experimenter/cirrus
dependabot[bot] 018116ed9b
chore(deps): Bump jinja2 from 3.1.3 to 3.1.4 in /cirrus/server (#10659)
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/releases">jinja2's
releases</a>.</em></p>
<blockquote>
<h2>3.1.4</h2>
<p>This is the Jinja 3.1.4 security release, which fixes security issues
and bugs but does not otherwise change behavior and should not result in
breaking changes.</p>
<p>PyPI: <a
href="https://pypi.org/project/Jinja2/3.1.4/">https://pypi.org/project/Jinja2/3.1.4/</a>
Changes: <a
href="https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4">https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4</a></p>
<ul>
<li>The <code>xmlattr</code> filter does not allow keys with
<code>/</code> solidus, <code>&gt;</code> greater-than sign, or
<code>=</code> equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be
used as keys to this filter, or must be separately validated first.
GHSA-h75v-3vvj-5mfj</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/jinja/blob/main/CHANGES.rst">jinja2's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.4</h2>
<p>Released 2024-05-05</p>
<ul>
<li>The <code>xmlattr</code> filter does not allow keys with
<code>/</code> solidus, <code>&gt;</code>
greater-than sign, or <code>=</code> equals sign, in addition to
disallowing spaces.
Regardless of any validation done by Jinja, user input should never be
used
as keys to this filter, or must be separately validated first.
:ghsa:<code>h75v-3vvj-5mfj</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="dd4a8b5466"><code>dd4a8b5</code></a>
release version 3.1.4</li>
<li><a
href="0668239dc6"><code>0668239</code></a>
Merge pull request from GHSA-h75v-3vvj-5mfj</li>
<li><a
href="d655030770"><code>d655030</code></a>
disallow invalid characters in keys to xmlattr filter</li>
<li><a
href="a7863ba9d3"><code>a7863ba</code></a>
add ghsa links</li>
<li><a
href="b5c98e78c2"><code>b5c98e7</code></a>
start version 3.1.4</li>
<li><a
href="da3a9f0b80"><code>da3a9f0</code></a>
update project files (<a
href="https://redirect.github.com/pallets/jinja/issues/1968">#1968</a>)</li>
<li><a
href="0ee5eb41d1"><code>0ee5eb4</code></a>
satisfy formatter, linter, and strict mypy</li>
<li><a
href="20477c6357"><code>20477c6</code></a>
update project files (<a
href="https://redirect.github.com/pallets/jinja/issues/5457">#5457</a>)</li>
<li><a
href="e491223739"><code>e491223</code></a>
update pyyaml dev dependency</li>
<li><a
href="36f98854c7"><code>36f9885</code></a>
fix pr link</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/jinja/compare/3.1.3...3.1.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jinja2&package-manager=pip&previous-version=3.1.3&new-version=3.1.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/mozilla/experimenter/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-07 15:25:42 +00:00
..
server chore(deps): Bump jinja2 from 3.1.3 to 3.1.4 in /cirrus/server (#10659) 2024-05-07 15:25:42 +00:00
README.md feat(cirrus): Support non-root user (#10494) 2024-03-29 18:42:36 +00:00

README.md

Cirrus

Cirrus is a feature configuration server that allows clients to obtain a set of features based on their provided client_id and context information. This document provides information on setting up the Cirrus environment, including required environment variables and commands for running and testing Cirrus.

Environment Setup

To set up the Cirrus environment, follow these steps:

  1. Create a .env file inside the cirrus/server directory.

  2. Copy the contents of .env.example into .env by running the following command:

    cp .env.example .env
    
  3. Open the .env file and modify the values of the following environment variables:

    CIRRUS_REMOTE_SETTING_URL=https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-web-experiments/records
    CIRRUS_REMOTE_SETTING_REFRESH_RATE_IN_SECONDS=10
    CIRRUS_APP_ID=test_app_id
    CIRRUS_APP_NAME=test_app_name
    CIRRUS_CHANNEL=developer
    CIRRUS_FML_PATH=./feature_manifest/sample.fml.yaml
    CIRRUS_SENTRY_DSN=dsn_url
    CIRRUS_INSTANCE_NAME=cirrus_pod_app_v1
    CIRRUS_ENV_NAME=test_app_stage
    CIRRUS_GLEAN_MAX_EVENTS_BUFFER=10
    
    

    Here's what each variable represents:

    • CIRRUS_REMOTE_SETTING_URL: The URL of the remote settings where the experiments data is stored. In this case, it points to the collection of nimbus web experiments.
    • CIRRUS_REMOTE_SETTING_REFRESH_RATE_IN_SECONDS: The refresh rate in seconds for fetching the experiments recipes from the remote settings. Set it to 10 to retrieve the latest data every 10 seconds.
    • CIRRUS_APP_ID: Replace test_app_id with the actual ID of your application for example firefox-desktop.
    • CIRRUS_APP_NAME: Replace test_app_name with the desired name for your application for example firefox_desktop.
    • CIRRUS_CHANNEL: Replace developer with the channel like beta, release etc.
    • CIRRUS_FML_PATH: The file path to the feature manifest file. Set it to ./feature_manifest/sample.fml.yaml or specify the correct path to your feature manifest file.
    • CIRRUS_SENTRY_DSN: Replace dsn_url with the appropriate DSN value.
    • CIRRUS_INSTANCE_NAME: Replace with the instance name.
    • CIRRUS_ENV_NAME: Replace with the concatenation of project and environment name
    • CIRRUS_GLEAN_MAX_EVENTS_BUFFER: This value represents the max events buffer size for glean. You can set the value from range 1 to 500, by default Cirrus sets it to 10.

    Adjust the values of these variables according to your specific configuration requirements.

By following these steps, you will create the .env file and configure the necessary environment variables for the Cirrus application.

Running as Non-Root User

By default, the Cirrus Docker image runs the application as cirrus/1000/1000. However, if you prefer to run the application as a different user for security reasons, you can build the Docker image with additional parameters.

  • Build the Docker image while specifying the desired username, user ID, and group ID. For example:
docker build --build-arg USERNAME=myuser --build-arg USER_UID=1000 --build-arg USER_GID=1000 -t your_image_name:tag .

Replace myuser with the desired username and 1000 with the desired user ID and group ID.

Commands

The following are the available commands for working with Cirrus:

  • cirrus_build: Builds the Cirrus container.

    • Usage: make cirrus_build
  • cirrus_up: Starts the Cirrus container.

    • Usage: make cirrus_up
  • cirrus_down:cirrus_down: Stops the Cirrus container.

    • Usage: make cirrus_down
  • cirrus_test: Runs tests for the Cirrus application.

    • Usage: make cirrus_test
  • cirrus_check: Performs various checks on the Cirrus application including Ruff linting, Black code formatting check, Pyright static type checking, pytest tests, and documentation generation..

    • Usage: make cirrus_check
  • cirrus_code_format: Formats the code in the Cirrus application.

    • Usage: make cirrus_code_format
  • cirrus_typecheck_createstub: Performs static type checking and creates stub files.

    • Usage: make cirrus_typecheck_createstub
  • cirrus_generate_docs: Generates documentation for the Cirrus application such as openapi schema.

    • Usage: make cirrus_generate_docs

OpenAPI Schema

OpenAPI schema for the Cirrus API

Cirrus Server to get Feature configuration API structure

Api Doc

Cirrus Api Doc for the Cirrus API

Endpoint

POST /v1/features/

  • When making a POST request, please make sure to set headers content type as JSON
      headers: {
              "Content-Type": "application/json",
        }
    

Input

The input should be a JSON object with the following properties:

  • client_id (string): Used for bucketing calculation.
  • context (object): Used for context. It can have any key-value pair.
    • any-key (anytype).
    • language (string): Optional field
    • region (string): Optional field

Note: Make sure to provide a key-value pair when making a call, setting the context value as {} will be considered as False value. For testing you can set value such as

 context: { key: "example-key" }

Example input:

{
  "client_id": "4a1d71ab-29a2-4c5f-9e1d-9d9df2e6e449",
  "context": {
    "key1": "value1",
    "key2": {
      "key2.1": "value2",
      "key2.2": "value3"
    }
  }
}
  • To target clients based on languages you can use key as language and it supports list of languages

Example input:

{
  "client_id": "4a1d71ab-29a2-4c5f-9e1d-9d9df2e6e449",
  "context": {
    "language": "en"
  }
}
  • To target clients based on country you can use key as region and it supports list of countries

Example input:

{
  "client_id": "4a1d71ab-29a2-4c5f-9e1d-9d9df2e6e449",
  "context": {
    "region": "US"
  }
}
  • To target client based on both language and country

Example input:

{
  "client_id": "4a1d71ab-29a2-4c5f-9e1d-9d9df2e6e449",
  "context": {
    "language": "en",
    "region": "US"
  }
}
  • You can make your custom field to target too. Prepare what fields you want to be be able to target on, and then work backwards to construct it and populate a targeting context that will satisfy that. Example input:
{
  "client_id": "4a1d71ab-29a2-4c5f-9e1d-9d9df2e6e449",
  "context": {
    "random_key": "random_value",
  }
}

Output

The output will be a JSON object with the following properties:

  • features (object): An object that contains the set of features. Each feature is represented as a sub-object with its own set of variables.

Example output:

{
  "Feature1": {
    "Variable1.1": "valueA",
    "Variable1.2": "valueB"
  },
  "Feature2": {
    "Variable2.1": "valueC",
    "Variable2.2": "valueD"
  },
  "FeatureN": {
    "VariableN.1": "valueX",
    "VariableN.2": "valueY"
  }
}

Notes

  • This API only accepts POST requests.
  • All parameters should be supplied in the body as JSON.