Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Date

Feb   

Attendees

...

Time

Item

Who

Notes

Welcome

  • Greetings and salutations


Vacations




Contractor needs


  • Migrate site as is

    •  

  • Front page redesign 

    •  

  • SSO integration and teams feature

    •  


Splunk


  •  Christian and Thomas enabled Splunk calls. Thomas promised the separate splunk instance by end of the year.

  •  Diana and Christian met with Tom. He will set up the new instance without moving the history as this is challenging.


Developer Portal Migration to Drupal 8

Steven Maglio

Notes: Drupal 8 Migration Notes

Links:

 Reviewed the Testing.

Diana found:
  • The rule that sends an email to Administrator(s) when an Request has been updated (but the workflow state hasn't change; ie. the requestor added some more info) wasn't comparing the correct values, so it wasn't sending the email at the correct time. (https://ucsb-atlas.atlassian.net/browse/CMPRCWA-66)

  • System sends "API Gateway Admin has been Assigned" email even when an API Gateway Admin has not been assigned. (https://ucsb-atlas.atlassian.net/browse/CMPRCWA-69)

  • The email actions should be setup to send to the correct “token” (the value from the form), and not a hard coded email address. These were originally hard coded during Navodit’s testing; but they should now be setup to use the values from the forms in order to test that the form value is being used correctly. This change means that we can only test using fake requests that we make, and we cannot use real requests which are in the system. (https://ucsb-atlas.atlassian.net/browse/CMPRCWA-60)

  • The tokens in the new API Access Request email’s body were not being set correctly. (https://ucsb-atlas.atlassian.net/browse/CMPRCWA-70)

    • In general, every email should be checked to make sure the tokens are being set properly. Maybe do this as a secondary part of the above ticket.

Navodit gave update on:

  • He is looking into the states selection menu, which will require updating the code behind the module (using a custom module)

Navodit - Working on the workflow transitions. Learning/using the the original Workflow modules code to pull in the transitions data and filter it. Still needing to determine how to get the correct filtering for display.

  • During the week, we also discussed that Diana, Navodit and Steven met. During their meeting they decided:

    • That Diana will review the system once these three things are completed:

      • The emails/rule transitions are corrected (they were correct at the time of the meeting)

      • The display values for workflow transitions would be working properly (this is what Navodit is currently working on)

      • That Navodit will create fake accounts for our end user roles (Developer, Business Approver, and API Administrator) and verify that the system shows the correct state transitions for each role. (to do)

  • Custom module is pushed to dev instance. Tested with the different roles. Will start to work on the API Publishing view. The workflow status is not showing in the view. Navodit will check all business rules for both workflows and send Diana an email to begin testing.

  • working on workflow status migration automation. created a feature branch. Roles will be next after the workflow status script.

graphql APIs

Kevin Wu

  • Employee Job API - they have had multiple requests from campus. Created a GraphQL version of it. it is a simpler query language. Implemented a solution for security. client id and secret. get back a job token. can apply row level security. can do column level security as well.


Apigee accounts needs


  • We need another account for the Drupal connection to the gateway. Steven created drupal@developer.ucsb.edu. Steven is checking with Apigee if this account will take a license.



API Security

Diana Antova

Is it time to approach the campus identity team to discuss the oath and the security infrastructure for APIs.

Kevin Wu / Steven Maglio / christian.montecino (Unlicensed)

  • The team wants to come up with a unified solution for API security

  • Kevin is experimenting options without using CAS

  • 2 options

    • using access token, using custom attributes in the gateway

    • JWT token, using key value maps, can be encrypted

  • Christian researched 3rd party oath - OKTA

  • Apigee cannot communicate with CAS because of a firewall issue


Student Developed Applications


 Steven and Seth met with the students. They are continuing to grow the sites. Two new members of the team are taking over. Henry is graduating, Jimmy is staying.


Meeting and group focus year 2020


  • Project focus

    • In progress - Drupal 8  (see also Drupal 8 Migration High Level Requirements)

    • Pending - AWS - migrate the Heroku code and the sql server database

    • Pending - Account cleanup automation

    • Pending - Identity integration and automation 

  • Apigee Support

    • 1 FTE on the apigee team to help with student development oversight and support

    • Now the students have to contact so many groups to have their accounts setup, an FTE can really help with that. Adding the functionality to developer.ucsb.edu to create accounts.

      • Drupal - OK to work with a student

      • For other projects like identity account creation and others it will be difficult to work with a student

...