Currently using the Node ACL module from:
https://github.com/OptimalBits/node_acl
This is working a treat but now the requirement is have to reflect any changes to our security config in our ACL layer.
What Im looking for is a clean way to iterate over the roles defined in our security config, decide whether the permissions/resources have changed and if they have update or remove them.
Here is a sample security config file, take the scenario where 'put' is removed from the resource /projectId.
"roles":{
"itemRole":[
{
"roles":"owner-projectId",
"allows":[
{
"resources":"/projectId",
"permissions": ["put", "post", "patch","get","delete"]
},
{
"resources":"/projectId/settings",
"permissions": ["put"]
}
]
},
{
"roles":"collaborator-projectId",
"allows":[
{
"resources":"/itemId",
"permissions":["put","post", "patch","get"]
},
{
"resources":"/api/resource/itemId",
"permissions":["put", "post", "patch","get"]
}
]
},
{
"roles":"spectator-newId",
"allows":[ ]
},
{
"roles":"admin-newId",
"allows":[
{
"resources":"/api/resource/itemId/update",
"permissions":[ "put"]
}
]
}
]
}
The following query will allow me iterate over the different roles and return all the allows for that resources, these allow_* should match what is currently in the security.config:
db.getCollection('authACLresources').find( { _bucketname: {"$regex":"allows_*"}, key: { '$in': [ 'spectator-2bc240c6ffa988260b501922' ] }})
I can then look at the different permissions and compare - just wondering if there is a better way to do this? I know the node ACL module has a method called whatResources but doesn't give you the permissions just the resources.
Related
So I create following bicep based on https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/2022-05-01/storageaccounts/managementpolicies?pivots=deployment-language-bicep.
It works fine and creates rule, however it deletes all the existing rules. Even they are more than one rule (all different names of course), it delete all the existing rules and replace it with one rule in the bicep script. What am I missing?
resource storage_lifecycle 'Microsoft.Storage/storageAccounts/managementPolicies#2022-05-01' = {
name: 'default'
parent:storageAccount
properties: {
policy: {
rules: [
{
name: 'lifeCycleRule'
enabled: true
type: 'Lifecycle'
definition: {
filters: {
blobTypes: [
'blockBlob'
]
}
actions: {
baseBlob: {
tierToCool: {
daysAfterModificationGreaterThan: 30
}
tierToArchive: {
daysAfterModificationGreaterThan: 30
}
delete: {
daysAfterModificationGreaterThan: 30
}
}
}
}
}
]
}
}
}
Based on this stack answer: Unable to add new rule in Storage Management Policy on Azure, and my experience with Azure API Gateway, you will need to add the existing rules to the new policy.
I am able to use the below JSON through POSTMAN to run my Databricks notebook.
I want to be able to give a name to the cluster that is created through the "new_cluster" options.
Is there any such option available?
{
"tasks": [
{
"task_key": "Job_Run_Api",
"description": "To see how the run and trigger api works",
"new_cluster": {
"spark_version": "9.0.x-scala2.12",
"node_type_id": "Standard_E8as_v4",
"num_workers": "1",
"custom_tags": {
"Workload": "Job Run Api"
}
},
"libraries": [
{
"maven": {
"coordinates": "net.sourceforge.jtds:jtds:1.3.1"
}
}
],
"notebook_task": {
"notebook_path": "/Shared/POC/Job_Run_Api_POC",
"base_parameters": {
"name": "Junaid Khan"
}
},
"timeout_seconds": 2100,
"max_retries": 0
}
],
"job_clusters": null,
"run_name": "RUN_API_TEST",
"timeout_seconds": 2100
}
When the above API call is done, the cluster created has a name like "job-5975-run-2" and that is not super explanatory.
I have tried to use the tag "cluster_name" inside the "new_cluster" tag but I got an error that I can't do that, like this:
{
"error_code": "INVALID_PARAMETER_VALUE",
"message": "Cluster name should not be provided for jobs."
}
Appreciate any help here
Cluster name for jobs are automatically generated and can't be changed. If you want somehow track specific jobs, use tags.
P.S. If you want to have more "advanced" tracking capability, look onto Overwatch project.
I am developing a custom vsts extension for a release task which have a picklist which has values populated from the REST endpoint data source ( my storage account ). I am following this blow link as reference.
https://learn.microsoft.com/en-us/vsts/extend/develop/service-endpoints?view=vsts
I have uploaded my extension but the picklist is not populating with values in the task.
Below are the configurations that I have done.
vss-extension.json:
{
“manifestVersion”: 1,
“id”: “build-release-task”,
“name”: “My Custom release task”,
“version”: “0.0.1”,
“publisher”: “custext”,
“public”: false,
“targets”: [
{
“id”: “Microsoft.VisualStudio.Services”
}
],
“description”: “A picklist which has values populated from the REST
endpoint data source. Includes one build/release task.”,
“categories”: [
“Build and release”
],
“icons”: {
“default”: “images/extension-icon.png”
},
“files”: [
{
“path”: “buildAndReleaseTask”
}
],
“contributions”: [
{
“id”: “service-endpoint”,
“description”: “Service Endpoint type for custom Storage connection”,
“type”: “ms.vss-endpoint.service-endpoint-type”,
“targets”: [ “ms.vss-endpoint.endpoint-types” ],
“properties”: {
“name”: “custom”,
“displayName”: “Custom server connection”,
“url”: {
“displayName”: “Server Url”,
“helpText”: “storage end point url.”
},
“dataSources”: [
{
“name”: “Storage Account”,
“endpointUrl”: “{{endpoint.url}}test/?restype=container&comp=list”,
“resultSelector”: “xpath://EnumerationResults/Blobs/Blob/Name”
}
],
]
}
],
“helpMarkDown”: “Learn More”
}
},
{
“id”: “custom-build-release-task”,
“type”: “ms.vss-distributed-task.task”,
“description”: “Task with a dynamic property getting data from an
endpoint REST data source”,
“targets”: [
“ms.vss-distributed-task.tasks”
],
“properties”: {
“name”: “buildAndReleaseTask”
}
}
]
}
task.json:
{
“id”: “325958a0-63b7-11e6-88a5-f7c7f66e6264”,
“name”: “dropdownlist”,
“friendlyName”: “Drop down list”,
“description”: “Lists the db files”,
“helpMarkDown”: “Custom release task.Drop down list”,
“category”: “Utility”,
“visibility”: [
“Release”
],
“author”: “satyam”,
“version”: {
“Major”: 0,
“Minor”: 1,
“Patch”: 0
},
“instanceNameFormat”: “dropdownlist $(message)”,
“groups”: [
{
“name”: “advanced”,
“displayName”: “Advanced”,
“isExpanded”: false
}
],
“inputs”: [
{
“name”: “CustomService”,
“type”: “connectedService:custom”,
“label”: “Storage end point”,
“defaultValue”: “”,
“required”: true,
“helpMarkDown”: “Select the storage account to use. If needed,
click on ‘manage’, and add a new Service Endpoint of type
‘Custom server connection'”
},
{
“name”: “Scripts”,
“type”: “pickList”,
“label”: “saasscripts”,
“required”: true,
“helpMarkDown”: “Select the name of the saas script.”,
“properties”: {
“EditableOptions”: “True”
}
}
],
“dataSourceBindings”: [
{
“target”: “Scripts”,
“endpointId”: “$(CustomService)”,
“dataSourceName”: “Storage Account”
}
],
“outputVariables”: [
{
“name”: “dbfile”,
“description”: “Application URL of the selected App
Service.”
}
],
“execution”: {
“Node”: {
“target”: “powershell.js”
}
}
}
endpointUrl: I tried with following ways in endpointUrl in datasources (vss-extension.json)
{{endpoint.url}}test/?restype=container&comp=list
2.https://mycontainername.blob.core.windows.net/test/restype=container&comp=list
The picklist is not populated with the blob contents.
I guess problem in above issue might be unable to parse the azure storage blob list response type. the rest api response includes BOM (” ) at that start of the XML file which might be cause of the parsing.

Is there any way or workaround to change the azure blob rest api response to exclude BOM (” ) or changing the response to JSON format.
I have list of servers which has public access only if you have the key value.
Basically if user has object key, then he can retrive complete child object. but he should not be allowed to access list of objects.
Example of the object
{
"servers": { // list of server
// list should not be access directly - no anonymous access
"key1": { // this object can be access anonymously, if user knows the key
"name": "linux"
//...
},
"key2": {
"name": "ubuntu"
}
}
}
How can I make such security rule in firebase for above object?
Simple:
{
"rules": {
".read": false,
"servers": {
"$serverid": {
".read": true
}
}
}
}
Since the root is not readable, /servers is also not readable and only once you have a /servers/$serverid does the read action become valid.
This and many similar topics are covered in the Firebase guide on Security & Rules.
Is it possible to do that? I am playing with their explorer and I can't get the information of members..I just need to count members.
https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=https%3A%2F%2Fwww.facebook.com%2Fgroups%2Ffree.code.camp.you.can.do.this%2F&version=v2.5
All groups are open/public. Is there any npm module that can do that?
First, you need to get the Group ID with the Search API: /search?type=group&q=free.code.camp.you.can.do.this
The Group ID is "1013157175381620", so that´s what you can use to access the members:
/1013157175381620/members
Now you have to use that API endpoit to get all members and count them. Most likely you will need to use Paging to get all of them: https://developers.facebook.com/docs/graph-api/using-graph-api#paging
Or even better: /1013157175381620/members?summary=true&limit=1
Result:
{
"data": [
{
"name": "...",
"administrator": false,
"id": "..."
}
],
"paging": {
"next": "..."
},
"summary": {
"total_count": 529
}
}