Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/embed quicksight #233

Merged
merged 18 commits into from
Aug 13, 2024
Merged

Feature/embed quicksight #233

merged 18 commits into from
Aug 13, 2024

Conversation

michaeljcollinsuk
Copy link
Contributor

@michaeljcollinsuk michaeljcollinsuk commented Aug 13, 2024
edited
Loading

To allow testing in dev, this pull request adds a MVP implementation of the following:

  • Embed Quicksight with the users Identity Centre user
  • Display databases and tables in the analytical-platform-compute-development account in eu-west-2
  • A landing page to prompt users to login, tidied up homepage and login failure page
  • Update the auth process to prompt users to enter their email/password to Entra to authenticate
  • An initial implementation of an aws app with code to interact with AWS services. This has been written so that when running locally, an AWS role that has permission to interact with Quicksight and Glue (and other AWS services) is assumed by boto. This is because none of the AWS profiles we can use locally have permissions required to run the app.
  • When deployed, this will not be necessary, as we will use a service role with sufficient permissions. Therefore the DEFAULT_STS_ROLE_TO_ASSUME env var should only be set locally.

To run locally:

  • Make sure you have the latest .env file. Instructions have been added to the README about attaining this via 1password CLI.
  • Follow the instructions in the README to run locally. Running as a dev container in VS Code is recommended.
  • When the server is running, visit http:localhost:8000 in your browser.
  • When logging in use your @justice.gov.uk email address and password.
  • NOTE: Visiting the QuickSight may return an error if you are not part of the correct group to sync users to Identity Center

@michaeljcollinsuk michaeljcollinsuk force-pushed the feature/embed-quicksight branch 5 times, most recently from 1ad9ff0 to be47dd4 Compare August 13, 2024 15:09
@michaeljcollinsuk michaeljcollinsuk marked this pull request as ready for review August 13, 2024 15:27
@michaeljcollinsuk michaeljcollinsuk requested a review from a team as a code owner August 13, 2024 15:27
michaeljcollinsuk and others added 18 commits August 13, 2024 15:33
@michaeljcollinsuk
Initial changes to test exchanging entra token for aws token
9e9dc29
@jamesstottmoj @michaeljcollinsuk
Added commands to get local debugging working against apc dev. Added …
78841f9 
…JWT as dependency
@jamesstottmoj @michaeljcollinsuk
added quicksight embedding
8a76a53
@michaeljcollinsuk
Add initial database access app
b5172f5
@michaeljcollinsuk
Move quicksight template, use namespace url
accbf03
@michaeljcollinsuk
Use management account profile when running locally
226dc71
@michaeljcollinsuk
Initial aws service for Quicksight
4e3543a
@michaeljcollinsuk
Add code to ensure single boto3 session created
5b7296e
@michaeljcollinsuk
Add glueservice and more refactoring
94d26b9
@michaeljcollinsuk
Refactor base AWS service
264fc41
@michaeljcollinsuk
Fix tests and linting
a3b5339
@michaeljcollinsuk
Remove static analysis feature from devcontainer
a13fd2a 
Static analysis includes checkov, which installed a version of botocore
that conflicted with the version pinned in the requirements. It also
installed packages as the root user, which meant when trying to upgrade
botocore, a permission error was raised as the vscode user that runs the
dev container does not have permission to remove packages installed as
root. We dont need to run checkov locally so removing, which resolves
the issue.
@michaeljcollinsuk
Add instructions to retreive .env file
d97b2f5
@michaeljcollinsuk
Attempt to appease superlinter
907a63c
@michaeljcollinsuk
Update the home and login failure pages
8e53c73
@michaeljcollinsuk
Tidy up the frontend
c491add 
Display welcome message, login button, fix styling on the login fail
page.
@michaeljcollinsuk
Prompt user to login when authenticating
cc93f56
@michaeljcollinsuk
Update default behaviour when retreiving STS creds
2e10139 
We only want to default to using STS to retrieve AWS credentials when
not using a service role that already has permission to call services.
These changes attempt to make that more explicit. For now, we should
only default to using STS when running locally.
@michaeljcollinsuk michaeljcollinsuk force-pushed the feature/embed-quicksight branch from be47dd4 to 2e10139 Compare August 13, 2024 15:33
julialawrence
julialawrence approved these changes Aug 13, 2024
View reviewed changes
Copy link

@julialawrence julialawrence left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved on trust

@michaeljcollinsuk michaeljcollinsuk linked an issue Aug 13, 2024 that may be closed by this pull request
📖 Embed Quicksight within the AP UI ministryofjustice/analytical-platform#4658
Closed
4 tasks
@michaeljcollinsuk michaeljcollinsuk mentioned this pull request Aug 13, 2024
Closed
4 tasks
@michaeljcollinsuk michaeljcollinsuk merged commit 3abe4e6 into main Aug 13, 2024
27 checks passed
@michaeljcollinsuk michaeljcollinsuk deleted the feature/embed-quicksight branch August 13, 2024 15:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@julialawrence julialawrence julialawrence approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

📖 Embed Quicksight within the AP UI
3 participants
@michaeljcollinsuk @julialawrence @jamesstottmoj