with mozilla/servicebook@9ee5aae

Groups:

• ops
• qa
• dev
• community

Allow a user to be in one of the group
use group filtering for the project forms, and for accessing non public data (community)

Two login failures, both using Mozilla LDAP auth. Both fail the OIDC callback dance.

Apparently the Sentry IDs don't actually show up in Sentry.

Callback URLs and Sentry IDs available on request.

the cache fails to work properly on form changes (we get older versions after relation change)

could be related to timestamp refresh issue in servicebook

in the tests

renam the 'test coverage' column with "test type coverage"

We need to add a global page to remove/edit tags across all projects.

That page should warn the user when a tag being removed is still being used in a project

using woosh - index projects and users at the SA model level.

We need to migrate to CircleCI 2.0: "This project is currently running on CircleCI 1.0 which will no longer be supported after August 31, 2018. Please start migrating this project to CircleCI 2.0."

https://circleci.com/docs/2.0/migration/

STR:

Load https://servicebook.stage.mozaws.net/groups/Servicesa (notice the typo of the additional character "a" after "/Services"

Actual:

HTTP 500 exception thrown:

ResourceError: ResourceError
HTTP Status 404
(b'{"errors": [{"code": null, "detail": "no resource of type group with ID Serv'
b'icesa", "id": null, "links": null, "meta": null, "source": null, "status": 4'
b'04, "title": null}], "jsonapi": {"version": "1.0"}}')

File "flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "flask/_compat.py", line 33, in reraise
raise value
File "flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "flask/app.py", line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File "serviceweb/views/groups.py", line 10, in group_view
group = g.db.get_entry('group', name)
File "restjson/client.py", line 298, in get_entry
return objdict(self._get(endpoint)['data'])
File "restjson/client.py", line 105, in _get
raise ResourceError(resp.status_code, resp.content)

Sentry: https://sentry.prod.mozaws.net/operations/servicebook/issues/649655/

When running the container build on circleci, there is a test section here:
https://github.com/mozilla/servicebook-web/blob/master/circle.yml#L24-L27

As it turns out, this is actually failing:

curl --retry 10 --retry-delay 5 -v 'http://localhost:5000/__version__'

* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 5000 (#0)
> GET /__version__ HTTP/1.1

> User-Agent: curl/7.35.0

> Host: localhost:5000

> Accept: */*

> 

< HTTP/1.1 500 Internal Server Error

< Connection: close
.
.
.

* Closing connection 10
Internal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server ErrorInternal Server Error

but I suspect it's passing b/c curl is generating some output and that makes circle happy enough.

If I run the container interactively, I get the following message when starting the uwsgi process:

<snip>
Traceback (most recent call last):
  File "./wsgiapp-web.py", line 9, in <module>
    application = create_app(ini_file=ini)
  File "/usr/local/lib/python3.5/site-packages/serviceweb/server.py", line 36, in create_app
    oidc = OIDConnect(app, **app.config['oidc'])
KeyError: 'oidc'
unable to load app 0 (mountpoint='') (callable not found or import error)
*** no app loaded. going in full dynamic mode ***
*** uWSGI is running in multiple interpreter mode ***

I suspect that if these vars are not supplied, which they shouldn't/wouldn't be in circle, the container will not start normally. This should be fixed in some way so that we can do the minimum amount of testing required to know the container is good.

When editing, all projects have the Active checkbox de-selected, and yet some have an Active status and others do not. Checking and saving the active checkbox makes the project Inactive, instead of Active.

the dockerized version should server version directly fro the version.json file

cc @ckolos

Make sure we can't create empty duplicate tags, languages etc when submitting

For deployments, cloudops runs a local nginx process that conflicts with the nginx process included in the container. I am able to get around this in deployment by templating the supervisor.conf and replacing it via a docker volume config, but long term, it's probably better to have an option to disable the in-container nginx in favor of an external web server, if not remove nginx from the container entirely.

In the app, the __version__ endpoint is being served via a nginx config mapping the __version__ location to the file /app/version.json. While this is fine when the container is running nginx, as mentioned in #35, if the containers nginx process isn't running or being used, the __version__ endpoint is no longer available.

as in https://github.com/mozilla-services/Dockerflow

Now that we have a public flag per project and tests, let's use it to filter out the displayed data if the user is not part of one of the mozilla teams

mozilla/servicebook@f2dbb82

Name link is also logout link (I thought it would take me to my user page)

to search

Once the docker image has been built, the version.json contains travis-ci's build url/infomation, not circle's:
curl https://servicebook./version
{
"build": "https://travis-ci.org/mozilla/servicebook",
"commit": "",
"source": "https://github.com/mozilla/servicebook",
"version": "2.0"
}

The "build" var should contain the circle build corresponding to the image deployed, not the travis build of the github repo.

This comment could use clarification/typo-fixing :-)

Not sure what # XXX projects.tests theneck if completed and 8 test is trying to say.

If it makes sense for this project (and its deployment/dev workflow), we should consider using pipenv, a la https://github.com/mozilla/servicebook/pull/80/files

Dependabot has opened several pull requests to update dependencies, however most of these are failing. We need to investigate and resolve these issues so that we can use the latest stable dependencies.

STR:

1. Set screen resolution to 1920x1200 (or perhaps just constrain the viewport)
2. Load https://servicebook.stage.mozaws.net/project/23/edit or something similar
3. Scroll all the way down the page
4. Click on "Add/Change" under "Tests"
5. After the resulting parented-window comes up, scroll down

Actual Results:

Part of the resulting window eclipse the footer (see screenshot)

looks like the key os not working anymore

when this happens, mozillians returns

{'detail': 'Authentication credentials were not provided.'}

we should fix the code so the user view don't crash

@karlht until this is fixed, if you get an error on someone's user page, edit the user and remove their mozillians field

Let's create a safe_redirect() that will make sure we're not pwnd

• add cross site forgery protection for all forms
• secure all redirects with a white list

by clicking on a tag or a language

Logged in, did Auth0 OIDC dance, was logged in correctly.

Attempted to edit description for Lockbox (project 48), hit Submit, and got "Oops, something went wrong"

Sentry Event ID: 6caf9c4603304bd3b68e7defb836ce37

When creating users on first github login we might end up with duplicated users. Maybe we can do something about that in the UI (bitbucket has a conflict resolution screen)

Originally raised as mozilla/servicebook#48

We'll display a message saying that they need to contact me to get a login

in profile

The make target for the make docker command is actually currently build (

Allow arbitrary tags, which could be used to indicate skills or tools such as selenium or loads

The Auth0 - Mozilla LDAP integration has been changed

we need to do an extra call to https://github.com/mozilla-iam/person-api to get the user email.

oidc2 gets a single key 'sub', with 'ad|Mozilla-LDAP|<user>'

and we need to call

curl --request GET --url https://person-api.sso.allizom.org/v1/profile/ad|Mozilla-LDAP|\<user>

to get the mozilla email and match it in the servicebook database.

that service needs an oauth2 dance as well. I wonder if I can pass along those we get from the initial Auth0 dance. @gdestuynder ?

cc @ckolos