tmobile / jazz Goto Github PK

Description

[Description of the issue]
Jazz UI uses an older version of moment.js (<2.19.3). This version has been flagged to have a known (security vulnerability)[https://nvd.nist.gov/vuln/detail/CVE-2017-18214]

Steps to Reproduce

1. Look at the version of moment.js being used by jazz project and compare it to the vulnerability cited above.

Expected behavior:

1. No known vulenrabilities

Actual behavior:

1. Uses a module with known vulnerability

Reproduces how often:
100%

Description

I see lodash has been used a lot where it can be avoided and JS native functions can used instead. Example would be _filter and _includes.

This is also being added to templates which should be discouraged

Additional Information

Using third party libraries can have their own problems

1. Maintenance headache - there is a cost to upgrade (backward compatibility issues) and cost not to upgrade (deprecation and other dependencies that will require upgrade).
2. These are not treated as first class citizens and can have performance issues

We should avoid them unless absolutely necessary.

So for filter and includes they are already available on lists/arrays and we should use them.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-27

Description

Users should be able to develop and deploy functions in python 3.X.

Jazz supports python 2.7 already.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-18

Description

Delete service doesn't send notifications to the service owner

Steps to Reproduce

1. Create a service
2. Once the service is active, delete the service

Expected behavior:
Just like the service owner receives notifications for service created, service active, the platform should send a delete service notification

Actual behavior:
No notification is received by the user

Reproduces how often:
100%

Description

Delete service API uses guid which is deprecated

Additional Information

This needs to be replaced with uuid

Our UI code currently depends on angular-cli 1.x, which has been deprecated, current version is 7.x.

This leads to several errors and deprecation warnings during install (see tmobile/jazz-installer#396), and could become a security issue.

Need to keep our dependencies updated.

Description

After successfully deleting a website service, the user is unable to create a new service with the same name and domain as the previously deleted service. However, a bitbucket repository for the service is made, and upon attempted creation, the app indicates to the user that service creation has succeeded.

Steps to Reproduce

1. Create a website service (haven't tried with api or lambda, but you can attempt)
2. After service is created, delete the service.
3. After the service has been deleted, try to create another website service with the same name and domain.
4. The app will tell you that the creation was a success, but reload the page a few times and check your list of available services. Your new service will not show up.
5. Go to the expected bitbucket repository for the service and you will see that the repository has been created for the service that is not available.

Expected behavior: [What you expect to happen]

After the original service has been deleted, the new user should be able to recreate a new service with the same name values without any problem. The service should appear on the user's services portal.

Actual behavior: [What actually happens]

App states service was created, but no website link is provided and the service does not appear on the user's table.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-34

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-20

Description

[An error is generated when I try to install jazz framework. When I run the installation process, after providing Jenkins details and credentials throws a critical error as follows:
Traceback (most recent call last):
File "./run.py", line 86, in
if check_jenkins_user(jenkinsServerELB, jenkinsuser, jenkinspasswd):
File "./run.py", line 50, in check_jenkins_user
os.remove('jenkins-cli.jar')
OSError: [Errno 2] No such file or directory: 'jenkins-cli.jar'

Can you help me define what this error means and why it is shown? Also I was unable to find a documentation to help us through the possible errors during the installation, Please help me out in this regard along with this issue's resolution if you can.
]

Steps to Reproduce

1. Run the jazz installation process
2. After finishing certain amount of downloads, It asks for jenkins URL, I have provided the valid jenkins URL
3. Then asks for tag name to prefix your stack, I provided the name.
4. After that I gave the username and password. It threw the error mentioned in description

Expected behavior: [Go to next step of installation]

Actual behavior: [Threw an OS error]

Reproduces how often: [It never went past it even after multiple tries with difference details and credentials]

Additional Information

I have setup a Jenkins server with an instance as specified in jazz installation guide in github wiki. I tested it and it works without any problem.
I opened the run.py to investigate and tried changing the hard coded port number but still no change.

Do ask me for any details you want in extra

Description

Pre-release of v1.3 seems to have functional issues post-installation. The core issue is with platform services that seem to fail in no specific order.

Steps to Reproduce

1. Install the pre-release v1.3
2. Create a service using the Jazz UI

Expected behavior: [What you expect to happen]
The desired service is created as expected.

Actual behavior: [What actually happens]
The login and/or service creation fails

Reproduces how often: [What percentage of the time does it reproduce?]
Most of the times

Description

When a API service is created with uppercase, then delete service fail. Looks like the delete service is case sensitive to the API name when deleting. This is happening in v1.1.3 branch.

Steps to Reproduce

1. Create an API with Nodejs with service name Foo-Foo and namespace Foo-names
2. Delete the service and the deletion fails.

Expected behavior:
Deletion should not fail.

Actual behavior:
Delete service of API created using case sensitive name fails.

Reproduces how often:
100%

Additional Information

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-32

Description

Travis builds fail with message - 'No Rakefile found' even if the language is set as node_js in travis.yml

Steps to Reproduce

1. Merge any branch to master which should kick off a travis build job
2. Go to https://travis-ci.org/tmobile/jazz/builds/ and latest build will fail with error - 'No Rakefile found'

Expected behavior:
Travis build should be marked as green if the corresponding tests pass as configured in https://github.com/tmobile/jazz/blob/master/.travis.yml

Actual behavior:
Unit tests are not getting triggered even if configured in travis.yml. Travis fails to identify that the language is node_js. This could be because Travis could not find .travis.yml during build phase and then defaults to ruby for the build language. Since rake is not configured as part of the pre-build step here, every build fails with error - 'No Rakefile found'.

Reproduces how often:
100% reproducible

Description

All repositories are getting created as public by default.

Steps to Reproduce

1. Install Jazz and browse to the repositories that are created (w/o logging in)

Expected behavior:
The repositories should prompt for user credentials to view code

Actual behavior:
All repositories are accessible w/o login

Reproduces how often:
100%

Allow developers to create website with React+Redux setup using the template.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-15

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-21

Description

During install, admin user is created by default. When new users register and create their services, the admin dashboard now shows all other user services.

Steps to Reproduce

1. Register a new user
2. Create a new service using the new user account
3. Login using the admin user. Dashboard now shows the new user service

Expected behavior:
Admin dashboard shouldn't show other user services

Actual behavior:
Admin dashboard shows other user services

Reproduces how often:
100%

Description

Service description is being ignored when creating a service

Steps to Reproduce

1. Create a service and specify name, namespace along with description
2. Click submit.

Expected behavior:
When I click on service that I created, the service description should match what the user specified

Actual behavior:
Generic service description ("{namespace} - {servicename}" is available

Reproduces how often:
100%

Description

Websites with svg files cannot render using Jazz services

Steps to Reproduce

1. Create a Jazz service with the website template
2. Clone the repo
3. Add a svg file and reference it in your html
4. Push code and once the website is deployed check for the page with svg.

Expected behavior:
Page renders the image

Actual behavior:
Missing image icon rendered by browser

Reproduces how often:
100%

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-19

Description

Currently, there are no restrictions on length for service name & namespace during service creation. We have many internal components (s3 buckets, cloudfront distributions, api paths etc.) that will rely on these two user supplied values. If the user attempts to create services with longer names, some of the internal workflows (bucket/cloudfront creation) might fail during deployment/provisioning time. We can enhance the user experience if we can either detect these during service creation or apply restrictions on the length of these values (we already have restrictions on characters that we can use for service name & namespace). Observed the issue during website creation but similar issues can be reproduced for other service types.

Steps to reproduce

1. Login & create a service of type: website
2. Provide longer values (30 characters for example) for service name & namespace.
3. Service creation will be successful but the first deployment fails during cloudfront creation with message like this - "An error occurred (InvalidArgument) when calling the CreateDistributionWithTags operation: The parameter CallerReference is too big."

If Jazz admin enables dedicated S3 bucket per service, similar error can be reproduced during bucket creation (maximum length allowed for bucket names = 63 characters. Ref: https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html)

Expected behavior:

• If UI is being used for service creation, user shouldn't be allowed to provide longer values for service name & namespace.
• If API is being used for service creation, API should throw input invalidation error when user supplies longer values for service name & namespace.

Actual behavior:
Service gets created successfully but the first deployment fails with message similar to the above.

Reproduces how often:
Always

Additional notes
UI & underlying API should not allow user to use longer values for service names & namespace. Define a maximum limit for the length on these values.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-24

Description

Deletion of API fails if the API getting deleted is the last one

Steps to Reproduce

1. create two API services
2. Delete both the API one by one
3. The first one will be deleted but the second one would not and fails

Expected behavior:

All the API created should get deleted

Actual behavior:
The last API created is not getting delete

Reproduces how often:
Can be reproduce.

Additional Information

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-31

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-22

Description

Jazz UI bypasses password policy and accepts 7 characters password during registration and triggers the registration flow(even though the UI highlights 8 characters policy).

Steps to Reproduce

1. Enter less than 8 characters in Jazz UI.
2. Click the register button.
3. Registration workflow is triggered even when the password policy is violated.

Expected behavior: Disable the register button unless password policy validation succeeds.

Actual behavior: New users can register even with password policy violation

Reproduces how often: Always

Additional Information

Can you reprodue this issue on our demo site? If you can, please share your service as well as namespace to help us quickly troubleshoot the issue.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-28

Description

Currently all/most Jazz configuration is driven by a JSON file that is checked into whatever configured Git repo we have at install time.

If anyone or anything wants to programmatically update this config file after install time, knowledge of the specific Git URL, file path, git credentials, config file format, and other things are required.

Our forays into feature installers in jazz-installer are starting to point this area out as a weak spot, every feature installer needs to collect that information.

It seems as if this is pointing us to a logical extension point: Some sort of core function API that allows you to programmatically update Jazz config dynamically, either by updating that config file in the repo behind the scenes, or by some other method.

Description

Service creation for API/lambda using python fails for scenario 2 & 3

Steps to Reproduce

1. Install Jazz and choose scenario 2 or 3.
2. Once installation is complete, login into Jazz
3. Create a service of type API or Lambda and choose python as your runtime

Expected behavior:
Service gets created successfully

Actual behavior:
Service is never created

Reproduces how often:
100%

After the user installs a service and invokes it, no logs are visible within the Jazz UI. Refresh of the page also doesn't update the logs view.

Currently Jenkins jobs take the auth token from the logged in user as a parameter.

is-service-available checks for services using SCM (bitbucket in this case). This can issues where a repo hasn't been created yet and another user checks for the same combination.

Description

A few unit tests are broken in the logs microservice (referenced in this forked repo: suryajak@6b5afc0) which will need to be fixed once this is merged to master.

Steps to Reproduce

1. Uncomment the tests in the referenced commit and run the unit tests

Expected behavior: [What you expect to happen]
Tests should pass

Actual behavior: [What actually happens]
Tests fail

Reproduces how often: [What percentage of the time does it reproduce?]
100%

Description

Please provide a way to attach Lambda authorizer for an api. Maybe in deployment-env.yml or swagger.json. If we attach authorizer manually to an api then it gets removed every time when we do a new deployment for that api.
Please guide me to documentation if this feature already exists.

Sounds like a cool new feature which was long missing but essential for real application development - Perfect for packaging and deploying Jazz reusable pieces like logger, config and other utility modules (literally everything from components folder in Jazz). Also supports versioning

Description

Current implementation of logs feature using Elastic Search managed service is apparently very expensive. Found that just 5 days of Jazz usage bumped up the cost to 5+K INR and the Elastic Search instance itself took more than 65% of the total costs.

Need a smarter and cost-effective solution for Logs feature as this can become a showstopper.

Description

This sounds like a limitation that Jazz should be installed in the same account where the User services should be eventually deployed. It would be nice if the deployment target (The account where the User Services are deployed) is a configurable and Jazz allows deployment to a different account, not necessarily the same account.

Description

Lambda based cron jobs aren't getting executed at the requested time intervals

Steps to Reproduce

1. Create a service of type Lambda and choose event schedule as Cron expression
2. Set you desired interval

Expected behavior:
Lambda gets executed at the desired interval

Actual behavior:
Lambda isn't getting invoked at the desired interval

Reproduces how often: [What percentage of the time does it reproduce?]
100%

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-16

Description

Automated build and deployment for Jazz website is not available. Currently users have to go through manual steps and figure out how to build and deploy changes made to Jazz website

Description

When checking dev/platform/is-service-available for an existing service with proper domain and service_name credentials; the output will indicate service doesn't exist if the service_name isn't all lowercase.

Steps to Reproduce

Expected behavior: [What you expect to happen]

Actual behavior: [What actually happens]

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-33

Description

Users should be able to develop and deploy functions in Go & deploy them to specific deployment targets.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-17

we are bean using the JAZZ to build our services for a long time and we have successfully created more than 30 services till now which are working great.
we have installed it on AWS instance ( I1 ) and now we would like to migrate this to a different Instance ( I2 ) of another AWS account.

Can we migrate all the 30 plus services without recreating them or using the existing repositories?

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-14

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-23

Description

I have a website built using hugo. In that website for the redirection to work, I need to add a custom lambda to it. Right now I have to add it manually to the cloud front behavior. So every time the site gets redeployed, the lambda function associated with it gets cleared.

So an option to add the custom lambda from deployment file would be really helpful.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-26

Description

Expand the default .gitignore for Java projects. Consider these entries:
https://github.com/github/gitignore/blob/master/Java.gitignore

Steps to Reproduce

1. Create a new Java 8 project in Jazz
2. git clone the created repository
3. Note that the .gitignore isn't ignoring everything it should

Expected behavior: *.class and other ignorable files are ignored

Actual behavior: *.class and other ignorable files are not ignored

Reproduces how often: Every time

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-29

Description

Deleted services show up on Jazz UI

Steps to Reproduce

1. Create a new service (API/Lambda/Website)
2. Wait until the service becomes active
3. Delete the service and wait for it to go to "deletion_completed" state

Expected behavior: [What you expect to happen]
Deleted services (inactive) do not show up on the UI
Actual behavior: [What actually happens]
Deleted services (inactive) show up on the UI
Reproduces how often: [What percentage of the time does it reproduce?]
All the time

Additional Information

Can you reprodue this issue on our demo site? If you can, please share your service as well as namespace to help us quickly troubleshoot the issue.
Yes. Namespace: suryajtest Service: test-delete

Description

Jazz UI code isn't available for development and contribution

Steps to Reproduce

1. Clone Jazz-core and look for Jazz UI code for making changes

Expected behavior: [What you expect to happen]
Source code is available for making code changes

Actual behavior: [What actually happens]
No source code available for UI changes

Reproduces how often: [What percentage of the time does it reproduce?]
100%

Additional Information

Have you read Jazz's Code of Conduct? By filing an Issue, you are expected to comply with it, including treating everyone with respect: https://github.com/tmobile/jazz/blob/master/CODE_OF_CONDUCT.md

Do you want to ask a question? Are you looking for support? Connect with us on Slack to get help.

Description

User email validation during login seems to fail when the email address has an upper case character.

Steps to Reproduce

1. Launch the Jazz UI and click on login button
2. Use a upper case letter in a valid user email address

Expected behavior: Client side validation for email address should pass

Actual behavior: User sees an error "Please enter a valid email"

Reproduces how often: 100%

Additional Information

Can you reprodue this issue on our demo site? If you can, please share your service as well as namespace to help us quickly troubleshoot the issue.

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-30

Description

Stack admin cannot login into their configured SCM (Bitbucket or Gitlab) using their Jazz credentials.

Steps to Reproduce

1. Install Jazz and choose scenario 1 or 2 or 3.
2. Provide your Jazz admin email address
3. Once installation is complete, login into your SCM using Jazz admin credentials

Expected behavior:

1. Login should work like it does for newly registered users

Actual behavior:

1. Login fails

Reproduces how often:
100%

Description

Upon registering for a new account and verifying the email, the new user is unable to login to the app and an alert shows that the user does not exist. Login is most likely case-sensitive and only accepting emails in all lowercase, a user entering credentials any other way will encounter this issue.

Steps to Reproduce

1. Reigster for a new account
2. Click on the email confirmation link when the email is received in your inbox
3. After verification, attempt to login to the app and alter the case :
   ex: registered name = ("[email protected]", "[email protected]") but the only accepted name upon login is probably ("[email protected]")

Expected behavior: [What you expect to happen]
The user should be forwarded to services portal after successful login

Actual behavior: [What actually happens]
If username isn't in all lower case, the user is rejected and popup states user doesn't exist

Description

Jazz admin cannot create any new services when using scenario 3 (Gitlab)

Steps to Reproduce

1. Install Jazz and choose scenario 3 (Gitlab).
2. Once installation is complete, login into Jazz using admin credentials
3. Create a service of any type

Expected behavior:

1. Service should be created successfully

Actual behavior:

1. Service creation fails

Reproduces how often:
100%

Description

Users receive error emails during Website delete which is then followed by success email

Steps to Reproduce

1. Create a website service
2. Once the website service is active, delete the service

Expected behavior:
Get confirmation email about successful deletion of the service

Actual behavior:
Users get an email with subject "Jazz Service Deletion Notification" with the following body:

Service deletion FAILED for service : {service name }in the namespace : {namespace}

For more details, please click this link: {link to logs}

Reproduces how often:
With the above steps, it reproduces 100% of the time

Description

Currently there is if else condition to check for SCM type which is very specific.

The code needs to be improved to handle different SCM types more generically which can handle bitbucket, gitlab, github, etc by importing different modules based on scmTypes as shown below
Here I am following convention to define objects keys and the files to make my code flexible.

function(scmType) {
const scmTypes = {
'default': require('./defaultSCM'),
[scmType]: require(./${scmType})
};

     try {
        scmTypes[scmType]();
    } catch(ex) {
        console.log(ex);
        scmTypes['default']();
    }
}

Aha! Link: https://t-mobile1t-mobile.aha.io/features/JZ-25