archives
This commit is contained in:
parent
be843e836b
commit
8c890e759e
9 changed files with 1755 additions and 44 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,4 @@
|
|||
ltximg
|
||||
HWP/
|
||||
.*.icloud
|
||||
.stack-work/
|
||||
|
|
BIN
Cisco.org.gpg
BIN
Cisco.org.gpg
Binary file not shown.
|
@ -2945,3 +2945,468 @@ Improvement of common knowledge of clojure runtime.
|
|||
|
||||
@Nargol, I'll try to be online because I'm at the symposium.
|
||||
@Craig, take the buffet :)
|
||||
|
||||
* Tech notes
|
||||
:PROPERTIES:
|
||||
:ARCHIVE_TIME: 2019-04-04 Thu 16:27
|
||||
:ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
|
||||
:ARCHIVE_CATEGORY: Cisco.org
|
||||
:END:
|
||||
** OPS Connect to Int
|
||||
|
||||
To find the IPs:
|
||||
|
||||
https://tg-iroh.signin.aws.amazon.com/console
|
||||
|
||||
Last time IP of =tenzin.int.iroh.site=: 54.165.154.145
|
||||
|
||||
Then
|
||||
|
||||
#+BEGIN_SRC
|
||||
ssh -i ~/.ssh/tenzin_master_int -o IdentitiesOnly=yes ubuntu@tenzin.int.iroh.site
|
||||
sudo su -
|
||||
salt '*iroh-01*' cmd.run "ifconfig"
|
||||
# GET THE IP
|
||||
sudo su -
|
||||
ssh -i /etc/salt/tenzin_master ubuntu@XXX
|
||||
sudo su -
|
||||
#+END_SRC
|
||||
|
||||
And you could do:
|
||||
|
||||
#+BEGIN_SRC
|
||||
cd /srv/iroh; ls -lath
|
||||
service iroh restart
|
||||
lsof -nP | grep LISTEN
|
||||
#+END_SRC
|
||||
|
||||
* Email of users
|
||||
:PROPERTIES:
|
||||
:ARCHIVE_TIME: 2019-04-04 Thu 16:29
|
||||
:ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
|
||||
:ARCHIVE_OLPATH: Epics
|
||||
:ARCHIVE_CATEGORY: Cisco.org
|
||||
:END:
|
||||
|
||||
** channel: email
|
||||
|
||||
Hi Eduardo,
|
||||
|
||||
In order for everyone to be aware of the situation here is a short resume:
|
||||
|
||||
1. Since we're using the IDB, new user records don't not contain an email field in the profile.
|
||||
The IDB does not return that data as specified in the OIDC protocol (see my remark).
|
||||
2. I stated the problem to the IDB team
|
||||
3. In order to mitigate that, for AMP accounts, I luckily found a workaround using a non
|
||||
standard field. Thus, currently, new users and existing users who login via AMP
|
||||
should have an email set in our DB.
|
||||
4. I asked the IDB team again to provide us the email during login also for TG users.
|
||||
|
||||
The current status:
|
||||
|
||||
Our DB should start to be filled with emails for all user that login to CTR.
|
||||
Existing user that do not login won't have their email set.
|
||||
|
||||
If the IDB team find a way to update their configuration to pass down the email
|
||||
information for TG user, the DB might also be filled automatically without
|
||||
work to be done by the CTR team.
|
||||
|
||||
> + Adding Snehal, Craig, and Guillaume for awareness
|
||||
>
|
||||
> Hi Yann,
|
||||
>
|
||||
> Could you please provide an update on the issues 2440 and 2504 around not
|
||||
> getting user emails? There are 1548 user ids from AMP customers with no email
|
||||
> associated.
|
||||
>
|
||||
> Something seems to have changed, since recently we’ve been getting no emails for
|
||||
> new users. This is essential for us to track adoption by product and set up
|
||||
> targeted email campaigns.
|
||||
>
|
||||
> Thanks
|
||||
|
||||
|
||||
* History API via Event Store :TOC_3_gh:QUOTE:
|
||||
:PROPERTIES:
|
||||
:ARCHIVE_TIME: 2019-04-04 Thu 16:29
|
||||
:ARCHIVE_FILE: ~/.deft/Cisco.org.gpg
|
||||
:ARCHIVE_OLPATH: Epics
|
||||
:ARCHIVE_CATEGORY: Cisco.org
|
||||
:END:
|
||||
#+BEGIN_QUOTE
|
||||
- [[#oauth2-provider][OAuth2 Provider]]
|
||||
- [[#workflow][Workflow]]
|
||||
- [[#authorize][=/authorize=]]
|
||||
- [[#approve][=/approve=]]
|
||||
- [[#refuse][=/refuse=]]
|
||||
- [[#token][=/token=]]
|
||||
- [[#oauth2-in-iroh-auth-spec-rfc-second-pass][OAuth2 in IROH-Auth Spec RFC second pass]]
|
||||
- [[#vocabulary][Vocabulary]]
|
||||
- [[#client-registration][Client Registration]]
|
||||
- [[#protocol-endpoints][Protocol Endpoints]]
|
||||
- [[#obtaining-authorization][Obtaining Authorization]]
|
||||
- [[#oauth2-provider-epic][OAuth2 Provider Epic]]
|
||||
- [[#functional-spec][Functional Spec]]
|
||||
- [[#tasks][Tasks]]
|
||||
- [[#technical-spec][Technical Spec]]
|
||||
- [[#oauth2-epics-3rd-pass][OAuth2 Epics (3rd pass)]]
|
||||
- [[#spa-compatible-oauth2][SPA compatible OAuth2]]
|
||||
- [[#users-made-oauth2-clients][User's made OAuth2 clients]]
|
||||
- [[#internal-user-representation][Internal User Representation]]
|
||||
- [[#oauth2-client-credentials-grant][OAuth2 Client Credentials Grant]]
|
||||
- [[#iroh-admin-dashboard][IROH Admin Dashboard]]
|
||||
- [[#oauth2-enhancements][OAuth2 Enhancements]]
|
||||
- [[#scopes-dictionary][Scopes Dictionary]]
|
||||
- [[#document-for-raghavaiah][Document for Raghavaiah]]
|
||||
- [[#franks-proposal-auth-config-untangling][Frank's proposal; Auth config untangling]]
|
||||
- [[#int][INT]]
|
||||
- [[#test][TEST]]
|
||||
- [[#proposal][Proposal]]
|
||||
- [[#int-1][INT]]
|
||||
- [[#prod-nam][PROD NAM]]
|
||||
- [[#prod-eu][PROD EU]]
|
||||
- [[#prod-apjc][PROD APJC]]
|
||||
- [[#test-1][TEST]]
|
||||
- [[#daily-standup-meeting][Daily Standup Meeting]]
|
||||
- [[#2019-02-27-wed][<2019-02-27 Wed>]]
|
||||
- [[#release-119][release 1.19]]
|
||||
- [[#individual-updates][individual updates]]
|
||||
- [[#uiux][UI/UX]]
|
||||
- [[#misc][Misc]]
|
||||
- [[#2019-02-25-mon][<2019-02-25 Mon>]]
|
||||
- [[#2019-01-18-fri][<2019-01-18 Fri>]]
|
||||
- [[#individual-update][Individual update]]
|
||||
- [[#2019-01-23-wed][<2019-01-23 Wed>]]
|
||||
- [[#ops][ops]]
|
||||
- [[#rel-116][rel 1.16]]
|
||||
- [[#individual-update-1][Individual update]]
|
||||
- [[#ux-design-update][UX Design update]]
|
||||
- [[#design-update][Design update]]
|
||||
- [[#2019-01-11-fri][<2019-01-11 Fri>]]
|
||||
- [[#ops-weather-report][Ops Weather Report]]
|
||||
- [[#individual-reports][Individual Reports]]
|
||||
- [[#design][Design]]
|
||||
- [[#2019-01-09-wed][<2019-01-09 Wed>]]
|
||||
- [[#ops-1][Ops]]
|
||||
- [[#reports][Reports]]
|
||||
- [[#2019-01-08-tue][<2019-01-08 Tue>]]
|
||||
- [[#ops-2][OPS]]
|
||||
- [[#release-status][Release Status]]
|
||||
- [[#angela][Angela]]
|
||||
- [[#2019-01-04-fri][<2019-01-04 Fri>]]
|
||||
- [[#2018-12-07-fri][<2018-12-07 Fri>]]
|
||||
- [[#topics][Topics]]
|
||||
- [[#ops-3][Ops]]
|
||||
- [[#rel][Rel]]
|
||||
- [[#2018-11-28-wed][<2018-11-28 Wed>]]
|
||||
- [[#release-114][release 1.14]]
|
||||
- [[#ops-report][Ops report]]
|
||||
- [[#individual-report][Individual Report]]
|
||||
- [[#ux-design-report][UX Design Report]]
|
||||
- [[#2018-11-26-mon][<2018-11-26 Mon>]]
|
||||
- [[#2019-01-11-fri-1][<2019-01-11 Fri>]]
|
||||
- [[#2018-11-19-mon][<2018-11-19 Mon>]]
|
||||
- [[#ops-4][Ops]]
|
||||
- [[#ui][UI]]
|
||||
- [[#individual-reports-1][Individual reports]]
|
||||
- [[#jwt-lifetime][JWT lifetime]]
|
||||
- [[#2018-10-31-wed][<2018-10-31 Wed>]]
|
||||
- [[#individual-reports-2][Individual Reports]]
|
||||
- [[#2018-10-22-mon][<2018-10-22 Mon>]]
|
||||
- [[#individual-updates-1][Individual Updates]]
|
||||
- [[#2018-10-10-wed][<2018-10-10 Wed>]]
|
||||
- [[#2018-10-01-mon][<2018-10-01 Mon>]]
|
||||
- [[#2018-09-19-wed][<2018-09-19 Wed>]]
|
||||
- [[#ops-weather-reports][Ops weather reports]]
|
||||
- [[#release-report][Release report]]
|
||||
- [[#doc-report][Doc report]]
|
||||
- [[#personal-report][Personal report]]
|
||||
- [[#ux-update][UX Update]]
|
||||
- [[#pto][PTO]]
|
||||
- [[#2018-09-18-tue][<2018-09-18 Tue>]]
|
||||
- [[#2018-09-11-tue-secretary-nola][<2018-09-11 Tue> Secretary: Nola]]
|
||||
- [[#topics-1][Topics]]
|
||||
- [[#pr-merge][PR merge]]
|
||||
- [[#pto-1][PTO]]
|
||||
- [[#2018-09-10-mon][<2018-09-10 Mon>]]
|
||||
- [[#yann][Yann]]
|
||||
- [[#ux-design][UX Design]]
|
||||
- [[#idp-issue][IdP Issue]]
|
||||
- [[#2018-08-14-tue][<2018-08-14 Tue>]]
|
||||
- [[#2018-08-17-fri][<2018-08-17 Fri>]]
|
||||
- [[#topics-2][Topics]]
|
||||
- [[#ops-report-1][Ops report]]
|
||||
- [[#individual-reports-3][Individual Reports]]
|
||||
- [[#ux-design-update-1][UX Design Update]]
|
||||
- [[#pto-2][PTO]]
|
||||
- [[#2018-08-13-mon-secretary-paula][<2018-08-13 Mon> Secretary Paula]]
|
||||
- [[#individual-report-1][Individual report]]
|
||||
- [[#2018-08-08-wed-secretary-john][<2018-08-08 Wed> Secretary John]]
|
||||
- [[#individual-report-2][Individual Report]]
|
||||
- [[#2018-08-07-tue][<2018-08-07 Tue>]]
|
||||
- [[#brian][Brian]]
|
||||
- [[#2018-08-06-mon][<2018-08-06 Mon>]]
|
||||
- [[#bart-resigned-by-mail][Bart resigned (by mail)]]
|
||||
- [[#individual-report-3][Individual report]]
|
||||
- [[#2018-08-03-fri][<2018-08-03 Fri>]]
|
||||
- [[#topic][Topic]]
|
||||
- [[#individual-update-2][Individual Update]]
|
||||
- [[#ops-report-2][Ops Report]]
|
||||
- [[#release-status-1][Release Status]]
|
||||
- [[#2018-08-01-wed][<2018-08-01 Wed>]]
|
||||
- [[#topics-3][Topics]]
|
||||
- [[#update-from-craig][Update from Craig]]
|
||||
- [[#individual-reports-4][Individual Reports]]
|
||||
- [[#blocking-bug-622][Blocking Bug #622]]
|
||||
- [[#ops-5][Ops]]
|
||||
- [[#pto-3][PTO]]
|
||||
- [[#2018-07-25-wed-secretary-matt][<2018-07-25 Wed> Secretary Matt]]
|
||||
- [[#individual-reports-5][Individual Reports]]
|
||||
- [[#2018-07-24-tue][<2018-07-24 Tue>]]
|
||||
- [[#release][Release]]
|
||||
- [[#operation-report][Operation Report]]
|
||||
- [[#release-notes][Release Notes]]
|
||||
- [[#2018-07-23-mon-secretary-alex][<2018-07-23 Mon> Secretary Alex]]
|
||||
- [[#individual-reports-6][Individual Reports]]
|
||||
- [[#2018-07-17-tue][<2018-07-17 Tue>]]
|
||||
- [[#topics-4][Topics]]
|
||||
- [[#2018-07-16-mon][<2018-07-16 Mon>]]
|
||||
- [[#topics-5][Topics]]
|
||||
- [[#individual-reports-7][Individual Reports]]
|
||||
- [[#2018-07-13-fri][<2018-07-13 Fri>]]
|
||||
- [[#2018-07-11-wed-secretary-bart][<2018-07-11 Wed> Secretary: Bart]]
|
||||
- [[#individual-update-3][Individual update]]
|
||||
- [[#release-deployment-day][Release Deployment Day]]
|
||||
- [[#conversation-in-the-iroh-channel][conversation in the IROH channel]]
|
||||
- [[#soliciting-topic][soliciting topic]]
|
||||
- [[#impersonate-api][impersonate API]]
|
||||
- [[#integrating-with-amp-test-env][integrating with AMP test env]]
|
||||
- [[#update-from-john][update from John]]
|
||||
- [[#2018-07-09-mon][<2018-07-09 Mon>]]
|
||||
- [[#release-1][Release]]
|
||||
- [[#pto-4][PTO]]
|
||||
- [[#][...]]
|
||||
- [[#2018-07-06-fri-secretary-jesse][<2018-07-06 Fri> Secretary Jesse]]
|
||||
- [[#release-2][Release]]
|
||||
- [[#discovery][Discovery]]
|
||||
- [[#bart-demo][Bart Demo]]
|
||||
- [[#upcoming-pto][Upcoming PTO]]
|
||||
- [[#2018-07-04-wed][<2018-07-04 Wed>]]
|
||||
- [[#2018-07-03-tue][<2018-07-03 Tue>]]
|
||||
- [[#2018-06-29-fri][<2018-06-29 Fri>]]
|
||||
- [[#iroh-ui][IROH UI]]
|
||||
- [[#pto-5][PTO]]
|
||||
- [[#2018-06-22-fri-secretary-yann][<2018-06-22 Fri> Secretary Yann]]
|
||||
- [[#release-status-2][Release Status]]
|
||||
- [[#ops-report-3][Ops Report]]
|
||||
- [[#ttp-headnodes][TTP Headnodes]]
|
||||
- [[#pto-update][PTO update]]
|
||||
- [[#question-about-possible-users-information-leaks-in-the-kibana-logs][Question about possible user's information leaks in the kibana logs]]
|
||||
- [[#2018-06-15-fri][<2018-06-15 Fri>]]
|
||||
- [[#2018-06-01-fri][<2018-06-01 Fri>]]
|
||||
- [[#ops-status-aws-outage][OPS status (AWS outage)]]
|
||||
- [[#ui-status-update][UI Status update]]
|
||||
- [[#naga-status-update][Naga Status Update]]
|
||||
- [[#certifcate-expiration][Certifcate expiration]]
|
||||
- [[#kibana-dashboard][Kibana dashboard.]]
|
||||
- [[#pto-6][PTO]]
|
||||
- [[#2018-05-30-wed-secretary-bart][<2018-05-30 Wed> Secretary: Bart]]
|
||||
- [[#2018-05-23-wed][<2018-05-23 Wed>]]
|
||||
- [[#2018-05-14-mon-secretary-jesse][<2018-05-14 Mon> Secretary: Jesse]]
|
||||
- [[#2018-04-24-tue-secretary-chris][<2018-04-24 Tue> Secretary: Chris]]
|
||||
- [[#2018-04-23-mon-secretary-jesse][<2018-04-23 Mon> Secretary: Jesse]]
|
||||
- [[#2018-04-11-wed][<2018-04-11 Wed>]]
|
||||
- [[#2018-03-27-tue-secretary-daniel][<2018-03-27 Tue> Secretary: Daniel]]
|
||||
- [[#release-3][release]]
|
||||
- [[#2018-03-14-wed-secretary-daniel][<2018-03-14 Wed> Secretary: Daniel]]
|
||||
- [[#2018-03-02-fri-secretary-craig][<2018-03-02 Fri> Secretary: Craig]]
|
||||
- [[#2018-02-28-wed-secretary-yann][<2018-02-28 Wed> Secretary: Yann]]
|
||||
- [[#saml-vulnerability][SAML Vulnerability]]
|
||||
- [[#blocked-on-es-maximum-nb-of-field-error][Blocked on ES maximum nb of field error]]
|
||||
- [[#blocked][Blocked]]
|
||||
- [[#some-dev-start-to-become-painful][Some dev start to become painful]]
|
||||
- [[#release-status-3][Release status]]
|
||||
- [[#cisco-anyconnect-problem][Cisco AnyConnect Problem]]
|
||||
- [[#2018-02-27-tue-secretary-paula][<2018-02-27 Tue> Secretary: Paula]]
|
||||
- [[#report-from-berlin][Report from Berlin]]
|
||||
- [[#int--test][Int / Test]]
|
||||
- [[#2018-02-26-mon-secretary-alex][<2018-02-26 Mon> Secretary: Alex]]
|
||||
- [[#tg-login][TG Login]]
|
||||
- [[#tenzin-conf][Tenzin Conf]]
|
||||
- [[#offsite][Offsite]]
|
||||
- [[#2018-02-23-fri][<2018-02-23 Fri>]]
|
||||
- [[#2018-02-19-mon-secretary-jesse][<2018-02-19 Mon> Secretary: Jesse]]
|
||||
- [[#2018-02-07-wed-secretary-yann][<2018-02-07 Wed> Secretary: Yann]]
|
||||
- [[#wait_for-for-refresh-in-es-impact][wait_for for refresh in ES impact]]
|
||||
- [[#chris-stuck-too-long-on-1225][Chris: stuck too long on #1225]]
|
||||
- [[#release-status-4][Release status]]
|
||||
- [[#2018-02-05-mon-secretary-chris][<2018-02-05 Mon> Secretary: Chris]]
|
||||
- [[#2018-02-01-thu-secretary-alex][<2018-02-01 Thu> Secretary: Alex]]
|
||||
- [[#2018-01-31-wed-secretary-matt][<2018-01-31 Wed> Secretary: Matt]]
|
||||
- [[#spectre-patches][Spectre patches]]
|
||||
- [[#ctia-investigate-issue][CTIA Investigate Issue]]
|
||||
- [[#html-route][HTML route]]
|
||||
- [[#2018-01-30-tue-secretary-brian][<2018-01-30 Tue> Secretary: Brian]]
|
||||
- [[#scratchpad-service-guillaume][Scratchpad Service (Guillaume)]]
|
||||
- [[#error-reporting-in-iroh-ui-interface-jesse][Error Reporting in IROH UI Interface (Jesse)]]
|
||||
- [[#amp-visibility-design-recap][AMP Visibility design recap]]
|
||||
- [[#amp-visibility-builds][AMP Visibility Builds]]
|
||||
- [[#2018-01-29-mon-secretary-houman][<2018-01-29 Mon> Secretary: Houman]]
|
||||
- [[#status-of-the-release][Status of The release]]
|
||||
- [[#investigation--snapshots--incident--scratchpads][Investigation & Snapshots / Incident & Scratchpads]]
|
||||
- [[#ui-rewrite][UI rewrite?]]
|
||||
- [[#2018-01-25-thu-secretary][<2018-01-25 Thu> Secretary:]]
|
||||
- [[#2018-01-24-wed-secretary-paula][<2018-01-24 Wed> Secretary: Paula]]
|
||||
- [[#timeout-issue][Timeout issue]]
|
||||
- [[#client-lib-visibility-lib][Client Lib, Visibility Lib]]
|
||||
- [[#deadline][Deadline]]
|
||||
- [[#metrics-we-need-in-production][Metrics we need in production]]
|
||||
- [[#2018-01-22-mon-secretary-guillaume][<2018-01-22 Mon> Secretary: Guillaume]]
|
||||
- [[#contact-to-tg-integration][Contact to TG Integration]]
|
||||
- [[#amp-global-intel-next-step][AMP Global Intel Next Step]]
|
||||
- [[#iroh-ui-1][IROH-UI]]
|
||||
- [[#2018-01-18-thu-secretary-jesse][<2018-01-18 Thu> Secretary: Jesse]]
|
||||
- [[#2018-01-17-wed-secretary-alex][<2018-01-17 Wed> Secretary: Alex]]
|
||||
- [[#2018-01-16-tue-secretary-yann][<2018-01-16 Tue> Secretary: Yann]]
|
||||
- [[#prod-patching-meltdown][Prod Patching Meltdown]]
|
||||
- [[#tg-indicator][TG indicator]]
|
||||
- [[#2018-01-11-thu-secretary-chris][<2018-01-11 Thu> Secretary: Chris]]
|
||||
- [[#story-boards][Story boards]]
|
||||
- [[#2018-01-10-wed-secretary-sam][<2018-01-10 Wed> Secretary: Sam]]
|
||||
- [[#status-update][status update]]
|
||||
- [[#2018-01-09-tue][<2018-01-09 Tue>]]
|
||||
- [[#offsite-1][offsite]]
|
||||
- [[#yesterday-meeting][yesterday meeting]]
|
||||
- [[#update-ui-stuff][update UI stuff]]
|
||||
- [[#job-description][Job description]]
|
||||
- [[#2018-01-08-mon][<2018-01-08 Mon>]]
|
||||
- [[#2018-01-05-fri][<2018-01-05 Fri>]]
|
||||
- [[#secretary-alex][Secretary @Alex]]
|
||||
- [[#ui-breakout][UI breakout]]
|
||||
- [[#project-boards][Project Board(s)]]
|
||||
- [[#offsite-2][Offsite]]
|
||||
- [[#new-position][New position]]
|
||||
- [[#2018-01-04-thu][<2018-01-04 Thu>]]
|
||||
- [[#2018-01-03-wed][<2018-01-03 Wed>]]
|
||||
- [[#2018-01-02-tue][<2018-01-02 Tue>]]
|
||||
- [[#craig][Craig]]
|
||||
- [[#2017-12-04][<2017-12-04>]]
|
||||
- [[#2017-11-29][<2017-11-29>]]
|
||||
- [[#2017-11-28][<2017-11-28>]]
|
||||
- [[#2017-10-27][<2017-10-27>]]
|
||||
- [[#2017-10-26][<2017-10-26>]]
|
||||
- [[#2017-10-18---nil][<2017-10-18> - nil]]
|
||||
- [[#2017-10-17---nil][<2017-10-17> - nil]]
|
||||
- [[#2017-10-16][<2017-10-16>]]
|
||||
- [[#2017-09-26][<2017-09-26>]]
|
||||
- [[#tech-notes][Tech notes]]
|
||||
- [[#ops-connect-to-int][OPS Connect to Int]]
|
||||
- [[#email-of-users][Email of users]]
|
||||
- [[#channel-email][channel: email]]
|
||||
- [[#introduction][Introduction]]
|
||||
- [[#plan][Plan]]
|
||||
- [[#part-1][Part 1]]
|
||||
- [[#part-2][Part 2]]
|
||||
- [[#technical-details][Technical Details]]
|
||||
#+END_QUOTE
|
||||
|
||||
** Introduction
|
||||
|
||||
Multiple recent features/changes would be improved by a system to keep
|
||||
track of history events (see #2370, #2425, #2426).
|
||||
|
||||
- keep track of login dates (right now, we only keep track of the
|
||||
latest 5 login dates, we also can't keep much meta infos about those
|
||||
logins like IP addresses, HTTP referrers, etc...)
|
||||
- Administrative tasks, a new notion of role will give some user the
|
||||
right to manage resources like other users / other OAuth2 clients.
|
||||
As such we should keep track of who is doing what and when to
|
||||
prevent subtle attack and/or errors.
|
||||
|
||||
For now, all these information can be gathered through our internal logging
|
||||
system. I think this should become an internal API. Typically our customer will
|
||||
want to know who is the admin that blocked some user and when.
|
||||
|
||||
** Plan
|
||||
|
||||
*** Part 1
|
||||
|
||||
Keep track of:
|
||||
|
||||
- user logins
|
||||
- user profile updates
|
||||
- client updates (who modified the client and when)
|
||||
|
||||
I think we should start with a very small plan first. We could take
|
||||
advantage of the current events we are sending to Riemann and put those
|
||||
events (or only part of them) in a searchable store. The advantage is
|
||||
that we already have a service with a clear and simple API and is used
|
||||
in many different other services.
|
||||
|
||||
We should then impose stronger constraints to the event format. It
|
||||
should be beneficial for both internal API and analysis via Kibana (the
|
||||
team responsible to analyse user behaviour expressed difficulties in
|
||||
dealing with the lack of common format and missing infos for some
|
||||
events).
|
||||
|
||||
This approach will also make it easier to simplify the internal
|
||||
structure of the client object and be able to remove details about the
|
||||
internal workflow in that object (and also others). Typically, it should
|
||||
remove the need for many metadatas of the object (updated-by,
|
||||
approval-status, etc...)
|
||||
|
||||
During this first step the events should correspond to *things that
|
||||
happened* and as such should be named in past tense (*User Blocked*,
|
||||
*Client Deleted*, etc...).
|
||||
|
||||
*** Part 2
|
||||
|
||||
/remark/: Part 2 is out of the scope of this issue and should be its own issue
|
||||
later.
|
||||
|
||||
I think we should think about not only using "Events" (things that
|
||||
happened in the past) but also /Commands/ (requests for things to
|
||||
happen, named with verb in imperative mood). And from there we might
|
||||
start to create /Aggregates/ (read-only views constructed from events).
|
||||
Using this architecture, a single events would be able to be used to
|
||||
provide different views (historical views about a single client, list of
|
||||
users that modified clients in the past, stats about users, etc...)
|
||||
|
||||
** Technical Details
|
||||
|
||||
- create an Event Store that can also be a CRUDStore to be searchable. I think
|
||||
it should be backed by PostgreSQL to ease views when we might need to make
|
||||
joins.
|
||||
- the =Event= schema should contain an =event-type= this should always be named in
|
||||
the past tense. (note this structure provide a quite good template for events
|
||||
structure that could ease the search in kibana in the future)
|
||||
#+BEGIN_SRC clojure
|
||||
(s/defschema Event
|
||||
{:event-type s/Keyword ;; prefer namespaced keywords that should link to a schema
|
||||
:event-params {s/Any s/Any} ;; some printable hash-map that match the schema linked by event-type
|
||||
:emiter
|
||||
(st/optional-keys
|
||||
{:service s/Keyword ;; should be an service-name
|
||||
:user-id s/Str ;; should be the user-id of the person responsible for the event
|
||||
:client-id s/Str ;; if the operation is done via a client provide the client-id
|
||||
:impersonated-by s/Str ;; if impersonated should provide the user-id of the master user
|
||||
:user User ;; all gory details about the User
|
||||
:org Org ;; all gory details about the org
|
||||
})})
|
||||
#+END_SRC
|
||||
|
||||
- update the riemann-reporter service to be able to write to multiple stores and
|
||||
with the ability to filter on set of event-types. So we could create stores
|
||||
that could contains only some event-types. Also provide a list of event fields to track.
|
||||
As riemann event-store will want all the details about an event while event in a searchable
|
||||
store should not.
|
||||
- provide another =send-event= method for the =riemann-reporter= service to be able to send
|
||||
event with all the mandatory infos, take care of removing all user / org infos from the event destined
|
||||
#+BEGIN_SRC clojure
|
||||
(s/defn send-event [event-type event-params emiter-infos] :- Event ...)
|
||||
#+END_SRC
|
||||
- update the =send-event= call to match the correct format and configure one
|
||||
searchable store of riemann reporter store to track those events.
|
||||
- update the =/login= handler not to put login dates infos in the user object.
|
||||
- update the =/profile= endpoint to use thoses events to display latests login dates.
|
||||
|
||||
|
|
12
TODO.org
12
TODO.org
|
@ -1,6 +1,6 @@
|
|||
#+Title:TODO
|
||||
#+Author: Yann Esposito
|
||||
#+TODO: TODO IN-PROGRESS WAIT | DONE CANCELED
|
||||
#+TODO: TODO IN-PROGRESS HOLD WAITING | DONE CANCELED
|
||||
#+COLUMNS: %TODO %3PRIORITY %40ITEM(Task) %17Effort(Estimated Effort){:} %CLOCKSUM %8TAGS(TAG)
|
||||
|
||||
Paris 7h10 - 8h45, à Londre, 15 mars
|
||||
|
@ -29,7 +29,6 @@ Les languages de programmation fonctionnels ont introduits récemment l'usage de
|
|||
structures de données immuables. Nous verrons comment celà facilite énormément
|
||||
l'écriture de programmes parallèles et concurrents.
|
||||
|
||||
|
||||
*** DONE Virement maman 3000€
|
||||
CLOSED: [2019-03-29 Fri 09:23]
|
||||
- IBAN: FR28 3000 2028 2100 0005 8155 N89
|
||||
|
@ -59,7 +58,7 @@ l'écriture de programmes parallèles et concurrents.
|
|||
|
||||
** Meetup Lamda Riviera :geek:
|
||||
** Projects :dev:geek:
|
||||
*** TODO Write a comments system
|
||||
*** IN-PROGRESS Write a comments system
|
||||
|
||||
Requirements:
|
||||
|
||||
|
@ -109,7 +108,8 @@ Requirements:
|
|||
https://man.sr.ht/installation.md)
|
||||
- Something rawer like gpm?
|
||||
**** TODO Enhance Domain Name hoster to better support letsencrypt (typically CAA I think)
|
||||
*** =gpm= todo / wiki / docs, etc... :dweb:
|
||||
*** CANCELED =gpm= todo / wiki / docs, etc... :dweb:
|
||||
CLOSED: [2019-04-14 Sun 20:00]
|
||||
**** DONE Doc
|
||||
CLOSED: [2018-11-17 Sat 13:07]
|
||||
Write a tool to handle the following workflow.
|
||||
|
@ -165,8 +165,8 @@ Requirements:
|
|||
CLOSED: [2019-03-03 Sun 15:08]
|
||||
***** DONE Ignore patterns
|
||||
CLOSED: [2019-03-02 Sat 20:07]
|
||||
***** TODO [#C] Use a split and Index on n-grams to match for all bots fast
|
||||
***** TODO [#C] User regex?
|
||||
***** HOLD [#C] Use a split and Index on n-grams to match for all bots fast
|
||||
***** HOLD [#C] User regex?
|
||||
**** TODO Enhance Producer by retrieving all post/comments [[https://intoli.com/blog/f5bot/][f5bot]]
|
||||
**** TODO Send mails on matches
|
||||
**** TODO Dev/Ops Improvement
|
||||
|
|
13
agenda.org
Normal file
13
agenda.org
Normal file
|
@ -0,0 +1,13 @@
|
|||
* Agenda
|
||||
** TODO yet another thing to test
|
||||
:LOGBOOK:
|
||||
CLOCK: [2019-04-15 Mon 00:35]--[2019-04-15 Mon 00:35] => 0:00
|
||||
:END:
|
||||
[2019-04-15 Mon 00:35]
|
||||
[[file:~/.spacemacs::'(org-agenda-files%20'("~/.deft/agenda.org"))]]
|
||||
** TODO xxx
|
||||
:LOGBOOK:
|
||||
CLOCK: [2019-04-15 Mon 00:36]--[2019-04-15 Mon 00:36] => 0:00
|
||||
:END:
|
||||
[2019-04-15 Mon 00:36]
|
||||
[[file:~/.spacemacs::'(org-refile-targets%20'((nil%20:maxlevel%20.%209)]]
|
72
cisco-epic-feature-flag-by-env.org
Normal file
72
cisco-epic-feature-flag-by-env.org
Normal file
|
@ -0,0 +1,72 @@
|
|||
#+Title:Cisco Epic Feature Flag by Env
|
||||
#+Author: Yann Esposito
|
||||
#+LANGUAGE: en
|
||||
#+TODO: TODO IN-PROGRESS WAIT | DONE CANCELED
|
||||
|
||||
* Feature Flag by Env :TOC_3_gh:QUOTE:
|
||||
#+BEGIN_QUOTE
|
||||
- [[#requirement][Requirement]]
|
||||
- [[#current-status][Current status]]
|
||||
- [[#proposed-solution][Proposed Solution.]]
|
||||
- [[#feature-flag-block-in-configedn][Feature Flag Block in =config.edn=]]
|
||||
#+END_QUOTE
|
||||
|
||||
** Requirement
|
||||
|
||||
> Craig Brozefsky Yesterday, 17:04
|
||||
> Matt: No orgs in EU should have devices scope
|
||||
|
||||
*** Current status
|
||||
|
||||
Until now we managed feature flag for an entire release. As such the
|
||||
feature-flag was 100% held in the code, not in the deployement conf.
|
||||
|
||||
There are two methods used until today to manage feature-flags:
|
||||
|
||||
1. scopes
|
||||
2. service launch (in bootstrap.cfg)
|
||||
3. control via config (in config.edn)
|
||||
|
||||
The current requirement only talks about the =sse= scope.
|
||||
In fact we could (should) also prevent the =sse-service= to be launched.
|
||||
|
||||
Note that scope handling is generally not trivial:
|
||||
|
||||
- CTR use the scope as the single dimension to handle authorizations. One
|
||||
consequence is that the notion of /role/ is not really meaningful in the CTR
|
||||
code. The /role/ is only used from the info provided by the IdP and then
|
||||
interpreted as a set of scopes (which can change dynamically, for exemple we
|
||||
can attribute additional scopes to some org or user). It is also planned to
|
||||
provide the ability for admin users to change the scopes of other users of
|
||||
their org.
|
||||
|
||||
** Proposed Solution.
|
||||
|
||||
*** Feature Flag Block in =config.edn=
|
||||
|
||||
That way it would be possible to not only handle scopes but also manage the
|
||||
feature flag in some specific part of the code. Typically we could use that flag
|
||||
to ignore some conf, and to not initialize fully some service.
|
||||
|
||||
**** Service Launch Handling
|
||||
|
||||
- If a service is started but its presence is not necessary when the feature
|
||||
flag is off. The service should not really init itself fully and only return a
|
||||
nil context and the methods should also returns nil silently
|
||||
|
||||
**** Scope Handling
|
||||
|
||||
Depending of the feature flag we might add an additional step during login we
|
||||
might "add" some new scopes and "remove some". If that's the case we might also
|
||||
change the JWT version dyamically.
|
||||
|
||||
I would suggest something like:
|
||||
|
||||
|
||||
#+BEGIN_SRC clojure
|
||||
(defn dyn-jwt-version [activated-features]
|
||||
(string/join "-" (cons static-jwt-version activated-features))
|
||||
#+END_SRC
|
||||
|
||||
That would produce version such as: =v1.23=, =v1.23-sse=, =v1.23-sse-scim=,
|
||||
etc...
|
BIN
journal.org.gpg
BIN
journal.org.gpg
Binary file not shown.
4
refile.org
Normal file
4
refile.org
Normal file
|
@ -0,0 +1,4 @@
|
|||
#+FILETAGS: REFILE
|
||||
* Tasks
|
||||
* Notes
|
||||
* Agenda
|
Loading…
Reference in a new issue