Yann Esposito (Yogsototh) 545c50471c
2022-03-31 15:31:40 +02:00

40 KiB
Raw Blame History



2022-02-03 Thursday

IN-PROGRESS activate logout issue   work

CLOCK: [2022-02-03 Thu 17:17][2022-02-03 Thu 19:02] => 1:45

[2022-02-03 Thu 17:17]

Mode d'évaluation au paradis


The fix ( has been reverted ( because SecureX and CTR work differently.

GLaDOS and CTR must find a common solution, for now, we are blocked. I think the technical solution to return a 401 when the org change from unactivated to activated was proposed by @alucigna but I couldn't find the link to the discussion.

cc: @alucigna @DarMontou @sabrinamokerji

2022-02-04 Friday

MEETING Weekly Kirill Presentation   work meeting

CLOCK: [2022-02-04 Fri 17:04][2022-02-04 Fri 20:24] => 3:20

[2022-02-04 Fri 17:04]

MEETING Simplify Registration   work meeting

CLOCK: [2022-02-04 Fri 16:37][2022-02-04 Fri 17:04] => 0:27

[2022-02-04 Fri 16:37]


Add your status in

Agenda (to discuss about)


2022-02-07 Monday

REVIEW Github tour   work review

CLOCK: [2022-02-07 Mon 10:54][2022-02-08 Tue 09:49] => 22:55

[2022-02-07 Mon 10:54]

Webex tour
CHAT Webex tour   work chat

CLOCK: [2022-02-07 Mon 10:33][2022-02-07 Mon 10:54] => 0:21

[2022-02-07 Mon 10:53]

Check Customer bug with tiles.
IN-PROGRESS Check Customer bug with tiles.   work

CLOCK: [2022-02-07 Mon 09:52][2022-02-07 Mon 10:33] => 0:41

[2022-02-07 Mon 10:52]


Confirmed this is UI for now.

2022-02-08 Tuesday

CHAT random rambling   work chat

CLOCK: [2022-02-08 Tue 10:47][2022-02-08 Tue 17:32] => 6:45

[2022-02-08 Tue 10:47]

Email tour
EMAIL Email tour   work email

CLOCK: [2022-02-08 Tue 10:13][2022-02-08 Tue 10:47] => 0:34

[2022-02-08 Tue 10:13]

Replace SSE IDB with SXSO
CHAT Webex tour   work chat

CLOCK: [2022-02-08 Tue 09:49][2022-02-08 Tue 10:13] => 0:24

[2022-02-08 Tue 09:49]


Remark about deps in IROH for Ag (pb with the formatting-stack and clojurescript)

OPs General
DI Integration
SecureX + ThreatGrid

Follow 1-click deactivation discussion.

2022-02-09 Wednesday

MEETING API Design Meeting   work meeting

CLOCK: [2022-02-09 Wed 17:30][2022-02-09 Wed 18:16] => 0:46

[2022-02-09 Wed 17:30]

Agenda (to discuss about)
MEETING Sync on the IROH Team capacity   work meeting

CLOCK: [2022-02-09 Wed 15:26][2022-02-09 Wed 17:30] => 2:04

[2022-02-09 Wed 15:26]


2022-02-10 Thursday

MEETING Town Hall Namrata   work meeting

CLOCK: [2022-02-10 Thu 20:02][2022-02-10 Fri 21:09] => 1:07

[2022-02-10 Thu 20:02]

Really excited for our session today. Really candid feedback from you. Every Quarter.

What we are working on and why and where we're headed.

  • Business Result (Martin)
  • Product Strategy (demos)
  • Product Demonstrations

Leave a few minutes at the end for some Q&A.

Business update & strategy discussion
Made a sell by showing SecureX
XDR FY23 (top priority for Cisco)
10k customers
Improve Renewals Rates
Customer with EndPoint + Umbrella lot of usage.
Big Users use SecureX more than small ones
MEETING Farewell Alex   work meeting

CLOCK: [2022-02-10 Thu 19:01][2022-02-10 Thu 20:02] => 1:01

[2022-02-10 Thu 19:01]

Expertise and broad culture.

You have always been extremely helpful. Your insights were essential. Without them I wouldn't have been able to grasp the scope about what we are building.

And thanks for helping me remember about Gundam and all the first times.

MEETING Weekly Team Meeting   work meeting

CLOCK: [2022-02-10 Thu 17:00][2022-02-10 Thu 19:01] => 2:01

[2022-02-10 Thu 17:00]


Discussion about updating doc in the response repository.

  • Module Type Patch UI
  • put something in TEST might break something

Description of lot of work for Q3, etc…

  • soft delete

Improve timeouts. Started a work around pmap.


OIDC with AO.


Addressing security issue discovered by the Engine team.


Emails of users in lower-case. Done in the code. Rollback system. And maintenance service that could update the stores.

Adding a new search function.


Support all modules that have a module-type in App Links. Integrating SXSO into that. SecureX endpoint.


Simplification Registration FT

Adding a new session to a new frontend.

  • customer session to fix a bug
  • IDB decommission must take the time, probably ask Matt some help.
  • Registration Simplification

    • Wanderson work make it possible to finally have an IROH-Auth Application Session.
    • Olivier is working on improving our textual search services and API.
    • Reduction of the scope should make it possible to finish for Q3
    • The current work will make it a lot easier to provide a better UI to manage your multiple orgs (like hide/disable/rename etc…)
  • (background) fix the issue related to refresh token state in the DB, most of the work is now done for the new services, just need to populate the data during OAuth2 Code flow.

Removed the arrow, and now, design with OIDC to propose trial.

2022-02-11 Friday

MEETING Registration Simlification   work meeting

CLOCK: [2022-02-11 Fri 16:31][2022-02-11 Fri 17:48] => 1:17

[2022-02-11 Fri 16:31]

Agenda (to discuss about)
CHAT Olivier Question like-match rule   work chat

CLOCK: [2022-02-11 Fri 15:19][2022-02-11 Fri 16:31] => 1:12

[2022-02-11 Fri 15:19]

Security Training
DONE Security Training   work

CLOCK: [2022-02-11 Fri 11:24][2022-02-11 Fri 11:50] => 0:26

[2022-02-11 Fri 11:24]

github notifications morning tour
DISC github notifications morning tour   work discussion

CLOCK: [2022-02-11 Fri 10:15][2022-02-11 Fri 11:23] => 1:08

[2022-02-11 Fri 10:15]

Webex morning tour
CHAT Webex morning tour   work chat

CLOCK: [2022-02-11 Fri 10:00][2022-02-11 Fri 10:15] => 0:15

[2022-02-11 Fri 10:14]

Morning Email Tour
EMAIL Morning Email Tour   work email

CLOCK: [2022-02-11 Fri 10:11][2022-02-11 Fri 10:14] => 0:03

[2022-02-11 Fri 10:11]


2022-02-14 Monday

MEETING Simplify Registration   work meeting

CLOCK: [2022-02-14 Mon 16:30][2022-02-14 Mon 17:19] => 0:49

[2022-02-14 Mon 16:30]

2022-02-17 Thursday

MEETING Weekly Team Meetings   work meeting

CLOCK: [2022-02-17 Thu 17:00][2022-02-17 Thu 20:45] => 3:45

[2022-02-17 Thu 17:00]


index page is always tk-server

2022-02-18 Friday

IN-PROGRESS Fix module-type   work

CLOCK: [2022-02-18 Fri 12:21][2022-02-18 Fri 15:51] => 3:30

[2022-02-18 Fri 12:21]



    "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations dont have to compromise on security on their path to digital transformation.",
    "properties": "2MGqPrzLNIrfFeFK/UUzdpA98pKEUHLvd6d7+snqeh1lXokV9n6J8lKeAwp7tRdCSHT+crPhmilCkfBXkvfT+8NLp/rq+4TD32EkYqcYNngmgsAji/UJ6NuChgJnPd+FwwembDj2iPh7vFXHnGmLKlgOkweQzokI2CUROgbTw2JNruDhL47ws3LhMl2LRqlbJQP83yeGMmwjV0mjFSth/w25D1oIHR+mnYH7mrcKUH0XT/6xQzqJ3l6URkbun6wvzLycJhqtOtqtJSdB3cAfYlhfkpCY8ZXt9IO8/MyOeGJ6Qf2iz9gXIFAgtNBBz9bkZAPk4Uv0nei39F4lwFv9lmUdVGuHIHtHJKf4sn/qB40=",
    "capabilities": [
            "id": "health",
            "description": "Healthcheck"
            "id": "deliberate",
            "description": "Deliberation"
            "id": "observe",
            "description": "Enrichments"
            "id": "refer",
            "description": "Reference links"
            "id": "tiles",
            "description": "Dashboard Tiles"
    "app_link_meta": {
        "url": "",
        "meta": {
            "x_okta_bookmark_id": "0oa1idxamsrOKeFuN357"
        "title": "Stealthwatch Cloud (ANZ)"
    "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](",
    "logo": "",
    "org_id": "4f169b08-bb0d-4e97-a358-8fd3fd819066",
    "configuration_spec": [
            "key": "token",
            "type": "api_key",
            "label": "Authorization Token",
            "required": true
    "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.",
    "title": "Secure Cloud Analytics",
    "external_references": [
            "link": "",
            "label": "Free Trial"
            "link": "",
            "label": "Product Information"
            "link": "",
            "label": "Privacy Policy"
            "link": "",
            "class": "activation",
            "label": "Activate"
    "updated_at": "2022-02-18T10:17:14.710Z",
    "id": "f31e83d1-48e7-4384-9c6a-64a5c9cee05b",
    "record": "relay-module.module/RelayModule",
    "user_id": "207347d9-65c0-402b-88ce-ef028989e95f",
    "client_id": "iroh-ui",
    "default_name": "Secure Cloud Analytics",
    "flags": [
    "enabled": true,
    "visibility": "global",
    "created_at": "2020-05-15T17:45:46.904Z",
    "former_title": "Stealthwatch Cloud"


  "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations dont have to compromise on security on their path to digital transformation.",
  "properties": "yUY5o15RUpAfB7Lk3RxosIJYx2JpDTaf4TkddVzepwSbz3A9m9b+/KyHxuiSH1SbTf6r5qk2SgaSKA8efk3pbDqL2RQC248eQoez0EI0GaAmnXnnhuEH91ZFtddwyQdvX+tUY+vxbHfdkES6rKP0hLWxMMZcYikD5ONBfNwak3kqlq0g07c52Gnx9Qgg5UOdzwBqTVb883tJZ+fRAFhYU7Hu7DNZDRDnccTOUFNJw84hmg7NEFMjK5Z48BG51qBgW50u/Wxv7+ceCUFUYrwbFzQLB/zbspQcFJtlUwZHZ7jl/VQbLT5QqJLthRnphAIGE/xIsEeCG66fZg1Ds60Vwp/c12ueYJVsVZyhHBIG0wk=",
  "capabilities": [
      "id": "health",
      "description": "Healthcheck"
      "id": "deliberate",
      "description": "Deliberation"
      "id": "observe",
      "description": "Enrichments"
      "id": "refer",
      "description": "Reference links"
      "id": "tiles",
      "description": "Dashboard Tiles"
  "app_link_meta": {
    "url": "",
    "meta": {
      "x_okta_bookmark_id": "0oa1hyf3xtXD6Xqxg357"
    "title": "Stealthwatch Cloud (US)"
  "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](",
  "logo": "",
  "org_id": "964a8c3b-9aef-4e1d-aadf-e2754004d230",
  "configuration_spec": [
      "key": "token",
      "type": "api_key",
      "label": "Authorization Token",
      "required": true
  "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.",
  "title": "Secure Cloud Analytics",
  "external_references": [
      "link": "",
      "label": "Free Trial"
      "link": "",
      "label": "Product Information"
      "link": "",
      "label": "Privacy Policy"
  "updated_at": "2022-02-18T08:55:49.295Z",
  "id": "b3874a82-1967-4f9c-a42a-47f1d61ab835",
  "record": "relay-module.module/RelayModule",
  "user_id": "dcffe020-1c6a-4d78-ba09-f21674a59c9c",
  "client_id": "iroh-ui",
  "default_name": "Secure Cloud Analytics",
  "flags": [
  "enabled": true,
  "visibility": "global",
  "created_at": "2020-05-15T17:38:39.788Z",
  "former_title": "Stealthwatch Cloud"


  "description": "Cisco Secure Cloud Analytics (formerly Stealthwatch Cloud) improves security and incident response across the distributed network, from the private network and branch office to the public cloud. This solution addresses the need for digital businesses to quickly identify threats posed by their network devices and cloud resources, and to do so with minimal management, oversight, and security manpower.\n\nThe network is evolving. IT resources are frequently being moved into the cloud. At the same time, the number of connected devices on the private network is increasing dramatically. Security personnel are struggling just to know what entities are operating in their environment, let alone whether they pose a threat to the organization.\n\nSecure Cloud Analytics addresses this problem by providing comprehensive visibility and high-precision alerts with low noise, without the use of agents. Organizations can accurately detect threats in real time, regardless of whether an attack is taking place on the network, in the cloud, or across both environments. Secure Cloud Analytics is a cloud-based, Software-as-a-Service (SaaS)-delivered solution. It detects ransomware and other malware, data exfiltration, network vulnerabilities, and role changes that indicate compromise.\n\nAlso, developer teams are continuously adopting new and more dynamic compute environments like serverless and containers such as AWS Lambda and Kubernetes. Secure Cloud Analytics provides visibility into these environments as well, so that organizations dont have to compromise on security on their path to digital transformation.",
  "properties": "Y+2BcDiVdoyWy7JxQwcOXuCG+S/JH98ncFxmwhz27utYxlhrSNQIHGTGGifUZx4Yw2GQe5oy2051VjsrcTrXVCmXAEVpU7NVqLwjmgT01zoDkE1o2lO3bMQbLTZLkNnUKAnaef/4UFqlcorJ0CGfhQPvWZG6OnAPx5PLzbS0TjsRfSGpVSRPeW+aANy+CEXul1l6FKzHohgTelMZuYNGYncHEa+eqtpSVvFl5HITj7rx7NMPWWeRaqN3Ljnbs3l26picBEvRfPzXeAT26gh0gdieWYtB2xnUU8gFUx4MNcqyMVNwGYbtLQ150uQYbOxuoiVZ41ujCWgt0Eksa/g0MkLg+QC5QBHgquwpVdMDDSE=",
  "capabilities": [
      "id": "health",
      "description": "Healthcheck"
      "id": "deliberate",
      "description": "Deliberation"
      "id": "observe",
      "description": "Enrichments"
      "id": "refer",
      "description": "Reference links"
      "id": "tiles",
      "description": "Dashboard Tiles"
  "app_link_meta": {
    "url": "",
    "meta": {
      "x_okta_bookmark_id": "0oa1idwgt8itDu9jQ357"
    "title": "Stealthwatch Cloud (EU)"
  "tips": "If the Secure Cloud Analytics (formerly Stealthwatch Cloud) integration module displays a **Bidirectional** icon on the module panel, it indicates that the integration was enabled in Secure Cloud Analytics or SecureX. \n\nFor information on the Secure Cloud Analytics integration with SecureX, see [Secure Cloud Analytics SecureX integration Guide](",
  "logo": "",
  "org_id": "99c5cf95-7788-4ce1-906f-86811aa57752",
  "configuration_spec": [
      "key": "token",
      "type": "api_key",
      "label": "Authorization Token",
      "required": true
  "short_description": "Gain the visibility and continuous threat detection needed to secure your public cloud, private network, and hybrid environments.",
  "title": "Secure Cloud Analytics",
  "external_references": [
      "link": "",
      "label": "Free Trial"
      "link": "",
      "label": "Product Information"
      "link": "",
      "label": "Privacy Policy"
  "updated_at": "2022-02-18T09:00:11.280Z",
  "id": "7739968f-4259-49c2-8c14-21e569a11d1c",
  "record": "relay-module.module/RelayModule",
  "user_id": "be72933d-8e87-4430-8b33-870e3db35bce",
  "client_id": "iroh-ui",
  "default_name": "Secure Cloud Analytics",
  "flags": [
  "enabled": true,
  "visibility": "global",
  "created_at": "2020-05-15T17:44:34.285Z",
  "former_title": "Stealthwatch Cloud"


2022-02-22 Tuesday

CANCELED SXO Meeting   work meeting

CLOCK: [2022-02- Tue 18:00][2022-02-22 Tue 18:02] => 0:02

[2022-02-22 Tue 18:00]


2022-02-23 Wednesday

MEETING SXO Meeting   work meeting

CLOCK: [2022-02-23 Wed 19:39][2022-02-23 Wed 21:09] => 1:30

[2022-02-23 Wed 19:39]

  1. Tenant Provisioning
  2. Create CTR Client
MEETING Ribbon SCI   work meeting

CLOCK: [2022-02-23 Wed 19:23][2022-02-23 Wed 19:39] => 0:16

[2022-02-23 Wed 19:23]


Patched with availability everyone.

MEETING API Design   work meeting

CLOCK: [2022-02-23 Wed 17:33][2022-02-23 Wed 19:23] => 1:50

[2022-02-23 Wed 17:33]

Two subjects

  • Data Deletion
  • Logs / debugging


IN-PROGRESS IDB Decomissioning   work

CLOCK: [2022-02-23 Wed 14:48][2022-02-23 Wed 15:18] => 0:30

[2022-02-23 Wed 14:48]

Found in tenzin repository very old commit (ce43ddb) The configs details are in: saltstack/pillar/*/iroh/init.sls

        kind: saml
        cert_path: /srv/iroh/resources/cert/amp_idp.cert
        kind: oidc
        org_id_key: :tg_org
        client_id: 884a152d-e2a2-4552-b56b-7618274ab988
        client_secret: |
          -----BEGIN PGP MESSAGE-----
          Version: GnuPG v1
          -----END PGP MESSAGE-----          
        kind: saml
        cert_path: /srv/iroh/resources/cert/amp_idp.cert
        kind: oidc
        org_id_key: :tg_org
        client_id: d1f5cbd2-610c-44b9-b5dd-92ecc7ef7f24
        client_secret: |
          -----BEGIN PGP MESSAGE-----
          Version: GnuPG v1
          -----END PGP MESSAGE-----          
        kind: saml
        cert_path: /srv/iroh/resources/cert/amp_idp.cert
        kind: oidc
        org_id_key: :tg_org
        client_id: 4fe0068b-eb2a-4918-871f-dd9c9592990e
        client_secret: |
          -----BEGIN PGP MESSAGE-----
          Version: GnuPG v1
          -----END PGP MESSAGE-----          


2022-03-07 Monday

IN-PROGRESS Big PR Refresh Tokens   work

CLOCK: [2022-03-07 Mon 09:47][2022-03-07 Mon 18:17] => 8:30

[2022-03-07 Mon 09:47]

This PR is big, due to different changes.

So the main goal is to fix a bug in our OAuth2 Provider related to scopes associated to refresh tokens. See:

Related to the discussion in this thread we should fix the issue correctly. Before this PR, refresh tokens are only JWT, so the "state" and "trust" that a refresh token is valid, as well as the scopes associated to this refresh token are put inside this JWT.

For different reason we want to be able to change for some client, the scopes associated to some existing refresh tokens. Typical example, the ribbon support more scopes than the one at the time the user granted the ribbon. So to update the ribbon, not only the ribbon client need to be updated, but the user need to grant the scopes again interactively.

Most of the ribbon clients are trusted which mean that we bypass the list of scopes authorized to return access tokens with the maximal number of scopes. Still there are some exceptions. Also this is a missing piece of the OAuth2 provider to have refresh-tokens administration endpoints for our end-users.

Before this PR we only have a notion of "granted client" at the client level, not for every different refresh token provided.

After this PR we will keep track in our DB the exhaustive list of scopes associated to refresh tokens.

Some details:

This create two new services, RefreshGrantService and RefreshGrantWebService. I preferred not to use RefreshTokenService because the word refresh token is already used at different places. And the object we save in DB is not a refresh token but a really just an object keeping the scopes granted to some refresh token for some client and for some user.

I have added a few common helpers in this PR:

  1. mandatory-get-in-config
  2. Small improvements about match?:

    1. str-uuid? because we use strings and not proper UUID for which the clojure core function uuid? would be more suitable.
    2. check the length equality between two sequences during match?
  3. Fixed a problem related to requesting edn in our http client helpers. Now the read-string is done for you.
  4. Centralized pure-crud-store-svc to be used in our tests to the test-helpers of crud-store service.
  5. added an iroh-web.request-identity ns that is useful to manipulate the (:identity request) generated by the JWT middleware
  6. by default the time svc-helper will use a fixed date.

Also some non trivial changes made to achieve the goal of this PR:

  1. Add a realized-client to the OAuth2ClientService. What is this about? So get-client of the OAuth2ClientService is purely about search clients in DB, just a think layer around CRUD. Before this PR there was also a get-client method exposed by the OAuthService which act differently. This second get client take care of looking at the client saved in the config.edn file (yes we have some of them) and also applying the ClientPreset logic to the resulting client. The realized-client of OAuth2ClientService replace the old get-client from OAuth2Service. The method is still exposed to prevent any bug and as the PR is already big I didn't want to also make a refactorization to remove it. But this would be a nice idea.
  2. Now check-app-authorization of the GrantService can be called with either 4 or 5 arguments. If called with 4 argument, no refresh token is involved. We just try to remember if the user already granted a set of scopes (every time the user manually grant different scopes we add them up, so we make a union). This is useful to see if we need to automatically redirect the user in many interactive workflows. If it is called with 5 argument, one of the new argument will be the refresh token id (the jti claim of the refresh token which is a JWT). In that case we also use the RefreshGrantSerice to verify the refresh token associated has granted the scopes we are going to provide.

Another few important notes:

This change made again pretty clear why it really helps to use the with-tk pattern. A lot of manual changes was made because we have a lot of tests that have not be migrated to this new pattern. The main consequence for IROH-Auth dev, is that many changes will break tests far away with almost not real related issue. So I will probably take the time to really invest in using the new pattern for IROH-Auth + IROH-Web. Because it really took me days to just fix these manually.

After going full to the "test the service/core.clj" function by providing pure contexts. I think that while valuable, it is probably a bit too much work regarding the potential gain. And we should probably focus a lot more on the "semi-integration" tests of the services themselves with the with-tk macros. Looking at the core_test.clj tests will show that these tests are often a bit verbose, and difficult to initialized when your service works with big contexts.

The main test testing the feature is:


2022-03-10 Thursday

MEETING Weekly   work meeting

CLOCK: [2022-03-10 Thu 17:43][2022-03-10 Thu 19:18] => 1:35

[2022-03-10 Thu 17:43]

  • Work on Registration => Olivier
  • like-search
  • Work on Registration => Generated some interesting stats about SecureX orgs/user/domain email
  • TG IdB decomission => Wait and ask Prerna
  • Work on the TG bug => maybe split some part before merging, because this is a risky PR
  • Idea about Tenzin-Config. Use Ambrose work to find the common bootstrap+config.edn on all our current envs and use that into the new `iroh.main` and change in tenzin how we start the application to have a merge of both the config and the bootstrap. This should reduce the size, and we could but inside the IROH repository changes that should be shared accross all deployed env.
ops in our team

2022-03-11 Friday

MEETING Simplified Registration   work meeting

CLOCK: [2022-03-11 Fri 16:29][2022-03-11 Fri 17:59] => 1:30

[2022-03-11 Fri 16:29]

Agenda (to discuss about)


2022-03-15 Tuesday

IN-PROGRESS IDB Decommission CSA   work

CLOCK: [2022-03-15 Tue 17:35][2022-03-16 Wed 15:31] => 21:56

[2022-03-15 Tue 17:35]

INT { "client_id": "0oa2ovopagy06D2IV1d7", "client_secret": "N7yEnBQWMHohD0LbwzXwsjuOUI9pVlbzI5lH28O9" }

2022-03-16 Wednesday

MEETING API Design Meeting   work meeting

CLOCK: [2022-03-16 Wed 16:32][2022-03-18 Fri 11:55] => 43:23

[2022-03-16 Wed 16:32]

IROH-Auth login

MEETING Registration Simplification   work meeting

CLOCK: [2022-03-16 Wed 15:31][2022-03-16 Wed 15:57] => 0:26

[2022-03-16 Wed 15:31]



2022-03-28 Monday

MEETING Workshop   work meeting

CLOCK: [2022-03-28 Mon 17:52][2022-03-30 Wed 16:20] => 46:28 CLOCK: [2022-03-28 Mon 17:30][2022-03-28 Mon 17:52] => 0:22

[2022-03-28 Mon 17:30]

MEETING Registration   work meeting

CLOCK: [2022-03-28 Mon 16:29][2022-03-28 Mon 16:54] => 0:25

[2022-03-28 Mon 16:29]


Chris Duan concerns:

  • email domain check in the UI
  • risk of email domain mismatch, for now, just one admin is enough to match the org, etc…

2022-03-30 Wednesday

MEETING Registration FT   work meeting

CLOCK: [2022-03-30 Wed 16:20][2022-03-30 Wed 22:07] => 5:47

[2022-03-30 Wed 16:20]


Only safe solution involve the Ops.

Have a specific domain for us. I suggest: so every mail sent to should be redirected to That way we could create a few testing org without being polluted by all the other cisco activity. We could test the emails, etc…

2022-03-31 Thursday

MEETING   work meeting

CLOCK: [2022-03-31 Thu 13:52][2022-03-31 Thu 15:30] => 1:38

[2022-03-31 Thu 13:52]


What to do next?

  • Important potential refacto to help Matt add a the ccoId
  • Refacto the tests (tried and it is a lot of work)