I'm actually curious to know is there any way to get the user who created a specific object in kubernetes. I am using kubernetes client-go library.
from my understanding kubernetes object doesn't hold any user-meta information. So how should I approach this ?
You can write a custom admission webhook which mutates the CRUD request for any object coming to kubernetes API server and add the user as a label to the object.This way you will always know who created the object by looking at that label. Also make sure to use validation admission webhook to reject any edit by the users to that label so that the information can not be changed or tampered.
Auditing describes the who, when and what: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/. I think the way that you use it is to configure a logging backend which stores the logs and then allows you to query what happened.
Related
I am trying to convert my REST API into graphql using AWS app sync, the problem is I am unable to fine the right method or documentation on how to do it.
I have successfully created a schema, I am trying to give a resolver for it, but I am not sure what is the right way to do it.
The problem was the creation of a pipeline, I changed actions > update runtime > Unit Resolver (VTL only). and then selecting the HTTP request as a data source was open for me to use. the document does not seem to have this information, anyways if you play with it for some time, you can get it (quite frustrating, ngl).
My idea is to create a microservice approch with graphql and serverless.
I'am thinking about creating a service for every table in the dynamodb and then create a apigateway service, and in the apigateway service use graphql-tool to stitch the schemas together.
This work pretty good and I'am satisfied.
But now I want to add authorization to my graphql queries and mutations.
I have added a custom autherizer in the apigateway that resolves the JWT token from the client and sends it to the graphql context with the userId
But now I want to add authorization to my resolvers.
What is the best approach for this?
I want it to be as moduler as possible and and best (i think) is to add the authorization in the apigatway service so my other service stay clean. But I don't know how?
Any ideas?
You may want to look into AppSync from AWS. It will handle a lot of this for you; authorizers, querying DyanmoDB, etc.
I've built Lambda APIs using Apollo GraphQL and exposed them through API Gateway. I then used Apollo's schema stitching to connect them together. There's one really important caveat here: It's slooow. There's already a speed penalty with API Gateway and while it's acceptable, imagine jumping through multiple gateways before returning a response to a user. You can cache the schema which helps a bit. Your tolerance will depend on your app and UX of course. Maybe it's just fine - only you (or your users) can answer that.
That note aside, the way I handled auth was to accept an Authorization header and make a check manually. I did not use any custom authorizers from API Gateway. I was not using Cognito for this so it talked to another service. This all happened before the resolvers. Why are you looking to do the authorization in resolvers? Are there only some that you wish to protect? Access control?
It may not be best to add the custom authorizers to API Gateway in this case...Because you're talking about performing this action at the resolver level in the code.
GraphQL has one POST endpoint for everything. So this is not going to help with configuring API Gateway auth per resource. That means you're now beyond API Gateway and into the invocation of your Lambda anyway. You didn't prevent the invocation so you're being billed and running code now.
So you might as well write your custom logic to authenticate. If you're using Cognito then there is an SDK to help you out. Or take a look at AppSync.
I want to create processer-group in Nifi.from somewhere I will get the tenant name Based on tenant I want to make processer-group, is it possible through programmatically? Please reply
As #daggett pointed out in the comments, the Apache NiFi REST API provides documentation on the expected input and response of every API method. To discover the correct method(s) to perform a task, it is often easiest to use the NiFi UI with your browser's developer tools open. The NiFi UI is a reference implementation of an API client, as all UI activities are performed using the API. Simply execute the desired task (i.e. drag a process group onto the canvas and enter a name) and watch the resulting requests fire in the developer tools window.
We are developing a WebApi2 application. Users can use the REST API using their specific API key. I am investigating how to setup Application Insights to be able to see the usage of the REST API endpoints per user.
I have been experimenting with using telemetryclient.TrackPageview(endpoint-ID) and telemetryclient.TrackEvent(endpoint-ID), but I am not sure if this is the right way to go. And how should I pass the user-ID (API-key) in the tracking call? As telemetryclient.Context.User.Id? Or using properties or some other way? I would like to be able to use the user-ID to aggregate/segment the pageviews/events that were registered for that particular user. Any ideas are welcome!
I'd suggest using the built in properties, like context.user.id whenever possible, and then custom properties after that.
Currently in the portal, from the search view you can then find an item for any user, then use the "related items" to view "all telemetry for this user" to see all of the items.
Then can use the App Analytics portal to do queries (click the "analytics" button toolbar in the overview blade for your resource azure portal to go to the AA site for that resource), and that service lets you write much richer queries.
in those queries, it's easiest to group/filter on the "built in" properties, for custom properties you have to write a little bit more complicated queries to parse the values out of custom code.
I'd like to be able to add custom info about a place (specifically restaurants) through the API so that this can be queried later down the line by my app. i.e. display this custom info on the ShowInfoWindow. Is this currently possible?
If not what would be the best way of doing this? Seen as I'm already hooked up to Google App Engine/Console, would it be sensible to create a custom database here that I can query for my own custom info as well as the places API for other info?
The Google Places API doesn't provide any way to upload custom fields for places.
So yes, I'd recommend making your own database. Store your custom data for the Places API results keyed by Place IDs to make it easy to fetch your info for any Places API result.
Yes you can add request using HTTP POST request.
Check this link https://developers.google.com/places/web-service/add-place