Campus allows a for project account or departmental account.
We can use a project account
We submit it thru Gateway, need an account/fund/sub
Jim Woods is willing to use our project as a test case
- Steven respoke with Jim Woods and Gateway is not setup yet to get us into the pre-made accounts that Jim Woods and the Campus Team are working on. But, Gateway is setup to create an account which will be charged directly to the contract that Diana is setting up. Jim Woods has a similar contract setup for his work right now. And, he will be looking to migrate his current account into the "official account" once the Cloud team is ready to do that. We could probably do that same thing. His advice on preparing our implementation for a migration is to ensure that we could rebuild out cloud based services if needed.
We need a Redis database, maybe <5$/month, most likely free - security for chatbot commands - our Hubot permissions to run chatbot commands are stored in a brain (store). Right now it is stored in memory on Heroku, and every time chatbot goes to sleep we have to re-enter the permissions. We need to store them in a Redis database for a persistent storage. The Redis database is a standard for storing a Hubot brain.
And a SQL server database for storing users, apps, usage - get data out for reporting and account cleanup, lower the attack surface
Cost - $24/mo total
$11/mo for SQL Server database.
$13/mo for Redis database
Heroku will come later
Diana met with Matt Hall. He is OK with us using AWS for the account cleanup purposes and the Hubot brain. We will create a project account when the environment is ready. Matt suggested that we use the native AWS RDS instead of SQL Server, but is not a requirement.
: The API Access Request form asks for the Application Name, which is generally filled out as a normal human readable name. However this name is usually different than the actual 'application name' that is registered in the API Gateway (for example. Request "CS48 Project" is for Application "cs48test"). Do we want to setup a multiline input box that will ask for the exact name of all applications that are associated with the request? Sometimes requests will need to be split up into multiple apps (for cams).
We will add a field in the Admins Only section in the API Access Request form for the Gateway App Name. We will continue to ask developers to submit a new API Access request form for each gateway app to make reporting easier.
Ian and Denise meeting on 4/30 to continue to work on the migration. In the last session they separated the site from the UCSB managed upstream. Will continue to update it thru composer.
Denise had to reschedule due to UCTech commitment. Will meet on 5/8.
Denise S. & Ian L. had a working session on 5/14 and have another scheduled for 5/17. Got setup with development environments utilizing Lando which utilizes Docker underneath.
Ian and Denise met on Tuesday. Next meeting is next week on the 5th. Setup is similar as the UC Tech site where multiple developers are contributing to the development.
Using Lando (Dev with Lando - using Docker to create the same setup as Pantheon) to do local development. Will give others access. Ian and Denise will document it as well.
Denise S. & Ian L. had working sessions on 7/8 & 7/9.
Targeting a deadline of August 2019. Ability to do headless authentication, which is what we need for the employee API.
Will be able to transition from API keys. It will be a significant work for us.
CAS 5.3 Adds
OAuth 2.0 Support
OpenID Connect Protocol
JWT certificate download/verification support
Noah Baker for ETS has setup Steven Maglio with access to the Test instance of CAS 5.3 to try out the new features for OAuth2 and JWTs. So far the testing hasn't been too promising. We are having a bit of trouble discovering how we can get the OAuth2 endpoint to respond with a JWT token. And, OIDC endpoint may have other difficulties related too it.
christian.montecino (Unlicensed) Google analytics api usage reports - there is an issue with recording API usage. it does not match the gateway data. (APIGEE-189) Christian will start logging into a text file the API execution to compare with google analytics.
Christian asked the Loggly cloud service provider rep to create a report for us to compare with the Google analytics report.
The free account is expiring and Christian requested and extension.
First we will compare Loggly usage to Google analytics. Then we will move the functionality to Splunk.