Pat Ledgerwood

RMI is still in progress in parallel with DEV testing/investigation. Outstanding issues that still need to be determined for a detailed plan: - Blob vs ADLS storage accounts (or both...

RMI completed, reviewed and submitted... TBD if a separate ConOps for just Trino is needed, will create a new ticket if so.

Reopened to transfer RMI info into ConOps and SOS documents, which need to be submitted for IT security to start the RMI process. Heat ticket (#TBD) -> https://jirab.statcan.ca/browse/CSAA DAaaS Jira:...

It looks like auto-update is being disabled due to https://github.com/StatCan/daaas/issues/463, but this solution looks to be caused by the old version of vs code... with the version being updated we...

Required to complete https://github.com/StatCan/daaas/issues/894

So there is an existing network rule collection `aks-system-to-cae-storage-accounts` that is used for the other cae storeage accounts (i.e. `vdlprojectsprojets`). It is my understanding to do this the storage account...

Thanks @zachomedia I was not looking in the right place to find that! Do we have a network diagram somewhere to reference that shows all of these subnets and their...

Idea for future feature for authentication without paying for the integrated OIDC capability: https://robrankin.github.io/posts/kibaba-oauth-kubernetes/

Attempted to check if the injected ca.crt was the one that can be used to validate the token: ```python import jwt import base64 from cryptography.x509 import load_pem_x509_certificate # Get injected...

When checking the header you can see the kid value: `b'{"alg":"RS256","kid":"sWN5lb_wzeMiVAMuxo0hcho6cJ_7jNIfJalThkYY_hU"}'` This is a fingerprint of the signing key, which can be used to find the correct cert. You can...