SlideShare a Scribd company logo

Wellington MuleSoft Meetup 2021-02-18

Download as PPTX, PDF
M
Mary Joy Sabal

Shaun Allen presented on security best practices for Azure DevOps pipelines. He discussed: 1) Using external property files to securely manage secrets and configurations. The files are tokenised and secrets are encrypted. 2) Implementing continuous integration to build and test applications using the external files. This finds errors before deployment. 3) Setting up continuous deployment conditions to trigger deployments based on branch names, with additional controls over which users can deploy to certain environments. 4) Demonstrated how to securely manage secrets using Azure Key Vault and the secure configuration encryption tool.

Technology
1 of 34
Attendee Introductions ● Name ● Company & role ● What do you want to get out of this session? ● Topics you want to discuss at upcoming events. 1 Please introduce yourself in the chat 
[18th of February 2021] [Wellington] MuleSoft Meetup Group Security Best Practices for Azure DevOps Pipeline
Reminders. . . ● Session will be recorded. Please use the online chat to ask questions. ● Trivia game after the presentation. Winners will get class voucher or certification exam voucher of their choice! ● Fill out the post-event survey to share your feedback with us, and for a chance to win $50 Amazon.com gift card. ● Group picture at the end of the session  3
4 Organizers
5 Speaker Shaun Allen Integration Developer Trustpower
Security Best Practices for Azure DevOps Pipeline Shaun Allen, Integration Developer - Trustpower
Introduction • Based in Tauranga, New Zealand • Over 3 years of IT experience • MuleSoft Certified Developer – Mule 4 • Areas of Expertise: - Pipelines (CI/CD) - Automation - Scripting - Full Stack Fun fact: Muay Thai enthusiast 7
Agenda • Technical Challenges / Business Objectives • DevSecOps • Continuous Integration (CI) • Continuous Delivery (CD) • Pipeline Security • Demo • Pipeline improvements • Key takeaways 8
Business Objectives Technical Challenges in Securing the Pipeline • Externalise property or YAML files – on a separate repository. • Developers create a pull request for every change. • Dynamic mule key injection per environment. • Gives flexibility to update mule key per application. • Secret Management using Azure Key Vault. • Secrets to be updated when the mule key changes • Potential for different mule key per application • DevOps permissions for Service Connections. 9
DevSecOps • A management approach that combines application development, security, operations and infrastructure as a code (IaaS) in an automated, continuous delivery cycle. • Applying security at every stage of the software development process enables continuous integration, reducing the cost of compliance and delivering software more rapidly. Benefits of DevSecOps • Improved quality and security of software. • Faster software delivery. • Enhanced communication and collaboration between teams. • Earlier identification and correction of vulnerabilities in code. • More opportunities for automated builds and quality assurance testing. Resource: https://searchitoperations.techtarget.com/definition/DevSecOps 10
Setup a new application This pipeline will handle the scaffolding of setting up a new project. • Create a new folder under applications • Create key vaults (generic Trustpower ARM template) • Setup access policy for key vaults (ARM template parameters file) • Tokenise key vault names into files • Create application build and deploy pipeline • Setup permissions for the new pipeline How is this pipeline triggered? 11 Pipeline on-boarding
Service Hooks with Logic Apps We use Azure DevOps service hooks for triggering Azure logic apps to do some work. • We have one centralized logic app that all service hooks are sent to • We then use a simple switch case statement for extracting the type of event i.e git push, PR completed etc • Using the above event types, send request to next logic app • Inspect project level info i.e does the project name begin with mulesoft- • Exclude any projects such as the mulesoft-pipelines project • Trigger pipeline to setup a new application • Will only add the file if the modified branch starts with feature 12 Automation on-boarding
Continuous Integration (CI) Build application using centralised property file based on environment variables • File must be placed in the same path as existing properties file (file="properties/${mule.env}- properties.yaml") • Find errors before a deploy (save on time and roll back)(Only works with Munit) • Using a powershell task for build, maven task was outputting the mule key to the console 13
POM Configuration Validation Why do we validate config? • Make sure all apps are following our standards What we validate • Group Id (must be equal to com.trustpower) • Artifact Id (must match repo name) • Packaging (must be equal to mule-application) • Description (simple not null check) • Does the app have Munit plugin? • Required application coverage (must be equal to 75%) • Fail build (must be equal to true) • Run coverage (must be equal to true) • Munit format (must be equal to console) 14 Continuous Integration (CI)
MUnit Used for validating flow output. Pros: • Can find errors with an application before a deploy i.e if a property doesn’t exist the app will still build successfully but only fail when trying to run. • Make sure updates to the application still produce the required result. • Integrate testing into the CI/CD pipeline. Cons: • Takes extra time for the pipeline to run. • Extra overhead to setup (although easier with recorder). 15 Continuous Integration (CI)
Deploy application based on branch name Pipeline triggers allow for a full CI/CD pipeline, we just need a way of knowing what environment we want to deploy into • Trigger build for all target branches • Note: Not all branches listed in the triggers section can deploy without specific permissions i.e group membership or using the auto deploy variable. 16 Continuous Deployment (CD)
Deploy application based on branch name Needed a way to deploy to environments in a CI/CD fashion Pipeline conditions • feature/* deploys to development • develop deploys to qa • release* deploys to preprod • master deploys to production 17 Continuous Delivery (CD)
Deploy application using Anypoint CLI How do we deploy to cloudhub? • Using the Anypoint CLI Commands used by anypoint CLI: • runtime-mgr cloudhub-application list • runtime-mgr cloudhub-application start • runtime-mgr cloudhub-application deploy/modify • api-mgr api edit List of commands: https://docs.mulesoft.com/runtime-manager/anypoint-platform-cli 18 Continuous Delivery (CD)
Auto deploy and group membership Pipeline has two ways of deploying into environments. 1. Application settings file has an auto deploy flag • For dev and qa 2. User who triggered the pipeline is a member of the mulesoft-pipelines “Release Administrators” group • Restrict who can deploy to cloudhub (must be manually triggered) • If triggered from a PR into master, the user comes through as a Microsoft service account • Users in this group should be aware that anytime they trigger a pipeline run it will deploy 19 Continuous Delivery (CD) / Pipeline Security
Pipeline Security Property Files Management We wanted a way to externalise properties for cloudhub environments from the project repository. • Easier for code reviewers to keep an eye on production configurations (no secrets in plain text etc) • Centralised management (all application property files stored in one place) We wanted a way to specify environment defaults for cloudhub deploys • Use an application settings file (JSON format) to control deploy properties 20
Property Files Management - One Policy to rule them all One single repository means we can have one policy setup on the master branch to control all pull requests (code reviews) • Use one Azure DevOps group who can approve the PR’s. • Use One file exclude pattern so developers can make quick changes to dev and qa for application specific properties. • Still need to create a new branch for updates, but the PR can be completed with no approvals needed 21 Pipeline Security
Secure Credentials and settings.xml files Credentials file is what we use to authenticate to the anypoint platform before using the anypoint CLI commands. • We use one single profile (default) • This is so we don’t need to continuously set the env for each powershell task We use a connected application for authentication (we were using a native account) • Easy to restrict or revoke access • Control access to data using scopes 22 Pipeline Security
Secure Credentials and settings.xml files Our settings.xml file is how we authorize our pipeline to download dependencies for our applications. • Azure DevOps artifact feed (common dependency for all apps) • Trustpower exchange assets • Anypoint exchange v2 • Enterprise artifacts (nexus) Settings file cannot use connected app directly, we must generate an access token using the connected app details. Dependencies using the access token are: • Trustpower exchange assets • Anypoint exchange v2 Azure DevOps is using a PAT token. Enterprise artifacts (nexus) is using a native login (username and password). We don’t have access to change this setup. 23 Pipeline Security
Secret Management with Azure Key Vault Automation will setup the scaffolding of a new project. • Creating the key vault • Setup the access policy for the service principal (service connection identity) on the key vault • Key vault name is automatically added to the application settings file with tokenisation Secrets must be manually setup • Updates are also manual i.e. if a password or security token changes we would need to manually update the key vault secret Applications use secure properties, so if any changes are made to key vault secrets this means we would have to do a re-deploy to see the update. • Could use Azure service principals and have the applications pull secrets directly from key vault • Each app would need it’s own identity for each environment (or at least sandbox & production) • Key vault cost associated with each secret transaction 24 Pipeline Security
Secret Management with Azure Key Vault Using a pre-defined Azure DevOps pipeline kay vault task (where possible) to pull through secrets. • Easy to use • Specify the service connection to use and what secrets we want to be pulled through • Secrets can then be accessed like pipeline variables $(MuleKey) • Also use the Az.KeyVault powershell module to access secrets if we need to do logical statements • i.e if we need to overwrite the global mule key for our environment with an application specific one 25 Pipeline Security
DevOps permissions for Service Connections Service connection identity in Azure must be granted permissions on the key vault we are wanting to access. The newly created pipeline needs permissions to be able to use the service connections • The ‘setup new application’ pipeline will allow the new app pipeline to access the service connections as a user • For the above to work, the service connections must exist before the pipeline runs • No CI/CD otherwise, pipeline will hang waiting on permissions • Just created a new api we can integrate with this pipeline to ensure service connections exist (Work In Progress) 26 Pipeline Security
Secure config encryption tool When the pipeline pulls secrets from our application key vault, we need a way to encrypt them. This is where the mulesoft secure config encryption tool comes in • https://docs.mulesoft.com/mule-runtime/4.3/secure-configuration-properties#secure_props_tool • We need to supply the following arguments • File or string • Algorithm • Mode • Mule key • Secret to be encrypted Once we have encrypted pipeline secrets setup, we can tokenise the {env}-properties.yaml file and add this to the src/main/resources/properties folder 27 Pipeline Security
Secure Configuration properties Extract mule key from environment or application key vault • Mule key length has to abide by the algorithm settings i.e AES algorithm has an exact key length of 16 • This is where you may need different mule keys for applications if migrating to a different algorithm • Environment mule key vs application mule key Extract algorithm and mode from the application global-configs.xml file • Or use the default set in the application.settings file • If using default of values, there is no properties being setup in the global-configs.xml, hence the need for defaults in app settings file 28 Pipeline Security
SLA Tiers We use an automated policy to enforce the need for SLA tiers across all environments. As part of our application pipeline, when the deploy stage happens, we deploy Trustpower default SLA tiers that are setup in the default.settings file. We can modify or add to these SLA tiers using the application.settings file for each application in each environment. When a user is requesting access to an application this is where they will be able to select their required SLA tier. • Auto approved for dev and qa • Manual approval needed for production 29 Pipeline Security
30
Pipeline improvements • Use a step template for generating the mule key • Remove inline scripting • Some PowerShell tasks need to be smaller and more understandable/readable • Look through devops improvements (can we use stage dependencies for stage conditions yet?) • Integration Postman agent (newman) • Automate setting up API Manager • Only trigger one build at any time • Use of approval gates (Environment) 31
Key takeaways What have we learnt (hopefully): • How to externally manage property files • Use policy to exclude files/folders from PR review for faster development • How to use key vault for secrets and use within pipelines (service connection for access) • How to use secure config tool with above for setting up encrypted secrets • How to tokenise a property file to inject secrets from above • Build an application using the external properties file • Munit is good for integrating testing into the CI/CD pipeline, but is also handy for exposing errors before a deploy if the properties file doesn’t match what the application is expecting • Deploy application using pipeline conditions and flags • Deploy SLA tiers 32
Call for Speakers! ● Incentive for speakers:  Complimentary training class voucher or certification exam voucher of their choice. ● Please contact organizers for more information! 33
Thank you!

Recommended

How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
CI CD Daridabad MuleSoft meetup
CI CD Daridabad MuleSoft meetupCI CD Daridabad MuleSoft meetup
CI CD Daridabad MuleSoft meetup
Amit Singh
 
Custom MuleSoft connector using Java SDK
Custom MuleSoft connector using Java SDKCustom MuleSoft connector using Java SDK
Custom MuleSoft connector using Java SDK
Amit Singh
 
Mule meetup 25thjan
Mule meetup 25thjanMule meetup 25thjan
Mule meetup 25thjan
pruthviraj krishnam
 
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Mulesoft with ELK (Elastic Search, Log stash, Kibana)Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Gaurav Sethi
 
Mule soft Meetup #3
Mule soft Meetup #3 Mule soft Meetup #3
Mule soft Meetup #3
Gaurav Sethi
 
Ahmadabad mule soft_meetup_6march2021_azure_CICD
Ahmadabad mule soft_meetup_6march2021_azure_CICDAhmadabad mule soft_meetup_6march2021_azure_CICD
Ahmadabad mule soft_meetup_6march2021_azure_CICD
Shekh Muenuddeen
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkins
pqrs1234
 

Recommended

How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?
Mary Joy Sabal
 
CI CD Daridabad MuleSoft meetup
CI CD Daridabad MuleSoft meetupCI CD Daridabad MuleSoft meetup
CI CD Daridabad MuleSoft meetup
Amit Singh
 
Custom MuleSoft connector using Java SDK
Custom MuleSoft connector using Java SDKCustom MuleSoft connector using Java SDK
Custom MuleSoft connector using Java SDK
Amit Singh
 
Mule meetup 25thjan
Mule meetup 25thjanMule meetup 25thjan
Mule meetup 25thjan
pruthviraj krishnam
 
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Mulesoft with ELK (Elastic Search, Log stash, Kibana)Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Mulesoft with ELK (Elastic Search, Log stash, Kibana)
Gaurav Sethi
 
Mule soft Meetup #3
Mule soft Meetup #3 Mule soft Meetup #3
Mule soft Meetup #3
Gaurav Sethi
 
Ahmadabad mule soft_meetup_6march2021_azure_CICD
Ahmadabad mule soft_meetup_6march2021_azure_CICDAhmadabad mule soft_meetup_6march2021_azure_CICD
Ahmadabad mule soft_meetup_6march2021_azure_CICD
Shekh Muenuddeen
 
Nagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using JenkinsNagpur Mulesoft Meetup on CICD using Jenkins
Nagpur Mulesoft Meetup on CICD using Jenkins
pqrs1234
 
Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021
Gaurav Sethi
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
Gonzalo Marcos Ansoain
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets
JohnMathewPhilip
 
Baltimore july2021 final
Baltimore july2021 finalBaltimore july2021 final
Baltimore july2021 final
ManjuKumara GH
 
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsMeetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Renato de Oliveira
 
MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021
Suresh Rathore
 
Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4
Tejas Purohit
 
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
NaimishKakkad2
 
Mulesoft KL Meetup 2
Mulesoft KL Meetup 2Mulesoft KL Meetup 2
Mulesoft KL Meetup 2
NitushreeJena
 
Warsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDWarsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CD
Patryk Bandurski
 
Build your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generatorBuild your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generator
Mohith Shrivastava
 
MuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_CharlotteMuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_Charlotte
Subhash Patel
 
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBMuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
Jitendra Bafna
 
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
WSO2
 
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopmentAhmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Shekh Muenuddeen
 
Riyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code reviewRiyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code review
satyasekhar123
 
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5) ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
WinWire Technologies Inc
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
VMware Tanzu
 
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime FabricSurat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Jitendra Bafna
 
Play 2 Java Framework with TDD
Play 2 Java Framework with TDDPlay 2 Java Framework with TDD
Play 2 Java Framework with TDD
Basav Nagur
 
Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services
 

More Related Content

What's hot

Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021
Gaurav Sethi
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
Gonzalo Marcos Ansoain
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets
JohnMathewPhilip
 
Baltimore july2021 final
Baltimore july2021 finalBaltimore july2021 final
Baltimore july2021 final
ManjuKumara GH
 
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsMeetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Renato de Oliveira
 
MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021
Suresh Rathore
 
Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4
Tejas Purohit
 
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
NaimishKakkad2
 
Mulesoft KL Meetup 2
Mulesoft KL Meetup 2Mulesoft KL Meetup 2
Mulesoft KL Meetup 2
NitushreeJena
 
Warsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDWarsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CD
Patryk Bandurski
 
Build your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generatorBuild your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generator
Mohith Shrivastava
 
MuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_CharlotteMuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_Charlotte
Subhash Patel
 
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBMuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
Jitendra Bafna
 
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
WSO2
 
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopmentAhmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Shekh Muenuddeen
 
Riyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code reviewRiyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code review
satyasekhar123
 
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5) ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
WinWire Technologies Inc
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
VMware Tanzu
 
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime FabricSurat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Jitendra Bafna
 
Play 2 Java Framework with TDD
Play 2 Java Framework with TDDPlay 2 Java Framework with TDD
Play 2 Java Framework with TDD
Basav Nagur
 

What's hot (20)

Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021Mulesoft Meetup Bangalore - 6th March 2021
Mulesoft Meetup Bangalore - 6th March 2021
 
Meetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpcMeetup milano #3 all you need to know before creating your vpc
Meetup milano #3 all you need to know before creating your vpc
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets
 
Baltimore july2021 final
Baltimore july2021 finalBaltimore july2021 final
Baltimore july2021 final
 
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOpsMeetup - Automate your project lifecycle using MuleSoft and Azure DevOps
Meetup - Automate your project lifecycle using MuleSoft and Azure DevOps
 
MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021MuleSoft_Meetup_#6_Chandigarh_April_2021
MuleSoft_Meetup_#6_Chandigarh_April_2021
 
Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4Ahmedabad MuleSoft Meetup #4
Ahmedabad MuleSoft Meetup #4
 
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
Nagpur MuleSoft Meetup Group - Working with API Groups in Mulesoft
 
Mulesoft KL Meetup 2
Mulesoft KL Meetup 2Mulesoft KL Meetup 2
Mulesoft KL Meetup 2
 
Warsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CDWarsaw MuleSoft Meetup #6 - CI/CD
Warsaw MuleSoft Meetup #6 - CI/CD
 
Build your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generatorBuild your own dev tools with salesforce cli plugin generator
Build your own dev tools with salesforce cli plugin generator
 
MuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_CharlotteMuleSoft Meetup Virtual_ 2_Charlotte
MuleSoft Meetup Virtual_ 2_Charlotte
 
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLBMuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
MuleSoft Surat Live Demonstration Virtual Meetup#1 - Anypoint VPC VPN and DLB
 
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
CSV and JSON Transformation in WSO2 Micro Integrator 4.0 - WSO2 APIM Communit...
 
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopmentAhmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
Ahmadabad mule soft_meetup_20_february_2021_muleconnectordevelopment
 
Riyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code reviewRiyadh Meetup4- Sonarqube for Mule 4 Code review
Riyadh Meetup4- Sonarqube for Mule 4 Code review
 
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5) ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
ASP.NET Core 1.0: Understanding ASP.NET Core 1.0 (ASP.NET 5)
 
Resilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIsResilient and Adaptable Systems with Cloud Native APIs
Resilient and Adaptable Systems with Cloud Native APIs
 
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime FabricSurat MuleSoft Meetup#2 - Anypoint Runtime Fabric
Surat MuleSoft Meetup#2 - Anypoint Runtime Fabric
 
Play 2 Java Framework with TDD
Play 2 Java Framework with TDDPlay 2 Java Framework with TDD
Play 2 Java Framework with TDD
 

Similar to Wellington MuleSoft Meetup 2021-02-18

Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
Eklove Mohan
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
Amazon Web Services
 
Zure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training dayZure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training day
Okko Oulasvirta
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
Amazon Web Services
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
Amazon Web Services
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Amazon Web Services
 
Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36
MysoreMuleSoftMeetup
 
Devops
DevopsDevops
Devops
JyothirmaiG4
 
API Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic DeploymentAPI Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic Deployment
Axway
 
Transforming Software Development
Transforming Software DevelopmentTransforming Software Development
Transforming Software Development
Amazon Web Services
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
Synergetics Learning and Cloud Consulting
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
XPDays
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
Nilesh Gule
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
Azure Riyadh User Group
 
Continuous Integration with Amazon ECS and Docker
Continuous Integration with Amazon ECS and DockerContinuous Integration with Amazon ECS and Docker
Continuous Integration with Amazon ECS and Docker
Amazon Web Services
 
Azure DevOps Tasks.pptx
Azure DevOps Tasks.pptx Azure DevOps Tasks.pptx
Azure DevOps Tasks.pptx
PrasanthOneness
 
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
 
AWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment ComplexityAWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment Complexity
Amazon Web Services
 
Continuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchainContinuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchain
Serena Software
 

Similar to Wellington MuleSoft Meetup 2021-02-18 (20)

Getting to Walk with DevOps
Getting to Walk with DevOpsGetting to Walk with DevOps
Getting to Walk with DevOps
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
 
Zure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training dayZure Azure PaaS Zero to Hero - DevOps training day
Zure Azure PaaS Zero to Hero - DevOps training day
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud Scale
 
Continuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWSContinuous Integration and Deployment Best Practices on AWS
Continuous Integration and Deployment Best Practices on AWS
 
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
Integrating Security into DevOps and CI / CD Environments - Pop-up Loft TLV 2017
 
Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36Azure DevOps Pipeline setup for Mule APIs #36
Azure DevOps Pipeline setup for Mule APIs #36
 
Devops
DevopsDevops
Devops
 
API Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic DeploymentAPI Tips & Tricks - Policy Management and Elastic Deployment
API Tips & Tricks - Policy Management and Elastic Deployment
 
Transforming Software Development
Transforming Software DevelopmentTransforming Software Development
Transforming Software Development
 
Past, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps InfrastructurePast, Present and Future of DevOps Infrastructure
Past, Present and Future of DevOps Infrastructure
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
15-factor-apps.pdf
15-factor-apps.pdf15-factor-apps.pdf
15-factor-apps.pdf
 
Power of Azure Devops
Power of Azure DevopsPower of Azure Devops
Power of Azure Devops
 
Continuous Integration with Amazon ECS and Docker
Continuous Integration with Amazon ECS and DockerContinuous Integration with Amazon ECS and Docker
Continuous Integration with Amazon ECS and Docker
 
Azure DevOps Tasks.pptx
Azure DevOps Tasks.pptx Azure DevOps Tasks.pptx
Azure DevOps Tasks.pptx
 
Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017Configuration Management in the Cloud | AWS Public Sector Summit 2017
Configuration Management in the Cloud | AWS Public Sector Summit 2017
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
AWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment ComplexityAWS CodeDeploy: Manage Deployment Complexity
AWS CodeDeploy: Manage Deployment Complexity
 
Continuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchainContinuous Delivery series: How to automate your infrastructure toolchain
Continuous Delivery series: How to automate your infrastructure toolchain
 

Recently uploaded

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 

Recently uploaded (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 

Wellington MuleSoft Meetup 2021-02-18

  • 1. Attendee Introductions ● Name ● Company & role ● What do you want to get out of this session? ● Topics you want to discuss at upcoming events. 1 Please introduce yourself in the chat 
  • 2. [18th of February 2021] [Wellington] MuleSoft Meetup Group Security Best Practices for Azure DevOps Pipeline
  • 3. Reminders. . . ● Session will be recorded. Please use the online chat to ask questions. ● Trivia game after the presentation. Winners will get class voucher or certification exam voucher of their choice! ● Fill out the post-event survey to share your feedback with us, and for a chance to win $50 Amazon.com gift card. ● Group picture at the end of the session  3
  • 6. Security Best Practices for Azure DevOps Pipeline Shaun Allen, Integration Developer - Trustpower
  • 7. Introduction • Based in Tauranga, New Zealand • Over 3 years of IT experience • MuleSoft Certified Developer – Mule 4 • Areas of Expertise: - Pipelines (CI/CD) - Automation - Scripting - Full Stack Fun fact: Muay Thai enthusiast 7
  • 8. Agenda • Technical Challenges / Business Objectives • DevSecOps • Continuous Integration (CI) • Continuous Delivery (CD) • Pipeline Security • Demo • Pipeline improvements • Key takeaways 8
  • 9. Business Objectives Technical Challenges in Securing the Pipeline • Externalise property or YAML files – on a separate repository. • Developers create a pull request for every change. • Dynamic mule key injection per environment. • Gives flexibility to update mule key per application. • Secret Management using Azure Key Vault. • Secrets to be updated when the mule key changes • Potential for different mule key per application • DevOps permissions for Service Connections. 9
  • 10. DevSecOps • A management approach that combines application development, security, operations and infrastructure as a code (IaaS) in an automated, continuous delivery cycle. • Applying security at every stage of the software development process enables continuous integration, reducing the cost of compliance and delivering software more rapidly. Benefits of DevSecOps • Improved quality and security of software. • Faster software delivery. • Enhanced communication and collaboration between teams. • Earlier identification and correction of vulnerabilities in code. • More opportunities for automated builds and quality assurance testing. Resource: https://searchitoperations.techtarget.com/definition/DevSecOps 10
  • 11. Setup a new application This pipeline will handle the scaffolding of setting up a new project. • Create a new folder under applications • Create key vaults (generic Trustpower ARM template) • Setup access policy for key vaults (ARM template parameters file) • Tokenise key vault names into files • Create application build and deploy pipeline • Setup permissions for the new pipeline How is this pipeline triggered? 11 Pipeline on-boarding
  • 12. Service Hooks with Logic Apps We use Azure DevOps service hooks for triggering Azure logic apps to do some work. • We have one centralized logic app that all service hooks are sent to • We then use a simple switch case statement for extracting the type of event i.e git push, PR completed etc • Using the above event types, send request to next logic app • Inspect project level info i.e does the project name begin with mulesoft- • Exclude any projects such as the mulesoft-pipelines project • Trigger pipeline to setup a new application • Will only add the file if the modified branch starts with feature 12 Automation on-boarding
  • 13. Continuous Integration (CI) Build application using centralised property file based on environment variables • File must be placed in the same path as existing properties file (file="properties/${mule.env}- properties.yaml") • Find errors before a deploy (save on time and roll back)(Only works with Munit) • Using a powershell task for build, maven task was outputting the mule key to the console 13
  • 14. POM Configuration Validation Why do we validate config? • Make sure all apps are following our standards What we validate • Group Id (must be equal to com.trustpower) • Artifact Id (must match repo name) • Packaging (must be equal to mule-application) • Description (simple not null check) • Does the app have Munit plugin? • Required application coverage (must be equal to 75%) • Fail build (must be equal to true) • Run coverage (must be equal to true) • Munit format (must be equal to console) 14 Continuous Integration (CI)
  • 15. MUnit Used for validating flow output. Pros: • Can find errors with an application before a deploy i.e if a property doesn’t exist the app will still build successfully but only fail when trying to run. • Make sure updates to the application still produce the required result. • Integrate testing into the CI/CD pipeline. Cons: • Takes extra time for the pipeline to run. • Extra overhead to setup (although easier with recorder). 15 Continuous Integration (CI)
  • 16. Deploy application based on branch name Pipeline triggers allow for a full CI/CD pipeline, we just need a way of knowing what environment we want to deploy into • Trigger build for all target branches • Note: Not all branches listed in the triggers section can deploy without specific permissions i.e group membership or using the auto deploy variable. 16 Continuous Deployment (CD)
  • 17. Deploy application based on branch name Needed a way to deploy to environments in a CI/CD fashion Pipeline conditions • feature/* deploys to development • develop deploys to qa • release* deploys to preprod • master deploys to production 17 Continuous Delivery (CD)
  • 18. Deploy application using Anypoint CLI How do we deploy to cloudhub? • Using the Anypoint CLI Commands used by anypoint CLI: • runtime-mgr cloudhub-application list • runtime-mgr cloudhub-application start • runtime-mgr cloudhub-application deploy/modify • api-mgr api edit List of commands: https://docs.mulesoft.com/runtime-manager/anypoint-platform-cli 18 Continuous Delivery (CD)
  • 19. Auto deploy and group membership Pipeline has two ways of deploying into environments. 1. Application settings file has an auto deploy flag • For dev and qa 2. User who triggered the pipeline is a member of the mulesoft-pipelines “Release Administrators” group • Restrict who can deploy to cloudhub (must be manually triggered) • If triggered from a PR into master, the user comes through as a Microsoft service account • Users in this group should be aware that anytime they trigger a pipeline run it will deploy 19 Continuous Delivery (CD) / Pipeline Security
  • 20. Pipeline Security Property Files Management We wanted a way to externalise properties for cloudhub environments from the project repository. • Easier for code reviewers to keep an eye on production configurations (no secrets in plain text etc) • Centralised management (all application property files stored in one place) We wanted a way to specify environment defaults for cloudhub deploys • Use an application settings file (JSON format) to control deploy properties 20
  • 21. Property Files Management - One Policy to rule them all One single repository means we can have one policy setup on the master branch to control all pull requests (code reviews) • Use one Azure DevOps group who can approve the PR’s. • Use One file exclude pattern so developers can make quick changes to dev and qa for application specific properties. • Still need to create a new branch for updates, but the PR can be completed with no approvals needed 21 Pipeline Security
  • 22. Secure Credentials and settings.xml files Credentials file is what we use to authenticate to the anypoint platform before using the anypoint CLI commands. • We use one single profile (default) • This is so we don’t need to continuously set the env for each powershell task We use a connected application for authentication (we were using a native account) • Easy to restrict or revoke access • Control access to data using scopes 22 Pipeline Security
  • 23. Secure Credentials and settings.xml files Our settings.xml file is how we authorize our pipeline to download dependencies for our applications. • Azure DevOps artifact feed (common dependency for all apps) • Trustpower exchange assets • Anypoint exchange v2 • Enterprise artifacts (nexus) Settings file cannot use connected app directly, we must generate an access token using the connected app details. Dependencies using the access token are: • Trustpower exchange assets • Anypoint exchange v2 Azure DevOps is using a PAT token. Enterprise artifacts (nexus) is using a native login (username and password). We don’t have access to change this setup. 23 Pipeline Security
  • 24. Secret Management with Azure Key Vault Automation will setup the scaffolding of a new project. • Creating the key vault • Setup the access policy for the service principal (service connection identity) on the key vault • Key vault name is automatically added to the application settings file with tokenisation Secrets must be manually setup • Updates are also manual i.e. if a password or security token changes we would need to manually update the key vault secret Applications use secure properties, so if any changes are made to key vault secrets this means we would have to do a re-deploy to see the update. • Could use Azure service principals and have the applications pull secrets directly from key vault • Each app would need it’s own identity for each environment (or at least sandbox & production) • Key vault cost associated with each secret transaction 24 Pipeline Security
  • 25. Secret Management with Azure Key Vault Using a pre-defined Azure DevOps pipeline kay vault task (where possible) to pull through secrets. • Easy to use • Specify the service connection to use and what secrets we want to be pulled through • Secrets can then be accessed like pipeline variables $(MuleKey) • Also use the Az.KeyVault powershell module to access secrets if we need to do logical statements • i.e if we need to overwrite the global mule key for our environment with an application specific one 25 Pipeline Security
  • 26. DevOps permissions for Service Connections Service connection identity in Azure must be granted permissions on the key vault we are wanting to access. The newly created pipeline needs permissions to be able to use the service connections • The ‘setup new application’ pipeline will allow the new app pipeline to access the service connections as a user • For the above to work, the service connections must exist before the pipeline runs • No CI/CD otherwise, pipeline will hang waiting on permissions • Just created a new api we can integrate with this pipeline to ensure service connections exist (Work In Progress) 26 Pipeline Security
  • 27. Secure config encryption tool When the pipeline pulls secrets from our application key vault, we need a way to encrypt them. This is where the mulesoft secure config encryption tool comes in • https://docs.mulesoft.com/mule-runtime/4.3/secure-configuration-properties#secure_props_tool • We need to supply the following arguments • File or string • Algorithm • Mode • Mule key • Secret to be encrypted Once we have encrypted pipeline secrets setup, we can tokenise the {env}-properties.yaml file and add this to the src/main/resources/properties folder 27 Pipeline Security
  • 28. Secure Configuration properties Extract mule key from environment or application key vault • Mule key length has to abide by the algorithm settings i.e AES algorithm has an exact key length of 16 • This is where you may need different mule keys for applications if migrating to a different algorithm • Environment mule key vs application mule key Extract algorithm and mode from the application global-configs.xml file • Or use the default set in the application.settings file • If using default of values, there is no properties being setup in the global-configs.xml, hence the need for defaults in app settings file 28 Pipeline Security
  • 29. SLA Tiers We use an automated policy to enforce the need for SLA tiers across all environments. As part of our application pipeline, when the deploy stage happens, we deploy Trustpower default SLA tiers that are setup in the default.settings file. We can modify or add to these SLA tiers using the application.settings file for each application in each environment. When a user is requesting access to an application this is where they will be able to select their required SLA tier. • Auto approved for dev and qa • Manual approval needed for production 29 Pipeline Security
  • 30. 30
  • 31. Pipeline improvements • Use a step template for generating the mule key • Remove inline scripting • Some PowerShell tasks need to be smaller and more understandable/readable • Look through devops improvements (can we use stage dependencies for stage conditions yet?) • Integration Postman agent (newman) • Automate setting up API Manager • Only trigger one build at any time • Use of approval gates (Environment) 31
  • 32. Key takeaways What have we learnt (hopefully): • How to externally manage property files • Use policy to exclude files/folders from PR review for faster development • How to use key vault for secrets and use within pipelines (service connection for access) • How to use secure config tool with above for setting up encrypted secrets • How to tokenise a property file to inject secrets from above • Build an application using the external properties file • Munit is good for integrating testing into the CI/CD pipeline, but is also handy for exposing errors before a deploy if the properties file doesn’t match what the application is expecting • Deploy application using pipeline conditions and flags • Deploy SLA tiers 32
  • 33. Call for Speakers! ● Incentive for speakers:  Complimentary training class voucher or certification exam voucher of their choice. ● Please contact organizers for more information! 33