diff --git a/.orgids b/.orgids index cc7adfd8..94b85de4 100644 --- a/.orgids +++ b/.orgids @@ -1,2 +1,2 @@ -(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "2a3d68cc-4a14-442c-b7f9-c602a2cd25bf") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "797ba971-6ae3-49a1-9499-928572760d09" "B72E4288-E96B-4099-8684-37DDF3395C50" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org" "9207b53a-e38e-4996-abc6-140c31f2960a" "a4ebd43b-b589-499e-85e1-7ebea0abf3af" "2110820C-4877-40B3-A351-2DEDE0F222C6" "90110976-520D-4B0C-B1D9-3798323C370E" "49981B50-AFBD-4C93-A9C2-8D88550AB425" "8B092321-BA1F-47F9-A927-76D2E232CF51" "1644E007-AFBE-4F4B-9307-B007C60548E8" "8163f2ed-7106-4b4a-93b0-7009fe316172") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c")) +(("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/maintenance_questions.org" "b55abfad-ea21-4e81-8017-e99b8af33f9c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/brut_css.org" "cfd05ee0-488d-4b28-ab97-5fe6fe4a5cae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_v2.org" "9699f986-29ad-429f-9ca9-1080062ae11c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/duo.org" "e9d79b8d-3779-45b7-9360-7bb5558ffbeb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/amstrad.org" "a9971a5b-6565-4835-9c49-c968011bbc21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/positive_attitude.org" "8deaa4e4-a96c-4d3c-96df-8f23e0d90f1e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_platform.org" "1194cbe4-b31c-4b17-9e0a-f0ee8422292c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/weekly_iroh_auth_notes.org" "8ddf9276-6888-4502-9dd9-943769726ca1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/vigiglobe.org" "07412c20-49d3-4616-957f-5ddd246ed080") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/presentation_leads.org" "22d031b5-ff8e-46df-a306-0ca30ab7358b") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/characteristics_of_pseudoscience.org" "509cbe3e-cf95-4bcd-9f61-9cc74aa35a8c") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/impots_2021.org" "8daf6185-ad0e-40c2-af79-0bb885505303") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/deep_merge_exploration.org" "c1dbe471-a470-4d44-a91c-0bfda0d47d21") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_securex_ips.org" "c9e0342f-f082-4c9b-9dcd-f1629124ac71") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/new_iroh_auth_apis.org" "2c317dbe-4fca-444b-b0bc-f9174522e106") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/remove_securex_tg_login_button.org" "3290e028-b7a6-4be3-a5d2-45bf89ff2f0d") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_shafiq.org" "094630db-95cf-416f-a147-ca5fdeddd902") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/factorio_maps.org" "e5c17702-09d5-4d7d-97ff-95a8de353ea0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/artificial_life_game_approach.org" "8a37b5d3-8ee5-45cd-8c32-021b8d42210f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/customer_manager.org" "99fd9444-ae5d-4d51-a295-a936fc01928a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_team_history.org" "e3296579-2f2e-4f23-92e2-1ce9fef6fe04") ("../y/her.esy.fun/src/posts/0013-how-to-choose-your-tools/index.org" "c2e61938-8493-434a-9ffa-9fd4698d9863") ("../y/her.esy.fun/src/posts/0019-utopia-tv-show/index.org" "88e25182-ee54-4d2e-b373-b4e06fc292c8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/interview_certification.org" "93027c33-dcf8-4bda-8aee-60f507e0ff4a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/how_to_speak.org" "4ad5f64e-c330-4f36-8f8a-d82a1ae993a0") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_ft_securex_registration.org" "1208f09c-d37d-4e6b-9110-151f3c6b7d34") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/simplex_chat.org" "5a711803-6a92-40e3-817d-40f564ac5cf8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/security.org" "2351f4cb-85a3-45ca-9bb5-f13a559afcfe") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chat.org" "fb32a68e-b32c-4ce5-9c6a-cc141a122708") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/encryption.org" "80630a59-70f2-435b-967b-abb162324be8") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/redirect_to_new_page_with_useridentity_jwt.org" "f46a4a9e-6a06-4b9e-8764-30cd8c501d7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_one_meetings.org" "cd101af9-2dd7-41b7-85d6-4de5c0c594df") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/management.org" "719fabee-1094-4596-b26e-55fe7a512113") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/high_iq_captcha.org" "b6402aa6-3315-4317-82a5-367af38f0ead") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_user_data.org" "e6db475b-9ccc-43b2-bcfe-057215ddc1d1") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/iroh_auth_ui_enhancements.org" "fe9118f2-3cf1-4a9c-b97d-d5d58f9d0769") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco.org" "ce893df9-32a4-44e0-9eb5-b9817141ee6a") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/cisco_org_level_entities.org" "b30f9e63-e655-40e6-9a58-5a390a7921bb") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/lgtm.org" "cc2e9340-1340-4d28-8f54-47080a569c7e") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/one_hacker_way_by_erik_meijer_goto_2015.org" "02bd2e1e-cd10-4b29-bd03-611edf0c7eab") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/hacker_culture.org" "0caa54f7-bbac-486c-855c-f299943f4226") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/browserless_software_project_management_with_git.org" "13c23225-379a-45a8-bed1-24fb6a054454") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/template_information_chien_d_assistance.org" "b0b0b46f-a11e-4c4b-8d1f-0d444847aeae") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/chien_d_assistance.org" "2a3d68cc-4a14-442c-b7f9-c602a2cd25bf") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/either_in_clojure.org" "b413e4db-1367-4936-8a46-cd5b86178e29") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/html_css_web_techs.org" "7431e4a3-4359-4dcb-89e6-c1c700cd4355") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/custom_routes.org" "0dceeeca-7c23-41a8-b9dc-4642a09618db") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/what_i_forsee_about_the_future_of_developers.org" "16bbfe28-ea40-437f-861d-1eacb408d34f") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/notes/composable_shell_nix.org" "8c33ebae-bccf-4e73-837b-f52fa4c5e4c6") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/archives/TODO.archive.org" "797ba971-6ae3-49a1-9499-928572760d09" "B72E4288-E96B-4099-8684-37DDF3395C50" "96343FD2-E7A9-4AAA-A40A-8D048DA340E9") ("../Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org" "9207b53a-e38e-4996-abc6-140c31f2960a" "a4ebd43b-b589-499e-85e1-7ebea0abf3af" "2110820C-4877-40B3-A351-2DEDE0F222C6" "90110976-520D-4B0C-B1D9-3798323C370E" "49981B50-AFBD-4C93-A9C2-8D88550AB425" "8B092321-BA1F-47F9-A927-76D2E232CF51" "1644E007-AFBE-4F4B-9307-B007C60548E8" "8163f2ed-7106-4b4a-93b0-7009fe316172")) diff --git a/Cisco.org.gpg b/Cisco.org.gpg index 14bd4a34..e5b2171a 100644 Binary files a/Cisco.org.gpg and b/Cisco.org.gpg differ diff --git a/Cisco.org.sync-conflict-20221123-173442-B4NK45H.gpg b/Cisco.org.sync-conflict-20221123-173442-B4NK45H.gpg deleted file mode 100644 index 2fcf79c5..00000000 Binary files a/Cisco.org.sync-conflict-20221123-173442-B4NK45H.gpg and /dev/null differ diff --git a/Cisco.org.sync-conflict-20221128-143609-B4NK45H.gpg b/Cisco.org.sync-conflict-20221128-143609-B4NK45H.gpg deleted file mode 100644 index 89ffbf8c..00000000 Binary files a/Cisco.org.sync-conflict-20221128-143609-B4NK45H.gpg and /dev/null differ diff --git a/Cisco.org.sync-conflict-20221129-164713-B4NK45H.gpg b/Cisco.org.sync-conflict-20221129-164713-B4NK45H.gpg deleted file mode 100644 index 1b454786..00000000 Binary files a/Cisco.org.sync-conflict-20221129-164713-B4NK45H.gpg and /dev/null differ diff --git a/Cisco.org.sync-conflict-20221202-155803-P3256RN.gpg b/Cisco.org.sync-conflict-20221202-155803-P3256RN.gpg deleted file mode 100644 index 1971cfa3..00000000 Binary files a/Cisco.org.sync-conflict-20221202-155803-P3256RN.gpg and /dev/null differ diff --git a/Cisco.org.sync-conflict-20230104-144802-P3256RN.gpg b/Cisco.org.sync-conflict-20230104-144802-P3256RN.gpg deleted file mode 100644 index 9c124628..00000000 Binary files a/Cisco.org.sync-conflict-20230104-144802-P3256RN.gpg and /dev/null differ diff --git a/DI_Provisioning b/DI_Provisioning new file mode 100644 index 00000000..959f3e82 Binary files /dev/null and b/DI_Provisioning differ diff --git a/DI_provisioning.png b/DI_provisioning.png new file mode 100644 index 00000000..44c18a12 Binary files /dev/null and b/DI_provisioning.png differ diff --git a/Onboarding_endpoint.png b/Onboarding_endpoint.png new file mode 100644 index 00000000..d1ebabd3 Binary files /dev/null and b/Onboarding_endpoint.png differ diff --git a/PIAM_onboarding_flow.png b/PIAM_onboarding_flow.png new file mode 100644 index 00000000..b740b217 Binary files /dev/null and b/PIAM_onboarding_flow.png differ diff --git a/PIAM_vision_1.png b/PIAM_vision_1.png new file mode 100644 index 00000000..652f0297 Binary files /dev/null and b/PIAM_vision_1.png differ diff --git a/archives/TODO.archive.org b/archives/TODO.archive.org index ea024a05..a3210bc0 100644 --- a/archives/TODO.archive.org +++ b/archives/TODO.archive.org @@ -9006,3 +9006,452 @@ DEADLINE: <2023-01-02 Mon 15:00> - State "CANCELED" from "TODO" [2023-01-04 Wed 10:50] :END: [2022-12-13 Tue 08:29] + +* DONE Appeler Steff Etanchéité pour RDV réparation terrasse +DEADLINE: <2023-02-17 Fri 12:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-17 Fri 10:37] + +* DONE Vérifier les horraires d'ouverture pour faire la peinture, y aller ce soir ? +DEADLINE: <2023-02-17 Fri 15:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-17 Fri 08:56] + +* DONE Envoyer un mail à la notaire +DEADLINE: <2023-02-17 Fri 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-17 Fri 08:55] + +Chère Maître, + +Voici un mail pour faire un point sur la situation concernant les deux dégats +des eaux. Nous n'avons pas reçu de nouvelle par des voies officielles, mais en +contactant les divers intervenants, nous savons que les travaux de réparation du +toit et de la terrasse ont été effectués par Steff Etanchéité. + +L'artisan qui doit faire les réparations (Arnoux) a envoyé un devis à l'expert +de notre assurance. L'expert n'a malheureusement pas fait suivre ce devis. En +passant par l'artisan qui avait le numéro personnel de l'expert, nous savons que +celui-ci est en vacances. Il reviendra lundi et il devrait nous envoyer le devis +à son retour. + +J'ai informé l'artisan qu'il pouvait intervenir maintenant que les travaux de +réparations ont été effectués. + +Nous demandons aussi à notre syndic de nous envoyer un mail qui atteste que les +travaux ont bien été fait ainsi que la copie des documents des interventions. + +Très cordialement, +Yann Esposito. + +* DONE Penser à amener la bouffe pour le chien +DEADLINE: <2023-02-17 Fri 16:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-17 Fri 08:54] + +* DONE Réserver l'hotel à Sophia +DEADLINE: <2023-02-17 Fri 10:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-17 Fri 08:54] + +* DONE Appeler l'assurance pour avoir le mail de l'expert +DEADLINE: <2023-02-17 Fri 10:30> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +:LOGBOOK: +CLOCK: [2023-02-17 Fri 10:22]--[2023-02-17 Fri 10:37] => 0:15 +:END: +[2023-02-17 Fri 08:53] + +* DONE Préparation outils: code couleur bleu peinture +DEADLINE: <2023-02-17 Fri 16:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-16 Thu 09:18] + +* DONE Préparation outils dremel et colle pour plaque +DEADLINE: <2023-02-17 Fri 16:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-16 Thu 09:17] + +* DONE Préparer les outils réparation prise four +DEADLINE: <2023-02-17 Fri 16:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-16 Thu 09:16] + +* DONE Répondre à Luc +DEADLINE: <2023-02-13 Mon 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-13 Mon 10:19] + +Bonjour Luc, + +Merci pour ton message, en effet, après plusieurs jours un peu sous l'eau je +peux prendre le temps de te répondre pausément ;). + +Tout d'abord, il nous a fallu pas mal de temps pour faire en sorte que notre +nouvelle maison soit acceptable et qu'on s'y sente à l'aise. C'est une location +que nous pensons conserver seulement temporairement, et elle était dans un état +pas terrible. Maintenant que nous avons fait tous les ajustement (environ 40h de +ménage intense à plusieurs, et pas mal de petits travaux, installé la cuisine, +acheté un nouveau frigidaire, etc…) + +Le coin est plus sympa que ce à quoi je m'attendais. Cette ville est proche de +tout, les voisins sont sympa, on habite à 30m d'amis que nous nous somme fait +par le biais de l'association du chien de notre fille. Donc c'est un heureux +hasard aussi. +Toutes les commodités sont proches, et avoir un jardin c'est plus sympa que +sortir les chiens tous les soirs. + +J'espère que même si je suis plus loin, on pourra conserver un contact. +Tout d'abord nous ne sommes pas parti si loin. +Nous sommes à 1h30 de voiture, et nous avons déjà prévu de revenir au moins 1j +par mois ne serait-ce que pour les médecins de ma fille. +Donc vous êtes bien sûr toujours les bienvenus et aussi, lorsque je viendrai, ça +sera l'occasion d'essayer de trouver un moment ensemble aussi. + +Au delà, j'aimerai essayer de trouver un système type réseau social mais +totalement privé que je réserverai seulement aux amis proches et à la famille. +Parce qu'il y a beaucoup de choses que nous pourrions partagé avec plus de +liberté si nous savions que ça resterait entre nous. +Il y a tout un tas d'anectodes qui sont sympas entre nous, mais que je +ne me vois pas partager sur tout Internet. + +Donc je vais voir si je peux arriver à, trouver un service que je peux +self-hoster, qui soit facile à partager, auxquels les gens puissent aller y +jeter un coups d'œil de temps en temps, et pourquoi pas y partaciper aussi aux +delà de quelques commentaires. +On a des groupes whatsapp, mais bon... whatsapp quoi... The great evil Facebook ;). +En général, ce genre de chose tombe toujours à l'eau, mais qui sait, j'aime bien +de toute façon, ça me fera geeker un peu. + +À très bientôt ! + +* DONE Rebrancher Plex +SCHEDULED:Clinique Vétérinaire de Luynes du Dr POLLICARDO +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +5 avenue Robert Daugey +13080 LUYNES +France +04 42 24 00 88 <2023-02-13 Mon 16:00> +[2023-02-13 Mon 10:02] + +* DONE Demander lien réunion Chien Espoir & Handicap à Lionel +DEADLINE: <2023-02-13 Mon 15:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-13 Mon 10:01] + +* DONE Commander croquettes Pô +DEADLINE: <2023-02-13 Mon 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-13 Mon 10:01] + +* DONE Envoyer le mot à Mira +DEADLINE: <2023-02-13 Mon 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-13 Mon 10:00] + +#+begin_quote +Lors d'une balade au parc public des Bouillides à Sophia Antipolis, le 30 +décembre aux alentours de 15h avec mon chien Oslo, un beagle de 4 ans, nous +avons croisé un autre chien qui avait des points au niveau des babines. +En voulant dire bonjour à ce chien, Oslo lui a donné un coup de museau dans la +gueule, ce qui a endommagé les sutures. +Les deux chiens étaient tenus en laisse. +#+end_quote + + +* DONE [#A] Envoyer doc avec accusé de réception agence +DEADLINE: <2023-02-09 Thu 17:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:49 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-09 Thu 14:53] + +* DONE Envoyer un mail pour l'antenne satelite cassée +DEADLINE: <2023-02-08 Wed 18:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-08 Wed 14:15] + +* DONE Mail Agence Etat des lieux +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-06 Mon 15:36] + +Bonjour, + +Nous vous remercions pour la rapidité d'intervention de votre plombier lors du +dégât des eaux survenu le jour de notre aménagement. + +Lors de la remise des clés nous avions bien vu que l'état de propreté laissait à +désirer. Cependant nous étions très loin d'imaginer que celà allait nécessiter +plus d'une trentaine d'heures de nettoyage. Et il reste encore du travail. +Autant faire un coups de propre en prenant possession des lieux est normal, +autant y passer autant de temps est très regrettable. + +Pendant ce nettoyage nous avons ainsi pu constater une liste de points que nous +aimerions ajouter à l'état des lieux. + +Globalement, on peut souligner que la maison est sale (murs, sols, sanitaires, +nombreuses toiles d'araignées, portes, interrupteurs, fenêtres, radiateurs +pleins de poils de chiens et de poussière...). + +Cuisine : +- présence de graisse sur toute la hotte aspirante, filtres sales plein de gras + ayant nécessité un gros nettoyage ; +- sur la plaque il y a une abscence de voyant ; +- l'évier est un peu rayé (ce n'est pas du calcaire) ; +- certaines façades de la cuisine ont été repeintes avec une peinture qui mence + de s'enlever lors d'un nettoyage courant ; +- certaines façades sont abîmées ; +- fenêtres (encadrement et vitres sales) +- sols sales (joints très sales) + +Buanderie : +- Le robinet d'eau pour la machine à laver est cassé. Le plombier n'avait pas la + pièce pour le replacer. + +Hall : +- Etat global sale (murs poussiereux, etagères du placard et fenêtres sales). +- En nettoyant, est apparu, sur la porte du placard un dessin d'enfant qui ne + part pas au nettoyage. + +Séjour : +- Murs, fenêtres et encadrements très sales. + +Chambre parentale : +- une prise (celle sous la fenêtre) ne marche pas et est mal fixée. C'est + sûrement celle qui est reliée à l'interupteur. +- Salle de bain: WC sale (traces d'urine) + +Salle d'eau : +- WC extrêmement sale avec des coulures d'urine ayant imbibé le lino ; +- WC le robinet de remplissage fuite dès qu'il est ouvert. Celà nécessite que + nous plaçions un seau et que nous le refermions après avoir utilisé la chasse d'eau. + +Chambre 1 : +- un coups sur la porte et peinture délavée. + +Jardin : +- herbe non tondue ; +- nombreux excréments d'animaux dans le jardin. +- arbres nécessitant une taille + +Couloir : +- Il y a une faiblesse au niveau du sol (on sent qu'il s'enfonce un peu). Pour + le moment il n'y a rien de visible mais j'ai peur qu'avec les passages celà ne + finisse par s'abîmer. + +Nous vous remercions d'inclure tous ces points à l'état des lieux. + +Concernant, les deux robinets cassés, ainsi que la prise de courant non +fonctionnelle pourriez-vous faire le nécessaire pour les faire réparer ? + +Je tiens à souligner que le fait d'avoir fait autant de ménage nous a obligé à +perdre beaucoup de temps pour l'installation de la chambre et la salle de bain +pour notre fille handicapée ce qui a rendu son intégration dans la maison plus +difficile. + +Très cordialement, +Krystelle et Yann Esposito. + +* DONE [#B] Aller payer les Arrhes et chercher les cartons +DEADLINE: <2023-01-26 Thu 15:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-01-26 Thu 10:06] + +* DONE [#B] Assurer la maison pour le 1er février. +DEADLINE: <2023-01-26 Thu 17:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +:LOGBOOK: +- State "DONE" from "WAITING" [2023-01-31 Tue 13:13] +- State "WAITING" from "TODO" [2023-01-26 Thu 14:45] \\ + Attend que ma maman rapelle +:END: +[2023-01-26 Thu 10:05] + +* DONE Déclarer Bastien non étudiant Mutuelle +DEADLINE: <2022-12-09 Fri 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2022-12-08 Thu 22:42] + +* DONE Demander Laura pour capacité d'emprunt. +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_OLPATH: Inbox +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: + +Bonjour Laura, + +Tout d'abord, je vous souhaite mes meilleurs vœux pour la nouvelle année. + +Nous étions venus en mai pour faire une simulation de financement . +Depuis, nous avons vendu notre appartement, pour l'instant il est sous +compromis, avec l'aide d'Anthony Barrière. + +Nous aurions aimé avoir une idée notre capacité d'emprunt avec seulement +mon salaire (même si nous ferions la demande de prêt avec nous deux). +En effet mon épouse commence un nouvel emploi mi-février près de Marseille. +Sa période d'essai sera de 2 mois. +Elle conserve néanmoins son CDI à l'hôpital sans être rémunérée. +Plutôt que démissionner on lui a proposé de se mettre dans un dispositif qui +ressemble à une mise en disponibilité. + +Ce qui nous bloque actuellement c'est de savoir à partir de quand nous pourrons +commencer à faire des visites pour lesquelles nous pourrons faire des offres. +Notre situation financière n'a que très peu évolué depuis notre dernière +rencontre. +Devons nous prévoir un autre rendez-vous ? + +Très cordialement, +Yann Esposito. + +* DONE Réparer prise électrique four +DEADLINE: <2023-02-18 Sat 10:00>--<2023-02-18 Sat 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-01 Wed 15:54] + +* DONE Poste transfert d’adresse +DEADLINE: <2023-02-09 Thu 11:00> +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +[2023-02-09 Thu 09:31] + +* DONE Mercer pour Bastien :chore: +:PROPERTIES: +:ARCHIVE_TIME: 2023-02-23 Thu 17:50 +:ARCHIVE_FILE: ~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org +:ARCHIVE_CATEGORY: inbox +:ARCHIVE_TODO: DONE +:END: +:LOGBOOK: +CLOCK: [2023-01-11 Wed 16:38]--[2023-01-11 Wed 20:38] => 4:00 +:END: +[2023-01-11 Wed 16:37] diff --git a/inbox.org b/inbox.org index f0774186..1d803392 100644 --- a/inbox.org +++ b/inbox.org @@ -10,217 +10,90 @@ SPC y o c => DISPLAY org columns #+end_comment * Inbox -** TODO Répondre à Luc -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:19] +** TODO [#B] Payer le loyer +DEADLINE: <2023-02-28 Tue 17:00> +[2023-02-27 Mon 10:54] +** DONE Ajouter témoignage CE&H +DEADLINE: <2023-02-27 Mon 18:00> +[2023-02-27 Mon 10:45] -Bonjour Luc, +Leïka m’a sauvé la vie. +Elle a réussie a m’accompagner à un moment où personne ne pouvait. +Mais ce n’est pas juste mon chien d’assistance. +C’est ma partenaire de vie. +Elle est toujours là pour m’aider, et j’ai reconstruit ma vie autour d’elle. +On ne se quitte jamais, et si je suis là c’est sûrement que Leïka est là aussi. -Merci pour ton message, en effet, après plusieurs jours un peu sous l'eau je -peux prendre le temps de te répondre pausément ;). -Tout d'abord, il nous a fallu pas mal de temps pour faire en sorte que notre -nouvelle maison soit acceptable et qu'on s'y sente à l'aise. C'est une location -que nous pensons conserver seulement temporairement, et elle était dans un état -pas terrible. Maintenant que nous avons fait tous les ajustement (environ 40h de -ménage intense à plusieurs, et pas mal de petits travaux, installé la cuisine, -acheté un nouveau frigidaire, etc…) -Le coin est plus sympa que ce à quoi je m'attendais. Cette ville est proche de -tout, les voisins sont sympa, on habite à 30m d'amis que nous nous somme fait -par le biais de l'association du chien de notre fille. Donc c'est un heureux -hasard aussi. -Toutes les commodités sont proches, et avoir un jardin c'est plus sympa que -sortir les chiens tous les soirs. +** DONE Envoyer mail au notaire (update situation) +DEADLINE: <2023-02-27 Mon 11:00> +[2023-02-27 Mon 10:40] +** DONE Appeler Géraldine pour garder les vélos. +DEADLINE: <2023-02-27 Mon 14:00> +[2023-02-27 Mon 10:40] +** TODO Appeler l'assurance pour les cartes des voitures +DEADLINE: <2023-02-24 Fri 10:30> +[2023-02-23 Thu 19:49] +** DONE Poser les plaques des chiens +SCHEDULED: <2023-02-24 Fri 10:00> +[2023-02-23 Thu 19:49] +** DONE Sync with Yuri about Secure Endpoint error logs org-level-authorization +DEADLINE: <2023-02-27 Mon 15:00> +[2023-02-23 Thu 19:02] -J'espère que même si je suis plus loin, on pourra conserver un contact. -Tout d'abord nous ne sommes pas parti si loin. -Nous sommes à 1h30 de voiture, et nous avons déjà prévu de revenir au moins 1j -par mois ne serait-ce que pour les médecins de ma fille. -Donc vous êtes bien sûr toujours les bienvenus et aussi, lorsque je viendrai, ça -sera l'occasion d'essayer de trouver un moment ensemble aussi. +A work should be done to upgrade the clients to "org-level-authorization". +Matt teams should be working on it. With the current state of affair, we might +be able to plan it for Q4 but not before due to RSA. +So for now, we should stick with non org-level authorization until this work is completed. -Au delà, j'aimerai essayer de trouver un système type réseau social mais -totalement privé que je réserverai seulement aux amis proches et à la famille. -Parce qu'il y a beaucoup de choses que nous pourrions partagé avec plus de -liberté si nous savions que ça resterait entre nous. -Il y a tout un tas d'anectodes qui sont sympas entre nous, mais que je -ne me vois pas partager sur tout Internet. +The details is, that the proxy of the module will check the JWT received, and +the client-id is trusted (typically DI client) and is configured with the +org-level-authorization then, we ignore the setting of the Secure Endpoint +module to "Act as the User". -Donc je vais voir si je peux arriver à, trouver un service que je peux -self-hoster, qui soit facile à partager, auxquels les gens puissent aller y -jeter un coups d'œil de temps en temps, et pourquoi pas y partaciper aussi aux -delà de quelques commentaires. -On a des groupes whatsapp, mais bon... whatsapp quoi... The great evil Facebook ;). -En général, ce genre de chose tombe toujours à l'eau, mais qui sait, j'aime bien -de toute façon, ça me fera geeker un peu. - -À très bientôt ! -** TODO Rebrancher Plex -SCHEDULED: <2023-02-13 Mon 16:00> -[2023-02-13 Mon 10:02] -** TODO Demander lien réunion Chien Espoir & Handicap à Lionel -DEADLINE: <2023-02-13 Mon 15:00> -[2023-02-13 Mon 10:01] -** DONE Commander croquettes Pô -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:01] -** DONE Envoyer le mot à Mira -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:00] - -#+begin_quote -Lors d'une balade au parc public des Bouillides à Sophia Antipolis, le 30 -décembre aux alentours de 15h avec mon chien Oslo, un beagle de 4 ans, nous -avons croisé un autre chien qui avait des points au niveau des babines. -En voulant dire bonjour à ce chien, Oslo lui a donné un coup de museau dans la -gueule, ce qui a endommagé les sutures. -Les deux chiens étaient tenus en laisse. -#+end_quote - -** DONE [#A] Envoyer doc avec accusé de réception agence -DEADLINE: <2023-02-09 Thu 17:00> -[2023-02-09 Thu 14:53] -** DONE Envoyer un mail pour l'antenne satelite cassée -DEADLINE: <2023-02-08 Wed 18:00> -[2023-02-08 Wed 14:15] -** TODO Mail Agence Etat des lieux -[2023-02-06 Mon 15:36] - -Bonjour, - -Nous vous remercions pour la rapidité d'intervention de votre plombier lors du -dégât des eaux survenu le jour de notre aménagement. - -Lors de la remise des clés nous avions bien vu que l'état de propreté laissait à -désirer. Cependant nous étions très loin d'imaginer que celà allait nécessiter -plus d'une trentaine d'heures de nettoyage. Et il reste encore du travail. -Autant faire un coups de propre en prenant possession des lieux est normal, -autant y passer autant de temps est très regrettable. - -Pendant ce nettoyage nous avons ainsi pu constater une liste de points que nous -aimerions ajouter à l'état des lieux. - -Globalement, on peut souligner que la maison est sale (murs, sols, sanitaires, -nombreuses toiles d'araignées, portes, interrupteurs, fenêtres, radiateurs -pleins de poils de chiens et de poussière...). - -Cuisine : -- présence de graisse sur toute la hotte aspirante, filtres sales plein de gras - ayant nécessité un gros nettoyage ; -- sur la plaque il y a une abscence de voyant ; -- l'évier est un peu rayé (ce n'est pas du calcaire) ; -- certaines façades de la cuisine ont été repeintes avec une peinture qui mence - de s'enlever lors d'un nettoyage courant ; -- certaines façades sont abîmées ; -- fenêtres (encadrement et vitres sales) -- sols sales (joints très sales) - -Buanderie : -- Le robinet d'eau pour la machine à laver est cassé. Le plombier n'avait pas la - pièce pour le replacer. - -Hall : -- Etat global sale (murs poussiereux, etagères du placard et fenêtres sales). -- En nettoyant, est apparu, sur la porte du placard un dessin d'enfant qui ne - part pas au nettoyage. - -Séjour : -- Murs, fenêtres et encadrements très sales. - -Chambre parentale : -- une prise (celle sous la fenêtre) ne marche pas et est mal fixée. C'est - sûrement celle qui est reliée à l'interupteur. -- Salle de bain: WC sale (traces d'urine) - -Salle d'eau : -- WC extrêmement sale avec des coulures d'urine ayant imbibé le lino ; -- WC le robinet de remplissage fuite dès qu'il est ouvert. Celà nécessite que - nous plaçions un seau et que nous le refermions après avoir utilisé la chasse d'eau. - -Chambre 1 : -- un coups sur la porte et peinture délavée. - -Jardin : -- herbe non tondue ; -- nombreux excréments d'animaux dans le jardin. -- arbres nécessitant une taille - -Couloir : -- Il y a une faiblesse au niveau du sol (on sent qu'il s'enfonce un peu). Pour - le moment il n'y a rien de visible mais j'ai peur qu'avec les passages celà ne - finisse par s'abîmer. - -Nous vous remercions d'inclure tous ces points à l'état des lieux. - -Concernant, les deux robinets cassés, ainsi que la prise de courant non -fonctionnelle pourriez-vous faire le nécessaire pour les faire réparer ? - -Je tiens à souligner que le fait d'avoir fait autant de ménage nous a obligé à -perdre beaucoup de temps pour l'installation de la chambre et la salle de bain -pour notre fille handicapée ce qui a rendu son intégration dans la maison plus -difficile. - -Très cordialement, -Krystelle et Yann Esposito. +** DONE Appeler Bastien pour le velo et la mutuelle +DEADLINE: <2023-02-23 Thu 18:15> +[2023-02-23 Thu 17:49] +** DONE Créer l'attestation pour Gaya. +DEADLINE: <2023-02-23 Thu 18:30> +:LOGBOOK: +- State "DONE" from "HOLD" [2023-02-23 Thu 19:49] +- State "HOLD" from "TODO" [2023-02-23 Thu 19:49] \\ + Krystelle s'en occupe +:END: +[2023-02-23 Thu 17:48] +** TODO Appeler Bastien pour samedi +[2023-02-17 Fri 08:56] ** TODO Supprimer Assurance Habitation Valbonne DEADLINE: <2023-03-01 Wed> [2023-01-31 Tue 12:05] -** TODO couper l'électricité Valbonne +** CANCELED couper l'électricité Valbonne DEADLINE: <2023-03-06 Mon> -[2023-01-31 Tue 12:04] -** DONE [#B] Aller payer les Arrhes et chercher les cartons -DEADLINE: <2023-01-26 Thu 15:00> -[2023-01-26 Thu 10:06] -** DONE [#B] Assurer la maison pour le 1er février. -DEADLINE: <2023-01-26 Thu 17:00> :LOGBOOK: -- State "DONE" from "WAITING" [2023-01-31 Tue 13:13] -- State "WAITING" from "TODO" [2023-01-26 Thu 14:45] \\ - Attend que ma maman rapelle +- State "CANCELED" from "TODO" [2023-02-27 Mon 10:41] \\ + Les nouveaux propriétaires vont déplacer les contrats. :END: -[2023-01-26 Thu 10:05] -** DONE Déclarer Bastien non étudiant Mutuelle -DEADLINE: <2022-12-09 Fri 11:00> -[2022-12-08 Thu 22:42] +[2023-01-31 Tue 12:04] ** TODO Regarder sans soleil https://www.youtube.com/watch?v=fdusEgrbhgA -SCHEDULED: <2023-02-14 Tue 22:00> +SCHEDULED: <2023-03-12 Sun 21:00> [2022-11-26 Sat 11:04] -** DONE Demander Laura pour capacité d'emprunt. - -Bonjour Laura, - -Tout d'abord, je vous souhaite mes meilleurs vœux pour la nouvelle année. - -Nous étions venus en mai pour faire une simulation de financement . -Depuis, nous avons vendu notre appartement, pour l'instant il est sous -compromis, avec l'aide d'Anthony Barrière. - -Nous aurions aimé avoir une idée notre capacité d'emprunt avec seulement -mon salaire (même si nous ferions la demande de prêt avec nous deux). -En effet mon épouse commence un nouvel emploi mi-février près de Marseille. -Sa période d'essai sera de 2 mois. -Elle conserve néanmoins son CDI à l'hôpital sans être rémunérée. -Plutôt que démissionner on lui a proposé de se mettre dans un dispositif qui -ressemble à une mise en disponibilité. - -Ce qui nous bloque actuellement c'est de savoir à partir de quand nous pourrons -commencer à faire des visites pour lesquelles nous pourrons faire des offres. -Notre situation financière n'a que très peu évolué depuis notre dernière -rencontre. -Devons nous prévoir un autre rendez-vous ? - -Très cordialement, -Yann Esposito. +** TODO DL The good place +SCHEDULED: <2023-03-01 Wed> * Perso :perso: ** Habits :habit: *** TODO Reading List notes -SCHEDULED: <2023-01-16 Mon 09:00 .+1d> +SCHEDULED: <2023-02-22 Wed 09:00 .+1d> :PROPERTIES: :STYLE: habit -:LAST_REPEAT: [2023-01-15 Sun 09:40] +:LAST_REPEAT: [2023-02-21 Tue 14:22] :END: :LOGBOOK: +- State "CANCELED" from "TODO" [2023-02-21 Tue 14:22] +- State "CANCELED" from "TODO" [2023-02-17 Fri 08:57] \\ + Trop à faire aujourd'hui +- State "CANCELED" from "TODO" [2023-02-16 Thu 18:14] +- State "CANCELED" from "TODO" [2023-02-14 Tue 15:47] - State "CANCELED" from "TODO" [2023-01-15 Sun 09:40] - State "CANCELED" from "TODO" [2023-01-11 Wed 20:19] - State "CANCELED" from "TODO" [2022-11-29 Tue 15:56] @@ -280,11 +153,15 @@ CLOCK: [2022-06-08 Wed 09:37]--[2022-06-08 Wed 09:59] => 0:22 * Famille :family: ** Daily :daily: *** TODO Attention gentille -SCHEDULED: <2023-02-14 Tue .+1d> +SCHEDULED: <2023-02-23 Thu .+1d> :PROPERTIES: -:LAST_REPEAT: [2023-02-13 Mon 10:02] +:LAST_REPEAT: [2023-02-22 Wed 18:36] :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-02-22 Wed 18:36] +- State "DONE" from "TODO" [2023-02-21 Tue 14:21] +- State "DONE" from "TODO" [2023-02-17 Fri 08:57] +- State "DONE" from "TODO" [2023-02-15 Wed 14:22] - State "DONE" from "TODO" [2023-02-13 Mon 10:02] - State "DONE" from "TODO" [2023-02-10 Fri 15:06] - State "DONE" from "TODO" [2023-02-08 Wed 14:16] @@ -299,12 +176,13 @@ SCHEDULED: <2023-02-14 Tue .+1d> :END: ** Weekly :weekly: *** TODO litieres -DEADLINE: <2023-02-06 Mon .+2w -1d> +DEADLINE: <2023-03-03 Fri .+2w -1d> :PROPERTIES: -:LAST_REPEAT: [2023-01-23 Mon 17:33] +:LAST_REPEAT: [2023-02-17 Fri 14:33] :STYLE: habit :END: :LOGBOOK: +- State "DONE" from "TODO" [2023-02-17 Fri 14:33] - State "DONE" from "TODO" [2023-01-23 Mon 17:33] - State "DONE" from "TODO" [2023-01-04 Wed 10:50] - State "CANCELED" from "TODO" [2022-11-28 Mon 12:05] @@ -581,19 +459,4 @@ CLOCK: [2020-09-01 Tue 12:13]--[2020-09-01 Tue 12:13] => 0:00 #+begin_comment - =SPC m s c= -=- org-clone-subtree-with-time-shift= -#+end_comment -* IN-PROGRESS Mercer pour Bastien :chore: -:LOGBOOK: -CLOCK: [2023-01-11 Wed 16:38]--[2023-01-11 Wed 20:38] => 4:00 -:END: -[2023-01-11 Wed 16:37] -* DONE Réparer prise électrique four -DEADLINE: <2023-02-18 Sat 10:00>--<2023-02-18 Sat 11:00> -[2023-02-01 Wed 15:54] -* TODO DL The good place -SCHEDULED: <2023-02-14 Tue> -[2023-02-01 Wed 20:32] -* DONE Poste transfert d’adresse -DEADLINE: <2023-02-09 Thu 11:00> -[2023-02-09 Thu 09:31] +=- org-clone-subtree-with-time-shift= #+end_comment diff --git a/inbox.sync-conflict-20230213-104410-B4NK45H.org b/inbox.sync-conflict-20230213-104410-B4NK45H.org deleted file mode 100644 index 647ca722..00000000 --- a/inbox.sync-conflict-20230213-104410-B4NK45H.org +++ /dev/null @@ -1,595 +0,0 @@ -#+Title:TODO -#+Author: Yann Esposito -#+ARCHIVE: archives/TODO.archive.org:: -#+TODO: TODO(t) IN-PROGRESS(p) HOLD(h@/!) WAITING(w@/!) | DONE(d) CANCELED(c@/!) HANDLED(l@/!) -#+COLUMNS: %TODO %3PRIORITY %40ITEM(Task) %CLOCKSUM %8TAGS(TAG) -#+STARTUP: overview -#+LANG: fr - -#+begin_comment -SPC y o c => DISPLAY org columns -#+end_comment -* Inbox -** TODO Répondre à Luc -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:19] - -Bonjour Luc, - -Merci pour ton message, en effet, après plusieurs jours un peu sous l'eau je -peux prendre le temps de te répondre pausément ;). - -Tout d'abord, il nous a fallu pas mal de temps pour faire en sorte que notre -nouvelle maison soit acceptable et qu'on s'y sente à l'aise. C'est une location -que nous pensons conserver seulement temporairement, et elle était dans un état -pas terrible. Maintenant que nous avons fait tous les ajustement (environ 40h de -ménage intense à plusieurs, et pas mal de petits travaux, installé la cuisine, -acheté un nouveau frigidaire, etc…) - -Le coin est plus sympa que ce à quoi je m'attendais. Cette ville est proche de -tout, les voisins sont sympa, on habite à 30m d'amis que nous nous somme fait -par le biais de l'association du chien de notre fille. Donc c'est un heureux -hasard aussi. -Toutes les commodités sont proches, et avoir un jardin c'est plus sympa que -sortir les chiens tous les soirs. - -J'espère que même si je suis plus loin, on pourra conserver un contact. -Tout d'abord nous ne sommes pas parti si loin. -Nous sommes à 1h30 de voiture, et nous avons déjà prévu de revenir au moins 1j -par mois ne serait-ce que pour les médecins de ma fille. -Donc vous êtes bien sûr toujours les bienvenus et aussi, lorsque je viendrai, ça -sera l'occasion d'essayer de trouver un moment ensemble aussi. - -Au delà, j'aimerai essayer de trouver un système type réseau social mais -totalement privé que je réserverai seulement aux amis proches et à la famille. -Parce qu'il y a beaucoup de choses que nous pourrions partagé avec plus de -liberté si nous savions que ça resterait entre nous. -Il y a tout un tas d'anectodes qui sont sympas entre nous, mais que je -ne me vois pas partager sur tout Internet. - -Donc je vais voir si je peux arriver à, trouver un service que je peux -self-hoster, qui soit facile à partager, auxquels les gens puissent aller y -jeter un coups d'œil de temps en temps, et pourquoi pas y partaciper aussi aux -delà de quelques commentaires. -On a des groupes whatsapp, mais bon... whatsapp quoi... The great evil Facebook ;). -** TODO Rebrancher Plex -SCHEDULED: <2023-02-13 Mon 16:00> -[2023-02-13 Mon 10:02] -** TODO Demander lien réunion Chien Espoir & Handicap à Lionel -DEADLINE: <2023-02-13 Mon 15:00> -[2023-02-13 Mon 10:01] -** DONE Commander croquettes Pô -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:01] -** DONE Envoyer le mot à Mira -DEADLINE: <2023-02-13 Mon 11:00> -[2023-02-13 Mon 10:00] - -#+begin_quote -Lors d'une balade au parc public des Bouillides à Sophia Antipolis, le 30 -décembre aux alentours de 15h avec mon chien Oslo, un beagle de 4 ans, nous -avons croisé un autre chien qui avait des points au niveau des babines. -En voulant dire bonjour à ce chien, Oslo lui a donné un coup de museau dans la -gueule, ce qui a endommagé les sutures. -Les deux chiens étaient tenus en laisse. -#+end_quote - -** DONE [#A] Envoyer doc avec accusé de réception agence -DEADLINE: <2023-02-09 Thu 17:00> -[2023-02-09 Thu 14:53] -** DONE Envoyer un mail pour l'antenne satelite cassée -DEADLINE: <2023-02-08 Wed 18:00> -[2023-02-08 Wed 14:15] -** TODO Mail Agence Etat des lieux -[2023-02-06 Mon 15:36] - -Bonjour, - -Nous vous remercions pour la rapidité d'intervention de votre plombier lors du -dégât des eaux survenu le jour de notre aménagement. - -Lors de la remise des clés nous avions bien vu que l'état de propreté laissait à -désirer. Cependant nous étions très loin d'imaginer que celà allait nécessiter -plus d'une trentaine d'heures de nettoyage. Et il reste encore du travail. -Autant faire un coups de propre en prenant possession des lieux est normal, -autant y passer autant de temps est très regrettable. - -Pendant ce nettoyage nous avons ainsi pu constater une liste de points que nous -aimerions ajouter à l'état des lieux. - -Globalement, on peut souligner que la maison est sale (murs, sols, sanitaires, -nombreuses toiles d'araignées, portes, interrupteurs, fenêtres, radiateurs -pleins de poils de chiens et de poussière...). - -Cuisine : -- présence de graisse sur toute la hotte aspirante, filtres sales plein de gras - ayant nécessité un gros nettoyage ; -- sur la plaque il y a une abscence de voyant ; -- l'évier est un peu rayé (ce n'est pas du calcaire) ; -- certaines façades de la cuisine ont été repeintes avec une peinture qui mence - de s'enlever lors d'un nettoyage courant ; -- certaines façades sont abîmées ; -- fenêtres (encadrement et vitres sales) -- sols sales (joints très sales) - -Buanderie : -- Le robinet d'eau pour la machine à laver est cassé. Le plombier n'avait pas la - pièce pour le replacer. - -Hall : -- Etat global sale (murs poussiereux, etagères du placard et fenêtres sales). -- En nettoyant, est apparu, sur la porte du placard un dessin d'enfant qui ne - part pas au nettoyage. - -Séjour : -- Murs, fenêtres et encadrements très sales. - -Chambre parentale : -- une prise (celle sous la fenêtre) ne marche pas et est mal fixée. C'est - sûrement celle qui est reliée à l'interupteur. -- Salle de bain: WC sale (traces d'urine) - -Salle d'eau : -- WC extrêmement sale avec des coulures d'urine ayant imbibé le lino ; -- WC le robinet de remplissage fuite dès qu'il est ouvert. Celà nécessite que - nous plaçions un seau et que nous le refermions après avoir utilisé la chasse d'eau. - -Chambre 1 : -- un coups sur la porte et peinture délavée. - -Jardin : -- herbe non tondue ; -- nombreux excréments d'animaux dans le jardin. -- arbres nécessitant une taille - -Couloir : -- Il y a une faiblesse au niveau du sol (on sent qu'il s'enfonce un peu). Pour - le moment il n'y a rien de visible mais j'ai peur qu'avec les passages celà ne - finisse par s'abîmer. - -Nous vous remercions d'inclure tous ces points à l'état des lieux. - -Concernant, les deux robinets cassés, ainsi que la prise de courant non -fonctionnelle pourriez-vous faire le nécessaire pour les faire réparer ? - -Je tiens à souligner que le fait d'avoir fait autant de ménage nous a obligé à -perdre beaucoup de temps pour l'installation de la chambre et la salle de bain -pour notre fille handicapée ce qui a rendu son intégration dans la maison plus -difficile. - -Très cordialement, -Krystelle et Yann Esposito. -** TODO Supprimer Assurance Habitation Valbonne -DEADLINE: <2023-03-01 Wed> -[2023-01-31 Tue 12:05] -** TODO couper l'électricité Valbonne -DEADLINE: <2023-03-06 Mon> -[2023-01-31 Tue 12:04] -** DONE [#B] Aller payer les Arrhes et chercher les cartons -DEADLINE: <2023-01-26 Thu 15:00> -[2023-01-26 Thu 10:06] -** DONE [#B] Assurer la maison pour le 1er février. -DEADLINE: <2023-01-26 Thu 17:00> -:LOGBOOK: -- State "DONE" from "WAITING" [2023-01-31 Tue 13:13] -- State "WAITING" from "TODO" [2023-01-26 Thu 14:45] \\ - Attend que ma maman rapelle -:END: -[2023-01-26 Thu 10:05] -** DONE Déclarer Bastien non étudiant Mutuelle -DEADLINE: <2022-12-09 Fri 11:00> -[2022-12-08 Thu 22:42] -** TODO Regarder sans soleil https://www.youtube.com/watch?v=fdusEgrbhgA -SCHEDULED: <2023-02-14 Tue 22:00> -[2022-11-26 Sat 11:04] -** DONE Demander Laura pour capacité d'emprunt. - -Bonjour Laura, - -Tout d'abord, je vous souhaite mes meilleurs vœux pour la nouvelle année. - -Nous étions venus en mai pour faire une simulation de financement . -Depuis, nous avons vendu notre appartement, pour l'instant il est sous -compromis, avec l'aide d'Anthony Barrière. - -Nous aurions aimé avoir une idée notre capacité d'emprunt avec seulement -mon salaire (même si nous ferions la demande de prêt avec nous deux). -En effet mon épouse commence un nouvel emploi mi-février près de Marseille. -Sa période d'essai sera de 2 mois. -Elle conserve néanmoins son CDI à l'hôpital sans être rémunérée. -Plutôt que démissionner on lui a proposé de se mettre dans un dispositif qui -ressemble à une mise en disponibilité. - -Ce qui nous bloque actuellement c'est de savoir à partir de quand nous pourrons -commencer à faire des visites pour lesquelles nous pourrons faire des offres. -Notre situation financière n'a que très peu évolué depuis notre dernière -rencontre. -Devons nous prévoir un autre rendez-vous ? - -Très cordialement, -Yann Esposito. -* Perso :perso: -** Habits :habit: -*** TODO Reading List notes -SCHEDULED: <2023-01-16 Mon 09:00 .+1d> -:PROPERTIES: -:STYLE: habit -:LAST_REPEAT: [2023-01-15 Sun 09:40] -:END: -:LOGBOOK: -- State "CANCELED" from "TODO" [2023-01-15 Sun 09:40] -- State "CANCELED" from "TODO" [2023-01-11 Wed 20:19] -- State "CANCELED" from "TODO" [2022-11-29 Tue 15:56] -- State "CANCELED" from "TODO" [2022-11-18 Fri 15:17] -- State "CANCELED" from "TODO" [2022-11-14 Mon 10:42] -- State "DONE" from "TODO" [2022-11-14 Mon 10:42] -- State "CANCELED" from "TODO" [2022-11-10 Thu 18:00] -- State "CANCELED" from "TODO" [2022-11-09 Wed 19:28] -- State "DONE" from "TODO" [2022-11-09 Wed 19:28] -- State "CANCELED" from "TODO" [2022-11-02 Wed 09:57] -- State "CANCELED" from "TODO" [2022-11-01 Tue 12:58] -- State "CANCELED" from "TODO" [2022-10-25 Tue 17:51] \\ - not today -- State "CANCELED" from "TODO" [2022-10-24 Mon 16:27] -- State "DONE" from "TODO" [2022-09-19 Mon 10:59] -- State "DONE" from "TODO" [2022-09-17 Sat 11:53] -- State "DONE" from "TODO" [2022-08-31 Wed 09:24] -- State "CANCELED" from "TODO" [2022-07-05 Tue 15:50] -- State "CANCELED" from "TODO" [2022-07-04 Mon 12:00] -- State "CANCELED" from "TODO" [2022-07-04 Mon 12:00] -- State "CANCELED" from "TODO" [2022-07-04 Mon 12:00] -- State "DONE" from "TODO" [2022-07-01 Fri 20:53] -- State "DONE" from "TODO" [2022-06-30 Thu 17:57] -- State "DONE" from "TODO" [2022-06-30 Thu 17:57] -- State "DONE" from "TODO" [2022-06-30 Thu 17:57] -- State "DONE" from "TODO" [2022-06-30 Thu 17:57] -- State "DONE" from "TODO" [2022-06-30 Thu 17:56] -- State "CANCELED" from "TODO" [2022-06-26 Sun 11:33] \\ - Another day -- State "DONE" from "TODO" [2022-06-24 Fri 10:41] -- State "DONE" from "TODO" [2022-06-24 Fri 10:41] -- State "DONE" from "TODO" [2022-06-24 Fri 10:41] -- State "DONE" from "TODO" [2022-06-24 Fri 10:41] -- State "DONE" from "TODO" [2022-06-20 Mon 16:00] -- State "DONE" from "TODO" [2022-06-19 Sun 19:08] -- State "DONE" from "TODO" [2022-06-19 Sun 19:08] -- State "DONE" from "TODO" [2022-06-17 Fri 11:06] -- State "CANCELED" from "TODO" [2022-06-14 Tue 15:04] \\ - Not today -- State "CANCELED" from "TODO" [2022-06-13 Mon 11:15] -- State "CANCELED" from "TODO" [2022-06-13 Mon 11:15] -- State "DONE" from "TODO" [2022-06-11 Sat 09:59] -- State "DONE" from "TODO" [2022-06-11 Sat 09:59] -- State "DONE" from "IN-PROGRESS" [2022-06-09 Thu 11:54] -CLOCK: [2022-06-09 Thu 08:54]--[2022-06-09 Thu 09:32] => 0:38 -- State "DONE" from "TODO" [2022-06-08 Wed 09:59] -CLOCK: [2022-06-08 Wed 09:37]--[2022-06-08 Wed 09:59] => 0:22 -- State "CANCELED" from "TODO" [2022-06-07 Tue 10:06] \\ - I don't have time today -- State "DONE" from "TODO" [2022-06-07 Tue 09:44] -- State "DONE" from "TODO" [2022-06-07 Tue 09:44] -- State "DONE" from "TODO" [2022-06-07 Tue 09:44] -- State "CANCELED" from "TODO" [2022-06-07 Tue 09:44] -- State "DONE" from "TODO" [2022-06-02 Thu 15:33] -:END: -** Maybe :maybe: -* Famille :family: -** Daily :daily: -*** TODO Attention gentille -SCHEDULED: <2023-02-14 Tue .+1d> -:PROPERTIES: -:LAST_REPEAT: [2023-02-13 Mon 10:02] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-02-13 Mon 10:02] -- State "DONE" from "TODO" [2023-02-10 Fri 15:06] -- State "DONE" from "TODO" [2023-02-08 Wed 14:16] -- State "DONE" from "TODO" [2023-01-27 Fri 10:03] -- State "DONE" from "TODO" [2023-01-24 Tue 14:47] -- State "DONE" from "TODO" [2023-01-15 Sun 09:40] -- State "DONE" from "TODO" [2022-12-21 Wed 14:20] -- State "DONE" from "TODO" [2022-11-29 Tue 15:56] -- State "DONE" from "TODO" [2022-11-26 Sat 10:16] -- State "DONE" from "TODO" [2022-11-18 Fri 22:22] -- State "DONE" from "TODO" [2022-11-17 Thu 18:10] -:END: -** Weekly :weekly: -*** TODO litieres -DEADLINE: <2023-02-06 Mon .+2w -1d> -:PROPERTIES: -:LAST_REPEAT: [2023-01-23 Mon 17:33] -:STYLE: habit -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-01-23 Mon 17:33] -- State "DONE" from "TODO" [2023-01-04 Wed 10:50] -- State "CANCELED" from "TODO" [2022-11-28 Mon 12:05] -- State "CANCELED" from "TODO" [2022-11-14 Mon 10:42] -- State "DONE" from "TODO" [2022-10-26 Wed 12:15] -- State "DONE" from "TODO" [2022-10-12 Wed 10:02] -- State "DONE" from "TODO" [2022-09-17 Sat 08:57] -- State "DONE" from "TODO" [2022-09-02 Fri 08:19] -- State "DONE" from "TODO" [2022-07-27 Wed 08:53] -- State "DONE" from "TODO" [2022-06-08 Wed 17:06] -- State "DONE" from "TODO" [2022-05-17 Tue 19:02] -- State "DONE" from "TODO" [2022-05-03 Tue 10:45] -- State "DONE" from "TODO" [2022-04-19 Tue 09:54] -- State "DONE" from "TODO" [2022-03-24 Thu 17:21] -- State "DONE" from "TODO" [2022-03-01 Tue 10:55] -- State "DONE" from "TODO" [2022-02-09 Wed 09:23] -- State "DONE" from "TODO" [2022-01-18 Tue 09:42] -- State "DONE" from "TODO" [2021-12-01 Wed 14:11] -- State "DONE" from "TODO" [2021-10-18 Mon 10:00] -- State "DONE" from "TODO" [2021-09-24 Fri 09:44] -- State "DONE" from "TODO" [2021-08-29 Sun 11:33] -- State "CANCELED" from "TODO" [2021-08-11 Wed 18:52] -- State "DONE" from "TODO" [2021-07-08 Thu 09:26] -- State "DONE" from "TODO" [2021-05-27 Thu 08:09] -- State "CANCELED" from "TODO" [2021-05-05 Wed 10:18] -- State "DONE" from "TODO" [2021-04-07 Wed 16:30] -- State "DONE" from "TODO" [2021-02-28 Sun 12:01] -- State "DONE" from "TODO" [2021-01-18 Mon 14:26] -- State "DONE" from "TODO" [2021-01-04 Mon 15:49] -- State "DONE" from "TODO" [2020-11-27 Fri 10:32] -- State "DONE" from "TODO" [2020-11-05 Thu 15:43] -- State "DONE" from "TODO" [2020-10-23 Fri 10:22] -- State "DONE" from "TODO" [2020-10-08 Thu 11:18] -- State "DONE" from "TODO" [2020-09-11 Fri 09:07] -- State "DONE" from "TODO" [2020-06-08 Mon 23:00] -- State "DONE" from "TODO" [2020-05-19 Tue 22:04] -- State "DONE" from "TODO" [2020-08-22 Sat 09:18] -- State "DONE" from "TODO" [2020-06-21 Sun 16:00] -- State "CANCELED" from "TODO" [2020-06-15 Mon 10:28] \\ - Done not so long ago -:END: -*** TODO Appeler Papa -SCHEDULED: <2023-02-20 Mon 14:00 .+1w> -:PROPERTIES: -:STYLE: habit -:LAST_REPEAT: [2023-02-13 Mon 10:02] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-02-13 Mon 10:02] -- State "DONE" from "TODO" [2023-01-23 Mon 17:31] -- State "DONE" from "TODO" [2023-01-04 Wed 10:49] -- State "DONE" from "TODO" [2022-12-02 Fri 19:10] -:END: -*** TODO Appeler Maman -SCHEDULED: <2023-02-15 Wed 12:00 .+1w> -:PROPERTIES: -:STYLE: habit -:LAST_REPEAT: [2023-02-08 Wed 14:16] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-02-08 Wed 14:16] -- State "DONE" from "TODO" [2023-01-31 Tue 13:14] -- State "DONE" from "TODO" [2023-01-24 Tue 15:15] -- State "DONE" from "TODO" [2023-01-09 Mon 15:57] -- State "DONE" from "TODO" [2023-01-01 Sun 19:04] -- State "DONE" from "TODO" [2022-12-04 Sun 19:23] -- State "DONE" from "TODO" [2022-11-26 Sat 10:16] -:END: -** Yearly :yearly: -*** TODO [#A] revision chaudiere -DEADLINE : <2023-02-15 Wed +1y -2w> -:PROPERTIES: -:LAST_REPEAT: [2022-02-25 Fri 18:10] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2022-02-25 Fri 18:10] -- State "DONE" from "IN-PROGRESS" [2021-03-06 Sat 23:48] -:END: -[2020-05-23 Sat 10:26] -*** TODO vaccination leichmaniose Oslo -DEADLINE: <2024-01-20 Sat +1y> -:PROPERTIES: -:LAST_REPEAT: [2023-01-27 Fri 09:43] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-01-27 Fri 09:43] -- State "DONE" from "TODO" [2022-01-18 Tue 10:18] -- State "DONE" from "TODO" [2021-01-18 Mon 14:25] -:END: -[2020-05-23 Sat 10:27] -*** TODO Nettoyage barbecue -SCHEDULED: <2023-09-19 Tue +1y> -:PROPERTIES: -:LAST_REPEAT: [2023-01-23 Mon 17:32] -:END: -:LOGBOOK: -- State "HOLD" from "TODO" [2023-01-15 Sun 09:40] -:END: -[2020-05-23 Sat 10:32] -*** TODO [#A] Cadeau Rencontre Krystelle (1995) :yearly: -DEADLINE: <2023-04-08 Sat +1y -2w> -:PROPERTIES: -:LAST_REPEAT: [2022-04-07 Thu 11:56] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2022-04-07 Thu 11:56] -:END: -*** TODO [#A] Cadeau Mariage Krystelle (2000) :yearly: -DEADLINE: <2023-08-12 Sat +1y -2w> -:PROPERTIES: -:LAST_REPEAT: [2022-08-13 Sat 19:43] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2022-08-13 Sat 19:43] -- State "CANCELED" from "TODO" [2021-08-11 Wed 18:52] -- State "DONE" from "TODO" [2020-08-10 Mon 12:19] -:END: -*** TODO [#A] Cadeau Anniversaire Krystelle :yearly: -DEADLINE: <2023-04-26 Wed +1y -2w> -:PROPERTIES: -:LAST_REPEAT: [2022-04-26 Tue 18:53] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2022-04-26 Tue 18:53] -:END: -*** Fête des mères -**** [2020-06-07 Sun] -**** [2021-05-30 Sun] -***** DONE [#A] Acheter cadeau fête des mères Krystelle :krystelle: -CLOSED: [2021-05-30 Sun 09:26] DEADLINE: <2021-05-30 Sun -2w> -***** DONE [#A] Acheter cadeau fête des mères Maman -CLOSED: [2021-05-30 Sun 09:26] DEADLINE: <2021-05-30 Sun -2w> -**** [2022-06-07 Tue] -***** DONE [#A] Acheter cadeau fête des mères Krystelle :krystelle: -DEADLINE: <2022-05-29 Sun -2w> -***** DONE [#A] Acheter cadeau fête des mères Maman -DEADLINE: <2022-05-30 Mon -2w> -*** TODO Appeler Thierry -DEADLINE: <2024-01-04 Thu +1y> -:PROPERTIES: -:LAST_REPEAT: [2023-01-06 Fri 11:14] -:END: -:LOGBOOK: -- State "DONE" from "TODO" [2023-01-06 Fri 11:14] -- State "CANCELED" from "TODO" [2022-01-18 Tue 09:42] -- State "DONE" from "TODO" [2021-02-28 Sun 11:56] -- State "DONE" from "TODO" [2021-02-28 Sun 11:55] -- State "DONE" from "TODO" [2021-01-07 Thu 11:52] -:END: -[2020-12-26 Sat 13:03] -** Krystelle :krystelle: -** Anna :anna: -*** CANCELED Voir si on doit faire une demande PCH (aide pour le chien) :ATTACH:anna: -SCHEDULED: <2022-12-18 Sun> -:PROPERTIES: -:ID: 8163f2ed-7106-4b4a-93b0-7009fe316172 -:END: -:LOGBOOK: -- State "CANCELED" from "TODO" [2022-12-21 Wed 14:19] -:END: -[2022-06-08 Wed 10:01] - -Début du message transféré : - -De: francoisem06@free.fr -Date: 1 juin 2022 à 18:23:37 UTC+2 -À: krystelle esposito -Objet: PCH - - -reBonjour Krystelle, - -Je te joins le tableau des remboursements pour la PCH (tableau 1 pour l'aide humaine et tableau 7 pour les aides animalières). Il faut donc prévoir de faire une demande de PCH auprès de la MDPH. - -Pour la demande de PCH -La loi n°2020-220 du 6 mars 2020 vise à améliorer l'accès à la PCH. - -L'article 3 (Article L245-6) parle des modalités et de la durée d'attribution de la PCH. Lorsque le handicap n'est pas susceptible d'évoluer favorablement, un droit à la PCH est ouvert sans limitation de durée, sans préjudice des révisions du plan personnalisé de compensation qu'appellent les besoins de la personne. - -Source : https://www.legifrance.gouv.fr/codes/id/LEGIARTI000041700020/2020-03-08 - -Autres infos : - -- Article sur ce qui change au 1 janvier 2022 en cas de handicap: https://informations.handicap.fr/a-janvier-2022-change-cas-handicap-32099.php/true - -- Togi Santé : https://www.togisante.com/agence/agence-togi-sante-nice-06/ - -A bientôt -Françoise -** Bastien :bastien: -* Memory -:PROPERTIES: -:ID: 1644E007-AFBE-4F4B-9307-B007C60548E8 -:END: -** client TG dans le config.edn :fc:cisco: -:PROPERTIES: -:FC_CREATED: 2020-05-23T17:33:07Z -:FC_TYPE: normal -:ID: 8B092321-BA1F-47F9-A927-76D2E232CF51 -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 3.25 | 7 | 449.62 | 2022-04-20T04:53:05Z | -:END: - -Ne pas oublier le client de TG est dans le config.edn -** Searh within org notes :fc:org: -:PROPERTIES: -:FC_CREATED: 2020-06-05T07:09:22Z -:FC_TYPE: normal -:ID: 49981B50-AFBD-4C93-A9C2-8D88550AB425 -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 2.65 | 7 | 289.32 | 2021-11-04T20:35:12Z | -:END: -=helm-org-rifle= (~SPC y o s~) -** update ~[/]~ and ~[%]~ in org mode :fc:org: -:PROPERTIES: -:FC_CREATED: 2020-06-13T12:35:49Z -:FC_TYPE: normal -:ID: 90110976-520D-4B0C-B1D9-3798323C370E -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 2.35 | 7 | 265.02 | 2021-10-17T14:36:23Z | -:END: - -use ~SPC m #~ (~org-update-statistics-cookies~) -** projectile toggle from implementation to test file :fc: -:PROPERTIES: -:FC_CREATED: 2020-07-02T13:16:56Z -:FC_TYPE: normal -:ID: 2110820C-4877-40B3-A351-2DEDE0F222C6 -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 2.65 | 7 | 287.31 | 2021-11-08T21:22:55Z | -:END: -=SPC p y= -** Create inactive timestmap ([DATE]) :fc:org:doom: -:PROPERTIES: -:FC_CREATED: 2020-09-01T10:16:26Z -:FC_TYPE: normal -:ID: a4ebd43b-b589-499e-85e1-7ebea0abf3af -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 2.65 | 6 | 117.50 | 2021-03-16T20:55:04Z | -:END: -:LOGBOOK: -CLOCK: [2020-09-01 Tue 12:13]--[2020-09-01 Tue 12:13] => 0:00 -:END: -[2020-09-01 Tue 12:13] -~SPC m d T~ -** Clone sub tree with time shift :fc: -:PROPERTIES: -:FC_CREATED: 2020-12-02T13:54:51Z -:FC_TYPE: normal -:ID: 9207b53a-e38e-4996-abc6-140c31f2960a -:END: -:REVIEW_DATA: -| position | ease | box | interval | due | -|----------+------+-----+----------+----------------------| -| front | 2.35 | 3 | 6.00 | 2021-01-31T14:02:51Z | -:END: -=org-clone-subtree-with-time-shift= -* Work :work: - -#+begin_comment -- =SPC m s c= -=- org-clone-subtree-with-time-shift= -#+end_comment -* IN-PROGRESS Mercer pour Bastien :chore: -:LOGBOOK: -CLOCK: [2023-01-11 Wed 16:38]--[2023-01-11 Wed 20:38] => 4:00 -:END: -[2023-01-11 Wed 16:37] -* DONE Réparer prise électrique four -DEADLINE: <2023-02-18 Sat 10:00>--<2023-02-18 Sat 11:00> -[2023-02-01 Wed 15:54] -* TODO DL The good place -SCHEDULED: <2023-02-14 Tue> -[2023-02-01 Wed 20:32] -* DONE Poste transfert d’adresse -DEADLINE: <2023-02-09 Thu 11:00> -[2023-02-09 Thu 09:31] diff --git a/notes.org.gpg b/notes.org.gpg index 3af67cda..134c3340 100644 Binary files a/notes.org.gpg and b/notes.org.gpg differ diff --git a/notes/composable_shell_nix.html b/notes/composable_shell_nix.html new file mode 100644 index 00000000..0d792059 --- /dev/null +++ b/notes/composable_shell_nix.html @@ -0,0 +1,536 @@ + + + + + + + + Composable shell.nix + + + + +
+

Composable shell.nix

+

Yann Esposito

+

[2023-02-10 Fri]

+
+
+
tags
+
+nix +
+
+

So I work on a project for which we used Docker to locally run +integration tests. More precisely we used docker-compose to launch different services, +most of them being databases. The project is big enough that we need +many different databases and other services.

+

It's been a while that I am following nix, and in particular I use +nix on macOS to create local development environments. But I never used +NixOS, even if I plan to do so on my remote server. In fact, I use nix +on a very old Linux distro to run recent softwares.

+

Anyway, after Docker started to change its licensing on macOS I +wanted to get rid of it. In fact, even before the licensing issue, I +wanted to get rid of docker for Mac.

+

So I tried many time to replace docker-compose by nix. And even if I am interested in nix I never +really dug into it. So my knowledge about it is incomplete and +imprecise. But I know just enough to be able to start write script with +nix taking care of dependencies, and similarly, I can write quick and +dirty shell.nix for all my personal +projects. Recently I started to add flake.nix files around too.

+

So here is how to easily replace docker-compose with nix. Which +should also compose.

+

nix-shell-fu level 1 lesson

+

Let's start with a basic shell.nix +example:

+
{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }:
+with pkgs: mkShell
+  { buildInputs = [ hello ];
+    shellHook = ''
+      echo "Using ${hello.name}."
+    '';
+  }
+

And this could be understood in plain English as:

+
+

In the packages of nix version 22.11, create a new shell into which +the package hello will be installed. At +the end of the install, run a script that will print the package name. +(Cf 4.1)

+
+

And indeed, if you copy/paste this nix block in a file and run +nix-shell here is the result:

+
> nix-shell
+nix-shell shell.nix
+these 53 paths will be fetched (84.69 MiB download, 524.77 MiB unpacked):
+  /nix/store/08pckaqznwh0s3822cjp5aji6y1lsm27-libcxx-11.1.0
+  ...
+  /nix/store/zqcs5xahjxij0c8vfw60lnfb6d979rn2-zlib-1.2.13
+copying path '/nix/store/49wn01k9yikhjlxc1ym5b6civ29zz3gv-bash-5.1-p16' from 'https://cache.nixos.org'...
+...
+copying path '/nix/store/4w2rv6s96fwsb4qyw8b9w394010gxriz-stdenv-darwin' from 'https://cache.nixos.org'...
+Using hello-2.12.1.
+
+[nix-shell:~/tmp/nixplayground]$
+
+

If you close the session and run it again, it will be much faster and +will only show this:

+
❯ nix-shell
+Using hello-2.12.1.
+
+[nix-shell:~/tmp/nixplayground]$
+
+

This is because all dependencies will be cached. OK so, this is level +1 of nix-shell-fu.

+

Now, let's start level 2.

+

nix-shell-fu level 2 lesson; scripting and +configuring

+

This time, we want to launch a full service, as a redis docker would +do. So here is a basic shell script which is similar to the previous one +but will request redis as a dependency +instead of hello and also as a launching +script. From there will add a little bit more features.

+
{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }:
+  pkgs.mkShell {
+    # must contain buildInputs, nativeBuildInputs and shellHook
+    buildInputs = [ pkgs.redis ];
+
+    # Post Shell Hook
+    shellHook = ''
+    echo "Using ${pkgs.redis.name} on port: ${port}"
+    redis-server
+  '';
+  }
+

Again if you run nix-shell here is the result:

+
❯ nix-shell
+these 2 paths will be fetched (2.08 MiB download, 6.99 MiB unpacked):
+  /nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5
+  /nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7
+copying path '/nix/store/b47gmsx9qx0c9vh75wsg8bqq9qd0ad6f-openssl-3.0.7' from 'https://cache.nixos.org'...
+copying path '/nix/store/6w4vnaxdx12ccq172i8j5l830mlp8jlg-redis-7.0.5' from 'https://cache.nixos.org'...
+Using redis-7.0.5
+97814:C 10 Feb 2023 20:44:36.960 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
+97814:C 10 Feb 2023 20:44:36.960 # Redis version=7.0.5, bits=64, commit=00000000, modified=0, pid=97814, just started
+97814:C 10 Feb 2023 20:44:36.960 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
+97814:M 10 Feb 2023 20:44:36.961 * Increased maximum number of open files to 10032 (it was originally set to 256).
+97814:M 10 Feb 2023 20:44:36.961 * monotonic clock: POSIX clock_gettime
+                _._
+           _.-``__ ''-._
+      _.-``    `.  `_.  ''-._           Redis 7.0.5 (00000000/0) 64 bit
+  .-`` .-```.  ```\/    _.,_ ''-._
+ (    '      ,       .-`  | `,    )     Running in standalone mode
+ |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
+ |    `-._   `._    /     _.-'    |     PID: 97814
+  `-._    `-._  `-./  _.-'    _.-'
+ |`-._`-._    `-.__.-'    _.-'_.-'|
+ |    `-._`-._        _.-'_.-'    |           https://redis.io
+  `-._    `-._`-.__.-'_.-'    _.-'
+ |`-._`-._    `-.__.-'    _.-'_.-'|
+ |    `-._`-._        _.-'_.-'    |
+  `-._    `-._`-.__.-'_.-'    _.-'
+      `-._    `-.__.-'    _.-'
+          `-._        _.-'
+              `-.__.-'
+
+97814:M 10 Feb 2023 20:44:36.962 # WARNING: The TCP backlog setting of 511 cannot be enforced because kern.ipc.somaxconn is set to the lower value of 128.
+97814:M 10 Feb 2023 20:44:36.962 # Server initialized
+97814:M 10 Feb 2023 20:44:36.963 * Ready to accept connections
+
+

Woo! Redis is started and it works!

+

But if you have multiple projects you want to have more control. For +example, we will want to run redis on a specific port. Here is how you +do it:

+
{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/21.05.tar.gz) {} }:
+  let iport = 16380;
+      port = toString iport;
+  in pkgs.mkShell {
+    # must contain buildInputs, nativeBuildInputs and shellHook
+    buildInputs = [ pkgs.redis ];
+
+    # Post Shell Hook
+    shellHook = ''
+    echo "Using ${pkgs.redis.name} on port ${port}"
+    redis-server --port ${port}
+  '';
+  }
+

And here is the result:

+
> rm dump.rdb
+> nix-shell
+Using redis-6.2.3 on port 16380
+1785:C 10 Feb 2023 20:50:00.880 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
+1785:C 10 Feb 2023 20:50:00.880 # Redis version=6.2.3, bits=64, commit=00000000, modified=0, pid=1785, just started
+1785:C 10 Feb 2023 20:50:00.880 # Configuration loaded
+1785:M 10 Feb 2023 20:50:00.880 * Increased maximum number of open files to 10032 (it was originally set to 256).
+1785:M 10 Feb 2023 20:50:00.880 * monotonic clock: POSIX clock_gettime
+                _._
+           _.-``__ ''-._
+      _.-``    `.  `_.  ''-._           Redis 6.2.3 (00000000/0) 64 bit
+  .-`` .-```.  ```\/    _.,_ ''-._
+ (    '      ,       .-`  | `,    )     Running in standalone mode
+ |`-._`-...-` __...-.``-._|'` _.-'|     Port: 16380
+ |    `-._   `._    /     _.-'    |     PID: 1785
+  `-._    `-._  `-./  _.-'    _.-'
+ |`-._`-._    `-.__.-'    _.-'_.-'|
+ |    `-._`-._        _.-'_.-'    |           https://redis.io
+  `-._    `-._`-.__.-'_.-'    _.-'
+ |`-._`-._    `-.__.-'    _.-'_.-'|
+ |    `-._`-._        _.-'_.-'    |
+  `-._    `-._`-.__.-'_.-'    _.-'
+      `-._    `-.__.-'    _.-'
+          `-._        _.-'
+              `-.__.-'
+
+1785:M 10 Feb 2023 20:50:00.881 # Server initialized
+1785:M 10 Feb 2023 20:50:00.881 * Ready to accept connections
+
+

Woo! Now we can control the port from the file. That's nice. But, +hmmm, has you might have noticed, when you quit the session it dumps the +DB as the file dump.rdb. What we would +like is to keep the state in a local file that would be easy to delete. +So here is how I did it, mainly, I just create a redis config file +locally, and run redis using this local config file. Also I do my best +to put all files created for running this local redis instance into a +local file into my project. The code is more complex this time, but I +just added a way to create a config file and declare a directory that +will contain all the state of the DB and of the nix configuration.

+
{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/21.05.tar.gz) {} }:
+let iport = 16380;
+    port = toString iport;
+in pkgs.mkShell (rec {
+  # ENV Variables the directory to put all the DATA
+  REDIS_DATA = "${toString ./.}/.redis";
+  # the config file, as we use REDIS_DATA variable we just declared in the
+  # same nix set, we need to use rec
+  redisConf = pkgs.writeText "redis.conf"
+                             ''
+                             port ${port}
+                             dbfilename redis.db
+                             dir ${REDIS_DATA}
+                             '';
+
+  buildInputs = [ pkgs.redis ];
+
+  # Post Shell Hook
+  shellHook = ''
+    echo "Using ${pkgs.redis.name} on port: ${port}"
+
+    [ ! -d $REDIS_DATA ] \
+      && mkdir -p $REDIS_DATA
+    cat "$redisConf" > $REDIS_DATA/redis.conf
+    alias redisstop="echo 'Stopping Redis'; redis-cli -p ${port} shutdown; rm -rf $REDIS_DATA"
+    nohup redis-server $REDIS_DATA/redis.conf > /dev/null 2>&1 &
+    echo "When finished just run redisstop && exit"
+  '';
+})
+

And here is a full session using this shell.nix:

+
 nix-shell
+Using redis-6.2.3 on port: 16380
+When finished just run redisstop && exit
+
+[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380
+127.0.0.1:16380> help
+redis-cli 6.2.3
+To get help about Redis commands type:
+      "help @<group>" to get a list of commands in <group>
+      "help <command>" for help on <command>
+      "help <tab>" to get a list of possible help topics
+      "quit" to exit
+
+To set redis-cli preferences:
+      ":set hints" enable online hints
+      ":set nohints" disable online hints
+Set your preferences in ~/.redisclirc
+127.0.0.1:16380>
+
+[nix-shell:~/tmp/nixplayground]$ ls -a
+.  ..  .redis  shell.nix
+
+[nix-shell:~/tmp/nixplayground]$ find .redis
+.redis
+.redis/redis.conf
+
+[nix-shell:~/tmp/nixplayground]$ redis-cli -p 16380 shutdown
+[1]+  Done                    nohup redis-server $REDIS_DATA/redis.conf > /dev/null 2>&1
+
+[nix-shell:~/tmp/nixplayground]$ find .redis
+.redis
+.redis/redis.db
+.redis/redis.conf
+
+[nix-shell:~/tmp/nixplayground]$ redisstop
+Stopping Redis
+Could not connect to Redis at 127.0.0.1:16380: Connection refused
+
+[nix-shell:~/tmp/nixplayground]$ ls -a
+.  ..  shell.nix
+
+[nix-shell:~/tmp/nixplayground]$
+
+

So with this version all data related to redis is saved into the +local .redis directory. And in the nix +shell we provide a command redisstop that +once invoked, shutdown redis, then purge all redis related data (as you +would like in a development environment). Also, as compared to previous +version, redis is launched in background so you could run commands in +your nix shell.

+

nix-shell-fu level 3 lesson; composability

+

So in order for this part to be easier to follow, we'll go back to +our first example with the shell.nix that just ran hello.

+

Appendice

+

Digression

+

In fact, this is a bit more complex than "just that". The reality is +a bit more complex. The nix language is "pure", meaning, if you run the +nix evaluation multiple times, it will always evaluate to the exact same +value. But here, this block represent a function. The function takes as +input a "nix set" (which you can see as an associative array, or a +hash-map or also a javascript object depending on your preference), and +this set is expected to contain a field named pkgs. If pkgs is +not provided, it will us the set from the stable version 22.11 of +nixpkgs by downloading them from github archive. The second part of the +function generate "something" that is returned by an internal function +of the standard library provided by nix +which is named mkShell. So mainly, mkShell is a helper function that will generate +what nix calls a derivation. +Mainly, we don't really care about exactly what is a +derivation. This is an internal to nix representation that +could be finally used by different nix tools for different things. +Typically, installing a package, running a local development environment +with nix-shell or nix develop, etc…

+

So the important detail to remember is that we can manipulate the +parameter we pass to the functions derivation, mkDerivation and mkShell, but we have no mechanism to manipulate +directly derivation. So in order to make +that composable, you need to call the derivation internal function at the very end +only.

+

The argument of all these functions are nix sets

+ + diff --git a/notes/composable_shell_nix.org b/notes/composable_shell_nix.org index 18bfefc6..0f8edddb 100644 --- a/notes/composable_shell_nix.org +++ b/notes/composable_shell_nix.org @@ -7,6 +7,81 @@ - tags :: [[id:6e4c4d62-215d-4e0d-9361-0ff64af6f4a9][nix]] +TL;DR: This is how I created a =docker-compose= replacement with ~nix-shell~. +Here is a solution to have a composable nix shell representation focused on +replacing =docker-compose=. +Here is the main code: + +#+begin_src nix +# imports should contain a list of nix files +{ pkgs, imports }: +let confs = map (f: import f { inherit pkgs; }) imports; + envs = map ({env ? {}}: env) confs; + # list the name of a command to stop + stops = map ({stop ? ":"}: stop) confs; + # we want to stop all services on exit + lastConfs = { shellHook = "stopall(){ " + builtins.foldl' (acc: stop: acc + " && " + stop) "" stops + "}" + + '' + trap stopall EXIT + ''; + }; + mergedEnvs = builtins.foldl' (acc: e: acc // e) {} envs; + zeroConf = {}; + mergedConfs = builtins.foldl' (acc: {buildInputs ? [], nativeBuildInputs ? [], shellHook ? "", ...}: + { buildInputs = acc.buildInputs ++ buildInputs; + nativeBuildInputs = acc.nativeBuildInputs ++ nativeBuildInputs; + shellHook = acc.shellHook + shellHook; + }) zeroConf (confs); +in (mergedEnvs // mergedConfs) +#+end_src + +#+begin_src nix +# example of nix file to be used as import +{ pkgs ? import (fetchTarball https://github.com/NixOS/nixpkgs/archive/22.11.tar.gz) {} }: + let iport = 16380; + port = toString iport; + env = { + redisConf = + pkgs.writeText "redis.conf" + '' + port ${port} + dbfilename redis.db + dir ${toString ./.}/.redis + logfile redis.log + ''; + + # ENV Variables + REDIS_DATA = "${toString ./.}/.redis"; + }; + in env // { + # Warning if you add an attribute like an ENV VAR you must do it via env. + inherit env; + nativeBuildInputs = [ + pkgs.redis + ]; + + # Post Shell Hook + shellHook = '' + echo "Using ${pkgs.redis.name}. port: ${port}" + + [ ! -d $REDIS_DATA ] \ + && mkdir -p $REDIS_DATA + cat "$redisConf" > $REDIS_DATA/redis.conf + function redisstop { + echo 'Stopping and Cleaning up Redis' + redis-cli -p ${port} shutdown && \ + rm -rf $REDIS_DATA + } + nohup redis-server $REDIS_DATA/redis.conf > /dev/null & + trap redisstop EXIT + ''; + # the function to call on EXIT + stop = "redisstop"; + } +#+end_src + +** Introduction + So I work on a project for which we used Docker to locally run integration tests. More precisely we used =docker-compose= to launch different services, most of them being databases. @@ -49,10 +124,9 @@ And this could be understood in plain English as: #+begin_quote In the packages of nix version 22.11, create a new shell into which the package =hello= will be installed. At the end of the install, run a script that will print -the package name.[^1] +the package name. (Cf [[digression]]) #+end_quote -[^1]: And indeed, if you copy/paste this nix block in a file and run ~nix-shell~ here is the result: @@ -303,3 +377,33 @@ could run commands in your nix shell. So in order for this part to be easier to follow, we'll go back to our first example with the shell.nix that just ran hello. + +** Appendice + +*** <> Digression + +In fact, this is a bit more complex than "just that". +The reality is a bit more complex. +The nix language is "pure", meaning, if you run the nix evaluation multiple +times, it will always evaluate to the exact same value. +But here, this block represent a function. +The function takes as input a "nix set" (which you can see as an associative +array, or a hash-map or also a javascript object depending on your preference), +and this set is expected to contain a field named =pkgs=. If =pkgs= is not provided, +it will us the set from the stable version 22.11 of nixpkgs by downloading them +from github archive. +The second part of the function generate "something" that is returned by an +internal function of the standard library provided by =nix= which is named +=mkShell=. +So mainly, =mkShell= is a helper function that will generate what nix calls a +/[[https://blog.ielliott.io/nix-docs/derivation.html][derivation]]/. Mainly, we don't really care about exactly what is a /derivation/. +This is an internal to nix representation that could be finally used by +different nix tools for different things. Typically, installing a package, +running a local development environment with nix-shell or nix develop, etc… + +So the important detail to remember is that we can manipulate the parameter we +pass to the functions =derivation=, =mkDerivation= and =mkShell=, but we have no +mechanism to manipulate directly =derivation=. So in order to make that +composable, you need to call the =derivation= internal function at the very end only. + +The argument of all these functions are /nix sets/ diff --git a/tracker.org b/tracker.org index 4098337c..2c7fd02c 100644 --- a/tracker.org +++ b/tracker.org @@ -2807,6 +2807,425 @@ Added for: - 4986f84e-745f-4f32-b840-803b97856e68​ *** 2023-02-10 Friday -**** TODO Add the impersonate scope to PIAM clients :work: +**** HOLD Add the impersonate scope to PIAM clients :work: SCHEDULED: <2023-02-13 Mon 15:00> +:LOGBOOK: +- State "HOLD" from "TODO" [2023-02-16 Thu 15:47] \\ + We need to wait to know if we are going to provision internally. +:END: [2023-02-10 Fri 15:23] + +** 2023-W07 + +*** 2023-02-13 Monday +**** DONE Créer un meeting avec Murali et Christopher Van Der Made :work: +SCHEDULED: <2023-02-14 Tue 10:00> +[2023-02-13 Mon 17:06] + +We would like to talk with you to find a way to synchronize between IROH and SXO permissions. +**** MEETING RBAC :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-13 Mon 16:32]--[2023-02-13 Mon 17:32] => 1:00 +:END: +[2023-02-13 Mon 16:32] +***** Agenda (to discuss about) +***** Notes +***** Actions + +*** 2023-02-14 Tuesday +**** DONE Finish to answer to Paul :work: +DEADLINE: <2023-02-15 Wed 11:00> SCHEDULED: <2023-02-14 Tue> +[2023-02-14 Tue 18:32] +**** DONE Répondre à Paul Cichonski :work: +SCHEDULED: <2023-02-13 Mon 17:00> +[2023-02-14 Tue 15:46] + +*** 2023-02-15 Wednesday +**** DONE Create an issue to internalize provisioning :work: +DEADLINE: <2023-02-21 Tue 17:30> SCHEDULED: <2023-02-21 Tue> +:LOGBOOK: +CLOCK: [2023-02-22 Wed 14:00]--[2023-02-22 Wed 15:00] => 1:00 +:END: +[2023-02-15 Wed 19:17] + +***** Epic + +Epic https://github.com/advthreat/iroh/issues/7533 + +****** Specialized Provisioning Route for PIAM + :PROPERTIES: + :CUSTOM_ID: specialized-provisioning-route-for-piam + :END: +We should provide a route that will in the body a =NewAccount=, being + +#+begin_src clojure +(s/defschema NewAccount + "The schema to create a New Account, + mainly all data needed to create a new Org, + a main admin User for this org and onboard it." + {:org NewOrg + :user NewUser}) + +(s/defschema NewOrg + "Org before being saved to DB" + (st/merge + {:id OrgId} + (st/optional-keys + {:name (describe s/Str "The name of the Organization specified during login.") + :enterprise-id (describe s/Str "The Cisco SBG Platform Enterprise id associated to this Org.") + :scim-status (describe SCIMStatus "Determine if your Org is activated or not (allowed values are activated or waiting-activation)") + :address OrgAddress}))) + +(s/defschema OrgAddress + (st/optional-keys + {:department s/Str + :street1 s/Str + :street2 s/Str + :postal-code s/Str + :city s/Str + :country-iso-code (apply s/enum country-iso-codes)})) + +(s/defschema NewUser + "provisioned User before being saved to DB" + (st/merge + {:user-email s/Str + :role LegacyOrXDRRoleId + :idp-mappings [PlatformUserIdPMapping]} + (st/optional-keys + {:user-name s/Str + :user-nick s/Str}))) + + + +(s/defschema PlatformUserIdPMapping + {:idp s/Str + :user-identity-id s/Str + (s/optional-key :organization-id) s/Str + :enabled? s/Bool}) +#+end_src + +From there, the endpoint will create the Org and User, then call every +onboarding URL with a user session token. + +#+begin_src clojure +(let [org (create-org new-org) + user (create-user (assoc new-user :org-id (:id org))) + user-session-token (gen-session-token user) + onboarding-responses ;; a JSON Object whose keys are URLs and values are HTTP responses objects + (->> iroh-integration-onboarding-urls + (pmap #(http/post % user-session-token)) + (map (fn [url http-response] [url http-response]) iroh-integration-onboarding-urls) + (into {}))] + ;; 201 + (created {:user user + :org org + :onboarding-responses onboarding-responses})) +#+end_src + +Ideally every external service should answer quickly but after having +successfully created an IROH Module. Ideally, the response should +contain the =module-id=. + +In order for this work to be completed every different team should +provide a new endpoint to trigger the onboarding. + +****** =/onboard= Endpoint Specification + :PROPERTIES: + :CUSTOM_ID: onboard-endpoint-specification + :END: +Provide a URL that listens to HTTP POST. It must only accept queries +containing an Authorization header that will contain a Bearer token. The +token must be a valid (correctly signed, non-expired) IROH JWT. If not, +it must return a 401. + +That route should not accept any query parameter nor any body. All the +data could be retrieved from the session token passed in the +Authorization header. + +Example: + +#+begin_example +POST https://product.env.security.cisco.com/onboarding +Authorization: Bearer $JWT +Accept: application/json +#+end_example + +#+begin_example +HTTP/2 201 +server: nginx +date: Wed, 21 Feb 2023 13:43:31 GMT +content-type: text/html; charset=utf-8 +content-length: 61 +strict-transport-security: max-age=31536000; includeSubDomains +accept-ranges: bytes + +{"module-instance-id":"1e5bb994-b2b4-11ed-9de6-325096b39f47"} +#+end_example + +The server should ideally answer in less than a few seconds. If for your +product, the internal provisioning takes longer then you should simply +return a response explaining that the provisioning is in progress. The +response must be a JSON Object. Ideally, it should contain a field named +=module-instance-id= for the module-instance-id created. And potentially +other data related to the onboarding. + +#+begin_example +{"module-instance-id": String, ...} +#+end_example + +******* Expectations + :PROPERTIES: + :CUSTOM_ID: expectations + :END: +The expected background work to be performed after receiving this HTTP +call is: + +1. Call =/iroh/oauth2/custom/tokens= with the User Session Token in + header (same Authorization header as received) and the body must + contain the =cliend-id= and =client-secret= created for your Product + in IROH. From this call, you should get back both an access and + refresh token. +2. You should save the refresh token. +3. The access token could be used to: + - retrieve needed data to provision a new tenant by calling + =/iroh/profile/whoami= for example + - create the module instance in IROH. + +Here is an example diagram (for Device Insight): + +#+begin_src plantuml :file Onboarding_endpoint.png +skinparam handwritten false +skinparam shadowing false + +skinparam sequence { +ParticipantFontName Chalkboard; +ParticipantBackgroundColor white; +ParticipantBorderColor #37C +GroupBorderColor #888 +ArrowColor #37C +LifeLineBorderColor #37C +} + +participant IROH as iroh +participant "Device Insight" as di + +group Provision all sub-components (should not need the IROH_TOKEN) +group#EEF #EEF Device Insights +iroh->di: POST /onboard SESSION_TOKEN +di->di: internal provisioning +di->iroh: create module +di->iroh: 201 {module-id=..., ...} +end +#+end_src + +#+caption: Onboarding_endpoint +[[https://user-images.githubusercontent.com/93899/220635593-80305d45-0f32-45a5-a94c-780ed8c244da.png]] +****** IROH internal notes + +We need to introduce a new notion of /onboardable module./ +A module is onboardable, if its module-type contain an ~onboard~ field pointing to +a single URL that follow the previous section specification. + +We should probably have an internal data structure that will associate to every +entitlement a list of /onboardable modules/. +Ideally, we should have a convention to identify internal module-type by name, +so we could refer to the device-insight module for example instead of having to +specify manually the module-id. + +Once this is done, the provisioning endpoint will be able to retrieve, from a +specific entitlement, a list of onboarding URL to call. +Instead of writing all details here, we should first write a short specification +about what is the best way to achieve this. + +****** Tasks + +- [ ] *dependency* DI check or update the onboarding endpoint +- [ ] *dependency* CSC check or update the onboarding endpoint +- [ ] *dependency* SXO check or update the onboarding endpoint +- [ ] *dependency* SCA check or update the onboarding endpoint +- [ ] Write the design related to the configuration of the onboarding URLs +- [ ] Create the new endpoint + + +**** MEETING RBAC sync with SXO :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-15 Wed 17:51]--[2023-02-15 Wed 18:51] => 1:00 +:END: +[2023-02-15 Wed 17:51] +***** Agenda (to discuss about) +1. Explain the goal +2. Propose a technical solution + +****** Explain the goals + +Currently in (XDR/SecureX/CTR) IROH we only have two roles, user and admin. +We want to introduce new roles with more granular permissions, in particular for +SXO. + +SXO has a matrix of Read/Write/Execute for example. The notion of Execute does +not exists in IROH. +But SXO also has some roles. + +A first step will be to introduce new role to propose up to 7 roles (instead of +the current 2) in XDR. +But an issue is that we also want to provide a way for IROH (XDR/SecureX/CTR) +admin to create their own *custom roles*. + +****** Propose a technical solution + +******* Problematic solution (SXO uses the claim for the role in the JWT) + +It will work in phase 1, as we could provide a consistent list of roles. +But as soon as IROH will introduce custom role this will stop working as these +new role will probably be random ids (both in the JWT and in /whoami). + +******* Proposed Solution 1 + +Use the scopes in the JWT. + +AO should provide IROH a list of scopes for every new role. + +All starting with =ao/= + +- ~ao/sxo-role-1~ +~- ao/sxo-role-2~ +~- ao/sxo-role-3~ + +or + +- ~ao/admin/sub-role-2/sub-role-3~ + +******* Proposed Solution 2 + +- ~ao/sxo-permission-1~ +- ~ao/sxo-permission-2~ +- ~ao/sxo-permission-3~ + +******* Proposed Solution 3 + +- ~ao~ can read, write and execute +- ~ao:read~ can read, but cannot write nor execute +- ~ao/execute~ can read and execute, but cannot write + +***** Notes +***** Actions + +*** 2023-02-16 Thursday +**** MEETING TD&R Checking :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-16 Thu 17:04]--[2023-02-17 Fri 10:22] => 17:18 +:END: +[2023-02-16 Thu 17:04] +***** AJ + +Address rumors: + +1. Earnings, yesterday, 133M$ +**** TODO Ecrire doc pour expliquer les changements RBAC à SXO :work: +SCHEDULED: <2023-02-28 Tue 16:00> +[2023-02-16 Thu 10:20] +**** DONE Upgrade Client to ribbon 2 in TEST :work: +DEADLINE: <2023-02-16 Thu 12:00> SCHEDULED: <2023-02-16 Thu> +[2023-02-16 Thu 09:15] + +webexteams://im?space=db149a90-e8b4-11eb-9fdb-3b8d98a2bf4d + +I'm starting to look at the process to update our ribbon to use 2.0. One of the first steps in the upgrade documentation is to reach out to IROH team to get the "investigation" and "registry/user" scopes added to our oauth client. + +To start, I'd like to update the oauth client used in the test environment with client id client-b63b916a-a606-4076-9f9b-15469aec0b93. + +*** 2023-02-17 Friday +**** IN-PROGRESS Fix log PR :work: +:LOGBOOK: +CLOCK: [2023-02-17 Fri 10:50]--[2023-02-22 Wed 14:31] => 123:41 +:END: +[2023-02-17 Fri 10:50] +**** DONE Extraire les logs de logins pour Prerna :work: +DEADLINE: <2023-02-17 Fri 09:45> SCHEDULED: <2023-02-17 Fri> +[2023-02-17 Fri 08:53] + +** 2023-W08 + +*** 2023-02-22 Wednesday +**** MEETING Weekly API Design Meeting :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-22 Wed 18:35]--[2023-02-22 Wed 19:43] => 1:08 +:END: +[2023-02-22 Wed 18:35] +***** Agenda (to discuss about) +***** Notes +***** Actions +**** MEETING RBAC weekly :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-22 Wed 17:03]--[2023-02-22 Wed 17:34] => 0:31 +:END: +[2023-02-22 Wed 17:03] +***** Agenda (to discuss about) +***** Notes +***** Actions +Look deeper into dependencies (3rd party scopes like sse, ao, etc…) + +*** 2023-02-23 Thursday +**** HOLD Check Secure Endpoint error logs :work: +DEADLINE: <2023-02-24 Fri 10:30> SCHEDULED: <2023-02-23 Thu> +:LOGBOOK: +- State "HOLD" from "TODO" [2023-02-24 Fri 14:19] \\ + En attente du retour de Matt pour tester +:END: +[2023-02-23 Thu 19:00] + +Discussion in "SecureX Secure Endpoint" + +webexteams://im?space=d42b0de0-48b3-11ec-924a-a3c1923cd1c3 + +Fix PR https://github.com/advthreat/iroh/pull/7473 +**** MEETING Weekly IROH Services Meeting :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-23 Thu 17:04] +:END: +[2023-02-23 Thu 17:04] +***** Agenda (to discuss about) +***** Notes +***** Actions + +*** 2023-02-24 Friday +**** DONE Help Yannis to fix the Orbital Client :work: +SCHEDULED: <2023-02-24 Fri> +[2023-02-24 Fri 14:18] + +** 2023-W09 + +*** 2023-02-27 Monday +**** MEETING Staging Env :work:meeting: +:LOGBOOK: +CLOCK: [2023-02-27 Mon 16:00]--[2023-02-27 Mon 16:39] => 0:39 +:END: +[2023-02-27 Mon 16:00] +***** Agenda (to discuss about) +***** Notes +***** Actions +**** DONE Help UI beta team list the IdP used by beta org :chore: +:LOGBOOK: +CLOCK: [2023-02-27 Mon 16:39]--[2023-02-27 Mon 17:02] => 0:23 +:END: +[2023-02-27 Mon 16:59] + +There is a bug for user login via SMA +https://github.com/advthreat/securex-ui-shell/issues/115 + +In order to check if this must be resolved before going to prod, I had to check +if every org part of the beta uses TG to login. Result none. + +NAM: + +- SX Test org: b5935c68-c16a-4290-a49a-aad9bb2ea733 SXSO +- Cisco SBG Customer Insights: 40f4c64b-7934-4dc6-87d9-5ebf36c13d54 SXSO +- Jazz Air: 1b7024af-bc0a-4de1-8ce6-f093340ed5fb SXSO +- MEMIC: b62f0113-f26e-42f1-89e3-b45254c416a7 CSA and SXSO (did not perform the full IdP migration from CSA) +- Opus Holding: 4b1b4bba-f310-4251-88c3-bdf3b93d6456 CSA (some users used SXSO) +- Room & Board: 794047a5-b023-489e-b5ee-6407fcdf0daa SXSO (Migrated from CSA) +- Talos Energy: c074a67d-1e57-4e4f-9f9d-0b9ed7847bf8 SXSO (Migrated from CSA) + +EU: + +- DPD Group UK LTD: cee614cb-f35b-4147-bd27-9968d173c3ce: SXSO diff --git a/tracker.sync-conflict-20221124-165814-B4NK45H.org b/tracker.sync-conflict-20221124-165814-B4NK45H.org deleted file mode 100644 index b1236576..00000000 --- a/tracker.sync-conflict-20221124-165814-B4NK45H.org +++ /dev/null @@ -1,2370 +0,0 @@ -* 2022 -** 2022-W05 -*** 2022-02-03 Thursday -**** DONE activate logout issue :work: -:LOGBOOK: -CLOCK: [2022-02-03 Thu 17:17]--[2022-02-03 Thu 19:02] => 1:45 -:END: -[2022-02-03 Thu 17:17] -- ref :: [[id:7fa185e4-9866-4ce8-ab60-d62d8c80b041][Mode d'évaluation au paradis]] - -For https://github.com/advthreat/iroh/issues/6250 - -The fix (https://github.com/advthreat/iroh/pull/6194) has been reverted -(https://github.com/advthreat/iroh/pull/6246) because SecureX and CTR work -differently. - -GLaDOS and CTR must find a common solution, for now, we are blocked. -I think the technical solution to return a 401 when the org change from -unactivated to activated was proposed by @alucigna but I couldn't find the link -to the discussion. - -cc: @alucigna @DarMontou @sabrinamokerji -*** 2022-02-04 Friday -**** MEETING Weekly Kirill Presentation :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-04 Fri 17:04]--[2022-02-04 Fri 20:24] => 3:20 -:END: -[2022-02-04 Fri 17:04] -- ref :: -***** Notes -**** MEETING Simplify Registration :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-04 Fri 16:37]--[2022-02-04 Fri 17:04] => 0:27 -:END: -[2022-02-04 Fri 16:37] -- ref :: https://cisco-my.sharepoint.com/:w:/p/prdass/EXwUr_HCwOVNte7KFcFzUeABxvTZiL8vZTgd8-5WInt4hA?e=4%3an55ogS&at=9 - -Add your status in - -https://cisco-my.sharepoint.com/:w:/p/prdass/EXwUr_HCwOVNte7KFcFzUeABxvTZiL8vZTgd8-5WInt4hA?e=4%3an55ogS&at=9 -***** Agenda (to discuss about) -***** Notes -***** Actions -** 2022-W06 -*** 2022-02-07 Monday -**** REVIEW Github tour :work:review: -:LOGBOOK: -CLOCK: [2022-02-07 Mon 10:54]--[2022-02-08 Tue 09:49] => 22:55 -:END: -[2022-02-07 Mon 10:54] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex tour][Webex tour]] -**** CHAT Webex tour :work:chat: -:LOGBOOK: -CLOCK: [2022-02-07 Mon 10:33]--[2022-02-07 Mon 10:54] => 0:21 -:END: -[2022-02-07 Mon 10:53] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Check Customer bug with tiles.][Check Customer bug with tiles.]] -**** DONE Check Customer bug with tiles. :work: -:LOGBOOK: -CLOCK: [2022-02-07 Mon 09:52]--[2022-02-07 Mon 10:33] => 0:41 -:END: -[2022-02-07 Mon 10:52] -- ref :: https://github.com/advthreat/response/issues/1076 - -Confirmed this is UI for now. -*** 2022-02-08 Tuesday -**** CHAT random rambling :work:chat: -:LOGBOOK: -CLOCK: [2022-02-08 Tue 10:47]--[2022-02-08 Tue 17:32] => 6:45 -:END: -[2022-02-08 Tue 10:47] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Email tour][Email tour]] -**** EMAIL Email tour :work:email: -:LOGBOOK: -CLOCK: [2022-02-08 Tue 10:13]--[2022-02-08 Tue 10:47] => 0:34 -:END: -[2022-02-08 Tue 10:13] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Replace SSE IDB with SXSO][Replace SSE IDB with SXSO]] -**** CHAT Webex tour :work:chat: -:LOGBOOK: -CLOCK: [2022-02-08 Tue 09:49]--[2022-02-08 Tue 10:13] => 0:24 -:END: -[2022-02-08 Tue 09:49] -***** IROH -Remark about deps in IROH for Ag (pb with the formatting-stack and clojurescript) -***** IROH-Social -***** OPs General -***** DI Integration -***** Replace SSE IDB with SXSO -Jason Chamber links: - -- A-Ha link (Epic) https://ciscosecurity.aha.io/epics/SECUREX-E-471 -- A-Ha link (Feature) https://ciscosecurity.aha.io/features/SECUREX-557 -- Jira link https://jira-eng-rtp3.cisco.com/jira/projects/SSO/issues/SSO-458?filter=myopenissues - -Demand A-HA access -***** SecureX + ThreatGrid - -Follow 1-click deactivation discussion. -*** 2022-02-09 Wednesday -**** MEETING API Design Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-09 Wed 17:30]--[2022-02-09 Wed 18:16] => 0:46 -:END: -[2022-02-09 Wed 17:30] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -**** MEETING Sync on the IROH Team capacity :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-09 Wed 15:26]--[2022-02-09 Wed 17:30] => 2:04 -:END: -[2022-02-09 Wed 15:26] - -- participants :: Prerna -***** notes -*** 2022-02-10 Thursday -**** MEETING Town Hall Namrata :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-10 Thu 20:02]--[2022-02-10 Fri 21:09] => 1:07 -:END: -[2022-02-10 Thu 20:02] - -Really excited for our session today. -Really candid feedback from you. -Every Quarter. - -What we are working on and why and where we're headed. -***** Intro - -- Business Result (Martin) -- Product Strategy (demos) -- Product Demonstrations - - -Leave a few minutes at the end for some Q&A. -***** Business update & strategy discussion -****** Made a sell by showing SecureX -****** XDR FY23 (top priority for Cisco) -****** 10k customers -****** Improve Renewals Rates -****** Customer with EndPoint + Umbrella lot of usage. -****** Big Users use SecureX more than small ones -**** MEETING Farewell Alex :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-10 Thu 19:01]--[2022-02-10 Thu 20:02] => 1:01 -:END: -[2022-02-10 Thu 19:01] - -Expertise and broad culture. - -You have always been extremely helpful. -Your insights were essential. -Without them I wouldn't have been able to grasp the scope about what we are building. - -And thanks for helping me remember about Gundam and all the first times. -**** MEETING Weekly Team Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-10 Thu 17:00]--[2022-02-10 Thu 19:01] => 2:01 -:END: -[2022-02-10 Thu 17:00] - -Waiting - -Discussion about updating doc in the response repository. -***** Ag -- Module Type Patch UI -***** Ambrose -- put something in TEST might break something -***** G2 -Description of lot of work for Q3, etc… -***** Irina -- soft delete -***** Kirill -Improve timeouts. Started a work around =pmap=. -***** Mark - -OIDC with AO. -***** Matt - -Addressing security issue discovered by the Engine team. -***** Olivier - -Emails of users in lower-case. -Done in the code. -Rollback system. -And maintenance service that could update the stores. - -Adding a new search function. -***** Rob - -Support all modules that have a module-type in App Links. -Integrating SXSO into that. -SecureX endpoint. -***** Wanderson - -Simplification Registration FT - -Adding a new session to a new frontend. -***** Yann - -- customer session to fix a bug -- IDB decommission must take the time, probably ask Matt some help. -- Registration Simplification - - Wanderson work make it possible to finally have an IROH-Auth Application Session. - - Olivier is working on improving our textual search services and API. - - Reduction of the scope should make it possible to finish for Q3 - - The current work will make it a lot easier to provide a better UI to - manage your multiple orgs (like hide/disable/rename etc…) -- (background) fix the issue related to refresh token state in the DB, most - of the work is now done for the new services, just need to populate the - data during OAuth2 Code flow. -***** Guillaume - -Removed the arrow, and now, design with OIDC to propose trial. -*** 2022-02-11 Friday -**** MEETING Registration Simlification :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 16:31]--[2022-02-11 Fri 17:48] => 1:17 -:END: -[2022-02-11 Fri 16:31] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -**** CHAT Olivier Question like-match rule :work:chat: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 15:19]--[2022-02-11 Fri 16:31] => 1:12 -:END: -[2022-02-11 Fri 15:19] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Security Training][Security Training]] -**** DONE Security Training :work: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 11:24]--[2022-02-11 Fri 11:50] => 0:26 -:END: -[2022-02-11 Fri 11:24] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*github notifications morning tour][github notifications morning tour]] -**** DISC github notifications morning tour :work:discussion: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 10:15]--[2022-02-11 Fri 11:23] => 1:08 -:END: -[2022-02-11 Fri 10:15] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Webex morning tour][Webex morning tour]] -**** CHAT Webex morning tour :work:chat: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 10:00]--[2022-02-11 Fri 10:15] => 0:15 -:END: -[2022-02-11 Fri 10:14] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/tracker.org::*Morning Email Tour][Morning Email Tour]] -**** EMAIL Morning Email Tour :work:email: -:LOGBOOK: -CLOCK: [2022-02-11 Fri 10:11]--[2022-02-11 Fri 10:14] => 0:03 -:END: -[2022-02-11 Fri 10:11] -** 2022-W07 -*** 2022-02-14 Monday -**** MEETING Simplify Registration :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-14 Mon 16:30]--[2022-02-14 Mon 17:19] => 0:49 -:END: -[2022-02-14 Mon 16:30] -*** 2022-02-17 Thursday -**** MEETING Weekly Team Meetings :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-17 Thu 17:00]--[2022-02-17 Thu 20:45] => 3:45 -:END: -[2022-02-17 Thu 17:00] -- ref :: -***** Ag - -index page is always tk-server -*** 2022-02-18 Friday -**** DONE Fix module-type :work: -:LOGBOOK: -CLOCK: [2022-02-18 Fri 12:21]--[2022-02-18 Fri 15:51] => 3:30 -:END: -[2022-02-18 Fri 12:21] -- ref :: [[file:~/dev/iroh/lib/iroh-core/test/iroh_core/test_helpers_test.clj::(deftest is-similar?-test]] - - -APJC SCA - -#+begin_src js -{ - "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", - "properties": "2MGqPrzLNIrfFeFK/UUzdpA98pKEUHLvd6d7+snqeh1lXokV9n6J8lKeAwp7tRdCSHT+crPhmilCkfBXkvfT+8NLp/rq+4TD32EkYqcYNngmgsAji/UJ6NuChgJnPd+FwwembDj2iPh7vFXHnGmLKlgOkweQzokI2CUROgbTw2JNruDhL47ws3LhMl2LRqlbJQP83yeGMmwjV0mjFSth/w25D1oIHR+mnYH7mrcKUH0XT/6xQzqJ3l6URkbun6wvzLycJhqtOtqtJSdB3cAfYlhfkpCY8ZXt9IO8/MyOeGJ6Qf2iz9gXIFAgtNBBz9bkZAPk4Uv0nei39F4lwFv9lmUdVGuHIHtHJKf4sn/qB40=", - "capabilities": [ - { - "id": "health", - "description": "Healthcheck" - }, - { - "id": "deliberate", - "description": "Deliberation" - }, - { - "id": "observe", - "description": "Enrichments" - }, - { - "id": "refer", - "description": "Reference links" - }, - { - "id": "tiles", - "description": "Dashboard Tiles" - } - ], - "app_link_meta": { - "url": "https://portal-anz.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", - "meta": { - "x_okta_bookmark_id": "0oa1idxamsrOKeFuN357" - }, - "title": "Stealthwatch Cloud (ANZ)" - }, - "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", - "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", - "org_id": "4f169b08-bb0d-4e97-a358-8fd3fd819066", - "configuration_spec": [ - { - "key": "token", - "type": "api_key", - "label": "Authorization Token", - "required": true - } - ], - "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", - "title": "Secure Cloud Analytics", - "external_references": [ - { - "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", - "label": "Free Trial" - }, - { - "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", - "label": "Product Information" - }, - { - "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", - "label": "Privacy Policy" - }, - { - "link": "https://portal-anz.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex%3Fstatus%3Dtrue", - "class": "activation", - "label": "Activate" - } - ], - "updated_at": "2022-02-18T10:17:14.710Z", - "id": "f31e83d1-48e7-4384-9c6a-64a5c9cee05b", - "record": "relay-module.module/RelayModule", - "user_id": "207347d9-65c0-402b-88ce-ef028989e95f", - "client_id": "iroh-ui", - "default_name": "Secure Cloud Analytics", - "flags": [ - "default" - ], - "enabled": true, - "visibility": "global", - "created_at": "2020-05-15T17:45:46.904Z", - "former_title": "Stealthwatch Cloud" -} -#+end_src - -NAM: - - -#+begin_src js -{ - "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", - "properties": "yUY5o15RUpAfB7Lk3RxosIJYx2JpDTaf4TkddVzepwSbz3A9m9b+/KyHxuiSH1SbTf6r5qk2SgaSKA8efk3pbDqL2RQC248eQoez0EI0GaAmnXnnhuEH91ZFtddwyQdvX+tUY+vxbHfdkES6rKP0hLWxMMZcYikD5ONBfNwak3kqlq0g07c52Gnx9Qgg5UOdzwBqTVb883tJZ+fRAFhYU7Hu7DNZDRDnccTOUFNJw84hmg7NEFMjK5Z48BG51qBgW50u/Wxv7+ceCUFUYrwbFzQLB/zbspQcFJtlUwZHZ7jl/VQbLT5QqJLthRnphAIGE/xIsEeCG66fZg1Ds60Vwp/c12ueYJVsVZyhHBIG0wk=", - "capabilities": [ - { - "id": "health", - "description": "Healthcheck" - }, - { - "id": "deliberate", - "description": "Deliberation" - }, - { - "id": "observe", - "description": "Enrichments" - }, - { - "id": "refer", - "description": "Reference links" - }, - { - "id": "tiles", - "description": "Dashboard Tiles" - } - ], - "app_link_meta": { - "url": "https://portal-staging.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", - "meta": { - "x_okta_bookmark_id": "0oa1hyf3xtXD6Xqxg357" - }, - "title": "Stealthwatch Cloud (US)" - }, - "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", - "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", - "org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230", - "configuration_spec": [ - { - "key": "token", - "type": "api_key", - "label": "Authorization Token", - "required": true - } - ], - "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", - "title": "Secure Cloud Analytics", - "external_references": [ - { - "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", - "label": "Free Trial" - }, - { - "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", - "label": "Product Information" - }, - { - "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", - "label": "Privacy Policy" - } - ], - "updated_at": "2022-02-18T08:55:49.295Z", - "id": "b3874a82-1967-4f9c-a42a-47f1d61ab835", - "record": "relay-module.module/RelayModule", - "user_id": "dcffe020-1c6a-4d78-ba09-f21674a59c9c", - "client_id": "iroh-ui", - "default_name": "Secure Cloud Analytics", - "flags": [ - "default" - ], - "enabled": true, - "visibility": "global", - "created_at": "2020-05-15T17:38:39.788Z", - "former_title": "Stealthwatch Cloud" -} -#+end_src -EU - -#+begin_src js -{ - "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations don’t have to compromise on security on their path to digital transformation.", - "properties": "Y+2BcDiVdoyWy7JxQwcOXuCG+S/JH98ncFxmwhz27utYxlhrSNQIHGTGGifUZx4Yw2GQe5oy2051VjsrcTrXVCmXAEVpU7NVqLwjmgT01zoDkE1o2lO3bMQbLTZLkNnUKAnaef/4UFqlcorJ0CGfhQPvWZG6OnAPx5PLzbS0TjsRfSGpVSRPeW+aANy+CEXul1l6FKzHohgTelMZuYNGYncHEa+eqtpSVvFl5HITj7rx7NMPWWeRaqN3Ljnbs3l26picBEvRfPzXeAT26gh0gdieWYtB2xnUU8gFUx4MNcqyMVNwGYbtLQ150uQYbOxuoiVZ41ujCWgt0Eksa/g0MkLg+QC5QBHgquwpVdMDDSE=", - "capabilities": [ - { - "id": "health", - "description": "Healthcheck" - }, - { - "id": "deliberate", - "description": "Deliberation" - }, - { - "id": "observe", - "description": "Enrichments" - }, - { - "id": "refer", - "description": "Reference links" - }, - { - "id": "tiles", - "description": "Dashboard Tiles" - } - ], - "app_link_meta": { - "url": "https://portal-eu.obsrvbl.com/auth/?next=%2Fv2%2F%23%2Fsettings%2Fintegrations%2Fsecurex", - "meta": { - "x_okta_bookmark_id": "0oa1idwgt8itDu9jQ357" - }, - "title": "Stealthwatch Cloud (EU)" - }, - "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/cloud/SecureX/SecureX_Integration_Guide_DV_2_0.pdf).", - "logo": "data:image/svg+xml;base64,PHN2ZyBkYXRhLW5hbWU9IkxheWVyIDEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgdmlld0JveD0iMCAwIDM0LjEgMzIuMiI+PHBhdGggZmlsbD0iIzI3NGJhMCIgZD0iTTAgMGgzNC4xdjMyLjE2SDB6Ii8+PHBhdGggZD0iTTIyLjcgMTYuOGEzIDMgMCAwMC0zLTNoLS4xYTQuMyA0LjMgMCAwMC04LjEgMS41IDIuMyAyLjMgMCAwMC0yLjYgMS44LjkuOSAwIDAwLS4xLjUgMi4yIDIuMiAwIDAwMi40IDIuMkgyMGEzIDMgMCAwMDIuNy0zeiIgZmlsbD0iI2ZmZiIvPjxwYXRoIGQ9Ik0yMC4zIDhhOC43IDguNyAwIDAwLTUuOC0yLjIgMTEuNyAxMS43IDAgMDAtNS4xIDEuNk0xMC4xIDIzLjZoMTMuM3M1LjctLjcgNS43LTYuM2E2LjUgNi41IDAgMDAtMi45LTUuNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSIjZmZmIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1taXRlcmxpbWl0PSIxMCIvPjxjaXJjbGUgY3g9IjIyLjciIGN5PSIxMC44IiByPSIxLjciIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI2LjMiIGN5PSIyMy42IiByPSIxLjgiIGZpbGw9IiNmZmYiLz48Y2lyY2xlIGN4PSI4IiBjeT0iOC43IiByPSIxLjQiIGZpbGw9Im5vbmUiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLW1pdGVybGltaXQ9IjEwIi8+PC9zdmc+", - "org_id": "99c5cf95-7788-4ce1-906f-86811aa57752", - "configuration_spec": [ - { - "key": "token", - "type": "api_key", - "label": "Authorization Token", - "required": true - } - ], - "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.", - "title": "Secure Cloud Analytics", - "external_references": [ - { - "link": "https://info.securexanalytics.com/SecureX-Trial-Request.html", - "label": "Free Trial" - }, - { - "link": "https://www.cisco.com/c/en/us/products/security/stealthwatch-cloud/index.html", - "label": "Product Information" - }, - { - "link": "https://www.cisco.com/c/dam/r/ctp/docs/privacydatasheet/security/cisco-stealthwatch-cloud-privacy-data-sheet.pdf", - "label": "Privacy Policy" - } - ], - "updated_at": "2022-02-18T09:00:11.280Z", - "id": "7739968f-4259-49c2-8c14-21e569a11d1c", - "record": "relay-module.module/RelayModule", - "user_id": "be72933d-8e87-4430-8b33-870e3db35bce", - "client_id": "iroh-ui", - "default_name": "Secure Cloud Analytics", - "flags": [ - "default" - ], - "enabled": true, - "visibility": "global", - "created_at": "2020-05-15T17:44:34.285Z", - "former_title": "Stealthwatch Cloud" -} -#+end_src -** 2022-W08 -*** 2022-02-22 Tuesday -**** CANCELED SXO Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-02- Tue 18:00]--[2022-02-22 Tue 18:02] => 0:02 -:END: -[2022-02-22 Tue 18:00] -- ref :: -*** 2022-02-23 Wednesday -**** MEETING SXO Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-23 Wed 19:39]--[2022-02-23 Wed 21:09] => 1:30 -:END: -[2022-02-23 Wed 19:39] -- ref :: - -1. Tenant Provisioning -2. Create CTR Client -**** MEETING Ribbon SCI :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-23 Wed 19:23]--[2022-02-23 Wed 19:39] => 0:16 -:END: -[2022-02-23 Wed 19:23] -- ref :: - -- client-6ff982a1-cc5a-4121-8f8c-b0f5b08c8860 -- client-c4d3554b-452e-49e2-b76e-41458610adc1 - -Patched with availability everyone. -**** MEETING API Design :work:meeting: -:LOGBOOK: -CLOCK: [2022-02-23 Wed 17:33]--[2022-02-23 Wed 19:23] => 1:50 -:END: -[2022-02-23 Wed 17:33] - -Two subjects - -- Data Deletion -- Logs / debugging - -***** -**** DONE IDB Decomissioning :work: -:LOGBOOK: -CLOCK: [2022-02-23 Wed 14:48]--[2022-02-23 Wed 15:18] => 0:30 -:END: -[2022-02-23 Wed 14:48] - -Found in tenzin repository very old commit (ce43ddb) -The configs details are in: =saltstack/pillar/*/iroh/init.sls= -***** INT - -#+begin_src yaml - idps: - amp: - kind: saml - authorize_uri: https://auth.amp.cisco.com/auth/session/new - cert_path: /srv/iroh/resources/cert/amp_idp.cert - threatgrid: - kind: oidc - authorize_uri: https://int.threatgrid.com/oauth2/authorize - token_uri: https://int.threatgrid.com/api/v3/oauth/token - org_id_key: :tg_org - client_id: 884a152d-e2a2-4552-b56b-7618274ab988 - client_secret: | - -----BEGIN PGP MESSAGE----- - Version: GnuPG v1 - hQIMA84RaiSk55caAQ/+NXy974NKjfdujj01jODDqqIIp4QXdGH8pC4LcHDW9rwx - EE1XELuP+7eZ1+UA2+qhPwcT+kOCEJteXGJt00FoL4bjfOTHqV6Zjl+KySGGYsHw - LQRQhI+odKpakGmtnMD7Zjf14phfUTHKs4Zs6EjLP0rm5LMw+eo3PhQ4zNGfoF1G - W3S7J+dmjNc0ZEsgOStxAmQ5SZM6nIoOo8qJY5p8LujbAzPTGq1hKYVjxM2FnuoQ - SkoIA77z9twJpFMqr3TgOPI/IZqu8rAAVEeAZHRP0W4j4Wk/PetmG4mJrJT5hFqV - Z6iOChTL8t2lbSd/QkwoxD2cZzZlY4c3Pe2JqtdfffhaF7LXcOtHm8R2cv2kjEm3 - gdAw2EZucYZa2n78vxofXrLWayltFTzM9hmn616Yy3UtExOHv/ydj0xhLGEx+Woc - X0LS0La8ElNOMnp99x+9y1xmShlZMsRNOm5kjTFMtLry4K3QKTZLAzVa2835RV3e - Tb6T2tdkK5fIVpIQpv3E6meAmkFHWHl3rZw4qdPaPbDWctPDt8TxyX4LQ555ED2N - roCuBSWsu7Efz8s+oUgK3GleSj37O7kIyJq+GxOayyepU8D6WJqqh6TbeFQlyUBJ - YYrFxd+wUAEdeq4LoTxGrZp4jDopg9wVVdEmlcltJ79GbpOGf9uo0nyrlVRXDoHS - WwFPEYM+r1FWnWhrH+zbE3LwvVBMi8KluExN8KcilTnzhISrhR40J/HvEBXMM2DV - 7TnS+FyxWHu0vBzIg2y7DdGh4SYw7ru35wH9V8x6L449ffD6diMaXLGoBAU= - =0OIa - -----END PGP MESSAGE----- -#+end_src -***** TEST - -#+begin_src yaml - idps: - amp: - kind: saml - authorize_uri: https://auth.amp.cisco.com/auth/session/new - cert_path: /srv/iroh/resources/cert/amp_idp.cert - threatgrid: - kind: oidc - authorize_uri: https://test.threatgrid.com/oauth2/authorize - token_uri: https://test.threatgrid.com/api/v3/oauth/token - org_id_key: :tg_org - client_id: d1f5cbd2-610c-44b9-b5dd-92ecc7ef7f24 - client_secret: | - -----BEGIN PGP MESSAGE----- - Version: GnuPG v1 - hQIMA84RaiSk55caAQ//czS1KlsdqexkdpO7KizewEY5Wy2rBIT74FYJaJRPOh2k - YDTs1pxbu4SY/PWmyNVh97UAGVjwMAOEJvMaZt2fOA0EqHVwaPqe5xV1pS9eIAIf - JfmQyAzaCADaFvLpVwF7yuzJzUhrPq1JBbwssXh0YLnEOfEandspL6Tw2JunK67A - 9GfPiSRNPr90wflsOAObuxRqtThw6usQKDVh8r5lSTpfLN/3gyDX/BNwYOBIgY/D - TvTtX9zYAKwb9lyvvAjVPueHwLBwwLJ0J2C4soKKM/xyqRfllFzWHAuF8dKAmsNO - t1HGcSmHh1mT8hLnZf453PHbItVc8gvyeEcFAtWmGI3hB8JGIFLrzSoO3Vu/opRy - 5xovtKDbAcB6xjvkix6s4ppim2lunPa4uzni1XcXUZ5iF424SSSooWmySmFuYniS - pr5t2sulSWr4ptR5e/jWLr6hx6rkLntvJHf99DkK2MeAe35+lkvnKu4algH0Bul6 - r3eXvtSZl+Ejwy8fLGv3Zkj12xL3eIZ5PIihAqmJ8cPcY8mZfoz7BjpfXLL0ykuY - HPeAU2YzG9+1TiZk/hADsb6B558nj9DjFbi5P1CyCCWvIAdN+lq3BWaU8VsphC5A - w8L7DGUSlVQXuvHzvuFktYG5z/2FL4Oil924/jiTMiyglcq0qUqTIaR6F/5UdMfS - WwFQJ7Mco7nkak9JMzCos+h/l4IpeM0nSK/5ANzXeNRq5TzGXCYsNZhRtH2JNa1d - Et1dSAy0iR+v5wyozjppTC/o6vOkIVhvYoiDaT9ZVx4/t5552/qGRIdIH8c= - =RJtM - -----END PGP MESSAGE----- -#+end_src -***** PROD - -#+begin_src yaml - idps: - amp: - kind: saml - authorize_uri: https://auth.amp.cisco.com/auth/session/new - cert_path: /srv/iroh/resources/cert/amp_idp.cert - threatgrid: - kind: oidc - authorize_uri: https://panacea.threatgrid.com/oauth2/authorize - token_uri: https://panacea.threatgrid.com/api/v3/oauth/token - org_id_key: :tg_org - client_id: 4fe0068b-eb2a-4918-871f-dd9c9592990e - client_secret: | - -----BEGIN PGP MESSAGE----- - Version: GnuPG v1 - hQIMA84RaiSk55caAQ/+JHsdFHlM0yxwYJTMgzCPp0wOJozy1/lB4I3pdk/mQlA3 - KX0D9VahiZatTG+N0z2dx+rDs/T3XJIShwJsDbO0kBN18kOSEIU5eFZGTj1u7ev1 - vPAq+ekmxfRnYsQ0CRdp45uM8jhrO19zbJVu7oL1XaLGFYJxzt6BIkCExSnEBA/i - T3nNxa0CNw7sYUjw0kxDkCwl2RpdmMJ6QWNuqKqRc5olzz0mnu0ioCMXnPu1w4oD - Sck0pZQYacnr8/bCWsLR7kLA9GFHcApT1DoLDhOr8PB6/blpCd+t+nHflUx5SCgn - rqeeA8PaFCZ7wBRa8WuVZXmSll8/siSlTUyBxDKq9y5EjhJBFVRgCRjd4WzwGaMn - F3soOMKKpM1Dj1u3+PkgIprV6nWSUvEOrYxtUEWfBeVdD7Kng57AG+Xz8k1e9ium - s+ITYdo5oG5O4ks5bXuO9ILpt92GLoKC/TAbo2doxiGk63rBxu9HsUTMZVC96FzE - PkWXQxD4LDXlFTqIlCQmjUq6Q6K71t0+pvAS0x4dKHhvuJdAJEHrZe6nnLtiBcjA - TcYoFGHqx32mqbvq7LThoRYFVXvO2tMDoRrDjYKRKNpmTfHNDjhGf+TOhHiw7Rnf - TAJLWCyHrpupu47NPtqAN1fnY9m6yjNGRe6tzgG78vsdCSR6QdAHILwMjUR1QULS - WwHmb/heYDgwuhzbcwDAQuiotWA++xYzAy52cXNuunkC+e/4qob7iIN/ifcPDH3z - rEmF6TVvvE0tzW81X7tdyaOf3Q8rmwMSZzhK7HUhgWIdDhf3Dl6FrrdFoi0= - =srU6 - -----END PGP MESSAGE----- -#+end_src -** 2022-W10 -*** 2022-03-07 Monday -**** DONE Big PR Refresh Tokens :work: -:LOGBOOK: -CLOCK: [2022-03-07 Mon 09:47]--[2022-03-07 Mon 18:17] => 8:30 -:END: -[2022-03-07 Mon 09:47] - -This PR is big, due to different changes. - -So the main goal is to fix a bug in our OAuth2 Provider related to scopes -associated to refresh tokens. -See: - -- https://github.com/advthreat/iroh/issues/5877 -- https://github.com/threatgrid/response/issues/950 -- https://github.com/advthreat/iroh/issues/3189 - -Related to the discussion in this thread we should fix the issue correctly. -Before this PR, refresh tokens are only JWT, so the "state" and "trust" -that a refresh token is valid, as well as the scopes associated to this -refresh token are put inside this JWT. - -For different reason we want to be able to change for some client, the -scopes associated to some existing refresh tokens. Typical example, the -ribbon support more scopes than the one at the time the user granted the -ribbon. -So to update the ribbon, not only the ribbon client need to be updated, but -the user need to grant the scopes again interactively. - -Most of the ribbon clients are /trusted/ which mean that we bypass the list -of scopes authorized to return access tokens with the maximal number of -scopes. -Still there are some exceptions. -Also this is a missing piece of the OAuth2 provider to have refresh-tokens -administration endpoints for our end-users. - -Before this PR we only have a notion of "granted client" at the client -level, not for every different refresh token provided. - -After this PR we will keep track in our DB the exhaustive list of scopes -associated to refresh tokens. - -Some details: - -This create two new services, ~RefreshGrantService~ and -~RefreshGrantWebService~. -I preferred not to use ~RefreshTokenService~ because the word refresh token -is already used at different places. -And the object we save in DB is not a refresh token but a really just an -object keeping the scopes granted to some refresh token for some client and -for some user. - -I have added a few common helpers in this PR: - -1. ~mandatory-get-in-config~ -2. Small improvements about ~match?~: - 1. ~str-uuid?~ because we use strings and not proper UUID for which the clojure core function ~uuid?~ would be more suitable. - 2. check the length equality between two sequences during ~match?~ -3. Fixed a problem related to requesting ~edn~ in our http client helpers. - Now the read-string is done for you. -4. Centralized ~pure-crud-store-svc~ to be used in our tests to the - test-helpers of crud-store service. -5. added an ~iroh-web.request-identity~ ns that is useful to manipulate the - ~(:identity request)~ generated by the JWT middleware -6. by default the time ~svc-helper~ will use a fixed date. - -Also some non trivial changes made to achieve the goal of this PR: - -1. Add a ~realized-client~ to the ~OAuth2ClientService~. What is this about? So - ~get-client~ of the ~OAuth2ClientService~ is purely about search clients in - DB, just a think layer around CRUD. Before this PR there was also a - ~get-client~ method exposed by the ~OAuthService~ which act differently. - This second get client take care of looking at the client saved in the - ~config.edn~ file (yes we have some of them) and also applying the - ~ClientPreset~ logic to the resulting client. The ~realized-client~ of - ~OAuth2ClientService~ replace the old ~get-client~ from ~OAuth2Service~. The - method is still exposed to prevent any bug and as the PR is already big - I didn't want to also make a refactorization to remove it. But this would be a - nice idea. -2. Now ~check-app-authorization~ of the ~GrantService~ can be called with either 4 or 5 arguments. - If called with 4 argument, no refresh token is involved. We just try to - remember if the user already granted a set of scopes (every time the - user manually grant different scopes we add them up, so we make a - union). This is useful to see if we need to automatically redirect the - user in many interactive workflows. - If it is called with 5 argument, one of the new argument will be the - refresh token id (the ~jti~ claim of the refresh token which is a JWT). - In that case we also use the ~RefreshGrantSerice~ to verify the refresh - token associated has granted the scopes we are going to provide. - -Another few important notes: - -This change made again pretty clear why it really helps to use the -~with-tk~ pattern. A lot of manual changes was made because we have a lot of -tests that have not be migrated to this new pattern. -The main consequence for IROH-Auth dev, is that many changes will break -tests far away with almost not real related issue. -So I will probably take the time to really invest in using the new pattern for -IROH-Auth + IROH-Web. Because it really took me days to just fix these manually. - -After going full to the "test the service/core.clj" function by providing -pure contexts. I think that while valuable, it is probably a bit too much -work regarding the potential gain. And we should probably focus a lot more -on the "semi-integration" tests of the services themselves with the ~with-tk~ macros. -Looking at the ~core_test.clj~ tests will show that these tests are often a -bit verbose, and difficult to initialized when your service works with big contexts. - -The main test testing the feature is: - -~iroh-auth.oauth2_web_service_test/multiple-authorizations-with-different-scopes~ - -https://github.com/advthreat/iroh/pull/5885/files?diff=split&w=1#diff-3cbfae4301cdb80a669f13ea2861423140c52cd424a8b8e99617c2fae729117fR364 -*** 2022-03-10 Thursday -**** MEETING Weekly :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-10 Thu 17:43]--[2022-03-10 Thu 19:18] => 1:35 -:END: -[2022-03-10 Thu 17:43] - -- Work on Registration => Olivier -- like-search -- Work on Registration => Generated some interesting stats about SecureX orgs/user/domain email -- TG IdB decomission => Wait and ask Prerna -- Work on the TG bug => maybe split some part before merging, because this is a risky PR -- Idea about Tenzin-Config. - Use Ambrose work to find the common bootstrap+config.edn on all our current envs and - use that into the new `iroh.main` and change in tenzin how we start the application to - have a merge of both the config and the bootstrap. - - This should reduce the size, and we could but inside the IROH repository - changes that should be shared accross all deployed env. -***** ops in our team -*** 2022-03-11 Friday -**** MEETING Simplified Registration :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-11 Fri 16:29]--[2022-03-11 Fri 17:59] => 1:30 -:END: -[2022-03-11 Fri 16:29] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -** 2022-W11 -*** 2022-03-15 Tuesday -**** DONE IDB Decommission CSA :work: -:LOGBOOK: -CLOCK: [2022-03-15 Tue 17:35]--[2022-03-16 Wed 15:31] => 21:56 -:END: -[2022-03-15 Tue 17:35] - -INT -{ - "client_id": "0oa2ovopagy06D2IV1d7", - "client_secret": "N7yEnBQWMHohD0LbwzXwsjuOUI9pVlbzI5lH28O9" -} -*** 2022-03-16 Wednesday -**** MEETING API Design Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-16 Wed 16:32]--[2022-03-18 Fri 11:55] => 43:23 -:END: -[2022-03-16 Wed 16:32] - -IROH-Auth login -**** MEETING Registration Simplification :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-16 Wed 15:31]--[2022-03-16 Wed 15:57] => 0:26 -:END: -[2022-03-16 Wed 15:31] -- ref :: -** 2022-W13 -*** 2022-03-28 Monday -**** MEETING Workshop :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-28 Mon 17:52]--[2022-03-30 Wed 16:20] => 46:28 -CLOCK: [2022-03-28 Mon 17:30]--[2022-03-28 Mon 17:52] => 0:22 -:END: -[2022-03-28 Mon 17:30] -**** MEETING Registration :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-28 Mon 16:29]--[2022-03-28 Mon 16:54] => 0:25 -:END: -[2022-03-28 Mon 16:29] -- ref :: - - -Chris Duan concerns: - -- email domain check in the UI -- risk of email domain mismatch, for now, just one admin is enough to match - the org, etc… -*** 2022-03-30 Wednesday -**** MEETING Registration FT :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-30 Wed 16:20]--[2022-03-30 Wed 22:07] => 5:47 -:END: -[2022-03-30 Wed 16:20] -- ref :: -***** Testing - -Only safe solution involve the Ops. - -Have a specific domain for us. -I suggest: ~qa.security.cisco.com~ -so every mail sent to ~foo@qa.security.cisco.com~ should be redirected to ~foo@cisco.com~. -That way we could create a few testing org without being polluted by all -the other cisco activity. -We could test the emails, etc… -*** 2022-03-31 Thursday -**** MEETING :work:meeting: -:LOGBOOK: -CLOCK: [2022-03-31 Thu 13:52]--[2022-03-31 Thu 15:30] => 1:38 -:END: -[2022-03-31 Thu 13:52] -***** Agenda - -What to do next? - -- Important potential refacto to help Matt add a the ccoId -- Refacto the tests (tried and it is a lot of work) -***** Notes -***** Actions -** 2022-W15 -*** 2022-04-11 Monday -**** MEETING Q4: Limited Demo Mode XP/Detail Design Discussion :work:meeting: -:LOGBOOK: -CLOCK: [2022-04-11 Mon 15:59]--[2022-04-15 Fri 17:14] => 97:15 -:END: -[2022-04-11 Mon 15:59] -- ref :: -***** Agenda (to discuss about) - -Agenda for this meeting is to go over the ideas/design proposed by MA/PO/PM -team for a limited SecureX Demo Mode experience. -We want the Engineering team to weigh in feasibility and discuss the -options in detail. -Below AHA ticket has been updated with details discussed. -Next, we want an estimate of the effort and since this is in the Q4 -Priority list get commitment if this can be done in Q4 or not. -***** Notes - -AHA shared screen: - -Requirement. -SecureX demo giving away too much information. - -Expiry dates to SecureX demo (30 days) -Limit the number of investigations (50 investigations). -***** Actions -** 2022-W16 -*** 2022-04-19 Tuesday -**** MEETING Switch Tenants :work:meeting: -:LOGBOOK: -CLOCK: [2022-04-19 Tue 17:02]--[2022-04-19 Tue 18:12] => 1:10 -:END: -[2022-04-19 Tue 17:02] - -- Hide/Disable Orgs -- Login workflow -- Petr, make an org default for users. -- Just hide/unhide the org for the UI. -. -***** UI demo - -List orgs / hide/ switch - -Also cross regions - -+ remarks - - default not auto-login - - login -**** MEETING Umbrella Deep Dive 1-click module setup :work:meeting: -:LOGBOOK: -CLOCK: [2022-04-19 Tue 16:33]--[2022-04-19 Tue 17:02] => 0:29 -:END: -[2022-04-19 Tue 16:33] -- ref :: - -+ Matt: describe The modules -+ Aaron Woland: for the diff function in SecureX we use every exposed API -+ Rajendra Shirhatti: - requirement, single API key -*** 2022-04-20 Wednesday -**** MEETING Cisco Leader Fundamental Program :work:meeting: -:LOGBOOK: -CLOCK: [2022-04-20 Wed 10:03]--[2022-04-20 Wed 18:47] => 8:44 -:END: -[2022-04-20 Wed 10:03] -- ref :: - -- First Next Steps writeable PDF: -https://cisco.sharepoint.com/:b:/s/GLOTeam/Ef_alzOAOoVHqHmmZ8dZYscBbHsYA5tLWgfj0tZL6iXvZQ?e=LFMQl3 - -Miro board- https://miro.com/app/board/o9J_lZRkMM8=/ -Password - CiscoLF2020 - -- Consciously Create Culture: https://wwwin.cisco.com/c/cec/cisco/conscious-culture.html -***** Come to me when - -- Come to me when you need to design a new abstraction to improve the code reliability -- Come to me when you need to write a code refactorisation -- Come to me when you need to build a new OAuth2 RFC from scratch -- Come to me when you need to improve CI reliability - -With: - -- Alex Cruz Farmer -*** 2022-04-21 Thursday -**** MEETING Leader :meeting: -:LOGBOOK: -CLOCK: [2022-04-21 Thu 10:38]--[2022-05-05 Thu 13:11] => 338:33 -:END: -[2022-04-21 Thu 10:38] -- ref :: -- Register for Cisco Mind Set: http://learn.cisco.com/?courseID=COT00305503 -- Mindfulness & Resilience SharePoint: https://cisco.sharepoint.com/Sites/ -- MindfulnessandResilienceatCisco -- Expert Medical Opinion Program: https://cisco.service-now.com/helpzone?id=kb_article&sysparm_article=KB0047880 -- Mental Health Awareness: https://cisco.sharepoint.com/Sites/SafetoTalkMentalHealthAwareness -- Employee Assistance Program: https://cisco.service-now.com/helpzone?id=kb_article&sysparm_article=KB0047879 -- Cisco Global Wellbeing: https://cisco.sharepoint.com/sites/GlobalWellbeing -Prepare meetings: -https://www.cisco.com/c/r/team-development/performance/team-leader-index.html -Reward: -https://cisco.sharepoint.com/sites/RewardsCentral -Further: -https://cisco.sharepoint.com/sites/NewLeaderJourneyRegistration -Talent Space -***** Analyze - -Ask her how to develop other in the team. -***** Says - -I *noticed* this or that, no judgement. -Wait for their perspective. - -I wouldn't want to demotivate you by blocking your PR. -** 2022-W18 -*** 2022-05-05 Thursday -**** MEETING Weekly Platform Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-05 Thu 17:10]--[2022-05-09 Mon 17:04] => 95:54 -:END: -[2022-05-05 Thu 17:10] -**** MEETING Registration FT :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-05 Thu 16:52]--[2022-05-05 Thu 17:10] => 0:18 -CLOCK: [2022-05-05 Thu 16:30]--[2022-05-05 Thu 16:51] => 0:21 -:END: -[2022-05-05 Thu 16:30] - -** -** - -*Prerna* love to Sing, Adele, indian songs, Karaoke, (feel bad at gardening) -Hamed Saadi: wanted to be professional soccer, love orchid -*Jilian*: two young children, love gardening (strawberries, 12ft tall sun -flower etc…). During Cisco has a full orchid division. -*Hissan*: not much -*Olivier*: make italian food, watch video on climate change. Fan of -Jancovici, Aurelien Barrault. -** 2022-W19 -*** 2022-05-09 Monday -**** MEETING Umbrella 1-click :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-09 Mon 17:04]--[2022-05-10 Tue 09:47] => 16:43 -:END: -[2022-05-09 Mon 17:04] -***** Presenting SecureX -*** 2022-05-11 Wednesday -**** MEETING Tenant switching :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-11 Wed 16:28]--[2022-05-11 Wed 17:09] => 0:41 -:END: -[2022-05-11 Wed 16:28] - -How to have errors shared. - -Proposal, - -1. host on the same URL as IROH (so both CTR and Visibility) -2. Use query parameters + localStorage might not be enough because there is a huge risk of attack. -*** 2022-05-12 Thursday -**** DISC Topo for meeting :work:discussion: -:LOGBOOK: -CLOCK: [2022-05-12 Thu 11:21]--[2022-05-12 Thu 15:39] => 4:18 -:END: -[2022-05-12 Thu 11:21] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*preparer topo pour l’equipe][preparer topo pour l’equipe]] - -Go to the dashboard page - -Invisible work: - -- Olivier will start on org-level client -- UI design discussion about tenant switching even if we agree about most - of the backend work that could be done concurrently. -- Discussion about "bugs" that were just wording issue -** 2022-W20 -*** 2022-05-17 Tuesday -**** MEETING Devin Walters :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-17 Tue 17:03]--[2022-05-17 Tue 19:03] => 2:00 -:END: -[2022-05-17 Tue 17:03] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -*** 2022-05-18 Wednesday -**** MEETING API Design Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-05-18 Wed 17:42]--[2022-05-18 Wed 19:35] => 1:53 -:END: -[2022-05-18 Wed 17:42] -- ref :: - -Umbrella talk, hunting, etc… - -Check Token Exchange Okta token exchange for a IROH Auth exchange. - -DONE Create a new Epic for IROH Auth Token Exchange. -*** 2022-05-19 Thursday -**** DONE [#6740] Analyze Token Exchange RFC [[https://github.com/advthreat/iroh/issues/6740]] :work: -SCHEDULED: <2022-05-30 Mon 14:00-16:00> -:LOGBOOK: -- State "DONE" from "HOLD" [2022-05-30 Mon 17:16] -- State "HOLD" from "TODO" [2022-05-30 Mon 17:15] \\ - Appear to be ok, need to write the doc -CLOCK: [2022-05-30 Mon 16:15]--[2022-05-30 Mon 17:15] => 1:00 -:END: -[2022-05-19 Thu 09:27] -- ref :: [[https://github.com/advthreat/iroh/issues/6740][#6740]] -SCHEDULED: <2022-05-19 Thu> -** 2022-W21 -*** 2022-05-24 Tuesday -**** CHAT Work on BUG for the UI :work:chat: -:LOGBOOK: -CLOCK: [2022-05-24 Tue 17:06]--[2022-05-25 Wed 10:27] => 17:21 -:END: -[2022-05-24 Tue 17:06] -- ref :: - -on NAM backup value with idp-mapping from Rekha and probably Dar. - -#+begin_src json -{ - "role": "admin", - "scopes": [ - "event:read", - "vault/configs:read", - "integration", - "private-intel", - "admin", - "profile", - "inspect", - "asset", - "feedback", - "sse", - "registry", - "users", - "investigation", - "invite", - "casebook", - "vault/config/metadata:read", - "orbital", - "enrich", - "oauth", - "collect", - "response", - "ui-settings", - "telemetry:write", - "openid", - "notification", - "global-intel:read", - "webhook", - "vault/config/posture:read", - "ao" - ], - "updated-at": "2022-04-04T19:02:50.007Z", - "idp-mappings": [ - { - "idp": "sxso", - "enabled?": true, - "user-identity-id": "00u4b0w7zx5wOv6bP357" - }, - { - "idp": "sxso", - "cco-id": "DiogenesDavili83107", - "enabled?": true, - "user-identity-id": "00uh73n7l8T19iA80357" - }, - { - "idp": "sxso", - "enabled?": true, - "user-identity-id": "00u4fiegn96MYiUVb357" - } - ], - "user-email": "diogenes_davoli@hstsoft.com", - "user-name": "Diogenes Davoli", - "org-id": "0217a770-8d36-4934-9a4f-e136aac10e39", - "user-id": "fcc3ef21-ea15-4774-822a-7dcc5a642750", - "enabled?": true, - "last-logged-at": [ - "2022-04-13T19:16:18.315Z", - "2022-04-13T19:15:24.239Z", - "2022-04-13T19:15:15.552Z", - "2022-04-13T19:15:05.421Z", - "2022-04-13T18:45:13.063Z" - ], - "created-at": "2022-04-01T13:24:27.909Z", - "user-nick": "Diogenes Davoli" -} -#+end_src -** 2022-W22 -*** 2022-05-30 Monday -**** DONE Help Michael Simonson [[https://github.com/advthreat/response/issues/1315][#response/1315]] :work: -SCHEDULED: <2022-05-29 Sun 10:30-10:40> -:LOGBOOK: -CLOCK: [2022-05-30 Mon 10:30]--[2022-05-30 Mon 10:34] => 0:04 -:END: -[2022-05-30 Mon 10:15] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Create Tasks from \[\[https://github.com/notifications\]\[Github notifications\]\]][Create Tasks from Github notifications]] -**** DONE Reply to Rekha [[https://github.com/advthreat/GLaDOS/pull/3239][GlaDoS#3239]] :work: -SCHEDULED: <2022-05-30 Mon 10:20-10:30> -:LOGBOOK: -CLOCK: [2022-05-30 Mon 10:25]--[2022-05-30 Mon 10:29] => 0:04 -:END: -[2022-05-30 Mon 10:12] -**** DONE Reset https://pwreset.cisco.com :work: -SCHEDULED: <2022-05-30 Mon 10:30-10:40> -:LOGBOOK: -CLOCK: [2022-05-30 Mon 10:34]--[2022-05-30 Mon 10:37] => 0:03 -:END: -[2022-05-30 Mon 09:38] -- ref :: [[file:~/Library/Mobile Documents/iCloud~com~appsonthemove~beorg/Documents/org/inbox.org::*Create Tasks from Webex][Create Tasks from Webex]] -*** 2022-06-01 Wednesday -**** DONE Document what need to be done for Token Exchange :work: -SCHEDULED: <2022-06-01 Wed 10:35-11:30> -:LOGBOOK: -CLOCK: [2022-06-01 Wed 11:26]--[2022-06-01 Wed 11:59] => 0:33 -CLOCK: [2022-06-01 Wed 10:35]--[2022-06-01 Wed 11:25] => 0:50 -:END: -[2022-06-01 Wed 10:32] -*** 2022-06-02 Thursday -**** MEETING Town Hall :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 18:00]--[2022-06-02 Thu 19:20] => 1:20 -:END: -[2022-06-02 Thu 20:13] -**** MEETING Weekly meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 17:06]--[2022-06-02 Thu 17:55] => 0:49 -:END: -[2022-06-02 Thu 17:06] -- ref :: -***** Notes - -- org-level clients (security concerns and complex technical details) -- tenant switching should be good for 6th of July -- token exchange issue -- maximal session time issue -- refresh token revocation with a grace period - -- configuration issues fix incoming using ~iroh.main~ - -=> on hold - -- oauth2 client password update -- simplification -**** MEETING Tenant Switching :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 16:32]--[2022-06-02 Thu 17:06] => 0:34 -:END: -[2022-06-02 Thu 16:32] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -**** DONE Fix config issue :work: -SCHEDULED: <2022-06-02 Thu> -:LOGBOOK: -CLOCK: [2022-06-03 Fri 17:00]--[2022-06-03 Fri 17:55] => 0:55 -CLOCK: [2022-06-02 Thu 15:34]--[2022-06-02 Thu 16:30] => 0:56 -:END: -[2022-06-02 Thu 15:34] -**** PAUSE sortir le chien :pause: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 14:25]--[2022-06-02 Thu 15:33] => 1:08 -:END: -[2022-06-02 Thu 15:32] -**** MEETING Meeting with Olivier :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 09:55]--[2022-06-02 Thu 11:58] => 2:03 -:END: -[2022-06-02 Thu 09:55] -- ref :: -***** Agenda (to discuss about) -***** Notes -***** Actions -**** GEEK org-mode / org-calendar tweaking :perso: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 09:32]--[2022-06-02 Thu 09:55] => 0:23 -:END: -[2022-06-02 Thu 09:38] -**** DISC answered to Jyoti :work:discussion: -:LOGBOOK: -CLOCK: [2022-06-02 Thu 09:02]--[2022-06-02 Thu 09:32] => 0:30 -:END: -[2022-06-02 Thu 09:32] -*** 2022-06-03 Friday -**** MEETING Tenant Switching :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-03 Fri 16:31]--[2022-06-03 Fri 16:42] => 0:11 -:END: -[2022-06-03 Fri 16:31] - -- Accept invitation redundancy: https://github.com/advthreat/GLaDOS/issues/3273 - To be moved to the IROH repository as enhancement. -**** CHAT Rekha discussion with access/refresh tokens :work:chat: -:LOGBOOK: -CLOCK: [2022-06-03 Fri 16:45]--[2022-06-03 Fri 16:59] => 0:14 -CLOCK: [2022-06-03 Fri 14:36]--[2022-06-03 Fri 16:31] => 1:55 -:END: -[2022-06-03 Fri 14:36] -**** DONE Check duplicate user by org :work: -SCHEDULED: <2022-06-03 Fri> -:LOGBOOK: -CLOCK: [2022-06-03 Fri 13:50]--[2022-06-03 Fri 14:36] => 0:46 -:END: -[2022-06-03 Fri 13:49] - -- ref :: https://github.com/advthreat/response/issues/1331#event-6730353206 -** 2022-W23 -*** 2022-06-07 Tuesday -**** CANCELED PR to have 5min expiration time for iroh-ui client :work: -SCHEDULED: <2022-06-08 Wed 14:30-16:00> -:LOGBOOK: -- State "CANCELED" from "TODO" [2022-06-08 Wed 17:06] \\ - we'll work on that later -:END: -[2022-06-07 Tue 18:02] -**** CHAT Rekha ask for 5min expiration access tokens :work:chat: -:LOGBOOK: -CLOCK: [2022-06-07 Tue 17:58]--[2022-06-07 Tue 18:58] => 1:00 -:END: -[2022-06-07 Tue 17:58] -**** CHAT Rekha questions :work:chat: -:LOGBOOK: -CLOCK: [2022-06-07 Tue 16:40]--[2022-06-07 Tue 17:00] => 0:20 -:END: -[2022-06-07 Tue 16:40] -**** DONE Propose a technical solution for [[https://github.com/advthreat/iroh/issues/6770][6770]] :work: -SCHEDULED: <2022-06-08 Wed 11:00> -:LOGBOOK: -CLOCK: [2022-06-08 Wed 11:20]--[2022-06-08 Wed 11:49] => 0:29 -:END: -[2022-06-07 Tue 15:23] -**** DONE Remove duplicates [[https://github.com/advthreat/iroh/issues/6769#issuecomment-1148580667][duplicate]] :work: -SCHEDULED: <2022-06-16 Thu 11:00-11:20> -:LOGBOOK: -CLOCK: [2022-06-09 Thu 10:43]--[2022-06-09 Thu 10:44] => 0:01 -:END: -[2022-06-07 Tue 15:14] -**** DONE Weekly Leads :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-07 Tue 15:14]--[2022-06-07 Tue 16:30] => 1:16 -:END: -[2022-06-07 Tue 15:14] -**** PAUSE pause :pause: -:LOGBOOK: -CLOCK: [2022-06-07 Tue 11:17]--[2022-06-07 Tue 14:38] => 3:21 -:END: -[2022-06-07 Tue 11:17] -**** DONE discuss [[https://github.com/advthreat/iroh/issues/6740#issuecomment-1148013914][Wanderson comment on Refresh Token]] :work: -SCHEDULED: <2022-06-07 Tue 14:30-14:45> -[2022-06-07 Tue 10:02] -**** DONE Jeetu/Shaila keynote [[https://www.youtube.com/watch?v=PrgXKtTqDMI][RSA keynote]] start 1:15/1:28 :work: -SCHEDULED: <2022-06-07 Tue 10:50-11:20> -:LOGBOOK: -CLOCK: [2022-06-07 Tue 10:58]--[2022-06-07 Tue 11:03] => 0:05 -:END: -[2022-06-07 Tue 09:47] -**** DONE Check Wanderson discussion [[https://github.com/advthreat/iroh/pull/6773][switch-tenant jwt endpoint]] :work: -SCHEDULED: <2022-06-07 Tue 10:30-10:50> -:LOGBOOK: -CLOCK: [2022-06-07 Tue 10:41]--[2022-06-07 Tue 10:58] => 0:17 -CLOCK: [2022-06-07 Tue 10:19]--[2022-06-07 Tue 10:40] => 0:21 -:END: -[2022-06-07 Tue 09:45] -**** DONE Team Space [[https://teamspace.cisco.com/sso/cisco/redirect/L215Y2hlY2tpbnMvd2l6YXJk][check-in]] :work: -SCHEDULED: <2022-06-07 Tue 10:00> -:LOGBOOK: -CLOCK: [2022-06-07 Tue 10:07]--[2022-06-07 Tue 10:12] => 0:05 -:END: -[2022-06-07 Tue 09:42] -**** DONE pwreset :work: -:LOGBOOK: -CLOCK: [2022-06-07 Tue 09:30]--[2022-06-07 Tue 09:41] => 0:11 -:END: -[2022-06-07 Tue 09:38] -*** 2022-06-08 Wednesday -**** IN-PROGRESS Create issue about filtering matching orgs with already existing user email :work: -:LOGBOOK: -CLOCK: [2022-06-08 Wed 16:56]--[2022-06-08 Wed 17:06] => 0:10 -:END: -[2022-06-08 Wed 16:56] -**** MEETING Tenant Switching sync :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-08 Wed 16:45]--[2022-06-08 Wed 16:56] => 0:11 -:END: -[2022-06-08 Wed 16:45] - -remove matched orgs if user already exists (with same email) -**** CHAT Discussion about session token lifetime :work:chat: -:LOGBOOK: -CLOCK: [2022-06-08 Wed 16:09]--[2022-06-08 Wed 16:45] => 0:36 -CLOCK: [2022-06-08 Wed 15:32]--[2022-06-08 Wed 16:09] => 0:37 -:END: -[2022-06-08 Wed 15:32] -**** DONE meeting things to talk about :work: -SCHEDULED: <2022-06-08 Wed 16:30-17:00> -[2022-06-08 Wed 11:37] -***** Invitations UI/UX improvements - -- https://github.com/advthreat/iroh/issues/6770 -- https://github.com/advthreat/iroh/issues/6778 -**** DONE Check [[https://github.com/advthreat/iroh/pull/6773#event-6763342426][Doc for tenant switching]] :work: -SCHEDULED: <2022-06-08 Wed 14:00-14:15> -:LOGBOOK: -CLOCK: [2022-06-08 Wed 14:02]--[2022-06-08 Wed 14:16] => 0:14 -:END: -[2022-06-08 Wed 10:42] -**** CHAT Answered [[webexteams://im?space=331b38f0-6218-11e9-9aae-c5b8cb291b23][SecureX / CTR Support]] :work:chat: -:LOGBOOK: -CLOCK: [2022-06-08 Wed 10:25]--[2022-06-08 Wed 10:32] => 0:07 -:END: -[2022-06-08 Wed 10:31] -**** DONE Answer to Refresh Session Tokens chat [[webexteams://im?space=5b29b980-e351-11ec-8033-13a2eb8092c0][Refresh Token room]] :work: -SCHEDULED: <2022-06-08 Wed 14:15-14:30> -[2022-06-08 Wed 10:19] - -Adding a new temporary route is not straightforward, because it would mean -supporting multiple clients depending on the route, then also adding a feature -flag, and also adding a different config, etc… - -But notice that you can refresh after 5min even if the access token is still -valid. -So you should probably start with that. -*** 2022-06-09 Thursday -**** MEETING weekly meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-09 Thu 17:15]--[2022-06-09 Thu 18:08] => 0:53 -:END: -[2022-06-09 Thu 17:14] -***** Agenda (to discuss about) -***** Notes -***** Actions -**** CHAT Houman :work:chat: -:LOGBOOK: -CLOCK: [2022-06-09 Thu 15:10]--[2022-06-09 Thu 15:27] => 0:17 -:END: -[2022-06-09 Thu 15:10] -**** CANCELED Add refresh token / client info in the access tokens :work: -SCHEDULED: <2022-06-14 Tue 15:30-16:30> -:LOGBOOK: -- State "CANCELED" from "IN-PROGRESS" [2022-06-16 Thu 10:52] \\ - Other priorities -CLOCK: [2022-06-15 Wed 07:06]--[2022-06-15 Wed 18:12] => 11:06 -CLOCK: [2022-06-09 Thu 15:27]--[2022-06-09 Thu 17:15] => 1:48 -CLOCK: [2022-06-09 Thu 14:12]--[2022-06-09 Thu 15:10] => 0:58 -:END: -[2022-06-09 Thu 14:12] -**** DONE Check [[https://github.com/advthreat/iroh/pull/6764][Free Trial Design Doc]] :work: -SCHEDULED: <2022-06-22 Wed 16:00-16:30> -[2022-06-09 Thu 11:45] -**** CHAT Chris Duane PenTest :work:chat: -:LOGBOOK: -CLOCK: [2022-06-09 Thu 11:17]--[2022-06-09 Thu 11:54] => 0:37 -:END: -[2022-06-09 Thu 11:17] -**** DONE impression chiens :interruption:work: -:LOGBOOK: -CLOCK: [2022-06-09 Thu 10:32]--[2022-06-09 Thu 10:42] => 0:10 -:END: -[2022-06-09 Thu 10:32] -**** DONE Answer to Ag :work: -SCHEDULED: <2022-06-09 Thu 10:45-10:55> -:LOGBOOK: -CLOCK: [2022-06-09 Thu 11:54]--[2022-06-09 Thu 12:02] => 0:08 -CLOCK: [2022-06-09 Thu 10:44]--[2022-06-09 Thu 11:17] => 0:33 -:END: -[2022-06-09 Thu 10:18] - -ann, my current work for module-patching-ui for the Doc team is now on halt, -since our Ops is a huge clusterfuck right now. -I can't believe it, but they can't figure out provisioning a simple server with -a configuration similar to CTIA. -Since March. - -Anyway, I've been tasked with some other things and I need your help (because -Rob has no clue, and Mark is mumbling in a language I can't comprehend. -Not to throw my colleagues under the bus, I don't get it due to my own -cretinism). -I literally have no idea what's being asked here: -https://github.com/advthreat/iroh/issues/6688 - -Can you tell me what you know about the tac-web-service? -My understanding that it's only available through /admin/tac -• Who consumes these routes? -• Are they actively being used? -• Does the ticket mean that we're going to have to copy some of the -functionality out of admin zone and make it avaliable for non-admins? -• Could you point me to the similar things somewhere in the repo? - - -Basically, can you help me start on this? -I know, you've probably (as always) super-busy with other things, and the last -thing you need is to hold someone's hand, but it's been ages since I contributed -any code to the repo. -It would take me forever on my own. -Thanks a lot. -***** Answer - -Hi Ag! - -Yep, I am pretty blocked myself with this password reset. - -Regarding the issue, I didn't hear about that one. -So to answer your questions. - -- who consumes these routes? Mainly people from TAC so they could help - customers. I manually created an Org so all users of this orgs have the scope ~iroh-master/tac~. - This way the TAC team could access only the routes for TAC without giving them - access to more dangerous routes like direct store access (where a manual - mistake could really break the entire PROD). -- are they actively being used? YES -- Does the ticket mean that we're going to have to copy some of the - functionality out of admin zone and make it available for non-admins? - NO, the routes will stay under the admin zone, but only under the TAC Web - Services that only requires ~iroh-master/tac~ scope. - -So you should start at ~iroh-admin.tac-web-service.routes~ -Mainly you should add a few functions so they could provide the functionalities -they would like. -But beware that, unlike the direct store functions, you should take great care -of not breaking the expected schemas in the DB. - -But you could probably just provide a few new routes, to search users by email, -enable/disable users. For that you should use the ~UserService~ the current route -already use the ~OrgService~ to update orgs. - -For enabling a module by id I don't know much, this is probably a method from ~ModuleInstanceService~. - -Cheers, -Yann. -*** 2022-06-10 Friday -**** DISC Chien Espoir & Handicap :work:discussion: -:LOGBOOK: -CLOCK: [2022-06-10 Fri 10:41]--[2022-06-10 Fri 14:35] => 3:54 -:END: -[2022-06-10 Fri 10:41] -***** Acceuil - - -[À propos](/about): - -Handicap supportés: - -- handicap moteur -- troubles autistiques -- troubles visuels -**** CHAT Allison Walters role sync :work:chat: -:LOGBOOK: -CLOCK: [2022-06-10 Fri 09:05]--[2022-06-10 Fri 09:41] => 0:36 -:END: -[2022-06-10 Fri 09:05] - -Hi Allison, the confusion is expected unfortunately, the current state of affair -is the result of a very long and painful work that was called "IdP -Migration"/"SXSO Migration"/"Account Migration" mainly, I will try to give the -most exhaustive answer I can about this. - -First, SecureX and Threat Response are two Cisco products that have different -URL, different UI, but behind the hood both use the same and single API which is -called IROH. So both SecureX and Cisco Threat Response (and in fact a few other -products like the Ribbon, etc…) use the IROH API. - -Inside the IROH API, there is a big component dedicated to everything related to -Authentication, OAuth2 management, etc… This component is called IROH-Auth. - -So before the "migration", when a customer wanted to login into Threat Response -or SecureX he saw 2 buttons (one for AMP which is now CSA and one for -Threatgrid now called Secure Malware Analytics). - -So took place a huge concerted effort to only show 1 button. -After more than one and half a year of effort from multiple teams and lot of -people involved we finally had 3 buttons (both older 2 buttons + SecureX Sign-On). - -:) - -Today we still have 3 login choices to login, but the UI subtly hide 2 buttons -by making the default login (SXSO) more prominent. - -That was for the small story. -Now, let's talk about the technical details: - -The goal of the migration (let's call it that way) was to force every CSA user -to migrate toward using SecureX Sign-On to login. -So one more complexity, CSA accounts could or could not be directly related to an -active AMP (Secure Endpoint) account. So this add a layer on complexity for the -CSA team. - -IROH-Auth provided multiple different mechanisms to minimize the inevitable -friction that would occurs when user will change their login system. So -technically this is not that complex, we "just" needed from the CSA team to add -the "link" from the previous account and new account. -IROH-Auth exposes a provisioning API for this purpose. - -Mainly, every time a user perform a migration from CSA to SXSO in CSA (using the -CSA URL, workflow, etc…) -as IROH could not know that, CSA team call the provisioning API when: - -- a user perform a migration, so we could link the old CSA user-identity to the - new SXSO user-identity in SecureX as well as it is done in CSA -- a new user is created into a CSA organization and login via SXSO, in that case - the CSA team create a new user inside SecureX, with the SXSO identity. So if - this user login in SecureX it is automatically put in the correct org. - -This is what should occurs when user only uses CSA. -And this is the responsibility of CSA to perform these call to the provisioning API. -But the provisioning API is not called when the user's role is changed in SE. - -So once an org is marked to have migrated, they should no more be able to login -via CSA, but should be forced to pass through SXSO. - -OK. That's the first migration path. - -Now, what about a user that has a CSA/SE account but before migrating the org -uses SecureX but create an SXSO account without passing through the migration workflow? - -In that case, IROH-Auth tries to be "smart" about it. -So we try to detect email matches. -If a user login via SXSO and we have known users with the same email, we links -all these accounts together. - -Note, SXSO do not provide any info about the role, nor the org. - -So the role in SecureX could change only via: - -- an admin in some non migrated SE org change the SE user role and later that - user login via a CSA button on a non migrated org in SE -- Inside SecureX, an admin could change the role of another user in SecureX -- The provisioning API during user migration or user creation - -To give an example about how role could be updated: - -- on a non migrated org in SE: - + user-1 logged in a long time ago in SecureX with some role - + user-2 never logged into SecureX - + admin perform a role change for both user-1 and user-2; (in that step user-1 - role in SecureX and SE are different, SecureX could only sync the role if - user-1 login via CSA) - + admin perform the migration of its org in CSA => CSA call the provisioning - API, that should sync all users from CSA/SE into SecureX - + after the migration users should not be able to login again via CSA so the - link between the role is cut. And a change of role in SE will not result in - a change of role in SecureX. - -And I think there are missing workflow paths about it. -But to try to put it more simply, "most of the time", once an org migrate from -CSA to SXSO the link between the role is cut and the role are expected not to be -synchronized. - -I hope it could help a little. I think I left a lot more specific details some -of them I forgotten, some of them I cannot know about because it depends on the -CSA team. The doc related to this is probably long deprecated now, because so -many last minute bug fix occurred that we lost track of some minor details that -could potential make the simple rule (no relation between user's role once -migrated to SXSO) not work. - -For example, one detail I forgot to mention, when CSA call the provisioning API -to mark an Org as being migrated, SecureX will no more accept login via CSA for -this org. -So things are more complex when user create SXSO account before officially -migrating their org for example. - -Cheers. -**** DONE Review [[https://github.com/advthreat/iroh/pull/6791][#6791 Wanderson access/refresh]] :work: -SCHEDULED: <2022-06-10 Fri 14:00-14:30> -[2022-06-10 Fri 09:00] -** 2022-W24 -*** 2022-06-13 Monday -**** DONE Krystelle rescrit :interruption: -:LOGBOOK: -CLOCK: [2022-06-13 Mon 16:55]--[2022-06-13 Mon 17:02] => 0:07 -:END: -[2022-06-13 Mon 16:55] -**** DONE Lionel Rebière :interruption: -:LOGBOOK: -CLOCK: [2022-06-13 Mon 16:43]--[2022-06-13 Mon 16:55] => 0:12 -:END: -[2022-06-13 Mon 16:43] -**** MEETING weekly Account Switching :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-13 Mon 16:32]--[2022-06-13 Mon 16:43] => 0:11 -:END: -[2022-06-13 Mon 16:32] - -Maison - -Relancer le rescrit, dons défiscalisés. - -- 2 premiers benef test. -**** IN-PROGRESS telephone :interruption:work: -:LOGBOOK: -CLOCK: [2022-06-13 Mon 15:24]--[2022-06-13 Mon 16:32] => 1:08 -:END: -[2022-06-13 Mon 15:24] -**** IN-PROGRESS Security Fix (revocation on disable) :work: -:LOGBOOK: -CLOCK: [2022-06-13 Mon 15:10]--[2022-06-13 Mon 15:24] => 0:14 -:END: -[2022-06-13 Mon 15:10] -*** 2022-06-14 Tuesday -**** DONE Review [[https://github.com/advthreat/iroh/pull/6785][Tenant switching route to return JWT of other account]] :work: -SCHEDULED: <2022-06-14 Tue 15:00-15:30> -:LOGBOOK: -CLOCK: [2022-06-14 Tue 15:20]--[2022-06-14 Tue 16:50] => 1:30 -:END: -[2022-06-14 Tue 14:52] -*** 2022-06-15 Wednesday -**** GEEK Chien Espoir Handicap site :perso: -:LOGBOOK: -CLOCK: [2022-06-15 Wed 18:27]--[2022-06-15 Wed 22:15] => 3:48 -:END: -[2022-06-15 Wed 18:27] -**** DONE check time2give and click2give :work: -SCHEDULED: <2022-06-27 Mon 16:30-17:00> -[2022-06-15 Wed 15:13] -**** DONE Webex Olivier :work: -SCHEDULED: <2022-06-14 Tue 15:00-15:30> -[2022-06-15 Wed 14:42] -*** 2022-06-16 Thursday -**** DONE [#B] List of technical issues to add to the next quarter :work: -SCHEDULED: <2022-06-17 Fri 10:30-11:00> -:LOGBOOK: -CLOCK: [2022-06-17 Fri 10:04]--[2022-06-17 Fri 11:06] => 1:02 -:END: -[2022-06-16 Thu 17:25] -**** MEETING weekly meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-16 Thu 17:13]--[2022-06-16 Thu 20:19] => 3:06 -:END: -[2022-06-16 Thu 17:13] - -- org-level client continue -- work continue on Tenant switching, I expect Wanderson PR to be merged either - today or probably at the beginning of next week. -- auto revoke disabled users ; problems with the linter (disable, revert, fix, etc…) -- Next => help UI by adding a new parameter to generate short lived tokens (need - the PR from Wanderson first) -- waiting the VPN to fix duplicate accounts (one user has 200 duplicates) -- started to work on iroh.main, but I was interrupted by other things, but I am - not far from giving a good result in my branch. -- The most important work is probably support Token Exchange compatible with - SecureX Sign-On user identities when used as subject. -**** IN-PROGRESS revoke JWT when disabling users :work: -:LOGBOOK: -CLOCK: [2022-06-16 Thu 10:52]--[2022-06-16 Thu 17:13] => 6:21 -:END: -[2022-06-16 Thu 10:52] -*** 2022-06-17 Friday -**** IN-PROGRESS Revoke on disable :work: -:LOGBOOK: -CLOCK: [2022-06-17 Fri 11:06]--[2022-06-17 Fri 17:32] => 6:26 -:END: -[2022-06-17 Fri 11:06] -** 2022-W25 -*** 2022-06-23 Thursday -**** MEETING API Design Meeting (with Jyoti) :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-23 Thu 17:59]--[2022-06-24 Fri 17:55] => 23:56 -:END: -[2022-06-23 Thu 17:59] -***** Talos Mapping - -Michael Simonson data mapping from Talos. -**** MEETING weekly :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-23 Thu 17:30]--[2022-06-23 Thu 17:59] => 0:29 -:END: -[2022-06-23 Thu 17:30] - -Work done - -In my current PR changed the iroh-auth-service protocol and it didn't break -iroh-int !!!! Thanks Matt! -**** IN-PROGRESS Anticorruption & Bribery training :work: -:LOGBOOK: -CLOCK: [2022-06-23 Thu 10:49]--[2022-06-23 Thu 17:30] => 6:41 -:END: -[2022-06-23 Thu 10:48] -*** 2022-06-24 Friday -**** MEETING Monthly Engineering :work:meeting: -:LOGBOOK: -CLOCK: [2022-06-24 Fri 17:55]--[2022-06-24 Fri 19:11] => 1:16 -:END: -[2022-06-24 Fri 17:55] - -- Switch tenant; - - ability to change your account, generate JWT from other JWT. - - new UI that will help managing your accounts, orgs, discover new orgs, etc… -- Token Exchange; exchange an email or user-id for a SecureX JWT. -- Org-level clients; handle OAuth2 clients when their owner leave the company -***** Intro - -Just 1h. Lineup demos: - -Carlos Diaz Secure Endpoint, show us. Investigation. - -Michael and Mark present something with Jira. -***** Tour -****** Ops -John: pivot openVPN back to using certs -****** Release status -Houman: asking Neel - -1.99 is in production 1 day late. -Same with 1.98. -****** Business Updates -****** Team - -Guillaume: - -- New team members: - - Shafiq is in Sweden - - Johnatan will start next week, Toronto / Berlin ; under G2 - - Jerome Shneider; join mid-july, dedicated ops for IROH -- Tenant Switching -- Improvements -- -**** DONE Answer ETA https://github.com/advthreat/iroh/issues/6769 :work: -DEADLINE: <2022-06-24 Fri 16:00> SCHEDULED: <2022-06-24 Fri> -[2022-06-24 Fri 10:38] -** 2022-W32 -*** 2022-08-09 Tuesday -**** DONE Answer to Jyoti :work: -SCHEDULED: <2022-08-09 Tue 11:00> -[2022-08-09 Tue 09:47] -**** DONE Answer to question from Ben :work: -SCHEDULED: <2022-08-09 Tue 10:00> -[2022-08-09 Tue 09:45] - -So we could probably add a parameter to create links that would auto-select the -tenant during login and bypass the redirection to the Registration UI. - -But I am not sure this would be desirable, because it would introduce potential -inconsistency. -The main issue is that we use many different URLs, for different component/products. -The state (the user-identity and the tenant) must be saved for every URL of -every component/product if we want to synchronize the tenancy everywhere. - -For example think about this scenario: - -1. login to SecureX as user1@company.com using org Company -2. click to login to CTR (say the user login into the same user/org in CTR) -3. open a new tab and open SecureX, then inside SecureX switch tenant to Company2 -4. without clicking to back to CTR => the tenant is Company not Company2 - -Now it might also be more difficult to use different tenant between product. -I don't know if this is what we want or not. - -The question is probably more, do we want to sync the tenant on all our product -all the time? aka, à la google. -Or do we want to be able to have different tenant on different URL? - -If we want to sync the tenancy everywhere, this could be done, but this is not -free. -Mainly we want a solution similar to how Google handle your Google account. -Notice how, when you switch your Google account, you wait a few seconds on a -webpage? -This is Google opening a few iframes to pass the state between different URLs -(like google.com and youtube.com etc…) - -Google have it easy, because they just care about the User Identity. And once -they know your user identity, they don't need to clear it, as it never changes. -So your Google account session is infinite. - -In the Cisco case, the User Identity state is saved in a cookie at the SXSO URL. -But, unlike Google Cisco, need to ask confirmation of the User Identity to 3rd -party IdPs so we do not allow a login from a user that was fired from a company. -So SXSO sessions are a lot shorter (a few hours). - -The Tenancy state is not saved into the Registration UI URL for now but it could -be. -But this must be dependent on the session lifetime of SXSO for the same security -reason. - -But as we use 3rd party IdPs, and thus depends on IdP of our customers, it -means, that our User Identity session must be short enough to be somehow secure -and it means that if we were to sync the account state on all products we will -need to present a similar page to the Google account switching everytime the -session ends. So once a day, we would force our customer to see that page that -could take a few seconds to load because it is loading in the background many -different URLs. -*** 2022-08-12 Friday -**** DONE Check clients qui seront disabled en PROD -SCHEDULED: <2022-08-16 Tue> -[2022-08-12 Fri 16:10] - -APJC -user-id org-id enabled? user-email -x b4194bf2-4baa-4583-a3f4-1adbf711b4c8 6053ec8b-e546-4938-85ae-89bfa25df8e1 not-enabled yvaisman@cisco.com -x b4194bf2-4baa-4583-a3f4-1adbf711b4c8 6053ec8b-e546-4938-85ae-89bfa25df8e1 not-enabled yvaisman@cisco.com - -owner 6ee52ee9-2e3a-4e1b-977d-961facb5fd84 from org 63489cf9-561c-4958-a13d-6d84b7ef09d4 not found -owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found -owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found - -EU -user-id org-id enabled? user-email -x ce157e8d-c7da-4284-afc1-cb9f83c7d4c8 4c2bfb38-b4be-4752-9eee-d98a0d6c0d6a not-enabled yvaisman@cisco.com - -x owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found -x owner 9ccbb6d3-5ea0-460d-8256-9fe28bdca4be from org 9997a398-1b4c-4d2e-b4da-1285c2ac4ffb not found -owner d697511a-9164-49d0-8c7b-a5c1a11fb25d from org 576c9ad4-7820-44ca-9d5e-6ca678eadcd1 not found - -NAM -user-id org-id enabled? user-email -x 3933f5e0-50bb-49a7-bbf4-5944e0b709fd 2e0e9eaf-eaf7-4449-9c07-9fb1828aec78 not-enabled yana@securitydemo.net -x 7ef6da70-eeef-4a18-83ea-2e94dd6f9ba2 d76c035d-e896-438c-8d75-158be85fc958 not-enabled aklager+orbital_dev@cisco.com - -x owner d697511a-9164-49d0-8c7b-a5c1a11fb25d from org 576c9ad4-7820-44ca-9d5e-6ca678eadcd1 not found -***** Fixes -****** NAM -Replaced -3933f5e0-50bb-49a7-bbf4-5944e0b709fd by 9992027f-a88b-4b0e-8a38-58ad317c58af -7ef6da70-eeef-4a18-83ea-2e94dd6f9ba2 by dbc2d227-ba79-47e8-ae21-b4da6e1727f8 - -For client: client-3e55e6a3-4561-4733-b380-ffbd94733ba1 -from d697511a-9164-49d0-8c7b-a5c1a11fb25d to me {"owner-id":"f0010924-e1bc-4b03-b600-89c6cf52757c", "org-id":"f47a89bf-5d2e-4392-b770-ad4821a82acf"} -****** EU - -no org found: - -client-01c25de8-50a7-4ed8-b260-b1ebee977fda (CSC backend client) -client-8dae4eda-3b9a-48b1-8cdc-e7e1963465a3 (CSC Backend) -client-3e55e6a3-4561-4733-b380-ffbd94733ba1 (SSE UI Client; "PROD EU Environment for Security Services Exchange Admin Console") - -Replace by me: - -{"owner-id":"080c8271-e1c7-4fe6-b6e2-bc1fda123432", -"org-id":"bfb43d46-4fc3-43e7-93bf-a1fbe020593b"} -****** APJC - -client-92258bc0-196a-4f6c-a0b5-fe105de5f505 (SSE UI dev client) -client-ff492465-48c7-4aab-b9c7-feb3569226a7 (CSC backend) -client-b0d51eb1-e03f-4671-aa99-8fb4927ae88b (CSC backend) - -Replace by me: - -{"owner-id":"b19d5dea-5aa4-4265-b42d-9acc1e913f01", -"org-id":"d461811f-e6ce-477c-bae3-1d7527f4e80b"} -** 2022-W33 -*** 2022-08-17 Wednesday -**** CANCELED Reward Sofiia for helping with creds :work: -SCHEDULED: <2022-08-17 Wed> -:LOGBOOK: -- State "CANCELED" from "TODO" [2022-09-09 Fri 09:56] -:END: -[2022-08-17 Wed 11:54] -** 2022-W35 -*** 2022-08-31 Wednesday -**** MEETING API Design Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-08-31 Wed 18:33]--[2022-09-01 Thu 16:02] => 21:29 -:END: -[2022-08-31 Wed 18:33] -***** IROH Proxy for Orchestration -**** DONE Answer Chakrapani Chitnis :work: -SCHEDULED: <2022-08-31 Wed> -[2022-08-31 Wed 09:27] -**** DONE Answer to Prerna in Switch Tenant Discussion :work: -SCHEDULED: <2022-08-31 Wed 10:00> -[2022-08-31 Wed 09:24] - -webexteams://im?space=3fda2de0-7876-11ec-b589-2d17b011a78b -***** Answer - -Hi Prerna, you are totally right, as CTR do not implement the switch user this -PR will probably break CTR workflow. - -I should probably have asked to split this feature in two steps: - -1. Ability to create a link that will ensure the user will be presented the - Registration UI -2. Change the login behavior to match the one asked by Ben. - -Note, that CTR might not need to implement the full user switching from within -CTR and simply use (1) to redirect user to the Registration UI, so the user will -be able to switch their account from there. - -I think (1) would not break anything and will be retro-compatible. -Also I think both CTR and SecureX should provide a way to redirect the user to -the Registration UI. -Currently user with a single account never reach the Registration UI unless they -have a pending invite, which means for these users, creating a new Organization -is probably almost impossible. - -That being said, I didn't want to change the behaviour before asking everyone in -this FT if this is desirable, as it appears to me that automatically redirecting -the users to the dashboard (or CTR) with the latest login account, goes a bit -against some discussion we had to present the Registration UI as often as possible. - -So, sorry @wanderson, could you split your PR? Or maybe create a new PR with -just (1) implemented? As I think this is needed to fix this bug: - -https://github.com/advthreat/GLaDOS/issues/3404 - -So at least for now, I don't think we need to go further, the PR will be put -on-hold until further discussion. -*** 2022-09-01 Thursday -**** MEETING Weekly :work:meeting: -[2022-09-01 Thu 17:07] -***** Y - -Code cleaning: -- use iroh-crud for Users -- use tk-test - -Help fix the missing events with Matt - -Discuss about improving login workflow, was refused because it will break CTR. - -Idea occurred to me to split the test between integration one and the other. -We could gain the docker init time for them ;) -**** MEETING AO Meeting :work:meeting: -:LOGBOOK: -CLOCK: [2022-09-01 Thu 16:02]--[2022-09-03 Sat 13:16] => 45:14 -:END: -[2022-09-01 Thu 16:02] -***** Lisa & Craig - -Leverage SX Module Integration - -- Lisa Hart PO of SXO -- Briana Farro, presentation; -***** Plan -- Chris (PM); desired outcome -- Pior Proposed Engineering Solutions -- New Proposed Engineering Solution -***** Product Statement Overview -****** Christopher Van Der Made -open API (very few cisco product provide it) -** 2022-W41 -*** 2022-10-12 Wednesday -**** DONE Add Allison Walters to the org of the demo client :work: -SCHEDULED: <2022-10-12 Wed> -[2022-10-12 Wed 09:58] -TEST ~client-2f0c934c-ce46-4187-afed-4cdcff937679~ -email: allwalte@cisco.com -** 2022-W42 -*** 2022-10-19 Wednesday -**** CANCELED Ask Robert Harris to update doc for ribbon :work: -SCHEDULED: <2022-10-19 Wed> -:LOGBOOK: -- State "CANCELED" from "TODO" [2022-10-19 Wed 15:52] -:END: -[2022-10-19 Wed 06:56] - -ref :: https://github.com/advthreat/pabst/blob/master/docs/ribbon2migration.md#oauth2-configuration -**** DONE Talk with Olivier about doc template :work: -SCHEDULED: <2022-10-19 Wed> -:LOGBOOK: -CLOCK: [2022-10-19 Wed 10:07]--[2022-10-19 Wed 11:55] => 1:48 -:END: -[2022-10-19 Wed 06:56] -**** DONE Replace the scopes for Rooshan :work: -SCHEDULED: <2022-10-19 Wed> -:LOGBOOK: -CLOCK: [2022-10-19 Wed 14:55]--[2022-10-19 Wed 15:52] => 0:57 -:END: -[2022-10-19 Wed 06:53] - -ref :: https://github.com/advthreat/pabst/blob/master/docs/ribbon2migration.md#oauth2-configuration - -New scopes: - -#+begin_src javascript -{"scopes": ["admin/csc", - "admin/integration/module-instance:write", - "casebook", - "enrich:read", - "global-intel:read" - "inspect:read", - "integration/api-gateway/proxy:write", - "integration/module-instance", - "integration/module-type:read", - "integration/sxso/app-links:read", - "integration:read" - "investigation", - "notification", - "orbital", - "private-intel", - "profile", - "registry/user/ribbon", - "registry/user:read", - "response", - "telemetry:write", - "users", - "vault/config/metadata:read", - "vault/configs:read", - ]} -#+end_src -** 2022-W43 -*** 2022-10-24 Monday -**** DONE Faire l'ESTA :work: -DEADLINE: <2022-10-25 Tue 18:00> SCHEDULED: <2022-10-24 Mon> -[2022-10-24 Mon 15:59] -**** DONE [#B] Réserver vols Concur :work: -DEADLINE: <2022-10-24 Mon 15:15> SCHEDULED: <2022-10-24 Mon> -[2022-10-24 Mon 11:02] - -#+begin_quote -CISCO EMERGENCY TRAVEL NUMBER *88* OPTION 6 -### PLEASE READ THIS IMPORTANT MESSAGE -PLEASE CALL THE CISCO TRAVEL TEAM TO -UPDATE CHANGE OR CANCEL THIS RESERVATION -PLEASE CALL *88* PROMPT 6 FROM ANY CISCO IP PHONE -OR 00 31 36 711 7711 PROMPT 6 ------PLEASE NOTE THESE IMPORTANT NUMBERS----- -----MEDICAL AND SECURITY TRAVEL EMERGENCY---- -US 1 800 206 5647 / TOLL FREE -AMER WEST AND WORLDWIDE COLLECT 1 408 525 1111 -AMER EAST 919 392 2222 OR 1 888 302 9081 -EMEA 44 20 8824 3434 -INDIA 91 80 4426 4111 / ASIA PAC 86 21 2407 3333 - -QI 8 COMPANY CISCOBE -QI 8 FORM AXQIITNBEEN -#+end_quote -**** DONE Update clients scopes :work: -SCHEDULED: <2022-10-24 Mon 16:00> -:LOGBOOK: -CLOCK: [2022-10-24 Mon 15:43]--[2022-10-24 Mon 16:27] => 0:44 -:END: -[2022-10-24 Mon 10:57] - -Webex link: webexteams://im?space=26a6e900-fe90-11ea-8c35-195a5dc6b463 -Contact: Rooshan Aslam - -Env: amp/nam -"RIBBON_CLIENT_ID":"client-ead5586b-a545-423e-857f-3c65841067ef" - - Env: eu - "RIBBON_CLIENT_ID":"client-ce13991c-6049-48ee-8e33-e4d059a153bf" - -Env: apjc -"RIBBON_CLIENT_ID":"client-2fbb67f0-a6b4-41b4-b4ce-62a8b89fe606" - -PATCH: - -#+begin_src js -{"scopes": [ - "admin/csc", - "admin/integration/module-instance:write", - "casebook", - "enrich:read", - "global-intel:read", - "inspect:read", - "integration/api-gateway/proxy:write", - "integration/module-instance", - "integration/module-type:read", - "integration/sxso/app-links:read", - "integration:read", - "investigation", - "notification", - "orbital", - "private-intel", - "profile", - "registry/user/ribbon", - "registry/user:read", - "response", - "telemetry:write", - "users", - "vault/config/metadata:read", - "vault/configs:read"]} -#+end_src -***** NAM Backup - -#+begin_src json -{ "scopes": [ - "admin/csc", - "vault/configs:read", - "private-intel", - "profile", - "integration/module-type:read", - "enrich:read", - "admin/integration/module-instance:write", - "users", - "casebook", - "vault/config/metadata:read", - "inspect:read", - "orbital", - "integration/module-instance", - "integration/api-gateway/proxy:write", - "integration/sxso/app-links:read", - "notification:read", - "response", - "telemetry:write", - "registry/user/ribbon", - "global-intel:read" - ], - "description": "Used to communicate with IROH API endpoints", - "approved?": true, - "redirects": [ - "https://console.amp.cisco.com/visibility_oauth/new", - "https://console.amp.cisco.com/securex_modules/new", - "https://support-portal.amp.cisco.com/securex_modules/new" - ], - "availability": "everyone", - "password": "$s0$f0801$lbvAxwkfQhlCZNJxbkDdLQ==$MMrH+2eTLqtOqc8P1tNwTyKIgvNYePVMK6Sq3Brt+D0=", - "name": "AMP for Endpoints", - "allow-partial-user-scopes?": true, - "org-id": "a2ea8cbf-7540-4860-9050-7a24c3c8e0b6", - "enabled?": true, - "grants": [ - "auth-code" - ], - "client-type": "confidential", - "id": "client-ead5586b-a545-423e-857f-3c65841067ef", - "approval-status": "approved", - "owner-id": "e9a61ce5-e49c-4809-ad14-8230fd12ddd4", - "created-at": "2020-04-16T20:40:37.541Z" -} -#+end_src -***** EU Backup - -#+begin_src -{ - "scopes": [ - "admin/csc", - "vault/configs:read", - "private-intel", - "profile", - "integration/module-type:read", - "enrich:read", - "admin/integration/module-instance:write", - "users", - "casebook", - "vault/config/metadata:read", - "inspect:read", - "orbital", - "integration/module-instance", - "integration/api-gateway/proxy:write", - "integration/sxso/app-links:read", - "notification:read", - "response", - "telemetry:write", - "registry/user/ribbon", - "global-intel:read" - ], - "description": "A client used to make API requests to IROH", - "approved?": true, - "redirects": [ - "https://console.eu.amp.cisco.com/visibility_oauth/new", - "https://console.eu.amp.cisco.com/securex_modules/new", - "https://support-portal.eu.amp.cisco.com/securex_modules/new" - ], - "availability": "everyone", - "password": "$s0$f0801$HJcAh0nXy6kwQ+C6/JvJ5g==$wtPYiPYjxYiB31i2Yapaynh/90GI4gfD4ePZZ21Utlw=", - "name": "AMP for endpoints", - "allow-partial-user-scopes?": true, - "org-id": "a5a47f61-9d42-49fc-a1e9-36b09fe8e95e", - "enabled?": true, - "grants": [ - "auth-code" - ], - "client-type": "confidential", - "id": "client-ce13991c-6049-48ee-8e33-e4d059a153bf", - "approval-status": "approved", - "owner-id": "32060e21-abcb-45c6-923d-dac334805d1d", - "created-at": "2020-04-16T21:08:15.035Z" -} -#+end_src -***** APJC Backup - -#+begin_src json -{ - "scopes": [ - "admin/csc", - "vault/configs:read", - "private-intel", - "profile", - "integration/module-type:read", - "enrich:read", - "admin/integration/module-instance:write", - "users", - "casebook", - "vault/config/metadata:read", - "inspect:read", - "orbital", - "integration/module-instance", - "integration/api-gateway/proxy:write", - "integration/sxso/app-links:read", - "notification:read", - "response", - "telemetry:write", - "registry/user/ribbon", - "global-intel:read" - ], - "description": "A client used to make API requests to IROH", - "approved?": true, - "redirects": [ - "https://console.apjc.amp.cisco.com/visibility_oauth/new", - "https://console.apjc.amp.cisco.com/securex_modules/new", - "https://support-portal.apjc.amp.cisco.com/securex_modules/new" - ], - "availability": "everyone", - "password": "$s0$f0801$IHYBwP+MKF+cjke2H9blhw==$BNEdX+cKmVT6DkW3zq2yvZEaTG7SRM/d+TEeuSsLRac=", - "name": "AMP for endpoints", - "allow-partial-user-scopes?": true, - "org-id": "778298b5-cb3e-4d0c-a8fb-4df2bdf9c665", - "enabled?": true, - "grants": [ - "auth-code" - ], - "client-type": "confidential", - "id": "client-2fbb67f0-a6b4-41b4-b4ce-62a8b89fe606", - "approval-status": "approved", - "owner-id": "92e47cc3-d027-4e2c-88ba-d141bc369883", - "created-at": "2020-04-16T20:50:51.948Z" -} -#+end_src -**** DONE Nag team :work: -DEADLINE: <2022-10-24 Mon 14:30> SCHEDULED: <2022-10-24 Mon> -[2022-10-24 Mon 10:49] -**** DONE Team Space :work: -DEADLINE: <2022-10-24 Mon 15:00> SCHEDULED: <2022-10-24 Mon> -[2022-10-24 Mon 10:49] -*** 2022-10-25 Tuesday -**** DONE Answer Krithika :work: -DEADLINE: <2022-10-25 Tue 15:00> SCHEDULED: <2022-10-25 Tue> -[2022-10-25 Tue 10:51] -** 2022-W44 -*** 2022-11-01 Tuesday -**** DONE POST Off-site Discussion :work: -SCHEDULED: <2022-11-07 Mon> -[2022-11-01 Tue 17:17] - -Incident View discussion: https://github.com/advthreat/iroh/issues/6976 -** 2022-W45 -*** 2022-11-09 Wednesday -**** DONE Handle Flagged emails :work: -SCHEDULED: <2022-11-10 Thu 11:00> -[2022-11-09 Wed 18:36] -** 2022-W46 -*** 2022-11-14 Monday -**** DONE Write RBAC Epic(s) :work: -CLOSED: [2023-01-15 Sun 09:40] SCHEDULED: <2022-11-14 Mon 14:00> -:LOGBOOK: -- State "DONE" from "IN-PROGRESS [2023-01-15 Sun 09:40] -CLOCK: [2022-11-14 Mon 16:29]--[2022-11-14 Mon 18:05] => 1:36 -:END: -[2022-11-14 Mon 10:41] -**** DONE [#B] Comment on Jyoti doc :work: -DEADLINE: <2022-11-14 Mon 11:30> SCHEDULED: <2022-11-14 Mon> -:LOGBOOK: -CLOCK: [2022-11-14 Mon 11:30]--[2022-11-14 Mon 15:42] => 4:12 -:END: -[2022-11-14 Mon 10:41] -- https://github.com/advthreat/response/pull/1601 -*** 2022-11-16 Wednesday -**** DONE Préparation 1-1 Wanderson :work: -SCHEDULED: <2022-11-16 Wed> -:LOGBOOK: -CLOCK: [2022-11-16 Wed 11:24]--[2022-11-17 Thu 18:09] => 30:45 -:END: -[2022-11-16 Wed 11:24] -** 2022-W47 -*** 2022-11-23 Wednesday -**** DONE SCA issues :work: -CLOSED: [2023-01-15 Sun 09:40] SCHEDULED: <2022-11-24 Thu 11:00> -:LOGBOOK: -- State "DONE" from "TODO" [2023-01-15 Sun 09:40] -:END: -[2022-11-23 Wed 19:40] -***** Actions - -- [ ] Onboard API -- [ ] Webhook on role change. -- [ ] ENV/Region in the JWT at least id_token. -- [ ] Time of provisioning 5 to 10 min. -**** DONE TAC Impersonation doc :work: -SCHEDULED: <2022-11-24 Thu 10:00> -:LOGBOOK: -CLOCK: [2022-11-24 Thu 14:06]--[2022-11-24 Thu 14:13] => 0:07 -:END: -[2022-11-23 Wed 19:11] -- take care of scopes -- take care of user-switching or any other kind of JWT generation to keep track - of act and scopes