Development

Generate SSL/TLS certificates from .PFX file In altinn studio we are using nginx as a proxy for internal routing. After issues with creating SSL/TLS certificates for nginx we we have written a guide for future developers to follow when creating SSL/TLS certificate secrets in kubernetes and mounting them to the nginx pods. Download .pfx file At the moment of writing this guide, we store our *.altinn.studio certificate in azure keyvault and you will need access to download it from that vault. »

Quality checklist Build pipelines Release pipelines Quality Checklist all sensitive information is marked as secret. Read more about setting variables as secret here. verify that no sensitive information is available in the exported API JSON definition (https://dev.azure.com/brreg/d0be3bbb-9145-4490-8d76-fd8024277467/_apis/pipelines/{definitionId}) make sure that no secrets are shared with forks of github repos if you are using a github integrated pipeline. Read more about that here. if it exists a built in task for the job the pipeline should do, this should be prefered over writing your own scripts. »

Window.postMessage() is introduced to handle communication between components that has no connection other then the need to communicate/trigger events. Eg. its used to communicate with the syncBar to get it to perform a new status check. To read more see: Window.postMessage Usage Dispatching a message event is done the following way: // variables should be used for messages var SAVED_EVENT = 'SAVED' window.postMessage(SAVED_EVENT, window.location.href); Catching the event is done by adding an event listener to the component one needs to communicate with: »

NOTE: Work in progress. Install PostgreSQL and pgAdmin4 Follow the instructions on https://www.postgresql.org/download/ Set up database Open pgAdmin 4. We will be working on the PostgreSQL 13 server. Right click on Databases and select Create. Create new database Fill inn database name eventsdb and click Save. Configure new database You should now be able to see a new database in the list. If you don’t - right click the server and select REFRESH. »

Postman To test API endpoints the tool postman enables easy configuration and setup of various HTTP requests, read more about postman here. Authentication Several of the exposed APIs requires various cookies, for instance authentication and gitea information. To be able to do requests against these APIs the cookies have to be included in the HTTP request, and configured in postman. The cookies can be found in the following way: In your browser login to dev. »

This page is work-in-progress. This is a proposed api which most likely is going to change. REST REST is an architectural style for designing loosely coupled applications over HTTP which was coined by Rob Fielding in 2000. We will define services according to REST. REST APIs should start with /api so that we with ease can differentiate between an rest api call and a ux-application call. REST APIs should start with a short word to indicate the logical domain or group of apis. »

Routing Nginx routingInformation about routing with nginx Traefik routing »

Update json property Generic need: update json property (not top level) Example case: undelete soft deleted instance by updating the IsSoftDeleted boolean property update storage.instances set instance = jsonb_set(instance, '{Status, IsSoftDeleted}', 'false') where org = 'serviceowner' and instance -> 'InstanceOwner' ->> 'PersonNumber' in ('ssn1', 'ssn2') Delete json property Generic need: delete json field (not top level) Example case: undelete soft deleted instance by removing the SoftDeleted timestamp property update storage.instances set instance = instance::jsonb #- '{Status, SoftDeleted}' where org = 'serviceowner' and instance -> 'InstanceOwner' ->> 'PersonNumber' in ('ssn1', 'ssn2') »

Having a Secure DevOps process requires that security is built into the applications, the process, the infrastructure, and the configuration, and more. Secure DevOps phases (clickable) Below you find information on what kind of tools, patterns, and processes we follow to make sure we think about application and infrastructure security for all phases. Planning phase During the planning phase, the requirements for features are gathered. Already in this phase, we identify changes that need special security considerations. »

Summary Styling in React is done per component using a combination of Material-UI and compatible JSS. Components shall not be styled with CSS classes in .CSS files. Different component types should use different styling methods, or a combination. Proposed order of styling methods The following order is proposed when considering styling methods: Styled Components (Accepts props, logic, theming) Material-UI’s JSS (Accepts theming) Inline Styling, the React way (Accepts props, logic, theming. »