Production

posts/2024-06-20-azure-entra-id-grafana-alerts.adoc

@@ -0,0 +1,255 @@
+= Create a Grafana Alert for expiring Microsoft Entra ID secrets
+vanny96
+v1.0, 2024-06-20
+:title: Create a Grafana Alert for expiring Microsoft Entra ID secrets
+:lang: en
+:imagesdir: ../media/2024-06-20-azure-entra-id-grafana-alerts
+:tags: [azure, grafana, monitoring, alert, entraid]
+
+Microsoft Entra ID is a key component of every cloud deployment. It allows, among other things, for
+"App Registrations" to authenticate users and other applications. +
+This is usually done by authenticating the App Registration itself with a `client-id` and a `client-secret`,
+similar to other IAM solutions.
+
+Entra ID has a peculiarity though, it assigns an expiration date to `client-secrets` in order to force
+frequent rotation of those. This is very good from a security perspective, but caught my team and I by
+surprise on more than one occasion as suddenly our applications stopped working because of such secrets
+expiring.
+
+Unfortunately Azure doesn't seem to provide a built-in alert system for the expiring secrets, and the
+solutions we found online were not quite to our liking (https://www.thelazyadministrator.com/2023/12/16/automated-alerts-on-azure-entra-id-application-secret-expirations/[this excellent guide suggests a solution making
+use of powershell scripts] ) as we were hoping to fire the alerts from our Grafana instance since all
+the contact points were already configured.
+
+After a long investigation and some https://github.com/yesoreyeram/grafana-plugins/pull/13[open source contributions],
+we finally arrived to the solution I'm sharing here!
+
+=== Overview
+The basic idea is to allow Grafana to use Microsoft's Graph API as a Datasource for its metrics and
+alerts. This means that Grafana itself will need to be authenticated as a Microsoft Entra ID
+Service Principal. To do that we'll do the following:
+
+* Azure
+** Create an App Registration
+** Create an App Registration Secret
+** Grant permission to call Graph API
+* Grafana
+** Install "Infinity Data Source" plugin
+** Create a Graph API data source
+** Create an alert for expiring secrets
+
+=== Azure
+We'll be basing our guide on https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal[the official guide offered by Microsoft]
+
+By the end of this section you'll need to know your App Registration's `<tenant-id>`, `<client-id>`
+and `<client-secret>`
+
+==== Create an App Registration
+
+. Login to Entra ID
+. Access the Microsoft Entra ID service
+. From the menu on the left, select the "App Registrations" blade
+. From the top, click "New Registration"
+. Fill the form (no redirection URL is needed)
+. Click "Register"
+
+image::new_registrations.png[New Registration,600]
+
+==== Create an App Registration Secret
+On this step, we'll create the `<client-secret>` needed for Grafana to authenticate itself as the
+AppRegistration. Worry not, it will be possible for Grafana to report on this secret as well!
+
+. Open the App Registration object you just created (you should be automatically redirected there)
+. From the overview page, write down your `<client-id>` (Application (client) ID) and `<tenant-id>`
+(Directory (tenant) ID)
+. From the menu on the left, select the "Certificates & Secrets" blade
+. From the top, click "Client Secrets"
+. Click on "+ New client secret"
+. Add a description and an expiration date
+. Click "Add"
+. IMPORTANT: Store the value that will be displayed in the "Value" column. This is a
+confidential value, so store it safely. This will be your `<client-secret>`
+
+image::registration_secret.png[Registration Secret, 600]
+
+image::registration_secret_form.png[Registration Secret Form, 300]
+
+==== Grant permission to call Graph API
+Now we'll grant our newly created App Registration the permission to query the "Applications" stored
+in Entra ID. We'll use this query in order to fetch the expiring secrets.
+
+. Open the App Registration (you should _still_ be there)
+. From the menu on the left, select the "API Permissions" blade. You should see that the base
+"Microsoft.Graph User.Read" permission is already allowed
+. From the top, click "Add a permission"
+. From the menu that will pop-up you'll have to select +
+`Microsoft APIs` -> `Microsoft Graph` -> `Delegated Permission` -> `Application` -> `Application.Read.All`
+. Once the right permission is selected, click on "Add Permission"
+
+image::registration_permission.png[Registration Permission, 600]
+
+=== Grafana
+It is now the time to connect Grafana to the Graph API. In order to do this, we'll make use of a
+special plugin we recently discovered: https://grafana.com/grafana/plugins/yesoreyeram-infinity-datasource/[Infinity]
+
+This plugin allows to use web endpoint as a Data source, which fits our needs perfectly.
+
+==== Install "Infinity Data Source" plugin
+https://grafana.com/docs/grafana/latest/administration/plugin-management/#install-a-plugin[Using the official guide as a reference]
+
+. Login to your Grafana instance
+. Click Administration > Plugins and data > Plugins in the side navigation menu to view all plugins.
+. Browse for "Infinity".
+. Click the plugin’s logo.
+. Click Install.
+
+image::infinity_plugin.png[Infinity Plugin, 600]
+
+==== Create a Graph API data source
+
+. In Grafana, click Connections > Data Sources
+. On the top right, click "+ Add new data source"
+. Pick Infinity as your Data source
+. Configure the "Authentication" blade section
+|===
+|Property |Value
+
+|Auth type
+|Oauth2
+
+|Grant type
+|Client Credentials
+
+|Auth Style
+|Auto
+
+|Client ID
+|`<client-id>`
+
+|Client Secret
+|`<client-secret>`
+
+|Token URL
+|https://login.microsoftonline.com/`<tenant-id>`/oauth2/v.0/token
+
+|Scopes
+|https://graph.microsoft.com/.default
+
+|Allowed hosts
+|https://graph.microsoft.com
+|===
+
+[start=5]
+. (Optional, but recommended) Configure the "Health Check" section
+
+|===
+|Property |Value
+
+|Enable custom health check
+|Enabled
+
+|Health check URL
+|https://graph.microsoft.com/v1.0/applications
+|===
+
+[start=6]
+. Click on "Save & test"
+
+image::graph_api_data_source.png[Graph Api Data Source, 600]
+
+image::graph_api_health_check.png[Graph Api Health Check, 600]
+
+==== Create an alert for expiring secrets
+Now it's time to piece it all together. The idea of this alert will be the following:
+
+. Query the `https://graph.microsoft.com/v1.0/applications` endpoint
+. Extract get all the secrets expiration dates
+. Filter based on the number of days you need to be notified
+
+To do so:
+
+. In Grafana, click Alerting > Alert Rules
+. Click "New alert rule" from the top right corner
+. In the "2. Define query and alert condition" do the following
+    * Remove the Expressions `B` and `C`
+    * In the Query `A` fill as follows
+
+|===
+|Property |Value |Explanation
+
+|Datasource (top left corner)
+|The newly created Graph API datasource
+|
+
+|Type
+|JSON
+|
+
+|Parser
+|Backend
+|We need to use this parser because it's the
+https://github.com/grafana/grafana-infinity-datasource/discussions/189[only one that supports alerts]
+
+|Source
+|URL
+|
+
+|Format
+|Table
+|
+
+|Method
+|GET
+|
+
+|URL
+|https://graph.microsoft.com/v1.0/applications
+|This will return _all_ the applications in the tenant. If you want to perform some filtering consider
+using the https://learn.microsoft.com/en-us/graph/filter-query-parameter?tabs=http[$filter query parameter]
+or add extra conditions to the "Filter" section down below
+
+|Parsing options & Result fields
+|
+|
+
+|Rows/Root
+|value.passwordCredentials
+|This will return all the credentials for all the app registrations. If your team sticks to one secret
+per App Registration, consider using only `value` as that could provide more information to the alert.
+(We won't be providing the configuration for `value`)
+
+|Computed columns, Filter, Group by
+|
+|
+
+|Computed Columns - Expression
+|tomillis(totime(endDateTime))
+|Takes the `endDateTime` field which is represented as "yyyy-MM-ddThh:mm:ssZ" and converts it to Unix milliseconds
+
+|Computed Columns - As
+|Value
+|
+
+|Filter
+|Value < ${__to} + <num-of-days> * 86400000
+|Compares the `endDateTime` to the `${__to}` value (the current time) plus how many days in advance
+you want to be notified. The days need to be converted to millis, hence the `* 86400000`
+|===
+
+[start=4]
+. Configure the rest as you see fit, but make sure to set
+"Alert state if no data or all values are null" to "Keep Last State"
+
+image::alert.png[Alert Config, 600]
+
+=== Conclusion
+With this, Grafana will be able to send alerts whenever a secret is about to expire. Unfortunately,
+at this moment it's not possible to display exactly which App Registration will be affected due
+to limitations of the `backend` parser, but simply logging into Entra ID's App Registration >
+Owned Applications page should inform you of which Apps have soon-to-be-expired secrets!
+
+I hope that this guide will help you and your team mitigate exceptions caused by secrets sneakily
+expiring just as it did for us.
+
+Hopefully, in the not so far distant future, Azure will allow us to more easily get alerts from its
+key services. Until then, we'll stick to this setup!

posts/2024-10-10-lunaconf-2024.adoc

@@ -0,0 +1,44 @@
+= LunaConf 2024
+Sylke Sauerwald
+v1.0, 2024-10-10
+:title: LunaConf 2024: A Memorable Gathering
+:imagesdir: ../media/2024-10-10-lunaconf-2024
+:lang: en
+:tags: [conference, event, lunatech]
+
+After 2 years of waiting (the celebration of our 30 years of LT fell in between 😊), we held our Lunatech conference this year on the 4th of October in our wonderful office in Rotterdam on the 22nd and 23rd floor. We welcomed our colleagues from France, who arrived the evening before when we entertained them with food, wine and music; we had speakers from various countries and expertise, clients, guests and ex-employees from Lunatech. 
+
+image::welcome.jpg[Welcome by Nicolas Leroux, Lunatech's CEO, 600]
+
+### The Start of the Day
+
+Our day started with welcoming everyone and handing out our new Lunatech t-shirts to all the attending employees as well as the t-shirts for our speakers and our conference bracelets and keychain goodies. Our CEO _Nicolas Leroux_ opened the conference with some welcome words and then we kicked off the talks with two speakers from Lunatech (_Willem Jan Glerum_, who talked about "SSO made easy with Quarkus OIDC" and _Gustavo De Micheli_, who talked about "Typeclass Derivation on Scala 3"), our experts in acquisition _Erwin Merkx_ & _Paul Denis_ and a 2,5-hour presentation about "AI/ML in Software Development" from our employees _Radek Kargul_ and _Ji Darwish_. 
+
+After that, we continued with _Julien Enoch_, who talked about "SDV/Zenoh", _Nicolas Thuilliez_ who talked about "Lean Management" and _Konstantin Kolmar_ with his presentation about "Building desktop apps in Kotlin". A special segment featured a presentation on our Lunatech push-up challenge, with _Giovanni Barbaro_ and _Nicolas Leroux_, followed by _Evgenii Frank_’s session on "How to Do Effective Push-ups".
+
+image::ryan-knight-talk.jpeg[Ryan Knight's talk, 600]
+
+
+### Lunch Break and Refueling
+
+As in the last conference, we had the Caterer De keuken van Hemels providing us with an excellent lunch. After we all refuelled with food, it was _Nicolas Leroux_’s turn to talk about "Scaling Beyond Code: Balancing Technical and Human Factors for Project Success" and _Michael Strauss_'s question about "How to take a good picture in any situation".
+
+image::lunch-break.jpg[Lunch break, 600]
+
+### More Expert Sessions
+
+We continued with _Ryan Knight_’s presentation about "Structured Concurrency", _Martin Kok_’s talk about "Building trust in open source", _Rajendra Maniyal_’s "AI with Scala - An intro to LangChain4J" and _Nicolas Leroux_’s other talk about "Unleashing Organizational Potential".
+
+After a short break with coffee and cake, _Thomas Segismont_ talked about "Vert.x 5 news and roadmap" and _Stéphane Épardaud_ "Under the hood: tricks, hacks and techniques that make Quarkus so enjoyable and fast". Our colleague _Michael Strauss_ had another presentation, this time about "How not to benchmark" and _Erik Bakker_ talked about "the hot topic Infosec At Lunatech: Doctrine, policy and toolings". Besides all these talks, _Sylke Sauerwald_ also provided a workshop on Tai Chi.
+
+And last but not least we had three great closing external speakers, we had _Quentin Adam_’s talk about "Industrial Revolution of Intellectual Services", _Sebastien Blanc_ presented "How Platform Engineering is Driving the Evolution of Developer Self-Service" and _Horacio Gonzales_ talked about "Demystifying Kubernetes operator creation". At the same time, our colleagues _Tanguy Serrand_ and _Titouan Guiochet_ introduced everyone on a DJ set to "How to mix? Tips to impress your friends".
+
+image::quentin-adam-talk.jpeg[Quentin Adam's talk, 600]
+
+### Bringing the Day to a Close
+
+We then reached the end of the conference, our CEO _Nicolas Leroux_ said some closing words and our caterer started serving dinner. With excellent food and wine, we started the evening and ended the day with some dancing to music from our in-house DJs _Tanguy Serrand_ and _Titouan Guiochet_. 
+
+All in all, it was a fabulous day, ending in a great night and everyone left having learnt something new, has met interesting people and hopefully will join us at our next conference again.
+
+image::end.jpeg[End of the day, 600]

posts/2024-10-18-women-automotive.adoc

@@ -0,0 +1,67 @@
+= Why the Women Automotive Network Summit Should Be on Your Radar: Diversity, Inclusion and Networking
+Kateryna Olenkovska
+v1.0, 2024-10-18
+:title: Why the Women Automotive Network Summit Should Be on Your Radar: Diversity, Inclusion and Networking
+:imagesdir: ../media/2024-10-18-women-automotive
+:lang: en
+:tags: [eclipse foundation, automotive industry, networking, conference]
+
+*The Women Automotive Network (WAN) Summit Europe* kicked off on October 8, 2024, in Stuttgart, Germany, focusing on the importance of diversity and inclusion in the automotive industry. Veronika Shamova and I, Kateryna Olenkovska, proudly represented Lunatech’s automotive expertise at the summit 😄 Veronika is a Site Reliability Engineer, and I am a Quality Assurance Specialist. Together, we are working with CARIAD to develop a Software Labeling Stack for creating and processing ground truth data. This summit was a great opportunity to connect business and software, reminding us that teamwork is just as important as coding.
+
+image::nika-kata.jpg[Photo of Veronika and Kateryna, 600]
+
+### Let’s take a closer look at the summit's purpose
+
+The summit aimed to unite leading women in the automotive sector from companies like Porsche, Volkswagen, Volvo, and Jaguar, and more. The big goal is to build a strong network and share experiences that helped these women succeed. The WAN community has grown to 40,000 members worldwide and is continuing to expand.
+
+A key focus of the summit is mentorship, which is essential for career growth. Members can choose to be mentors or mentees, helping each other navigate their professional journeys.
+
+### So, what happened at the conference?
+
+In the morning, we were welcomed at the Forum am Schlosspark in Ludwigsburg, a lovely venue that accommodated all 500 attendees. An additional 500 participants joined the summit online. After registering and enjoying some coffee, we were invited into a spacious conference hall filled with round tables.
+
+image::main-hall.jpg[Photo of the main hall, 600]
+
+The event began with a welcome speech from *Micha Goebig*, CEO and Founder of Go Big Coaching and Communication LLC. She shared insights about the community and stressed the importance of networking. "Don’t be shy to say hello to the woman next to you!" Micha encouraged us. With that, the summit officially began!
+
+image::micha-goebig.jpg[Welcome speech from Micha Goebig, 600]
+
+### Let’s look at some highlights from the talks
+
+From *Linda Jackson*, CEO of Peugeot, we gained firsthand insight into what it takes to climb the corporate ladder. With 45 years of experience in the automotive industry, Linda emphasized the importance of confidence, perseverance, learning from mistakes, and growing alongside a trusted team. She also reminded us that on this long journey to the top, it’s crucial to pause and appreciate the view.
+
+image::linda-jackson.jpg[Talk from Linda Jackson, 600]
+
+*Barbara Frenkel*, Member of the Executive Board for Procurement at Porsche AG, delivered an inspiring talk titled “Follow Your Dream – My Path to the Porsche Executive Board.” The key takeaways from her presentation were to work hard, trust the process, and let your colleagues be your references. And who knows? One day, you might get a call from Porsche and be invited to become one of the nine board members!
+
+image::barbara-frenkel.jpg[Talk from Barbara Frenkel, 600]
+
+*FLEX* panel group initiated a discussion on how we make our business decisions. It turns out that these choices are rarely based solely on facts; instead, they often involve a mix of intuition and facts. It's essential to trust your gut feeling and be willing to take risks to explore uncharted territories.
+
+After lunch, we were ready to dive into new topics. This time, it was a workshop led by *Sara Gallian*, a SDV Program Manager at the Eclipse Foundation, which Lunatech is part of. This foundation creates a business-friendly environment for open-source software collaboration and innovation.
+
+image::flex-sara.jpg[Workshop led by Sara Gallian, 600]
+
+The workshop, titled “Open Source for All: Democratising and Transforming the Automotive Software Industry in a Code-First Way,” highlighted the challenges open-source contributors face. These challenges include language barriers, cultural differences, years of experience and even unreliable internet connections.
+
+We looked at charts showing cultural differences across countries, prompting us to think about our own experiences.
+
+image::charts.jpg[Charts showing cultural differences across countries, 600]
+
+So, how can we enhance diversity in open source? We need to be more mindful and inclusive, making sure open source is a welcoming space for everyone, especially underrepresented groups. A typical open-source contributor can be anyone – it’s not just limited to a white, straight, cisgender man in his 40s! 😄
+
+During the panel discussion, we learned that the industry is evolving, with women’s presence steadily growing and strong allies supporting diversity and inclusion at every turn. Looking ahead, there’s even more growth planned, with a goal to increase the representation of women in leadership positions from 20% to 25% by 2030. This goal is set to be achieved by enhancing mentorship and sponsorship networks within the industry, and WAN serves exactly that purpose.
+
+### Conclusion
+
+After a day packed with insights, we wrapped it up with a fun after-party, where networking flowed just as smoothly as the Aperol Spritz! While networking can be tough and sometimes intimidating, it’s definitely rewarding when you find those genuine connections that help you grow personally and professionally. We left feeling energized, with several connections in LinkedIn and excited for what’s to come.
+
+All in all, as for someone with a software engineering background, this summit was a unique experience, it was different from typical software conferences. Instead of focusing on technical skills, it emphasized sharing career stories, taking on new challenges, and never giving up. Seeing so many successful women in the automotive industry was inspiring. The focus on building a strong community made the event even better. I enjoyed the talks and gained valuable insights and I’m looking forward to coming back next year!
+
+image::end.jpg[End of the event, 600]
+
+### Links
+
+If you're interested in learning more and want to experience a bit of the conference atmosphere, check out the recorded talks through this https://www.youtube.com/playlist?list=PLBvCIWq03PgrNYd_ASN_LWvJ8oq12Ub_-[link]!
+
+Also, you can learn more about https://womenautomotivenetwork.com/en-eu[Women Automotive Network] and https://www.eclipse.org/[Eclipse Foundation] here.