Page tree
Skip to end of metadata
Go to start of metadata

Date

Attendees

Agenda:


  • Advertise 1.18.0 release
  • Re-write as we migrate
  • Annual Report
  • Helm Charts

Discussion items:

There are PR's out that need to be reviewed.

Updated Change Log

Add Change Logs to Extractor Catalogs



WhoNotes
Luigi

I created a course at katacoda to help with learning how to run clowder in docker and kubernetes. https://katacoda.com/clowder/. We will try to expand these courses to show more complex configurations, and other courses.

Luigi is out next week

Max
  • difference between labels and categories? using "USER:1234" as a category and implementing security checks based on that for workbench.
  • Also a new category I've tentatively called "SPACES" that says it can be enabled by superadmin and space admin per-space, but never globally.
  • What should happen if extractor is run with USER:1234, then later we get extractor info without that? Should 1234 still have the power to veto this change since they "own" it? An admin key should also be acceptable?
  • Conclusion: keep the category, but track the user in a different place.  Let's have a brainstorming session: list of entities that have permissions to check.  Category for extractor - only certain people can run the extractor.  It's nice to use extractor information when you start up, but it becomes annoying as you keep using it.  You won't want to start a new extractor for each instance. If we can start using discussions on  github would be a good place to hash this out.  Discussions on the wiki could be closed.
  • Is it worth looking into not using ID's?  Keycloak allows email users rather than User ID.  If the extractor sends out an empty restrictor and we start adding restrictions.  How we store the User ID?  Restrict it to the number of users.  Carry over the permissions and remove those that no longer have permissions, if they depart or move, etc.
  • Max will write something up and the group can look at it and give feedback which will have history.
  • Clowder will provide you with a Q name.  We can have multiple extractors for single users, but we want to save the information.  Max thinks we should delete some old information not to clog up the system.


Mike L.

Mike's screen under clowder-framework/clowder - Ratelimiting Options #256. Using GitHub to replace the wiki.  Please give Mike feedback on this. https://github.com/clowder-framework/clowder/discussions/256.  It has many features that will keep a history of the discussion.  Since Clowder is a scalable platform, we have so many people hitting one instance it can come to a stand-still.  It makes sense to configure limits to prohibit the slowdown.  https://nginx.com/blog/rate-limiting-nginx/

  • There is a plug in called Play2Guard also creates rate limits
  • Also looked at Route53 Ratelimiting, but this does not seem to be configurable, so may not be the best choice.
  • Error handling options: Rate limit for Clowder should be 429.  429 should answer the question of whether the user was rate limited or denied access by the firewall, which code should be 403.
  • Can we whitelist certain users and give different rate limits to different users.
  • Syngenta has some constricting issues due to security.  This code will need to re-written to ignore the Route53 safeguards if we are using Nginx.
  • We can write code that replaces SIMPL with a different name for the user, then change it back when you leave.
Todd

Nothing to add

Bing

absent

Mark Fabsent
Mike B.

Nothing to add

Rob

pyclowder 2.4.1 is released to pypi:
https://github.com/clowder-framework/pyclowder/releases/tag/2.4.1Added

  • Add --max_retry CLI flag and CLOWDER_MAX_RETRY environment variable.


Changed

  • updated all of the requirements to latest versions
  • updated github actions to automatically create releases
  • use thread.daemon = True to fix python 3.10
Michael J

Nothing to add

Sandeepabsent
Chen

Chen shared her screen re: Clowder Prototype for frontend. Pulled endoints of metadata, and extracted metadata. Copied all previewers and which created a url for the previewers.  Rob says hit "/assets" should make it public

Running into a challenge with image class "rubberbandimage".  If this is too cumbersome, you can re-write with ReACT.  Use web components, but need to research this further.

Katienothing to add
Lisa

I will be OOO next Friday.  Katie will take notes.

Action Items/To Dos: