Remove visible sensitive data SP 107 2023.11.07

This feature introduces Azure Key Vault , it's removes sensitive data from your code, boosting security. Now, keep your secrets safe and code clean effortlessly.

  • Go to the Azure portal  https://portal.azure.com/#home
  • go to "Key vaults" 
  • Search EA Sana dev Platform 
  • SanaPlatform-staging


then go to Secret > select any value 

eg: ApplicationSecrets-AzureWebJobStorage

secret value kept as encrypted

and authorized users can change the sensitive data from here. without hardcoding at the code level.


two types of jobs 

1 Azure portal job (Keep)

2 operation Kubernetes (backup, upgrade, retry, extend trial)

eg:

now in App.config files don't keep any data,



all the details are kept in userSecretsFile.

 userSecretsFile location is "C:\\home\\secrets.xml" (only use for Azure jobs)

by reading those data it will fill the appSettings Key value details 

file inside secrets.xml



in Kubanetise doesn't work like this 
because it doesn't have any c:/ path 

inside the cluster > up the init container 

data initializer  > yellow > green > active 


eg
once the restart or backup starts, it will create a Pod and it will create 2 containers 
1st container downloads the secret json,
2nd Get those data and share with relevant application and Run the application.




Kubanetis 

Backup,Upgrade ,

Dinertrace  















Access Token Single sign Login


Problem : Single sign-on users unable to acess the Sana Platform APIs.

Solution: Intraduce the Personal Access Token feature

This feature is designed to help users who use Single Sign-On but can't access the Sana Platform APIs .

The problem arises because when you log in through Single Sign-On, user don't need to enter a password for the Platform portal.

This means these users can't use the "/api/v1/accounts/authentication-token" API to generate an "Access Token" and use other APIs.

 


Update Role permission> 

Personal Access Token > Manage Personal Access Token




When the new employee comes to the office, office will create a Microsoft login

Then if the person wants to access the Platform Portal,
platform admin will create an account on login to him



user  can activate the account by clicking email confirmation link.


after granting the permission ,usser able use the personal access token feature as folowing

  • Click Personal Access Token (under profile image)


  • Click Create Token> fill details > save
  • Copy User access Token.(token will only appier one time)

  • user can create multiple access tokens (currently 5 records)


when user tried more than 5 time to create accesstokern it will show folowing error. 


sesstion will expire 15 mins











Dynatrace

 Dynatarce is a 3rd party application which used to 

monitor and identify security vulnerabilities on Sana platform-hosted Webstores.

1 instralltion/ webstore has 1 app 

The only basic requirement is hosting level should be Live (Saas/Customized). 

Beta will not monitor.

But if you change the BETA webstore hosting level to LIVE, then monitoring will be available.

and if you change LIVE webstore to BETA, then monitoring will not be available. (but the app will remain)


it will monitor

  • monitor main Webstores  ,  eg : CY_Test
  • monitor its domains separately  

  1. ctest@sana.commerce.com
  2. ctest2@sana.commerce.com
  3. ctest3@sana.test.commerce.com


 Go to >  https://bol50726.live.dynatrace.com/ui/dashboards?gtf=-2h&gf=all



change environment 


1 Live / Production
3 Staging



Verification Point 01
Digital Experience > Web 

1 Is the App created successfully
2 Tags and Detection rules will be created according to Custom domains 

ex : 60908-sccimd52kdkq3q   (Webstore Id + App Name)



you can verify graphs are enabled on the test 


disable graphs look the following.



Verification Point 02

Digital Experience > Synthetic
Search by webstore Id > select 'All'



click the search result.

Verify details are correct 




verify charts are working on Production (staging will not work)


Verification Point 03

Manage > Settings > Tags > Automatically applied tags



03. 1 Verify automatic tags 
search by id > click search result



verify webstore id , app name, and cluster name are correct 



03. 2 Verify Settings >  Preferences >  Management zones
search by id > click search result drop down 



Verify details are correct 
 Name webstore id + app name 
 Description "Management Zone for " + webstore name






Verifications need to be done after,
  • installation of a Live webstore 
  • update domain
  • region change
  • Hosting Level change 
Verify if the Live site changes to Beta all App recorders should be removed. verify later 

Related Tickets

213438 Create Automatically Applied Tags in Dynatrace

verification can be done by line by line 

copy below Json row and put it on a formatter 

{"enabled":true,"valueFormat":null,"valueNormalization":"Leave text as-is","type":"ME","attributeRule":{"entityType":"SERVICE","conditions":[{"key":"SERVICE_TAGS","operator":"EQUALS","tag":"[Kubernetes]app:WebstoreId-appname"}],"serviceToHostPropagation":true,"serviceToPGPropagation":true}},





currently, test domains (sana srore.net azure.net etc.) are excluded from the the monitoring(due to cost) Once we are required to test, we need to ask from developer to remove the specific domains from the excluded list.  





following details could be changes 

Webstore name : PermanentStore-Amanda

1 scenario:
 Then Remove The Subdomain(mystore1) and keep Domain (sana-commerce.com)

Store 1   mystore1.sana-commerce.com  
Rule 
- domain contains  sana-commerce.com


 2 scenario
When have 2 custom domains with the same domain 
 (same domain doesn't want to monitor twice )




Store 1  mystore1.sana-commerce.com
              mystore2.sana-commerce.com 
Rule
 - domain contains  sana-commerce.com



 3 scenario 
Add another multi-store with the same domain 
The rules will be created separately for each one. ()




Store 1  mystore1.sana-commerce.com
              mystore2.sana-commerce.com 

Store 2  mystore50.sana-commerce.com

Rule 
- domain contains  mystore1.sana-commerce.com
- domain contains  mystore2.sana-commerce.com 
- domain contains  mystore50.sana-commerce.com


 4 scenario ( not sure )
Add another multi-store with a different domain 
The rules will be group by domain

Store 1  mystore1.sana-commerce.com
              mystore2.sana-commerce.com 

Store 2  mystore50.sana-test.com
             mystore51.sana-test.com

Rule 
- domain contains  sana-commerce.com 
- domain contains  sana-test.com


Dynatrace Delete 




































Sales Demo source

 

https://staging-platform.sana-commerce.com/Webstore/Index?webstoreId=60122

file:///D:/KT%20Recordings/Sales%20Demo%20source%20Related.webm


This Site fully create by Sales team, from Platform side we only install a Permeant Trial Shop.

Sana operate 3 regions :- US ,West Europe, Asia Pacifica

Create 3 new sites (replicate) form Main Site (Sales Demo Source) and assign it to sales Team on US ,West Europe, Asia Pacifica 

as Destination one ,Destination Two,Destination Three


After Create the Destination site create a manual backup (Backup1) 


ERP servers run Nederland 12.00AM.

This Sits are created for Sales Teams Demo ,Presentation purposely,

so after end of the day from Platform Portal ,we reset/restore the Destination Sites again back as fresh sites (restore to Backup1).

Then it will remove all the changes done by Sales team.


site should use latest Versions with (latest Changes )

with the latest update manual backup should be created by Core Team

sites will be Ring 0

only sales Demo Source site can have 2 manual backup 

use Database Flage as (isSalesDemoSource)



when this flag is available Db content and addon Packeages also Backup.




















App pool vm size

 https://portal.azure.com/#home >  Kubernetes services

select/search the correct cluster according to webstore.

search node pool






Change app pool size 






when increasing resource allocation 

configure STAGING-PROD-CLUSTER-WEU-01 ,verify 3 cron job

  1.  Go to azure > Kubernetes services 
  2. select PLATFORM-DEV-STAGING-CLUSTER-WEU-01
  3. open power shell on pc > az login > click connect > copy run commands



4 Copy 'kubelogin.exe' file and past to  D:\home\AKSDeployment\kube 
5 Add the Path to Environment variables 


4 reopen the lens  
5 go to URL from error  and past the CODE.




5 copy the error url








Self-Signed certificate update SSL

 

Attach the working certificate file 

PWas abc123

hostname: www.abcdefg.sana-commerce.com

no approval is available.




now user can upload 
selfsignedssl.cer
selfsignedssl.crt
xxxxxxxxx.pfx


Remove when db backup bacpac

 Remove when db backup 




  • webstoreLogs
  • nonwebstoreLogs
  • AuditLogs
  • sysdiagram

How to verify upgrade is sucessfull

1 all webstore version 



 1 By Restore point records are available

2 By webstore lifecycle remarks 

3 By log to the Sana side and verifying the image is changed 



4 By log lens side and verify  



all versions should same 

Subscribe to: Comments (Atom)