ibm / diem Goto Github PK

Update the term of use
Feed content from backend so that it can be updated from the database and tailored per installation

same for the support page

After a scan using https://cloud.appscan.com/ a few minor things to update

1. Ingress add annotation

nginx.ingress.kubernetes.io/configuration-snippet: |
          more_clear_headers "Server";  

2. express cookie add sameSite

const sessionConfig = {
  secret: 'MYSECRET',
  name: 'appName',
  resave: false,
  saveUninitialized: false,
  store: store,
  cookie : {
    sameSite: 'strict', // THIS is the config you are looing for.
  }
};

Only python is supported for internal services
Add js to that services model

Currently we're depending on redis-cluster for cron jobs. Redis is an external service that can have outages.
Move the cron job to the diem-operator (single pod) that will use nats to sent a minute message to trigger cron jobs

A bot to support DIEM workloads can seriously improve productivity. Tracking , starting and stopping can be done from within slack. A bot can also provide more granular and personalised messages (metrics , performance, recommendations) that a web site cannot offer. In the backend we can also integrate AI and machine Learning

Some functionality

That can interact with DIEM, some features

• Start Job
• Stop Job
• Log Job
• get error job
• get job history
• get members
• get pipeline jobs ?
• set schedule (should i go that far ?)
• replicate job (maybe a nice)

Something around approvals

• create approval for job xxx (to be worked out)

Something around machine learning and AI

• performance metrics
• job recommendations and configuration settings

But also can provide some generic utilities

• guid() create unique id
• base64
• encryption code
• several others

host it in this github repo , but don't make it part of helm (yet ?). In that case maybe it's own helm or any other way to easily install it ?

because the socket server will sent messages to the org in lowercase

pandas to plot to image to slack

https://github.com/godaddy/kubernetes-client doesn't seem to be maintained anymore

Use directly the k8 libraries

example https://github.com/godaddy/kubernetes-client/blob/master/merging-with-kubernetes.md

Remove dependencies and consolidate in mongo
Remove the redis store in favor of having everything in mongo

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim\'s session by tossing a valid `sessionId` cookie in the victim\'s browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability. ","","",""

reference
GHSA-4m3m-ppvx-xgw9

• saveFile needs to return id and name
• saveFile needs to do a try except and return error
• fileInfo : get file information of a file
• deleteFile: delete a file

Upgrade to angular 12 and fix the typescript file for webpack to move from require to import

Describe the bug
A clear and concise description of what the bug is.

when 2 spaces use the same connection name, when the job is run , the first connection is taken and not the real connection
make sure when connection is looked up the target space is being used

When 2 jobs complete at the same time , the queue is not getting updated correctly so that the second job doesn't capture the change.

with the fact only using font-awesome solid, some icons needs to be updated

1. job detail , the scheduled icon is gone
2. job log the 3 icons are gone

this is no longer needed as we can do everything with custom job and the python request module

mermaid-js/mermaid#1981

to prevent secrets being pushed to git
in git they can be detected also but then it's in many cases already to late

When you want to deploy diem on your local cluster in combination with an ingress-nginx then the ingress itself requires an annotation

kubernetes.io/ingress.class: nginx

but this is not foreseen in the values to have specific annotations for ingress (only for all)
add an entry in values to allow specific ingress annotations

Helm chart is hosted in github pages. Provide a gh action that can build the helm chart and deploy it to gh-pages

Requirement for temporary CRON schedule .docx

It also needs to display data transfer in read mode like in edit mode

can this also be displayed in the job view ?

Before you can really use diem, we will create a helm chart that will make it much easier to install the application

upgrade spark pyspark and spark operator

there's an issue

1. that a persons name cannot be overwritten and
2. if it's overwritten then check if that person has access to that diem space , if so continue else take the name of the user
3. if it is personal then the view should not display the edit button and the user may not be able to save the document (even redacted)