#+title: Yann FY23 Report #+subtitle: back to one month older #+date: 2023-09-26 #+options: H:6 ^:nil *** Yann [164] **** clj-jwt [3 (3 / 0)] - ~W27~ Version 0.5.2-SNAPSHOT - ~W27~ Version 0.5.1 - ~W27~ Merge pull request #4 from latacora/master **** ctia [1 (1 / 0)] - ~W10~ bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]] **** iroh [88 (85 / 3)] - ~W30~ Fix a URL detection from HTML [[https://github.com/advthreat/iroh/pull/8165][#8165]] - ~W30~ Revert "Incident Summary Migration" [[https://github.com/advthreat/iroh/pull/8163][#8163]] - ~W30~ [Monetization]: Fix business logic of data retention [[https://github.com/advthreat/iroh/pull/8142][#8142]] - ~W30~ Allow braces with iroh-core/strint [[https://github.com/advthreat/iroh/pull/8051][#8051]] - ~W29~ Remove SecureX branding and attempt to match SCSO branding for invitation and OAuth2 authorization [[https://github.com/advthreat/iroh/pull/8111][#8111]] - ~W29~ [Registration UI]: Reword to remove SX reference [[https://github.com/advthreat/iroh/pull/8110][#8110]] - ~W29~ Entitlement summary technical values [[https://github.com/advthreat/iroh/pull/8094][#8094]] - ~W29~ [PIAM] Make enterprise id mandatory for piam [[https://github.com/advthreat/iroh/pull/8069][#8069]] - ~W28~ PIAM: Enhance provisioning tracking [[https://github.com/advthreat/iroh/pull/8061][#8061]] - ~W27~ Make country-name optional from the whoami. [[https://github.com/advthreat/iroh/pull/8050][#8050]] - ~W27~ Do not send email for XDR org during AO bootstrap [[https://github.com/advthreat/iroh/pull/8045][#8045]] - ~W27~ [PIAM] Show the whole response on onboarding errors [[https://github.com/advthreat/iroh/pull/8039][#8039]] - ~W27~ Makes feature-flag change access more precise [[https://github.com/advthreat/iroh/pull/8026][#8026]] - ~W27~ Revert "woke tool added (#7926)" [[https://github.com/advthreat/iroh/pull/8029][#8029]] - ~W25~ Sorted Idps [[https://github.com/advthreat/iroh/pull/7997][#7997]] - ~W25~ Add default value in the Swagger UI description. [[https://github.com/advthreat/iroh/pull/7995][#7995]] - ~W24~ Hide even more hidden APIs [[https://github.com/advthreat/iroh/pull/7979][#7979]] - ~W24~ [PIAM]: Support passing body parameter to onboarding via Provisioning API [[https://github.com/advthreat/iroh/pull/7986][#7986]] - ~W24~ Upgrade SX to XDR org via provisioning [[https://github.com/advthreat/iroh/pull/7981][#7981]] - ~W24~ feature-flag scopes are considered as special [[https://github.com/advthreat/iroh/pull/7985][#7985]] - ~W24~ fix local dev environment to be able to start locally without docker [[https://github.com/advthreat/iroh/pull/7944][#7944]] - ~W23~ Use org to display the roles as expected [[https://github.com/advthreat/iroh/pull/7952][#7952]] - ~W22~ Fix SCSO rebrand name. [[https://github.com/advthreat/iroh/pull/7937][#7937]] - ~W22~ Rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/iroh/pull/7935][#7935]] - ~W22~ A few additional helpers [[https://github.com/advthreat/iroh/pull/7914][#7914]] - ~W20~ [IROH Auth] Entitlement Service [[https://github.com/advthreat/iroh/pull/7870][#7870]] - ~W19~ Change the scope for ff change [[https://github.com/advthreat/iroh/pull/7857][#7857]] - ~W18~ replace clj-momo deep-merge [[https://github.com/advthreat/iroh/pull/7815][#7815]] - ~W17~ Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]] - ~W17~ Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]] - ~W17~ Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]] - ~W17~ Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]] - ~W17~ Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]] - ~W17~ Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]] - ~W16~ Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]] - ~W14~ Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]] - ~W14~ add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]] - ~W14~ Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]] - ~W13~ Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]] - ~W13~ Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]] - ~W13~ PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]] - ~W12~ Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]] - ~W12~ added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]] - ~W12~ prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]] - ~W12~ Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]] - ~W11~ fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]] - ~W11~ PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]] - ~W11~ Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]] - ~W10~ Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]] - ~W10~ Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]] - ~W10~ Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]] - ~W09~ Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]] - ~W08~ fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]] - ~W07~ Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]] - ~W07~ Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]] - ~W04~ Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]] - ~W04~ Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]] - ~W02~ Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]] - ~W51~ Use short random id for code and csrf [[https://github.com/advthreat/iroh/pull/7417][#7417]] - ~W50~ Revoked grant should reject event trusted clients [[https://github.com/advthreat/iroh/pull/7394][#7394]] - ~W47~ RBAC Technical Design [[https://github.com/advthreat/iroh/pull/7314][#7314]] - ~W47~ Open Impersonate INT/TEST to help UI dev [[https://github.com/advthreat/iroh/pull/7316][#7316]] - ~W42~ Add kibana links to Admin UI [[https://github.com/advthreat/iroh/pull/7224][#7224]] - ~W42~ Fix a login button bug in the cross-region admin UI [[https://github.com/advthreat/iroh/pull/7214][#7214]] - ~W42~ Update ini4j to 0.5.4 [[https://github.com/advthreat/iroh/pull/7199][#7199]] - ~W41~ Fix logic for Allow All Role to login [[https://github.com/advthreat/iroh/pull/7185][#7185]] - ~W41~ Deploy the Cross Region Admin UI [[https://github.com/advthreat/iroh/pull/7177][#7177]] - ~W41~ bump to jackson-databind 2.14.0-rc1 [[https://github.com/advthreat/iroh/pull/7160][#7160]] - ~W40~ Update jackson-databind [[https://github.com/advthreat/iroh/pull/7159][#7159]] - ~W39~ Provide a TAC route to change the user's role [[https://github.com/advthreat/iroh/pull/7133][#7133]] - ~W39~ Fix PIAM Provisioning [[https://github.com/advthreat/iroh/pull/7129][#7129]] - ~W39~ [Platform] PIAM targeted Provisioning CRUD [[https://github.com/advthreat/iroh/pull/7073][#7073]] - ~W39~ Fix 500 error response on invalid JWT [[https://github.com/advthreat/iroh/pull/7112][#7112]] - ~W38~ [IROH-Auth]: Support wildcard for allowed-login-origin on INT [[https://github.com/advthreat/iroh/pull/7085][#7085]] - ~W38~ Fix and Improve some HTML pages [[https://github.com/advthreat/iroh/pull/7079][#7079]] - ~W37~ Fix master [[https://github.com/advthreat/iroh/pull/7069][#7069]] - ~W37~ Improve Auth Mgmt logs [[https://github.com/advthreat/iroh/pull/7067][#7067]] - ~W37~ Add structured logs to SSE proxy [[https://github.com/advthreat/iroh/pull/7065][#7065]] - ~W37~ Improve error message on DB schema error [[https://github.com/advthreat/iroh/pull/7061][#7061]] - ~W36~ Add a testing case for custom OAuth2 routes [[https://github.com/advthreat/iroh/pull/7033][#7033]] - ~W36~ Cleanup tests 2022 08 [[https://github.com/advthreat/iroh/pull/7014][#7014]] - ~W36~ Improve the script to delete duplicate accounts [[https://github.com/advthreat/iroh/pull/7028][#7028]] - ~W35~ Attempt to use ~iroh-crud~ for ~UserService~ [[https://github.com/advthreat/iroh/pull/7008][#7008]] - ~W34~ Improve Org/User Services Either 2nd [[https://github.com/advthreat/iroh/pull/7002][#7002]] - ~W31~ Session token lifetime with code param [[https://github.com/advthreat/iroh/pull/6818][#6818]] _between 12 and 13 months ago_ - ~W30~ remove random-uuid overide warning [[https://github.com/advthreat/iroh/pull/6940][#6940]] - ~W27~ disable vulnscan [[https://github.com/advthreat/iroh/pull/6864][#6864]] - ~W27~ Script to remove duplicate users [[https://github.com/advthreat/iroh/pull/6826][#6826]] **** oauth2-client-demo [4 (4 / 0)] - ~W41~ Add local env - ~W41~ Parametrize the device code test - ~W41~ support public device grant clients - ~W41~ improved doc **** ring-jwt-middleware [3 (3 / 0)] - ~W24~ Version 1.1.4-SNAPSHOT - ~W24~ Version 1.1.3 - ~W24~ Support external error via is-revoked-fn **** scopula [13 (13 / 0)] - ~W49~ Version 0.3.1-SNAPSHOT - ~W49~ Version 0.3.0 - ~W49~ updated version and deps - ~W49~ Merge pull request #5 from threatgrid/scope-aliases - ~W49~ Minor fixes, update README - ~W49~ Use scopes set length instead of count - ~W47~ Update README.org - ~W47~ minor corrections - ~W47~ Improve scope-aliases - ~W44~ Improve methodology to not fail on special cases - ~W44~ Basic compression heuristic for aliases - ~W44~ Make scopes-expand additive only - ~W44~ Add ~scope-expand~ function **** tenzin [2 (2 / 0)] - ~W13~ use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]] - ~W13~ Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]] **** tenzin-config [24 (24 / 0)] - ~W25~ Configure SCA in all missing envs [[https://github.com/advthreat/tenzin-config/pull/927][#927]] - ~W24~ Enable XDR roles in PROD [[https://github.com/advthreat/tenzin-config/pull/919][#919]] - ~W23~ factorize PROD [[https://github.com/advthreat/tenzin-config/pull/917][#917]] - ~W23~ Add role-web-service config everywhere [[https://github.com/advthreat/tenzin-config/pull/911][#911]] - ~W23~ Canonicalize the configs (#913) [[https://github.com/advthreat/tenzin-config/pull/915][#915]] - ~W23~ Canonicalize the configs [[https://github.com/advthreat/tenzin-config/pull/913][#913]] - ~W23~ Add missing role-web-service everywhere [[https://github.com/advthreat/tenzin-config/pull/910][#910]] - ~W23~ Gen configs git pre-commit hook [[https://github.com/advthreat/tenzin-config/pull/908][#908]] - ~W23~ Factorisation iroh/iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/904][#904]] - ~W23~ Tree config structures to prevent config duplication. [[https://github.com/advthreat/tenzin-config/pull/901][#901]] - ~W22~ Fix SCSO name [[https://github.com/advthreat/tenzin-config/pull/898][#898]] - ~W22~ rebrand from SecureX Sign-On to Secure Cloud Sign-on [[https://github.com/advthreat/tenzin-config/pull/896][#896]] - ~W16~ fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]] - ~W16~ align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]] - ~W15~ Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]] - ~W13~ fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]] - ~W13~ PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]] - ~W09~ add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]] - ~W51~ sorted router server [[https://github.com/advthreat/tenzin-config/pull/810][#810]] - ~W51~ sorted bootstrap on INT [[https://github.com/advthreat/tenzin-config/pull/809][#809]] - ~W47~ provide open impersonate on INT/TEST [[https://github.com/advthreat/tenzin-config/pull/782][#782]] - ~W46~ update TG clients for new ribbon [[https://github.com/advthreat/tenzin-config/pull/774][#774]] - ~W41~ Cross Region UI conf [[https://github.com/advthreat/tenzin-config/pull/745][#745]] - ~W38~ Added ENV and Region in the confs [[https://github.com/advthreat/tenzin-config/pull/729][#729]] **** xdr-provisioning [26 (26 / 0)] - ~W30~ Add a script to cleanup test accounts - ~W30~ rename script and improve error - ~W30~ minor improvement - ~W30~ fix ISO code to use 2 chars only - ~W30~ use the env from the table - ~W30~ fix tsv-to-commands.sh - ~W30~ add tsv-to-commands.sh - ~W29~ add an option to force di and csc onboarding even for org upgrade - ~W27~ improve README.md - ~W27~ update help errror message - ~W27~ update the doc - ~W27~ Updated the script to match all possible use case - ~W27~ Add SXO to the modules to add for SCA owners. - ~W27~ Improved doc and safety - ~W27~ Check if user is admin and improve creation check - ~W27~ Improved upgrade PATH - ~W27~ Provide two scripts - ~W27~ Merge pull request #1 from advthreat/sca-support - ~W27~ add a few logs and better error support - ~W27~ Add XDR feature-flag - ~W27~ Optional support for SCA - ~W17~ Improve help regarding setting env vars - ~W17~ Improve the command line parsing - ~W17~ rename script to .sh - ~W17~ Add onboarding of DI and CSC - ~W16~ Initial provisioning Script