threejs risk-based heatmap
Перейти к файлу
Jeff Bryner 6c32cee8f4 clean up 2018-11-21 09:06:44 -08:00
heatmap fix up filter to properly handle missing json entries 2017-11-10 15:43:45 -08:00
observatory add observatory dir 2017-07-14 16:14:58 -07:00
templates remove unused templates 2017-07-16 15:45:22 -07:00
.gitignore add ignore 2018-11-20 16:25:54 -08:00
CONTRIBUTING.md Create CONTRIBUTING.md 2017-02-13 08:46:37 -08:00
MANIFEST.in Replaced with base flaskoktaapp 2016-05-04 14:49:47 -07:00
Pipfile pipfile 2018-11-20 16:27:08 -08:00
Pipfile.lock update pip lock file 2017-07-14 16:17:25 -07:00
README.rst readme updates 2017-07-14 15:13:13 -07:00
app.py clean up 2018-11-21 09:06:44 -08:00
attach_policy.json add attach_policy 2017-07-14 16:13:25 -07:00
auth.py new zappa versions 2017-05-30 11:33:26 -07:00
config.dev.yml new dev config 2018-11-20 16:26:39 -08:00
config.py sync with new flask oidc module 2018-11-20 16:26:27 -08:00
env.example new zappa versions 2017-05-30 11:33:26 -07:00
package.json serverless package 2018-11-20 16:27:52 -08:00
risks.json add sample risks.json file 2017-06-05 13:09:46 -07:00
serverless.yml serverless config 2018-11-20 16:26:51 -08:00
zappa_settings.yml update zappa settings 2017-07-14 16:15:42 -07:00

README.rst

Overview
========

A dashboard site for the risk heatmap and the observatory dashboard.
Hosted in AWS, lambda/serverless via the zappa framework. 

The risk heatmap and observatory dashboard are just plain html/js files. The AWS/Zappa bits are just for scaling and authentication.


Environment
-----------
The easiest way to mimic the AWS lambda environment is to use a docker container that matches the architecture. Especially helpful with crypto libraries used in OIDC authentication:

Container:
==========
    Get one from: https://github.com/danielwhatmuff/zappa
    
    docker pull danielwhatmuff/zappa
    
    or
    
    git clone git@github.com:danielwhatmuff/zappa.git && cd zappa && docker build -t zappa .

Enter the container in your working directory with a zappa shell:
    docker run -ti -v ~/.aws:/root/.aws -v /path/to/your/project/:/root/your/project zappa bash

Python:
=======
    I like pipenv: pip install pipenv
    https://github.com/kennethreitz/pipenv
    
    
Zappa:
======
    The zappa_settings.yaml file contains the environment settings that will inform the zappa API gateway 'stage' environment.
    Of these the
        SERVER_NAME: fqdn.of.your.web.server.url
    is the most important. Flask will 404 anything sent to it via another URL (ip address, alias, etc)
    For OIDC this also needs to match the relying party (RP) FQDN.
    
    The profile_name should match one in your ~/.aws/config that has reasonable privileges to create the AWS items zappa relies on:
    API Gateway
    IAM Role
    s3 bucket
    lambda function
    
    Something like:
    [profile devadmin]
    role_arn = arn:aws:iam::<accountnumber>:role/<rolename>
    source_profile = default
    mfa_serial = arn:aws:iam::<accountnumber>:mfa/<mfatokenname>
    
API Gateway:
============
    The link between dns and lambda is provided by the API Gateway "Custom Domain" feature. Zappa will create this for you in the us-east-1 region. If not in that region, create
    a custom domain specifying:
    1) The ACM Certificate for your domain
    2) The base path mapping which mapps the url / to the API Gateway stage (likely api-gateway-name:dev)
    3) The cloudfront distribution name (autogenerated by creating a custom domain)
    

Login
-----
This configuration of the riskheatmap uses auth0 OIDC. 


Contacts
--------
Jeff Bryner <jbryner@mozilla.org>
April King  <april@mozilla.org>