort Implementation
2. Support other suites
3. XDR
*** List the priorities from Airtable
@Lisa what is rolling over from Q2
- Geo pushed out of Q3
- SCA Integration - configuration
- @Jyoti: pb with existing one?
- @Paul: I think only changing the configuration
- @Jyoti: integrations from SCA
- PIAM Universal Flow - Brownfield
- @Jyoti require us to support also PIAM token (later with Travis)
- JAMF:
- @Garima: config changes from IROH team
- @Matt: already has the change, need to check if this could be merged
- Oort Integration
- @Namrata: the ask is and timeframe. User context from Insight in Incident
and in investigation and response action by using API from Oort.
User context be part of incident scoring.
- @Jyoti: things we need to do. Like with devices we need to do something
similar for the users. Only then we can consider those users-assets for scoring.
Mia was involved in that along with GE I think.
We need to know how that will change the algorithm.
On the UI side, I don't know if there are designs for showing the user value.
- @Rob: I don't think something involve IROH team.
- @Matt: not sure we need to work on a specific module authorization.
- @Jyoti: not going throught the IROH Proxy.
- @Paul: I confirm
- @Namrata: no work for IROH
*** Next Day: List the priorities from Airtable
@Namrata: asked to bump up MITRE and SOC assistant
- ...
- SOAR: @Namrata not occur probably
- Infra XDR: we can skip
- Incident: we can skip
- 12. INT Guided response, auto-target, on prem device (some work from Matt)
- 13. no iroh impact
- 14. no iroh impact
- 15. Vulnerability Management: @Paul blocked, only discovery, platform
involvemetn unknown
- 16. no iroh impact @rob
- 17. no iroh impact @rob
- 18. no @Prerna
- 19. @rob turning of umbrella, so maybe iroh work, but minor, no iroh impact
(quality check)
- 20. MITRE @Prerna; @Yann GE & Olivier
@Namrata: add value, it can be beta quality, show this for RSA, but maybe
not delivered. Ship something in Q3.
- 21. Impersonation (XDR Efficacy) @Prerna, also impersonating from TAC
@Namrata: better understanding
- 22. @Prerna; big effort. @Namrata: Why? Email + Webex notifications. @Namrata;
perhaps split the tasks.
- 23. @rob: no iroh requirement for delivery
- 24. @rob: xdr analytics, no iroh impact
- 25. no iroh impact
- 26. no iroh impact @Garima
- 27. Threat Intel enhanacement no iroh impact
- 28. Admin work for Matt
- 29. @rob design only, minor iroh impact. potentially some capacity, but not commit.
- 30.
- 31. Multi-tenancy @Prerna design only for Yann
- 36. IM/AUT incident : no iroh impact
- 37: SCA no iroh impact
- 38: RBAC @Prerna not Q4
- 39: RBAC @Prerna not Q4
- 40. no iroh impact @rob
- 41: @rob no iroh impact
- 42+: no impact
*** Discussion
@Lisa: discussion about adding a new
@garima: IOPS ask for iroh team.
@Lisa: question, when we will know when your team
@GE: rollover?
@Namrata: we shouldn't fill our bucket at 100%. Fill it at 80%.

19
notes/gaia_2023_10_14_charge_rose.org Normal file
View file

@ -0,0 +1,19 @@
:PROPERTIES:
:ID: 7a256b49-ca75-4c7a-96fe-85c151f2b6ae
:END:
#+title: Gaia 2023-10-14 charge rose
#+Author: Yann Esposito
#+Date: [2023-10-14]
- tags ::
- source ::
* Attestation Charge du chien
Nous attestion que le chien d'assistance, Rose, est à la charge
intégrale de sa bénéficiaire Musiani Gaïa depuis septembre 2022.
Faite pour servir et valoir ce que de droit,
le 14 octobre 2023 à Antibes,
Chien Espoir & Handicap

2
notes/html_css_web_techs.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 7431e4a3-4359-4dcb-89e6-c1c700cd4355
:END:
HTML/CSS Web techs
#+Title: HTML/CSS Web techs
#+Author: Yann Esposito
#+Date: [2022-10-05]

2
notes/impots_2022.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 303dcecc-06be-4332-bd76-6bbcf0929d98
:END:
Impots 2022
#+Title: Impots 2022
#+Author: Yann Esposito
#+Date: [2023-05-20]
- tags :: [[id:7051b4a2-b42b-4d6f-abf6-2396b68dc5ed][impots]]

28
notes/iroh_new_env_init.org Normal file
View file

@ -0,0 +1,28 @@
:PROPERTIES:
:ID: 4d0d86f1-1aba-4166-a61f-8b6199c02e57
:END:
#+title: IROH new Env Init
#+Author: Yann Esposito
#+Date: [2023-10-06]
* IROH New Env
** Node Configuration
** Asking every team to integrate with the new environment
*** Every 1-click module setup
**** Ask the team to create a new OAuth2 client in IROH
**** Change availability to everyone
**** Approve & Trust the client
*** Every Ribbon integration
**** Ask the team to create a new OAuth2 client in IROH
**** Change availability to everyone
**** Approve & Trust the client
*** DI
**** Create a new specific DI client, trust it, take care of the audience
*** Automation
**** Create a new specific Automation client, trust it, take care of the audience
*** SSE
**** Open ID Connect (with scope aliases)
**** Incident pushed via IROH-SSE proxy

256
notes/iroh_offsite_2023_notes.org Normal file
View file

@ -0,0 +1,256 @@
:PROPERTIES:
:ID: 437300b8-0f8e-4923-b6d2-d8c7a2db4b6d
:END:
#+Title: IROH Offsite 2023 Notes
#+Author: Yann Esposito
#+Date: [2023-10-09]
- tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]] [[id:38a25196-863a-41c8-8c17-772fc9fe9b04][Yann's Personal Retrospective 2023 Offsite]] [[id:f70bf00d-8bc8-445e-a65d-2b960b46f419][Personal Retrospective Offsite Template]]
- source ::
* Personal Retro head/tailwinds
** Guillaume
*** Headwinds
- Clojure stack and expertise
- Remote, Distributed team
- Good collaboration with other teams
Tailwinds
- More self started initiatives, POCs and proposals
- Team spirit & collaboration between team members
- Modularize the project
- Upgrade Libraries
- Green field projects
- Refresh our ops stack
** Matthieu
*** Headwinds
- use github (not jira)
- Good collaboration with other teams
*** Tailwinds
- no (or almost none) coding time for managers
- Team Spirit & collaboration between team members (ex Olivier)
- Refresh our technical stack
** Kirill
- Public library to shutdown properly
- introducing data stream capabilities with kafka, kafka connect
HTTP interface we should provide stream interface to quickly react, subscribe
to changes, data-lake in CTIA, CTIM schema.
Usual workday:
- 80% thinking
- 20% coding
not implement complicated code, to type less.
*** Headwinds
- let's try to change everything
- refactoring or "do not hesitate to change"
- CTIM changes for example, allow to export to STIX
Mainly change internal data structure.
*** Tailwinds
- need more data stream scenario
** Shafiq
- Problem solving first, Clojure behind
*** Headwinds
- Clojure is a good tool
- Team
- Autonomy in the team
- Async collaboration
- Investing time in accordance to tasks
- PR reviews, technical discussions (welcoming, healthy and think time)
*** Tailwinds
- We should Focus on RFC dn technical discussions across sub-teams. Promote
eligible PRs to RFC. (Idea have a UI page.)
- "Why" sometimes hard to track
- Sieve through GH notifications
- Someone to write and maintain tests :) (discussion with team, improve test framework)
** Guillaume Ereteo
*** Headwinds
- API first features
- Highly tested code base
- Favor async communication
- Coffee time with Mario
*** Tailwinds
- Coffee time with others
- Knowledge sharing and transfer
- Hire and mentor junior developers
- ES7 EOL; migrate to another DB
** Mario
- versioning from Boeing
- pair programming
- demoing
- zen mind and .. mind book (beginner minds, expert minds)
- punishment for mistakes
- distractions (via direct message in webex)
*** Headwinds
- No daily standup
- Challenging each other respectfully in code reviews to make things a little bit better
*** Tailwinds
- Topple silos - move people around between subteams to spread knowledge
- Prisoner swap (cycle 1-dev between services & engine team quarterly)
- Does anyone ever pair? Any interest?
- Have coffee w teammates & folks from other teams
- Feed logs to AI and see what it can notice
** Ambrose
*** Headwinds
- scope creep taken seriously
- design culture
- test culture
- review culture
*** Tailwinds
- ES7 EOL dependencies
- Improve Weekly meetings (cross communication) improve cross team comm, (maybe
team building, give me the elevated pitch)
** Yann
*** Headwind
- Not having daily standup
- Good code reviews
- Trust in each other
*** Tailwinds
- Not having more focus days.
- Improve internal visibility to bubble up difficulties.
- More casual discussions in the main chat
- More in depth retro vs current weekly status
- Say IROH instead of XDR.
** Wanderson
*** Headwinds
- No daily standup
- Ability to work at unusual hours
- No micro management
*** Tailwinds
- Too Many notifications
- Kibana debugging
- unfamiliarity
- more docs to kibana
- example of useful queries
** Olivier
*** Headwins
- ROWE (Result Only Work Environment)
- Long-term tasks, allowing the solution to mature
- keep meetings efficient & distraction to a minimum
- open access to all code, repositories and tools
*** Tailwinds
- Using Webex as documentation & specification tool
- retro in the SCRUM sense, post-mortem if a technical or deployment issue has occurred
- cross-(iroh-)team collaboration on additional tools/documentation/processes
** Jerôme
*** Headwinds
- no daily standup
- autonomy
- good atmosphere in the team
*** Tailwinds
- tenzin
- monitoring and alerting
- improve configurations factorization in tenzin-config
- use only binaries for iroh
** Patrick
*** Headwinds
- No daily standup
*** Tailwinds
- ops stack
* Paris Olympics 2024 + POC demo
- Logo of the products in the tiles missing from SX to XDR.
- infinite lifetime session for the Olympics (change refresh token lifetime from user-id)
* Jyoti Presentation
AI assistant on the UI
* Guillaume Presentation Graph API
Pathom3: https://pathom3.wsscode.com
* Jyoti's day
** Data retention
https://whiteboard.webex.com/whiteboards/ah4JMrM3tFVTxUZV51kArb
1. Manual deletion
- completed in INT and TEST
- done for "ALL" orgs (SX & XDR)
- objects deleted: incidents, investigations, events, assets, sightings,
assets-mapping, asset-properties, relationships (involved in incident or sightings)
2. Daily Cron
- same as manual but assets and sightings
** Notification System (Event Bus)
https://whiteboard.webex.com/whiteboards/a5cEiUkct6CNtHZCdRJmAld
** Integrations
https://whiteboard.webex.com/whiteboards/a79AlknraKGx47aFzchkiJc
** SX EOL
FMC uses SX for device flow.
Only to connect to SSX.
CDO provide a context service.
Enable SX, come to IROH-Auth & returns the key, then iroh-sse to call to ssx.
** IROH-Proxy improv
- Crowdstrike
** IROH-Async improv (no time to discuss)

297
notes/iroh_team_meeting_notes.org Normal file
View file

@ -0,0 +1,297 @@
:PROPERTIES:
:ID: 72772426-cd53-4f61-b584-7807d274c0ad
:END:
#+title: IROH Team Meeting Notes
#+Author: Yann Esposito
#+Date: [2024-01-11]
- tags ::
- source ::
* [2024-01-11 Thu] Thursday only 30 min
** Intro
This will be a short meeting because I have so many new ones.
So first happy new year everyone I hope you enjoyed your time off.
About Guillaume, is is very stressed not to be with us.
So a few things to decide.
1. Is this time ok for the Tuesday? I mean the next hour. I cannot make it later unfortunately.
2. As I would like to reduce my amount of stressful communication, I would like
to keep an up to date version of:
- topic, status, people
What is a topic?
1. PO driven topic: like the Official tasks we see during our Q3 commit
this contains, design, development, meetings, configuration, QA fixes,
being present during the related releases, admin tasks, helping QA, answering
questions in the different chat room or in DM.
2. Unexpected topics:
- discovering a major issue that need our attention ASAP.
- a new unexpected task asked by someone, perhaps a urgency
- if asked by a PM or someone in another team, do not start working
unless you are confident this would not impact any delivery prediction.
If you are not comfortable with the ask, please send it to me.
- if asked by Jyoti, work on it, but let me and the PO knows, in particular
if this affect other tasks.
** Weekly Meeting Organization
Ideally, in order not to loose as much time as possible, please put a quick
recap of your previous week in the chat, ideally 1h before the meeting.
Something quick with the following format:
- DONE (finished last week)
- DOING
- BLOCKED help needed
- TOPIC about a topic you would like to talk during the meeting
Ideally, we should only talk about the "need help/blocked/ask for discussion" points.
That way I expect to be able to focus on the top-to-bottom news at the start of
the meeting then we will try to talk about the most important topic.
If nobody propose a topic, I will probably propose one myself and we might
discuss about it.
We will probably try many different formats until we find something that is fine
for most of us.
* [2024-01-16 Tue] 30min
** Statuses
*** Ambrose
- DONE
- merged bad compojure-api usage (:return => :responses)
- DOING
- Subscription to asset scores via DI is failing with 401 response https://github.com/advthreat/iroh/pull/8699
- thanks to Mario for giving me the heads up
- experimenting with reitit for CTIA
- big task is to make equivalent to compojure.api.api/api in reitit with equivalent middleware
- some of the middleware uses implementation details of compojure-api like clj-momo.ring.middleware.metrics/wrap-metrics
- TOPIC
- shopping around for my next task to do after incident rescoring, suggestions welcome
- hearing rumors of “data lakes” that might replace ES/CTIA, ideally hop onto that bandwagon if it exists
*** Wanderson
- DONE
- merged check for QA urls in universal provisioning process to not send Okta JWT to QA invalid origin
- DOING
- short-term solution for brown field provisioning
- fighting emacs: perhaps my last upgrade was 1yr ago or so… I did a doom upgrade and things went badly. fixing it
- TOPIC
- tips on how to make your kid go back to school after 30 days at home. every day is a shitshow at the door.
*** GE
- DONE PCTIA dashboard in EU and APJC
- DOING
- created and modified in CTIM https://github.com/threatgrid/ctim/pull/439
- do not hide created and modified in CTIA
- ON HOLD:
- summarize incident at bundle import
- TOPIC:
- CTIA / ES performance issues seem mostly related to undersized IOPS that could not support the read rate during spike of bundle import.
*** Olivier
- DONE (to be merged!)
- cleanup of iroh TK config files in iroh repo
- refactoring of tenzin-config config files (bootstrap.cfg and config.edn) to reduce duplication
- added new config files per application (node types) for all envs in tenzin-config
- DOING
- working on defining the standard 'iroh' node type (to generate bootstrap file)
*** Matt
- DOING
- Capacity planning for Q3
- Meetings to prepare new features (Notifications, Mitre coverage pattern)
*** Kirill
- DONE
- fix kafka-connector --> ES data stream misconfiguration on TEST
- refactoring for both KafkaConnectService and DataStreamsService to be more generic with more declarative configuration
- DOING
- ElasticSearchSource Connector to extract data from elastic and downstream it to Kafka topic. Most likely will turn ONHOLD
- Experiment with Graph databases
- data pipeline server for data ingestion into permanent graph DB
- explore capabilities of graph databases to perform fast and much more intelligent queries
- authorisation embedded into database model (fetch only the documents user is authorised to see)
- derived facts with semantic reasoning feels like AI without actual AI :)) check this video
- TOPIC
- ElasticSearch is causing more troubles in compare with feature set of it we are using.
*** Shafiq
- DOING
- Fallback store for iroh-events
- iroh-proxy health check for slack
*** Mario
- DONE
- Split risk scoring as a task out of incident enrichment task (for release this week)
- Added max execution time limit to incident summary task (for release this week)
- Updated connection manager config in response to incident summary failures
- DOING
- Reviewing execution failures during risk scoring, enrichment, and incident summary in PROD
- Sync incident_time during incident-summary updates
*** Yann
- DONE
- (waiting for review) Track Impersonators
- DI clients update (added private-intel scope)
- DOING
- Check Quarter Topics
- Q3 Team Capacity
- [Brownfield] Attach existing SX/XDR to an existing SCC account (PIAM)
*** Patrick
- DOING
- Monitoring
** Meeting Topic points
- 3 ES-related topics
- 1 personal life kids
** Kirill ES
Asking around this question, which features are we using from ES?
Ability index unregular field?
Exploring GraphDB, promising, ability to join. Connect documents.
We will win a lot of http requests, and probably lot of improvements for our
current usage.
Also, we have a lot of data in denormalized way. Not linked data properly.
Summaries, it will be great not to save summaries, but to do query instead.
Drop-in replacement, using store service.
** Mario
Performance benefits from ES.
- @Kirill: tried RAM Graph DB, should probably work. It will shape of IROH.
- @Jerome: take care of the backup, etc… if it work correctly in PROD
ops will not maintain it.
- @Patrick: we could use SASS MongoDB platform. Not cheaper but easier, many
more IOPS.
- @Kirill: would probably need fewer IOPS if we could use another DB.
Retention 4years.
- @Jerome: cold storage ? warm storage.
- @Jerome: name production ready GraphDB?
- @Kiril: Neo4J, Neptune, ...
- @Jerome: >100 indexes in NAM
** Topics
- get rid of data (use tenant and SX EOL)
* [2024-01-30 Tue] 30min
** Statuses
*** Kirill
DOING
• Design for Notification preferences and delivery together with glueing together Notification object with NotificationRequest as a foundation for multi target delivery (one notification to email, IM and InApp)
*** Matt
DONE
• Upgraded JAMF Classic API authentication (basic auth -> token auth)
*** Olivier
DOING
• MITRE ATT&CK Coverage Mapping: design of: Import of Talos MITRE coverage files
*** Wanderson
DONE
• Brownfield provisioning tac API
• Support for FMC JWT in IROH
DOING
• FMC Proxy for OAuth2 and SSE requests
*** GE
DONE
• managing SE attack on iroh async
• stats for PM: https://github.com/advthreat/iroh/issues/8853
DOING:
• MITRE mapping design
*** Mario
DONE
• Session log maintenance PR to address long-running sessions consuming Redis memory in iroh-async
DOING
• Queue inspection/management tools for iroh-admin
*** Yann Esposito
DONE jwt middleware to support JWT without nbf claim
• DONE Easy impersonate for TAC
• DONE Fix PIAM endpoints
• DONE Attach Tenant for Superball (P1)
• DOING following incident promotion issue; false positive from Talos + SE events
• DOING Q3 workload preparation
• DOING Help:
• Meraki Integration (lots of OAuth2 related questions)
• Automation to use two clients.
• ES cleanup
• Discuss Impersonation use cases for Efficiency team (Petr)
• Discuss Impersonation risks with Chris Duane
• Discuss Impersonation for TAC Portal
• Ihor about expectation of legacy provisioning
• Follow Universal Provisioning testing
*** Shafiq
DONE
• Fallback store for iroh-events
• iroh-proxy health check for slack
• DOING
• iroh-proxy authentication for Checkpoint API
*** Patrick
DOING: ddog pg monitoring manuals test ok, now I working on integration in tenzin's salt and tf
*** Ambrose
DONE:
• redesigned incident asset rescoring pipeline to be simpler https://github.com/advthreat/iroh/issues/8824
DOING:
• implementing it https://github.com/advthreat/iroh/pull/8843
• continuously gathering requirements tweaking the design
*** Jerôme
DOING:
• MSK migrationon auth cluster (testing iroh conf)
• improving alerts
DONE:
• add some alerts on DD
** Topics
*** Plan to prevent future incident filling the queue?
- can we support more than one event concurrently?
- where should we invest our time?

2
notes/maintenance_questions.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: b55abfad-ea21-4e81-8017-e99b8af33f9c
:END:
Maintenance Questions
#+Title: Maintenance Questions
#+Author: Yann Esposito
#+Date: [2022-11-15]

2
notes/mdph_2023.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 571da5f1-e069-4a19-8181-756f24ca9740
:END:
MDPH 2023
#+Title: MDPH 2023
#+Author: Yann Esposito
#+Date: [2023-05-22]
- tags ::

BIN
notes/mdph_recours.org
View file

Binary file not shown.

104
notes/personal_retrospective_template.org Normal file
View file

@ -0,0 +1,104 @@
:PROPERTIES:
:ID: f70bf00d-8bc8-445e-a65d-2b960b46f419
:END:
#+title: Personal Retrospective Offsite Template
#+Author: Yann Esposito
#+Date: [2023-09-25]
- tags ::
- source ::
* Personal Retrospective Template
#+begin_comment
This presentation should not last more than 20 min.
Please be mindful about it.
#+end_comment
** Short presentation
#+begin_comment
We all know each other at least during weekly sync.
Should be very quick.
Put the most important facts about yourself here.
And maybe some recent anecdotes not everyone in the team might be aware of.
#+end_comment
- years of Experience: 22 years (11 in Clojure)
- years at Cisco: 7 years (7 in this team)
- location: France (GMT+1)
Moved from Nice to Martigues (~2h away) this summer with my family.
I have a 21yo son that want to be a professional MMA fighter.
I have a 19yo daughter that leave with my us and does not go to school.
** Quick Recap about your main accomplishments these recent years
#+begin_comment
A chance to give a perspective about your work to everyone.
What are the most important facts to know about it. Common misconceptions, etc…
I think it makes sense to split them between XDR effort, generic Product, Administration tasks, Devs-only
tasks (like tooling, refacto, etc…). See example.
#+end_comment
+ XDR:
- RBAC (technical design)
- role introspection endpoint to help UI
+ Product
- TAC: expose change user role route
+ Administration
- Move some OAuth2 clients out of config to DB
+ Devs
- composable ~shell.nix~ to replace docker compose
- Matrix role representation
- Eithers in Clojure
** Working in this Team
#+begin_src
What did you expect when you were hired?
How is it today?
What does your day-to-day looks like?
#+end_src
- What I expected (7 years ago): Work on real time data streaming
- What I am doing: Work on Authentication and Authorization
- What my day to day looks like?
- 50 to 70%: lot of communication via; webex, email, meetings, issues
- planning (design, checking timeline)
- help people on webex, fix issues, look in kibana, create orgs, create
clients, link to documentation, etc….
- 20% to 50%: lot of time thinking about design improvements;
- 10% to 20%: lot of time focused on product improvement (not code).
- 0% to 20%: code, code review, etc…
** What we should NOT change (tailwind)
#+begin_comment
What makes your day easier.
#+end_comment
- No daily standup
- Focus days
** What we should improve (headwind)
#+begin_comment
What slow you down to do your work?
What issues are you facing?
What feels like a burden to you?
#+end_comment
- Too many spurious notifications
- Lack of focus slots during the week
** Workstation (demo time optional)
#+begin_comment
If we have time, highlight your presentation by showing us your workstation.
Show us how you work, your development environment.
Please, add one or a few screenshots (it's okay to blur things), so if you don't have time
to show the group, we still could have an idea.
#+end_comment

49
notes/programming_langage_ideas.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 31da574a-3a97-41e7-9513-764b55830ff1
:END:
Programming Langage Ideas
#+Title: Programming Langage Ideas
#+Author: Yann Esposito
#+Date: [2023-08-05]
@ -32,7 +32,9 @@ Here is my proposed solution:
1. Have an internal AST representation.
2. From this representation ability to generate Text in different syntaxes,
mainly LISP or C/Java/Javascript/shitty one. Perhaps even Haskell/OCaml-like.
mainly LISP or C/C++/C#/Python/Java/Javascript one.
Perhaps even Haskell/F#/OCaml-like.
Maybe for masochists a Bash/Perl one :) etc…
3. Have a builder that take the last modified date and sync every
representations. If you change the LISP file, it will update the internal
AST and the C-like.
@ -47,7 +49,13 @@ Here is my proposed solution:
2. If you want to be 1337 dev, you can code a direct AST editor and this will
still make the change visible as Text for other editors.
=git diff= might kind of suck, but I think with minimal tooling this makes this acceptable.
3. Having a way to be agnostic about the syntax to prevent people saying: I
couldn't use that language due to its syntax. Which is really too bad.
It takes some time to get use to a new syntax, but once you've done the
effort to learn new programming languages a few times, it becomes a habit to
switch between different kind of syntaxes and you start to appreciate a
language for its semantic and put syntax concern in their right place, behind
the semantic of a language.
* Compile-Time Meta-constraints
@ -101,3 +109,38 @@ But it would be very nice to have a well-designed service-dependency system.
More precisely, we want to be able to write programs with:
- Run ~main~ with this LogService, and DBService and, intialized with this ConfigService
* Have great "defaults"
I feel that if you take the time to look at Programming language evolution and
history, what really makes the big differences between two programming language
(at least for me) is their choice of "default".
Building the greatest programming language is about providing the ability to
choose, but more importantly, providing the ability to give the best default
behaviour so using the "non-default" more difficult to use and thus be somehow
punished by complexity.
A good example is about old PHP SQL libs vs modern Haskell SQL libs.
Mainly the main thing that changed is that before it was insecure by default,
and the security concern was put as a burden to the developer to take care of.
Of course, due to time-pressure and/or lazyness and/or incompetence, it was
pretty natural to see a big number of security bug flourish everywhere.
While if you use a modern lib, now, it is secure by default.
So:
- immutable data structures by default (this has become a norm for great new languages,
Haskell, Clojure, Rust, etc…)
- statically checked by default (statically checked is more generic than typed
by default) I think, it is important
- documentable by default (Clojure already provides internal docstring and this
is important, I think we should forbid text-only comments and replace them by
contextual-aware comments)
- debuggable, traceable by default (this one is probably a bit more difficult to
be precise about. But you want your language to help his developer in not only
detecting an error or a problem in its code, but give hints about how to help
solve them. Elm did an incredible job at this).
Mainly, ~log~ should be treated seriously and as 1st class in the language and
also, not text-only but using structured logs that could be put in a DB for
search in the future.

28
notes/radiation_chien_espoir_handicap.org Normal file
View file

@ -0,0 +1,28 @@
:PROPERTIES:
:ID: 882b81e7-14e1-40e7-b818-67320f760c59
:END:
#+title: Radiation Chien Espoir Handicap
#+Author: Yann Esposito
#+Date: [2023-10-14]
- tags :: [[id:2a3d68cc-4a14-442c-b7f9-c602a2cd25bf][chien d'assistance]]
- source ::
* Radiation Chien Espoir & Handicap
Par la présente nous sommes au regret de confirmer votre radiation de Chien
Espoir & Handicap.
Comme nous vous l'avons expliqué par téléphone nous considérons que votre
implication était insuffisante.
En conséquence, nous vous demandons de bien vouloir nous retourner l'intégralité
des documents, la carte ainsi que les scratchs au nom de l'association avant le 15 novembre à l'addresse
suivante:
Veuillez noter qu'à partir de la réception de ce courrier, il vous est
formellement interdit d'utiliser les documents de l'association afin de
bénéficier des droits qui leurs sont associés.
Nous vous souhaitons une bonne continuation,
Chien Espoir & Handicap

2
notes/remote_work_socializing_actions.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 059b78ad-361d-4732-8f4b-76e9b5e5be17
:END:
Remote Work Socializing Actions
#+Title: Remote Work Socializing Actions
#+Author: Yann Esposito
#+Date: [2022-09-08]
#+LANG: en

91
notes/rigid_vs_flexible.org Normal file
View file

@ -0,0 +1,91 @@
:PROPERTIES:
:ID: a397da72-7731-4a69-9460-38f4a76fbfc1
:END:
#+Title: Rigid vs Flexible
#+Author: Yann Esposito
#+Date: [2023-12-24]
- tags ::
- source ::
* Introduction
A common debate in software programming is about choosing a Static vs Dynamic
programming language.
After many years of debate, I think I would prefer to move the discussion toward
Rigid vs Flexible programming.
Before starting the discussion here are a few important points to remember:
First of all, remember that the word "Dynamic" in dynamic programming language,
was tailored to make it impossible to attack.
It is impossible to find a negative meaning to the word dynamic [^1].
From its inventor Richard E.
Bellman:
> It also has a very interesting property as an adjective, and that is its
> impossible to use the word, dynamic, in a pejorative sense.
> Try thinking of some combination that will possibly give it a pejorative meaning.
> Its impossible.
> Thus, I thought dynamic programming was a good name.
> It was something not even a Congressman could object to.
> So I used it as an umbrella for my activities.
Second point, I would like to say that while clearly in Rigid vs Flexible you
feel the wording is more positive around the term Flexible.
I am personally convinced that like in nature and the body of animals, the
flexibility vs rigidity could be optimized differently depending on your task
and environment.
I have two dogs.
One of the is a beagle, for a dog, he is not very flexible.
But this give this dog a great advantage, acceleration.
He can go from 0 to maximal speed almost instantly, he could switch direction
almost in a single jump.
He is like a spring.
My other dog, is a log bigger, she is a mix of an Anatoly Sheperd and Pyrenean
Mountain Dog.
And she is extremely flexible.
So flexible in fact, that when we had to put a Dog surgery collard, we had to
change it to a lot longer one because she could curve entirely herself so well.
She is a *lot* faster than my Beagle.
Despite her bigger size and her speed, my dogs play together it is not always
her that wins.
Simply because the beagle developed a strategy to take advantage of his
properties.
Mainly, the main disadvantage of flexibility, is the lack of acceleration.
So the Beagle wait for the bigger dog to be very close to him and he switch its
direction at the last second.
The Sheperd need to take a longer time to change direction.
This way he can take back another direction.
In the end as she is a lot bigger dog which was tailored to be a defender she
always is the winner.
In software engineering, I think we can that analogy is still relevant.
You have programming languages, frameworks, libraries that can be more or less
flexible or rigid. Sometime rigidity has advantages. It makes you start faster,
prevent you from making mistakes.
While more flexible libraries put too much burden on the programmer that need to
learn himself by making mistakes how he should behave.
So let's jump on a few more concrete examples.
[^1]: https://pubsonline.informs.org/doi/pdf/10.1287/opre.50.1.48.17791
* Examples
** Partial functions
One biggest hurdle in programming are partial functions.
Mainly a function whose given the wrong argument will throw an exception.
There are so many strategies to handle these, but here are a few:
1. throw an exception at runtime like ~div(2,0)~
2. returns ~null~
3. check the type and fail the compilation, it works for types, but not for
values though. So if you also want to prevent some value to be passed you
need to created a few pretty advanced mechanism to ensure your type does not
contain any forbidden value typically to protect a division by 0 for example.

2
notes/small_web.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: e7f8ce2b-3c40-4f5d-bed7-fe6b97e7a460
:END:
small-web
#+Title: small-web
#+Author: Yann Esposito
#+Date: [2023-07-29]
- tags ::

2
notes/template_information_chien_d_assistance.org
View file

@ -6,7 +6,7 @@
#+date: [2022-08-12]
#+lang: fr
- tags :: [[id:2a3d68cc-4a14-442c-b7f9-c602a2cd25bf][#+TITLE: chien d'assistance]]
- tags :: [[id:c26339f6-e0bc-40e3-8fe3-94e4b41b61b0][chien d'assistance]]
* Template

45
notes/toward_iroh_2_0.org Normal file
View file

@ -0,0 +1,45 @@
:PROPERTIES:
:ID: 0b91d24c-a454-44e8-a64a-59420da910d8
:END:
#+title: Toward IROH 2.0
#+Author: Yann Esposito
#+Date: [2023-09-20]
- tags ::
- source ::
* Local changes
** Use reitit
** OpenTelemetry
- https://github.com/steffan-westcott/clj-otel
- https://www.elastic.co/guide/en/apm/guide/current/open-telemetry.html
* Global changes
- Monolith repository vs micro services
- How to slowly migrate?
Code organization:
1. Keep Monolith?
+ Good:
- easy to make global change
- easier to secure and maintain libs.
- huge battle tested toolset (it simply works)
+ Bad:
- harder to change lib
- harder to experiment
Ideas:
Isolate part of the code which has been very stable for a few years.
Keep it as IROH-Core.
Support a way to add services using this core.
Connection?
- RAM (require iroh-core....)
- force usage of exactly the same libs

56
notes/wanderson.org
View file

@ -17,3 +17,59 @@ https://github.com/advthreat/iroh/pull/6184/commits/4fa2c53692a3219cccf88adbaabc
* Demands
** Diagram with the OAuth2 flow
* 2022-23 Rewards
** Activity per week
#+begin_src
2023/30 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/29 0
2023/28 0
2023/27 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/26 0
2023/25 0
2023/24 1 ▀▀▀▀▀▀▀
2023/23 0
2023/22 0
2023/21 1 ▀▀▀▀▀▀▀
2023/20 7 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/19 3 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/18 0
2023/17 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/16 1 ▀▀▀▀▀▀▀
2023/15 0
2023/14 0
2023/13 0
2023/12 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/11 0
2023/10 1 ▀▀▀▀▀▀▀
2023/09 0
2023/08 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2023/07 1 ▀▀▀▀▀▀▀
2023/05 1 ▀▀▀▀▀▀▀
2023/04 1 ▀▀▀▀▀▀▀
2023/03 1 ▀▀▀▀▀▀▀
2023/02 1 ▀▀▀▀▀▀▀
2023/01 0
2022/52 0
2022/51 0
2022/50 1 ▀▀▀▀▀▀▀
2022/49 1 ▀▀▀▀▀▀▀
2022/48 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2022/47 0
2022/46 0
2022/45 0
2022/44 0
2022/43 0
2022/42 0
2022/41 1 ▀▀▀▀▀▀▀
2022/40 0
2022/39 0
2022/38 0
2022/37 0
2022/36 2 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀
2022/35 1 ▀▀▀▀▀▀▀
2022/34 1 ▀▀▀▀▀▀▀
2022/33 0
2022/32 0
2022/31 1 ▀▀▀▀▀▀▀
#+end_src

2
notes/what_i_forsee_about_the_future_of_developers.org
View file

@ -1,7 +1,7 @@
:PROPERTIES:
:ID: 16bbfe28-ea40-437f-861d-1eacb408d34f
:END:
What I foresee about the future of developers
#+Title: What I foresee about the future of developers
#+Author: Yann Esposito
#+Date: [2022-11-13]

244
notes/yann_s_personal_retrospective_2023_offsite.html Normal file
View file

@ -0,0 +1,244 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8"/>
<title>Yann&rsquo;s Personal Retrospective 2023 Offsite</title>
<meta name="author" content="Yann Esposito"/>
<style type="text/css">
.underline { text-decoration: underline; }
</style>
<link rel="stylesheet" href="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/reveal.css"/>
<link rel="stylesheet" href="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/theme/black.css" id="theme"/>
</head>
<body>
<div class="reveal">
<div class="slides">
<section id="sec-title-slide">
<h1 class="title">Yann&rsquo;s Personal Retrospective 2023 Offsite</h1><h2 class="author">Yann Esposito</h2><h2 class="date">2023-09-25 Mon 00:00</h2><p class="date">Created: 2023-10-10 Tue 17:37</p>
</section>
<section id="table-of-contents-section">
<div id="table-of-contents" role="doc-toc">
<h2>Table of Contents</h2>
<div id="text-table-of-contents" role="doc-toc">
<ul>
<li><a href="#/slide-1">1. Yann&rsquo;s Personal Retrospective 2023 Offsite</a>
<ul>
<li><a href="#/slide-1-1">1.1. Short presentation</a>
<ul>
<li><a href="#/slide-1-1-1">1.1.1. Anecdotes</a></li>
</ul>
</li>
<li><a href="#/slide-1-2">1.2. Quick Recap about your main accomplishments these recent years</a>
<ul>
<li><a href="#/slide-1-2-1">1.2.1. XDR</a></li>
<li><a href="#/slide-1-2-2">1.2.2. Product</a></li>
<li><a href="#/slide-1-2-3">1.2.3. Administration</a></li>
<li><a href="#/slide-1-2-4">1.2.4. Devs</a></li>
</ul>
</li>
<li><a href="#/slide-1-3">1.3. Old Important things</a></li>
<li><a href="#/slide-1-4">1.4. Working in this Team</a></li>
<li><a href="#/slide-1-5">1.5. What we should NOT change (tailwind)</a></li>
<li><a href="#/slide-1-6">1.6. What we should improve (headwind)</a></li>
<li><a href="#/slide-1-7">1.7. Workstation (demo time optional)</a></li>
</ul>
</li>
</ul>
</div>
</div>
</section>
<section>
<section id="slide-1">
<h2 id="1"><span class="section-number-2">1.</span> Yann&rsquo;s Personal Retrospective 2023 Offsite</h2>
<div class="outline-text-2" id="text-1">
</div>
</section>
<section id="slide-1-1">
<h3 id="1-1"><span class="section-number-3">1.1.</span> Short presentation</h3>
<ul>
<li>years of Experience: 22 years (11 in Clojure)</li>
<li>years at Cisco: 7 years (7 in this team)</li>
<li>location: France (GMT+1)</li>
</ul>
</section>
<section id="slide-1-1-1">
<h4 id="1-1-1"><span class="section-number-4">1.1.1.</span> Anecdotes</h4>
<ul>
<li>Math &amp; Abstractions: ML, Probability Automata, indecidability proofs</li>
<li>bash + Perl + templates CMS with horror stories like HTML Perl template in DB</li>
<li>VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single
dimentional object. SCRUM-hate, etc…</li>
</ul>
</section>
<section id="slide-1-2">
<h3 id="1-2"><span class="section-number-3">1.2.</span> Quick Recap about your main accomplishments these recent years</h3>
<div class="outline-text-3" id="text-1-2">
</div>
</section>
<section id="slide-1-2-1">
<h4 id="1-2-1"><span class="section-number-4">1.2.1.</span> XDR</h4>
<ul>
<li>RBAC (technical design)
<ul>
<li>role introspection endpoint to help UI</li>
</ul></li>
<li>Provisioning (with PIAM)
<ul>
<li>provided script handled to TAC team</li>
</ul></li>
<li>HTML templates for IROH-Auth</li>
<li>Feature-Flag script management</li>
<li>Rebrand SXSO to SCSO</li>
<li>Entitlement Summary (technical design)</li>
</ul>
</section>
<section id="slide-1-2-2">
<h4 id="1-2-2"><span class="section-number-4">1.2.2.</span> Product</h4>
<ul>
<li>Provisioning (with SE, Orbital)</li>
<li>Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR</li>
<li>Delete duplicate accounts (was allowed first)</li>
<li>Fix Allow all role to login logic (UI bug)</li>
<li>TAC: expose change user role route</li>
<li>Replace some JWT by short random strings in IROH-Auth</li>
<li>UI Session Logout in IROH-Auth</li>
<li>Support displaying virtual users</li>
</ul>
</section>
<section id="slide-1-2-3">
<h4 id="1-2-3"><span class="section-number-4">1.2.3.</span> Administration</h4>
<ul>
<li>Fix Cross-Region UI bug</li>
<li>Links to kibana to see &ldquo;master-only&rdquo; events</li>
<li>Move some OAuth2 clients out of config to DB</li>
</ul>
</section>
<section id="slide-1-2-4">
<h4 id="1-2-4"><span class="section-number-4">1.2.4.</span> Devs</h4>
<ul>
<li>Matrix role representation</li>
<li>Eithers in Clojure</li>
<li>Improve logs; for SSE proxy, for impersonate</li>
<li>Expose open impersonate for UI devs on INT and TEST</li>
<li>composable <code>shell.nix</code> to replace docker compose</li>
<li>default-config.edn</li>
<li>config.edn as tree structure</li>
<li>scope aliases</li>
</ul>
</section>
<section id="slide-1-3">
<h3 id="1-3"><span class="section-number-3">1.3.</span> Old Important things</h3>
<ul>
<li>Structured Logs (riemann not used at its full power)</li>
<li>TK Store (abstraction learned from CTIA&rsquo;s limitation)</li>
<li>Admin UI (first)</li>
<li>Admin UI (second)</li>
<li>Admin scripts (now)</li>
</ul>
</section>
<section id="slide-1-4">
<h3 id="1-4"><span class="section-number-3">1.4.</span> Working in this Team</h3>
<ul>
<li>What I expected (7 years ago): Work on real time data streaming</li>
<li>What I am doing: Work on Authentication and Authorization</li>
<li>What my day to day looks like?
<ul>
<li>50 to 70%: lot of communication via; webex, email, meetings, issues
<ul>
<li>planning (design, checking timeline)</li>
<li>help people on webex, fix issues, look in kibana, create orgs, create
clients, link to documentation, etc….</li>
</ul></li>
<li>20% to 50%: lot of time thinking about design improvements;</li>
<li>10% to 20%: lot of time focused on product improvement (not code).</li>
<li>0% to 20%: code, code review, etc…</li>
</ul></li>
</ul>
</section>
<section id="slide-1-5">
<h3 id="1-5"><span class="section-number-3">1.5.</span> What we should NOT change (tailwind)</h3>
<ul>
<li>Not having daily standup</li>
</ul>
</section>
<section id="slide-1-6">
<h3 id="1-6"><span class="section-number-3">1.6.</span> What we should improve (headwind)</h3>
<ul>
<li>Not having more focus days.</li>
<li>Advertise that IROH (not XDR, not SecureX, not CTR)
<ul>
<li>IROH is a platform</li>
</ul></li>
</ul>
</section>
<section id="slide-1-7">
<h3 id="1-7"><span class="section-number-3">1.7.</span> Workstation (demo time optional)</h3>
</section>
</section>
</div>
</div>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/dist/reveal.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/markdown/markdown.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/notes/notes.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/search/search.js"></script>
<script src="file:///Users/yaesposi/.emacs.d/.local/straight/build-28.2/revealjs/plugin/zoom/zoom.js"></script>
<script>
// Full list of configuration options available here:
// https://github.com/hakimel/reveal.js#configuration
Reveal.initialize({
controls: true,
progress: true,
history: false,
center: true,
slideNumber: 'c',
rollingLinks: false,
keyboard: true,
mouseWheel: false,
fragmentInURL: false,
hashOneBasedIndex: false,
pdfSeparateFragments: true,
overview: true,
transition: 'convex',
transitionSpeed: 'default',
// Plugins with reveal.js 4.x
plugins: [ RevealMarkdown, RevealNotes, RevealSearch, RevealZoom ],
// Optional libraries used to extend reveal.js
dependencies: [
]
});
</script>
</body>
</html>

97
notes/yann_s_personal_retrospective_2023_offsite.org Normal file
View file

@ -0,0 +1,97 @@
:PROPERTIES:
:ID: 38a25196-863a-41c8-8c17-772fc9fe9b04
:END:
#+Title: Yann's Personal Retrospective 2023 Offsite
#+Author: Yann Esposito
#+Date: [2023-09-25]
* Yann's Personal Retrospective 2023 Offsite
** Short presentation
- years of Experience: 22 years (11 in Clojure)
- years at Cisco: 7 years (7 in this team)
- location: France (GMT+1)
*** Anecdotes
- Math & Abstractions: ML, Probability Automata, indecidability proofs
- bash + Perl + templates CMS with horror stories like HTML Perl template in DB
- VG: nodejs, hyperloglog, then clojure, and real time data analysis on a single
dimentional object. SCRUM-hate, etc…
** Quick Recap about your main accomplishments these recent years
*** XDR
- RBAC (technical design)
- role introspection endpoint to help UI
- Provisioning (with PIAM)
- provided script handled to TAC team
- HTML templates for IROH-Auth
- Feature-Flag script management
- Rebrand SXSO to SCSO
- Entitlement Summary (technical design)
*** Product
- Provisioning (with SE, Orbital)
- Dynamic Session Token lifetime (Asked by Security/UI Chris Duane) started but cancelled by XDR
- Delete duplicate accounts (was allowed first)
- Fix Allow all role to login logic (UI bug)
- TAC: expose change user role route
- Replace some JWT by short random strings in IROH-Auth
- UI Session Logout in IROH-Auth
- Support displaying virtual users
*** Administration
- Fix Cross-Region UI bug
- Links to kibana to see "master-only" events
- Move some OAuth2 clients out of config to DB
*** Devs
- Matrix role representation
- Eithers in Clojure
- Improve logs; for SSE proxy, for impersonate
- Expose open impersonate for UI devs on INT and TEST
- composable ~shell.nix~ to replace docker compose
- default-config.edn
- config.edn as tree structure
- scope aliases
** Old Important things
- Structured Logs (riemann not used at its full power)
- TK Store (abstraction learned from CTIA's limitation)
- Admin UI (first)
- Admin UI (second)
- Admin scripts (now)
** Working in this Team
- What I expected (7 years ago): Work on real time data streaming
- What I am doing: Work on Authentication and Authorization
- What my day to day looks like?
- 50 to 70%: lot of communication via; webex, email, meetings, issues
- planning (design, checking timeline)
- help people on webex, fix issues, look in kibana, create orgs, create
clients, link to documentation, etc….
- 20% to 50%: lot of time thinking about design improvements;
- 10% to 20%: lot of time focused on product improvement (not code).
- 0% to 20%: code, code review, etc…
** What we should NOT change (tailwind)
- Not having daily standup
** What we should improve (headwind)
- Not having more focus days.
- Advertise that IROH (not XDR, not SecureX, not CTR)
+ IROH is a platform
** Workstation (demo time optional)

276
reports/FY22-Olivier-report.html Normal file
View file

@ -0,0 +1,276 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-09-26" />
<title>Olivier FY22 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Olivier FY22 Report</h1>
<p class="subtitle">back to one month older</p>
<p class="date">2023-09-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#olivier-35">Olivier [35]</a>
<ul>
<li><a href="#iroh-28-28-0">iroh [28 (28 / 0)]</a></li>
<li><a href="#oauth2-client-demo-3-3-0">oauth2-client-demo [3 (3 /
0)]</a></li>
<li><a href="#tenzin-config-4-4-0">tenzin-config [4 (4 / 0)]</a></li>
</ul></li>
</ul>
</nav>
<h3 id="olivier-35">Olivier [35]</h3>
<h4 id="iroh-28-28-0">iroh [28 (28 / 0)]</h4>
<ul>
<li>fix lein lint errors <a
href="https://github.com/advthreat/iroh/pull/6925">#6925</a></li>
<li>filter orgs to which user already belongs <a
href="https://github.com/advthreat/iroh/pull/6849">#6849</a></li>
<li>Issue 6666 refactor inviteservice <a
href="https://github.com/advthreat/iroh/pull/6680">#6680</a></li>
<li>Issue 6605 refactor orgaccessrequestservice <a
href="https://github.com/advthreat/iroh/pull/6660">#6660</a></li>
<li>fix typo in mail-template-to-orgs-admins <a
href="https://github.com/advthreat/iroh/pull/6638">#6638</a></li>
<li>Issue 6421 emailtemplating service <a
href="https://github.com/advthreat/iroh/pull/6561">#6561</a></li>
<li>some changes to the Contributing documentation <a
href="https://github.com/advthreat/iroh/pull/6580">#6580</a></li>
<li>pluralizes the store name org-access-request <a
href="https://github.com/advthreat/iroh/pull/6563">#6563</a></li>
<li>add new options to <code>db-fixtures-service</code> <a
href="https://github.com/advthreat/iroh/pull/6526">#6526</a></li>
<li>Issue 6502 renew org access request <a
href="https://github.com/advthreat/iroh/pull/6511">#6511</a></li>
<li>Restructure entities access of DBFixtureService <a
href="https://github.com/advthreat/iroh/pull/6483">#6483</a></li>
<li>Issue 6275 registration view <a
href="https://github.com/advthreat/iroh/pull/6470">#6470</a></li>
<li>Issue 6273 list matching orgs <a
href="https://github.com/advthreat/iroh/pull/6414">#6414</a></li>
<li>Issue 6284 matching admins <a
href="https://github.com/advthreat/iroh/pull/6359">#6359</a></li>
<li>match-string-advanced (like-match) <a
href="https://github.com/advthreat/iroh/pull/6281">#6281</a></li>
<li>lowercase email in the invite process <a
href="https://github.com/advthreat/iroh/pull/6349">#6349</a></li>
<li>Issue 4860 oauth consent page rebrand <a
href="https://github.com/advthreat/iroh/pull/5992">#5992</a></li>
<li>Issue 6261 email always handled in lower case <a
href="https://github.com/advthreat/iroh/pull/6277">#6277</a></li>
<li>add bundle-create route and shell script <a
href="https://github.com/advthreat/iroh/pull/6221">#6221</a></li>
<li>minor changes for bat-test options <a
href="https://github.com/advthreat/iroh/pull/6213">#6213</a></li>
<li>change test-matcher reading method <a
href="https://github.com/advthreat/iroh/pull/6212">#6212</a></li>
<li>Issue 6069 maintenance service <a
href="https://github.com/advthreat/iroh/pull/6137">#6137</a></li>
<li>iroh-service lein template update <a
href="https://github.com/advthreat/iroh/pull/6129">#6129</a></li>
<li>Update the <code>UserId</code> schema. <a
href="https://github.com/advthreat/iroh/pull/6127">#6127</a></li>
<li>Support text match in CRUDStoreService version2 <a
href="https://github.com/advthreat/iroh/pull/6091">#6091</a></li>
<li>add prefix "Originally" to idp label if org is migrated <a
href="https://github.com/advthreat/iroh/pull/6102">#6102</a></li>
<li>Issue 5979 support text match search in crud store service <a
href="https://github.com/advthreat/iroh/pull/6059">#6059</a></li>
<li>hidden custom route to check email <a
href="https://github.com/advthreat/iroh/pull/5928">#5928</a></li>
</ul>
<h4 id="oauth2-client-demo-3-3-0">oauth2-client-demo [3 (3 / 0)]</h4>
<ul>
<li>fix certfile name; serve from 'site' subdir</li>
<li>add charset</li>
<li>id_token may be absent</li>
</ul>
<h4 id="tenzin-config-4-4-0">tenzin-config [4 (4 / 0)]</h4>
<ul>
<li>remove reference to mail-template-store in InviteService <a
href="https://github.com/advthreat/tenzin-config/pull/641">#641</a></li>
<li>Move the EmailTemplatingService to /admin URL <a
href="https://github.com/advthreat/tenzin-config/pull/640">#640</a></li>
<li>add config for email-templating-service <a
href="https://github.com/advthreat/tenzin-config/pull/610">#610</a></li>
<li>Add config for MaintenanceService <a
href="https://github.com/advthreat/tenzin-config/pull/533">#533</a></li>
</ul>
</body>
</html>

48
reports/FY22-Olivier-report.org Normal file
View file

@ -0,0 +1,48 @@
#+title: Olivier FY22 Report
#+subtitle: back to one month older
#+date: 2023-09-26
#+options: H:6 ^:nil
*** Olivier [35]
**** iroh [28 (28 / 0)]
- fix lein lint errors [[https://github.com/advthreat/iroh/pull/6925][#6925]]
- filter orgs to which user already belongs [[https://github.com/advthreat/iroh/pull/6849][#6849]]
- Issue 6666 refactor inviteservice [[https://github.com/advthreat/iroh/pull/6680][#6680]]
- Issue 6605 refactor orgaccessrequestservice [[https://github.com/advthreat/iroh/pull/6660][#6660]]
- fix typo in mail-template-to-orgs-admins [[https://github.com/advthreat/iroh/pull/6638][#6638]]
- Issue 6421 emailtemplating service [[https://github.com/advthreat/iroh/pull/6561][#6561]]
- some changes to the Contributing documentation [[https://github.com/advthreat/iroh/pull/6580][#6580]]
- pluralizes the store name org-access-request [[https://github.com/advthreat/iroh/pull/6563][#6563]]
- add new options to ~db-fixtures-service~ [[https://github.com/advthreat/iroh/pull/6526][#6526]]
- Issue 6502 renew org access request [[https://github.com/advthreat/iroh/pull/6511][#6511]]
- Restructure entities access of DBFixtureService [[https://github.com/advthreat/iroh/pull/6483][#6483]]
- Issue 6275 registration view [[https://github.com/advthreat/iroh/pull/6470][#6470]]
- Issue 6273 list matching orgs [[https://github.com/advthreat/iroh/pull/6414][#6414]]
- Issue 6284 matching admins [[https://github.com/advthreat/iroh/pull/6359][#6359]]
- match-string-advanced (like-match) [[https://github.com/advthreat/iroh/pull/6281][#6281]]
- lowercase email in the invite process [[https://github.com/advthreat/iroh/pull/6349][#6349]]
- Issue 4860 oauth consent page rebrand [[https://github.com/advthreat/iroh/pull/5992][#5992]]
- Issue 6261 email always handled in lower case [[https://github.com/advthreat/iroh/pull/6277][#6277]]
- add bundle-create route and shell script [[https://github.com/advthreat/iroh/pull/6221][#6221]]
- minor changes for bat-test options [[https://github.com/advthreat/iroh/pull/6213][#6213]]
- change test-matcher reading method [[https://github.com/advthreat/iroh/pull/6212][#6212]]
- Issue 6069 maintenance service [[https://github.com/advthreat/iroh/pull/6137][#6137]]
- iroh-service lein template update [[https://github.com/advthreat/iroh/pull/6129][#6129]]
- Update the ~UserId~ schema. [[https://github.com/advthreat/iroh/pull/6127][#6127]]
- Support text match in CRUDStoreService version2 [[https://github.com/advthreat/iroh/pull/6091][#6091]]
- add prefix "Originally" to idp label if org is migrated [[https://github.com/advthreat/iroh/pull/6102][#6102]]
- Issue 5979 support text match search in crud store service [[https://github.com/advthreat/iroh/pull/6059][#6059]]
- hidden custom route to check email [[https://github.com/advthreat/iroh/pull/5928][#5928]]
**** oauth2-client-demo [3 (3 / 0)]
- fix certfile name; serve from 'site' subdir
- add charset
- id_token may be absent
**** tenzin-config [4 (4 / 0)]
- remove reference to mail-template-store in InviteService [[https://github.com/advthreat/tenzin-config/pull/641][#641]]
- Move the EmailTemplatingService to /admin URL [[https://github.com/advthreat/tenzin-config/pull/640][#640]]
- add config for email-templating-service [[https://github.com/advthreat/tenzin-config/pull/610][#610]]
- Add config for MaintenanceService [[https://github.com/advthreat/tenzin-config/pull/533][#533]]

BIN
reports/FY22-Olivier-report.pdf Normal file
View file

Binary file not shown.

398
reports/FY23-Olivier-report.html Normal file
View file

@ -0,0 +1,398 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-09-26" />
<title>Olivier FY23 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Olivier FY23 Report</h1>
<p class="subtitle">back to one month older</p>
<p class="date">2023-09-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#olivier-86">Olivier [86]</a>
<ul>
<li><a href="#iroh-79-78-1">iroh [79 (78 / 1)]</a></li>
<li><a href="#tenzin-config-7-7-0">tenzin-config [7 (7 / 0)]</a></li>
</ul></li>
</ul>
</nav>
<h3 id="olivier-86">Olivier [86]</h3>
<h4 id="iroh-79-78-1">iroh [79 (78 / 1)]</h4>
<ul>
<li><code>W30</code> Annotated diagram for
<code>check_node_types.clj</code> <a
href="https://github.com/advthreat/iroh/pull/8133">#8133</a></li>
<li><code>W30</code> Increases the time allocated to node start-up <a
href="https://github.com/advthreat/iroh/pull/8125">#8125</a></li>
<li><code>W30</code> [IROH configuration]: Checks that each IROH node
type starts correctly <a
href="https://github.com/advthreat/iroh/pull/8043">#8043</a></li>
<li><code>W30</code> fix format-style args logs <a
href="https://github.com/advthreat/iroh/pull/8119">#8119</a></li>
<li><code>W29</code> Adapt OrgAccessRequest to XDR <a
href="https://github.com/advthreat/iroh/pull/8108">#8108</a></li>
<li><code>W29</code> Redirect invited user to XDR <a
href="https://github.com/advthreat/iroh/pull/8105">#8105</a></li>
<li><code>W29</code> Duplicate <code>one-click-module-service</code> in
bootstrap <a
href="https://github.com/advthreat/iroh/pull/8071">#8071</a></li>
<li><code>W29</code> Start node with type and env <a
href="https://github.com/advthreat/iroh/pull/8085">#8085</a></li>
<li><code>W29</code> matrix config for <code>in-isolation</code> tests
<a href="https://github.com/advthreat/iroh/pull/8082">#8082</a></li>
<li><code>W28</code> [IROH configuration]: Automated generation of
services meta and bootstraps <a
href="https://github.com/advthreat/iroh/pull/8017">#8017</a></li>
<li><code>W26</code> fix error <a
href="https://github.com/advthreat/iroh/pull/8021">#8021</a></li>
<li><code>W26</code> tier name from primary to premier <a
href="https://github.com/advthreat/iroh/pull/8014">#8014</a></li>
<li><code>W26</code> batch create and update entitlements <a
href="https://github.com/advthreat/iroh/pull/8006">#8006</a></li>
<li><code>W25</code> Make entitlement affect the scopes <a
href="https://github.com/advthreat/iroh/pull/7975">#7975</a></li>
<li><code>W25</code> Node types <a
href="https://github.com/advthreat/iroh/pull/7988">#7988</a></li>
<li><code>W24</code> Upgrade Babashka <a
href="https://github.com/advthreat/iroh/pull/7967">#7967</a></li>
<li><code>W23</code> add missing exclusions for uberjar <a
href="https://github.com/advthreat/iroh/pull/7963">#7963</a></li>
<li><code>W23</code> fix bug when Org has no entitlement <a
href="https://github.com/advthreat/iroh/pull/7956">#7956</a></li>
<li><code>W23</code> [IROH configuration]: Generate service diagram <a
href="https://github.com/advthreat/iroh/pull/7872">#7872</a></li>
<li><code>W23</code> GH pages updates <a
href="https://github.com/advthreat/iroh/pull/7960">#7960</a></li>
<li><code>W23</code> fix alias arguments <a
href="https://github.com/advthreat/iroh/pull/7954">#7954</a></li>
<li><code>W23</code> Issue 7930 GitHub pages styling <a
href="https://github.com/advthreat/iroh/pull/7932">#7932</a></li>
<li><code>W21</code> Code coverage in GitHub Pages <a
href="https://github.com/advthreat/iroh/pull/7924">#7924</a></li>
<li><code>W20</code> add provisioning platform entitlements <a
href="https://github.com/advthreat/iroh/pull/7895">#7895</a></li>
<li><code>W20</code> add entitlements field to the
provision/platform/account endpoint <a
href="https://github.com/advthreat/iroh/pull/7882">#7882</a></li>
<li><code>W20</code> [Entitlements]: Remove entitlement from Org schema
<a href="https://github.com/advthreat/iroh/pull/7878">#7878</a></li>
<li><code>W19</code> [IROH configuration]: add Readme to
<code>iroh-services</code> library <a
href="https://github.com/advthreat/iroh/pull/7868">#7868</a></li>
<li><code>W19</code> [IROH configuration]: Write a minimal bootstrap
file for specific services and environment <a
href="https://github.com/advthreat/iroh/pull/7711">#7711</a></li>
<li><code>W18</code> fix http status code <a
href="https://github.com/advthreat/iroh/pull/7838">#7838</a></li>
<li><code>W11</code> Rework of the script
<code>check-changelog-update-time</code> <a
href="https://github.com/advthreat/iroh/pull/7658">#7658</a></li>
<li><code>W11</code> RBAC: additional XDR tests <a
href="https://github.com/advthreat/iroh/pull/7634">#7634</a></li>
<li><code>W10</code> GitHub Actions: do test coverage only once <a
href="https://github.com/advthreat/iroh/pull/7607">#7607</a></li>
<li><code>W09</code> Increase Java Heap size for code coverage - Github
Actions workflow <a
href="https://github.com/advthreat/iroh/pull/7585">#7585</a></li>
<li><code>W08</code> add workdir for the check <a
href="https://github.com/advthreat/iroh/pull/7573">#7573</a></li>
<li><code>W08</code> disable test <a
href="https://github.com/advthreat/iroh/pull/7566">#7566</a></li>
<li><code>W08</code> Fail build if html not updated <a
href="https://github.com/advthreat/iroh/pull/7559">#7559</a></li>
<li><code>W07</code> RBAC: enable the new XDR role 'Security Analyst
Tier 2' <a
href="https://github.com/advthreat/iroh/pull/7545">#7545</a></li>
<li><code>W07</code> Issue 7538 refactor of role retrieval <a
href="https://github.com/advthreat/iroh/pull/7540">#7540</a></li>
<li><code>W07</code> automated 'revert role' operation with test <a
href="https://github.com/advthreat/iroh/pull/7537">#7537</a></li>
<li><code>W06</code> RBAC: Retrocompatibility of the Provisioning API <a
href="https://github.com/advthreat/iroh/pull/7507">#7507</a></li>
<li><code>W05</code> Refactor around <code>ifn-pred</code> <a
href="https://github.com/advthreat/iroh/pull/7491">#7491</a></li>
<li><code>W05</code> set job timeouts to 90 minutes <a
href="https://github.com/advthreat/iroh/pull/7506">#7506</a></li>
<li><code>W05</code> set job timeouts to 60 minutes <a
href="https://github.com/advthreat/iroh/pull/7504">#7504</a></li>
<li><code>W05</code> Test coverage v2 <a
href="https://github.com/advthreat/iroh/pull/7498">#7498</a></li>
<li><code>W05</code> wait for hook to be finished before testing <a
href="https://github.com/advthreat/iroh/pull/7497">#7497</a></li>
<li><code>W05</code> Add test coverage report to the Iroh GitHub Actions
workflow <a
href="https://github.com/advthreat/iroh/pull/7453">#7453</a></li>
<li><code>W05</code> RBAC for Org Access Request <a
href="https://github.com/advthreat/iroh/pull/7465">#7465</a></li>
<li><code>W05</code> Issue 7333 rbac invitation service <a
href="https://github.com/advthreat/iroh/pull/7454">#7454</a></li>
<li><code>W03</code> RBAC: new XDR tests for login and oauth-clients <a
href="https://github.com/advthreat/iroh/pull/7418">#7418</a></li>
<li><code>W01</code> Issue 7413 move steps out of setup job <a
href="https://github.com/advthreat/iroh/pull/7414">#7414</a></li>
<li><code>W51</code> Roles read-only API <a
href="https://github.com/advthreat/iroh/pull/7391">#7391</a></li>
<li><code>W50</code> increase fetch-depth to 50 during CI checkout <a
href="https://github.com/advthreat/iroh/pull/7403">#7403</a></li>
<li><code>W49</code> add <code>RoleService</code> <a
href="https://github.com/advthreat/iroh/pull/7355">#7355</a></li>
<li><code>W48</code> Issue 7319 fix typos <a
href="https://github.com/advthreat/iroh/pull/7338">#7338</a></li>
<li><code>W47</code> Refactor <code>org-requests</code> search endpoint
<a href="https://github.com/advthreat/iroh/pull/7307">#7307</a></li>
<li><code>W47</code> Change tasks order in Iroh GitHub Actions workflow
<a href="https://github.com/advthreat/iroh/pull/7308">#7308</a></li>
<li><code>W46</code> Public but hidden Web Service declaration <a
href="https://github.com/advthreat/iroh/pull/7233">#7233</a></li>
<li><code>W46</code> Check Changelog is updated before merging a PR <a
href="https://github.com/advthreat/iroh/pull/7293">#7293</a></li>
<li><code>W45</code> Issue 7228 bugfix v2 <a
href="https://github.com/advthreat/iroh/pull/7275">#7275</a></li>
<li><code>W44</code> update <code>search-users</code> of
<code>UserService</code> <a
href="https://github.com/advthreat/iroh/pull/7268">#7268</a></li>
<li><code>W44</code> Remove unused <code>env-name</code> in config <a
href="https://github.com/advthreat/iroh/pull/7270">#7270</a></li>
<li><code>W44</code> Issue 7097 improve api doc html template <a
href="https://github.com/advthreat/iroh/pull/7260">#7260</a></li>
<li><code>W43</code> Add a Changelog section in the API Docs <a
href="https://github.com/advthreat/iroh/pull/7212">#7212</a></li>
<li><code>W42</code> Forbid the use of
<code>taoensso.timbre/with-context</code> v2 <a
href="https://github.com/advthreat/iroh/pull/7197">#7197</a></li>
<li><code>W42</code> Redoc and Swagger links in Developer Documentation
<a href="https://github.com/advthreat/iroh/pull/7172">#7172</a></li>
<li><code>W41</code> Issue 7093 dynamic generation of CTR API links <a
href="https://github.com/advthreat/iroh/pull/7161">#7161</a></li>
<li><code>W41</code> Filter the public but hidden APIs <a
href="https://github.com/advthreat/iroh/pull/7168">#7168</a></li>
<li><code>W40</code> Fix missing trailing slash on iroh doc <a
href="https://github.com/advthreat/iroh/pull/7156">#7156</a></li>
<li><code>W37</code> Public Developer Documentation for IROH: automatic
update of CTR API links <a
href="https://github.com/advthreat/iroh/pull/7060">#7060</a></li>
<li><code>W36</code> documentation for Org Level Authorization <a
href="https://github.com/advthreat/iroh/pull/7046">#7046</a></li>
<li><code>W36</code> mk-token and oauth/grant claim <a
href="https://github.com/advthreat/iroh/pull/7037">#7037</a></li>
<li><code>W36</code> don't let the JVM exit in watchpwd <a
href="https://github.com/advthreat/iroh/pull/7038">#7038</a></li>
<li><code>W35</code> add ES credentials to Riemann and Kibana <a
href="https://github.com/advthreat/iroh/pull/7029">#7029</a></li>
<li><code>W35</code> Issue 6947 org level authorization <a
href="https://github.com/advthreat/iroh/pull/6962">#6962</a></li>
<li><code>W35</code> remove the refer to <code>match?</code> and
<code>similar?</code> <a
href="https://github.com/advthreat/iroh/pull/7009">#7009</a></li>
<li><code>W32</code> small bugfix <a
href="https://github.com/advthreat/iroh/pull/6957">#6957</a></li>
<li><code>W31</code> Org virtual user <a
href="https://github.com/advthreat/iroh/pull/6937">#6937</a></li>
<li><code>W31</code> bugfix: jwt of client whose owner is disabled
should be unusable <a
href="https://github.com/advthreat/iroh/pull/6871">#6871</a></li>
</ul>
<p><u>between 12 and 13 months ago</u></p>
<ul>
<li><code>W30</code> fix lein lint errors <a
href="https://github.com/advthreat/iroh/pull/6925">#6925</a></li>
</ul>
<h4 id="tenzin-config-7-7-0">tenzin-config [7 (7 / 0)]</h4>
<ul>
<li><code>W29</code> add first-url for both SX and XDR <a
href="https://github.com/advthreat/tenzin-config/pull/952">#952</a></li>
<li><code>W16</code> sets the <code>:xdr-roles</code> feature flag in
INT and TEST <a
href="https://github.com/advthreat/tenzin-config/pull/840">#840</a></li>
<li><code>W01</code> remove AO orbital and SSE feature flags in all envs
<a
href="https://github.com/advthreat/tenzin-config/pull/804">#804</a></li>
<li><code>W49</code> Add config for role service v2 <a
href="https://github.com/advthreat/tenzin-config/pull/793">#793</a></li>
<li><code>W49</code> Add config for RoleService <a
href="https://github.com/advthreat/tenzin-config/pull/787">#787</a></li>
<li><code>W47</code> Add config for MetaService <a
href="https://github.com/advthreat/tenzin-config/pull/755">#755</a></li>
<li><code>W44</code> clean unnecessary config for duplicate
<code>iroh-inspect</code> <a
href="https://github.com/advthreat/tenzin-config/pull/764">#764</a></li>
</ul>
</body>
</html>

100
reports/FY23-Olivier-report.org Normal file
View file

@ -0,0 +1,100 @@
#+title: Olivier FY23 Report
#+subtitle: back to one month older
#+date: 2023-09-26
#+options: H:6 ^:nil
*** Olivier [86]
**** iroh [79 (78 / 1)]
- ~W30~ Annotated diagram for ~check_node_types.clj~ [[https://github.com/advthreat/iroh/pull/8133][#8133]]
- ~W30~ Increases the time allocated to node start-up [[https://github.com/advthreat/iroh/pull/8125][#8125]]
- ~W30~ [IROH configuration]: Checks that each IROH node type starts correctly [[https://github.com/advthreat/iroh/pull/8043][#8043]]
- ~W30~ fix format-style args logs [[https://github.com/advthreat/iroh/pull/8119][#8119]]
- ~W29~ Adapt OrgAccessRequest to XDR [[https://github.com/advthreat/iroh/pull/8108][#8108]]
- ~W29~ Redirect invited user to XDR [[https://github.com/advthreat/iroh/pull/8105][#8105]]
- ~W29~ Duplicate ~one-click-module-service~ in bootstrap [[https://github.com/advthreat/iroh/pull/8071][#8071]]
- ~W29~ Start node with type and env [[https://github.com/advthreat/iroh/pull/8085][#8085]]
- ~W29~ matrix config for ~in-isolation~ tests [[https://github.com/advthreat/iroh/pull/8082][#8082]]
- ~W28~ [IROH configuration]: Automated generation of services meta and bootstraps [[https://github.com/advthreat/iroh/pull/8017][#8017]]
- ~W26~ fix error [[https://github.com/advthreat/iroh/pull/8021][#8021]]
- ~W26~ tier name from primary to premier [[https://github.com/advthreat/iroh/pull/8014][#8014]]
- ~W26~ batch create and update entitlements [[https://github.com/advthreat/iroh/pull/8006][#8006]]
- ~W25~ Make entitlement affect the scopes [[https://github.com/advthreat/iroh/pull/7975][#7975]]
- ~W25~ Node types [[https://github.com/advthreat/iroh/pull/7988][#7988]]
- ~W24~ Upgrade Babashka [[https://github.com/advthreat/iroh/pull/7967][#7967]]
- ~W23~ add missing exclusions for uberjar [[https://github.com/advthreat/iroh/pull/7963][#7963]]
- ~W23~ fix bug when Org has no entitlement [[https://github.com/advthreat/iroh/pull/7956][#7956]]
- ~W23~ [IROH configuration]: Generate service diagram [[https://github.com/advthreat/iroh/pull/7872][#7872]]
- ~W23~ GH pages updates [[https://github.com/advthreat/iroh/pull/7960][#7960]]
- ~W23~ fix alias arguments [[https://github.com/advthreat/iroh/pull/7954][#7954]]
- ~W23~ Issue 7930 GitHub pages styling [[https://github.com/advthreat/iroh/pull/7932][#7932]]
- ~W21~ Code coverage in GitHub Pages [[https://github.com/advthreat/iroh/pull/7924][#7924]]
- ~W20~ add provisioning platform entitlements [[https://github.com/advthreat/iroh/pull/7895][#7895]]
- ~W20~ add entitlements field to the provision/platform/account endpoint [[https://github.com/advthreat/iroh/pull/7882][#7882]]
- ~W20~ [Entitlements]: Remove entitlement from Org schema [[https://github.com/advthreat/iroh/pull/7878][#7878]]
- ~W19~ [IROH configuration]: add Readme to ~iroh-services~ library [[https://github.com/advthreat/iroh/pull/7868][#7868]]
- ~W19~ [IROH configuration]: Write a minimal bootstrap file for specific services and environment [[https://github.com/advthreat/iroh/pull/7711][#7711]]
- ~W18~ fix http status code [[https://github.com/advthreat/iroh/pull/7838][#7838]]
- ~W11~ Rework of the script ~check-changelog-update-time~ [[https://github.com/advthreat/iroh/pull/7658][#7658]]
- ~W11~ RBAC: additional XDR tests [[https://github.com/advthreat/iroh/pull/7634][#7634]]
- ~W10~ GitHub Actions: do test coverage only once [[https://github.com/advthreat/iroh/pull/7607][#7607]]
- ~W09~ Increase Java Heap size for code coverage - Github Actions workflow [[https://github.com/advthreat/iroh/pull/7585][#7585]]
- ~W08~ add workdir for the check [[https://github.com/advthreat/iroh/pull/7573][#7573]]
- ~W08~ disable test [[https://github.com/advthreat/iroh/pull/7566][#7566]]
- ~W08~ Fail build if html not updated [[https://github.com/advthreat/iroh/pull/7559][#7559]]
- ~W07~ RBAC: enable the new XDR role 'Security Analyst Tier 2' [[https://github.com/advthreat/iroh/pull/7545][#7545]]
- ~W07~ Issue 7538 refactor of role retrieval [[https://github.com/advthreat/iroh/pull/7540][#7540]]
- ~W07~ automated 'revert role' operation with test [[https://github.com/advthreat/iroh/pull/7537][#7537]]
- ~W06~ RBAC: Retrocompatibility of the Provisioning API [[https://github.com/advthreat/iroh/pull/7507][#7507]]
- ~W05~ Refactor around ~ifn-pred~ [[https://github.com/advthreat/iroh/pull/7491][#7491]]
- ~W05~ set job timeouts to 90 minutes [[https://github.com/advthreat/iroh/pull/7506][#7506]]
- ~W05~ set job timeouts to 60 minutes [[https://github.com/advthreat/iroh/pull/7504][#7504]]
- ~W05~ Test coverage v2 [[https://github.com/advthreat/iroh/pull/7498][#7498]]
- ~W05~ wait for hook to be finished before testing [[https://github.com/advthreat/iroh/pull/7497][#7497]]
- ~W05~ Add test coverage report to the Iroh GitHub Actions workflow [[https://github.com/advthreat/iroh/pull/7453][#7453]]
- ~W05~ RBAC for Org Access Request [[https://github.com/advthreat/iroh/pull/7465][#7465]]
- ~W05~ Issue 7333 rbac invitation service [[https://github.com/advthreat/iroh/pull/7454][#7454]]
- ~W03~ RBAC: new XDR tests for login and oauth-clients [[https://github.com/advthreat/iroh/pull/7418][#7418]]
- ~W01~ Issue 7413 move steps out of setup job [[https://github.com/advthreat/iroh/pull/7414][#7414]]
- ~W51~ Roles read-only API [[https://github.com/advthreat/iroh/pull/7391][#7391]]
- ~W50~ increase fetch-depth to 50 during CI checkout [[https://github.com/advthreat/iroh/pull/7403][#7403]]
- ~W49~ add ~RoleService~ [[https://github.com/advthreat/iroh/pull/7355][#7355]]
- ~W48~ Issue 7319 fix typos [[https://github.com/advthreat/iroh/pull/7338][#7338]]
- ~W47~ Refactor ~org-requests~ search endpoint [[https://github.com/advthreat/iroh/pull/7307][#7307]]
- ~W47~ Change tasks order in Iroh GitHub Actions workflow [[https://github.com/advthreat/iroh/pull/7308][#7308]]
- ~W46~ Public but hidden Web Service declaration [[https://github.com/advthreat/iroh/pull/7233][#7233]]
- ~W46~ Check Changelog is updated before merging a PR [[https://github.com/advthreat/iroh/pull/7293][#7293]]
- ~W45~ Issue 7228 bugfix v2 [[https://github.com/advthreat/iroh/pull/7275][#7275]]
- ~W44~ update ~search-users~ of ~UserService~ [[https://github.com/advthreat/iroh/pull/7268][#7268]]
- ~W44~ Remove unused ~env-name~ in config [[https://github.com/advthreat/iroh/pull/7270][#7270]]
- ~W44~ Issue 7097 improve api doc html template [[https://github.com/advthreat/iroh/pull/7260][#7260]]
- ~W43~ Add a Changelog section in the API Docs [[https://github.com/advthreat/iroh/pull/7212][#7212]]
- ~W42~ Forbid the use of ~taoensso.timbre/with-context~ v2 [[https://github.com/advthreat/iroh/pull/7197][#7197]]
- ~W42~ Redoc and Swagger links in Developer Documentation [[https://github.com/advthreat/iroh/pull/7172][#7172]]
- ~W41~ Issue 7093 dynamic generation of CTR API links [[https://github.com/advthreat/iroh/pull/7161][#7161]]
- ~W41~ Filter the public but hidden APIs [[https://github.com/advthreat/iroh/pull/7168][#7168]]
- ~W40~ Fix missing trailing slash on iroh doc [[https://github.com/advthreat/iroh/pull/7156][#7156]]
- ~W37~ Public Developer Documentation for IROH: automatic update of CTR API links [[https://github.com/advthreat/iroh/pull/7060][#7060]]
- ~W36~ documentation for Org Level Authorization [[https://github.com/advthreat/iroh/pull/7046][#7046]]
- ~W36~ mk-token and oauth/grant claim [[https://github.com/advthreat/iroh/pull/7037][#7037]]
- ~W36~ don't let the JVM exit in watchpwd [[https://github.com/advthreat/iroh/pull/7038][#7038]]
- ~W35~ add ES credentials to Riemann and Kibana [[https://github.com/advthreat/iroh/pull/7029][#7029]]
- ~W35~ Issue 6947 org level authorization [[https://github.com/advthreat/iroh/pull/6962][#6962]]
- ~W35~ remove the refer to ~match?~ and ~similar?~ [[https://github.com/advthreat/iroh/pull/7009][#7009]]
- ~W32~ small bugfix [[https://github.com/advthreat/iroh/pull/6957][#6957]]
- ~W31~ Org virtual user [[https://github.com/advthreat/iroh/pull/6937][#6937]]
- ~W31~ bugfix: jwt of client whose owner is disabled should be unusable [[https://github.com/advthreat/iroh/pull/6871][#6871]]
_between 12 and 13 months ago_
- ~W30~ fix lein lint errors [[https://github.com/advthreat/iroh/pull/6925][#6925]]
**** tenzin-config [7 (7 / 0)]
- ~W29~ add first-url for both SX and XDR [[https://github.com/advthreat/tenzin-config/pull/952][#952]]
- ~W16~ sets the ~:xdr-roles~ feature flag in INT and TEST [[https://github.com/advthreat/tenzin-config/pull/840][#840]]
- ~W01~ remove AO orbital and SSE feature flags in all envs [[https://github.com/advthreat/tenzin-config/pull/804][#804]]
- ~W49~ Add config for role service v2 [[https://github.com/advthreat/tenzin-config/pull/793][#793]]
- ~W49~ Add config for RoleService [[https://github.com/advthreat/tenzin-config/pull/787][#787]]
- ~W47~ Add config for MetaService [[https://github.com/advthreat/tenzin-config/pull/755][#755]]
- ~W44~ clean unnecessary config for duplicate ~iroh-inspect~ [[https://github.com/advthreat/tenzin-config/pull/764][#764]]

BIN
reports/FY23-Olivier-report.pdf Normal file
View file

Binary file not shown.

365
reports/FY23-Wanderson-report.html Normal file
View file

@ -0,0 +1,365 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-09-26" />
<title>Wanderson FY23 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Wanderson FY23 Report</h1>
<p class="subtitle">back to one month older</p>
<p class="date">2023-09-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#wanderson-58">Wanderson [58]</a>
<ul>
<li><a href="#iroh-53-41-12">iroh [53 (41 / 12)]</a></li>
<li><a href="#tenzin-1-1-0">tenzin [1 (1 / 0)]</a></li>
<li><a href="#tenzin-config-4-3-1">tenzin-config [4 (3 / 1)]</a></li>
</ul></li>
</ul>
</nav>
<h3 id="wanderson-58">Wanderson [58]</h3>
<h4 id="iroh-53-41-12">iroh [53 (41 / 12)]</h4>
<ul>
<li><code>W30</code> Design doc to webhook support on Entitlement
create/update <a
href="https://github.com/advthreat/iroh/pull/8112">#8112</a></li>
<li><code>W30</code> NewEvent <code>:created-at</code> is optional for
IROH internal calls and mandatory to HTTP events <a
href="https://github.com/advthreat/iroh/pull/8121">#8121</a></li>
<li><code>W30</code> [IROH Auth] Support XDR <code>signup-url</code> <a
href="https://github.com/advthreat/iroh/pull/8117">#8117</a></li>
<li><code>W27</code> [IROH Auth] Make
<code>use-cache-to-build-identity</code> throw if short JWT info is
missing <a
href="https://github.com/advthreat/iroh/pull/8032">#8032</a></li>
<li><code>W27</code> [IROH Auth] Change error message for
org-level-authorization clients <a
href="https://github.com/advthreat/iroh/pull/8034">#8034</a></li>
<li><code>W27</code> Invitation missing test cases <a
href="https://github.com/advthreat/iroh/pull/8030">#8030</a></li>
<li><code>W24</code> [IROH Auth] RBAC JWT Revocation on
<code>role</code> change <a
href="https://github.com/advthreat/iroh/pull/7875">#7875</a></li>
<li><code>W21</code> [IROH Auth] Fix wrong role name in Invites for XDR
roles <a
href="https://github.com/advthreat/iroh/pull/7908">#7908</a></li>
<li><code>W20</code> [IROH Auth] add <code>:entitlement-summary</code>
to profile org return values <a
href="https://github.com/advthreat/iroh/pull/7896">#7896</a></li>
<li><code>W20</code> [IROH Auth] Fix <code>/profile</code> swagger.json
bug <a href="https://github.com/advthreat/iroh/pull/7897">#7897</a></li>
<li><code>W20</code> [IROH Auth] add Entitlement Summary to
<code>whoami</code> <a
href="https://github.com/advthreat/iroh/pull/7894">#7894</a></li>
<li><code>W20</code> [IROH Auth] Expose entitlement methods in Profile
webservice <a
href="https://github.com/advthreat/iroh/pull/7881">#7881</a></li>
<li><code>W20</code> [IROH Auth] Declare entitlement-svc in
default-bootstrap <a
href="https://github.com/advthreat/iroh/pull/7891">#7891</a></li>
<li><code>W20</code> [IROH Auth] fix EntitlementSummary structure <a
href="https://github.com/advthreat/iroh/pull/7886">#7886</a></li>
<li><code>W20</code> [IROH Auth] Decide JWT format based on the new
<code>client</code>'s <code>tokens-format</code> property <a
href="https://github.com/advthreat/iroh/pull/7789">#7789</a></li>
<li><code>W19</code> [IROH Auth] Fix potential bug in PROD in
OrgAccessRequests for xdr-roles <a
href="https://github.com/advthreat/iroh/pull/7861">#7861</a></li>
<li><code>W19</code> [IROH Auth] - Remove <code>xdr-instance-id</code>
<a href="https://github.com/advthreat/iroh/pull/7860">#7860</a></li>
<li><code>W19</code> [IROH Auth] Restrict <code>xdr-roles</code> by
<code>env</code> and <code>org</code> feature flags <a
href="https://github.com/advthreat/iroh/pull/7855">#7855</a></li>
<li><code>W17</code> [IROH Auth] introducing <code>TimeService</code> in
<code>AuthService</code> <a
href="https://github.com/advthreat/iroh/pull/7806">#7806</a></li>
<li><code>W17</code> [IROH Auth] allow only <code>iroh-core.time</code>
in oauth2.core ns <a
href="https://github.com/advthreat/iroh/pull/7793">#7793</a></li>
<li><code>W16</code> [IROH Auth] - Update IROH Web middleware to build
short JWTs with profile data <a
href="https://github.com/advthreat/iroh/pull/7671">#7671</a></li>
<li><code>W12</code> [IROH Auth] - update
<code>check-refresh-token</code> function <a
href="https://github.com/advthreat/iroh/pull/7669">#7669</a></li>
<li><code>W12</code> [IROH Auth] - Update Design docs for Short JWT Epic
<a href="https://github.com/advthreat/iroh/pull/7670">#7670</a></li>
<li><code>W10</code> [IROH Auth] <code>/profile/permissions</code>
endpoint <a
href="https://github.com/advthreat/iroh/pull/7562">#7562</a></li>
<li><code>W08</code> Patch <code>compojure-api</code> to allow endpoints
with string-keys (without keywordize the request <code>:body</code>) <a
href="https://github.com/advthreat/iroh/pull/7574">#7574</a></li>
<li><code>W08</code> [IROH Auth] Include route
<code>/profile/scopes</code> <a
href="https://github.com/advthreat/iroh/pull/7553">#7553</a></li>
<li><code>W07</code> [IROH Auth] - Store Short JWTs <a
href="https://github.com/advthreat/iroh/pull/7476">#7476</a></li>
<li><code>W05</code> [IROH Auth] refactor <code>gen-short-tokens</code>
to avoid code duplication <a
href="https://github.com/advthreat/iroh/pull/7485">#7485</a></li>
<li><code>W04</code> Allow wildcard login origin in TEST env <a
href="https://github.com/advthreat/iroh/pull/7474">#7474</a></li>
<li><code>W03</code> [IROH Auth] Generate Short JWT tokens <a
href="https://github.com/advthreat/iroh/pull/7450">#7450</a></li>
<li><code>W02</code> [IROH Auth] Short JWT design <a
href="https://github.com/advthreat/iroh/pull/7436">#7436</a></li>
<li><code>W50</code> org-svc using crud-context instead of gen-ctx <a
href="https://github.com/advthreat/iroh/pull/7306">#7306</a></li>
<li><code>W49</code> IROH-Auth: Remove <code>oauth/scopes</code> claims
from AO jwts <a
href="https://github.com/advthreat/iroh/pull/7368">#7368</a></li>
<li><code>W48</code> RBAC: Remove confusing and big claims from JWT <a
href="https://github.com/advthreat/iroh/pull/7363">#7363</a></li>
<li><code>W48</code> Remove the usage of <code>invitee-name</code> from
the invite-svc <a
href="https://github.com/advthreat/iroh/pull/7356">#7356</a></li>
<li><code>W41</code> <code>InviteService</code> - Using HOF
<code>get-valid-user!</code> and <code>get-valid-org!</code> <a
href="https://github.com/advthreat/iroh/pull/7045">#7045</a></li>
<li><code>W36</code> <code>ProvisioningService</code> - fix folder
structure <a
href="https://github.com/advthreat/iroh/pull/7047">#7047</a></li>
<li><code>W36</code> [IROH-Auth] Specify the tenant at login <a
href="https://github.com/advthreat/iroh/pull/7036">#7036</a></li>
<li><code>W35</code> Add query param <code>show-tenant-selector</code>
to force redirect to Registration UI <a
href="https://github.com/advthreat/iroh/pull/7034">#7034</a></li>
<li><code>W34</code> remove ctim tutorial pngs from trojan scan <a
href="https://github.com/advthreat/iroh/pull/7005">#7005</a></li>
<li><code>W31</code> Cleanup AuthService <a
href="https://github.com/advthreat/iroh/pull/6944">#6944</a></li>
</ul>
<p><u>between 12 and 13 months ago</u></p>
<ul>
<li><code>W31</code> cleanup gen user-identity-jwt code <a
href="https://github.com/advthreat/iroh/pull/6942">#6942</a></li>
<li><code>W30</code> Format relative dates in account-stats <a
href="https://github.com/advthreat/iroh/pull/6920">#6920</a></li>
<li><code>W30</code> bugfix: constrained expiration time for
access-token generated by the switch-tenant endpoint <a
href="https://github.com/advthreat/iroh/pull/6902">#6902</a></li>
<li><code>W29</code> Bugfix redirect users rule remove disabled orgs <a
href="https://github.com/advthreat/iroh/pull/6924">#6924</a></li>
<li><code>W29</code> add more logs to WebhookRunner to inspect
scopes-restriction logic <a
href="https://github.com/advthreat/iroh/pull/6922">#6922</a></li>
<li><code>W28</code> safer implementation to list accounts <a
href="https://github.com/advthreat/iroh/pull/6893">#6893</a></li>
<li><code>W28</code> bugfix - remove disabled orgs from Registration UI
org selector <a
href="https://github.com/advthreat/iroh/pull/6884">#6884</a></li>
<li><code>W28</code> bugfix listing users that do not belong to your
user-identity <a
href="https://github.com/advthreat/iroh/pull/6889">#6889</a></li>
<li><code>W28</code> Cleaning up <code>iroh-auth/test_helpers/-*</code>
files <a
href="https://github.com/advthreat/iroh/pull/6872">#6872</a></li>
<li><code>W27</code> Add ProfileService <a
href="https://github.com/advthreat/iroh/pull/6829">#6829</a></li>
<li><code>W27</code> bugfix - update login-date of the user on switching
tenants <a
href="https://github.com/advthreat/iroh/pull/6866">#6866</a></li>
<li><code>W27</code> bugfix - include email to avoid errors for orgs
with whitelist settings <a
href="https://github.com/advthreat/iroh/pull/6862">#6862</a></li>
</ul>
<h4 id="tenzin-1-1-0">tenzin [1 (1 / 0)]</h4>
<ul>
<li><code>W02</code> Update GPG Wanderson Ferreira <a
href="https://github.com/advthreat/tenzin/pull/2648">#2648</a></li>
</ul>
<h4 id="tenzin-config-4-3-1">tenzin-config [4 (3 / 1)]</h4>
<ul>
<li><code>W30</code> config to support signup-url xdr <a
href="https://github.com/advthreat/tenzin-config/pull/955">#955</a></li>
<li><code>W07</code> add postgres and redis-cache store for IROH Auth
JWTs <a
href="https://github.com/advthreat/tenzin-config/pull/839">#839</a></li>
<li><code>W36</code> fix provisioning path <a
href="https://github.com/advthreat/tenzin-config/pull/717">#717</a></li>
</ul>
<p><u>between 12 and 13 months ago</u></p>
<ul>
<li><code>W27</code> include new profile-svc <a
href="https://github.com/advthreat/tenzin-config/pull/675">#675</a></li>
</ul>
</body>
</html>

77
reports/FY23-Wanderson-report.org Normal file
View file

@ -0,0 +1,77 @@
#+title: Wanderson FY23 Report
#+subtitle: back to one month older
#+date: 2023-09-26
#+options: H:6 ^:nil
*** Wanderson [58]
**** iroh [53 (41 / 12)]
- ~W30~ Design doc to webhook support on Entitlement create/update [[https://github.com/advthreat/iroh/pull/8112][#8112]]
- ~W30~ NewEvent ~:created-at~ is optional for IROH internal calls and mandatory to HTTP events [[https://github.com/advthreat/iroh/pull/8121][#8121]]
- ~W30~ [IROH Auth] Support XDR ~signup-url~ [[https://github.com/advthreat/iroh/pull/8117][#8117]]
- ~W27~ [IROH Auth] Make ~use-cache-to-build-identity~ throw if short JWT info is missing [[https://github.com/advthreat/iroh/pull/8032][#8032]]
- ~W27~ [IROH Auth] Change error message for org-level-authorization clients [[https://github.com/advthreat/iroh/pull/8034][#8034]]
- ~W27~ Invitation missing test cases [[https://github.com/advthreat/iroh/pull/8030][#8030]]
- ~W24~ [IROH Auth] RBAC JWT Revocation on ~role~ change [[https://github.com/advthreat/iroh/pull/7875][#7875]]
- ~W21~ [IROH Auth] Fix wrong role name in Invites for XDR roles [[https://github.com/advthreat/iroh/pull/7908][#7908]]
- ~W20~ [IROH Auth] add ~:entitlement-summary~ to profile org return values [[https://github.com/advthreat/iroh/pull/7896][#7896]]
- ~W20~ [IROH Auth] Fix ~/profile~ swagger.json bug [[https://github.com/advthreat/iroh/pull/7897][#7897]]
- ~W20~ [IROH Auth] add Entitlement Summary to ~whoami~ [[https://github.com/advthreat/iroh/pull/7894][#7894]]
- ~W20~ [IROH Auth] Expose entitlement methods in Profile webservice [[https://github.com/advthreat/iroh/pull/7881][#7881]]
- ~W20~ [IROH Auth] Declare entitlement-svc in default-bootstrap [[https://github.com/advthreat/iroh/pull/7891][#7891]]
- ~W20~ [IROH Auth] fix EntitlementSummary structure [[https://github.com/advthreat/iroh/pull/7886][#7886]]
- ~W20~ [IROH Auth] Decide JWT format based on the new ~client~'s ~tokens-format~ property [[https://github.com/advthreat/iroh/pull/7789][#7789]]
- ~W19~ [IROH Auth] Fix potential bug in PROD in OrgAccessRequests for xdr-roles [[https://github.com/advthreat/iroh/pull/7861][#7861]]
- ~W19~ [IROH Auth] - Remove ~xdr-instance-id~ [[https://github.com/advthreat/iroh/pull/7860][#7860]]
- ~W19~ [IROH Auth] Restrict ~xdr-roles~ by ~env~ and ~org~ feature flags [[https://github.com/advthreat/iroh/pull/7855][#7855]]
- ~W17~ [IROH Auth] introducing ~TimeService~ in ~AuthService~ [[https://github.com/advthreat/iroh/pull/7806][#7806]]
- ~W17~ [IROH Auth] allow only ~iroh-core.time~ in oauth2.core ns [[https://github.com/advthreat/iroh/pull/7793][#7793]]
- ~W16~ [IROH Auth] - Update IROH Web middleware to build short JWTs with profile data [[https://github.com/advthreat/iroh/pull/7671][#7671]]
- ~W12~ [IROH Auth] - update ~check-refresh-token~ function [[https://github.com/advthreat/iroh/pull/7669][#7669]]
- ~W12~ [IROH Auth] - Update Design docs for Short JWT Epic [[https://github.com/advthreat/iroh/pull/7670][#7670]]
- ~W10~ [IROH Auth] ~/profile/permissions~ endpoint [[https://github.com/advthreat/iroh/pull/7562][#7562]]
- ~W08~ Patch ~compojure-api~ to allow endpoints with string-keys (without keywordize the request ~:body~) [[https://github.com/advthreat/iroh/pull/7574][#7574]]
- ~W08~ [IROH Auth] Include route ~/profile/scopes~ [[https://github.com/advthreat/iroh/pull/7553][#7553]]
- ~W07~ [IROH Auth] - Store Short JWTs [[https://github.com/advthreat/iroh/pull/7476][#7476]]
- ~W05~ [IROH Auth] refactor ~gen-short-tokens~ to avoid code duplication [[https://github.com/advthreat/iroh/pull/7485][#7485]]
- ~W04~ Allow wildcard login origin in TEST env [[https://github.com/advthreat/iroh/pull/7474][#7474]]
- ~W03~ [IROH Auth] Generate Short JWT tokens [[https://github.com/advthreat/iroh/pull/7450][#7450]]
- ~W02~ [IROH Auth] Short JWT design [[https://github.com/advthreat/iroh/pull/7436][#7436]]
- ~W50~ org-svc using crud-context instead of gen-ctx [[https://github.com/advthreat/iroh/pull/7306][#7306]]
- ~W49~ IROH-Auth: Remove ~oauth/scopes~ claims from AO jwts [[https://github.com/advthreat/iroh/pull/7368][#7368]]
- ~W48~ RBAC: Remove confusing and big claims from JWT [[https://github.com/advthreat/iroh/pull/7363][#7363]]
- ~W48~ Remove the usage of ~invitee-name~ from the invite-svc [[https://github.com/advthreat/iroh/pull/7356][#7356]]
- ~W41~ ~InviteService~ - Using HOF ~get-valid-user!~ and ~get-valid-org!~ [[https://github.com/advthreat/iroh/pull/7045][#7045]]
- ~W36~ ~ProvisioningService~ - fix folder structure [[https://github.com/advthreat/iroh/pull/7047][#7047]]
- ~W36~ [IROH-Auth] Specify the tenant at login [[https://github.com/advthreat/iroh/pull/7036][#7036]]
- ~W35~ Add query param ~show-tenant-selector~ to force redirect to Registration UI [[https://github.com/advthreat/iroh/pull/7034][#7034]]
- ~W34~ remove ctim tutorial pngs from trojan scan [[https://github.com/advthreat/iroh/pull/7005][#7005]]
- ~W31~ Cleanup AuthService [[https://github.com/advthreat/iroh/pull/6944][#6944]]
_between 12 and 13 months ago_
- ~W31~ cleanup gen user-identity-jwt code [[https://github.com/advthreat/iroh/pull/6942][#6942]]
- ~W30~ Format relative dates in account-stats [[https://github.com/advthreat/iroh/pull/6920][#6920]]
- ~W30~ bugfix: constrained expiration time for access-token generated by the switch-tenant endpoint [[https://github.com/advthreat/iroh/pull/6902][#6902]]
- ~W29~ Bugfix redirect users rule remove disabled orgs [[https://github.com/advthreat/iroh/pull/6924][#6924]]
- ~W29~ add more logs to WebhookRunner to inspect scopes-restriction logic [[https://github.com/advthreat/iroh/pull/6922][#6922]]
- ~W28~ safer implementation to list accounts [[https://github.com/advthreat/iroh/pull/6893][#6893]]
- ~W28~ bugfix - remove disabled orgs from Registration UI org selector [[https://github.com/advthreat/iroh/pull/6884][#6884]]
- ~W28~ bugfix listing users that do not belong to your user-identity [[https://github.com/advthreat/iroh/pull/6889][#6889]]
- ~W28~ Cleaning up ~iroh-auth/test_helpers/-*~ files [[https://github.com/advthreat/iroh/pull/6872][#6872]]
- ~W27~ Add ProfileService [[https://github.com/advthreat/iroh/pull/6829][#6829]]
- ~W27~ bugfix - update login-date of the user on switching tenants [[https://github.com/advthreat/iroh/pull/6866][#6866]]
- ~W27~ bugfix - include email to avoid errors for orgs with whitelist settings [[https://github.com/advthreat/iroh/pull/6862][#6862]]
**** tenzin [1 (1 / 0)]
- ~W02~ Update GPG Wanderson Ferreira [[https://github.com/advthreat/tenzin/pull/2648][#2648]]
**** tenzin-config [4 (3 / 1)]
- ~W30~ config to support signup-url xdr [[https://github.com/advthreat/tenzin-config/pull/955][#955]]
- ~W07~ add postgres and redis-cache store for IROH Auth JWTs [[https://github.com/advthreat/tenzin-config/pull/839][#839]]
- ~W36~ fix provisioning path [[https://github.com/advthreat/tenzin-config/pull/717][#717]]
_between 12 and 13 months ago_
- ~W27~ include new profile-svc [[https://github.com/advthreat/tenzin-config/pull/675][#675]]

BIN
reports/FY23-Wanderson-report.pdf Normal file
View file

Binary file not shown.

538
reports/FY23-Yann-report.html Normal file
View file

@ -0,0 +1,538 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2023-09-26" />
<title>Yann FY23 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Yann FY23 Report</h1>
<p class="subtitle">back to one month older</p>
<p class="date">2023-09-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#yann-164">Yann [164]</a>
<ul>
<li><a href="#clj-jwt-3-3-0">clj-jwt [3 (3 / 0)]</a></li>
<li><a href="#ctia-1-1-0">ctia [1 (1 / 0)]</a></li>
<li><a href="#iroh-88-85-3">iroh [88 (85 / 3)]</a></li>
<li><a href="#oauth2-client-demo-4-4-0">oauth2-client-demo [4 (4 /
0)]</a></li>
<li><a href="#ring-jwt-middleware-3-3-0">ring-jwt-middleware [3 (3 /
0)]</a></li>
<li><a href="#scopula-13-13-0">scopula [13 (13 / 0)]</a></li>
<li><a href="#tenzin-2-2-0">tenzin [2 (2 / 0)]</a></li>
<li><a href="#tenzin-config-24-24-0">tenzin-config [24 (24 /
0)]</a></li>
<li><a href="#xdr-provisioning-26-26-0">xdr-provisioning [26 (26 /
0)]</a></li>
</ul></li>
</ul>
</nav>
<h3 id="yann-164">Yann [164]</h3>
<h4 id="clj-jwt-3-3-0">clj-jwt [3 (3 / 0)]</h4>
<ul>
<li><code>W27</code> Version 0.5.2-SNAPSHOT</li>
<li><code>W27</code> Version 0.5.1</li>
<li><code>W27</code> Merge pull request #4 from latacora/master</li>
</ul>
<h4 id="ctia-1-1-0">ctia [1 (1 / 0)]</h4>
<ul>
<li><code>W10</code> bump snakeyaml to address CVE-2022-38751 <a
href="https://github.com/advthreat/ctia/pull/1346">#1346</a></li>
</ul>
<h4 id="iroh-88-85-3">iroh [88 (85 / 3)]</h4>
<ul>
<li><code>W30</code> Fix a URL detection from HTML <a
href="https://github.com/advthreat/iroh/pull/8165">#8165</a></li>
<li><code>W30</code> Revert "Incident Summary Migration" <a
href="https://github.com/advthreat/iroh/pull/8163">#8163</a></li>
<li><code>W30</code> [Monetization]: Fix business logic of data
retention <a
href="https://github.com/advthreat/iroh/pull/8142">#8142</a></li>
<li><code>W30</code> Allow braces with iroh-core/strint <a
href="https://github.com/advthreat/iroh/pull/8051">#8051</a></li>
<li><code>W29</code> Remove SecureX branding and attempt to match SCSO
branding for invitation and OAuth2 authorization <a
href="https://github.com/advthreat/iroh/pull/8111">#8111</a></li>
<li><code>W29</code> [Registration UI]: Reword to remove SX reference <a
href="https://github.com/advthreat/iroh/pull/8110">#8110</a></li>
<li><code>W29</code> Entitlement summary technical values <a
href="https://github.com/advthreat/iroh/pull/8094">#8094</a></li>
<li><code>W29</code> [PIAM] Make enterprise id mandatory for piam <a
href="https://github.com/advthreat/iroh/pull/8069">#8069</a></li>
<li><code>W28</code> PIAM: Enhance provisioning tracking <a
href="https://github.com/advthreat/iroh/pull/8061">#8061</a></li>
<li><code>W27</code> Make country-name optional from the whoami. <a
href="https://github.com/advthreat/iroh/pull/8050">#8050</a></li>
<li><code>W27</code> Do not send email for XDR org during AO bootstrap
<a href="https://github.com/advthreat/iroh/pull/8045">#8045</a></li>
<li><code>W27</code> [PIAM] Show the whole response on onboarding errors
<a href="https://github.com/advthreat/iroh/pull/8039">#8039</a></li>
<li><code>W27</code> Makes feature-flag change access more precise <a
href="https://github.com/advthreat/iroh/pull/8026">#8026</a></li>
<li><code>W27</code> Revert "woke tool added (#7926)" <a
href="https://github.com/advthreat/iroh/pull/8029">#8029</a></li>
<li><code>W25</code> Sorted Idps <a
href="https://github.com/advthreat/iroh/pull/7997">#7997</a></li>
<li><code>W25</code> Add default value in the Swagger UI description. <a
href="https://github.com/advthreat/iroh/pull/7995">#7995</a></li>
<li><code>W24</code> Hide even more hidden APIs <a
href="https://github.com/advthreat/iroh/pull/7979">#7979</a></li>
<li><code>W24</code> [PIAM]: Support passing body parameter to
onboarding via Provisioning API <a
href="https://github.com/advthreat/iroh/pull/7986">#7986</a></li>
<li><code>W24</code> Upgrade SX to XDR org via provisioning <a
href="https://github.com/advthreat/iroh/pull/7981">#7981</a></li>
<li><code>W24</code> feature-flag scopes are considered as special <a
href="https://github.com/advthreat/iroh/pull/7985">#7985</a></li>
<li><code>W24</code> fix local dev environment to be able to start
locally without docker <a
href="https://github.com/advthreat/iroh/pull/7944">#7944</a></li>
<li><code>W23</code> Use org to display the roles as expected <a
href="https://github.com/advthreat/iroh/pull/7952">#7952</a></li>
<li><code>W22</code> Fix SCSO rebrand name. <a
href="https://github.com/advthreat/iroh/pull/7937">#7937</a></li>
<li><code>W22</code> Rebrand from SecureX Sign-On to Secure Cloud
Sign-on <a
href="https://github.com/advthreat/iroh/pull/7935">#7935</a></li>
<li><code>W22</code> A few additional helpers <a
href="https://github.com/advthreat/iroh/pull/7914">#7914</a></li>
<li><code>W20</code> [IROH Auth] Entitlement Service <a
href="https://github.com/advthreat/iroh/pull/7870">#7870</a></li>
<li><code>W19</code> Change the scope for ff change <a
href="https://github.com/advthreat/iroh/pull/7857">#7857</a></li>
<li><code>W18</code> replace clj-momo deep-merge <a
href="https://github.com/advthreat/iroh/pull/7815">#7815</a></li>
<li><code>W17</code> Add a missing option to disable default configs <a
href="https://github.com/advthreat/iroh/pull/7805">#7805</a></li>
<li><code>W17</code> Add a script to init tokens without login in <a
href="https://github.com/advthreat/iroh/pull/7794">#7794</a></li>
<li><code>W17</code> Fix schema for Response <a
href="https://github.com/advthreat/iroh/pull/7804">#7804</a></li>
<li><code>W17</code> Add support to onboard a single app <a
href="https://github.com/advthreat/iroh/pull/7796">#7796</a></li>
<li><code>W17</code> Add a role instrospection route to help the UI and
other clients <a
href="https://github.com/advthreat/iroh/pull/7785">#7785</a></li>
<li><code>W17</code> Fix scopes declaration for execute-workflow route
<a href="https://github.com/advthreat/iroh/pull/7799">#7799</a></li>
<li><code>W16</code> Fix a Swagger bug due to schema name conflict <a
href="https://github.com/advthreat/iroh/pull/7790">#7790</a></li>
<li><code>W14</code> Web api search improvements <a
href="https://github.com/advthreat/iroh/pull/7728">#7728</a></li>
<li><code>W14</code> add profile and notification to ao-jwt <a
href="https://github.com/advthreat/iroh/pull/7726">#7726</a></li>
<li><code>W14</code> Tk store combinator search queries (AND, OR, NOT)
<a href="https://github.com/advthreat/iroh/pull/7691">#7691</a></li>
<li><code>W13</code> Fix a case where the body is <code
class="verbatim">nil</code> <a
href="https://github.com/advthreat/iroh/pull/7685">#7685</a></li>
<li><code>W13</code> Add xdr-instance-id field to the orgs <a
href="https://github.com/advthreat/iroh/pull/7707">#7707</a></li>
<li><code>W13</code> PIAM: Provisioning onboard endpoint <a
href="https://github.com/advthreat/iroh/pull/7659">#7659</a></li>
<li><code>W12</code> Add ff scope script <a
href="https://github.com/advthreat/iroh/pull/7680">#7680</a></li>
<li><code>W12</code> added a script to add feature-flag scopes from
command line <a
href="https://github.com/advthreat/iroh/pull/7676">#7676</a></li>
<li><code>W12</code> prefer to use client from DB than client from
config <a
href="https://github.com/advthreat/iroh/pull/7672">#7672</a></li>
<li><code>W12</code> Align scopes to SXO behaviour <a
href="https://github.com/advthreat/iroh/pull/7673">#7673</a></li>
<li><code>W11</code> fix lein start <a
href="https://github.com/advthreat/iroh/pull/7663">#7663</a></li>
<li><code>W11</code> PIAM provisioning no idp-mapping for create user <a
href="https://github.com/advthreat/iroh/pull/7655">#7655</a></li>
<li><code>W11</code> Default bootstrap &amp; config <a
href="https://github.com/advthreat/iroh/pull/6868">#6868</a></li>
<li><code>W10</code> Add Entitlements to Orgs <a
href="https://github.com/advthreat/iroh/pull/7631">#7631</a></li>
<li><code>W10</code> Remove yaml to supported format for profile API <a
href="https://github.com/advthreat/iroh/pull/7632">#7632</a></li>
<li><code>W10</code> Fix a flaky test in either_test.clj <a
href="https://github.com/advthreat/iroh/pull/7610">#7610</a></li>
<li><code>W09</code> Role Matrix representation in the code. <a
href="https://github.com/advthreat/iroh/pull/7583">#7583</a></li>
<li><code>W08</code> fix some wording only for admin users view <a
href="https://github.com/advthreat/iroh/pull/7579">#7579</a></li>
<li><code>W07</code> Improve User login logs situation <a
href="https://github.com/advthreat/iroh/pull/7555">#7555</a></li>
<li><code>W07</code> Added a composable redis.nix <a
href="https://github.com/advthreat/iroh/pull/7535">#7535</a></li>
<li><code>W04</code> Fix template rendering during invite confirmation
<a href="https://github.com/advthreat/iroh/pull/7480">#7480</a></li>
<li><code>W04</code> Display virtual users in the batch get users <a
href="https://github.com/advthreat/iroh/pull/7473">#7473</a></li>
<li><code>W02</code> Add the UI session logout into IROH-Auth <a
href="https://github.com/advthreat/iroh/pull/7431">#7431</a></li>
<li><code>W51</code> Use short random id for code and csrf <a
href="https://github.com/advthreat/iroh/pull/7417">#7417</a></li>
<li><code>W50</code> Revoked grant should reject event trusted clients
<a href="https://github.com/advthreat/iroh/pull/7394">#7394</a></li>
<li><code>W47</code> RBAC Technical Design <a
href="https://github.com/advthreat/iroh/pull/7314">#7314</a></li>
<li><code>W47</code> Open Impersonate INT/TEST to help UI dev <a
href="https://github.com/advthreat/iroh/pull/7316">#7316</a></li>
<li><code>W42</code> Add kibana links to Admin UI <a
href="https://github.com/advthreat/iroh/pull/7224">#7224</a></li>
<li><code>W42</code> Fix a login button bug in the cross-region admin UI
<a href="https://github.com/advthreat/iroh/pull/7214">#7214</a></li>
<li><code>W42</code> Update ini4j to 0.5.4 <a
href="https://github.com/advthreat/iroh/pull/7199">#7199</a></li>
<li><code>W41</code> Fix logic for Allow All Role to login <a
href="https://github.com/advthreat/iroh/pull/7185">#7185</a></li>
<li><code>W41</code> Deploy the Cross Region Admin UI <a
href="https://github.com/advthreat/iroh/pull/7177">#7177</a></li>
<li><code>W41</code> bump to jackson-databind 2.14.0-rc1 <a
href="https://github.com/advthreat/iroh/pull/7160">#7160</a></li>
<li><code>W40</code> Update jackson-databind <a
href="https://github.com/advthreat/iroh/pull/7159">#7159</a></li>
<li><code>W39</code> Provide a TAC route to change the user's role <a
href="https://github.com/advthreat/iroh/pull/7133">#7133</a></li>
<li><code>W39</code> Fix PIAM Provisioning <a
href="https://github.com/advthreat/iroh/pull/7129">#7129</a></li>
<li><code>W39</code> [Platform] PIAM targeted Provisioning CRUD <a
href="https://github.com/advthreat/iroh/pull/7073">#7073</a></li>
<li><code>W39</code> Fix 500 error response on invalid JWT <a
href="https://github.com/advthreat/iroh/pull/7112">#7112</a></li>
<li><code>W38</code> [IROH-Auth]: Support wildcard for
allowed-login-origin on INT <a
href="https://github.com/advthreat/iroh/pull/7085">#7085</a></li>
<li><code>W38</code> Fix and Improve some HTML pages <a
href="https://github.com/advthreat/iroh/pull/7079">#7079</a></li>
<li><code>W37</code> Fix master <a
href="https://github.com/advthreat/iroh/pull/7069">#7069</a></li>
<li><code>W37</code> Improve Auth Mgmt logs <a
href="https://github.com/advthreat/iroh/pull/7067">#7067</a></li>
<li><code>W37</code> Add structured logs to SSE proxy <a
href="https://github.com/advthreat/iroh/pull/7065">#7065</a></li>
<li><code>W37</code> Improve error message on DB schema error <a
href="https://github.com/advthreat/iroh/pull/7061">#7061</a></li>
<li><code>W36</code> Add a testing case for custom OAuth2 routes <a
href="https://github.com/advthreat/iroh/pull/7033">#7033</a></li>
<li><code>W36</code> Cleanup tests 2022 08 <a
href="https://github.com/advthreat/iroh/pull/7014">#7014</a></li>
<li><code>W36</code> Improve the script to delete duplicate accounts <a
href="https://github.com/advthreat/iroh/pull/7028">#7028</a></li>
<li><code>W35</code> Attempt to use <code>iroh-crud</code> for
<code>UserService</code> <a
href="https://github.com/advthreat/iroh/pull/7008">#7008</a></li>
<li><code>W34</code> Improve Org/User Services Either 2nd <a
href="https://github.com/advthreat/iroh/pull/7002">#7002</a></li>
<li><code>W31</code> Session token lifetime with code param <a
href="https://github.com/advthreat/iroh/pull/6818">#6818</a></li>
</ul>
<p><u>between 12 and 13 months ago</u></p>
<ul>
<li><code>W30</code> remove random-uuid overide warning <a
href="https://github.com/advthreat/iroh/pull/6940">#6940</a></li>
<li><code>W27</code> disable vulnscan <a
href="https://github.com/advthreat/iroh/pull/6864">#6864</a></li>
<li><code>W27</code> Script to remove duplicate users <a
href="https://github.com/advthreat/iroh/pull/6826">#6826</a></li>
</ul>
<h4 id="oauth2-client-demo-4-4-0">oauth2-client-demo [4 (4 / 0)]</h4>
<ul>
<li><code>W41</code> Add local env</li>
<li><code>W41</code> Parametrize the device code test</li>
<li><code>W41</code> support public device grant clients</li>
<li><code>W41</code> improved doc</li>
</ul>
<h4 id="ring-jwt-middleware-3-3-0">ring-jwt-middleware [3 (3 / 0)]</h4>
<ul>
<li><code>W24</code> Version 1.1.4-SNAPSHOT</li>
<li><code>W24</code> Version 1.1.3</li>
<li><code>W24</code> Support external error via is-revoked-fn</li>
</ul>
<h4 id="scopula-13-13-0">scopula [13 (13 / 0)]</h4>
<ul>
<li><code>W49</code> Version 0.3.1-SNAPSHOT</li>
<li><code>W49</code> Version 0.3.0</li>
<li><code>W49</code> updated version and deps</li>
<li><code>W49</code> Merge pull request #5 from
threatgrid/scope-aliases</li>
<li><code>W49</code> Minor fixes, update README</li>
<li><code>W49</code> Use scopes set length instead of count</li>
<li><code>W47</code> Update README.org</li>
<li><code>W47</code> minor corrections</li>
<li><code>W47</code> Improve scope-aliases</li>
<li><code>W44</code> Improve methodology to not fail on special
cases</li>
<li><code>W44</code> Basic compression heuristic for aliases</li>
<li><code>W44</code> Make scopes-expand additive only</li>
<li><code>W44</code> Add <code>scope-expand</code> function</li>
</ul>
<h4 id="tenzin-2-2-0">tenzin [2 (2 / 0)]</h4>
<ul>
<li><code>W13</code> use iroh.main for all nodes types <a
href="https://github.com/advthreat/tenzin/pull/2862">#2862</a></li>
<li><code>W13</code> Update iroh.job.jinja <a
href="https://github.com/advthreat/tenzin/pull/2861">#2861</a></li>
</ul>
<h4 id="tenzin-config-24-24-0">tenzin-config [24 (24 / 0)]</h4>
<ul>
<li><code>W25</code> Configure SCA in all missing envs <a
href="https://github.com/advthreat/tenzin-config/pull/927">#927</a></li>
<li><code>W24</code> Enable XDR roles in PROD <a
href="https://github.com/advthreat/tenzin-config/pull/919">#919</a></li>
<li><code>W23</code> factorize PROD <a
href="https://github.com/advthreat/tenzin-config/pull/917">#917</a></li>
<li><code>W23</code> Add role-web-service config everywhere <a
href="https://github.com/advthreat/tenzin-config/pull/911">#911</a></li>
<li><code>W23</code> Canonicalize the configs (#913) <a
href="https://github.com/advthreat/tenzin-config/pull/915">#915</a></li>
<li><code>W23</code> Canonicalize the configs <a
href="https://github.com/advthreat/tenzin-config/pull/913">#913</a></li>
<li><code>W23</code> Add missing role-web-service everywhere <a
href="https://github.com/advthreat/tenzin-config/pull/910">#910</a></li>
<li><code>W23</code> Gen configs git pre-commit hook <a
href="https://github.com/advthreat/tenzin-config/pull/908">#908</a></li>
<li><code>W23</code> Factorisation iroh/iroh-async confs <a
href="https://github.com/advthreat/tenzin-config/pull/904">#904</a></li>
<li><code>W23</code> Tree config structures to prevent config
duplication. <a
href="https://github.com/advthreat/tenzin-config/pull/901">#901</a></li>
<li><code>W22</code> Fix SCSO name <a
href="https://github.com/advthreat/tenzin-config/pull/898">#898</a></li>
<li><code>W22</code> rebrand from SecureX Sign-On to Secure Cloud
Sign-on <a
href="https://github.com/advthreat/tenzin-config/pull/896">#896</a></li>
<li><code>W16</code> fix missing iroh-async web-services <a
href="https://github.com/advthreat/tenzin-config/pull/884">#884</a></li>
<li><code>W16</code> align iroh and iroh-async confs <a
href="https://github.com/advthreat/tenzin-config/pull/883">#883</a></li>
<li><code>W15</code> Add CSC onboarding URLs <a
href="https://github.com/advthreat/tenzin-config/pull/875">#875</a></li>
<li><code>W13</code> fix provisioning service <a
href="https://github.com/advthreat/tenzin-config/pull/863">#863</a></li>
<li><code>W13</code> PIAM config change (+ boostrap cleanup) <a
href="https://github.com/advthreat/tenzin-config/pull/677">#677</a></li>
<li><code>W09</code> add perf.orbital.threatgrid.com to allowed login
origin <a
href="https://github.com/advthreat/tenzin-config/pull/854">#854</a></li>
<li><code>W51</code> sorted router server <a
href="https://github.com/advthreat/tenzin-config/pull/810">#810</a></li>
<li><code>W51</code> sorted bootstrap on INT <a
href="https://github.com/advthreat/tenzin-config/pull/809">#809</a></li>
<li><code>W47</code> provide open impersonate on INT/TEST <a
href="https://github.com/advthreat/tenzin-config/pull/782">#782</a></li>
<li><code>W46</code> update TG clients for new ribbon <a
href="https://github.com/advthreat/tenzin-config/pull/774">#774</a></li>
<li><code>W41</code> Cross Region UI conf <a
href="https://github.com/advthreat/tenzin-config/pull/745">#745</a></li>
<li><code>W38</code> Added ENV and Region in the confs <a
href="https://github.com/advthreat/tenzin-config/pull/729">#729</a></li>
</ul>
<h4 id="xdr-provisioning-26-26-0">xdr-provisioning [26 (26 / 0)]</h4>
<ul>
<li><code>W30</code> Add a script to cleanup test accounts</li>
<li><code>W30</code> rename script and improve error</li>
<li><code>W30</code> minor improvement</li>
<li><code>W30</code> fix ISO code to use 2 chars only</li>
<li><code>W30</code> use the env from the table</li>
<li><code>W30</code> fix tsv-to-commands.sh</li>
<li><code>W30</code> add tsv-to-commands.sh</li>
<li><code>W29</code> add an option to force di and csc onboarding even
for org upgrade</li>
<li><code>W27</code> improve README.md</li>
<li><code>W27</code> update help errror message</li>
<li><code>W27</code> update the doc</li>
<li><code>W27</code> Updated the script to match all possible use
case</li>
<li><code>W27</code> Add SXO to the modules to add for SCA owners.</li>
<li><code>W27</code> Improved doc and safety</li>
<li><code>W27</code> Check if user is admin and improve creation
check</li>
<li><code>W27</code> Improved upgrade PATH</li>
<li><code>W27</code> Provide two scripts</li>
<li><code>W27</code> Merge pull request #1 from
advthreat/sca-support</li>
<li><code>W27</code> add a few logs and better error support</li>
<li><code>W27</code> Add XDR feature-flag</li>
<li><code>W27</code> Optional support for SCA</li>
<li><code>W17</code> Improve help regarding setting env vars</li>
<li><code>W17</code> Improve the command line parsing</li>
<li><code>W17</code> rename script to .sh</li>
<li><code>W17</code> Add onboarding of DI and CSC</li>
<li><code>W16</code> Initial provisioning Script</li>
</ul>
</body>
</html>

192
reports/FY23-Yann-report.org Normal file
View file

@ -0,0 +1,192 @@
#+title: Yann FY23 Report
#+subtitle: back to one month older
#+date: 2023-09-26
#+options: H:6 ^:nil
*** Yann [164]
**** clj-jwt [3 (3 / 0)]
- ~W27~ Version 0.5.2-SNAPSHOT
- ~W27~ Version 0.5.1
- ~W27~ Merge pull request #4 from latacora/master
**** ctia [1 (1 / 0)]
- ~W10~ bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]]
**** iroh [88 (85 / 3)]
- ~W30~ Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]]
- ~W30~ Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]]
- ~W30~ [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]]
- ~W30~ Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]]
- ~W29~ Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]]
- ~W29~ [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]]
- ~W29~ Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]]
- ~W29~ [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]]
- ~W28~ PIAM: Enhance provisioning tracking [[https://github.com/advthreat/iroh/pull/8061][#8061]]
- ~W27~ Make country-name optional from the whoami. [[https://github.com/advthreat/iroh/pull/8050][#8050]]
- ~W27~ Do not send email for XDR org during AO bootstrap [[https://github.com/advthreat/iroh/pull/8045][#8045]]
- ~W27~ [PIAM] Show the whole response on onboarding errors [[https://github.com/advthreat/iroh/pull/8039][#8039]]
- ~W27~ Makes feature-flag change access more precise [[https://github.com/advthreat/iroh/pull/8026][#8026]]
- ~W27~ Revert "woke tool added (#7926)" [[https://github.com/advthreat/iroh/pull/8029][#8029]]
- ~W25~ Sorted Idps [[https://github.com/advthreat/iroh/pull/7997][#7997]]
- ~W25~ Add default value in the Swagger UI description. [[https://github.com/advthreat/iroh/pull/7995][#7995]]
- ~W24~ Hide even more hidden APIs [[https://github.com/advthreat/iroh/pull/7979][#7979]]
- ~W24~ [PIAM]: Support passing body parameter to onboarding via Provisioning API [[https://github.com/advthreat/iroh/pull/7986][#7986]]
- ~W24~ Upgrade SX to XDR org via provisioning [[https://github.com/advthreat/iroh/pull/7981][#7981]]
- ~W24~ feature-flag scopes are considered as special [[https://github.com/advthreat/iroh/pull/7985][#7985]]
- ~W24~ fix local dev environment to be able to start locally without docker [[https://github.com/advthreat/iroh/pull/7944][#7944]]
- ~W23~ Use org to display the roles as expected [[https://github.com/advthreat/iroh/pull/7952][#7952]]
- ~W22~ Fix SCSO rebrand name. [[https://github.com/advthreat/iroh/pull/7937][#7937]]
- ~W22~ Rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/iroh/pull/7935][#7935]]
- ~W22~ A few additional helpers [[https://github.com/advthreat/iroh/pull/7914][#7914]]
- ~W20~ [IROH Auth] Entitlement Service [[https://github.com/advthreat/iroh/pull/7870][#7870]]
- ~W19~ Change the scope for ff change [[https://github.com/advthreat/iroh/pull/7857][#7857]]
- ~W18~ replace clj-momo deep-merge [[https://github.com/advthreat/iroh/pull/7815][#7815]]
- ~W17~ Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]]
- ~W17~ Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]]
- ~W17~ Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]]
- ~W17~ Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]]
- ~W17~ Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]]
- ~W17~ Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]]
- ~W16~ Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]]
- ~W14~ Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]]
- ~W14~ add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]]
- ~W14~ Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]]
- ~W13~ Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]]
- ~W13~ Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]]
- ~W13~ PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]]
- ~W12~ Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]]
- ~W12~ added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]]
- ~W12~ prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]]
- ~W12~ Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]]
- ~W11~ fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]]
- ~W11~ PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]]
- ~W11~ Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]]
- ~W10~ Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]]
- ~W10~ Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]]
- ~W10~ Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]]
- ~W09~ Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]]
- ~W08~ fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]]
- ~W07~ Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]]
- ~W07~ Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]]
- ~W04~ Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]]
- ~W04~ Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]]
- ~W02~ Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]]
- ~W51~ Use short random id for code and csrf [[https://github.com/advthreat/iroh/pull/7417][#7417]]
- ~W50~ Revoked grant should reject event trusted clients [[https://github.com/advthreat/iroh/pull/7394][#7394]]
- ~W47~ RBAC Technical Design [[https://github.com/advthreat/iroh/pull/7314][#7314]]
- ~W47~ Open Impersonate INT/TEST to help UI dev [[https://github.com/advthreat/iroh/pull/7316][#7316]]
- ~W42~ Add kibana links to Admin UI [[https://github.com/advthreat/iroh/pull/7224][#7224]]
- ~W42~ Fix a login button bug in the cross-region admin UI [[https://github.com/advthreat/iroh/pull/7214][#7214]]
- ~W42~ Update ini4j to 0.5.4 [[https://github.com/advthreat/iroh/pull/7199][#7199]]
- ~W41~ Fix logic for Allow All Role to login [[https://github.com/advthreat/iroh/pull/7185][#7185]]
- ~W41~ Deploy the Cross Region Admin UI [[https://github.com/advthreat/iroh/pull/7177][#7177]]
- ~W41~ bump to jackson-databind 2.14.0-rc1 [[https://github.com/advthreat/iroh/pull/7160][#7160]]
- ~W40~ Update jackson-databind [[https://github.com/advthreat/iroh/pull/7159][#7159]]
- ~W39~ Provide a TAC route to change the user's role [[https://github.com/advthreat/iroh/pull/7133][#7133]]
- ~W39~ Fix PIAM Provisioning [[https://github.com/advthreat/iroh/pull/7129][#7129]]
- ~W39~ [Platform] PIAM targeted Provisioning CRUD [[https://github.com/advthreat/iroh/pull/7073][#7073]]
- ~W39~ Fix 500 error response on invalid JWT [[https://github.com/advthreat/iroh/pull/7112][#7112]]
- ~W38~ [IROH-Auth]: Support wildcard for allowed-login-origin on INT [[https://github.com/advthreat/iroh/pull/7085][#7085]]
- ~W38~ Fix and Improve some HTML pages [[https://github.com/advthreat/iroh/pull/7079][#7079]]
- ~W37~ Fix master [[https://github.com/advthreat/iroh/pull/7069][#7069]]
- ~W37~ Improve Auth Mgmt logs [[https://github.com/advthreat/iroh/pull/7067][#7067]]
- ~W37~ Add structured logs to SSE proxy [[https://github.com/advthreat/iroh/pull/7065][#7065]]
- ~W37~ Improve error message on DB schema error [[https://github.com/advthreat/iroh/pull/7061][#7061]]
- ~W36~ Add a testing case for custom OAuth2 routes [[https://github.com/advthreat/iroh/pull/7033][#7033]]
- ~W36~ Cleanup tests 2022 08 [[https://github.com/advthreat/iroh/pull/7014][#7014]]
- ~W36~ Improve the script to delete duplicate accounts [[https://github.com/advthreat/iroh/pull/7028][#7028]]
- ~W35~ Attempt to use ~iroh-crud~ for ~UserService~ [[https://github.com/advthreat/iroh/pull/7008][#7008]]
- ~W34~ Improve Org/User Services Either 2nd [[https://github.com/advthreat/iroh/pull/7002][#7002]]
- ~W31~ Session token lifetime with code param [[https://github.com/advthreat/iroh/pull/6818][#6818]]
_between 12 and 13 months ago_
- ~W30~ remove random-uuid overide warning [[https://github.com/advthreat/iroh/pull/6940][#6940]]
- ~W27~ disable vulnscan [[https://github.com/advthreat/iroh/pull/6864][#6864]]
- ~W27~ Script to remove duplicate users [[https://github.com/advthreat/iroh/pull/6826][#6826]]
**** oauth2-client-demo [4 (4 / 0)]
- ~W41~ Add local env
- ~W41~ Parametrize the device code test
- ~W41~ support public device grant clients
- ~W41~ improved doc
**** ring-jwt-middleware [3 (3 / 0)]
- ~W24~ Version 1.1.4-SNAPSHOT
- ~W24~ Version 1.1.3
- ~W24~ Support external error via is-revoked-fn
**** scopula [13 (13 / 0)]
- ~W49~ Version 0.3.1-SNAPSHOT
- ~W49~ Version 0.3.0
- ~W49~ updated version and deps
- ~W49~ Merge pull request #5 from threatgrid/scope-aliases
- ~W49~ Minor fixes, update README
- ~W49~ Use scopes set length instead of count
- ~W47~ Update README.org
- ~W47~ minor corrections
- ~W47~ Improve scope-aliases
- ~W44~ Improve methodology to not fail on special cases
- ~W44~ Basic compression heuristic for aliases
- ~W44~ Make scopes-expand additive only
- ~W44~ Add ~scope-expand~ function
**** tenzin [2 (2 / 0)]
- ~W13~ use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]]
- ~W13~ Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]]
**** tenzin-config [24 (24 / 0)]
- ~W25~ Configure SCA in all missing envs [[https://github.com/advthreat/tenzin-config/pull/927][#927]]
- ~W24~ Enable XDR roles in PROD [[https://github.com/advthreat/tenzin-config/pull/919][#919]]
- ~W23~ factorize PROD [[https://github.com/advthreat/tenzin-config/pull/917][#917]]
- ~W23~ Add role-web-service config everywhere [[https://github.com/advthreat/tenzin-config/pull/911][#911]]
- ~W23~ Canonicalize the configs (#913) [[https://github.com/advthreat/tenzin-config/pull/915][#915]]
- ~W23~ Canonicalize the configs [[https://github.com/advthreat/tenzin-config/pull/913][#913]]
- ~W23~ Add missing role-web-service everywhere [[https://github.com/advthreat/tenzin-config/pull/910][#910]]
- ~W23~ Gen configs git pre-commit hook [[https://github.com/advthreat/tenzin-config/pull/908][#908]]
- ~W23~ Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]]
- ~W23~ Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]]
- ~W22~ Fix SCSO name [[https://github.com/advthreat/tenzin-config/pull/898][#898]]
- ~W22~ rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/tenzin-config/pull/896][#896]]
- ~W16~ fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]]
- ~W16~ align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]]
- ~W15~ Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]]
- ~W13~ fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]]
- ~W13~ PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]]
- ~W09~ add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]]
- ~W51~ sorted router server [[https://github.com/advthreat/tenzin-config/pull/810][#810]]
- ~W51~ sorted bootstrap on INT [[https://github.com/advthreat/tenzin-config/pull/809][#809]]
- ~W47~ provide open impersonate on INT/TEST [[https://github.com/advthreat/tenzin-config/pull/782][#782]]
- ~W46~ update TG clients for new ribbon [[https://github.com/advthreat/tenzin-config/pull/774][#774]]
- ~W41~ Cross Region UI conf [[https://github.com/advthreat/tenzin-config/pull/745][#745]]
- ~W38~ Added ENV and Region in the confs [[https://github.com/advthreat/tenzin-config/pull/729][#729]]
**** xdr-provisioning [26 (26 / 0)]
- ~W30~ Add a script to cleanup test accounts
- ~W30~ rename script and improve error
- ~W30~ minor improvement
- ~W30~ fix ISO code to use 2 chars only
- ~W30~ use the env from the table
- ~W30~ fix tsv-to-commands.sh
- ~W30~ add tsv-to-commands.sh
- ~W29~ add an option to force di and csc onboarding even for org upgrade
- ~W27~ improve README.md
- ~W27~ update help errror message
- ~W27~ update the doc
- ~W27~ Updated the script to match all possible use case
- ~W27~ Add SXO to the modules to add for SCA owners.
- ~W27~ Improved doc and safety
- ~W27~ Check if user is admin and improve creation check
- ~W27~ Improved upgrade PATH
- ~W27~ Provide two scripts
- ~W27~ Merge pull request #1 from advthreat/sca-support
- ~W27~ add a few logs and better error support
- ~W27~ Add XDR feature-flag
- ~W27~ Optional support for SCA
- ~W17~ Improve help regarding setting env vars
- ~W17~ Improve the command line parsing
- ~W17~ rename script to .sh
- ~W17~ Add onboarding of DI and CSC
- ~W16~ Initial provisioning Script

BIN
reports/FY23-Yann-report.pdf Normal file
View file

Binary file not shown.

1338
reports/FY23Q1-report.html Normal file
View file

File diff suppressed because it is too large Load diff

700
reports/FY23Q1-report.org Normal file
View file

@ -0,0 +1,700 @@
#+title: FY23Q1 Report
#+subtitle: logs goes 4 months back
#+date: 2023-11-15
#+options: H:6 ^:nil
* IROH
** lead
*** Guillaume Buisson [23]
**** ctia [1]
_between 3 and 4 months old_
- Revert "woke tool added (#1375)"
**** iroh [6]
- A new script to update a record :created in ES [[https://github.com/advthreat/iroh/pull/8574][#8574]]
- NotificationRequest Service Design [[https://github.com/advthreat/iroh/pull/8264][#8264]]
_between 3 and 4 months old_
- Api insights compliance and tooling [[https://github.com/advthreat/iroh/pull/8204][#8204]]
- Revert "Initial API Insights support (#7938)" [[https://github.com/advthreat/iroh/pull/8200][#8200]]
- Initial API Insights support [[https://github.com/advthreat/iroh/pull/7938][#7938]]
- Initial Notification service developer documentation [[https://github.com/advthreat/iroh/pull/8166][#8166]]
**** iroh-offsite-fy24 [15]
- Added coffee section
- Added Workstation
- fixed time
- Individual Presentations Schedule
- Adding my retrospective
- updated program
- Changed the program
- moved stuff
- typo
- Added schedule CS
- Update program.org
- Update program.org
- Update README.org
- Added schedule CS
- Added Program
**** tenzin-config [1]
_between 3 and 4 months old_
- Set the IROH API version [[https://github.com/advthreat/tenzin-config/pull/965][#965]]
** data
*** Mario Aquino [35]
**** iroh [29]
- Incident Summary migration re-run [[https://github.com/advthreat/iroh/pull/8597][#8597]]
- Notification request uses paginated user search [[https://github.com/advthreat/iroh/pull/8606][#8606]]
- Add support for role-targetted notification [[https://github.com/advthreat/iroh/pull/8557][#8557]]
- Issue 8438/notification request phase 1 [[https://github.com/advthreat/iroh/pull/8470][#8470]]
- Fix flaky test [[https://github.com/advthreat/iroh/pull/8521][#8521]]
- Use int-req-ctx when calling post-bundle-import [[https://github.com/advthreat/iroh/pull/8500][#8500]]
- Use incident long-id for incident summary lookup [[https://github.com/advthreat/iroh/pull/8489][#8489]]
- Establish timeout limit for incident enrichment [[https://github.com/advthreat/iroh/pull/8484][#8484]]
- Use org virtual user for threat hunt enrichment enqueuing [[https://github.com/advthreat/iroh/pull/8458][#8458]]
- Prevent incident-summary ID patching [[https://github.com/advthreat/iroh/pull/8468][#8468]]
- Limit fields returned by Incident Summary Search [[https://github.com/advthreat/iroh/pull/8435][#8435]]
- Incident summary update migration [[https://github.com/advthreat/iroh/pull/8416][#8416]]
- Incident Summary search max page size increase [[https://github.com/advthreat/iroh/pull/8414][#8414]]
- Update Incident Summary [[https://github.com/advthreat/iroh/pull/8386][#8386]]
- Fix support for sorting on source or title [[https://github.com/advthreat/iroh/pull/8392][#8392]]
- Prevent caching Talos threat hunt if missing judgements [[https://github.com/advthreat/iroh/pull/8357][#8357]]
- Set default page size to 10, max to 25 for incident summary search [[https://github.com/advthreat/iroh/pull/8344][#8344]]
- Prevent empty threat data from saving with threat hunt status [[https://github.com/advthreat/iroh/pull/8314][#8314]]
- Add info logging for visibility into incident determination [[https://github.com/advthreat/iroh/pull/8305][#8305]]
- Incident Summary timestamp and search filters support [[https://github.com/advthreat/iroh/pull/8262][#8262]]
- Incident Summary modification timestamps [[https://github.com/advthreat/iroh/pull/8229][#8229]]
_between 3 and 4 months old_
- Async metrics doc [[https://github.com/advthreat/iroh/pull/7774][#7774]]
- [Bugfix] Enforce groups filtering when searching incident summaries [[https://github.com/advthreat/iroh/pull/8211][#8211]]
- Prepend bearer prefix if missing [[https://github.com/advthreat/iroh/pull/8190][#8190]]
- Fix CTIA auth parameter [[https://github.com/advthreat/iroh/pull/8174][#8174]]
- Incident Summary Migration (v2) [[https://github.com/advthreat/iroh/pull/8167][#8167]]
- Incident Summary Migration [[https://github.com/advthreat/iroh/pull/8092][#8092]]
- Developer doc for the migration task [[https://github.com/advthreat/iroh/pull/8087][#8087]]
- Issue 8081/configure incident summary index settings [[https://github.com/advthreat/iroh/pull/8086][#8086]]
**** iroh-offsite-fy24 [1]
- The Mario you know...
**** tenzin-config [5]
- Rerun incident summary migration and update ES index [[https://github.com/advthreat/tenzin-config/pull/1001][#1001]]
- Enable incident summary update migration [[https://github.com/advthreat/tenzin-config/pull/983][#983]]
- Config for incident summary date migration [[https://github.com/advthreat/tenzin-config/pull/968][#968]]
_between 3 and 4 months old_
- Adds incident summary migration [[https://github.com/advthreat/tenzin-config/pull/958][#958]]
- Removes refresh parameter from incident summary index config [[https://github.com/advthreat/tenzin-config/pull/948][#948]]
*** Guillaume Erétéo [26]
**** ctia [2]
- Incident status disposition [[https://github.com/advthreat/ctia/pull/1389][#1389]]
- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1387][#1387]]
**** iroh [15]
- entitlement-enforcement-jobs-service in default [[https://github.com/advthreat/iroh/pull/8612][#8612]]
- incident status_disposition [[https://github.com/advthreat/iroh/pull/8587][#8587]]
- introduce admin common web service for cisco services [[https://github.com/advthreat/iroh/pull/8573][#8573]]
- speed up listing of entilements [[https://github.com/advthreat/iroh/pull/8516][#8516]]
- Update CODEOWNERS [[https://github.com/advthreat/iroh/pull/8524][#8524]]
- Add entitlement summaries endpoint for external policy enforcement jobs [[https://github.com/advthreat/iroh/pull/8508][#8508]]
- ductile 0.4.8 [[https://github.com/advthreat/iroh/pull/8453][#8453]]
- XDR intel retention design [[https://github.com/advthreat/iroh/pull/8153][#8153]]
- Manual Data Deletion of Private Intel Data [[https://github.com/advthreat/iroh/pull/8384][#8384]]
_between 3 and 4 months old_
- SE and SCA stats [[https://github.com/advthreat/iroh/pull/8154][#8154]]
- Eventually fix incident report flaky test 2 [[https://github.com/advthreat/iroh/pull/8171][#8171]]
- Draft of proposals for migrating enrichment to CONURE [[https://github.com/advthreat/iroh/pull/7983][#7983]]
- Ductile 0.4.7 [[https://github.com/advthreat/iroh/pull/8120][#8120]]
- fix flaky test on incident summary report [[https://github.com/advthreat/iroh/pull/8083][#8083]]
- aliased ES tk-store [[https://github.com/advthreat/iroh/pull/7822][#7822]]
**** iroh-offsite-fy24 [3]
- fix
- typos
- ge
**** tenzin-config [6]
- fix config path in README.md [[https://github.com/advthreat/tenzin-config/pull/1000][#1000]]
_between 3 and 4 months old_
- add back incident in public intel [[https://github.com/advthreat/tenzin-config/pull/960][#960]]
- disable unsused private/public stores [[https://github.com/advthreat/tenzin-config/pull/959][#959]]
- wip [[https://github.com/advthreat/tenzin-config/pull/951][#951]]
- rename incident summary index for new params [[https://github.com/advthreat/tenzin-config/pull/950][#950]]
- add write alias and rollover [[https://github.com/advthreat/tenzin-config/pull/949][#949]]
*** Ambrose Bonnaire-Sergeant [23]
**** ctia [4]
- New bundle/import option: merge previous incident tactics/techniques [[https://github.com/advthreat/ctia/pull/1388][#1388]]
- Patch existing entities in ~POST /bundle/import~ [[https://github.com/advthreat/ctia/pull/1383][#1383]]
- Fix memory leak [[https://github.com/advthreat/ctia/pull/1382][#1382]]
_between 3 and 4 months old_
- Do not init disabled stores [[https://github.com/advthreat/ctia/pull/1379][#1379]]
**** iroh [6]
- Enable entity patching in POST /private-intel/bundle/import [[https://github.com/advthreat/iroh/pull/8492][#8492]]
- Fix bad bulk call [[https://github.com/advthreat/iroh/pull/8333][#8333]]
- PATCH /bundle/import pass-thru route [[https://github.com/advthreat/iroh/pull/8128][#8128]]
- Fix memory leak [[https://github.com/advthreat/iroh/pull/8243][#8243]]
_between 3 and 4 months old_
- Add missing bearer in incident summary [[https://github.com/advthreat/iroh/pull/8183][#8183]]
- Revert "Fix CTIA auth parameter" [[https://github.com/advthreat/iroh/pull/8182][#8182]]
**** iroh-offsite-fy24 [13]
- Merge branch 'main' of github.com:advthreat/iroh-offsite-fy24
- wip
- successes
- leak
- 120
- plumbing
- flaky
- stuff
- schema
- assess
- me
- stuff
- start
** integrations
*** Matthieu Sprunck [12]
**** iroh [5]
- StackOverflowError temporary fix [[https://github.com/advthreat/iroh/pull/8607][#8607]]
- Allow any header name in the remote module auth configuration [[https://github.com/advthreat/iroh/pull/8529][#8529]]
- Add ciscoxdr as a valid Feedback source [[https://github.com/advthreat/iroh/pull/8515][#8515]]
- Fix Duo Admin API Auth (sigv2) for POST requests [[https://github.com/advthreat/iroh/pull/8330][#8330]]
- Remote module: Remove duplicate / in generated URLs [[https://github.com/advthreat/iroh/pull/8095][#8095]]
**** tenzin-config [7]
- Configure new CSC domain in the provisioning service [[https://github.com/advthreat/tenzin-config/pull/988][#988]]
- New CSC domain for TEST [[https://github.com/advthreat/tenzin-config/pull/987][#987]]
- Add missing config to ExtraHop module record [[https://github.com/advthreat/tenzin-config/pull/974][#974]]
- IROH Proxy config for ExtraHop integration [[https://github.com/advthreat/tenzin-config/pull/973][#973]]
- Disable all relay apis in the Duo module [[https://github.com/advthreat/tenzin-config/pull/971][#971]]
- Configure the IROH Proxy for the Duo module [[https://github.com/advthreat/tenzin-config/pull/969][#969]]
_between 3 and 4 months old_
- IROH Proxy configuration for PAN Cortex XDR [[https://github.com/advthreat/tenzin-config/pull/947][#947]]
*** Kirill Chernyshov [24]
**** iroh [20]
- Add draft design for IROH Events data retention [[https://github.com/advthreat/iroh/pull/8585][#8585]]
- Fix shutdown process of Kafka Consumer [[https://github.com/advthreat/iroh/pull/8558][#8558]]
- Fixes for CTIA Transfer service [[https://github.com/advthreat/iroh/pull/8552][#8552]]
- Transfer CTIA Events [[https://github.com/advthreat/iroh/pull/8514][#8514]]
- Tiny fix for EventWebservice router [[https://github.com/advthreat/iroh/pull/8493][#8493]]
- Handle a case when no include-filters given [[https://github.com/advthreat/iroh/pull/8405][#8405]]
- Replace symbols in random nonce [[https://github.com/advthreat/iroh/pull/8374][#8374]]
- Add :client-credentials-basic-rfc auth type [[https://github.com/advthreat/iroh/pull/8367][#8367]]
- Add new authentication scheme [[https://github.com/advthreat/iroh/pull/8353][#8353]]
- Add automation events and adjust filters [[https://github.com/advthreat/iroh/pull/8349][#8349]]
- Add ~include~ query parameter to incident events [[https://github.com/advthreat/iroh/pull/8331][#8331]]
- Fix sorting for incident events [[https://github.com/advthreat/iroh/pull/8317][#8317]]
- Revert changes to events/search endpoint [[https://github.com/advthreat/iroh/pull/8292][#8292]]
- Deduplicate incident events + note events [[https://github.com/advthreat/iroh/pull/8282][#8282]]
- Trim incident keys to match response schema [[https://github.com/advthreat/iroh/pull/8273][#8273]]
- Fix double uri encoding during passing through parameter to PrivateIntel [[https://github.com/advthreat/iroh/pull/8269][#8269]]
- Add PrivateIntelEventService to default-bootstrap.cfg [[https://github.com/advthreat/iroh/pull/8267][#8267]]
- Add API endpoint to combine events from IROH and PrivateIntel [[https://github.com/advthreat/iroh/pull/8245][#8245]]
_between 3 and 4 months old_
- Create events for incidents [[https://github.com/advthreat/iroh/pull/8162][#8162]]
- Replace kpow with akhq for kafka cluster ops [[https://github.com/advthreat/iroh/pull/8206][#8206]]
**** tenzin-config [4]
- Use strict rfc auth method for ExtraHop module [[https://github.com/advthreat/tenzin-config/pull/977][#977]]
- Fix typo [[https://github.com/advthreat/tenzin-config/pull/976][#976]]
- Configure Palo Alto Cortex proxy [[https://github.com/advthreat/tenzin-config/pull/975][#975]]
_between 3 and 4 months old_
- [TEST, PROD] Enable Kafka services [[https://github.com/advthreat/tenzin-config/pull/944][#944]]
*** Shafiq [11]
**** iroh [9]
- Update iroh-event developer doc [[https://github.com/advthreat/iroh/pull/8596][#8596]]
- Add x-sort header to support search_after pagination [[https://github.com/advthreat/iroh/pull/8586][#8586]]
- Identify trusted service to service req for SE [[https://github.com/advthreat/iroh/pull/8495][#8495]]
- Add error log for unsuccessful proxy health checks [[https://github.com/advthreat/iroh/pull/8442][#8442]]
- Include module flags with proxy-endpoints-metadata response [[https://github.com/advthreat/iroh/pull/8439][#8439]]
- Support Darktrace authentication for IROH-Proxy [[https://github.com/advthreat/iroh/pull/8385][#8385]]
- Generate error message with applied url-template [[https://github.com/advthreat/iroh/pull/8332][#8332]]
- Generate appropriate errors for invalid url template [[https://github.com/advthreat/iroh/pull/8322][#8322]]
- Implement proxy health checks for Relay modules [[https://github.com/advthreat/iroh/pull/8250][#8250]]
**** tenzin-config [2]
- Add darktrace module [[https://github.com/advthreat/tenzin-config/pull/985][#985]]
_between 3 and 4 months old_
- Update rollover settings for iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/946][#946]]
** auth
*** bartuka [41]
**** iroh [23]
- [IROH Auth] Add support to accept IROH Auth JWTs and External JWTs in a WebService [[https://github.com/advthreat/iroh/pull/8528][#8528]]
- [IROH Auth] bump ~ring-jwt-middleware~ to ~1.1.5~ [[https://github.com/advthreat/iroh/pull/8568][#8568]]
- [IROH Auth] check entitlements schema in universal piam flow [[https://github.com/advthreat/iroh/pull/8560][#8560]]
- [IROH Auth] fix check of ~allowed-origins~ for ~registration_redirect~ query param [[https://github.com/advthreat/iroh/pull/8559][#8559]]
- [IROH Auth] move ~oauth2-jwkset~ to ~jwks-svc~ [[https://github.com/advthreat/iroh/pull/8534][#8534]]
- [IROH Auth] - Expose ~universal-provisioning-web-service~ [[https://github.com/advthreat/iroh/pull/8499][#8499]]
- [IROH Auth] move ~is-trusted-clients?~ to ~OAuth2ClientService~ [[https://github.com/advthreat/iroh/pull/8502][#8502]]
- [IROH Auth] add ~UniversalProvisioningService~ [[https://github.com/advthreat/iroh/pull/8459][#8459]]
- [IROH Auth] Add support to use ~jwt-pubkey-fn~ to IROH Web [[https://github.com/advthreat/iroh/pull/8450][#8450]]
- [IROH Auth] add ~JWKSService~ with ~cache-jwks~ and ~get-public-keys~ methods [[https://github.com/advthreat/iroh/pull/8449][#8449]]
- [IROH Auth] Universal Provisioning Flow - Design [[https://github.com/advthreat/iroh/pull/8300][#8300]]
- fix webhook schemas for GET search [[https://github.com/advthreat/iroh/pull/8379][#8379]]
- [IROH Auth] Add ~allow-all-role-to-login~ to ~/profile/accounts~ [[https://github.com/advthreat/iroh/pull/8271][#8271]]
- [IROH Auth] Get ~create_org~ query-param from ~origin~ at the ~/login~ endpoint [[https://github.com/advthreat/iroh/pull/8316][#8316]]
- [IROH Auth] Add ~create-org~ query-param to show Create org options in Reg UI [[https://github.com/advthreat/iroh/pull/8308][#8308]]
- [IROH Auth] make ~AO~ scope public [[https://github.com/advthreat/iroh/pull/8223][#8223]]
_between 3 and 4 months old_
- Revert "[IROH Auth] Add ~insights:read~ scope to be visible to Admin … [[https://github.com/advthreat/iroh/pull/8225][#8225]]
- [IROH Auth] Add ~insights:read~ scope to be visible to Admin and Master users [[https://github.com/advthreat/iroh/pull/8186][#8186]]
- [IROH Auth] add ~insights~ root scope [[https://github.com/advthreat/iroh/pull/8185][#8185]]
- [IROH Auth] emit event on entitlement change [[https://github.com/advthreat/iroh/pull/8164][#8164]]
- Design doc to webhook support on Entitlement create/update [[https://github.com/advthreat/iroh/pull/8112][#8112]]
- NewEvent ~:created-at~ is optional for IROH internal calls and mandatory to HTTP events [[https://github.com/advthreat/iroh/pull/8121][#8121]]
- [IROH Auth] Support XDR ~signup-url~ [[https://github.com/advthreat/iroh/pull/8117][#8117]]
**** iroh-offsite-fy24 [4]
- Merge remote-tracking branch 'refs/remotes/origin/main'
- sync
- fix
- retro
**** ring-jwt-middleware [11]
- add test case
- update readme
- fix schema
- log the full jwt when error
- use the default value
- fix tests by adding ~post-jwt-format-fn-arg-fn~ to config and schema
- fix all tests by changing the output of ~decode~
- Merge pull request #28 from threatgrid/pubkey-fn-arg-fn
- fix config_test
- add test case
- initial commit
**** tenzin-config [3]
- add new automation hosts to webhook runner [[https://github.com/advthreat/tenzin-config/pull/979][#979]]
- update help-url [[https://github.com/advthreat/tenzin-config/pull/967][#967]]
_between 3 and 4 months old_
- config to support signup-url xdr [[https://github.com/advthreat/tenzin-config/pull/955][#955]]
*** Yann Esposito [63]
**** iroh [22]
- Generalize default indexes for data retention [[https://github.com/advthreat/iroh/pull/8598][#8598]]
- [Data Retention Policy]: Delete incident summaries along incident [[https://github.com/advthreat/iroh/pull/8576][#8576]]
- [Provisioning] Introduce ~product-instance-id~ [[https://github.com/advthreat/iroh/pull/8577][#8577]]
- Simply wait a lot more for ES to sync [[https://github.com/advthreat/iroh/pull/8553][#8553]]
- Quick fix on the IROH login page [[https://github.com/advthreat/iroh/pull/8564][#8564]]
- Prevent org duplication during provisioning [[https://github.com/advthreat/iroh/pull/8556][#8556]]
- Declared scopes tree [[https://github.com/advthreat/iroh/pull/8537][#8537]]
- Improve constraints against Entitlements [[https://github.com/advthreat/iroh/pull/8525][#8525]]
- Fix admin route to support combinators [[https://github.com/advthreat/iroh/pull/8377][#8377]]
- Data Retention endpoint returns immediately [[https://github.com/advthreat/iroh/pull/8486][#8486]]
- Data retention policy enforcement [[https://github.com/advthreat/iroh/pull/8431][#8431]]
- PIAM: Support filtered out onboardings [[https://github.com/advthreat/iroh/pull/8275][#8275]]
- Improved entitlement doc [[https://github.com/advthreat/iroh/pull/8261][#8261]]
- Expose XDR-enabled? SX-enabled? on whoami [[https://github.com/advthreat/iroh/pull/8274][#8274]]
_between 3 and 4 months old_
- Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]]
- Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]]
- [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]]
- Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]]
- Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]]
- [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]]
- Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]]
- [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]]
**** iroh-offsite-fy24 [2]
- Update content + reveal
- Initial commit
**** iroh-scripts [21]
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
- Improve scripting lib
- improve error message
- small rename improved search
- add search
- improve + new scripts
- Provision orgs for developers with some fixed entitlements
- attempt 2
- Attempt to fix links in README
- Improve README.org
- create an admin util ns
- add a nice example with get-client.sh
- initial commit with an example
**** ring-jwt-middleware [4]
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** tenzin-config [4]
- increase rate limit for lab [[https://github.com/advthreat/tenzin-config/pull/992][#992]]
- Typo fix #989 [[https://github.com/advthreat/tenzin-config/pull/991][#991]]
- Declare missing service [[https://github.com/advthreat/tenzin-config/pull/990][#990]]
- Configure Enforce Entitlement Jobs service [[https://github.com/advthreat/tenzin-config/pull/989][#989]]
**** xdr-provisioning [10]
- fix exit
- prevent duplicate onboard calls
_between 3 and 4 months old_
- Add a script to cleanup test accounts
- rename script and improve error
- minor improvement
- fix ISO code to use 2 chars only
- use the env from the table
- fix tsv-to-commands.sh
- add tsv-to-commands.sh
- add an option to force di and csc onboarding even for org upgrade
*** Olivier Barbeau [29]
**** iroh [27]
- Implement ~Module Instance service~ event handler [[https://github.com/advthreat/iroh/pull/8592][#8592]]
- Updates to the design 'entitlement changes for integration modules' [[https://github.com/advthreat/iroh/pull/8541][#8541]]
- E8388: add new module-instance events, register Module Instance service as handler [[https://github.com/advthreat/iroh/pull/8547][#8547]]
- E8388: Issue 8531 add state to module instance schema [[https://github.com/advthreat/iroh/pull/8544][#8544]]
- Issue 8389 design entitlement changes for integration modules [[https://github.com/advthreat/iroh/pull/8510][#8510]]
- More modules restrictions tests [[https://github.com/advthreat/iroh/pull/8411][#8411]]
- Modules restrictions: Fix missing known exception [[https://github.com/advthreat/iroh/pull/8380][#8380]]
- Apply entitlements to the IntService [[https://github.com/advthreat/iroh/pull/8350][#8350]]
- Apply entitlements to the ModuleInstance API [[https://github.com/advthreat/iroh/pull/8327][#8327]]
- Clear reason of error when creating a module instance with wrong module type [[https://github.com/advthreat/iroh/pull/8320][#8320]]
- Apply entitlements to the ModuleType API [[https://github.com/advthreat/iroh/pull/8303][#8303]]
- Update ~search-module-types-response~ with combinator search query [[https://github.com/advthreat/iroh/pull/8290][#8290]]
- Stores optimization: Update search-module-instances-internal with combinator search query [[https://github.com/advthreat/iroh/pull/8287][#8287]]
- fix test: use two stores [[https://github.com/advthreat/iroh/pull/8285][#8285]]
- Stores optimization: modify ~load-module-instances~ and ~load-module-types~ [[https://github.com/advthreat/iroh/pull/8281][#8281]]
- [Cleanup] Remove the ~:xdr-roles~ feature flag [[https://github.com/advthreat/iroh/pull/8205][#8205]]
- [Cleanup] Remove the ~:merge-users-by-email~ feature flag [[https://github.com/advthreat/iroh/pull/8198][#8198]]
- [Cleanup] Remove the ~:registration~ feature flag [[https://github.com/advthreat/iroh/pull/8199][#8199]]
_between 3 and 4 months old_
- Annotated diagram for ~check_node_types.clj~ [[https://github.com/advthreat/iroh/pull/8133][#8133]]
- Increases the time allocated to node start-up [[https://github.com/advthreat/iroh/pull/8125][#8125]]
- [IROH configuration]: Checks that each IROH node type starts correctly [[https://github.com/advthreat/iroh/pull/8043][#8043]]
- fix format-style args logs [[https://github.com/advthreat/iroh/pull/8119][#8119]]
- Adapt OrgAccessRequest to XDR [[https://github.com/advthreat/iroh/pull/8108][#8108]]
- Redirect invited user to XDR [[https://github.com/advthreat/iroh/pull/8105][#8105]]
- Duplicate ~one-click-module-service~ in bootstrap [[https://github.com/advthreat/iroh/pull/8071][#8071]]
- Start node with type and env [[https://github.com/advthreat/iroh/pull/8085][#8085]]
- matrix config for ~in-isolation~ tests [[https://github.com/advthreat/iroh/pull/8082][#8082]]
**** iroh-offsite-fy24 [1]
- Olivier's retro
**** tenzin-config [1]
_between 3 and 4 months old_
- add first-url for both SX and XDR [[https://github.com/advthreat/tenzin-config/pull/952][#952]]
*** (Yogsototh) [37]
**** iroh-offsite-fy24 [2]
- Update content + reveal
- Initial commit
**** iroh-scripts [21]
- add scope to a client
- Help support cider
- add admin to org
- Improved descriptions
- promote-to-master script
- Fix and small improvements
- Improve robustness
- Scripts for admin
- client-pass
- Improve scripting lib
- improve error message
- small rename improved search
- add search
- improve + new scripts
- Provision orgs for developers with some fixed entitlements
- attempt 2
- Attempt to fix links in README
- Improve README.org
- create an admin util ns
- add a nice example with get-client.sh
- initial commit with an example
**** ring-jwt-middleware [4]
- Version 1.1.6-SNAPSHOT
- Version 1.1.5
- v1.1.5-SNAPSHOT
- Version 1.1.4
**** xdr-provisioning [10]
- fix exit
- prevent duplicate onboard calls
_between 3 and 4 months old_
- Add a script to cleanup test accounts
- rename script and improve error
- minor improvement
- fix ISO code to use 2 chars only
- use the env from the table
- fix tsv-to-commands.sh
- add tsv-to-commands.sh
- add an option to force di and csc onboarding even for org upgrade
** iroh-ops
*** Jerome Schneider [3]
**** iroh-offsite-fy24 [3]
- Jerome: last minute changes
- add percentages for my day look like
- add personal presentation
*** [0]
* Other
** Other
*** Robert Levy [5]
**** iroh [4]
- change description, title, etc on incident status tile [[https://github.com/advthreat/iroh/pull/8362][#8362]]
- change format of incident-status tile to horizontal bar chart [[https://github.com/advthreat/iroh/pull/8345][#8345]]
_between 3 and 4 months old_
- null the top-level data key when no rows in ctia datatable tiles [[https://github.com/advthreat/iroh/pull/8143][#8143]]
- when rows null, data.data should be null [[https://github.com/advthreat/iroh/pull/8130][#8130]]
**** tenzin-config [1]
- Revert "Adds cache configuration for CrowdStrike (#1002)" [[https://github.com/advthreat/tenzin-config/pull/1005][#1005]]
*** Eric Gierach [6]
**** iroh [6]
- bumping iroh-engine to 0.15.13 [[https://github.com/advthreat/iroh/pull/8520][#8520]]
- bumping iroh-engine to 0.15.12 [[https://github.com/advthreat/iroh/pull/8509][#8509]]
- Update iroh-engine dep to 0.15.11 [[https://github.com/advthreat/iroh/pull/8460][#8460]]
- updating iroh-engine to 0.15.10 [[https://github.com/advthreat/iroh/pull/8295][#8295]]
_between 3 and 4 months old_
- updating to iroh-engine 0.15.9 to fix query params [[https://github.com/advthreat/iroh/pull/8232][#8232]]
- updating iroh-engine to 0.15.8 to fix wait_for query param [[https://github.com/advthreat/iroh/pull/8224][#8224]]
*** II [9]
**** ctia [1]
- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
**** iroh [7]
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]
_between 3 and 4 months old_
- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
**** tenzin-config [1]
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Devin Walters [4]
**** tenzin-config [4]
- Add port 443 to ctia base urls [[https://github.com/advthreat/tenzin-config/pull/996][#996]]
- Add the rest of playbook environment configs [[https://github.com/advthreat/tenzin-config/pull/981][#981]]
- Add TEST config for playbook service [[https://github.com/advthreat/tenzin-config/pull/980][#980]]
- Initial playbook config [[https://github.com/advthreat/tenzin-config/pull/972][#972]]
*** Cisco [1]
**** iroh-offsite-fy24 [1]
- Olivier's retro
*** Ag Ibragimov [1]
**** ctia [1]
- Filter incidents on timestamp not created [[https://github.com/advthreat/ctia/pull/1377][#1377]]
*** [9]
**** ctia [1]
- Bumps CTIM version to 1.3.10 [[https://github.com/advthreat/ctia/pull/1385][#1385]]
**** iroh [7]
- 8496 - relay module token cache [[https://github.com/advthreat/iroh/pull/8580][#8580]]
- Issue 8456 - Uses string instead of regex fake route to fix flaky test [[https://github.com/advthreat/iroh/pull/8462][#8462]]
- Only returns proxy endpoint metadata when v2 is configured [[https://github.com/advthreat/iroh/pull/8447][#8447]]
- 8239 migrate umbrella routes [[https://github.com/advthreat/iroh/pull/8247][#8247]]
- Issue 8383 ao header ids [[https://github.com/advthreat/iroh/pull/8433][#8433]]
- Issue 8429 bump ctim version darktrace [[https://github.com/advthreat/iroh/pull/8430][#8430]]
_between 3 and 4 months old_
- 8114 - API proxy for Umbrella v2 routes [[https://github.com/advthreat/iroh/pull/8228][#8228]]
**** tenzin-config [1]
- Adds cache configuration for CrowdStrike [[https://github.com/advthreat/tenzin-config/pull/1002][#1002]]
*** Andrew Parisi [3]
**** tenzin-config [3]
- [data-retention/update-entitlement-route-information] [[https://github.com/advthreat/tenzin-config/pull/1004][#1004]]
- [gh-607/mark-sightings-internal-based-on-module-type-map-fix-mistake] [[https://github.com/advthreat/tenzin-config/pull/984][#984]]
- conure-607/mark-sightings-internal-based-on-module-type-map [[https://github.com/advthreat/tenzin-config/pull/982][#982]]
*** shafjama [1]
**** iroh-offsite-fy24 [1]
- Last minute
*** Scott McLeod [8]
**** iroh [8]
- Filter out empty xdr-org summary reports [[https://github.com/advthreat/iroh/pull/8472][#8472]]
- XDR Org Incident Stats Summaries [[https://github.com/advthreat/iroh/pull/8441][#8441]]
- Tansform aggregate service to accept a list of AggQuery [[https://github.com/advthreat/iroh/pull/8387][#8387]]
- Add summary stats [[https://github.com/advthreat/iroh/pull/8348][#8348]]
- Add enterprise-id to incident report [[https://github.com/advthreat/iroh/pull/8258][#8258]]
_between 3 and 4 months old_
- Add percentiles aggregation [[https://github.com/advthreat/iroh/pull/8197][#8197]]
- Add stats aggregation [[https://github.com/advthreat/iroh/pull/8189][#8189]]
- Update Incident Report Service schemas [[https://github.com/advthreat/iroh/pull/8159][#8159]]
*** Matthieu Sprunck [1]
**** iroh-offsite-fy24 [1]
- Matthieu's retro
*** Patrick Patat [1]
**** iroh-offsite-fy24 [1]
- add presentation
*** t2sw [2]
**** ctia [1]
- Update CODEOWNERS [[https://github.com/advthreat/ctia/pull/1390][#1390]]
**** iroh [1]
- add new endpoint for role service to query roles by an org id; update… [[https://github.com/advthreat/iroh/pull/8364][#8364]]
*** Jerome Schneider [1]
**** iroh [1]
- Upgrade riemann server (#8253) [[https://github.com/advthreat/iroh/pull/8254][#8254]]
*** Brooke Swanson [1]
**** tenzin-config [1]
- Up distributor worker counts for test and prod. [[https://github.com/advthreat/tenzin-config/pull/993][#993]]
*** Jillian Flook [1]
**** tenzin-config [1]
- update dashboard UserResearchCTA [[https://github.com/advthreat/tenzin-config/pull/997][#997]]
*** (msprunck) [1]
**** iroh-offsite-fy24 [1]
- Matthieu's retro
*** Pawan Bahuguna [2]
**** tenzin-config [2]
- Updated Playbook URL in all regions [[https://github.com/advthreat/tenzin-config/pull/998][#998]]
- SXOPS-937 Add New Services [[https://github.com/advthreat/tenzin-config/pull/995][#995]]
*** James Brock [1]
**** easy-purescript-nix [1]
- Upgrades

467
reports/FY24Q2-report.html Normal file
View file

@ -0,0 +1,467 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2024-01-26" />
<title>FY24Q2 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">FY24Q2 Report</h1>
<p class="subtitle">logs goes 4 months back</p>
<p class="date">2024-01-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#section">[0]</a></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-7">Mario Aquino [7]</a>
<ul>
<li><a href="#iroh-4">iroh [4]</a></li>
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#section-1">[0]</a></li>
<li><a href="#ambrose-bonnaire-sergeant-7">Ambrose Bonnaire-Sergeant
[7]</a>
<ul>
<li><a href="#ctia-2">ctia [2]</a></li>
<li><a href="#iroh-3">iroh [3]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#section-2">[0]</a></li>
<li><a href="#kirill-chernyshov-6">Kirill Chernyshov [6]</a>
<ul>
<li><a href="#iroh-3-1">iroh [3]</a></li>
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#shafiq-3">Shafiq [3]</a>
<ul>
<li><a href="#iroh-3-2">iroh [3]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#bartuka-6">bartuka [6]</a>
<ul>
<li><a href="#iroh-5">iroh [5]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
<li><a href="#yann-esposito-5">Yann Esposito [5]</a>
<ul>
<li><a href="#iroh-4-1">iroh [4]</a></li>
<li><a href="#iroh-scripts-1">iroh-scripts [1]</a></li>
</ul></li>
<li><a href="#olivier-barbeau-12">Olivier Barbeau [12]</a>
<ul>
<li><a href="#iroh-6">iroh [6]</a></li>
<li><a href="#tenzin-config-6">tenzin-config [6]</a></li>
</ul></li>
<li><a href="#yogsototh-1">(Yogsototh) [1]</a>
<ul>
<li><a href="#iroh-scripts-1-1">iroh-scripts [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#section-3">[0]</a></li>
<li><a href="#section-4">[0]</a></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#ii-2">II [2]</a>
<ul>
<li><a href="#iroh-2">iroh [2]</a></li>
</ul></li>
<li><a href="#section-5">[2]</a>
<ul>
<li><a href="#iroh-2-1">iroh [2]</a></li>
</ul></li>
<li><a href="#scott-mcleod-1">Scott McLeod [1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
<li><a href="#brooke-swanson-1">Brooke Swanson [1]</a>
<ul>
<li><a href="#tenzin-config-1-1">tenzin-config [1]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="section">[0]</h3>
<h2 id="data">data</h2>
<h3 id="mario-aquino-7">Mario Aquino [7]</h3>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>Fix disabled threat-hunt test <a
href="https://github.com/advthreat/iroh/pull/8814">#8814</a></li>
<li>Update incident_time when updating incident status <a
href="https://github.com/advthreat/iroh/pull/8801">#8801</a></li>
<li>incident enrichment activity diagram <a
href="https://github.com/advthreat/iroh/pull/8712">#8712</a></li>
<li>Separate Risk score &amp; incident enrichment <a
href="https://github.com/advthreat/iroh/pull/8751">#8751</a></li>
</ul>
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
<ul>
<li>Increase conn-manager thread count after PROD performance monitoring
<a
href="https://github.com/advthreat/tenzin-config/pull/1042">#1042</a></li>
<li>Increase thread pool size for EU private intel conn mgr <a
href="https://github.com/advthreat/tenzin-config/pull/1039">#1039</a></li>
<li>Increase connection mgr thread pool for NAM/EU/TEST <a
href="https://github.com/advthreat/tenzin-config/pull/1030">#1030</a></li>
</ul>
<h3 id="section-1">[0]</h3>
<h3 id="ambrose-bonnaire-sergeant-7">Ambrose Bonnaire-Sergeant [7]</h3>
<h4 id="ctia-2">ctia [2]</h4>
<ul>
<li>Fix 2XX response swagger/coercion, ban <code>:return</code> <a
href="https://github.com/advthreat/ctia/pull/1407">#1407</a></li>
<li>Remove asset properties/mapping merging during bundle patch <a
href="https://github.com/advthreat/ctia/pull/1408">#1408</a></li>
</ul>
<h4 id="iroh-3">iroh [3]</h4>
<ul>
<li>Generate valid DI auth tokens for incident subscriptions <a
href="https://github.com/advthreat/iroh/pull/8804">#8804</a></li>
<li>Fix <code>(reset)</code> <a
href="https://github.com/advthreat/iroh/pull/8799">#8799</a></li>
<li>Subscribe to incident asset rescoring via DI <a
href="https://github.com/advthreat/iroh/pull/8699">#8699</a></li>
</ul>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>Add config for DI client in iroh-engine <a
href="https://github.com/advthreat/tenzin-config/pull/1036">#1036</a></li>
<li>Add device insights url to iroh-engine config <a
href="https://github.com/advthreat/tenzin-config/pull/1014">#1014</a></li>
</ul>
<h2 id="integrations">integrations</h2>
<h3 id="section-2">[0]</h3>
<h3 id="kirill-chernyshov-6">Kirill Chernyshov [6]</h3>
<h4 id="iroh-3-1">iroh [3]</h4>
<ul>
<li>Refactor data streams service <a
href="https://github.com/advthreat/iroh/pull/8793">#8793</a></li>
<li>DRY'ed out client-creds-token namespace <a
href="https://github.com/advthreat/iroh/pull/8783">#8783</a></li>
<li>Kafka connect monitoring <a
href="https://github.com/advthreat/iroh/pull/8278">#8278</a></li>
</ul>
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
<ul>
<li>Add ES sink connector v2 to test full migration <a
href="https://github.com/advthreat/tenzin-config/pull/1035">#1035</a></li>
<li>Fix broken data stream on TEST <a
href="https://github.com/advthreat/tenzin-config/pull/1034">#1034</a></li>
<li>Config for DataStreams service <a
href="https://github.com/advthreat/tenzin-config/pull/1033">#1033</a></li>
</ul>
<h3 id="shafiq-3">Shafiq [3]</h3>
<h4 id="iroh-3-2">iroh [3]</h4>
<ul>
<li>Fix schema of proxy health check <a
href="https://github.com/advthreat/iroh/pull/8827">#8827</a></li>
<li>Add string matching for health check <a
href="https://github.com/advthreat/iroh/pull/8815">#8815</a></li>
<li>Fallback to iroh-events store when kafka send fails <a
href="https://github.com/advthreat/iroh/pull/8786">#8786</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="bartuka-6">bartuka [6]</h3>
<h4 id="iroh-5">iroh [5]</h4>
<ul>
<li>[IROH Auth] Support FMC in the <code>jwks</code> service <a
href="https://github.com/advthreat/iroh/pull/8830">#8830</a></li>
<li>[IROH Auth] Fix DI onboarding in Universal Provisioning Flow <a
href="https://github.com/advthreat/iroh/pull/8813">#8813</a></li>
<li>Revert "[IROH Auth] support for FMC token in JWKS Service" <a
href="https://github.com/advthreat/iroh/pull/8816">#8816</a></li>
<li>[IROH Auth] support for FMC token in JWKS Service <a
href="https://github.com/advthreat/iroh/pull/8808">#8808</a></li>
<li>[IROH Auth] Check QA <code>callback_url</code> to complete
provisioning tests <a
href="https://github.com/advthreat/iroh/pull/8763">#8763</a></li>
</ul>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<ul>
<li>FMC base-urls to configure JWKS <a
href="https://github.com/advthreat/tenzin-config/pull/1040">#1040</a></li>
</ul>
<h3 id="yann-esposito-5">Yann Esposito [5]</h3>
<h4 id="iroh-4-1">iroh [4]</h4>
<ul>
<li>Fix PIAM Universal Provisioning routes <a
href="https://github.com/advthreat/iroh/pull/8828">#8828</a></li>
<li>Should fix open impersonate flaky test <a
href="https://github.com/advthreat/iroh/pull/8809">#8809</a></li>
<li>Keep track of impersonators <a
href="https://github.com/advthreat/iroh/pull/8736">#8736</a></li>
<li>Restrict TAC routes to admins <a
href="https://github.com/advthreat/iroh/pull/8794">#8794</a></li>
</ul>
<h4 id="iroh-scripts-1">iroh-scripts [1]</h4>
<ul>
<li>save improvements</li>
</ul>
<h3 id="olivier-barbeau-12">Olivier Barbeau [12]</h3>
<h4 id="iroh-6">iroh [6]</h4>
<ul>
<li>Check the list of services for a node type <a
href="https://github.com/advthreat/iroh/pull/8800">#8800</a></li>
<li>Fix merge error on PR 8784 <a
href="https://github.com/advthreat/iroh/pull/8797">#8797</a></li>
<li>[IROH configuration]: Move role-web-service config to default tk
files <a
href="https://github.com/advthreat/iroh/pull/8782">#8782</a></li>
<li>[IROH configuration]: Universal Provisioning Services config
refactor <a
href="https://github.com/advthreat/iroh/pull/8784">#8784</a></li>
<li>[IROH configuration]: explicit name for generated conf and meta <a
href="https://github.com/advthreat/iroh/pull/8785">#8785</a></li>
<li>Clean bootstrap.cfg; remove tmp file <a
href="https://github.com/advthreat/iroh/pull/8781">#8781</a></li>
</ul>
<h4 id="tenzin-config-6">tenzin-config [6]</h4>
<ul>
<li>Deep merge for vectors and sets with duplicates check <a
href="https://github.com/advthreat/tenzin-config/pull/1032">#1032</a></li>
<li>Reduce configuration duplicates - config.edn part <a
href="https://github.com/advthreat/tenzin-config/pull/1031">#1031</a></li>
<li>Reduce configuration duplicates - bootstrap.cfg part <a
href="https://github.com/advthreat/tenzin-config/pull/1028">#1028</a></li>
<li>Move role-web-service config to IROH <a
href="https://github.com/advthreat/tenzin-config/pull/1026">#1026</a></li>
<li>Move Universal Provisioning Services config to IROH <a
href="https://github.com/advthreat/tenzin-config/pull/1027">#1027</a></li>
<li>Clean bootstrap cfg <a
href="https://github.com/advthreat/tenzin-config/pull/1025">#1025</a></li>
</ul>
<h3 id="yogsototh-1">(Yogsototh) [1]</h3>
<h4 id="iroh-scripts-1-1">iroh-scripts [1]</h4>
<ul>
<li>save improvements</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="section-3">[0]</h3>
<h3 id="section-4">[0]</h3>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="ii-2">II [2]</h3>
<h4 id="iroh-2">iroh [2]</h4>
<ul>
<li>Implements v2 threat hunting <a
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
<li>This should fix issue with parent settings not used on create-patch
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
</ul>
<h3 id="section-5">[2]</h3>
<h4 id="iroh-2-1">iroh [2]</h4>
<ul>
<li>Implements v2 threat hunting <a
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
<li>This should fix issue with parent settings not used on create-patch
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
</ul>
<h3 id="scott-mcleod-1">Scott McLeod [1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<ul>
<li>tk store: Add delete-search method #8213 <a
href="https://github.com/advthreat/iroh/pull/8692">#8692</a></li>
</ul>
<h3 id="brooke-swanson-1">Brooke Swanson [1]</h3>
<h4 id="tenzin-config-1-1">tenzin-config [1]</h4>
<ul>
<li>Playbook automation config. <a
href="https://github.com/advthreat/tenzin-config/pull/1037">#1037</a></li>
</ul>
</body>
</html>

160
reports/FY24Q2-report.org Normal file
View file

@ -0,0 +1,160 @@
#+title: FY24Q2 Report
#+subtitle: logs goes 4 months back
#+date: 2024-01-26
#+options: H:6 ^:nil
* IROH
** lead
*** [0]
** data
*** Mario Aquino [7]
**** iroh [4]
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
**** tenzin-config [3]
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
*** [0]
*** Ambrose Bonnaire-Sergeant [7]
**** ctia [2]
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/advthreat/ctia/pull/1407][#1407]]
- Remove asset properties/mapping merging during bundle patch [[https://github.com/advthreat/ctia/pull/1408][#1408]]
**** iroh [3]
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
**** tenzin-config [2]
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
** integrations
*** [0]
*** Kirill Chernyshov [6]
**** iroh [3]
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
**** tenzin-config [3]
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
*** Shafiq [3]
**** iroh [3]
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
** auth
*** bartuka [6]
**** iroh [5]
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
**** tenzin-config [1]
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
*** Yann Esposito [5]
**** iroh [4]
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
**** iroh-scripts [1]
- save improvements
*** Olivier Barbeau [12]
**** iroh [6]
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
**** tenzin-config [6]
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
*** (Yogsototh) [1]
**** iroh-scripts [1]
- save improvements
** iroh-ops
*** [0]
*** [0]
* Other
** Other
*** II [2]
**** iroh [2]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
*** [2]
**** iroh [2]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
*** Scott McLeod [1]
**** iroh [1]
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
*** Brooke Swanson [1]
**** tenzin-config [1]
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]

778
reports/FY24Q2-tmp-report.html Normal file
View file

@ -0,0 +1,778 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="" xml:lang="">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<meta name="dcterms.date" content="2024-01-26" />
<title>FY24Q2 Report</title>
<style>
html {
line-height: 1.5;
font-family: Georgia, serif;
font-size: 20px;
color: #1a1a1a;
background-color: #fdfdfd;
}
body {
margin: 0 auto;
max-width: 36em;
padding-left: 50px;
padding-right: 50px;
padding-top: 50px;
padding-bottom: 50px;
hyphens: auto;
overflow-wrap: break-word;
text-rendering: optimizeLegibility;
font-kerning: normal;
}
@media (max-width: 600px) {
body {
font-size: 0.9em;
padding: 1em;
}
h1 {
font-size: 1.8em;
}
}
@media print {
body {
background-color: transparent;
color: black;
font-size: 12pt;
}
p, h2, h3 {
orphans: 3;
widows: 3;
}
h2, h3, h4 {
page-break-after: avoid;
}
}
p {
margin: 1em 0;
}
a {
color: #1a1a1a;
}
a:visited {
color: #1a1a1a;
}
img {
max-width: 100%;
}
h1, h2, h3, h4, h5, h6 {
margin-top: 1.4em;
}
h5, h6 {
font-size: 1em;
font-style: italic;
}
h6 {
font-weight: normal;
}
ol, ul {
padding-left: 1.7em;
margin-top: 1em;
}
li > ol, li > ul {
margin-top: 0;
}
blockquote {
margin: 1em 0 1em 1.7em;
padding-left: 1em;
border-left: 2px solid #e6e6e6;
color: #606060;
}
code {
font-family: Menlo, Monaco, 'Lucida Console', Consolas, monospace;
font-size: 85%;
margin: 0;
}
pre {
margin: 1em 0;
overflow: auto;
}
pre code {
padding: 0;
overflow: visible;
overflow-wrap: normal;
}
.sourceCode {
background-color: transparent;
overflow: visible;
}
hr {
background-color: #1a1a1a;
border: none;
height: 1px;
margin: 1em 0;
}
table {
margin: 1em 0;
border-collapse: collapse;
width: 100%;
overflow-x: auto;
display: block;
font-variant-numeric: lining-nums tabular-nums;
}
table caption {
margin-bottom: 0.75em;
}
tbody {
margin-top: 0.5em;
border-top: 1px solid #1a1a1a;
border-bottom: 1px solid #1a1a1a;
}
th {
border-top: 1px solid #1a1a1a;
padding: 0.25em 0.5em 0.25em 0.5em;
}
td {
padding: 0.125em 0.5em 0.25em 0.5em;
}
header {
margin-bottom: 4em;
text-align: center;
}
#TOC li {
list-style: none;
}
#TOC ul {
padding-left: 1.3em;
}
#TOC > ul {
padding-left: 0;
}
#TOC a:not(:hover) {
text-decoration: none;
}
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style>
body { font-family: monospace; font-size: 14px; line-height: 1.5em; max-width: 60em; margin: 0 auto; padding-top: 0; }
h1,h2,h3,h4 { margin: 0.25em 0; }
header { margin-bottom: 0; }
header h1 { border: none; }
h1 { border-top: solid 10px; border-bottom: solid 10px; margin-bottom: 1em; padding: 0.5em 0; width: 100%; text-align: center;}
h2 { border-top: solid; text-align: center; margin-top: 1em; padding-top: 1em; }
h3 { margin-left: 1em; color: #cb4b16; }
h4 { margin-left: 2em; }
u { display: inline-block; margin-left: 2.75em; opacity: 0.3; }
hr { opacity: 0; }
a { color: #06a;}
ul { margin-left: 3em; }
#TOC ul { margin-left: 0.5em; }
li { clear: both; }
li > a { float: right; }
nav li a { float: none; }
blockquote { opacity: 0.7; }
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">FY24Q2 Report</h1>
<p class="subtitle">logs goes 4 months back</p>
<p class="date">2024-01-26</p>
</header>
<nav id="TOC" role="doc-toc">
<ul>
<li><a href="#iroh">IROH</a>
<ul>
<li><a href="#lead">lead</a>
<ul>
<li><a href="#section">[1]</a>
<ul>
<li><a href="#iroh-1">iroh [1]</a></li>
</ul></li>
</ul></li>
<li><a href="#data">data</a>
<ul>
<li><a href="#mario-aquino-15">Mario Aquino [15]</a>
<ul>
<li><a href="#iroh-10">iroh [10]</a></li>
<li><a href="#tenzin-config-5">tenzin-config [5]</a></li>
</ul></li>
<li><a href="#section-1">[3]</a>
<ul>
<li><a href="#ctia-1">ctia [1]</a></li>
<li><a href="#iroh-2">iroh [2]</a></li>
</ul></li>
<li><a href="#ambrose-bonnaire-sergeant-16">Ambrose Bonnaire-Sergeant
[16]</a>
<ul>
<li><a href="#ctia-10">ctia [10]</a></li>
<li><a href="#iroh-4">iroh [4]</a></li>
<li><a href="#tenzin-config-2">tenzin-config [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#integrations">integrations</a>
<ul>
<li><a href="#section-2">[4]</a>
<ul>
<li><a href="#iroh-4-1">iroh [4]</a></li>
</ul></li>
<li><a href="#kirill-chernyshov-10">Kirill Chernyshov [10]</a>
<ul>
<li><a href="#iroh-7">iroh [7]</a></li>
<li><a href="#tenzin-config-3">tenzin-config [3]</a></li>
</ul></li>
<li><a href="#shafiq-7">Shafiq [7]</a>
<ul>
<li><a href="#iroh-4-2">iroh [4]</a></li>
<li><a href="#tenzin-config-3-1">tenzin-config [3]</a></li>
</ul></li>
</ul></li>
<li><a href="#auth">auth</a>
<ul>
<li><a href="#bartuka-26">bartuka [26]</a>
<ul>
<li><a href="#iroh-22">iroh [22]</a></li>
<li><a href="#tenzin-config-4">tenzin-config [4]</a></li>
</ul></li>
<li><a href="#yann-esposito-27">Yann Esposito [27]</a>
<ul>
<li><a href="#iroh-17">iroh [17]</a></li>
<li><a href="#iroh-scripts-6">iroh-scripts [6]</a></li>
<li><a href="#tenzin-config-2-1">tenzin-config [2]</a></li>
<li><a href="#xdr-provisioning-2">xdr-provisioning [2]</a></li>
</ul></li>
<li><a href="#olivier-barbeau-25">Olivier Barbeau [25]</a>
<ul>
<li><a href="#iroh-15">iroh [15]</a></li>
<li><a href="#tenzin-config-10">tenzin-config [10]</a></li>
</ul></li>
<li><a href="#yogsototh-8">(Yogsototh) [8]</a>
<ul>
<li><a href="#iroh-scripts-6-1">iroh-scripts [6]</a></li>
<li><a href="#xdr-provisioning-2-1">xdr-provisioning [2]</a></li>
</ul></li>
</ul></li>
<li><a href="#iroh-ops">iroh-ops</a>
<ul>
<li><a href="#section-3">[0]</a></li>
<li><a href="#section-4">[0]</a></li>
</ul></li>
</ul></li>
<li><a href="#other">Other</a>
<ul>
<li><a href="#other-1">Other</a>
<ul>
<li><a href="#ii-4">II [4]</a>
<ul>
<li><a href="#iroh-4-3">iroh [4]</a></li>
</ul></li>
<li><a href="#section-5">[4]</a>
<ul>
<li><a href="#iroh-4-4">iroh [4]</a></li>
</ul></li>
<li><a href="#scott-mcleod-1">Scott McLeod [1]</a>
<ul>
<li><a href="#iroh-1-1">iroh [1]</a></li>
</ul></li>
<li><a href="#brooke-swanson-3">Brooke Swanson [3]</a>
<ul>
<li><a href="#ctia-1-1">ctia [1]</a></li>
<li><a href="#iroh-1-2">iroh [1]</a></li>
<li><a href="#tenzin-config-1">tenzin-config [1]</a></li>
</ul></li>
</ul></li>
</ul></li>
</ul>
</nav>
<h1 id="iroh">IROH</h1>
<h2 id="lead">lead</h2>
<h3 id="section">[1]</h3>
<h4 id="iroh-1">iroh [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Don't fire disabled webhooks <a
href="https://github.com/advthreat/iroh/pull/8741">#8741</a></li>
</ul>
<h2 id="data">data</h2>
<h3 id="mario-aquino-15">Mario Aquino [15]</h3>
<h4 id="iroh-10">iroh [10]</h4>
<ul>
<li>Fix disabled threat-hunt test <a
href="https://github.com/advthreat/iroh/pull/8814">#8814</a></li>
<li>Update incident_time when updating incident status <a
href="https://github.com/advthreat/iroh/pull/8801">#8801</a></li>
<li>incident enrichment activity diagram <a
href="https://github.com/advthreat/iroh/pull/8712">#8712</a></li>
<li>Separate Risk score &amp; incident enrichment <a
href="https://github.com/advthreat/iroh/pull/8751">#8751</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Improve safe-filtering <a
href="https://github.com/advthreat/iroh/pull/8731">#8731</a></li>
<li>iroh-async: Flatten Datadog context <a
href="https://github.com/advthreat/iroh/pull/8706">#8706</a></li>
<li>iroh-async logging &amp; tracing context <a
href="https://github.com/advthreat/iroh/pull/8705">#8705</a></li>
<li>Socket timeout milliseconds (not seconds) <a
href="https://github.com/advthreat/iroh/pull/8690">#8690</a></li>
<li>Risk Score socket-timeout <a
href="https://github.com/advthreat/iroh/pull/8687">#8687</a></li>
<li>Threat Hunt Module Exclusion <a
href="https://github.com/advthreat/iroh/pull/8646">#8646</a></li>
</ul>
<h4 id="tenzin-config-5">tenzin-config [5]</h4>
<ul>
<li>Increase conn-manager thread count after PROD performance monitoring
<a
href="https://github.com/advthreat/tenzin-config/pull/1042">#1042</a></li>
<li>Increase thread pool size for EU private intel conn mgr <a
href="https://github.com/advthreat/tenzin-config/pull/1039">#1039</a></li>
<li>Increase connection mgr thread pool for NAM/EU/TEST <a
href="https://github.com/advthreat/tenzin-config/pull/1030">#1030</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Increase thread pool size for engine connection manager <a
href="https://github.com/advthreat/tenzin-config/pull/1012">#1012</a></li>
<li>Config for skipping Private Intel during investigation threat hunt
<a
href="https://github.com/advthreat/tenzin-config/pull/1009">#1009</a></li>
</ul>
<h3 id="section-1">[3]</h3>
<h4 id="ctia-1">ctia [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>fix wait_for for delete search <a
href="https://github.com/threatgrid/ctia/pull/1399">#1399</a></li>
</ul>
<h4 id="iroh-2">iroh [2]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>bundle import activity diagrams <a
href="https://github.com/advthreat/iroh/pull/8708">#8708</a></li>
<li>scoring at bundle import <a
href="https://github.com/advthreat/iroh/pull/8694">#8694</a></li>
</ul>
<h3 id="ambrose-bonnaire-sergeant-16">Ambrose Bonnaire-Sergeant
[16]</h3>
<h4 id="ctia-10">ctia [10]</h4>
<ul>
<li>Fix 2XX response swagger/coercion, ban <code>:return</code> <a
href="https://github.com/threatgrid/ctia/pull/1407">#1407</a></li>
<li>Remove asset properties/mapping merging during bundle patch <a
href="https://github.com/threatgrid/ctia/pull/1408">#1408</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix :body descriptions <a
href="https://github.com/threatgrid/ctia/pull/1409">#1409</a></li>
<li>Fix POST /bulk schema checking <a
href="https://github.com/threatgrid/ctia/pull/1406">#1406</a></li>
<li>Use prn instead of pprint for logs <a
href="https://github.com/threatgrid/ctia/pull/1401">#1401</a></li>
<li>Eval routes and options given to <code>context</code> at
initialization time <a
href="https://github.com/threatgrid/ctia/pull/1394">#1394</a></li>
<li>Use <code>st/merge</code> to merge schemas instead of
<code>into</code> <a
href="https://github.com/threatgrid/ctia/pull/1398">#1398</a></li>
<li>Never match existing asset-* entities when patch-existing=false <a
href="https://github.com/threatgrid/ctia/pull/1395">#1395</a></li>
<li>Re-enable incident tests <a
href="https://github.com/threatgrid/ctia/pull/1393">#1393</a></li>
<li>Add external_ids to investigation select fields <a
href="https://github.com/threatgrid/ctia/pull/1392">#1392</a></li>
</ul>
<h4 id="iroh-4">iroh [4]</h4>
<ul>
<li>Generate valid DI auth tokens for incident subscriptions <a
href="https://github.com/advthreat/iroh/pull/8804">#8804</a></li>
<li>Fix <code>(reset)</code> <a
href="https://github.com/advthreat/iroh/pull/8799">#8799</a></li>
<li>Subscribe to incident asset rescoring via DI <a
href="https://github.com/advthreat/iroh/pull/8699">#8699</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Only pass default patch-existing query params in bundle/import proxy
if patch-existing=true <a
href="https://github.com/advthreat/iroh/pull/8725">#8725</a></li>
</ul>
<h4 id="tenzin-config-2">tenzin-config [2]</h4>
<ul>
<li>Add config for DI client in iroh-engine <a
href="https://github.com/advthreat/tenzin-config/pull/1036">#1036</a></li>
<li>Add device insights url to iroh-engine config <a
href="https://github.com/advthreat/tenzin-config/pull/1014">#1014</a></li>
</ul>
<h2 id="integrations">integrations</h2>
<h3 id="section-2">[4]</h3>
<h4 id="iroh-4-1">iroh [4]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>JMX metrics for clj-http connection manager <a
href="https://github.com/advthreat/iroh/pull/8765">#8765</a></li>
<li>Always decompress the body when status is not 2xx <a
href="https://github.com/advthreat/iroh/pull/8527">#8527</a></li>
<li>Restore default expiration (24h) for the local session token <a
href="https://github.com/advthreat/iroh/pull/8747">#8747</a></li>
<li>Workflow event schema changes <a
href="https://github.com/advthreat/iroh/pull/8656">#8656</a></li>
</ul>
<h3 id="kirill-chernyshov-10">Kirill Chernyshov [10]</h3>
<h4 id="iroh-7">iroh [7]</h4>
<ul>
<li>Refactor data streams service <a
href="https://github.com/advthreat/iroh/pull/8793">#8793</a></li>
<li>DRY'ed out client-creds-token namespace <a
href="https://github.com/advthreat/iroh/pull/8783">#8783</a></li>
<li>Kafka connect monitoring <a
href="https://github.com/advthreat/iroh/pull/8278">#8278</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Handle undelivered records <a
href="https://github.com/advthreat/iroh/pull/8634">#8634</a></li>
<li>Events data retention enforcement job <a
href="https://github.com/advthreat/iroh/pull/8722">#8722</a></li>
<li>Iroh events data retention implementation <a
href="https://github.com/advthreat/iroh/pull/8666">#8666</a></li>
<li>Iroh events postgres data retention <a
href="https://github.com/advthreat/iroh/pull/8693">#8693</a></li>
</ul>
<h4 id="tenzin-config-3">tenzin-config [3]</h4>
<ul>
<li>Add ES sink connector v2 to test full migration <a
href="https://github.com/advthreat/tenzin-config/pull/1035">#1035</a></li>
<li>Fix broken data stream on TEST <a
href="https://github.com/advthreat/tenzin-config/pull/1034">#1034</a></li>
<li>Config for DataStreams service <a
href="https://github.com/advthreat/tenzin-config/pull/1033">#1033</a></li>
</ul>
<h3 id="shafiq-7">Shafiq [7]</h3>
<h4 id="iroh-4-2">iroh [4]</h4>
<ul>
<li>Fix schema of proxy health check <a
href="https://github.com/advthreat/iroh/pull/8827">#8827</a></li>
<li>Add string matching for health check <a
href="https://github.com/advthreat/iroh/pull/8815">#8815</a></li>
<li>Fallback to iroh-events store when kafka send fails <a
href="https://github.com/advthreat/iroh/pull/8786">#8786</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Fix mapping for incident events <a
href="https://github.com/advthreat/iroh/pull/8703">#8703</a></li>
</ul>
<h4 id="tenzin-config-3-1">tenzin-config [3]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Swtich to new sink-connector in INT <a
href="https://github.com/advthreat/tenzin-config/pull/1024">#1024</a></li>
<li>Add updated sink connector for all envs <a
href="https://github.com/advthreat/tenzin-config/pull/1021">#1021</a></li>
<li>Add sink connector for new iroh-event datastream <a
href="https://github.com/advthreat/tenzin-config/pull/1019">#1019</a></li>
</ul>
<h2 id="auth">auth</h2>
<h3 id="bartuka-26">bartuka [26]</h3>
<h4 id="iroh-22">iroh [22]</h4>
<ul>
<li>[IROH Auth] Support FMC in the <code>jwks</code> service <a
href="https://github.com/advthreat/iroh/pull/8830">#8830</a></li>
<li>[IROH Auth] Fix DI onboarding in Universal Provisioning Flow <a
href="https://github.com/advthreat/iroh/pull/8813">#8813</a></li>
<li>Revert "[IROH Auth] support for FMC token in JWKS Service" <a
href="https://github.com/advthreat/iroh/pull/8816">#8816</a></li>
<li>[IROH Auth] support for FMC token in JWKS Service <a
href="https://github.com/advthreat/iroh/pull/8808">#8808</a></li>
<li>[IROH Auth] Check QA <code>callback_url</code> to complete
provisioning tests <a
href="https://github.com/advthreat/iroh/pull/8763">#8763</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>[IROH Auth] better swagger descriptions for Universal Provisioning
<a href="https://github.com/advthreat/iroh/pull/8752">#8752</a></li>
<li>[IROH Auth] remove empty strings from <code>client-id</code> got
from Vault <a
href="https://github.com/advthreat/iroh/pull/8760">#8760</a></li>
<li>[IROH Auth] add missing scope to get OKTA JWT <a
href="https://github.com/advthreat/iroh/pull/8759">#8759</a></li>
<li>[IROH Auth] add logs to investigate get okta jwt <a
href="https://github.com/advthreat/iroh/pull/8758">#8758</a></li>
<li>[IROH Auth] bugfix - <code>client/post</code> should use
<code>:form-params</code> instead of <code>:body</code> <a
href="https://github.com/advthreat/iroh/pull/8753">#8753</a></li>
<li>[IROH Auth] bugfixes - arity exception, change
<code>product-response</code> datatype, change <code>pmap</code> to
<code>map</code> <a
href="https://github.com/advthreat/iroh/pull/8738">#8738</a></li>
<li>[IROH Auth] bugfix - fix urls in <code>POST /tenants</code> returned
value and payload field names <a
href="https://github.com/advthreat/iroh/pull/8733">#8733</a></li>
<li>[IROH Auth] Cache OKTA JWT used for provisioning callback <a
href="https://github.com/advthreat/iroh/pull/8727">#8727</a></li>
<li>[IROH Auth] Improvements on logs and error handling to
UniversalProvisioning and JWKSService <a
href="https://github.com/advthreat/iroh/pull/8707">#8707</a></li>
<li>[IROH Auth] Duplicate <code>universal-provisioning</code> web routes
to accept IROH JWTs <a
href="https://github.com/advthreat/iroh/pull/8675">#8675</a></li>
<li>[IROH Auth] Expose <code>callbacks packages</code> store to check
Universal Provisioning status <a
href="https://github.com/advthreat/iroh/pull/8702">#8702</a></li>
<li>[IROH Auth] Improve 202 Accepted response for
<code>/universal-provisioning/create-tenants</code> <a
href="https://github.com/advthreat/iroh/pull/8701">#8701</a></li>
<li>[IROH Auth] Fix name convention to callbacks route in Universal
Provisioning flow <a
href="https://github.com/advthreat/iroh/pull/8691">#8691</a></li>
<li>[IROH Auth] Gen OKTA JWT to callback request in Universal
Provisioning flow <a
href="https://github.com/advthreat/iroh/pull/8673">#8673</a></li>
<li>bugfix - missing <code>UniversalProvisioningCallbackService</code>
to deploy IROH nodes <a
href="https://github.com/advthreat/iroh/pull/8680">#8680</a></li>
<li>[IROH Auth] Check pending provisions from time-to-time. Endpoint
that will be called by OPS tick <a
href="https://github.com/advthreat/iroh/pull/8674">#8674</a></li>
<li>[IROH Auth] Add callback handler to receive provisioning status from
downstream apps <a
href="https://github.com/advthreat/iroh/pull/8633">#8633</a></li>
</ul>
<h4 id="tenzin-config-4">tenzin-config [4]</h4>
<ul>
<li>FMC base-urls to configure JWKS <a
href="https://github.com/advthreat/tenzin-config/pull/1040">#1040</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>[IROH Auth] bugfix - add config to okta jwks <a
href="https://github.com/advthreat/tenzin-config/pull/1017">#1017</a></li>
<li>[IROH Auth] add OKTA config for Universal Provisioning flow #1010 <a
href="https://github.com/advthreat/tenzin-config/pull/1013">#1013</a></li>
<li>add universal_provisioning_callbacks store <a
href="https://github.com/advthreat/tenzin-config/pull/1011">#1011</a></li>
</ul>
<h3 id="yann-esposito-27">Yann Esposito [27]</h3>
<h4 id="iroh-17">iroh [17]</h4>
<ul>
<li>Fix PIAM Universal Provisioning routes <a
href="https://github.com/advthreat/iroh/pull/8828">#8828</a></li>
<li>Should fix open impersonate flaky test <a
href="https://github.com/advthreat/iroh/pull/8809">#8809</a></li>
<li>Keep track of impersonators <a
href="https://github.com/advthreat/iroh/pull/8736">#8736</a></li>
<li>Restrict TAC routes to admins <a
href="https://github.com/advthreat/iroh/pull/8794">#8794</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Remove with-tk <a
href="https://github.com/advthreat/iroh/pull/8779">#8779</a></li>
<li>Code/Test Improvements <a
href="https://github.com/advthreat/iroh/pull/8767">#8767</a></li>
<li>add a test for matching schema <a
href="https://github.com/advthreat/iroh/pull/8770">#8770</a></li>
<li>Custom Role Design doc <a
href="https://github.com/advthreat/iroh/pull/8497">#8497</a></li>
<li>Attempt to improve error message of match? <a
href="https://github.com/advthreat/iroh/pull/8769">#8769</a></li>
<li>Use <code>cid</code> for <code>trace_id</code> when present <a
href="https://github.com/advthreat/iroh/pull/8754">#8754</a></li>
<li>Support public client for custom routes <a
href="https://github.com/advthreat/iroh/pull/8749">#8749</a></li>
<li>Add playbook scope <a
href="https://github.com/advthreat/iroh/pull/8739">#8739</a></li>
<li>Fix webhook race condition risk <a
href="https://github.com/advthreat/iroh/pull/8728">#8728</a></li>
<li>Call get-org only once for org-virtual user <a
href="https://github.com/advthreat/iroh/pull/8724">#8724</a></li>
<li>Use a cache for entitlement summaries <a
href="https://github.com/advthreat/iroh/pull/8667">#8667</a></li>
<li>upgrade jetty version <a
href="https://github.com/advthreat/iroh/pull/8714">#8714</a></li>
<li>Remove a forgotten pretty printer <a
href="https://github.com/advthreat/iroh/pull/8713">#8713</a></li>
</ul>
<h4 id="iroh-scripts-6">iroh-scripts [6]</h4>
<ul>
<li>save improvements</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>create dashboard clients</li>
<li>Support client aliases in get-client</li>
<li>Update client with client-aliases</li>
<li>many new scripts</li>
<li>added a 1-time script</li>
</ul>
<h4 id="tenzin-config-2-1">tenzin-config [2]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Check vault templating error <a
href="https://github.com/advthreat/tenzin-config/pull/1023">#1023</a></li>
<li>Add Universal Provisioning Services <a
href="https://github.com/advthreat/tenzin-config/pull/1015">#1015</a></li>
</ul>
<h4 id="xdr-provisioning-2">xdr-provisioning [2]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Manage entitlements add-ons</li>
<li>add a re-provisioning script that rerun onboardings</li>
</ul>
<h3 id="olivier-barbeau-25">Olivier Barbeau [25]</h3>
<h4 id="iroh-15">iroh [15]</h4>
<ul>
<li>Check the list of services for a node type <a
href="https://github.com/advthreat/iroh/pull/8800">#8800</a></li>
<li>Fix merge error on PR 8784 <a
href="https://github.com/advthreat/iroh/pull/8797">#8797</a></li>
<li>[IROH configuration]: Move role-web-service config to default tk
files <a
href="https://github.com/advthreat/iroh/pull/8782">#8782</a></li>
<li>[IROH configuration]: Universal Provisioning Services config
refactor <a
href="https://github.com/advthreat/iroh/pull/8784">#8784</a></li>
<li>[IROH configuration]: explicit name for generated conf and meta <a
href="https://github.com/advthreat/iroh/pull/8785">#8785</a></li>
<li>Clean bootstrap.cfg; remove tmp file <a
href="https://github.com/advthreat/iroh/pull/8781">#8781</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add few additional tests to iroh services <a
href="https://github.com/advthreat/iroh/pull/8762">#8762</a></li>
<li>rewrite tests <a
href="https://github.com/advthreat/iroh/pull/8773">#8773</a></li>
<li>more info for debugging <a
href="https://github.com/advthreat/iroh/pull/8717">#8717</a></li>
<li>[IROH configuration]: general documentation <a
href="https://github.com/advthreat/iroh/pull/8764">#8764</a></li>
<li>update developer doc for api-gateway <a
href="https://github.com/advthreat/iroh/pull/8723">#8723</a></li>
<li>Some test clean-up <a
href="https://github.com/advthreat/iroh/pull/8716">#8716</a></li>
<li>High volume of SQL queries for a single observe/deliberate call <a
href="https://github.com/advthreat/iroh/pull/8682">#8682</a></li>
<li>Remove the state of module instances in
<code>obfuscate-module-instance</code> <a
href="https://github.com/advthreat/iroh/pull/8670">#8670</a></li>
<li>E8388: update proxy-endpoints-metadata endpoint and metadata <a
href="https://github.com/advthreat/iroh/pull/8663">#8663</a></li>
</ul>
<h4 id="tenzin-config-10">tenzin-config [10]</h4>
<ul>
<li>Deep merge for vectors and sets with duplicates check <a
href="https://github.com/advthreat/tenzin-config/pull/1032">#1032</a></li>
<li>Reduce configuration duplicates - config.edn part <a
href="https://github.com/advthreat/tenzin-config/pull/1031">#1031</a></li>
<li>Reduce configuration duplicates - bootstrap.cfg part <a
href="https://github.com/advthreat/tenzin-config/pull/1028">#1028</a></li>
<li>Move role-web-service config to IROH <a
href="https://github.com/advthreat/tenzin-config/pull/1026">#1026</a></li>
<li>Move Universal Provisioning Services config to IROH <a
href="https://github.com/advthreat/tenzin-config/pull/1027">#1027</a></li>
<li>Clean bootstrap cfg <a
href="https://github.com/advthreat/tenzin-config/pull/1025">#1025</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Remove the <code>:registration</code> flag in all environments <a
href="https://github.com/advthreat/tenzin-config/pull/963">#963</a></li>
<li>Remove the <code>:merge-users-by-email</code> flag in all
environments <a
href="https://github.com/advthreat/tenzin-config/pull/962">#962</a></li>
<li>Remove the <code>:account-activation-optim</code> flag in all
environments as it is now activated everywhere. <a
href="https://github.com/advthreat/tenzin-config/pull/961">#961</a></li>
<li>Remove the <code>xdr-roles</code> flag in all environments <a
href="https://github.com/advthreat/tenzin-config/pull/964">#964</a></li>
</ul>
<h3 id="yogsototh-8">(Yogsototh) [8]</h3>
<h4 id="iroh-scripts-6-1">iroh-scripts [6]</h4>
<ul>
<li>save improvements</li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>create dashboard clients</li>
<li>Support client aliases in get-client</li>
<li>Update client with client-aliases</li>
<li>many new scripts</li>
<li>added a 1-time script</li>
</ul>
<h4 id="xdr-provisioning-2-1">xdr-provisioning [2]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Manage entitlements add-ons</li>
<li>add a re-provisioning script that rerun onboardings</li>
</ul>
<h2 id="iroh-ops">iroh-ops</h2>
<h3 id="section-3">[0]</h3>
<h3 id="section-4">[0]</h3>
<h1 id="other">Other</h1>
<h2 id="other-1">Other</h2>
<h3 id="ii-4">II [4]</h3>
<h4 id="iroh-4-3">iroh [4]</h4>
<ul>
<li>Merges module type props on create and update health check <a
href="https://github.com/advthreat/iroh/pull/8845">#8845</a></li>
<li>Implements v2 threat hunting <a
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
<li>This should fix issue with parent settings not used on create-patch
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Adds insights scope to allowed Automation scopes in gen-ao-jwt <a
href="https://github.com/advthreat/iroh/pull/8678">#8678</a></li>
</ul>
<h3 id="section-5">[4]</h3>
<h4 id="iroh-4-4">iroh [4]</h4>
<ul>
<li>Merges module type props on create and update health check <a
href="https://github.com/advthreat/iroh/pull/8845">#8845</a></li>
<li>Implements v2 threat hunting <a
href="https://github.com/advthreat/iroh/pull/8833">#8833</a></li>
<li>This should fix issue with parent settings not used on create-patch
<a href="https://github.com/advthreat/iroh/pull/8822">#8822</a></li>
</ul>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Adds insights scope to allowed Automation scopes in gen-ao-jwt <a
href="https://github.com/advthreat/iroh/pull/8678">#8678</a></li>
</ul>
<h3 id="scott-mcleod-1">Scott McLeod [1]</h3>
<h4 id="iroh-1-1">iroh [1]</h4>
<ul>
<li>tk store: Add delete-search method #8213 <a
href="https://github.com/advthreat/iroh/pull/8692">#8692</a></li>
</ul>
<h3 id="brooke-swanson-3">Brooke Swanson [3]</h3>
<h4 id="ctia-1-1">ctia [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add brookeswanson to codeowners. <a
href="https://github.com/threatgrid/ctia/pull/1396">#1396</a></li>
</ul>
<h4 id="iroh-1-2">iroh [1]</h4>
<p><u>between 3 and 4 months old</u></p>
<ul>
<li>Add no-doc true and prevent explosion due to mismatched types. <a
href="https://github.com/advthreat/iroh/pull/8548">#8548</a></li>
</ul>
<h4 id="tenzin-config-1">tenzin-config [1]</h4>
<ul>
<li>Playbook automation config. <a
href="https://github.com/advthreat/tenzin-config/pull/1037">#1037</a></li>
</ul>
</body>
</html>

356
reports/FY24Q2-tmp-report.org Normal file
View file

@ -0,0 +1,356 @@
#+title: FY24Q2 Report
#+subtitle: logs goes 4 months back
#+date: 2024-01-26
#+options: H:6 ^:nil
* IROH
** lead
*** [1]
**** iroh [1]
_between 3 and 4 months old_
- Don't fire disabled webhooks [[https://github.com/advthreat/iroh/pull/8741][#8741]]
** data
*** Mario Aquino [15]
**** iroh [10]
- Fix disabled threat-hunt test [[https://github.com/advthreat/iroh/pull/8814][#8814]]
- Update incident_time when updating incident status [[https://github.com/advthreat/iroh/pull/8801][#8801]]
- incident enrichment activity diagram [[https://github.com/advthreat/iroh/pull/8712][#8712]]
- Separate Risk score & incident enrichment [[https://github.com/advthreat/iroh/pull/8751][#8751]]
_between 3 and 4 months old_
- Improve safe-filtering [[https://github.com/advthreat/iroh/pull/8731][#8731]]
- iroh-async: Flatten Datadog context [[https://github.com/advthreat/iroh/pull/8706][#8706]]
- iroh-async logging & tracing context [[https://github.com/advthreat/iroh/pull/8705][#8705]]
- Socket timeout milliseconds (not seconds) [[https://github.com/advthreat/iroh/pull/8690][#8690]]
- Risk Score socket-timeout [[https://github.com/advthreat/iroh/pull/8687][#8687]]
- Threat Hunt Module Exclusion [[https://github.com/advthreat/iroh/pull/8646][#8646]]
**** tenzin-config [5]
- Increase conn-manager thread count after PROD performance monitoring [[https://github.com/advthreat/tenzin-config/pull/1042][#1042]]
- Increase thread pool size for EU private intel conn mgr [[https://github.com/advthreat/tenzin-config/pull/1039][#1039]]
- Increase connection mgr thread pool for NAM/EU/TEST [[https://github.com/advthreat/tenzin-config/pull/1030][#1030]]
_between 3 and 4 months old_
- Increase thread pool size for engine connection manager [[https://github.com/advthreat/tenzin-config/pull/1012][#1012]]
- Config for skipping Private Intel during investigation threat hunt [[https://github.com/advthreat/tenzin-config/pull/1009][#1009]]
*** [3]
**** ctia [1]
_between 3 and 4 months old_
- fix wait_for for delete search [[https://github.com/threatgrid/ctia/pull/1399][#1399]]
**** iroh [2]
_between 3 and 4 months old_
- bundle import activity diagrams [[https://github.com/advthreat/iroh/pull/8708][#8708]]
- scoring at bundle import [[https://github.com/advthreat/iroh/pull/8694][#8694]]
*** Ambrose Bonnaire-Sergeant [16]
**** ctia [10]
- Fix 2XX response swagger/coercion, ban ~:return~ [[https://github.com/threatgrid/ctia/pull/1407][#1407]]
- Remove asset properties/mapping merging during bundle patch [[https://github.com/threatgrid/ctia/pull/1408][#1408]]
_between 3 and 4 months old_
- Fix :body descriptions [[https://github.com/threatgrid/ctia/pull/1409][#1409]]
- Fix POST /bulk schema checking [[https://github.com/threatgrid/ctia/pull/1406][#1406]]
- Use prn instead of pprint for logs [[https://github.com/threatgrid/ctia/pull/1401][#1401]]
- Eval routes and options given to ~context~ at initialization time [[https://github.com/threatgrid/ctia/pull/1394][#1394]]
- Use ~st/merge~ to merge schemas instead of ~into~ [[https://github.com/threatgrid/ctia/pull/1398][#1398]]
- Never match existing asset-* entities when patch-existing=false [[https://github.com/threatgrid/ctia/pull/1395][#1395]]
- Re-enable incident tests [[https://github.com/threatgrid/ctia/pull/1393][#1393]]
- Add external_ids to investigation select fields [[https://github.com/threatgrid/ctia/pull/1392][#1392]]
**** iroh [4]
- Generate valid DI auth tokens for incident subscriptions [[https://github.com/advthreat/iroh/pull/8804][#8804]]
- Fix ~(reset)~ [[https://github.com/advthreat/iroh/pull/8799][#8799]]
- Subscribe to incident asset rescoring via DI [[https://github.com/advthreat/iroh/pull/8699][#8699]]
_between 3 and 4 months old_
- Only pass default patch-existing query params in bundle/import proxy if patch-existing=true [[https://github.com/advthreat/iroh/pull/8725][#8725]]
**** tenzin-config [2]
- Add config for DI client in iroh-engine [[https://github.com/advthreat/tenzin-config/pull/1036][#1036]]
- Add device insights url to iroh-engine config [[https://github.com/advthreat/tenzin-config/pull/1014][#1014]]
** integrations
*** [4]
**** iroh [4]
_between 3 and 4 months old_
- JMX metrics for clj-http connection manager [[https://github.com/advthreat/iroh/pull/8765][#8765]]
- Always decompress the body when status is not 2xx [[https://github.com/advthreat/iroh/pull/8527][#8527]]
- Restore default expiration (24h) for the local session token [[https://github.com/advthreat/iroh/pull/8747][#8747]]
- Workflow event schema changes [[https://github.com/advthreat/iroh/pull/8656][#8656]]
*** Kirill Chernyshov [10]
**** iroh [7]
- Refactor data streams service [[https://github.com/advthreat/iroh/pull/8793][#8793]]
- DRY'ed out client-creds-token namespace [[https://github.com/advthreat/iroh/pull/8783][#8783]]
- Kafka connect monitoring [[https://github.com/advthreat/iroh/pull/8278][#8278]]
_between 3 and 4 months old_
- Handle undelivered records [[https://github.com/advthreat/iroh/pull/8634][#8634]]
- Events data retention enforcement job [[https://github.com/advthreat/iroh/pull/8722][#8722]]
- Iroh events data retention implementation [[https://github.com/advthreat/iroh/pull/8666][#8666]]
- Iroh events postgres data retention [[https://github.com/advthreat/iroh/pull/8693][#8693]]
**** tenzin-config [3]
- Add ES sink connector v2 to test full migration [[https://github.com/advthreat/tenzin-config/pull/1035][#1035]]
- Fix broken data stream on TEST [[https://github.com/advthreat/tenzin-config/pull/1034][#1034]]
- Config for DataStreams service [[https://github.com/advthreat/tenzin-config/pull/1033][#1033]]
*** Shafiq [7]
**** iroh [4]
- Fix schema of proxy health check [[https://github.com/advthreat/iroh/pull/8827][#8827]]
- Add string matching for health check [[https://github.com/advthreat/iroh/pull/8815][#8815]]
- Fallback to iroh-events store when kafka send fails [[https://github.com/advthreat/iroh/pull/8786][#8786]]
_between 3 and 4 months old_
- Fix mapping for incident events [[https://github.com/advthreat/iroh/pull/8703][#8703]]
**** tenzin-config [3]
_between 3 and 4 months old_
- Swtich to new sink-connector in INT [[https://github.com/advthreat/tenzin-config/pull/1024][#1024]]
- Add updated sink connector for all envs [[https://github.com/advthreat/tenzin-config/pull/1021][#1021]]
- Add sink connector for new iroh-event datastream [[https://github.com/advthreat/tenzin-config/pull/1019][#1019]]
** auth
*** bartuka [26]
**** iroh [22]
- [IROH Auth] Support FMC in the ~jwks~ service [[https://github.com/advthreat/iroh/pull/8830][#8830]]
- [IROH Auth] Fix DI onboarding in Universal Provisioning Flow [[https://github.com/advthreat/iroh/pull/8813][#8813]]
- Revert "[IROH Auth] support for FMC token in JWKS Service" [[https://github.com/advthreat/iroh/pull/8816][#8816]]
- [IROH Auth] support for FMC token in JWKS Service [[https://github.com/advthreat/iroh/pull/8808][#8808]]
- [IROH Auth] Check QA ~callback_url~ to complete provisioning tests [[https://github.com/advthreat/iroh/pull/8763][#8763]]
_between 3 and 4 months old_
- [IROH Auth] better swagger descriptions for Universal Provisioning [[https://github.com/advthreat/iroh/pull/8752][#8752]]
- [IROH Auth] remove empty strings from ~client-id~ got from Vault [[https://github.com/advthreat/iroh/pull/8760][#8760]]
- [IROH Auth] add missing scope to get OKTA JWT [[https://github.com/advthreat/iroh/pull/8759][#8759]]
- [IROH Auth] add logs to investigate get okta jwt [[https://github.com/advthreat/iroh/pull/8758][#8758]]
- [IROH Auth] bugfix - ~client/post~ should use ~:form-params~ instead of ~:body~ [[https://github.com/advthreat/iroh/pull/8753][#8753]]
- [IROH Auth] bugfixes - arity exception, change ~product-response~ datatype, change ~pmap~ to ~map~ [[https://github.com/advthreat/iroh/pull/8738][#8738]]
- [IROH Auth] bugfix - fix urls in ~POST /tenants~ returned value and payload field names [[https://github.com/advthreat/iroh/pull/8733][#8733]]
- [IROH Auth] Cache OKTA JWT used for provisioning callback [[https://github.com/advthreat/iroh/pull/8727][#8727]]
- [IROH Auth] Improvements on logs and error handling to UniversalProvisioning and JWKSService [[https://github.com/advthreat/iroh/pull/8707][#8707]]
- [IROH Auth] Duplicate ~universal-provisioning~ web routes to accept IROH JWTs [[https://github.com/advthreat/iroh/pull/8675][#8675]]
- [IROH Auth] Expose ~callbacks packages~ store to check Universal Provisioning status [[https://github.com/advthreat/iroh/pull/8702][#8702]]
- [IROH Auth] Improve 202 Accepted response for ~/universal-provisioning/create-tenants~ [[https://github.com/advthreat/iroh/pull/8701][#8701]]
- [IROH Auth] Fix name convention to callbacks route in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8691][#8691]]
- [IROH Auth] Gen OKTA JWT to callback request in Universal Provisioning flow [[https://github.com/advthreat/iroh/pull/8673][#8673]]
- bugfix - missing ~UniversalProvisioningCallbackService~ to deploy IROH nodes [[https://github.com/advthreat/iroh/pull/8680][#8680]]
- [IROH Auth] Check pending provisions from time-to-time. Endpoint that will be called by OPS tick [[https://github.com/advthreat/iroh/pull/8674][#8674]]
- [IROH Auth] Add callback handler to receive provisioning status from downstream apps [[https://github.com/advthreat/iroh/pull/8633][#8633]]
**** tenzin-config [4]
- FMC base-urls to configure JWKS [[https://github.com/advthreat/tenzin-config/pull/1040][#1040]]
_between 3 and 4 months old_
- [IROH Auth] bugfix - add config to okta jwks [[https://github.com/advthreat/tenzin-config/pull/1017][#1017]]
- [IROH Auth] add OKTA config for Universal Provisioning flow #1010 [[https://github.com/advthreat/tenzin-config/pull/1013][#1013]]
- add universal_provisioning_callbacks store [[https://github.com/advthreat/tenzin-config/pull/1011][#1011]]
*** Yann Esposito [27]
**** iroh [17]
- Fix PIAM Universal Provisioning routes [[https://github.com/advthreat/iroh/pull/8828][#8828]]
- Should fix open impersonate flaky test [[https://github.com/advthreat/iroh/pull/8809][#8809]]
- Keep track of impersonators [[https://github.com/advthreat/iroh/pull/8736][#8736]]
- Restrict TAC routes to admins [[https://github.com/advthreat/iroh/pull/8794][#8794]]
_between 3 and 4 months old_
- Remove with-tk [[https://github.com/advthreat/iroh/pull/8779][#8779]]
- Code/Test Improvements [[https://github.com/advthreat/iroh/pull/8767][#8767]]
- add a test for matching schema [[https://github.com/advthreat/iroh/pull/8770][#8770]]
- Custom Role Design doc [[https://github.com/advthreat/iroh/pull/8497][#8497]]
- Attempt to improve error message of match? [[https://github.com/advthreat/iroh/pull/8769][#8769]]
- Use ~cid~ for ~trace_id~ when present [[https://github.com/advthreat/iroh/pull/8754][#8754]]
- Support public client for custom routes [[https://github.com/advthreat/iroh/pull/8749][#8749]]
- Add playbook scope [[https://github.com/advthreat/iroh/pull/8739][#8739]]
- Fix webhook race condition risk [[https://github.com/advthreat/iroh/pull/8728][#8728]]
- Call get-org only once for org-virtual user [[https://github.com/advthreat/iroh/pull/8724][#8724]]
- Use a cache for entitlement summaries [[https://github.com/advthreat/iroh/pull/8667][#8667]]
- upgrade jetty version [[https://github.com/advthreat/iroh/pull/8714][#8714]]
- Remove a forgotten pretty printer [[https://github.com/advthreat/iroh/pull/8713][#8713]]
**** iroh-scripts [6]
- save improvements
_between 3 and 4 months old_
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
**** tenzin-config [2]
_between 3 and 4 months old_
- Check vault templating error [[https://github.com/advthreat/tenzin-config/pull/1023][#1023]]
- Add Universal Provisioning Services [[https://github.com/advthreat/tenzin-config/pull/1015][#1015]]
**** xdr-provisioning [2]
_between 3 and 4 months old_
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
*** Olivier Barbeau [25]
**** iroh [15]
- Check the list of services for a node type [[https://github.com/advthreat/iroh/pull/8800][#8800]]
- Fix merge error on PR 8784 [[https://github.com/advthreat/iroh/pull/8797][#8797]]
- [IROH configuration]: Move role-web-service config to default tk files [[https://github.com/advthreat/iroh/pull/8782][#8782]]
- [IROH configuration]: Universal Provisioning Services config refactor [[https://github.com/advthreat/iroh/pull/8784][#8784]]
- [IROH configuration]: explicit name for generated conf and meta [[https://github.com/advthreat/iroh/pull/8785][#8785]]
- Clean bootstrap.cfg; remove tmp file [[https://github.com/advthreat/iroh/pull/8781][#8781]]
_between 3 and 4 months old_
- Add few additional tests to iroh services [[https://github.com/advthreat/iroh/pull/8762][#8762]]
- rewrite tests [[https://github.com/advthreat/iroh/pull/8773][#8773]]
- more info for debugging [[https://github.com/advthreat/iroh/pull/8717][#8717]]
- [IROH configuration]: general documentation [[https://github.com/advthreat/iroh/pull/8764][#8764]]
- update developer doc for api-gateway [[https://github.com/advthreat/iroh/pull/8723][#8723]]
- Some test clean-up [[https://github.com/advthreat/iroh/pull/8716][#8716]]
- High volume of SQL queries for a single observe/deliberate call [[https://github.com/advthreat/iroh/pull/8682][#8682]]
- Remove the state of module instances in ~obfuscate-module-instance~ [[https://github.com/advthreat/iroh/pull/8670][#8670]]
- E8388: update proxy-endpoints-metadata endpoint and metadata [[https://github.com/advthreat/iroh/pull/8663][#8663]]
**** tenzin-config [10]
- Deep merge for vectors and sets with duplicates check [[https://github.com/advthreat/tenzin-config/pull/1032][#1032]]
- Reduce configuration duplicates - config.edn part [[https://github.com/advthreat/tenzin-config/pull/1031][#1031]]
- Reduce configuration duplicates - bootstrap.cfg part [[https://github.com/advthreat/tenzin-config/pull/1028][#1028]]
- Move role-web-service config to IROH [[https://github.com/advthreat/tenzin-config/pull/1026][#1026]]
- Move Universal Provisioning Services config to IROH [[https://github.com/advthreat/tenzin-config/pull/1027][#1027]]
- Clean bootstrap cfg [[https://github.com/advthreat/tenzin-config/pull/1025][#1025]]
_between 3 and 4 months old_
- Remove the ~:registration~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/963][#963]]
- Remove the ~:merge-users-by-email~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/962][#962]]
- Remove the ~:account-activation-optim~ flag in all environments as it is now activated everywhere. [[https://github.com/advthreat/tenzin-config/pull/961][#961]]
- Remove the ~xdr-roles~ flag in all environments [[https://github.com/advthreat/tenzin-config/pull/964][#964]]
*** (Yogsototh) [8]
**** iroh-scripts [6]
- save improvements
_between 3 and 4 months old_
- create dashboard clients
- Support client aliases in get-client
- Update client with client-aliases
- many new scripts
- added a 1-time script
**** xdr-provisioning [2]
_between 3 and 4 months old_
- Manage entitlements add-ons
- add a re-provisioning script that rerun onboardings
** iroh-ops
*** [0]
*** [0]
* Other
** Other
*** II [4]
**** iroh [4]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
_between 3 and 4 months old_
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
*** [4]
**** iroh [4]
- Merges module type props on create and update health check [[https://github.com/advthreat/iroh/pull/8845][#8845]]
- Implements v2 threat hunting [[https://github.com/advthreat/iroh/pull/8833][#8833]]
- This should fix issue with parent settings not used on create-patch [[https://github.com/advthreat/iroh/pull/8822][#8822]]
_between 3 and 4 months old_
- Adds insights scope to allowed Automation scopes in gen-ao-jwt [[https://github.com/advthreat/iroh/pull/8678][#8678]]
*** Scott McLeod [1]
**** iroh [1]
- tk store: Add delete-search method #8213 [[https://github.com/advthreat/iroh/pull/8692][#8692]]
*** Brooke Swanson [3]
**** ctia [1]
_between 3 and 4 months old_
- Add brookeswanson to codeowners. [[https://github.com/threatgrid/ctia/pull/1396][#1396]]
**** iroh [1]
_between 3 and 4 months old_
- Add no-doc true and prevent explosion due to mismatched types. [[https://github.com/advthreat/iroh/pull/8548][#8548]]
**** tenzin-config [1]
- Playbook automation config. [[https://github.com/advthreat/tenzin-config/pull/1037][#1037]]

2205
reports/latest-quarter.html
View file

File diff suppressed because it is too large Load diff

1623
tracker.org
View file

File diff suppressed because it is too large Load diff