#+title: Yann FY23Q3 Report
#+subtitle: back to one month older
#+date: 2023-05-03
#+options: H:6 ^:nil

* Individual Development Plan

** Results
*** Accomplishments
- Added support for AND/OR queries in tk-store. Should help
- PIAM (Provisioning)
- Start of the work related to Entitlements (see: https://github.com/advthreat/iroh/issues/7835)
- Free Tier Provisioning (the ~xdr-provisioning~ repository + Platform
  Provisioning API)
- IROH config work to help ops and prevent release problems
- Recurring admin tasks:
  - added bunch of XDR Flags (see [[https://github.com/advthreat/response/issues/1742][#response/1742]])
  - moved the TG OAuth2 client from config to DB on INT
- Managed to get Wanderson back to better efficiency after being difficult
  during its move and his daughter
- Managed Olivier to his best. Very discrete but pretty strong.

For full details look at the code last quarter report section.

*** Improvements/opportunities for development:
- I should work even more closely with PIAM as this is fruitful and could have a
  lot of impact on IROH team as well as the rest of the IROH ecosystem (IROH +
  modules + integrations).
- Entitlement will be an interesting topic
- Wanderson and Olivier are not yet fully autonomous while working with some
  IROH-Auth parts. So there are still room for teaching and improvements.
** Principles & Behaviors
*** Accomplishments
- Advocate: even while it was questionable I did my best to provide only positive XDR feedback to the team.
- Customer value: see the Results Accomplishments section (most of them add customer
  value)
- Learn:
  - bash scripts containing Clojure
  - matrix testing (this was not very visible PR but this is a testing framework
    improvements)
  - matrix representation inside Clojure code, this is helpful to visualize and
    easily change scopes associated to roles for example.
- Team for results: engaged team ops + Matt + IROH-Auth for iroh config issue
*** Improvements/opportunities for development:
** Team Impact
*** Accomplishments
- ~admin-clj~ scripts should be helpful, for now use only for
- IROH default config should help ops
- PIAM contacts will be useful in the future
- Mario PR feedback was a really nice exchange while we are not having much
  cross-sub-team discussions.
- Helped Explain RBAC technical consequences with other teams, in particular
  SXO, but also the UI.
*** Improvements/opportunities for development:
- RBAC: Next quarter will probably start discussions with DI and
  perhaps CSC.

* Code last quarter [44]

** ctia [1 (1 / 0)]

- bump snakeyaml to address CVE-2022-38751 [[https://github.com/advthreat/ctia/pull/1346][#1346]]
** iroh [30 (27 / 3)]

- Add a missing option to disable default configs [[https://github.com/advthreat/iroh/pull/7805][#7805]]
- Add a script to init tokens without login in [[https://github.com/advthreat/iroh/pull/7794][#7794]]
- Fix schema for Response [[https://github.com/advthreat/iroh/pull/7804][#7804]]
- Add support to onboard a single app [[https://github.com/advthreat/iroh/pull/7796][#7796]]
- Add a role instrospection route to help the UI and other clients [[https://github.com/advthreat/iroh/pull/7785][#7785]]
- Fix scopes declaration for execute-workflow route [[https://github.com/advthreat/iroh/pull/7799][#7799]]
- Fix a Swagger bug due to schema name conflict [[https://github.com/advthreat/iroh/pull/7790][#7790]]
- Web api search improvements [[https://github.com/advthreat/iroh/pull/7728][#7728]]
- add profile and notification to ao-jwt [[https://github.com/advthreat/iroh/pull/7726][#7726]]
- Tk store combinator search queries (AND, OR, NOT) [[https://github.com/advthreat/iroh/pull/7691][#7691]]
- Fix a case where the body is =nil= [[https://github.com/advthreat/iroh/pull/7685][#7685]]
- Add xdr-instance-id field to the orgs [[https://github.com/advthreat/iroh/pull/7707][#7707]]
- PIAM: Provisioning onboard endpoint [[https://github.com/advthreat/iroh/pull/7659][#7659]]
- Add ff scope script [[https://github.com/advthreat/iroh/pull/7680][#7680]]
- added a script to add feature-flag scopes from command line [[https://github.com/advthreat/iroh/pull/7676][#7676]]
- prefer to use client from DB than client from config [[https://github.com/advthreat/iroh/pull/7672][#7672]]
- Align scopes to SXO behaviour [[https://github.com/advthreat/iroh/pull/7673][#7673]]
- fix lein start [[https://github.com/advthreat/iroh/pull/7663][#7663]]
- PIAM provisioning no idp-mapping for create user [[https://github.com/advthreat/iroh/pull/7655][#7655]]
- Default bootstrap & config [[https://github.com/advthreat/iroh/pull/6868][#6868]]
- Add Entitlements to Orgs [[https://github.com/advthreat/iroh/pull/7631][#7631]]
- Remove yaml to supported format for profile API [[https://github.com/advthreat/iroh/pull/7632][#7632]]
- Fix a flaky test in either_test.clj [[https://github.com/advthreat/iroh/pull/7610][#7610]]
- Role Matrix representation in the code. [[https://github.com/advthreat/iroh/pull/7583][#7583]]
- fix some wording only for admin users view [[https://github.com/advthreat/iroh/pull/7579][#7579]]
- Improve User login logs situation [[https://github.com/advthreat/iroh/pull/7555][#7555]]
- Added a composable redis.nix [[https://github.com/advthreat/iroh/pull/7535][#7535]]

_between 3 and 4 months ago_

- Fix template rendering during invite confirmation [[https://github.com/advthreat/iroh/pull/7480][#7480]]
- Display virtual users in the batch get users [[https://github.com/advthreat/iroh/pull/7473][#7473]]
- Add the UI session logout into IROH-Auth [[https://github.com/advthreat/iroh/pull/7431][#7431]]
** tenzin [2 (2 / 0)]

- use iroh.main for all nodes types [[https://github.com/advthreat/tenzin/pull/2862][#2862]]
- Update iroh.job.jinja [[https://github.com/advthreat/tenzin/pull/2861][#2861]]
** tenzin-config [6 (6 / 0)]

- fix missing iroh-async web-services [[https://github.com/advthreat/tenzin-config/pull/884][#884]]
- align iroh and iroh-async confs [[https://github.com/advthreat/tenzin-config/pull/883][#883]]
- Add CSC onboarding URLs [[https://github.com/advthreat/tenzin-config/pull/875][#875]]
- fix provisioning service [[https://github.com/advthreat/tenzin-config/pull/863][#863]]
- PIAM config change (+ boostrap cleanup) [[https://github.com/advthreat/tenzin-config/pull/677][#677]]
- add perf.orbital.threatgrid.com to allowed login origin [[https://github.com/advthreat/tenzin-config/pull/854][#854]]
** xdr-provisioning [5 (5 / 0)]

- Improve help regarding setting env vars
- Improve the command line parsing
- rename script to .sh
- Add onboarding of DI and CSC
- Initial provisioning Script