From 06d2fd424ce64b4aa2cac3d6d922a348a2e629cd Mon Sep 17 00:00:00 2001 From: "Yann Esposito (Yogsototh)" Date: Fri, 7 Apr 2023 15:01:59 +0200 Subject: [PATCH] update --- .orgids | 2 +- archives/TODO.archive.org | 118 +++++ inbox.org | 259 ++++++--- notes/composable_shell_nix.org | 343 ++++++++---- notes/permission_outside_scopes.org | 57 ++ tracker.org | 782 ++++++++++++++++++---------- 6 files changed, 1108 insertions(+), 453 deletions(-) create mode 100644 notes/permission_outside_scopes.org diff --git a/.orgids b/.orgids index 94b85de4..2c3ae21d 100644 --- a/.orgids +++ b/.orgids @@ -1,2 +1,2 @@ -(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "2a3d68cc-4a14-442c-b7f9-c602a2cd25bf") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "797ba971-6ae3-49a1-9499-928572760d09" "B72E4288-E96B-4099-8684-37DDF3395C50" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org" "9207b53a-e38e-4996-abc6-140c31f2960a" "a4ebd43b-b589-499e-85e1-7ebea0abf3af" "2110820C-4877-40B3-A351-2DEDE0F222C6" "90110976-520D-4B0C-B1D9-3798323C370E" "49981B50-AFBD-4C93-A9C2-8D88550AB425" "8B092321-BA1F-47F9-A927-76D2E232CF51" "1644E007-AFBE-4F4B-9307-B007C60548E8" "8163f2ed-7106-4b4a-93b0-7009fe316172")) +(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/permission_outside_scopes.org" "8c6d80b5-dc83-40ee-b187-4b0427c77f78") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org" "8163f2ed-7106-4b4a-93b0-7009fe316172" "1644E007-AFBE-4F4B-9307-B007C60548E8" "8B092321-BA1F-47F9-A927-76D2E232CF51" "49981B50-AFBD-4C93-A9C2-8D88550AB425" "90110976-520D-4B0C-B1D9-3798323C370E" "2110820C-4877-40B3-A351-2DEDE0F222C6" "a4ebd43b-b589-499e-85e1-7ebea0abf3af" "9207b53a-e38e-4996-abc6-140c31f2960a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9" "B72E4288-E96B-4099-8684-37DDF3395C50" "797ba971-6ae3-49a1-9499-928572760d09") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "2a3d68cc-4a14-442c-b7f9-c602a2cd25bf") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c")) diff --git a/archives/TODO.archive.org b/archives/TODO.archive.org index a3210bc0..e7b376f3 100644 --- a/archives/TODO.archive.org +++ b/archives/TODO.archive.org @@ -9455,3 +9455,121 @@ DEADLINE: <2023-02-09 Thu 11:00> CLOCK: [2023-01-11 Wed 16:38]--[2023-01-11 Wed 20:38] => 4:00 :END: [2023-01-11 Wed 16:37] + +* DONE Ajouter témoignage CE&H +DEADLINE: <2023-02-27 Mon 18:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-27 Mon 10:45] + +Leïka m’a sauvé la vie. +Elle a réussie a m’accompagner à un moment où personne ne pouvait. +Mais ce n’est pas juste mon chien d’assistance. +C’est ma partenaire de vie. +Elle est toujours là pour m’aider, et j’ai reconstruit ma vie autour d’elle. +On ne se quitte jamais, et si je suis là c’est sûrement que Leïka est là aussi. + + + + +* DONE Envoyer mail au notaire (update situation) +DEADLINE: <2023-02-27 Mon 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-27 Mon 10:40] + +* DONE Appeler Géraldine pour garder les vélos. +DEADLINE: <2023-02-27 Mon 14:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-27 Mon 10:40] + +* DONE Poser les plaques des chiens +SCHEDULED: <2023-02-24 Fri 10:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-23 Thu 19:49] + +* DONE Sync with Yuri about Secure Endpoint error logs org-level-authorization +DEADLINE: <2023-02-27 Mon 15:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-23 Thu 19:02] + +A work should be done to upgrade the clients to "org-level-authorization". +Matt teams should be working on it. With the current state of affair, we might +be able to plan it for Q4 but not before due to RSA. +So for now, we should stick with non org-level authorization until this work is completed. + +The details is, that the proxy of the module will check the JWT received, and +the client-id is trusted (typically DI client) and is configured with the +org-level-authorization then, we ignore the setting of the Secure Endpoint +module to "Act as the User". + + +* DONE Appeler Bastien pour le velo et la mutuelle +DEADLINE: <2023-02-23 Thu 18:15> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-23 Thu 17:49] + +* DONE Créer l'attestation pour Gaya. +DEADLINE: <2023-02-23 Thu 18:30> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +:LOGBOOK: +- State "DONE" from "HOLD" [2023-02-23 Thu 19:49] +- State "HOLD" from "TODO" [2023-02-23 Thu 19:49] \\ + Krystelle s'en occupe +:END: +[2023-02-23 Thu 17:48] + +* CANCELED couper l'électricité Valbonne +DEADLINE: <2023-03-06 Mon> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-28 Tue 22:57 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: CANCELED +:END: +:LOGBOOK: +- State "CANCELED" from "TODO" [2023-02-27 Mon 10:41] \\ + Les nouveaux propriétaires vont déplacer les contrats. +:END: +[2023-01-31 Tue 12:04] diff --git a/inbox.org b/inbox.org index 1d803392..0a4dcade 100644 --- a/inbox.org +++ b/inbox.org @@ -10,85 +10,69 @@ SPC y o c => DISPLAY org columns #+end_comment * Inbox -** TODO [#B] Payer le loyer +** DONE [#B] Payer le loyer +DEADLINE: <2023-03-31 Fri 16:00> +[2023-03-31 Fri 14:08] +** DONE Récupérer tous les documents pour le courtier +CLOSED: [2023-04-06 Thu 07:26] DEADLINE: <2023-04-05 Wed 16:00> +:LOGBOOK: +- State "DONE" from "TODO" [2023-04-06 Thu 07:26] +:END: +[2023-03-31 Fri 14:06] +** DONE Appeler Orange +DEADLINE: <2023-03-20 Mon 11:45> +[2023-03-20 Mon 11:44] +** DONE Envoyer demande de remboursement +DEADLINE: <2023-03-20 Mon 12:00> +[2023-03-20 Mon 11:41] +** DONE Envoyer justificatif de domicile +DEADLINE: <2023-03-20 Mon 12:00> +[2023-03-20 Mon 11:40] +** DONE Acheter croquettes chats +DEADLINE: <2023-03-20 Mon 16:00> +[2023-03-20 Mon 10:01] +** DONE Passer grain fin sur la table +DEADLINE: <2023-03-20 Mon 15:00> +[2023-03-20 Mon 09:58] +** DONE Appeler le banquier, envoyer les documents +DEADLINE: <2023-03-20 Mon 10:30> +[2023-03-20 Mon 09:57] +** DONE étendre le linge +DEADLINE: <2023-03-20 Mon 11:00> +[2023-03-20 Mon 09:56] +** TODO Payer le peintre +DEADLINE: <2023-04-06 Thu 15:00> SCHEDULED: <2023-03-30 Thu> + +[2023-03-16 Thu 17:03] +** DONE Publish composable nix-shell +SCHEDULED: <2023-03-06 Mon 15:00> +[2023-03-01 Wed 10:15] +** DONE [#B] Payer le loyer DEADLINE: <2023-02-28 Tue 17:00> [2023-02-27 Mon 10:54] -** DONE Ajouter témoignage CE&H -DEADLINE: <2023-02-27 Mon 18:00> -[2023-02-27 Mon 10:45] - -Leïka m’a sauvé la vie. -Elle a réussie a m’accompagner à un moment où personne ne pouvait. -Mais ce n’est pas juste mon chien d’assistance. -C’est ma partenaire de vie. -Elle est toujours là pour m’aider, et j’ai reconstruit ma vie autour d’elle. -On ne se quitte jamais, et si je suis là c’est sûrement que Leïka est là aussi. - - - -** DONE Envoyer mail au notaire (update situation) -DEADLINE: <2023-02-27 Mon 11:00> -[2023-02-27 Mon 10:40] -** DONE Appeler Géraldine pour garder les vélos. -DEADLINE: <2023-02-27 Mon 14:00> -[2023-02-27 Mon 10:40] -** TODO Appeler l'assurance pour les cartes des voitures +** DONE Appeler l'assurance pour les cartes des voitures DEADLINE: <2023-02-24 Fri 10:30> [2023-02-23 Thu 19:49] -** DONE Poser les plaques des chiens -SCHEDULED: <2023-02-24 Fri 10:00> -[2023-02-23 Thu 19:49] -** DONE Sync with Yuri about Secure Endpoint error logs org-level-authorization -DEADLINE: <2023-02-27 Mon 15:00> -[2023-02-23 Thu 19:02] - -A work should be done to upgrade the clients to "org-level-authorization". -Matt teams should be working on it. With the current state of affair, we might -be able to plan it for Q4 but not before due to RSA. -So for now, we should stick with non org-level authorization until this work is completed. - -The details is, that the proxy of the module will check the JWT received, and -the client-id is trusted (typically DI client) and is configured with the -org-level-authorization then, we ignore the setting of the Secure Endpoint -module to "Act as the User". - -** DONE Appeler Bastien pour le velo et la mutuelle -DEADLINE: <2023-02-23 Thu 18:15> -[2023-02-23 Thu 17:49] -** DONE Créer l'attestation pour Gaya. -DEADLINE: <2023-02-23 Thu 18:30> -:LOGBOOK: -- State "DONE" from "HOLD" [2023-02-23 Thu 19:49] -- State "HOLD" from "TODO" [2023-02-23 Thu 19:49] \\ - Krystelle s'en occupe -:END: -[2023-02-23 Thu 17:48] ** TODO Appeler Bastien pour samedi [2023-02-17 Fri 08:56] -** TODO Supprimer Assurance Habitation Valbonne -DEADLINE: <2023-03-01 Wed> +** DONE Supprimer Assurance Habitation Valbonne +DEADLINE: <2023-03-22 Wed 16:00> SCHEDULED: <2023-03-20 Mon 11:45> [2023-01-31 Tue 12:05] -** CANCELED couper l'électricité Valbonne -DEADLINE: <2023-03-06 Mon> -:LOGBOOK: -- State "CANCELED" from "TODO" [2023-02-27 Mon 10:41] \\ - Les nouveaux propriétaires vont déplacer les contrats. -:END: -[2023-01-31 Tue 12:04] ** TODO Regarder sans soleil https://www.youtube.com/watch?v=fdusEgrbhgA -SCHEDULED: <2023-03-12 Sun 21:00> +SCHEDULED: <2023-04-07 Fri 21:00> [2022-11-26 Sat 11:04] -** TODO DL The good place +** DONE DL The good place SCHEDULED: <2023-03-01 Wed> * Perso :perso: ** Habits :habit: *** TODO Reading List notes -SCHEDULED: <2023-02-22 Wed 09:00 .+1d> +SCHEDULED: <2023-03-21 Tue 09:00 .+1d> :PROPERTIES: :STYLE: habit -:LAST_REPEAT: [2023-02-21 Tue 14:22] +:LAST_REPEAT: [2023-03-20 Mon 10:00] :END: :LOGBOOK: +- State "CANCELED" from "TODO" [2023-03-20 Mon 10:00] - State "CANCELED" from "TODO" [2023-02-21 Tue 14:22] - State "CANCELED" from "TODO" [2023-02-17 Fri 08:57] \\ Trop à faire aujourd'hui @@ -153,11 +137,17 @@ CLOCK: [2022-06-08 Wed 09:37]--[2022-06-08 Wed 09:59] => 0:22 * Famille :family: ** Daily :daily: *** TODO Attention gentille -SCHEDULED: <2023-02-23 Thu .+1d> +SCHEDULED: <2023-04-05 Wed .+1d> :PROPERTIES: -:LAST_REPEAT: [2023-02-22 Wed 18:36] +:LAST_REPEAT: [2023-04-04 Tue 22:57] :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-04-04 Tue 22:57] +- State "DONE" from "TODO" [2023-03-31 Fri 14:07] +- State "DONE" from "TODO" [2023-03-27 Mon 10:57] +- State "DONE" from "TODO" [2023-03-20 Mon 10:01] +- State "DONE" from "TODO" [2023-03-10 Fri 10:08] +- State "DONE" from "TODO" [2023-03-07 Tue 16:16] - State "DONE" from "TODO" [2023-02-22 Wed 18:36] - State "DONE" from "TODO" [2023-02-21 Tue 14:21] - State "DONE" from "TODO" [2023-02-17 Fri 08:57] @@ -176,12 +166,14 @@ SCHEDULED: <2023-02-23 Thu .+1d> :END: ** Weekly :weekly: *** TODO litieres -DEADLINE: <2023-03-03 Fri .+2w -1d> +DEADLINE: <2023-04-18 Tue .+2w -1d> :PROPERTIES: -:LAST_REPEAT: [2023-02-17 Fri 14:33] +:LAST_REPEAT: [2023-04-04 Tue 22:57] :STYLE: habit :END: :LOGBOOK: +- State "CANCELED" from "TODO" [2023-04-04 Tue 22:57] +- State "DONE" from "TODO" [2023-03-20 Mon 09:59] - State "DONE" from "TODO" [2023-02-17 Fri 14:33] - State "DONE" from "TODO" [2023-01-23 Mon 17:33] - State "DONE" from "TODO" [2023-01-04 Wed 10:50] @@ -225,24 +217,28 @@ DEADLINE: <2023-03-03 Fri .+2w -1d> Done not so long ago :END: *** TODO Appeler Papa -SCHEDULED: <2023-02-20 Mon 14:00 .+1w> +SCHEDULED: <2023-03-14 Tue 14:00 .+1w> :PROPERTIES: :STYLE: habit -:LAST_REPEAT: [2023-02-13 Mon 10:02] +:LAST_REPEAT: [2023-03-07 Tue 17:09] :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-03-07 Tue 17:09] - State "DONE" from "TODO" [2023-02-13 Mon 10:02] - State "DONE" from "TODO" [2023-01-23 Mon 17:31] - State "DONE" from "TODO" [2023-01-04 Wed 10:49] - State "DONE" from "TODO" [2022-12-02 Fri 19:10] :END: *** TODO Appeler Maman -SCHEDULED: <2023-02-15 Wed 12:00 .+1w> +SCHEDULED: <2023-04-07 Fri 12:00 .+1w> :PROPERTIES: :STYLE: habit -:LAST_REPEAT: [2023-02-08 Wed 14:16] +:LAST_REPEAT: [2023-03-31 Fri 14:07] :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-03-31 Fri 14:07] +- State "DONE" from "TODO" [2023-03-20 Mon 10:00] +- State "DONE" from "TODO" [2023-03-07 Tue 17:10] - State "DONE" from "TODO" [2023-02-08 Wed 14:16] - State "DONE" from "TODO" [2023-01-31 Tue 13:14] - State "DONE" from "TODO" [2023-01-24 Tue 15:15] @@ -283,11 +279,12 @@ SCHEDULED: <2023-09-19 Tue +1y> :END: [2020-05-23 Sat 10:32] *** TODO [#A] Cadeau Rencontre Krystelle (1995) :yearly: -DEADLINE: <2023-04-08 Sat +1y -2w> +DEADLINE: <2024-04-08 Mon +1y -2w> :PROPERTIES: -:LAST_REPEAT: [2022-04-07 Thu 11:56] +:LAST_REPEAT: [2023-04-04 Tue 22:57] :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-04-04 Tue 22:57] - State "DONE" from "TODO" [2022-04-07 Thu 11:56] :END: *** TODO [#A] Cadeau Mariage Krystelle (2000) :yearly: @@ -459,4 +456,120 @@ CLOCK: [2020-09-01 Tue 12:13]--[2020-09-01 Tue 12:13] => 0:00 #+begin_comment - =SPC m s c= -=- org-clone-subtree-with-time-shift= #+end_comment +=- org-clone-subtree-with-time-shift= +#+end_comment +* IN-PROGRESS Answer to Austin Haas about clients :chore: +:LOGBOOK: +CLOCK: [2023-03-09 Thu 11:03]--[2023-03-09 Thu 17:06] => 6:03 +:END: +[2023-03-09 Thu 11:03] + +Just by looking I think some client probably disappeared (in TEST). +From what I looking for, most clients belongs to Chris Sims who created specific +Orgs in all ENV to create the modules. + +#+begin_src +NAM +module-id: d80e8041-e8ed-4d42-9b4c-7b0a7a4a6d1b +client-id: client-d8d91871-2735-43e6-bfca-ed4cb6b89f23 + +{ + "scopes": [ + "integration/module-type", + "admin/integration/module-type:write" + ], + "description": "Used to create and update the Threat Grid SecureX module type.", + "approved?": true, + "redirects": [], + "availability": "org", + "password": "$s0$f0801$MG1GFImf7eHwuRKfqg8H+w==$W2h47bWx0Q3rTRjfidgSXvA+cGCC7b1AeqCh+z30978=", + "name": "TG Module Creation/Updates", + "org-id": "964a8c3b-9aef-4e1d-aadf-e2754004d230", + "enabled?": true, + "grants": [ + "client-creds" + ], + "client-type": "confidential", + "id": "client-d8d91871-2735-43e6-bfca-ed4cb6b89f23", + "approval-status": "approved", + "owner-id": "2f6ccd76-270e-4785-a33f-ea24400bc5a5", + "created-at": "2020-05-11T22:13:49.892Z" +} +belongs to Chris Sims +#+end_src + +#+begin_src +EU +module-id: 28ef9a98-cd14-4a11-a2eb-6b80c5bb82fe +client-id: client-6f81864f-04e1-444a-ac92-e242797ed12f + + +{ + "scopes": [ + "integration/module-type", + "admin/integration/module-type:write" + ], + "description": "Used to create and update the Threat Grid SecureX module type.", + "approved?": true, + "redirects": [], + "availability": "org", + "password": "$s0$f0801$7G0SDYzMCP2zNbDhi37Ahg==$ijMPk/LtBcTZlsifNl571QDOfxX4lQzcsIOFJYgnF3A=", + "name": "TG Module Creation/Updates", + "org-id": "99c5cf95-7788-4ce1-906f-86811aa57752", + "enabled?": true, + "grants": [ + "client-creds" + ], + "client-type": "confidential", + "id": "client-6f81864f-04e1-444a-ac92-e242797ed12f", + "approval-status": "approved", + "owner-id": "3f6edf85-9ad3-4098-be43-0b46d117f9ca", + "created-at": "2020-05-11T22:08:04.428Z" +} +#+end_src + +#+begin_src +APJC +module-id: f82062a6-5b17-4943-b67e-2555bbcc95d4 +client-id: client-73096290-4908-4a9a-bf0c-b29337ae58f6 + +{ + "scopes": [ + "integration/module-type", + "admin/integration/module-type:write" + ], + "description": "Used to create and update the Threat Grid SecureX module type.", + "approved?": true, + "redirects": [], + "availability": "org", + "password": "$s0$f0801$qCVLku7mTWOAdzqWoMV/yA==$BTeIKEL2EcHdL0/wR4Q5CfYHjDlinDhiTSaGN0fXJKg=", + "name": "TG Module Creation/Updates", + "org-id": "4f169b08-bb0d-4e97-a358-8fd3fd819066", + "enabled?": true, + "grants": [ + "client-creds" + ], + "client-type": "confidential", + "id": "client-73096290-4908-4a9a-bf0c-b29337ae58f6", + "approval-status": "approved", + "owner-id": "fe332b50-62ae-4ac9-8eb0-4b9b39565bfc", + "created-at": "2020-05-11T22:17:37.247Z" +} + +owned by: + + "user-email": "chrsims+apjc_modules@cisco.com", + "user-name": "Chris Sims" +from Org: 4f169b08-bb0d-4e97-a358-8fd3fd819066 +named: "Cisco Modules" +#+end_src +* *Declarer sinistre Aygo Assurance +* DONE commander gâteau +SCHEDULED: <2023-04-06 Thu 11:30> +[2023-04-06 Thu 07:23] +* DONE goûter chocolat +SCHEDULED: <2023-04-06 Thu 11:30> +[2023-04-06 Thu 07:24] +* TODO acheter lapins lindt +SCHEDULED: <2023-04-06 Thu 11:30> +[2023-04-06 Thu 07:25] diff --git a/notes/composable_shell_nix.org b/notes/composable_shell_nix.org index 0f8edddb..82262863 100644 --- a/notes/composable_shell_nix.org +++ b/notes/composable_shell_nix.org @@ -10,100 +10,15 @@ TL;DR: This is how I created a =docker-compose= replacement with ~nix-shell~. Here is a solution to have a composable nix shell representation focused on replacing =docker-compose=. -Here is the main code: -#+begin_src nix -# imports should contain a list of nix files -{ pkgs, imports }: -let confs = map (f: import f { inherit pkgs; }) imports; - envs = map ({env ? {}}: env) confs; - # list the name of a command to stop - stops = map ({stop ? ":"}: stop) confs; - # we want to stop all services on exit - lastConfs = { shellHook = "stopall(){ " + builtins.foldl' (acc: stop: acc + " && " + stop) "" stops + "}" + - '' - trap stopall EXIT - ''; - }; - mergedEnvs = builtins.foldl' (acc: e: acc // e) {} envs; - zeroConf = {}; - mergedConfs = builtins.foldl' (acc: {buildInputs ? [], nativeBuildInputs ? [], shellHook ? "", ...}: - { buildInputs = acc.buildInputs ++ buildInputs; - nativeBuildInputs = acc.nativeBuildInputs ++ nativeBuildInputs; - shellHook = acc.shellHook + shellHook; - }) zeroConf (confs); -in (mergedEnvs // mergedConfs) -#+end_src - -#+begin_src nix -# example of nix file to be used as import -{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: - let iport = 16380; - port = toString iport; - env = { - redisConf = - pkgs.writeText "redis.conf" - '' - port ${port} - dbfilename redis.db - dir ${toString ./.}/.redis - logfile redis.log - ''; - - # ENV Variables - REDIS_DATA = "${toString ./.}/.redis"; - }; - in env // { - # Warning if you add an attribute like an ENV VAR you must do it via env. - inherit env; - nativeBuildInputs = [ - pkgs.redis - ]; - - # Post Shell Hook - shellHook = '' - echo "Using ${pkgs.redis.name}. port: ${port}" - - [ ! -d $REDIS_DATA ] \ - && mkdir -p $REDIS_DATA - cat "$redisConf" > $REDIS_DATA/redis.conf - function redisstop { - echo 'Stopping and Cleaning up Redis' - redis-cli -p ${port} shutdown && \ - rm -rf $REDIS_DATA - } - nohup redis-server $REDIS_DATA/redis.conf > /dev/null & - trap redisstop EXIT - ''; - # the function to call on EXIT - stop = "redisstop"; - } -#+end_src ** Introduction -So I work on a project for which we used Docker to locally run integration tests. -More precisely we used =docker-compose= to launch different services, most of them -being databases. -The project is big enough that we need many different databases and other services. +At work we use =docker-compose= to run integration tests on a big project that need +to connect to multiple different databases as well as a few other services. -It's been a while that I am following nix, and in particular I use nix on macOS -to create local development environments. -But I never used NixOS, even if I plan to do so on my remote server. -In fact, I use nix on a very old Linux distro to run recent softwares. - -Anyway, after Docker started to change its licensing on macOS I wanted to get -rid of it. In fact, even before the licensing issue, I wanted to get rid of -docker for Mac. - -So I tried many time to replace =docker-compose= by =nix=. -And even if I am interested in nix I never really dug into it. So my -knowledge about it is incomplete and imprecise. -But I know just enough to be able to start write script with nix taking care of -dependencies, and similarly, I can write quick and dirty =shell.nix= for all my -personal projects. Recently I started to add =flake.nix= files around too. - -So here is how to easily replace docker-compose with nix. Which should also compose. +This article is about how to replace =docker-compose= by =nix= for a local dev +environment. ** =nix-shell-fu= level 1 lesson @@ -275,7 +190,7 @@ Using redis-6.2.3 on port 16380 1785:M 10 Feb 2023 20:50:00.881 * Ready to accept connections #+end_src -Woo! Now we can control the port from the file. +Woo! We control the port from the file. That's nice. But, hmmm, has you might have noticed, when you quit the session it dumps the DB as the file =dump.rdb=. @@ -288,7 +203,7 @@ file and declare a directory that will contain all the state of the DB and of the nix configuration. #+begin_src nix -{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/21.05.tar.gz) {} }: +{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: let iport = 16380; port = toString iport; in pkgs.mkShell (rec { @@ -315,6 +230,7 @@ in pkgs.mkShell (rec { alias redisstop="echo 'Stopping Redis'; redis-cli -p ${port} shutdown; rm -rf $REDIS_DATA" nohup redis-server $REDIS_DATA/redis.conf > /dev/null 2>&1 & echo "When finished just run redisstop && exit" + trap redisstop EXIT ''; }) #+end_src @@ -373,12 +289,146 @@ redis, then purge all redis related data (as you would like in a development env Also, as compared to previous version, redis is launched in background so you could run commands in your nix shell. +Notice I also run ~redisstop~ command on exit of the nix-shell. So when you close +the nix-shell redis is stopped and the DB state is cleaned up. + ** =nix-shell-fu= level 3 lesson; composability -So in order for this part to be easier to follow, we'll go back to our first -example with the shell.nix that just ran hello. +Imagine we create another similar nix file, but this time to launch postgresql. +Roughtly, you will again build a nix set, that will contain a few env variables, +along the following entries =buildInputs=, =nativeBuildInputs= and =shellHook=. -** Appendice +The issue is that in both nix files you will have the following form: + +#+begin_src nix +{ pkgs ? import ( ... ) {} }: +mkShell { PGDATA = ...; + buildInputs = [ dependency-1 ... dependency-n ]; + nativeBuildInputs = [ dependency-1 ... dependency-n ]; + shellHook = '' ... ''; + } +#+end_src + +And you cannot use that directly. +So to solve the problem, instead we will replace this format by removing =mkShell= +and pass the mkShell parameter instead. +We also need to be more precise about where are declared the environment +variables. + +#+begin_src nix +{ pkgs ? import ( ... ) {} }: +let env = { PGDATA = ...; } +in { inherit env; # equivalent to env = env; + buildInputs = [ dependency-1 ... dependency-n ]; + nativeBuildInputs = [ dependency-1 ... dependency-n ]; + shellHook = '' ... ''; + } +#+end_src + +With this, we can compose two nix set into a single merged one that will be +suitable for argument of mkShell. +Another minor detail, but important one. In bash, the command ~trap~ do not +accumulate but replace the function. For our need, we want to run all stop +function on exit. So the ~trap~ directive added in the shell hook does not compose +naturally. This is why we add a =stop= value that will contain the name of the +bash function to call to stop and cleanup a service. + +Finally the main structure for each of our service will look like: + +#+begin_src nix +{ pkgs ? import ( ... ) {} }: +let env = { PGDATA = ...; } +in { inherit env; # equivalent to env = env; + buildInputs = [ dependency-1 ... dependency-n ]; + nativeBuildInputs = [ dependency-1 ... dependency-n ]; + shellHook = '' ... ''; + stop = "stoppostgres" + } +#+end_src + +Mainly to merge we will just need to run: + +#+begin_src nix +{ pkgs ? import (...) {}}: +let + # merge all the env sets + mergedEnvs = builtins.foldl' (acc: e: acc // e) {} envs; + # merge all the confs by accumulating the dependencies + # and concatenating the shell hooks. + mergedConfs = + builtins.foldl' + (acc: {buildInputs ? [], nativeBuildInputs ? [], shellHook ? "", ...}: + { buildInputs = acc.buildInputs ++ buildInputs; + nativeBuildInputs = acc.nativeBuildInputs ++ nativeBuildInputs; + shellHook = acc.shellHook + shellHook; + }) + emptyConf + confs; +in mkShell (mergedEnvs // mergedConfs) +#+end_src + +The full solution to deal with other minor details like importing the files, +dealing with the exit of the shell is here: + +#+begin_src nix +{ mergeShellConfs = + # imports should contain a list of nix files + { pkgs, imports }: + let confs = map (f: import f { inherit pkgs; }) imports; + envs = map ({env ? {}, ...}: env) confs; + # list the name of a command to stop a service (if none provided just use ':' which mean noop) + stops = map ({stop ? ":", ...}: stop) confs; + # we want to stop all services on exit + stopCmd = builtins.concatStringsSep " && " stops; + # we would like to add a shellHook to cleanup the service that will call + # all cleaning-up function declared in sub-shells + lastConf = + { shellHook = '' + stopall() { ${stopCmd}; } + echo "You can manually stop all services by calling stopall" + trap stopall EXIT + ''; + }; + # merge Environment variables needed for other shell environments + mergedEnvs = builtins.foldl' (acc: e: acc // e) {} envs; + # zeroConf is the minimal empty configuration needed + zeroConf = {buildInputs = []; nativeBuildInputs = []; shellHook="";}; + # merge all confs by appending buildInputs and nativeBuildInputs + # and by concatenating the shellHooks + mergedConfs = + builtins.foldl' + (acc: {buildInputs ? [], nativeBuildInputs ? [], shellHook ? "", ...}: + { buildInputs = acc.buildInputs ++ buildInputs; + nativeBuildInputs = acc.nativeBuildInputs ++ nativeBuildInputs; + shellHook = acc.shellHook + shellHook; + }) + zeroConf + (confs ++ [lastConf]); + in (mergedEnvs // mergedConfs); +} +#+end_src + +So I put this function declaration in a file named =./nix/merge-shell.nix=. +And I have a =pg.nix= as well as a =redis.nix= file in the =nix= directory. +On the root of the project the main =shell.nix= looks like: + +#+begin_src nix +{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: +let + # we import the file, and rename the function mergeShellConfs as mergeShells + mergeShells = (import ./nix/merge-shell.nix).mergeShellConfs; + # we call mergeShells + mergedShellConfs = + mergeShells { inherit pkgs; + # imports = [ ./nix/pg.nix ./nix/redis.nix ]; + imports = [ ./nix/pg.nix ./nix/redis.nix ]; + }; +in pkgs.mkShell mergedShellConfs +#+end_src + +And, that's it. + +** Appendix *** <> Digression @@ -390,7 +440,7 @@ But here, this block represent a function. The function takes as input a "nix set" (which you can see as an associative array, or a hash-map or also a javascript object depending on your preference), and this set is expected to contain a field named =pkgs=. If =pkgs= is not provided, -it will us the set from the stable version 22.11 of nixpkgs by downloading them +it will use the set from the stable version 22.11 of nixpkgs by downloading them from github archive. The second part of the function generate "something" that is returned by an internal function of the standard library provided by =nix= which is named @@ -407,3 +457,106 @@ mechanism to manipulate directly =derivation=. So in order to make that composable, you need to call the =derivation= internal function at the very end only. The argument of all these functions are /nix sets/ +*** The full nix files for postgres + +For postgres: + +#+begin_src nix +{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: + let iport = 15432; + port = toString iport; + pguser = "pguser"; + pgpass = "pgpass"; + pgdb = "iroh"; + # env should contain all variable you need to configure correctly mkShell + # so ENV_VAR, but also any other kind of variables. + env = { + postgresConf = + pkgs.writeText "postgresql.conf" + '' + # Add Custom Settings + log_min_messages = warning + log_min_error_statement = error + log_min_duration_statement = 100 # ms + log_connections = on + log_disconnections = on + log_duration = on + #log_line_prefix = '[] ' + log_timezone = 'UTC' + log_statement = 'all' + log_directory = 'pg_log' + log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' + logging_collector = on + log_min_error_statement = error + ''; + + postgresInitScript = + pkgs.writeText "init.sql" + '' + CREATE DATABASE ${pgdb}; + CREATE USER ${pguser} WITH ENCRYPTED PASSWORD '${pgpass}'; + GRANT ALL PRIVILEGES ON DATABASE ${pgdb} TO ${pguser}; + ''; + + PGDATA = "${toString ./.}/.pg"; + }; + in env // { + # Warning if you add an attribute like an ENV VAR you must do it via env. + inherit env; + # must contain buildInputs, nativeBuildInputs and shellHook + buildInputs = [ pkgs.coreutils + pkgs.jdk11 + pkgs.lsof + pkgs.plantuml + pkgs.leiningen + ]; + nativeBuildInputs = [ + pkgs.zsh + pkgs.vim + pkgs.nixpkgs-fmt + pkgs.postgresql_11 + + # postgres-11 with postgis support + # (pkgs.postgresql_11.withPackages (p: [ p.postgis ])) + ]; + + # Post Shell Hook + shellHook = '' + echo "Using ${pkgs.postgresql_12.name}. port: ${port} user: ${pguser} pass: ${pgpass}" + + # Setup: other env variables + export PGHOST="$PGDATA" + # Setup: DB + [ ! -d $PGDATA ] \ + && pg_ctl initdb -o "-U postgres" \ + && cat "$postgresConf" >> $PGDATA/postgresql.conf + pg_ctl -o "-p ${port} -k $PGDATA" start + echo "Creating DB and User" + psql -U postgres -p ${port} -f $postgresInitScript + + function pgstop { + echo "Stopping and Cleaning up Postgres"; + pg_ctl stop && rm -rf $PGDATA + } + + alias pg="psql -p ${port} -U postgres" + echo "Send SQL commands with pg" + trap pgstop EXIT + ''; + stop = "pgstop"; + } +#+end_src + +And to just launch Posgresql, there is also this file =./nix/pgshell.nix=, that +simply contains + +#+begin_src nix +{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: +let pg = import ./pg.nix { inherit pkgs; }; +in with pg; pkgs.mkShell ( env // + { + buildInputs = buildInputs; + nativeBuildInputs = nativeBuildInputs ; + shellHook = shellHook; + }) +#+end_src diff --git a/notes/permission_outside_scopes.org b/notes/permission_outside_scopes.org new file mode 100644 index 00000000..6c07c47b --- /dev/null +++ b/notes/permission_outside_scopes.org @@ -0,0 +1,57 @@ +:PROPERTIES: +:ID: 8c6d80b5-dc83-40ee-b187-4b0427c77f78 +:END: +#+title: Permissions outside scopes +#+Author: Yann Esposito +#+Date: [2023-03-10] + +- tags :: [[id:ce893df9-32a4-44e0-9eb5-b9817141ee6a][cisco]] [[id:299643a7-00e5-47fb-a987-3b9278e89da3][Auth]] +- source :: + +This was really interesting and this question about when to use or not scopes is +generally a recurring one. +So I should probably try to explain it more clearly. +Perhaps I would need to write a doc, but if I try to make it easier to +understand, maybe we can think about it this way. + +Scopes are permissions that we can control via the OAuth2 clients. So when we +put the permission inside scopes we gain: + +- the ability to restrict the permission for some clients (for example we will + be able to restrict DI access to some client without restricting access to + Secure Client while the user can access both) +- checking for permission is easier because all permission are centralized in + the scopes, always. This has consequences for the API as well as for the UIs + but also for all external clients, so the permission can be enforced and + published at the API level. + +If we plan to have another set of permission outside the scopes, say, have a +list of permission in another entity (like in the entitlement of the Org, or +something related): + +- In this case, the UI will need to check both the scopes and this new values. + Knowing that the structure of such list of permission will be pretty similar + to the structure of the scopes (mainly a list of string that represent + permissions). The clients will not easily be able to know if they can access + some resource or not. +- Internally, every API access permission only uses scopes, that would mean we + will need to add another independent layer of checking that could cause + confusion in the code, probably will have a non negligible impact on the + performance of every API call (as we will need to check more than the scope, + every API call will also need to perform addition call to the DB) +- We can no longer express that an OAuth2 Client is restricted to use some apps + (like if we change the entitlement, we can no longer restrict that client not + to use some app) +- With RBAC I see more and more concern about handling permission of external + applications via IROH, so here too, it is easier to handle via scopes +- Every client (not just UI and IROH) will need to check two different set of + permissions if they want to understand what is allowed to them or not. Mainly + instead of just checking scopes, they will also need to check another + permission system with potentially different access rules. + +Everything about it is quite technical and not easy to convey in a discussion. +But this is why I might need to write this down somewhere to explain the +advantages and drawbacks of using another dimension for permissions. +A good usage of not using scopes for some kind of permission are the audiences +because this is not about the User's permission, but about the Client permission +that still is granted to be used by some User. diff --git a/tracker.org b/tracker.org index 2c7fd02c..61c3028e 100644 --- a/tracker.org +++ b/tracker.org @@ -1,7 +1,7 @@ * 2022 ** 2022-W05 *** 2022-02-03 Thursday -**** DONE activate logout issue :work: +**** DONE activate logout issue :work: :LOGBOOK: CLOCK: [2022-02-03 Thu 17:17]--[2022-02-03 Thu 19:02] => 1:45 :END: @@ -55,7 +55,7 @@ CLOCK: [2022-02-07 Mon 10:33]--[2022-02-07 Mon 10:54] => 0:21 :END: [2022-02-07 Mon 10:53] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Check Customer bug with tiles.][Check Customer bug with tiles.]] -**** DONE Check Customer bug with tiles. :work: +**** DONE Check Customer bug with tiles. :work: :LOGBOOK: CLOCK: [2022-02-07 Mon 09:52]--[2022-02-07 Mon 10:33] => 0:41 :END: @@ -271,7 +271,7 @@ CLOCK: [2022-02-17 Thu 17:00]--[2022-02-17 Thu 20:45] => 3:45 index page is always tk-server *** 2022-02-18 Friday -**** DONE Fix module-type :work: +**** DONE Fix module-type :work: :LOGBOOK: CLOCK: [2022-02-18 Fri 12:21]--[2022-02-18 Fri 15:51] => 3:30 :END: @@ -558,7 +558,7 @@ Two subjects - Logs / debugging ***** -**** DONE IDB Decomissioning :work: +**** DONE IDB Decomissioning :work: :LOGBOOK: CLOCK: [2022-02-23 Wed 14:48]--[2022-02-23 Wed 15:18] => 0:30 :END: @@ -667,7 +667,7 @@ The configs details are in: =saltstack/pillar/*/iroh/init.sls= #+end_src ** 2022-W10 *** 2022-03-07 Monday -**** DONE Big PR Refresh Tokens :work: +**** DONE Big PR Refresh Tokens :work: :LOGBOOK: CLOCK: [2022-03-07 Mon 09:47]--[2022-03-07 Mon 18:17] => 8:30 :END: @@ -810,7 +810,7 @@ CLOCK: [2022-03-11 Fri 16:29]--[2022-03-11 Fri 17:59] => 1:30 ***** Actions ** 2022-W11 *** 2022-03-15 Tuesday -**** DONE IDB Decommission CSA :work: +**** DONE IDB Decommission CSA :work: :LOGBOOK: CLOCK: [2022-03-15 Tue 17:35]--[2022-03-16 Wed 15:31] => 21:56 :END: @@ -1017,8 +1017,7 @@ CLOCK: [2022-05-05 Thu 16:30]--[2022-05-05 Thu 16:51] => 0:21 [2022-05-05 Thu 16:30] ** - -** +** *Prerna* love to Sing, Adele, indian songs, Karaoke, (feel bad at gardening) Hamed Saadi: wanted to be professional soccer, love orchid @@ -1035,9 +1034,8 @@ CLOCK: [2022-05-09 Mon 17:04]--[2022-05-10 Tue 09:47] => 16:43 :END: [2022-05-09 Mon 17:04] ***** Presenting SecureX - *** 2022-05-11 Wednesday -**** MEETING Tenant switching :work:meeting: +**** MEETING Tenant switching :work:meeting: :LOGBOOK: CLOCK: [2022-05-11 Wed 16:28]--[2022-05-11 Wed 17:09] => 0:41 :END: @@ -1049,9 +1047,8 @@ Proposal, 1. host on the same URL as IROH (so both CTR and Visibility) 2. Use query parameters + localStorage might not be enough because there is a huge risk of attack. - *** 2022-05-12 Thursday -**** DISC Topo for meeting :work:discussion: +**** DISC Topo for meeting :work:discussion: :LOGBOOK: CLOCK: [2022-05-12 Thu 11:21]--[2022-05-12 Thu 15:39] => 4:18 :END: @@ -1066,11 +1063,9 @@ Invisible work: - UI design discussion about tenant switching even if we agree about most of the backend work that could be done concurrently. - Discussion about "bugs" that were just wording issue - ** 2022-W20 - *** 2022-05-17 Tuesday -**** MEETING Devin Walters :work:meeting: +**** MEETING Devin Walters :work:meeting: :LOGBOOK: CLOCK: [2022-05-17 Tue 17:03]--[2022-05-17 Tue 19:03] => 2:00 :END: @@ -1079,9 +1074,8 @@ CLOCK: [2022-05-17 Tue 17:03]--[2022-05-17 Tue 19:03] => 2:00 ***** Agenda (to discuss about) ***** Notes ***** Actions - *** 2022-05-18 Wednesday -**** MEETING API Design Meeting :work:meeting: +**** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-05-18 Wed 17:42]--[2022-05-18 Wed 19:35] => 1:53 :END: @@ -1093,9 +1087,8 @@ Umbrella talk, hunting, etc… Check Token Exchange Okta token exchange for a IROH Auth exchange. DONE Create a new Epic for IROH Auth Token Exchange. - *** 2022-05-19 Thursday -**** DONE Analyze Token Exchange RFC [[https://github.com/advthreat/iroh/issues/6740][#6740]] :work: +**** DONE [#6740] Analyze Token Exchange RFC [[https://github.com/advthreat/iroh/issues/6740]] :work: SCHEDULED: <2022-05-30 Mon 14:00-16:00> :LOGBOOK: - State "DONE" from "HOLD" [2022-05-30 Mon 17:16] @@ -1106,9 +1099,7 @@ CLOCK: [2022-05-30 Mon 16:15]--[2022-05-30 Mon 17:15] => 1:00 [2022-05-19 Thu 09:27] - ref :: [[https://github.com/advthreat/iroh/issues/6740][#6740]] SCHEDULED: <2022-05-19 Thu> - ** 2022-W21 - *** 2022-05-24 Tuesday **** CHAT Work on BUG for the UI :work:chat: :LOGBOOK: @@ -1188,9 +1179,7 @@ on NAM backup value with idp-mapping from Rekha and probably Dar. "user-nick": "Diogenes Davoli" } #+end_src - ** 2022-W22 - *** 2022-05-30 Monday **** DONE Help Michael Simonson [[https://github.com/advthreat/response/issues/1315][#response/1315]] :work: SCHEDULED: <2022-05-29 Sun 10:30-10:40> @@ -1205,30 +1194,28 @@ SCHEDULED: <2022-05-30 Mon 10:20-10:30> CLOCK: [2022-05-30 Mon 10:25]--[2022-05-30 Mon 10:29] => 0:04 :END: [2022-05-30 Mon 10:12] -**** DONE Reset https://pwreset.cisco.com :work: +**** DONE Reset https://pwreset.cisco.com :work: SCHEDULED: <2022-05-30 Mon 10:30-10:40> :LOGBOOK: CLOCK: [2022-05-30 Mon 10:34]--[2022-05-30 Mon 10:37] => 0:03 :END: [2022-05-30 Mon 09:38] - ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Create Tasks from Webex][Create Tasks from Webex]] - *** 2022-06-01 Wednesday -**** DONE Document what need to be done for Token Exchange :work: +**** DONE Document what need to be done for Token Exchange :work: SCHEDULED: <2022-06-01 Wed 10:35-11:30> :LOGBOOK: CLOCK: [2022-06-01 Wed 11:26]--[2022-06-01 Wed 11:59] => 0:33 CLOCK: [2022-06-01 Wed 10:35]--[2022-06-01 Wed 11:25] => 0:50 :END: [2022-06-01 Wed 10:32] - *** 2022-06-02 Thursday -**** MEETING Town Hall :work:meeting: +**** MEETING Town Hall :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 18:00]--[2022-06-02 Thu 19:20] => 1:20 :END: [2022-06-02 Thu 20:13] -**** MEETING Weekly meeting :work:meeting: +**** MEETING Weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 17:06]--[2022-06-02 Thu 17:55] => 0:49 :END: @@ -1248,8 +1235,7 @@ CLOCK: [2022-06-02 Thu 17:06]--[2022-06-02 Thu 17:55] => 0:49 - oauth2 client password update - simplification - -**** MEETING Tenant Switching :work:meeting: +**** MEETING Tenant Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 16:32]--[2022-06-02 Thu 17:06] => 0:34 :END: @@ -1258,19 +1244,19 @@ CLOCK: [2022-06-02 Thu 16:32]--[2022-06-02 Thu 17:06] => 0:34 ***** Agenda (to discuss about) ***** Notes ***** Actions -**** DONE Fix config issue :work: +**** DONE Fix config issue :work: SCHEDULED: <2022-06-02 Thu> :LOGBOOK: CLOCK: [2022-06-03 Fri 17:00]--[2022-06-03 Fri 17:55] => 0:55 CLOCK: [2022-06-02 Thu 15:34]--[2022-06-02 Thu 16:30] => 0:56 :END: [2022-06-02 Thu 15:34] -**** PAUSE sortir le chien :pause: +**** PAUSE sortir le chien :pause: :LOGBOOK: CLOCK: [2022-06-02 Thu 14:25]--[2022-06-02 Thu 15:33] => 1:08 :END: [2022-06-02 Thu 15:32] -**** MEETING Meeting with Olivier :work:meeting: +**** MEETING Meeting with Olivier :work:meeting: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:55]--[2022-06-02 Thu 11:58] => 2:03 :END: @@ -1279,19 +1265,18 @@ CLOCK: [2022-06-02 Thu 09:55]--[2022-06-02 Thu 11:58] => 2:03 ***** Agenda (to discuss about) ***** Notes ***** Actions -**** GEEK org-mode / org-calendar tweaking :perso: +**** GEEK org-mode / org-calendar tweaking :perso: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:32]--[2022-06-02 Thu 09:55] => 0:23 :END: [2022-06-02 Thu 09:38] -**** DISC answered to Jyoti :work:discussion: +**** DISC answered to Jyoti :work:discussion: :LOGBOOK: CLOCK: [2022-06-02 Thu 09:02]--[2022-06-02 Thu 09:32] => 0:30 :END: [2022-06-02 Thu 09:32] - *** 2022-06-03 Friday -**** MEETING Tenant Switching :work:meeting: +**** MEETING Tenant Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-03 Fri 16:31]--[2022-06-03 Fri 16:42] => 0:11 :END: @@ -1305,7 +1290,7 @@ CLOCK: [2022-06-03 Fri 16:45]--[2022-06-03 Fri 16:59] => 0:14 CLOCK: [2022-06-03 Fri 14:36]--[2022-06-03 Fri 16:31] => 1:55 :END: [2022-06-03 Fri 14:36] -**** DONE Check duplicate user by org :work: +**** DONE Check duplicate user by org :work: SCHEDULED: <2022-06-03 Fri> :LOGBOOK: CLOCK: [2022-06-03 Fri 13:50]--[2022-06-03 Fri 14:36] => 0:46 @@ -1313,11 +1298,9 @@ CLOCK: [2022-06-03 Fri 13:50]--[2022-06-03 Fri 14:36] => 0:46 [2022-06-03 Fri 13:49] - ref :: https://github.com/advthreat/response/issues/1331#event-6730353206 - ** 2022-W23 - *** 2022-06-07 Tuesday -**** CANCELED PR to have 5min expiration time for iroh-ui client :work: +**** CANCELED PR to have 5min expiration time for iroh-ui client :work: SCHEDULED: <2022-06-08 Wed 14:30-16:00> :LOGBOOK: - State "CANCELED" from "TODO" [2022-06-08 Wed 17:06] \\ @@ -1334,63 +1317,62 @@ CLOCK: [2022-06-07 Tue 17:58]--[2022-06-07 Tue 18:58] => 1:00 CLOCK: [2022-06-07 Tue 16:40]--[2022-06-07 Tue 17:00] => 0:20 :END: [2022-06-07 Tue 16:40] -**** DONE Propose a technical solution for [[https://github.com/advthreat/iroh/issues/6770][6770]] :work: +**** DONE Propose a technical solution for [[https://github.com/advthreat/iroh/issues/6770][6770]] :work: SCHEDULED: <2022-06-08 Wed 11:00> :LOGBOOK: CLOCK: [2022-06-08 Wed 11:20]--[2022-06-08 Wed 11:49] => 0:29 :END: [2022-06-07 Tue 15:23] -**** DONE Remove duplicates [[https://github.com/advthreat/iroh/issues/6769#issuecomment-1148580667][duplicate]] :work: +**** DONE Remove duplicates [[https://github.com/advthreat/iroh/issues/6769#issuecomment-1148580667][duplicate]] :work: SCHEDULED: <2022-06-16 Thu 11:00-11:20> :LOGBOOK: CLOCK: [2022-06-09 Thu 10:43]--[2022-06-09 Thu 10:44] => 0:01 :END: [2022-06-07 Tue 15:14] -**** DONE Weekly Leads :work:meeting: +**** DONE Weekly Leads :work:meeting: :LOGBOOK: CLOCK: [2022-06-07 Tue 15:14]--[2022-06-07 Tue 16:30] => 1:16 :END: [2022-06-07 Tue 15:14] -**** PAUSE pause :pause: +**** PAUSE pause :pause: :LOGBOOK: CLOCK: [2022-06-07 Tue 11:17]--[2022-06-07 Tue 14:38] => 3:21 :END: [2022-06-07 Tue 11:17] -**** DONE discuss [[https://github.com/advthreat/iroh/issues/6740#issuecomment-1148013914][Wanderson comment on Refresh Token]] :work: +**** DONE discuss [[https://github.com/advthreat/iroh/issues/6740#issuecomment-1148013914][Wanderson comment on Refresh Token]] :work: SCHEDULED: <2022-06-07 Tue 14:30-14:45> [2022-06-07 Tue 10:02] -**** DONE Jeetu/Shaila keynote [[https://www.youtube.com/watch?v=PrgXKtTqDMI][RSA keynote]] start 1:15/1:28 :work: +**** DONE Jeetu/Shaila keynote [[https://www.youtube.com/watch?v=PrgXKtTqDMI][RSA keynote]] start 1:15/1:28 :work: SCHEDULED: <2022-06-07 Tue 10:50-11:20> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:58]--[2022-06-07 Tue 11:03] => 0:05 :END: [2022-06-07 Tue 09:47] -**** DONE Check Wanderson discussion [[https://github.com/advthreat/iroh/pull/6773][switch-tenant jwt endpoint]] :work: +**** DONE Check Wanderson discussion [[https://github.com/advthreat/iroh/pull/6773][switch-tenant jwt endpoint]] :work: SCHEDULED: <2022-06-07 Tue 10:30-10:50> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:41]--[2022-06-07 Tue 10:58] => 0:17 CLOCK: [2022-06-07 Tue 10:19]--[2022-06-07 Tue 10:40] => 0:21 :END: [2022-06-07 Tue 09:45] -**** DONE Team Space [[https://teamspace.cisco.com/sso/cisco/redirect/L215Y2hlY2tpbnMvd2l6YXJk][check-in]] :work: +**** DONE Team Space [[https://teamspace.cisco.com/sso/cisco/redirect/L215Y2hlY2tpbnMvd2l6YXJk][check-in]] :work: SCHEDULED: <2022-06-07 Tue 10:00> :LOGBOOK: CLOCK: [2022-06-07 Tue 10:07]--[2022-06-07 Tue 10:12] => 0:05 :END: [2022-06-07 Tue 09:42] -**** DONE pwreset :work: +**** DONE pwreset :work: :LOGBOOK: CLOCK: [2022-06-07 Tue 09:30]--[2022-06-07 Tue 09:41] => 0:11 :END: [2022-06-07 Tue 09:38] - *** 2022-06-08 Wednesday **** IN-PROGRESS Create issue about filtering matching orgs with already existing user email :work: :LOGBOOK: CLOCK: [2022-06-08 Wed 16:56]--[2022-06-08 Wed 17:06] => 0:10 :END: [2022-06-08 Wed 16:56] -**** MEETING Tenant Switching sync :work:meeting: +**** MEETING Tenant Switching sync :work:meeting: :LOGBOOK: CLOCK: [2022-06-08 Wed 16:45]--[2022-06-08 Wed 16:56] => 0:11 :END: @@ -1403,15 +1385,14 @@ CLOCK: [2022-06-08 Wed 16:09]--[2022-06-08 Wed 16:45] => 0:36 CLOCK: [2022-06-08 Wed 15:32]--[2022-06-08 Wed 16:09] => 0:37 :END: [2022-06-08 Wed 15:32] -**** DONE meeting things to talk about :work: +**** DONE meeting things to talk about :work: SCHEDULED: <2022-06-08 Wed 16:30-17:00> [2022-06-08 Wed 11:37] - ***** Invitations UI/UX improvements - https://github.com/advthreat/iroh/issues/6770 - https://github.com/advthreat/iroh/issues/6778 -**** DONE Check [[https://github.com/advthreat/iroh/pull/6773#event-6763342426][Doc for tenant switching]] :work: +**** DONE Check [[https://github.com/advthreat/iroh/pull/6773#event-6763342426][Doc for tenant switching]] :work: SCHEDULED: <2022-06-08 Wed 14:00-14:15> :LOGBOOK: CLOCK: [2022-06-08 Wed 14:02]--[2022-06-08 Wed 14:16] => 0:14 @@ -1433,9 +1414,8 @@ flag, and also adding a different config, etc… But notice that you can refresh after 5min even if the access token is still valid. So you should probably start with that. - *** 2022-06-09 Thursday -**** MEETING weekly meeting :work:meeting: +**** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-09 Thu 17:15]--[2022-06-09 Thu 18:08] => 0:53 :END: @@ -1448,7 +1428,7 @@ CLOCK: [2022-06-09 Thu 17:15]--[2022-06-09 Thu 18:08] => 0:53 CLOCK: [2022-06-09 Thu 15:10]--[2022-06-09 Thu 15:27] => 0:17 :END: [2022-06-09 Thu 15:10] -**** CANCELED Add refresh token / client info in the access tokens :work: +**** CANCELED Add refresh token / client info in the access tokens :work: SCHEDULED: <2022-06-14 Tue 15:30-16:30> :LOGBOOK: - State "CANCELED" from "IN-PROGRESS" [2022-06-16 Thu 10:52] \\ @@ -1458,7 +1438,7 @@ CLOCK: [2022-06-09 Thu 15:27]--[2022-06-09 Thu 17:15] => 1:48 CLOCK: [2022-06-09 Thu 14:12]--[2022-06-09 Thu 15:10] => 0:58 :END: [2022-06-09 Thu 14:12] -**** DONE Check [[https://github.com/advthreat/iroh/pull/6764][Free Trial Design Doc]] :work: +**** DONE Check [[https://github.com/advthreat/iroh/pull/6764][Free Trial Design Doc]] :work: SCHEDULED: <2022-06-22 Wed 16:00-16:30> [2022-06-09 Thu 11:45] **** CHAT Chris Duane PenTest :work:chat: @@ -1466,12 +1446,12 @@ SCHEDULED: <2022-06-22 Wed 16:00-16:30> CLOCK: [2022-06-09 Thu 11:17]--[2022-06-09 Thu 11:54] => 0:37 :END: [2022-06-09 Thu 11:17] -**** DONE impression chiens :interruption:work: +**** DONE impression chiens :interruption:work: :LOGBOOK: CLOCK: [2022-06-09 Thu 10:32]--[2022-06-09 Thu 10:42] => 0:10 :END: [2022-06-09 Thu 10:32] -**** DONE Answer to Ag :work: +**** DONE Answer to Ag :work: SCHEDULED: <2022-06-09 Thu 10:45-10:55> :LOGBOOK: CLOCK: [2022-06-09 Thu 11:54]--[2022-06-09 Thu 12:02] => 0:08 @@ -1541,14 +1521,12 @@ For enabling a module by id I don't know much, this is probably a method from ~M Cheers, Yann. - *** 2022-06-10 Friday -**** DISC Chien Espoir & Handicap :work:discussion: +**** DISC Chien Espoir & Handicap :work:discussion: :LOGBOOK: CLOCK: [2022-06-10 Fri 10:41]--[2022-06-10 Fri 14:35] => 3:54 :END: [2022-06-10 Fri 10:41] - ***** Acceuil @@ -1559,8 +1537,6 @@ Handicap supportés: - handicap moteur - troubles autistiques - troubles visuels - - **** CHAT Allison Walters role sync :work:chat: :LOGBOOK: CLOCK: [2022-06-10 Fri 09:05]--[2022-06-10 Fri 09:41] => 0:36 @@ -1677,24 +1653,22 @@ So things are more complex when user create SXSO account before officially migrating their org for example. Cheers. -**** DONE Review [[https://github.com/advthreat/iroh/pull/6791][#6791 Wanderson access/refresh]] :work: +**** DONE Review [[https://github.com/advthreat/iroh/pull/6791][#6791 Wanderson access/refresh]] :work: SCHEDULED: <2022-06-10 Fri 14:00-14:30> [2022-06-10 Fri 09:00] - ** 2022-W24 - *** 2022-06-13 Monday -**** DONE Krystelle rescrit :interruption: +**** DONE Krystelle rescrit :interruption: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:55]--[2022-06-13 Mon 17:02] => 0:07 :END: [2022-06-13 Mon 16:55] -**** DONE Lionel Rebière :interruption: +**** DONE Lionel Rebière :interruption: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:43]--[2022-06-13 Mon 16:55] => 0:12 :END: [2022-06-13 Mon 16:43] -**** MEETING weekly Account Switching :work:meeting: +**** MEETING weekly Account Switching :work:meeting: :LOGBOOK: CLOCK: [2022-06-13 Mon 16:32]--[2022-06-13 Mon 16:43] => 0:11 :END: @@ -1705,19 +1679,16 @@ Maison Relancer le rescrit, dons défiscalisés. - 2 premiers benef test. - - -**** IN-PROGRESS telephone :interruption:work: +**** IN-PROGRESS telephone :interruption:work: :LOGBOOK: CLOCK: [2022-06-13 Mon 15:24]--[2022-06-13 Mon 16:32] => 1:08 :END: [2022-06-13 Mon 15:24] -**** IN-PROGRESS Security Fix (revocation on disable) :work: +**** IN-PROGRESS Security Fix (revocation on disable) :work: :LOGBOOK: CLOCK: [2022-06-13 Mon 15:10]--[2022-06-13 Mon 15:24] => 0:14 :END: [2022-06-13 Mon 15:10] - *** 2022-06-14 Tuesday **** DONE Review [[https://github.com/advthreat/iroh/pull/6785][Tenant switching route to return JWT of other account]] :work: SCHEDULED: <2022-06-14 Tue 15:00-15:30> @@ -1725,28 +1696,26 @@ SCHEDULED: <2022-06-14 Tue 15:00-15:30> CLOCK: [2022-06-14 Tue 15:20]--[2022-06-14 Tue 16:50] => 1:30 :END: [2022-06-14 Tue 14:52] - *** 2022-06-15 Wednesday -**** GEEK Chien Espoir Handicap site :perso: +**** GEEK Chien Espoir Handicap site :perso: :LOGBOOK: CLOCK: [2022-06-15 Wed 18:27]--[2022-06-15 Wed 22:15] => 3:48 :END: [2022-06-15 Wed 18:27] -**** DONE check time2give and click2give :work: +**** DONE check time2give and click2give :work: SCHEDULED: <2022-06-27 Mon 16:30-17:00> [2022-06-15 Wed 15:13] -**** DONE Webex Olivier :work: +**** DONE Webex Olivier :work: SCHEDULED: <2022-06-14 Tue 15:00-15:30> [2022-06-15 Wed 14:42] - *** 2022-06-16 Thursday -**** DONE [#B] List of technical issues to add to the next quarter :work: +**** DONE [#B] List of technical issues to add to the next quarter :work: SCHEDULED: <2022-06-17 Fri 10:30-11:00> :LOGBOOK: CLOCK: [2022-06-17 Fri 10:04]--[2022-06-17 Fri 11:06] => 1:02 :END: [2022-06-16 Thu 17:25] -**** MEETING weekly meeting :work:meeting: +**** MEETING weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2022-06-16 Thu 17:13]--[2022-06-16 Thu 20:19] => 3:06 :END: @@ -1763,35 +1732,28 @@ CLOCK: [2022-06-16 Thu 17:13]--[2022-06-16 Thu 20:19] => 3:06 not far from giving a good result in my branch. - The most important work is probably support Token Exchange compatible with SecureX Sign-On user identities when used as subject. -**** IN-PROGRESS revoke JWT when disabling users :work: +**** IN-PROGRESS revoke JWT when disabling users :work: :LOGBOOK: CLOCK: [2022-06-16 Thu 10:52]--[2022-06-16 Thu 17:13] => 6:21 :END: [2022-06-16 Thu 10:52] - *** 2022-06-17 Friday -**** IN-PROGRESS Revoke on disable :work: +**** IN-PROGRESS Revoke on disable :work: :LOGBOOK: CLOCK: [2022-06-17 Fri 11:06]--[2022-06-17 Fri 17:32] => 6:26 :END: [2022-06-17 Fri 11:06] - ** 2022-W25 - *** 2022-06-23 Thursday -**** MEETING API Design Meeting (with Jyoti) :work:meeting: +**** MEETING API Design Meeting (with Jyoti) :work:meeting: :LOGBOOK: CLOCK: [2022-06-23 Thu 17:59]--[2022-06-24 Fri 17:55] => 23:56 :END: [2022-06-23 Thu 17:59] - - - ***** Talos Mapping Michael Simonson data mapping from Talos. - -**** MEETING weekly :work:meeting: +**** MEETING weekly :work:meeting: :LOGBOOK: CLOCK: [2022-06-23 Thu 17:30]--[2022-06-23 Thu 17:59] => 0:29 :END: @@ -1801,14 +1763,13 @@ Work done In my current PR changed the iroh-auth-service protocol and it didn't break iroh-int !!!! Thanks Matt! -**** IN-PROGRESS Anticorruption & Bribery training :work: +**** IN-PROGRESS Anticorruption & Bribery training :work: :LOGBOOK: CLOCK: [2022-06-23 Thu 10:49]--[2022-06-23 Thu 17:30] => 6:41 :END: [2022-06-23 Thu 10:48] - *** 2022-06-24 Friday -**** MEETING Monthly Engineering :work:meeting: +**** MEETING Monthly Engineering :work:meeting: :LOGBOOK: CLOCK: [2022-06-24 Fri 17:55]--[2022-06-24 Fri 19:11] => 1:16 :END: @@ -1819,7 +1780,6 @@ CLOCK: [2022-06-24 Fri 17:55]--[2022-06-24 Fri 19:11] => 1:16 - new UI that will help managing your accounts, orgs, discover new orgs, etc… - Token Exchange; exchange an email or user-id for a SecureX JWT. - Org-level clients; handle OAuth2 clients when their owner leave the company - ***** Intro Just 1h. Lineup demos: @@ -1847,18 +1807,15 @@ Guillaume: - Tenant Switching - Improvements - - -**** DONE Answer ETA https://github.com/advthreat/iroh/issues/6769 :work: +**** DONE Answer ETA https://github.com/advthreat/iroh/issues/6769 :work: DEADLINE: <2022-06-24 Fri 16:00> SCHEDULED: <2022-06-24 Fri> [2022-06-24 Fri 10:38] - ** 2022-W32 - *** 2022-08-09 Tuesday -**** DONE Answer to Jyoti :work: +**** DONE Answer to Jyoti :work: SCHEDULED: <2022-08-09 Tue 11:00> [2022-08-09 Tue 09:47] -**** DONE Answer to question from Ben :work: +**** DONE Answer to question from Ben :work: SCHEDULED: <2022-08-09 Tue 10:00> [2022-08-09 Tue 09:45] @@ -1914,7 +1871,6 @@ need to present a similar page to the Google account switching everytime the session ends. So once a day, we would force our customer to see that page that could take a few seconds to load because it is loading in the background many different URLs. - *** 2022-08-12 Friday **** DONE Check clients qui seront disabled en PROD SCHEDULED: <2022-08-16 Tue> @@ -1943,10 +1899,7 @@ x 3933f5e0-50bb-49a7-bbf4-5944e0b709fd 2e0e9eaf-eaf7-4449-9c07-9fb1828aec78 not- x 7ef6da70-eeef-4a18-83ea-2e94dd6f9ba2 d76c035d-e896-438c-8d75-158be85fc958 not-enabled aklager+orbital_dev@cisco.com x owner d697511a-9164-49d0-8c7b-a5c1a11fb25d from org 576c9ad4-7820-44ca-9d5e-6ca678eadcd1 not found - - ***** Fixes - ****** NAM Replaced 3933f5e0-50bb-49a7-bbf4-5944e0b709fd by 9992027f-a88b-4b0e-8a38-58ad317c58af @@ -1954,7 +1907,6 @@ Replaced For client: client-3e55e6a3-4561-4733-b380-ffbd94733ba1 from d697511a-9164-49d0-8c7b-a5c1a11fb25d to me {"owner-id":"f0010924-e1bc-4b03-b600-89c6cf52757c", "org-id":"f47a89bf-5d2e-4392-b770-ad4821a82acf"} - ****** EU no org found: @@ -1967,7 +1919,6 @@ Replace by me: {"owner-id":"080c8271-e1c7-4fe6-b6e2-bc1fda123432", "org-id":"bfb43d46-4fc3-43e7-93bf-a1fbe020593b"} - ****** APJC client-92258bc0-196a-4f6c-a0b5-fe105de5f505 (SSE UI dev client) @@ -1978,32 +1929,26 @@ Replace by me: {"owner-id":"b19d5dea-5aa4-4265-b42d-9acc1e913f01", "org-id":"d461811f-e6ce-477c-bae3-1d7527f4e80b"} - ** 2022-W33 - *** 2022-08-17 Wednesday -**** CANCELED Reward Sofiia for helping with creds :work: +**** CANCELED Reward Sofiia for helping with creds :work: SCHEDULED: <2022-08-17 Wed> :LOGBOOK: - State "CANCELED" from "TODO" [2022-09-09 Fri 09:56] :END: [2022-08-17 Wed 11:54] - ** 2022-W35 - *** 2022-08-31 Wednesday -**** MEETING API Design Meeting :work:meeting: +**** MEETING API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-08-31 Wed 18:33]--[2022-09-01 Thu 16:02] => 21:29 :END: [2022-08-31 Wed 18:33] ***** IROH Proxy for Orchestration - - -**** DONE Answer Chakrapani Chitnis :work: +**** DONE Answer Chakrapani Chitnis :work: SCHEDULED: <2022-08-31 Wed> [2022-08-31 Wed 09:27] -**** DONE Answer to Prerna in Switch Tenant Discussion :work: +**** DONE Answer to Prerna in Switch Tenant Discussion :work: SCHEDULED: <2022-08-31 Wed 10:00> [2022-08-31 Wed 09:24] @@ -2042,9 +1987,8 @@ https://github.com/advthreat/GLaDOS/issues/3404 So at least for now, I don't think we need to go further, the PR will be put on-hold until further discussion. - *** 2022-09-01 Thursday -**** MEETING Weekly :work:meeting: +**** MEETING Weekly :work:meeting: [2022-09-01 Thu 17:07] ***** Y @@ -2058,8 +2002,7 @@ Discuss about improving login workflow, was refused because it will break CTR. Idea occurred to me to split the test between integration one and the other. We could gain the docker init time for them ;) - -**** MEETING AO Meeting :work:meeting: +**** MEETING AO Meeting :work:meeting: :LOGBOOK: CLOCK: [2022-09-01 Thu 16:02]--[2022-09-03 Sat 13:16] => 45:14 :END: @@ -2070,29 +2013,23 @@ Leverage SX Module Integration - Lisa Hart PO of SXO - Briana Farro, presentation; - -***** Plan +***** Plan - Chris (PM); desired outcome - Pior Proposed Engineering Solutions - New Proposed Engineering Solution - ***** Product Statement Overview ****** Christopher Van Der Made open API (very few cisco product provide it) - ** 2022-W41 - *** 2022-10-12 Wednesday -**** DONE Add Allison Walters to the org of the demo client :work: +**** DONE Add Allison Walters to the org of the demo client :work: SCHEDULED: <2022-10-12 Wed> [2022-10-12 Wed 09:58] TEST ~client-2f0c934c-ce46-4187-afed-4cdcff937679~ email: allwalte@cisco.com - ** 2022-W42 - *** 2022-10-19 Wednesday -**** CANCELED Ask Robert Harris to update doc for ribbon :work: +**** CANCELED Ask Robert Harris to update doc for ribbon :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: - State "CANCELED" from "TODO" [2022-10-19 Wed 15:52] @@ -2100,13 +2037,13 @@ SCHEDULED: <2022-10-19 Wed> [2022-10-19 Wed 06:56] ref :: https://github.com/advthreat/pabst/blob/master/docs/ribbon2migration.md#oauth2-configuration -**** DONE Talk with Olivier about doc template :work: +**** DONE Talk with Olivier about doc template :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: CLOCK: [2022-10-19 Wed 10:07]--[2022-10-19 Wed 11:55] => 1:48 :END: [2022-10-19 Wed 06:56] -**** DONE Replace the scopes for Rooshan :work: +**** DONE Replace the scopes for Rooshan :work: SCHEDULED: <2022-10-19 Wed> :LOGBOOK: CLOCK: [2022-10-19 Wed 14:55]--[2022-10-19 Wed 15:52] => 0:57 @@ -2143,36 +2080,34 @@ New scopes: "vault/configs:read", ]} #+end_src - ** 2022-W43 *** 2022-10-24 Monday -**** DONE Faire l'ESTA :work: +**** DONE Faire l'ESTA :work: DEADLINE: <2022-10-25 Tue 18:00> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 15:59] -**** DONE [#B] Réserver vols Concur :work: +**** DONE [#B] Réserver vols Concur :work: DEADLINE: <2022-10-24 Mon 15:15> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 11:02] #+begin_quote -CISCO EMERGENCY TRAVEL NUMBER *88* OPTION 6 +CISCO EMERGENCY TRAVEL NUMBER *88* OPTION 6 ### PLEASE READ THIS IMPORTANT MESSAGE -PLEASE CALL THE CISCO TRAVEL TEAM TO -UPDATE CHANGE OR CANCEL THIS RESERVATION -PLEASE CALL *88* PROMPT 6 FROM ANY CISCO IP PHONE -OR 00 31 36 711 7711 PROMPT 6 ------PLEASE NOTE THESE IMPORTANT NUMBERS----- -----MEDICAL AND SECURITY TRAVEL EMERGENCY---- -US 1 800 206 5647 / TOLL FREE -AMER WEST AND WORLDWIDE COLLECT 1 408 525 1111 -AMER EAST 919 392 2222 OR 1 888 302 9081 -EMEA 44 20 8824 3434 -INDIA 91 80 4426 4111 / ASIA PAC 86 21 2407 3333 +PLEASE CALL THE CISCO TRAVEL TEAM TO +UPDATE CHANGE OR CANCEL THIS RESERVATION +PLEASE CALL *88* PROMPT 6 FROM ANY CISCO IP PHONE +OR 00 31 36 711 7711 PROMPT 6 +-----PLEASE NOTE THESE IMPORTANT NUMBERS----- +----MEDICAL AND SECURITY TRAVEL EMERGENCY---- +US 1 800 206 5647 / TOLL FREE +AMER WEST AND WORLDWIDE COLLECT 1 408 525 1111 +AMER EAST 919 392 2222 OR 1 888 302 9081 +EMEA 44 20 8824 3434 +INDIA 91 80 4426 4111 / ASIA PAC 86 21 2407 3333 -QI 8 COMPANY CISCOBE -QI 8 FORM AXQIITNBEEN +QI 8 COMPANY CISCOBE +QI 8 FORM AXQIITNBEEN #+end_quote - -**** DONE Update clients scopes :work: +**** DONE Update clients scopes :work: SCHEDULED: <2022-10-24 Mon 16:00> :LOGBOOK: CLOCK: [2022-10-24 Mon 15:43]--[2022-10-24 Mon 16:27] => 0:44 @@ -2219,7 +2154,6 @@ PATCH: "vault/config/metadata:read", "vault/configs:read"]} #+end_src - ***** NAM Backup #+begin_src json @@ -2270,7 +2204,7 @@ PATCH: #+end_src ***** EU Backup -#+begin_src +#+begin_src { "scopes": [ "admin/csc", @@ -2317,7 +2251,6 @@ PATCH: "created-at": "2020-04-16T21:08:15.035Z" } #+end_src - ***** APJC Backup #+begin_src json @@ -2367,77 +2300,62 @@ PATCH: "created-at": "2020-04-16T20:50:51.948Z" } #+end_src - - - -**** DONE Nag team :work: +**** DONE Nag team :work: DEADLINE: <2022-10-24 Mon 14:30> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 10:49] -**** DONE Team Space :work: +**** DONE Team Space :work: DEADLINE: <2022-10-24 Mon 15:00> SCHEDULED: <2022-10-24 Mon> [2022-10-24 Mon 10:49] - *** 2022-10-25 Tuesday -**** DONE Answer Krithika :work: +**** DONE Answer Krithika :work: DEADLINE: <2022-10-25 Tue 15:00> SCHEDULED: <2022-10-25 Tue> [2022-10-25 Tue 10:51] - ** 2022-W44 - *** 2022-11-01 Tuesday -**** DONE POST Off-site Discussion :work: +**** DONE POST Off-site Discussion :work: SCHEDULED: <2022-11-07 Mon> [2022-11-01 Tue 17:17] Incident View discussion: https://github.com/advthreat/iroh/issues/6976 - ** 2022-W45 - *** 2022-11-09 Wednesday -**** DONE Handle Flagged emails :work: +**** DONE Handle Flagged emails :work: SCHEDULED: <2022-11-10 Thu 11:00> [2022-11-09 Wed 18:36] - ** 2022-W46 - *** 2022-11-14 Monday -**** DONE Write RBAC Epic(s) :work: +**** DONE Write RBAC Epic(s) :work: SCHEDULED: <2022-11-14 Mon 14:00> :LOGBOOK: CLOCK: [2022-11-14 Mon 16:29]--[2022-11-14 Mon 18:05] => 1:36 :END: [2022-11-14 Mon 10:41] -**** DONE [#B] Comment on Jyoti doc :work: +**** DONE [#B] Comment on Jyoti doc :work: DEADLINE: <2022-11-14 Mon 11:30> SCHEDULED: <2022-11-14 Mon> :LOGBOOK: CLOCK: [2022-11-14 Mon 11:30]--[2022-11-14 Mon 15:42] => 4:12 :END: [2022-11-14 Mon 10:41] - https://github.com/advthreat/response/pull/1601 - *** 2022-11-16 Wednesday -**** DONE Préparation 1-1 Wanderson :work: +**** DONE Préparation 1-1 Wanderson :work: SCHEDULED: <2022-11-16 Wed> :LOGBOOK: CLOCK: [2022-11-16 Wed 11:24]--[2022-11-17 Thu 18:09] => 30:45 :END: [2022-11-16 Wed 11:24] - ** 2022-W47 - *** 2022-11-23 Wednesday -**** DONE SCA issues :work: +**** DONE SCA issues :work: SCHEDULED: <2022-11-24 Thu 11:00> [2022-11-23 Wed 19:40] - ***** Actions - [ ] Onboard API - [ ] Webhook on role change. - [ ] ENV/Region in the JWT at least id_token. - [ ] Time of provisioning 5 to 10 min. - -**** DONE TAC Impersonation doc :work: +**** DONE TAC Impersonation doc :work: SCHEDULED: <2022-11-24 Thu 10:00> :LOGBOOK: CLOCK: [2022-11-24 Thu 14:06]--[2022-11-24 Thu 14:13] => 0:07 @@ -2446,11 +2364,9 @@ CLOCK: [2022-11-24 Thu 14:06]--[2022-11-24 Thu 14:13] => 0:07 - take care of scopes - take care of user-switching or any other kind of JWT generation to keep track of act and scopes - ** 2022-W48 - *** 2022-11-29 Tuesday -**** IN-PROGRESS Put beta-flag :work: +**** IN-PROGRESS Put beta-flag :work: :LOGBOOK: CLOCK: [2022-11-29 Tue 15:32]--[2022-11-29 Tue 16:32] => 1:00 :END: @@ -2468,30 +2384,25 @@ https://github.com/advthreat/iroh/issues/7309 - Opus Holding (NA) - Org ID: 4b1b4bba-f310-4251-88c3-bdf3b93d6456 - Room & Board (NA) - Org ID: 794047a5-b023-489e-b5ee-6407fcdf0daa - Talos Energy (NA) - Org ID: c074a67d-1e57-4e4f-9f9d-0b9ed7847bf8 - ** 2022-W49 - *** 2022-12-05 Monday -**** DONE Review RoleService :work: +**** DONE Review RoleService :work: SCHEDULED: <2022-12-04 Sun 11:45> [2022-12-05 Mon 09:56] - *** 2022-12-06 Tuesday -**** DONE Finir et merger la PR de scopula :work: +**** DONE Finir et merger la PR de scopula :work: SCHEDULED: <2022-12-06 Tue> :LOGBOOK: - Note taken on [2022-12-07 Wed 10:48] CLOCK: [2022-12-06 Tue 11:11]--[2022-12-06 Tue 12:11] => 1:00 :END: [2022-12-06 Tue 11:11] - *** 2022-12-09 Friday -**** MEETING Monthly :work:meeting: +**** MEETING Monthly :work:meeting: :LOGBOOK: CLOCK: [2022-12-09 Fri 18:32]--[2022-12-09 Fri 19:08] => 0:36 :END: [2022-12-09 Fri 18:31] - ***** Service Team Pres Guillaume is at Black Hat: @@ -2515,42 +2426,34 @@ Auth Services Team: New member in the team that will work with Jerome Patrick Patat. ***** Demos ****** Matt - ** 2022-W50 - *** 2022-12-12 Monday -**** IN-PROGRESS Revoke Trusted clients grants :work: +**** IN-PROGRESS Revoke Trusted clients grants :work: :LOGBOOK: CLOCK: [2022-12-12 Mon 16:14]--[2022-12-13 Tue 17:44] => 25:30 :END: [2022-12-12 Mon 16:14] https://github.com/advthreat/iroh/pull/7394 - *** 2022-12-14 Wednesday -**** MEETING API Design Meeting :work:meeting: +**** MEETING API Design Meeting :work:meeting: [2022-12-14 Wed 18:34] - on Incident Creation - Trigger SXO event, decide if there is any automated workflow to trigger. Design for the Rule System. - * 2023 - ** 2023-W01 - *** 2023-01-03 Tuesday -**** MEETING 1-1 Wanderson :work:meeting: +**** MEETING 1-1 Wanderson :work:meeting: [2023-01-03 Tue 14:26] ***** Agenda (to discuss about) ***** Notes ***** Actions - ** 2023-W02 - *** 2023-01-09 Monday -**** MEETING RSA :work:meeting: +**** MEETING RSA :work:meeting: :LOGBOOK: CLOCK: [2023-01-09 Mon 16:32]--[2023-01-09 Mon 20:04] => 3:32 :END: @@ -2586,9 +2489,8 @@ Bi-weekly Demos - Cross-functional, coordinated effort around feature delivery every 2 weeks - Limit work in progress so we can demonstrate end to end functionality - All resources should be focused on MVP items (no side distraction) - *** 2023-01-11 Wednesday -**** MEETING Q3 Incident logs Notes :work:meeting: +**** MEETING Q3 Incident logs Notes :work:meeting: :LOGBOOK: CLOCK: [2023-01-11 Wed 17:11]--[2023-01-11 Wed 17:12] => 0:01 :END: @@ -2596,7 +2498,7 @@ CLOCK: [2023-01-11 Wed 17:11]--[2023-01-11 Wed 17:12] => 0:01 ***** Agenda (to discuss about) ***** Notes ***** Actions -**** MEETING IROH Events Meeting :work:meeting: +**** MEETING IROH Events Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-01-11 Wed 10:31]--[2023-01-11 Wed 16:28] => 5:57 :END: @@ -2616,21 +2518,18 @@ CLOCK: [2023-01-11 Wed 10:31]--[2023-01-11 Wed 16:28] => 5:57 (send-event :action-done x)) #+end_src ***** Actions - *** 2023-01-12 Thursday -**** MEETING Q3 Planning :work:meeting: +**** MEETING Q3 Planning :work:meeting: :LOGBOOK: CLOCK: [2023-01-12 Thu 17:02]--[2023-01-14 Sat 00:36] => 31:34 :END: [2023-01-12 Thu 17:01] - ***** Response Tab List of recommended actions. - some I can execute - some that need confirmation - log of action taken (on the right) - ****** UX Standpoint Steps: phases (identification, containment, eradication, recovery) @@ -2638,7 +2537,6 @@ Steps: phases (identification, containment, eradication, recovery) A list of things to do, and the user click on a button: confirm, execute, Add note, update, etc… Big button to skip a phase to next one. - ****** Questions How to keep track of the state. @@ -2647,27 +2545,22 @@ instance for an incident of a global Playbook. So this will contains, run-ids for workflow ids, state of the playbook from user interactions, actions, notes, etc… - -** - ** 2023-W04 - *** 2023-01-24 Tuesday -**** MEETING 1-1 Wanderson :work:meeting: +**** MEETING 1-1 Wanderson :work:meeting: :LOGBOOK: CLOCK: [2023-01-24 Tue 14:25]--[2023-01-24 Tue 14:45] => 0:20 :END: [2023-01-24 Tue 14:25] - *** 2023-01-26 Thursday -**** MEETING Weekly meeting :work:meeting: +**** MEETING Weekly meeting :work:meeting: :LOGBOOK: CLOCK: [2023-01-26 Thu 17:01]--[2023-01-26 Thu 18:08] => 1:07 :END: [2023-01-26 Thu 17:01] - -**** REVIEW Invitation RBAC :work:review: +**** REVIEW Invitation RBAC :work:review: :LOGBOOK: CLOCK: [2023-01-26 Thu 16:10]--[2023-01-26 Thu 16:22] => 0:12 :END: @@ -2675,7 +2568,7 @@ CLOCK: [2023-01-26 Thu 16:10]--[2023-01-26 Thu 16:22] => 0:12 **** DONE Ask to cherry-pick the fix https://github.com/advthreat/iroh/pull/7480 :work: DEADLINE: <2023-01-26 Thu 17:00> SCHEDULED: <2023-01-26 Thu> [2023-01-26 Thu 10:17] -**** DONE Prévenir le salon RBAC et Prerna :work: +**** DONE Prévenir le salon RBAC et Prerna :work: DEADLINE: <2023-02-13 Mon 16:00> [2023-01-26 Thu 10:06] @@ -2722,7 +2615,6 @@ role will not be able to work as the user with the new more restrictive role will not be able to approve the client. So we will probably need to take the time, integration by integration to check which one could be affected. - ***** Could break - The email to accept Org requests will have one link per role (should probably @@ -2745,11 +2637,9 @@ which one could be affected. will be many more specific element that could be disabled separately. - Potentially, some SXO discussions to provide, so working toward providing small JWT for them and switching to it in the future. - ** 2023-W06 - *** 2023-02-07 Tuesday -**** MEETING RBAC meeting :work:meeting: +**** MEETING RBAC meeting :work:meeting: :LOGBOOK: CLOCK: [2023-02-07 Tue 16:17]--[2023-02-08 Wed 16:01] => 23:44 :END: @@ -2758,12 +2648,11 @@ CLOCK: [2023-02-07 Tue 16:17]--[2023-02-08 Wed 16:01] => 23:44 - We will try to work on Security Analyst first. - Discussed about sync between SXO and SX about scopes and their internal permissions or roles (they choose their preference) - *** 2023-02-08 Wednesday -**** DONE Create the issues for PIAM work to be done :work: +**** DONE Create the issues for PIAM work to be done :work: SCHEDULED: <2023-02-09 Thu> [2023-02-08 Wed 19:33] -**** MEETING Weekly API Meeting :work:meeting: +**** MEETING Weekly API Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-02-08 Wed 18:33]--[2023-02-08 Wed 22:44] => 4:11 :END: @@ -2790,12 +2679,9 @@ Talk about: - Next steps: wait for the return of Christopher and just after discuss with SXO how to communicate the permissions (most probably using scopes but maybe not in the JWT). - ***** TODO Provide an impersonate route on the provisioning API to make calls ***** TODO Check SCA can init 1-click module setup - - -**** DONE Add scopes to Beta orgs :work: +**** DONE Add scopes to Beta orgs :work: :LOGBOOK: CLOCK: [2023-02-08 Wed 16:51]--[2023-02-08 Wed 17:39] => 0:48 :END: @@ -2804,26 +2690,24 @@ CLOCK: [2023-02-08 Wed 16:51]--[2023-02-08 Wed 17:39] => 0:48 Added for: - NAM c4538cf2-e6aa-4c13-b27a-e67788b51089 -- 4986f84e-745f-4f32-b840-803b97856e68​ - +- 4986f84e-745f-4f32-b840-803b97856e68 *** 2023-02-10 Friday -**** HOLD Add the impersonate scope to PIAM clients :work: -SCHEDULED: <2023-02-13 Mon 15:00> +**** CANCELED Add the impersonate scope to PIAM clients :work: +CLOSED: [2023-03-03 Fri 08:30] SCHEDULED: <2023-02-13 Mon 15:00> :LOGBOOK: +- State "CANCELED" from "HOLD" [2023-03-03 Fri 08:30] - State "HOLD" from "TODO" [2023-02-16 Thu 15:47] \\ We need to wait to know if we are going to provision internally. :END: [2023-02-10 Fri 15:23] - ** 2023-W07 - *** 2023-02-13 Monday -**** DONE Créer un meeting avec Murali et Christopher Van Der Made :work: +**** DONE Créer un meeting avec Murali et Christopher Van Der Made :work: SCHEDULED: <2023-02-14 Tue 10:00> [2023-02-13 Mon 17:06] We would like to talk with you to find a way to synchronize between IROH and SXO permissions. -**** MEETING RBAC :work:meeting: +**** MEETING RBAC :work:meeting: :LOGBOOK: CLOCK: [2023-02-13 Mon 16:32]--[2023-02-13 Mon 17:32] => 1:00 :END: @@ -2831,27 +2715,23 @@ CLOCK: [2023-02-13 Mon 16:32]--[2023-02-13 Mon 17:32] => 1:00 ***** Agenda (to discuss about) ***** Notes ***** Actions - *** 2023-02-14 Tuesday -**** DONE Finish to answer to Paul :work: +**** DONE Finish to answer to Paul :work: DEADLINE: <2023-02-15 Wed 11:00> SCHEDULED: <2023-02-14 Tue> [2023-02-14 Tue 18:32] -**** DONE Répondre à Paul Cichonski :work: +**** DONE Répondre à Paul Cichonski :work: SCHEDULED: <2023-02-13 Mon 17:00> [2023-02-14 Tue 15:46] - *** 2023-02-15 Wednesday -**** DONE Create an issue to internalize provisioning :work: +**** DONE Create an issue to internalize provisioning :work: DEADLINE: <2023-02-21 Tue 17:30> SCHEDULED: <2023-02-21 Tue> :LOGBOOK: CLOCK: [2023-02-22 Wed 14:00]--[2023-02-22 Wed 15:00] => 1:00 :END: [2023-02-15 Wed 19:17] - ***** Epic Epic https://github.com/advthreat/iroh/issues/7533 - ****** Specialized Provisioning Route for PIAM :PROPERTIES: :CUSTOM_ID: specialized-provisioning-route-for-piam @@ -2928,7 +2808,6 @@ contain the =module-id=. In order for this work to be completed every different team should provide a new endpoint to trigger the onboarding. - ****** =/onboard= Endpoint Specification :PROPERTIES: :CUSTOM_ID: onboard-endpoint-specification @@ -2972,7 +2851,6 @@ other data related to the onboarding. #+begin_example {"module-instance-id": String, ...} #+end_example - ******* Expectations :PROPERTIES: :CUSTOM_ID: expectations @@ -3036,7 +2914,6 @@ Once this is done, the provisioning endpoint will be able to retrieve, from a specific entitlement, a list of onboarding URL to call. Instead of writing all details here, we should first write a short specification about what is the best way to achieve this. - ****** Tasks - [ ] *dependency* DI check or update the onboarding endpoint @@ -3045,9 +2922,7 @@ about what is the best way to achieve this. - [ ] *dependency* SCA check or update the onboarding endpoint - [ ] Write the design related to the configuration of the onboarding URLs - [ ] Create the new endpoint - - -**** MEETING RBAC sync with SXO :work:meeting: +**** MEETING RBAC sync with SXO :work:meeting: :LOGBOOK: CLOCK: [2023-02-15 Wed 17:51]--[2023-02-15 Wed 18:51] => 1:00 :END: @@ -3055,7 +2930,6 @@ CLOCK: [2023-02-15 Wed 17:51]--[2023-02-15 Wed 18:51] => 1:00 ***** Agenda (to discuss about) 1. Explain the goal 2. Propose a technical solution - ****** Explain the goals Currently in (XDR/SecureX/CTR) IROH we only have two roles, user and admin. @@ -3070,15 +2944,12 @@ A first step will be to introduce new role to propose up to 7 roles (instead of the current 2) in XDR. But an issue is that we also want to provide a way for IROH (XDR/SecureX/CTR) admin to create their own *custom roles*. - ****** Propose a technical solution - ******* Problematic solution (SXO uses the claim for the role in the JWT) It will work in phase 1, as we could provide a consistent list of roles. But as soon as IROH will introduce custom role this will stop working as these new role will probably be random ids (both in the JWT and in /whoami). - ******* Proposed Solution 1 Use the scopes in the JWT. @@ -3094,24 +2965,20 @@ All starting with =ao/= or - ~ao/admin/sub-role-2/sub-role-3~ - ******* Proposed Solution 2 - ~ao/sxo-permission-1~ - ~ao/sxo-permission-2~ - ~ao/sxo-permission-3~ - ******* Proposed Solution 3 - ~ao~ can read, write and execute - ~ao:read~ can read, but cannot write nor execute - ~ao/execute~ can read and execute, but cannot write - ***** Notes ***** Actions - *** 2023-02-16 Thursday -**** MEETING TD&R Checking :work:meeting: +**** MEETING TD&R Checking :work:meeting: :LOGBOOK: CLOCK: [2023-02-16 Thu 17:04]--[2023-02-17 Fri 10:22] => 17:18 :END: @@ -3122,9 +2989,12 @@ Address rumors: 1. Earnings, yesterday, 133M$ **** TODO Ecrire doc pour expliquer les changements RBAC à SXO :work: -SCHEDULED: <2023-02-28 Tue 16:00> +SCHEDULED: <2023-03-27 Mon 16:00> [2023-02-16 Thu 10:20] -**** DONE Upgrade Client to ribbon 2 in TEST :work: + + + +**** DONE Upgrade Client to ribbon 2 in TEST :work: DEADLINE: <2023-02-16 Thu 12:00> SCHEDULED: <2023-02-16 Thu> [2023-02-16 Thu 09:15] @@ -3133,21 +3003,18 @@ webexteams://im?space=db149a90-e8b4-11eb-9fdb-3b8d98a2bf4d I'm starting to look at the process to update our ribbon to use 2.0. One of the first steps in the upgrade documentation is to reach out to IROH team to get the "investigation" and "registry/user" scopes added to our oauth client. To start, I'd like to update the oauth client used in the test environment with client id client-b63b916a-a606-4076-9f9b-15469aec0b93. - *** 2023-02-17 Friday -**** IN-PROGRESS Fix log PR :work: +**** IN-PROGRESS Fix log PR :work: :LOGBOOK: CLOCK: [2023-02-17 Fri 10:50]--[2023-02-22 Wed 14:31] => 123:41 :END: [2023-02-17 Fri 10:50] -**** DONE Extraire les logs de logins pour Prerna :work: +**** DONE Extraire les logs de logins pour Prerna :work: DEADLINE: <2023-02-17 Fri 09:45> SCHEDULED: <2023-02-17 Fri> [2023-02-17 Fri 08:53] - ** 2023-W08 - *** 2023-02-22 Wednesday -**** MEETING Weekly API Design Meeting :work:meeting: +**** MEETING Weekly API Design Meeting :work:meeting: :LOGBOOK: CLOCK: [2023-02-22 Wed 18:35]--[2023-02-22 Wed 19:43] => 1:08 :END: @@ -3155,7 +3022,7 @@ CLOCK: [2023-02-22 Wed 18:35]--[2023-02-22 Wed 19:43] => 1:08 ***** Agenda (to discuss about) ***** Notes ***** Actions -**** MEETING RBAC weekly :work:meeting: +**** MEETING RBAC weekly :work:meeting: :LOGBOOK: CLOCK: [2023-02-22 Wed 17:03]--[2023-02-22 Wed 17:34] => 0:31 :END: @@ -3164,9 +3031,8 @@ CLOCK: [2023-02-22 Wed 17:03]--[2023-02-22 Wed 17:34] => 0:31 ***** Notes ***** Actions Look deeper into dependencies (3rd party scopes like sse, ao, etc…) - *** 2023-02-23 Thursday -**** HOLD Check Secure Endpoint error logs :work: +**** HOLD Check Secure Endpoint error logs :work: DEADLINE: <2023-02-24 Fri 10:30> SCHEDULED: <2023-02-23 Thu> :LOGBOOK: - State "HOLD" from "TODO" [2023-02-24 Fri 14:19] \\ @@ -3179,24 +3045,21 @@ Discussion in "SecureX Secure Endpoint" webexteams://im?space=d42b0de0-48b3-11ec-924a-a3c1923cd1c3 Fix PR https://github.com/advthreat/iroh/pull/7473 -**** MEETING Weekly IROH Services Meeting :work:meeting: +**** MEETING Weekly IROH Services Meeting :work:meeting: :LOGBOOK: -CLOCK: [2023-02-23 Thu 17:04] +CLOCK: [2023-02-23 Thu 17:04]--[2023-02-23 Thu 18:34] => 1:30 :END: [2023-02-23 Thu 17:04] ***** Agenda (to discuss about) ***** Notes ***** Actions - *** 2023-02-24 Friday -**** DONE Help Yannis to fix the Orbital Client :work: +**** DONE Help Yannis to fix the Orbital Client :work: SCHEDULED: <2023-02-24 Fri> [2023-02-24 Fri 14:18] - ** 2023-W09 - *** 2023-02-27 Monday -**** MEETING Staging Env :work:meeting: +**** MEETING Staging Env :work:meeting: :LOGBOOK: CLOCK: [2023-02-27 Mon 16:00]--[2023-02-27 Mon 16:39] => 0:39 :END: @@ -3204,7 +3067,7 @@ CLOCK: [2023-02-27 Mon 16:00]--[2023-02-27 Mon 16:39] => 0:39 ***** Agenda (to discuss about) ***** Notes ***** Actions -**** DONE Help UI beta team list the IdP used by beta org :chore: +**** DONE Help UI beta team list the IdP used by beta org :chore: :LOGBOOK: CLOCK: [2023-02-27 Mon 16:39]--[2023-02-27 Mon 17:02] => 0:23 :END: @@ -3229,3 +3092,354 @@ NAM: EU: - DPD Group UK LTD: cee614cb-f35b-4147-bd27-9968d173c3ce: SXSO +*** 2023-03-01 Wednesday +**** MEETING API Design Meeting :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-01 Wed 18:35]--[2023-03-01 Wed 19:50] => 1:15 +:END: +[2023-03-01 Wed 18:34] +***** Matt +Jyoti: +Leave it retro-compat for UI. +Just for the engine. + +Matt: +- in AMP, 2 calls: + 1. retrieve computers + 2. then trajectory + +Jyoti: +> Too many timeouts AMP-module. +> Use events API instead (not now). +> We should revisit. + +GB: +We have to do something uniform. +Passing additional query parameters it's ok, but for some specific servers we +could break the contract. +Suggest create a new endpoint. + +Jyoti: +Looking into AMP API to search for time constraint in search APIs. +*** 2023-03-02 Thursday +**** MEETING Workshop Day 1 :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-02 Thu 17:03]--[2023-03-02 Thu 22:03] => 5:00 +:END: +[2023-03-02 Thu 17:03] + +Leave with a common understanding, but not precise technical specification. +***** Agenda +- DI +- Response +***** Device Insight +- Priorities: + - P1: + - DB simplification + - Simplification of Sources + - P2: + - Unified view of users and associated devices + +** 2023-W10 + +*** 2023-03-06 Monday +**** DONE Add scope to TAC-OPS orgs :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-06 Mon 16:50]--[2023-03-06 Mon 20:50] => 4:00 +:END: +[2023-03-06 Mon 17:01] +**** MEETING RBAC Workshop :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-06 Mon 17:02]--[2023-03-06 Mon 17:15] => 0:13 +:END: +[2023-03-06 Mon 17:01] +***** New tile to measure time of incident resolution + +*** 2023-03-07 Tuesday +**** TODO Create a new Epic for Registration UI admin/impersonate :work: +SCHEDULED: <2023-03-28 Tue 11:30> +[2023-03-07 Tue 14:54] + +- https://github.com/advthreat/iroh/pull/6927 + + +In order to debug and use the Swagger UI for the Registration UI we need to add +new features. + +1. Support a selection of the registration_url from a query parameter in the + login routes. We, must check that the registration_url is part of an allowed + list of domains. +2. Centralize JWT generation that can take care of keeping the =act= (actor) claim + of an originating JWT. Tyically, if the registration UI JWT contains an =act= + we should copy it inside every JWT generated from it. By that, I mean, + session and refresh tokens, but also id_tokens, access tokens from authorized + clients, etc... + +Once we have that we will be able to use the Swagger UI for the iroh-auth-ui API. +And once we have the second we could provide an impersonate for the Registration UI. + +*** 2023-03-08 Wednesday +**** IN-PROGRESS Entitlements :work: +:LOGBOOK: +CLOCK: [2023-03-08 Wed 10:43]--[2023-03-08 Wed 11:43] => 1:00 +:END: +[2023-03-08 Wed 10:42] + +*** 2023-03-09 Thursday +**** DONE Review Mark PRs :work: +SCHEDULED: <2023-03-09 Thu> +[2023-03-09 Thu 18:01] + +https://github.com/advthreat/iroh/pull/7315 +**** MEETING Weekly :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-09 Thu 17:13]--[2023-03-09 Thu 18:26] => 1:13 +:END: +[2023-03-09 Thu 17:13] + +***** Status + +*Progress*: PIAM provisioning/entitlement/demo plan seems to be ok with all teams +involved (PIAM, IROH, SCA, Secure Client, DI, SXO) + +Open question: +- where should we put the onboarding configuration (URLs?) + +** 2023-W12 + +*** 2023-03-20 Monday +**** CANCELED Add org-habit+ for daily work tasks :work: +DEADLINE: <2023-03-21 Tue 10:00> SCHEDULED: <2023-03-20 Mon> +:LOGBOOK: +- State "CANCELED" from "TODO" [2023-03-21 Tue 10:47] +:END: +[2023-03-20 Mon 10:07] +**** IN-PROGRESS Clients TG :work: +SCHEDULED: <2023-03-29 Wed 11:00> +[2023-03-20 Mon 09:57] + +INT: + +Org-id: 5a439753-42e9-5058-872e-cb69be5455e6 +Austin Haas user-id: 553788bd-25a4-543d-b6c3-cf7dddcfda5a + + +#+begin_src clojure +{:password "13c74602-2" + :availability "everyone" + :org-id "5a439753-42e9-5058-872e-cb69be5455e6" + :owner-id "553788bd-25a4-543d-b6c3-cf7dddcfda5a" + :client-type :confidential + :grants #{:auth-code} + :redirects #{"https://int.threatgrid.com/oauth2/cb/visibility" + "https://int.threatgrid.com/oauth2/cb/securex" + "http://localhost:8080/oauth2/cb/visibility" + "http://localhost:8080/oauth2/cb/securex" + "http://localhost:8080/oauth2/cb/securex_one_click_activation" + "https://int.threatgrid.com/oauth2/cb/securex_one_click_activation"} + :id "34d94c8c-2041-4708-8172-ebe2df295ca7-2" + :name "secure malware analytics" + :allow-partial-user-scopes? true + :scopes #{"admin" + "casebook" + "enrich" + "global-intel:read" + "inspect" + "integration/module-instance" + "integration:read" + "investigation" + "notification" + "orbital" + "private-intel" + "profile" + "registry/user" + "response" + "telemetry:write" + "users"} + :approved? true + :enabled? true + :created-at #inst "2018-02-27t10:00:00" + :updated-at #inst "2018-02-27t10:00:00" + :enabled-at #inst "2018-02-27t10:00:00" + :activated-at #inst "2018-02-27t10:00:00" + :approved-at #inst "2018-02-27t10:00:00" + } +#+end_src + +*** 2023-03-25 Saturday +**** DONE Add orgs to beta :work: +DEADLINE: <2023-03-27 Mon 10:00> SCHEDULED: <2023-03-25 Sat> +[2023-03-25 Sat 09:51] + +See webexteams://im?space=d6d28420-c403-11ed-8526-0db030ef0b12 +**** DONE Support body for onboardings :work: +SCHEDULED: <2023-03-27 Mon 11:00> +[2023-03-25 Sat 09:47] +**** DONE recursive search data-structure :work: +SCHEDULED: <2023-03-27 Mon 16:00> +[2023-03-25 Sat 09:44] + +Replace in TK-Store Search by +Search | [:or Search*] | [:and Search*] | [:not Search*] + +by using the trick return {:query ... :args [...]} instead of just query +** 2023-W13 +*** 2023-03-28 Tuesday +**** DONE Create issues for SSE onboarding :work: +SCHEDULED: <2023-03-28 Tue> +[2023-03-28 Tue 18:35] + +1. create client for SSE with Secure Client and DI scopes +2. Configure SCA +2. Support provisioning for free Org + (empty entitlement or entitlement.tier = free) and should only onboard CSC + and DI. +**** MEETING Performance Management :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-28 Tue 18:05]--[2023-03-30 Thu 11:46] => 41:41 +:END: +[2023-03-28 Tue 18:05] + +Focus on performance management. + +Why / what are we doing? + +@Pat_Chatterton: +1. prioty, transforming the business, change what we are doing with our teams. +Conversation with our teams about where we are going. +My teams discuss once a week. + +Something that I am passionate about. Align everybody. + +This is not new. +Everybody is doing in their own way. +Lot of tools already in place. +Refresher of what we're doing. + +Tons of info come out of this. +Not only listen, but also think about it because you will be doing this. +Make sure our team is ready for next step. + +@Amelia_Lombard: +Program. + +An invitation for how to approach "performance management". + +- We as leader can be better by bing more authentically. +- Channeling *our values*. + - build and learn together + - create clarity to drive momentum + - be kinder than necessary + - celebrate together +- with empathy, support and accountability + +Sharing that data to our team members. +Look for opportunities to build on success. +Also celebrate on progress on weaknesses. + +First be clear about our expectations. +And ultimately they'll need to deliver. + +Core Career Beliefs (illuminate.cisco.com) +(share with your team) + +Please do engage. +Slido.com event code: SBGPerfMgmt pass: lift + +***** Goals + +1. Understand where each of your team members perf is today +2. if some are underperforming, reach out to perf consultants for support (by + 31th March) +3. Plan for Quarterly Developement discussions + +***** Performance at Cisco +@Shelly_Collins + +1. Clearly communicate how they are doing. +2. how to assess performance. + results / principles-behaviors / team-impact +3. data points: + - team space check-in insights report + - OKRs, KPIs, Scorecards + - seek feedback from peers, stakeholders + - connected recognition + - expectations set in your quarterly development + +****** Performing + +Thinking about their carreer? +1. Exploring (looking for new opportunity) +2. Establishing (build my skillset) +3. Achieving (find ways to grow) +4. Excelling (broaden opportunity) +5. Reinventing (build new skillset) + + +****** Underperformance + +@Felicia_Glace + +1. Employee consistently missing critical meetings without reason +2. Employee not meeting business deliverables that has amplified impact +3. Lack of care in quality of work being delivered +4. Challenges with engagement +5. Individual Performance Factor (IPF) lower than 100% + +*Low performance is NOT* + +- Employee dealing with personal loss, life event +- Behavorial concerns + + +****** Lifting Low Performance + +Open a case with the Performance Management team + +The Low Performance Management Website. + +From a case: + +4 steps: Expectations, Notice, Opportunity, Consequences + +- Clearly communicate expectations +- Provide notice to the team member they are not meeting expectations. + Be specific about where performance is falling short. +- Provide an opportunity for the team member to improve their performance. + + +****** Coaching conversation + +BEFORE + +- be prepared to address questions +- both verbal coaching and documented coaching should align that employee is not + meeting expectations. +- Prepare for the first conversation by preparing documentation and gathering + supporting facts + +DURING + +AFTER +- Follow up with an email to the employee outlining progress and summarizing + discussion point +- Document feedback regularly + + +****** Individual Dev Template + +- short-term goals +- long-term carreer + +*** 2023-03-30 Thursday +**** MEETING weekly :work:meeting: +:LOGBOOK: +CLOCK: [2023-03-30 Thu 17:01]--[2023-04-05 Wed 18:37] => 145:36 +:END: +[2023-03-30 Thu 17:01] +***** Status update +- PIAM work +- TK-Store work for composable query with and/org/not +- Work on configs +- Entitlement brainstorm +- Lot of XDR beta-flag requests