archives

.gitignore

@@ -1,3 +1,4 @@
 ltximg
 HWP/
 .*.icloud
+.stack-work/

Cisco.org.gpg_archive

@@ -2945,3 +2945,468 @@ Improvement of common knowledge of clojure runtime.
 
 @Nargol, I'll try to be online because I'm at the symposium.
 @Craig, take the buffet :)
+
+* Tech notes
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2019-04-04 Thu 16:27
+  :ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
+  :ARCHIVE_CATEGORY: Cisco.org
+  :END:
+** OPS Connect to Int
+
+To find the IPs:
+
+https://tg-iroh.signin.aws.amazon.com/console
+
+Last time IP of =tenzin.int.iroh.site=: 54.165.154.145
+
+Then
+
+ #+BEGIN_SRC
+ ssh -i ~/.ssh/tenzin_master_int -o IdentitiesOnly=yes ubuntu@tenzin.int.iroh.site
+ sudo su -
+ salt '*iroh-01*' cmd.run "ifconfig"
+ # GET THE IP
+ sudo su -
+ ssh -i /etc/salt/tenzin_master ubuntu@XXX
+ sudo su -
+ #+END_SRC
+
+ And you could do:
+
+ #+BEGIN_SRC
+ cd /srv/iroh; ls -lath
+ service iroh restart
+ lsof -nP | grep LISTEN
+ #+END_SRC
+
+* Email of users
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2019-04-04 Thu 16:29
+  :ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
+  :ARCHIVE_OLPATH: Epics
+  :ARCHIVE_CATEGORY: Cisco.org
+  :END:
+
+** channel: email
+
+Hi Eduardo,
+
+In order for everyone to be aware of the situation here is a short resume:
+
+1. Since we're using the IDB, new user records don't not contain an email field in the profile.
+   The IDB does not return that data as specified in the OIDC protocol (see my remark).
+2. I stated the problem to the IDB team
+3. In order to mitigate that, for AMP accounts, I luckily found a workaround using a non
+   standard field. Thus, currently, new users and existing users who login via AMP
+   should have an email set in our DB.
+4. I asked the IDB team again to provide us the email during login also for TG users.
+
+The current status:
+
+Our DB should start to be filled with emails for all user that login to CTR.
+Existing user that do not login won't have their email set.
+
+If the IDB team find a way to update their configuration to pass down the email
+information for TG user, the DB might also be filled automatically without
+work to be done by the CTR team.
+
+> + Adding Snehal, Craig, and Guillaume for awareness
+>
+> Hi Yann,
+>
+> Could you please provide an update on the issues 2440 and 2504 around not
+> getting user emails? There are 1548 user ids from AMP customers with no email
+> associated.
+>
+> Something seems to have changed, since recently we’ve been getting no emails for
+> new users. This is essential for us to track adoption by product and set up
+> targeted email campaigns.
+>
+> Thanks
+
+
+* History API via Event Store                                :TOC_3_gh:QUOTE:
+  :PROPERTIES:
+  :ARCHIVE_TIME: 2019-04-04 Thu 16:29
+  :ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
+  :ARCHIVE_OLPATH: Epics
+  :ARCHIVE_CATEGORY: Cisco.org
+  :END:
+#+BEGIN_QUOTE
+- [[#oauth2-provider][OAuth2 Provider]]
+  - [[#workflow][Workflow]]
+    - [[#authorize][=/authorize=]]
+    - [[#approve][=/approve=]]
+    - [[#refuse][=/refuse=]]
+    - [[#token][=/token=]]
+  - [[#oauth2-in-iroh-auth-spec-rfc-second-pass][OAuth2 in IROH-Auth Spec RFC second pass]]
+    - [[#vocabulary][Vocabulary]]
+    - [[#client-registration][Client Registration]]
+    - [[#protocol-endpoints][Protocol Endpoints]]
+    - [[#obtaining-authorization][Obtaining Authorization]]
+  - [[#oauth2-provider-epic][OAuth2 Provider Epic]]
+    - [[#functional-spec][Functional Spec]]
+    - [[#tasks][Tasks]]
+    - [[#technical-spec][Technical Spec]]
+  - [[#oauth2-epics-3rd-pass][OAuth2 Epics (3rd pass)]]
+    - [[#spa-compatible-oauth2][SPA compatible OAuth2]]
+    - [[#users-made-oauth2-clients][User's made OAuth2 clients]]
+    - [[#internal-user-representation][Internal User Representation]]
+    - [[#oauth2-client-credentials-grant][OAuth2 Client Credentials Grant]]
+    - [[#iroh-admin-dashboard][IROH Admin Dashboard]]
+    - [[#oauth2-enhancements][OAuth2 Enhancements]]
+- [[#scopes-dictionary][Scopes Dictionary]]
+- [[#document-for-raghavaiah][Document for Raghavaiah]]
+  - [[#franks-proposal-auth-config-untangling][Frank's proposal; Auth config untangling]]
+    - [[#int][INT]]
+    - [[#test][TEST]]
+  - [[#proposal][Proposal]]
+    - [[#int-1][INT]]
+    - [[#prod-nam][PROD NAM]]
+    - [[#prod-eu][PROD EU]]
+    - [[#prod-apjc][PROD APJC]]
+    - [[#test-1][TEST]]
+- [[#daily-standup-meeting][Daily Standup Meeting]]
+  -  [[#2019-02-27-wed][<2019-02-27 Wed>]]
+    - [[#release-119][release 1.19]]
+    - [[#individual-updates][individual updates]]
+    - [[#uiux][UI/UX]]
+    - [[#misc][Misc]]
+  - [[#2019-02-25-mon][<2019-02-25 Mon>]]
+  - [[#2019-01-18-fri][<2019-01-18 Fri>]]
+    - [[#individual-update][Individual update]]
+  - [[#2019-01-23-wed][<2019-01-23 Wed>]]
+    - [[#ops][ops]]
+    - [[#rel-116][rel 1.16]]
+    - [[#individual-update-1][Individual update]]
+    - [[#ux-design-update][UX Design update]]
+    - [[#design-update][Design update]]
+  - [[#2019-01-11-fri][<2019-01-11 Fri>]]
+    - [[#ops-weather-report][Ops Weather Report]]
+    - [[#individual-reports][Individual Reports]]
+    - [[#design][Design]]
+  - [[#2019-01-09-wed][<2019-01-09 Wed>]]
+    - [[#ops-1][Ops]]
+    - [[#reports][Reports]]
+  - [[#2019-01-08-tue][<2019-01-08 Tue>]]
+    - [[#ops-2][OPS]]
+    - [[#release-status][Release Status]]
+    - [[#angela][Angela]]
+  - [[#2019-01-04-fri][<2019-01-04 Fri>]]
+  - [[#2018-12-07-fri][<2018-12-07 Fri>]]
+    - [[#topics][Topics]]
+    - [[#ops-3][Ops]]
+    - [[#rel][Rel]]
+  - [[#2018-11-28-wed][<2018-11-28 Wed>]]
+    - [[#release-114][release 1.14]]
+    - [[#ops-report][Ops report]]
+    - [[#individual-report][Individual Report]]
+    - [[#ux-design-report][UX Design Report]]
+  - [[#2018-11-26-mon][<2018-11-26 Mon>]]
+  - [[#2019-01-11-fri-1][<2019-01-11 Fri>]]
+  - [[#2018-11-19-mon][<2018-11-19 Mon>]]
+    - [[#ops-4][Ops]]
+    - [[#ui][UI]]
+    - [[#individual-reports-1][Individual reports]]
+    - [[#jwt-lifetime][JWT lifetime]]
+  - [[#2018-10-31-wed][<2018-10-31 Wed>]]
+    - [[#individual-reports-2][Individual Reports]]
+  - [[#2018-10-22-mon][<2018-10-22 Mon>]]
+    - [[#individual-updates-1][Individual Updates]]
+  - [[#2018-10-10-wed][<2018-10-10 Wed>]]
+  - [[#2018-10-01-mon][<2018-10-01 Mon>]]
+  - [[#2018-09-19-wed][<2018-09-19 Wed>]]
+    - [[#ops-weather-reports][Ops weather reports]]
+    - [[#release-report][Release report]]
+    - [[#doc-report][Doc report]]
+    - [[#personal-report][Personal report]]
+    - [[#ux-update][UX Update]]
+    - [[#pto][PTO]]
+  - [[#2018-09-18-tue][<2018-09-18 Tue>]]
+  - [[#2018-09-11-tue-secretary-nola][<2018-09-11 Tue> Secretary: Nola]]
+    - [[#topics-1][Topics]]
+    - [[#pr-merge][PR merge]]
+    - [[#pto-1][PTO]]
+  - [[#2018-09-10-mon][<2018-09-10 Mon>]]
+    - [[#yann][Yann]]
+    - [[#ux-design][UX Design]]
+    - [[#idp-issue][IdP Issue]]
+  - [[#2018-08-14-tue][<2018-08-14 Tue>]]
+  -  [[#2018-08-17-fri][<2018-08-17 Fri>]]
+    - [[#topics-2][Topics]]
+    - [[#ops-report-1][Ops report]]
+    - [[#individual-reports-3][Individual Reports]]
+    - [[#ux-design-update-1][UX Design Update]]
+    - [[#pto-2][PTO]]
+  - [[#2018-08-13-mon-secretary-paula][<2018-08-13 Mon> Secretary Paula]]
+    - [[#individual-report-1][Individual report]]
+  - [[#2018-08-08-wed-secretary-john][<2018-08-08 Wed> Secretary John]]
+    - [[#individual-report-2][Individual Report]]
+  - [[#2018-08-07-tue][<2018-08-07 Tue>]]
+    - [[#brian][Brian]]
+  - [[#2018-08-06-mon][<2018-08-06 Mon>]]
+    - [[#bart-resigned-by-mail][Bart resigned (by mail)]]
+    - [[#individual-report-3][Individual report]]
+  - [[#2018-08-03-fri][<2018-08-03 Fri>]]
+    - [[#topic][Topic]]
+    - [[#individual-update-2][Individual Update]]
+    - [[#ops-report-2][Ops Report]]
+    - [[#release-status-1][Release Status]]
+  - [[#2018-08-01-wed][<2018-08-01 Wed>]]
+    - [[#topics-3][Topics]]
+    - [[#update-from-craig][Update from Craig]]
+    - [[#individual-reports-4][Individual Reports]]
+    - [[#blocking-bug-622][Blocking Bug #622]]
+    - [[#ops-5][Ops]]
+    - [[#pto-3][PTO]]
+  - [[#2018-07-25-wed-secretary-matt][<2018-07-25 Wed> Secretary Matt]]
+    - [[#individual-reports-5][Individual Reports]]
+  - [[#2018-07-24-tue][<2018-07-24 Tue>]]
+    - [[#release][Release]]
+    - [[#operation-report][Operation Report]]
+    - [[#release-notes][Release Notes]]
+  - [[#2018-07-23-mon-secretary-alex][<2018-07-23 Mon> Secretary Alex]]
+    - [[#individual-reports-6][Individual Reports]]
+  - [[#2018-07-17-tue][<2018-07-17 Tue>]]
+    - [[#topics-4][Topics]]
+  - [[#2018-07-16-mon][<2018-07-16 Mon>]]
+    - [[#topics-5][Topics]]
+    - [[#individual-reports-7][Individual Reports]]
+  - [[#2018-07-13-fri][<2018-07-13 Fri>]]
+  - [[#2018-07-11-wed-secretary-bart][<2018-07-11 Wed> Secretary: Bart]]
+    - [[#individual-update-3][Individual update]]
+    - [[#release-deployment-day][Release Deployment Day]]
+    - [[#conversation-in-the-iroh-channel][conversation in the IROH channel]]
+    - [[#soliciting-topic][soliciting topic]]
+    - [[#impersonate-api][impersonate API]]
+    - [[#integrating-with-amp-test-env][integrating with AMP test env]]
+    - [[#update-from-john][update from John]]
+  - [[#2018-07-09-mon][<2018-07-09 Mon>]]
+    - [[#release-1][Release]]
+    - [[#pto-4][PTO]]
+    - [[#][...]]
+  - [[#2018-07-06-fri-secretary-jesse][<2018-07-06 Fri> Secretary Jesse]]
+    - [[#release-2][Release]]
+    - [[#discovery][Discovery]]
+    - [[#bart-demo][Bart Demo]]
+    - [[#upcoming-pto][Upcoming PTO]]
+  - [[#2018-07-04-wed][<2018-07-04 Wed>]]
+  - [[#2018-07-03-tue][<2018-07-03 Tue>]]
+  - [[#2018-06-29-fri][<2018-06-29 Fri>]]
+    - [[#iroh-ui][IROH UI]]
+    - [[#pto-5][PTO]]
+  - [[#2018-06-22-fri-secretary-yann][<2018-06-22 Fri> Secretary Yann]]
+    - [[#release-status-2][Release Status]]
+    - [[#ops-report-3][Ops Report]]
+    - [[#ttp-headnodes][TTP Headnodes]]
+    - [[#pto-update][PTO update]]
+    - [[#question-about-possible-users-information-leaks-in-the-kibana-logs][Question about possible user's information leaks in the kibana logs]]
+  - [[#2018-06-15-fri][<2018-06-15 Fri>]]
+  - [[#2018-06-01-fri][<2018-06-01 Fri>]]
+    - [[#ops-status-aws-outage][OPS status (AWS outage)]]
+    -  [[#ui-status-update][UI Status update]]
+    - [[#naga-status-update][Naga Status Update]]
+    - [[#certifcate-expiration][Certifcate expiration]]
+    - [[#kibana-dashboard][Kibana dashboard.]]
+    - [[#pto-6][PTO]]
+  - [[#2018-05-30-wed-secretary-bart][<2018-05-30 Wed> Secretary: Bart]]
+  - [[#2018-05-23-wed][<2018-05-23 Wed>]]
+  - [[#2018-05-14-mon-secretary-jesse][<2018-05-14 Mon> Secretary: Jesse]]
+  - [[#2018-04-24-tue-secretary-chris][<2018-04-24 Tue> Secretary: Chris]]
+  - [[#2018-04-23-mon-secretary-jesse][<2018-04-23 Mon> Secretary: Jesse]]
+  - [[#2018-04-11-wed][<2018-04-11 Wed>]]
+  - [[#2018-03-27-tue-secretary-daniel][<2018-03-27 Tue> Secretary: Daniel]]
+    - [[#release-3][release]]
+  - [[#2018-03-14-wed-secretary-daniel][<2018-03-14 Wed> Secretary: Daniel]]
+  - [[#2018-03-02-fri-secretary-craig][<2018-03-02 Fri> Secretary: Craig]]
+  - [[#2018-02-28-wed-secretary-yann][<2018-02-28 Wed> Secretary: Yann]]
+    - [[#saml-vulnerability][SAML Vulnerability]]
+    - [[#blocked-on-es-maximum-nb-of-field-error][Blocked on ES maximum nb of field error]]
+    - [[#blocked][Blocked]]
+    - [[#some-dev-start-to-become-painful][Some dev start to become painful]]
+    - [[#release-status-3][Release status]]
+    - [[#cisco-anyconnect-problem][Cisco AnyConnect Problem]]
+  - [[#2018-02-27-tue-secretary-paula][<2018-02-27 Tue> Secretary: Paula]]
+    - [[#report-from-berlin][Report from Berlin]]
+    - [[#int--test][Int / Test]]
+  - [[#2018-02-26-mon-secretary-alex][<2018-02-26 Mon> Secretary: Alex]]
+    - [[#tg-login][TG Login]]
+    - [[#tenzin-conf][Tenzin Conf]]
+    - [[#offsite][Offsite]]
+  - [[#2018-02-23-fri][<2018-02-23 Fri>]]
+  - [[#2018-02-19-mon-secretary-jesse][<2018-02-19 Mon> Secretary: Jesse]]
+  - [[#2018-02-07-wed-secretary-yann][<2018-02-07 Wed> Secretary: Yann]]
+    - [[#wait_for-for-refresh-in-es-impact][wait_for for refresh in ES impact]]
+    - [[#chris-stuck-too-long-on-1225][Chris: stuck too long on #1225]]
+    - [[#release-status-4][Release status]]
+  - [[#2018-02-05-mon-secretary-chris][<2018-02-05 Mon> Secretary: Chris]]
+  - [[#2018-02-01-thu-secretary-alex][<2018-02-01 Thu> Secretary: Alex]]
+  - [[#2018-01-31-wed-secretary-matt][<2018-01-31 Wed> Secretary: Matt]]
+    - [[#spectre-patches][Spectre patches]]
+    - [[#ctia-investigate-issue][CTIA Investigate Issue]]
+    - [[#html-route][HTML route]]
+  - [[#2018-01-30-tue-secretary-brian][<2018-01-30 Tue> Secretary: Brian]]
+    - [[#scratchpad-service-guillaume][Scratchpad Service (Guillaume)]]
+    - [[#error-reporting-in-iroh-ui-interface-jesse][Error Reporting in IROH UI Interface (Jesse)]]
+    - [[#amp-visibility-design-recap][AMP Visibility design recap]]
+    - [[#amp-visibility-builds][AMP Visibility Builds]]
+  - [[#2018-01-29-mon-secretary-houman][<2018-01-29 Mon> Secretary: Houman]]
+    - [[#status-of-the-release][Status of The release]]
+    - [[#investigation--snapshots--incident--scratchpads][Investigation & Snapshots / Incident & Scratchpads]]
+    - [[#ui-rewrite][UI rewrite?]]
+  - [[#2018-01-25-thu-secretary][<2018-01-25 Thu> Secretary:]]
+  - [[#2018-01-24-wed-secretary-paula][<2018-01-24 Wed> Secretary: Paula]]
+    - [[#timeout-issue][Timeout issue]]
+    - [[#client-lib-visibility-lib][Client Lib, Visibility Lib]]
+    - [[#deadline][Deadline]]
+    - [[#metrics-we-need-in-production][Metrics we need in production]]
+  - [[#2018-01-22-mon-secretary-guillaume][<2018-01-22 Mon> Secretary: Guillaume]]
+    - [[#contact-to-tg-integration][Contact to TG Integration]]
+    - [[#amp-global-intel-next-step][AMP Global Intel Next Step]]
+    - [[#iroh-ui-1][IROH-UI]]
+  - [[#2018-01-18-thu-secretary-jesse][<2018-01-18 Thu> Secretary: Jesse]]
+  - [[#2018-01-17-wed-secretary-alex][<2018-01-17 Wed> Secretary: Alex]]
+  - [[#2018-01-16-tue-secretary-yann][<2018-01-16 Tue> Secretary: Yann]]
+    - [[#prod-patching-meltdown][Prod Patching Meltdown]]
+    - [[#tg-indicator][TG indicator]]
+  - [[#2018-01-11-thu-secretary-chris][<2018-01-11 Thu> Secretary: Chris]]
+    - [[#story-boards][Story boards]]
+  - [[#2018-01-10-wed-secretary-sam][<2018-01-10 Wed> Secretary: Sam]]
+    - [[#status-update][status update]]
+  - [[#2018-01-09-tue][<2018-01-09 Tue>]]
+    - [[#offsite-1][offsite]]
+    - [[#yesterday-meeting][yesterday meeting]]
+    - [[#update-ui-stuff][update UI stuff]]
+    - [[#job-description][Job description]]
+  - [[#2018-01-08-mon][<2018-01-08 Mon>]]
+  - [[#2018-01-05-fri][<2018-01-05 Fri>]]
+    - [[#secretary-alex][Secretary @Alex]]
+    - [[#ui-breakout][UI breakout]]
+    - [[#project-boards][Project Board(s)]]
+    - [[#offsite-2][Offsite]]
+    - [[#new-position][New position]]
+  - [[#2018-01-04-thu][<2018-01-04 Thu>]]
+  - [[#2018-01-03-wed][<2018-01-03 Wed>]]
+  - [[#2018-01-02-tue][<2018-01-02 Tue>]]
+    - [[#craig][Craig]]
+  - [[#2017-12-04][<2017-12-04>]]
+  - [[#2017-11-29][<2017-11-29>]]
+  - [[#2017-11-28][<2017-11-28>]]
+  - [[#2017-10-27][<2017-10-27>]]
+  - [[#2017-10-26][<2017-10-26>]]
+  - [[#2017-10-18---nil][<2017-10-18> - nil]]
+  - [[#2017-10-17---nil][<2017-10-17> - nil]]
+  - [[#2017-10-16][<2017-10-16>]]
+  - [[#2017-09-26][<2017-09-26>]]
+- [[#tech-notes][Tech notes]]
+  - [[#ops-connect-to-int][OPS Connect to Int]]
+- [[#email-of-users][Email of users]]
+  - [[#channel-email][channel: email]]
+  - [[#introduction][Introduction]]
+  - [[#plan][Plan]]
+    - [[#part-1][Part 1]]
+    - [[#part-2][Part 2]]
+  - [[#technical-details][Technical Details]]
+#+END_QUOTE
+
+** Introduction
+
+ Multiple recent features/changes would be improved by a system to keep
+ track of history events (see #2370, #2425, #2426).
+
+ - keep track of login dates (right now, we only keep track of the
+   latest 5 login dates, we also can't keep much meta infos about those
+   logins like IP addresses, HTTP referrers, etc...)
+ - Administrative tasks, a new notion of role will give some user the
+   right to manage resources like other users / other OAuth2 clients.
+   As such we should keep track of who is doing what and when to
+   prevent subtle attack and/or errors.
+
+ For now, all these information can be gathered through our internal logging
+ system. I think this should become an internal API. Typically our customer will
+ want to know who is the admin that blocked some user and when.
+
+** Plan
+
+*** Part 1
+
+ Keep track of:
+
+ - user logins
+ - user profile updates
+ - client updates (who modified the client and when)
+
+ I think we should start with a very small plan first. We could take
+ advantage of the current events we are sending to Riemann and put those
+ events (or only part of them) in a searchable store. The advantage is
+ that we already have a service with a clear and simple API and is used
+ in many different other services.
+
+ We should then impose stronger constraints to the event format. It
+ should be beneficial for both internal API and analysis via Kibana (the
+ team responsible to analyse user behaviour expressed difficulties in
+ dealing with the lack of common format and missing infos for some
+ events).
+
+ This approach will also make it easier to simplify the internal
+ structure of the client object and be able to remove details about the
+ internal workflow in that object (and also others). Typically, it should
+ remove the need for many metadatas of the object (updated-by,
+ approval-status, etc...)
+
+ During this first step the events should correspond to *things that
+ happened* and as such should be named in past tense (*User Blocked*,
+ *Client Deleted*, etc...).
+
+*** Part 2
+
+/remark/: Part 2 is out of the scope of this issue and should be its own issue
+later.
+
+  I think we should think about not only using "Events" (things that
+  happened in the past) but also /Commands/ (requests for things to
+  happen, named with verb in imperative mood). And from there we might
+  start to create /Aggregates/ (read-only views constructed from events).
+  Using this architecture, a single events would be able to be used to
+  provide different views (historical views about a single client, list of
+  users that modified clients in the past, stats about users, etc...)
+
+** Technical Details
+
+- create an Event Store that can also be a CRUDStore to be searchable. I think
+  it should be backed by PostgreSQL to ease views when we might need to make
+  joins.
+- the =Event= schema should contain an =event-type= this should always be named in
+  the past tense. (note this structure provide a quite good template for events
+  structure that could ease the search in kibana in the future)
+  #+BEGIN_SRC clojure
+    (s/defschema Event
+      {:event-type s/Keyword       ;; prefer namespaced keywords that should link to a schema
+       :event-params {s/Any s/Any} ;; some printable hash-map that match the schema linked by event-type
+       :emiter
+         (st/optional-keys
+            {:service s/Keyword     ;; should be an service-name
+             :user-id s/Str         ;; should be the user-id of the person responsible for the event
+             :client-id s/Str       ;; if the operation is done via a client provide the client-id
+             :impersonated-by s/Str ;; if impersonated should provide the user-id of the master user
+             :user User             ;; all gory details about the User
+             :org Org               ;; all gory details about the org
+             })})
+  #+END_SRC
+
+- update the riemann-reporter service to be able to write to multiple stores and
+  with the ability to filter on set of event-types. So we could create stores
+  that could contains only some event-types. Also provide a list of event fields to track.
+  As riemann event-store will want all the details about an event while event in a searchable
+  store should not.
+- provide another =send-event= method for the =riemann-reporter= service to be able to send
+  event with all the mandatory infos, take care of removing all user / org infos from the event destined
+  #+BEGIN_SRC clojure
+  (s/defn send-event [event-type event-params emiter-infos] :- Event ...)
+  #+END_SRC
+- update the =send-event= call to match the correct format and configure one
+  searchable store of riemann reporter store to track those events.
+- update the =/login= handler not to put login dates infos in the user object.
+- update the =/profile= endpoint to use thoses events to display latests login dates.
+

TODO.org

@@ -1,6 +1,6 @@
 #+Title:TODO
 #+Author: Yann Esposito
-#+TODO: TODO IN-PROGRESS WAIT | DONE CANCELED
+#+TODO: TODO IN-PROGRESS HOLD WAITING | DONE CANCELED
 #+COLUMNS: %TODO %3PRIORITY %40ITEM(Task) %17Effort(Estimated Effort){:} %CLOCKSUM %8TAGS(TAG)
 
 Paris 7h10 - 8h45, à Londre, 15 mars
@@ -29,7 +29,6 @@ Les languages de programmation fonctionnels ont introduits récemment l'usage de
 structures de données immuables. Nous verrons comment celà facilite énormément
 l'écriture de programmes parallèles et concurrents.
 
-
 *** DONE Virement maman 3000€
     CLOSED: [2019-03-29 Fri 09:23]
     - IBAN: FR28 3000 2028 2100 0005 8155 N89
@@ -58,8 +57,8 @@ l'écriture de programmes parallèles et concurrents.
     Tel: 09 80 89 95 31
 
 ** Meetup Lamda Riviera :geek:
-** Projects :dev:geek:
+** Projects                                                        :dev:geek:
-*** TODO Write a comments system
+*** IN-PROGRESS Write a comments system
 
 Requirements:
 
@@ -109,7 +108,8 @@ Requirements:
   https://man.sr.ht/installation.md)
 - Something rawer like gpm?
 **** TODO Enhance Domain Name hoster to better support letsencrypt (typically CAA I think)
-*** =gpm= todo / wiki / docs, etc...                                   :dweb:
+*** CANCELED =gpm= todo / wiki / docs, etc...                          :dweb:
+    CLOSED: [2019-04-14 Sun 20:00]
 **** DONE Doc
      CLOSED: [2018-11-17 Sat 13:07]
  Write a tool to handle the following workflow.
@@ -165,8 +165,8 @@ Requirements:
       CLOSED: [2019-03-03 Sun 15:08]
 ***** DONE Ignore patterns
       CLOSED: [2019-03-02 Sat 20:07]
-***** TODO [#C] Use a split and Index on n-grams to match for all bots fast
+***** HOLD [#C] Use a split and Index on n-grams to match for all bots fast
-***** TODO [#C] User regex?
+***** HOLD [#C] User regex?
 **** TODO Enhance Producer by retrieving all post/comments [[https://intoli.com/blog/f5bot/][f5bot]]
 **** TODO Send mails on matches
 **** TODO Dev/Ops Improvement

agenda.org

@@ -0,0 +1,13 @@
+* Agenda
+** TODO yet another thing to test
+   :LOGBOOK:
+   CLOCK: [2019-04-15 Mon 00:35]--[2019-04-15 Mon 00:35] =>  0:00
+   :END:
+ [2019-04-15 Mon 00:35]
+ [[file:~/.spacemacs::'(org-agenda-files%20'("~/.deft/agenda.org"))]]
+** TODO xxx
+   :LOGBOOK:
+   CLOCK: [2019-04-15 Mon 00:36]--[2019-04-15 Mon 00:36] =>  0:00
+   :END:
+ [2019-04-15 Mon 00:36]
+ [[file:~/.spacemacs::'(org-refile-targets%20'((nil%20:maxlevel%20.%209)]]

cisco-epic-feature-flag-by-env.org

@@ -0,0 +1,72 @@
+#+Title:Cisco Epic Feature Flag by Env
+#+Author: Yann Esposito
+#+LANGUAGE: en
+#+TODO: TODO IN-PROGRESS WAIT | DONE CANCELED
+
+* Feature Flag by Env                                        :TOC_3_gh:QUOTE:
+#+BEGIN_QUOTE
+  - [[#requirement][Requirement]]
+    - [[#current-status][Current status]]
+  - [[#proposed-solution][Proposed Solution.]]
+    - [[#feature-flag-block-in-configedn][Feature Flag Block in =config.edn=]]
+#+END_QUOTE
+
+** Requirement
+
+> Craig Brozefsky Yesterday, 17:04
+> Matt: No orgs in EU should have devices scope
+
+*** Current status
+
+Until now we managed feature flag for an entire release. As such the
+feature-flag was 100% held in the code, not in the deployement conf.
+
+There are two methods used until today to manage feature-flags:
+
+1. scopes
+2. service launch (in bootstrap.cfg)
+3. control via config (in config.edn)
+
+The current requirement only talks about the =sse= scope.
+In fact we could (should) also prevent the =sse-service= to be launched.
+
+Note that scope handling is generally not trivial:
+
+- CTR use the scope as the single dimension to handle authorizations. One
+  consequence is that the notion of /role/ is not really meaningful in the CTR
+  code. The /role/ is only used from the info provided by the IdP and then
+  interpreted as a set of scopes (which can change dynamically, for exemple we
+  can attribute additional scopes to some org or user). It is also planned to
+  provide the ability for admin users to change the scopes of other users of
+  their org.
+
+** Proposed Solution.
+
+*** Feature Flag Block in =config.edn=
+
+That way it would be possible to not only handle scopes but also manage the
+feature flag in some specific part of the code. Typically we could use that flag
+to ignore some conf, and to not initialize fully some service.
+
+**** Service Launch Handling
+
+- If a service is started but its presence is not necessary when the feature
+  flag is off. The service should not really init itself fully and only return a
+  nil context and the methods should also returns nil silently
+
+**** Scope Handling
+
+Depending of the feature flag we might add an additional step during login we
+might "add" some new scopes and "remove some". If that's the case we might also
+change the JWT version dyamically.
+
+I would suggest something like:
+
+
+#+BEGIN_SRC clojure
+(defn dyn-jwt-version [activated-features]
+ (string/join "-" (cons static-jwt-version activated-features))
+#+END_SRC
+
+That would produce version such as: =v1.23=, =v1.23-sse=, =v1.23-sse-scim=,
+etc...

refile.org

@@ -0,0 +1,4 @@
+#+FILETAGS: REFILE
+* Tasks
+* Notes
+* Agenda