# Omantel Workshops Journal ## 2023-11-12 *Sunday* ### 12:00 - 14:00 *Manudeep* - Overview of Azure Function and Logic Apps ## 2023-11-13 *Monday* ### 10:00 - 11:00 *Almuhannad* - Overview of Azure Function and Logic Apps ### 12:00 - 14:00 *Manudeep* - Functions as a Service. Azure Function App, AWS Lambda, Google Cloud Function, Openshift KNative ## 2023-11-14 *Tuesday* ### 08:00 - 09:00 *Yaqoob* - Functions as a Service. Azure Function App, AWS Lambda, Google Cloud Function, Openshift KNative ### 11:00 - 12:00 *Maathir* - Overview of Azure Function and Logic Apps - Functions as a Service. Azure Function App, AWS Lambda, Google Cloud Function, Openshift KNative ### 12:00 - 14:00 *Manudeep* - Serverless framework for quickly building, testing and deploying FaaS to any provider ## 2023-11-15 *Wednesday* ### 12:00 - 14:00 *Manudeep* - Implementation: Structuring a FaaS application so that it is portable and provider agnostic - Implementation: Refactor our FaaS app to interact with the GitLab api ### 14:00 - 15:00 *Yaqoob* - Serverless framework for quickly building, testing and deploying FaaS to any provider ## 2023-11-16 *Thursday* ### 08:00 - 09:00 *Yaqoob* - Implementation: Structuring a FaaS application so that it is portable and provider agnostic - Implementation: Refactor our FaaS app to interact with the GitLab api ### 09:00 - 10:00 *Maathir* - Serverless framework for quickly building, testing and deploying FaaS to any provider - Implementation: Structuring a FaaS application so that it is portable and provider agnostic ### 12:00 - 14:00 *Manudeep* - Implementation: Use best practice to store secrets in provider secret-stores and keep credentials out of source code and configuration - Implementation: Trigger Logic and Function Apps with web hooks that fire when code changes are pushed to GitLab ## 2023-11-19 *Sunday* ### 13:00 - 14:00 *Rahab* - Overview of Azure Function and Logic Apps - FaaS, application portability, provider agnosticism - We had a discussion about a use case brought up by Rahab regarding monitoring of SMS shortcode logs with FaaS and providing Teams notifications about observed data ## 2023-11-20 *Monday* ### 08:00 - 09:00 *Yaqoob* - We abstracted the handling of the gitlab webhook in the FaaS hook endpoint from the Amazon handler, to a common implementation for any provider handler. - We observed that deployments are possible whilst syntax errors and runtime exception triggers are present in code and discussed that we require a mechanism for validating that code builds correctly before deployment and preferably produces warnings about possible runtime exceptions. ### 09:00 - 10:00 *Ibrahim* - We discussed how we might implement a Logic or Function App to observe changes to Openshift deployment environments and provide messaging about change observations and alerting for bustages or deployment anomalies - We discussed the components of the ELK stack and how we might use the existing Omantel stack to extract meaningful messaging and dashboards about application health in deployed environments. ### 12:00 - 13:00 *Faisal* - Overview: Azure Function and Logic Apps - Overview: Refactor our FaaS app to interact with the GitLab api - Overview: Use best practice to store secrets in provider secret-stores and keep credentials out of source code and configuration - Overview: Structuring a FaaS application so that it is portable and provider agnostic ## 2023-11-21 *Tuesday* ### 07:00 - 08:00 *Ibrahim* - https://console-openshift-console.apps.ocpprod.otg.om - https://kibana-openshift-logging.apps.ocpprod.otg.om - https://gitlab.omantel.om/oscp/oscp-spring-ws.git - analysing oscp logs in kibana which currently contains all 3 environment pods in one intermingled journal which provides no meaningful insights. we need to filter out noise and segregate the logs into their respective pods, then do some discovery around which messages are meaningful and what they indicate. when we understand that, we can begin to build a kibana dashboard that visualises glitches in application health and performance and can be used to alert on incidents or issues that require attention. ### 10:00 - 11:00 *Rahab* - Implementation: structuring a faas application so that it is portable and provider agnostic ## 2023-11-27 *Monday* ### 08:00 - 09:00 *Yaqoob* - Implementation: making our gitlab webhook handler robust in the handling of different git event types ### 10:00 - 11:00 *Mustafa, Zahran* - overview: Azure Function and Logic Apps - vulnerability scanning and how we might implement mechanisms to validate release health in the context of security. - certificate validation and how we might implement policies to ensure that all of our environments contain secure, modern x509 certificate maintenance and renewals and how we might develop a chain of trust within an omantel certificate authority (ca). - incident monitoring and how we can use faas workflows to aggregate, filter, prioritise and alert on security incidents. ## 2023-11-28 *Tuesday* ### 08:00 - 09:00 *Yaqoob* - discussion on azure application segregation with resource groups - discussion on securing payload transmission between our openshift gitlab instances and the azure faas implementations within our virtual private network ## 2023-11-29 *Wednesday* ### 11:00 - 12:00 *Yaqoob* - discussion on azure on-premise gateway, access rights and roles for maintenance of workflows ## 2023-11-30 *Thursday* ### 08:00 - 09:00 *Yaqoob* - Yaqoob and I worked through the new Azure account and permissions settings and made some decisions about resource grouping of workflows. - We explored the possibility of deloying function apps to openshift/knative in scenarios where sensitive data is included in the payload or in high bandwidth scenarios where azure pricing is unattractive. ### 11:30 - 12:30 *Mustafa, Zahran* - Zahran clarified that we already have good vulnerability scanning and that what we need in the workflow is tracking of vulnerability fixes. We must adapt the workflow plan to track each vulnerability report and follow repo commits until we are able to resolve a clickup task which tracks each vulnerability - Mustafa and I worked through scaffolding a new function app for sentinel incident observation and alerting. ### 13:00 - 14:00 *Rahab* - Implementation: Refactor our FaaS app to interact with the GitLab api - Implementation: Use best practice to store secrets in provider secret-stores and keep credentials out of source code and configuration - Observation: We encountered issues with the configuration of the omantel gitlab api authentication layer which prevents api requests from reaching their intended destination. We worked around this with the GitLab webhook functionality ## 2023-12-03 *Sunday* ### 08:00 - 10:00 *Yaqoob* logic app design for maturity-matrix/build-health scoring - create a logic app triggered on a daily schedule - use the logic app to get builds from jenkins - (for each app) if there is no nightly build containing sonarqube triggers, create one and create build creation success/failure report - check build timestamp, verify completion in the last 24 hours - create build success/failure report - create build sonarqube stats report - create summary report containing: - nightly-build exists/created/create-failed - nightly-build succeeded/failed/skipped/not-triggered - nightly-build sonarqube stats - upload report to azure storage - determine if report should trigger an action - report suggests intervention required: create a clickup task, link to report - report contains success/failure info: send (teams/email) message, link to report