- Logging, how does Morgan work?
- Better working environments for development
-
Plausibility check at API startup? For kickstarter? Into portal-env? Important for BLUE/GREEN
- Subscriptions for plans which do no longer exist?
- Subscriptions for plans which are not assigned to an API
- Missing env vars
-
Env variables in other things than globals.json:
- apis.json
- plans? groups?
- config
-
Check for touch file in dynamic config; not present, set password of admin user
- Document email address of admin user.
-
Get User by mail/password must be POST, not GET
- remove GET, update Swagger
-
Protected API swagger files cannot be retrieved, even with forUser
-
Add user ID and utc date to all records; granularity?
-
Encryption of API Keys and Credentials before persisting?
- For Subscriptions
- For Users (Client ID and Secret for Portal access)
-
"Unhealthy" status for portal and kong in production?
- Make health ping return last error message (if applicable); may help in error checking
- portal-mailer
- portal-kong-adapter
- portal-chatbot
- Make health ping return last error message (if applicable); may help in error checking
-
Separate end point for API, OAuth 2.0 for Portal API?
- Implementation in kong-adapter
- Changes to enable in API
- Changes in portal to display/create these credentials
- Kickstarter option to enable (currently undocumented feature)
-
Enable listening to
X-Consumer-Custom-IDin addition toX-UserId(for OAuth 2.0 CC scenarios) -
Serving PDF files, also with user group checking
-
Split API in "public" and "private" parts for /portal-api/v1 end point
- In portal-api code
- Create two Swagger files
- Document that shit
-
Notation ${ENV_VAR} in env-reader
-
Mapping of Groups from ADFS group
-
Auto-map of validated users to specific group "dev"
-
User Delete
- By himself
- By Admin
-
OAuth2 Credentials on applications page
-
Sessions in local storage - in file
-
desc.md for APIs is not displayed, methinks
- api.jade
- and apis.jade?
-
Kong Swagger UI does not work
-
Swagger UI has to be adapted to color scheme (and logo)
-
Applications page looks bad
-
/applications should contain only the applications, /applications/:appId should contain subscriptions. It's crap right now.
-
/apis/:apiId page looks crap
-
Do we need a /plans/:planId page? --> No, solved with popover on APIs
-
Input validation of User name and email? XSS?
-
Hide user IDs from normal users in normal cases? /users/me?
-
Check Referrer in portal? No
-
Anti-XSRF Tokens for Forms? ==> Would break the Portal's UI API, but could make sense? https://github.com/expressjs/csurf
-
Make validation check for Swagger optional (or switch it off by default)
-
Panels with collapsible header: Add glyphicon
-
Support for Tags
- On APIs
- On Content
- Drag out configuration for mailer into globals/mailer? idem globals/chatbot?
- Chatbot messaging when pinging goes bad.
- Refactor Mailer to look like Chatbot (interesting events) - really? Prio 3
- Sending out mail for new subscription approvals
- Switching off mail entirely? See globals.yml
- Mail with unsecure SMTP (not smtps://), settings?
- Send mails at failed webhooks/when the pinging goes bad?
- Optimize Kong Adapter, just a little at least, so that it doesn't react e.g. on user changes
- Optimize listeners/we hooks, allow filtering of events (for entity probably?) - Prio 3 - needed?
- Enable Kong Adapter to talk to a different Kong instance (in case you already have one)
- Enable passing a header to the Kong backend (e.g. Basic Auth credentials)
- Pass white lists of consumers and APIs which are not touched
- Kong-Adapter Unit Testing
- /deploy API must be routed to /api/deploy (with rate limiting)
-
Static config not updated when deploying
-
Kickstarter must work with .env instead of .json --> and back again
-
jade in addition to markdown for content
-
Use Docker internal URL for mapping of
/swagger-uiinto Kong; local testing scenario? -
Restrict plans by group --> enables visible APIs which cannot be subscribed to.
- Implementation in API
- Unit tests for API
- Implementation in Portal ("sorry, no plans available")
- Implementation in kickstarter
-
Artifactory as npmjs mirror? How does that work?
-
Local setup with Docker, all in docker (portal development)
-
Local setup with Kong in Docker, node native; different compose file needed?
-
Let's Encrypt?
-
Howtos:
- Completely new setup
- Update kong
- Update PGSQL
- Update wicked portal
- Development/contribute
-
How to run kickstarter? npm Module? Docker? With tooling script? --> Docker
-
travis.ci? github build engine? How to build images? --> AWS go.cd (Markus)
-
Optimization of Dockerfiles
- everything in portal-env for node_modules?
- Setting up correct packages.json? "prepare_release" node executable?
-
Restructuring the repo? Can we keep it as is? If Dockerfiles are optimized
- wicked.haufe.io can contain all the sources and docker files plus scripts for building the images
- wicked.tools can contain tooling for
- Starting the Kickstarter --> documentation (or? sh?)
- [-] Deploying an entire APIm --> documentation
- [-] Deploying a change of static config --> documentation
- Backing up? Restoring?
- [-] Updating wicked --> documentation
- [-] Updating Kong and Postgres --> documentation
- How granular does this need to be?
-
Backing up dynamic config regularly
- backup/restore-Container? Azure? AWS? Plain file? scp of tgz?
- export and import endpoints which can be used for this
-
Does all this actually work on Windows?
-
With start.sh, after a partial deploy (of static config), Kong seems to hiccup (only returns 503) (irrelevant)
-
Deployment Tools docker image? ==> No, wicked.portal-tools repository.
- Integration system; simple integration tests
- For pure portal development (tool build pipeline)
- Login
- Create application
- Create subscription for a sample API
- Retrieve API key
- Make an API call using the new key
- Simpler variant: predefined user, key for a specific API, check that Gateway responds correctly after being deployed
- Integration tests locally
- For portal; document portal API?
- See above for simple test cases/the most basic ones
- Testing of Kong adapter?
- Mailer/Chatbot?
- Logging
- Make all servers log JSON in a coherent way
- Log file/logging container? Fluentd?
- Can we surface logs in the UI? Do we want to? Probably not, other best practices with docker? Recipe for simple log viewing using docker?
- Restarting containers with DEBUG set to something else?
-
Blue/green deployment? See BLUE_GREEN.md
-
Forwarded for... https://tools.ietf.org/html/rfc7239
- Implementation in kong-adapter (%%Forwarded)
- Support in kickstarter
-
Create SSL certificates for testing purposes in the kickstarter?
- How to get certificates into the deployment process?
- First draft to be finished
- Plans configuration
- Implementing API configuration
- Which plugins?
- Everything else
- Title and footer on design page
- Content pages (how much?)
- Adding APIs, creating templates
- Does deleting an API also delete Swagger and config?
- Check marks when config is missing?
- Admin password in globals.json
- desc.md for /apis cannot be edited
- Some explanatory text on the SSL page
- Support for local/DNS-less configurations?
- fluentd configuration?
- Static Config versioning;
- How does the kickstarter get the initial config?
- Update Steps when loading Configuration
- In Kickstarter
- In Portal-api? Yes. Default fallbacks? ==> NO
- Template Configuration
- Add/remove Header configuration for Plugins
- Add possibility to re-key the deployment secret
- Add button to add default 'localhost' configuration (no, but doc on it)
- Content Tag support
- Issue tracker?
- Over adapter to JIRA, Github?
- Feedback forms (for each page)