dataall icon indicating copy to clipboard operation
dataall copied to clipboard
verified publisher icon data-dot-all

[Gh 998] Maintenance window

Open TejasRGitHub opened this issue 1 year ago • 0 comments

Feature or Bugfix

  • Feature

Detail

  • GH issue with description - https://github.com/data-dot-all/dataall/issues/998

Instructions on using maintenance window

  1. Include yourself in the "DAAdministrators" group.
  2. Goto Admin Section
  3. Switch to Maintenance Tab
  4. You can put data.all in Read-only mode or No-access mode. Select either mode and click on "Start Maintenance" window button
  5. Once the status of the maintenance window is in ACTIVE state. You can be sure that the all ECS tasks have completed runnning and also the scheduled ECS tasks are turned OFF. ( Check this in AWS accounts for testing )
  6. If in Read-only mode, then a red banner will appear whenever any user visits data.all UI . In Read-Only mode, all mutation calls ( are blocked )
  7. If in No-Access mode, then after login a blank page displaying message about data.all maintenance window will appear. In No-Access mode, all graphQL calls are blocked ( Except getGroupForUser and getMaintenanceWindowStatus - which are required for the UI to load minimally).
  8. In order to disable maintenance window, goto the maintenance tab and click stop maintenance window.

Note- In all the mode, data.all admin user is allowed to perform any gql call and access and modify anything on the UI.

Relates

  • https://github.com/data-dot-all/dataall/issues/998

Security

Please answer the questions below briefly where applicable, or write N/A. Based on OWASP 10.

  • Does this PR introduce or modify any input fields or queries - this includes fetching data from storage outside the application (e.g. a database, an S3 bucket)? N/A
    • Is the input sanitized?
    • What precautions are you taking before deserializing the data you consume?
    • Is injection prevented by parametrizing queries?
    • Have you ensured no eval or similar functions are used?
  • Does this PR introduce any functionality or component that requires authorization? N/A
    • How have you ensured it respects the existing AuthN/AuthZ mechanisms?
    • Are you logging failed auth attempts?
  • Are you using or adding any cryptographic features? N/A
    • Do you use a standard proven implementations?
    • Are the used keys controlled by the customer? Where are they stored?
  • Are you introducing any new policies/roles/users? Yes
    • Have you used the least-privilege principle? How? Least Privelege

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

TejasRGitHub avatar Apr 30 '24 17:04 TejasRGitHub