closes FOO-1272
flag=none
Use a specific error message for missing
queued messages that doesn't require
a sentry error for each.
Also introduces a pattern for
"Retriable" job errors and the
accompanying error-level handling
TEST PLAN:
1) delay the "deliver" ing of
a message that does not exist.
2) you should get a log message,
but no sentry error
Change-Id: Ib6d8f5ae499b2e1ecde1eb74397d77630c0f3e6b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/254639
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes FOO-1163
test plan:
* have a user with pseudonyms on two accounts with the same local id, on
different shards
* go to the user's page (/users/:id)
* it should correctly name both accounts
Change-Id: Ib5dfb77163a013deb0029dc311b26b1b9424f76c
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/252039
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs FOO-1125
flag=non
TEST PLAN:
1) stats for things like ImperiumTimeouts should still
end up in datadog
2) sentry errors for the target error types should disappear
Change-Id: I6e97c04e3f6fcc3545b10418511934c89f20a419
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/251536
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
closes FOO-1120
refs FOO-1125
flag=none
introduce canvas-errors logging callback
move error logging from application_controller
to Canvas::Errors callback
let all canvas::errors callbacks handle the new options hash
don't send errors less than ":error" level to sentry or
error reports.
change error stats to be grouped by "level", and use
error name as a tag.
TEST PLAN:
1) regular errors should still hit all the callbacks
2) errors declared as ":warn" or ":info" levels should
not make it to sentry (like SAML MissingMessage errors)
3) local errors during development should still get logged out
to development.log file
Change-Id: Ibe1401c0f5ad8f6d697c64f6a34153aaea048281
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/251125
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
test plan:
* account feature flag cache register checks should
be made against multicache redis, just as with g/246223
closes #LS-1404
Change-Id: I28172e9c7bf539c98d63b323f911b9e6bdcaf909
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246243
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
closes OUT-3999
flag=none
test-plan:
- ensure live events are running locally (see live_events.md)
- verify that when making changes (including soft deleting) or
creating an outcome calculation method that live events are emitted
Change-Id: I715305dc3cd8dc1cab127033d1feb92acd28f948
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/250457
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Augusto Callejas <acallejas@instructure.com>
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Reviewed-by: Wagner Goncalves <wagner.goncalves@instructure.com>
QA-Review: Manoel Quirino <manoel.quirino@instructure.com>
Product-Review: Jody Sailor
"Somehow, the rotate_keys job returned" --
on Oct 1, both Lti::KeyStorage.rotate_keys and
Canvas::Oauth::KeyStorage.rotate_keys ran multiple times within seconds,
causing the keys to get rotated twice. This commit prevents us from
rotating keys if we just did a few seconds/minutes ago.
flag=none
closes INTEROP-6248
Test plan:
- in a rails console, run Lti::KeyStorage.retrieve_keys to see current
keys. (Local Canvas didn't seem to be saving DyanmicSettings for me so
rotating keys didn't have any effect on the keys at keys in
/api/lti/security/jwks)
- kick off rotation of keys: Lti::KeyStorage.rotate_keys
- check keys rotated
- kick off rotation of keys again
- check keys not rotated
- change min_rotation_period to something smaller like 2 minutes. You
can do that with:
class << Lti::KeyStorage; def min_rotation_period; 2.minutes; end; end
Wait that amount of time, kick off rotation of keys again, and check
that the keys rotated.
- run Canvas::Oauth::KeyStorage.rotate_keys and
Canvas::Oauth::KeyStorage.rotate_keys to make sure the min rotation
period for each set of keys is completely separated. Note that these
seem to start out empty so you will have to rotate them once to generate
them.
Change-Id: I7d58909e2eba7ccb2cd4222e60edf3f437547a6e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/250155
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Evan Battaglia <ebattaglia@instructure.com>
Reviewed-by: Wagner Goncalves <wagner.goncalves@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Normally submissions are created in raw SQL so the after_create hook is
not fired but there are some cases where this is not the case: in these
weird edge cases, submission_created is also fired when we create
Submission records with ActiveRecord so the after_create hooks fire. We
don't understand exactly what they are but they are a very small
proportion (about 0.15% of total submission_created events) and no one
cares about them.
This also adds "workflow_state" to the event body, and DRYs up some
specs.
closes INTEROP-6224
flag=none
Test plan:
- Run canvas with the environment variable STUB_LIVE_EVENTS_KINESIS=1
e.g.:
dcr -e STUB_LIVE_EVENTS_KINESIS=1 -u 0 web \
bundle exec rails server --binding='0.0.0.0' -p 80
- create assignments and make submissions for students in the following
ways, making sure the submission_created event is emitted (it will
be in the Canvas STDOUT, you might have to search for it) only when the
student (or API call in some cases) submits or resubmits:
- Student submits through UI.
- Student re-submits through UI.
- Done through API (?) Something like
/api/v1/courses/123/assignments/12345/submissions/1234 ?
- Grade passback (?)
- AGS (?)
- Make sure a submission_created event has the "workflow_state" in it.
- In a console, create a Submission with Submission.create! in a
unt push gerrit
submitted state and make sure the event does not fire.
- In a console, create a Submission with Submission.create! in a
submitted state and make sure the event does fire (you must provide
workflow_state: submitted, and a submission_type such as
online_text_entry)
Change-Id: I92b1c595282bf498557b7e52660547cc624795ac
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249769
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Mysti Lilla <mysti@instructure.com>
Product-Review: Oxana Jurosevic
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Fixes INTEROP-6252
flag=none
Test Plan:
- Install multiple plagiarism detection tools
in the same account with _different_ resource
type codes. Each tool should also have a different
endpoint
- Associate an assignment with one of the tools
- Submit and verify an event is sent to the tool
with the matching resource type code
- Verify events were not sent to the other tools
Change-Id: I5892451c2ac3af64254881319d6f1143703a5cb6
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249776
Reviewed-by: Mysti Lilla <mysti@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes INTEROP-6250
flag=none
Test plan
- Set up tools with varying endpoints and verify
we're sending the "closest/latest" endpoint ids
from among a plethora of similar tools on courses/
sub-accounts/accounts
- Verify the migration does the same thing
Change-Id: Iac761e94cfeee01588cae5cd8b4797faa1bcb643
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249736
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
so we know where they came from
Change-Id: I41d58d73c99d1187064f7d83821f361d3d73791f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249256
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs FOO-1032
we don't want to block local redis for very long,
it's not like the much more variable traffic
experienced by remote redis rings. Just give it
a little time to recover, and let us use a different
setting.
TEST PLAN:
1) make your local redis fail to connect
2) after the rails process acknowledges and blocks that host,
restore local redis.
3) within a few seconds you should be successfuly serving
queries from the local cache again.
Change-Id: Ic8bf976418198e9b5d6fa02a74b67edc60012a46
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249274
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
refs FOO-1032
also log even expected redis failures
so that it's possible to pin down why a given request
failed after a botched redis query.
TEST PLAN:
1) make your redis client irredemably faulty with
a caught error, like InheritedError
2) try to ask MultiCache for results with an "mget"
3) you should get a [] as the default return value
Change-Id: Ia8ede817d1180e6c0a42dfbe69bfbcb5040c4b4d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249255
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
Skipped spec has had the success rate dip into the 30% range, well
below the acceptable flakiness of a spec.
flag = none
Change-Id: Ib41a6517e39ceb650e44073d03f5481be7825af4
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249241
Reviewed-by: Andrea Cirulli <andrea.cirulli@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: James Butters <jbutters@instructure.com>
Product-Review: James Butters <jbutters@instructure.com>
Some endpoints (such as GraphQL and the LTI AGS scores service) appear
to not set `@context` in ApplicationController so the LiveEvents context
(which becomes "attributes"/"metadata" in live events) does not have a
context_id / context_type. This is a problem for some downstream plagiarism
platform consumes of the submissions_* events (particularly
submission_created).
flag=none
closes INTEROP-6174
Test plan:
- submit an assignment thru the grade_passback, AGS "Scores", or graphql
and check that the live event has a context_id.
Change-Id: Ife5b213436de63ebcef179b0a9ba41a7b088d182
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249001
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Oxana Jurosevic
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
usage rights were only never implmenented in canvas for users. Don't
show the UI in RCE's file upload modal in a user context.
closes LS-1457
flag=rce_enhancements
test plan:
- as a teacher, create an assignment
- open Documents > Upload Documemnt (or Image > Upload Image)
> expect the Computer tab to have the Usage Rights UI.
- pick one and submit
> expect the file to have the copyright symbol in the course
files page
- as a student, submit the above assignment
- in the RCE, open Documents > Upload Docuemnt
> expect no Usage Rights UI to be displayed
- create a group in a course with usage rights required
- as a teacher on a group homepage, create an Announcement or a Page
- open Documents > Upload Document
> expect to have the Usage Rights UI
- pick one and submit
> expect to see the file have the copyright symbol in the group
files page
Change-Id: Ib340c180885affda24af8cd809b06a8d565e0f34
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/248488
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Ed Schiebel <eschiebel@instructure.com>
closes FOO-1013
TEST PLAN:
1) send a sighup to a box
2) only ONE flushdb gets sent to local redis
Change-Id: I5af89014d21b79382cada9aa7b32eaa4e4e088b2
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/248800
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs FOO-779
TEST PLAN:
1) make many threads or processes try to load the same vault config
2) only one should actually call vault
3) they all should get a response
Change-Id: Ic5b778ab994bd964d930fd40fee936f42a4fd91d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/248155
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
FIXES FOO-1011
FIXES FOO-1012
Also write the trees of dynamic settings
stuff atomically so that clears don't
result in a partial config hash in the cache
TEST PLAN:
1) store things in the dynamic settings cache
2) explicitly clear the cache
3) write a "true" value to the tree-level key
4) fetch the subkey
5) you should still get a valid value back from consul/file
Change-Id: I0f8bf524a6c03a2e6a6bba7fed3c199e6b179d93
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/248752
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs FOO-965
raise a real error if we get a response
other than a 200 or 404, only 404 is a good
reason for putting a nil value into the cache.
TEST PLAN:
1) override imperium to return error responses
2) run dynamic settings lookup
3) nil is not in cache, error reported
Change-Id: Iba384c122e674864fbcaf49c3159ab8aca3f0833
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/247948
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
refs FOO-965
TEST PLAN:
1) throw an error in a request
2) catch the error and capture with canvas errors,
then continue
3) you should get request and session info on
sentry context automatically
Change-Id: Iadacc5337eee5298c9190b34a976a482e6407572
Change-Id: If654cdd76f5b39218bd633b66d3c073c083185af
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/247924
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
sharding isn't necessarily set up if this
fires during boot sequence
Change-Id: I2d5448184f141716bd38eb29beef33fe155abdb7
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/247927
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes INTEROP-6125
flag=none
Test plan
- Set up an assignment with the plagiarism tool
- Test to make sure the live event sends with
the associated integration id from the ACTL
- Uninstall the tool and make sure it does
not send the associated integration id
- Play with different locations where the
tool is installed and make sure it works
as expected
Change-Id: I1fec2ee4744850cd7a0285fb0087a465b3448e46
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246294
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Mysti Lilla <mysti@instructure.com>
refs FOO-779
TEST PLAN:
this doesn't get used yet,
but if you want you can grab
any cred path your vault client
is allowed to assume and try to pull
it through this object and talk to
an AWS service the assumed role is
permissioned for
Change-Id: I85faf802539feae6e708dfa8bd07d1f52346df1d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/246255
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jacob Burroughs <jburroughs@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes INTEROP-6016
flag=none
Test plan
- Have a submission that isn't graded
- Comment and/or grade the submission
- Note that a live event gets sent with
a new posted_at date
Change-Id: I63175965044350187af2b9c4857fb25b0ebc2e68
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/244908
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Ryan Hawkins <ryan.hawkins@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
closes OUT-3867
flag=none
test-plan:
- ensure live events are running locally (see live_events.md)
- verify that when making changes (including soft deleting) or
creating an outcome proficiency that live events are emitted
- verify that ratings information is included in the proficiency payload
(cherry picked from commit 0f0edc8cbe)
Change-Id: Iee0a98666354fc6e375757d63a1bbf22cdff973e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/245081
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Michael Brewer-Davis <mbd@instructure.com>
Product-Review: Michael Brewer-Davis <mbd@instructure.com>
refs SAS-1540
* adds an audience setting to developer keys, so a key can be set to
target external audiences with its credentials grants
* when a key with an external audience grants credentials, the token is
signed with an asymmetric key instead of the internal symmetric key
* external audiences can retrieve the corresponding public keys from
/login/oauth2/jwks
* credentials issued by developer keys with an account id include the
account's guid in a custom claim
includes a refactor of key storage and rotation in consul, which had
already been done for LTI. but it wasn't really a feature of lti, just
something used by LTI, and we needed the same for key management for
this. moved it to be part of Canvas::Security
Change-Id: Ie5c0fcee6fc21687f31c109389a3bcc1ed349c5d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243606
QA-Review: Jonathan Featherstone <jfeatherstone@instructure.com>
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
This reverts commit 0f0edc8cbe.
Reason for revert: merged prematurely, depends on code in g/244166
Change-Id: I49b623197354bf5c39cb3f6829b2dea72118e890
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/244037
Reviewed-by: Augusto Callejas <acallejas@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Pat Renner <prenner@instructure.com>
Product-Review: Pat Renner <prenner@instructure.com>
closes OUT-3867
flag=none
test-plan:
- ensure live events are running locally (see live_events.md)
- verify that when making changes (including soft deleting) or
creating an outcome proficiency that live events are emitted
- verify that ratings information is included in the proficiency payload
Change-Id: I0e6603896b6a08b7a6ea1050c742e5ff3a9b3b2f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/244793
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Augusto Callejas <acallejas@instructure.com>
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
QA-Review: Augusto Callejas <acallejas@instructure.com>
Product-Review: Pat Renner <prenner@instructure.com>
refs FOO-739
TEST PLAN:
1) disable request throttling
2) run some requests that are expensive
3) costs should still be tracked in headers
Change-Id: Iec1a60f797451c789c3cdb79682757b8c354005f
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243569
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
test plan:
* with PG <10, nothing should change/break (migrations shouldn't even try to run)
* with pg >=10, run migrations
* it should create collations, and recreate a couple indexes
* going to the users page should not be broken
* specs ensure that the sorting is to our liking
Change-Id: I3eaf42dd2207d733c164c12ef2a43a1c1b417ff2
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/241190
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Charley Kline <ckline@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Charley Kline <ckline@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes PLAT-5766
flag=none
Test plan
- Planning to test this on beta once it's there
as that will be easier than trying to test it
locally
- We'll want to install a fresh Plagiarism tool
at an account
- Verify that the plagiarism subscription IS receiving
events for assignments that are linked to the tool
- Verify that the plagiarism subscription IS NOT receiving
events for assignments that are not linked to the
tool
- Verify that regular subscriptions are still receiving
events for both linked and non-linked assignments
Change-Id: I59a1f5f6d1c061dfcd50c1efa2788173875d2231
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/240369
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Michael Guymon <mguymon@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Mysti Lilla <mysti@instructure.com>
flag=none
refs PLAT-5791
Test plan:
- make sure you have a course with a sis_source_id
- tail live events kinesis stream (See doc/live_events.md)
- trigger a course_completed or course_progress event
- check it has the account ID and sis_source_id
Change-Id: Ic4e529ee7b3eeddce68e028fcb81c5bdbbafb96a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/239269
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Oxana Jurosevic
access tokens cannot be created when masquerading a user on purpose,
because this would allow a user to get the real token and use it when
permissions for the user could change in the future. A commit was made
ee50eec4bd to create the access tokens
used when doing an lti launch on the real_user instead of the user, but
this breaks some tools that are not handling all the masquerade data.
c94b34348a reverted that change to create
them on the user again.
This commit is adding a column to access_token so we can audit usage of
the tokens created from an LTI launch. When a token is created while
masquerading we add the real_user_id to the token and make the token
expire in one hour.
test plan
- masquerade as a user
- launch an lti_tool that creates an access token
- the tool should see the end users token
- in a console verify the token is set to expire in an hour
- verify that real_user_id is used on the token
- the token should expire within an hour
fixes KNO-464
flag=none
Change-Id: I1f8913fc536f4e2c8539551efed69b27fbdb6b1a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236443
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Davis Hyer <dhyer@instructure.com>
QA-Review: Davis Hyer <dhyer@instructure.com>
Product-Review: Davis Hyer <dhyer@instructure.com>
closes OUT-3675
flag=selectable_outcomes_in_course_copy
setup:
- create a course with many outcome groups,
containing many other outcome groups, each
with multiple outcomes
test plan:
- export a copy of the course
- in a new course, import the contents of the previous course,
selecting "Select specific content" option
- confirm that when selecting content, that selectable outcomes
are availble to import
Change-Id: Id9834f1f1256f7a69d8e0edb2593b196cf4deb05
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/237433
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Reviewed-by: Pat Renner <prenner@instructure.com>
QA-Review: Brian Watson <bwatson@instructure.com>
Product-Review: Jody Sailor
closes OUT-3632, OUT-3633
flag=selectable_outcomes_in_course_copy
setup:
- create a course with many outcome groups,
containing many other outcome groups, each
with multiple outcomes
test plan:
- with "Selectable outcomes during course content migration"
feature option enabled (root account), confirm that for
course copy and course export/import, the selective content
dialog allows selective outcomes and that if a subgroup
is selected or non-root outcomes are selected, they all
appear at the root level in the target course.
also confirm that outcome groups and outcomes appear in
alphabetical order in the selective content dialog
(note: groups always appear before outcomes)
- with "Selectable outcomes during course content migration"
feature option disabled (root account), confirm that for
course copy and course export/import, the selective content
dialog does not allow for selective outcomes
Change-Id: Ibde113826b647feb1b5c4308b85698010f0bc4e9
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236769
Reviewed-by: Pat Renner <prenner@instructure.com>
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Brian Watson <bwatson@instructure.com>
Product-Review: Jody Sailor
closes OUT-3622
flag=selectable_outcomes_in_course_copy
setup:
- create a course with outcomes, both in groups and at the
root level
- create another course
- select "Import Course Content"
- for "Content Type", select "Copy a Canvas Course"
- select the initial course to copy from
- for "Content", select "Select specific content"
- click "Import"
- wait for the "Select Content" button to appear under
"Current Jobs"
test plan:
- with "Selectable outcomes during course content migration"
feature option enabled (root account):
* click "Select Content" button
* confirm that the "Learning Outcomes" is available and
can be expanded to reveal all groups and outcomes
- with "Selectable outcomes during course content migration"
feature option disabled (root account):
* click "Select Content" button
* confirm that the "Learning Outcomes" is available but
cannot be expanded
Change-Id: I62f1ee07628b4f7ea3d5573748214f4b1db6d44a
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236511
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Pat Renner <prenner@instructure.com>
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
QA-Review: Pat Renner <prenner@instructure.com>
Product-Review: Jody Sailor
This reverts commit ee50eec4bd.
Reason for revert: need to more fully flesh out how masquerading can
be transparently handled for OAuth consumer.
Change-Id: I340b8914e3eff7c3156e1a06bae1ca6c9d10c1bd
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236010
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
test plan:
* with redis enabled locally, create an assignment with
a due date and add it to a module
* view the modules page as a student and take note
of the due date
* use the bulk assignment date editing feature to
edit the assignment date
* re-view the modules page a the student
* the due date should be updated
closes #LA-957
Change-Id: I71d2f14f70109bc1d9ae137371afc89122efcd5b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/236120
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Anju Reddy <areddy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
flag = missing_policy_applicator_emits_live_events
closes TALLY-575
Test plan:
- Set up live events in your Canvas installation and monitor them (see
the relevant live events documentation in the doc/ directory)
- Have a course with a missing policy enabled
- With the root-account "Missing Policy Applicator Emits Live Events"
flag ON:
- Create/publish an assignment requiring online submissions and with a
due date in the near future
- Bear witness to the ineluctable passage of time as it strips you of
everything and everyone you hold dear
- Check that each submission marked as missing for the above assignment
has also emitted a corresponding submission_updated live event
- With the flag OFF:
- Repeat the above process
- The missing policy applicator's mass-update should NOT generate live
events
Change-Id: Ifa84affe2242827e1695d0d9c539cf9d542ba425
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/229181
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
Reviewed-by: Nick Pitrak <npitrak@instructure.com>
QA-Review: Adrian Packel <apackel@instructure.com>
Product-Review: Spencer Olson <solson@instructure.com>
fixes USERS-457
test plan:
* login to the mobile app via qr code while masquerading
* the app should behave as if you're the masqueraded user
* inspecting user profiles in the web app, a token should
have been issued to the masquerading user, but not the
masqueradee
* confirm inst-fs works while masquerading
Change-Id: I82b6a310f8b31ffa6cf824b95f0734056292deb6
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/230784
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Reviewed-by: Keith Garner <kgarner@instructure.com>
refs PFS-15497
flag = none
Test plan:
1. create a new conversation on canvas with another user
2. create a new message in the conversation by replying
3. verify live event for conversation_message_created has been triggered
Change-Id: Idf929eb5398f6040d8a3e45c644481b207858042
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/232152
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Dan Dickson <ddickson@instructure.com>
QA-Review: Aiona Rae Hernandez <ahernandez@instructure.com>
Reviewed-by: Sean Mikkelsen <smikkelsen@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
refs PFS-15496
flag = none
test plan:
1. create a new conversation on canvas with another user
2. forward the conversation to another user who is not
already a participant in the conversation
3. verify live event for conversation_forwarded has
been triggered (only once)
Change-Id: I70d3de5cb6995aec1ffe00b3a42f99d31f19250d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/232141
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Aiona Rae Hernandez <ahernandez@instructure.com>
Reviewed-by: Sean Mikkelsen <smikkelsen@instructure.com>
Product-Review: Dan Dickson <ddickson@instructure.com>
refs PFS-15495
flag = none
test plan:
1. create a new conversation on canvas with another user
2. verify live event for conversation_created has been triggered
Change-Id: Ice2c239b90318588a2e5fe68ac0db289ff591a94
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/231746
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Dan Dickson <ddickson@instructure.com>
closes APM-30
flag = none
TEST PLAN:
* canvas runs fine
* from beta app analytics telemetry shows up in datadog
Change-Id: I5128589040c053642ec81bd35ee797b60349a45e
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/231830
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
closes APM-29
flag = none
TEST PLAN:
* canvas boots correctly
* wrap an Canvas::Apm.tracer.trace call around some code
* APM Logging shows custom spans
Change-Id: I552f7db02db3fa7dabdcafd72a3682c2dd56006b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/231742
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Keith Garner <kgarner@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
FIXES APM-25
flag = none
also properly implments plugin
reset so that we can enable/disable
without rebooting the process
test plan:
specs pass flaky spec catcher
Change-Id: I96e8137e351639559d68c8f1e9242e1c315cb26d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/231006
Reviewed-by: David Warkentin <dwarkentin@instructure.com>
Reviewed-by: James Butters <jbutters@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes APM-16, APM-20
flag = none
also adds context id and user id
to request annotations for APM
configures host-level sampling
TEST PLAN:
* enable apm collection on datadog agent on single test cluster
* push consul config to same cluster for enabling apm sampling
* push consul config depressing host sampling rate to 5%
* delayed job telemetry should show up in ddog
* trace count from active clusters should drop by an order of magnitude
Change-Id: I94d97b299ed14403e8b141629740a1627310b259
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/230592
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: David Warkentin <dwarkentin@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes APM-11
flag = none
TEST PLAN:
* deploy to some environment with APM enabled
* observe telemetry and confirm root_account
and shard tags
Change-Id: I7246801c51617f10b8b7f3ca69b5d245375e81be
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/230415
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: David Warkentin <dwarkentin@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes TALLY-563
flag = none
...obviously
test plan:
* Smoke test New Gradebook
* Smoke test Grade Summary
Change-Id: I0bf7f962f5e910002b69d727666464356a1e3ccf
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/225876
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Adrian Packel <apackel@instructure.com>
Reviewed-by: Gary Mei <gmei@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
test plan:
* do an LTI grade passback
* verify in the server logging that request throttle client identifiers
includes a "tool:<domain>" entry
Change-Id: I90914187848876ebe7a20ef87d0ff933254cc83b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/226231
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Next step will be to integrate a secrets API a-la-dynamic settings
test plan:
- Specs pass
Change-Id: Ic2fdd2be3c7f665804627f3ef3ffb5bc408d135b
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/224281
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Currently, this just replaces the dynamic_settings cache;
it will also be used to cache things from vault
flag=none
test plan:
- Dynamic settings specs pass
Change-Id: I314a2c377adbcda59d7a7ec2d7522f25a3de08eb
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/224230
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes DIG-1417
flag=none
test plan:
- trigger a `submission_updated` live event by submitting an
assignment.
- if you submitted on time, the event should contain `"late": false`.
if it was late, the event should contain `"late": true`.
Change-Id: I856b2748c8cd583308e89f5160e734bc9f287e3c
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/222297
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Michael Ziwisky <mziwisky@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Change-Id: Ie137c1040260b363979160e1f0558883577ebebd
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/222510
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Fires any time a student's course grade has changed.
Dig needs this event.
This also updates ObserverAlerts to only make one alert per
student+course in the case that the student is enrolled in multiple
sections of the same course. (Checked with mobile team to make sure
this is OK).
It also moves creating the alerts until after calculate_hidden_scores.
This shouldn't matter because the hidden (unposted) scores don't affect
the ObserverAlerts which only care about current_score. (Really we
could ignore the observer alert code if @ignore_muted is true
but I didn't want to change too much. Likewise, @ignore_muted
and @emit_live_event should be synonymous but I wanted to be explicit
and not rely on that always being the case.)
This also reloads scores all at once instead of individually, which
means less SQL queries and simplifies the code (especially since
reloading an object undoes the preloading of the enrollment).
refs PLAT-5189
flag=none
Test plan:
- Add `puts JSON.pretty_generate(event)` to
gems/live_events/lib/live_events/client.rb:103 (#post_event) to see
events locally
- watch for live events when going through various workflows which
change course grades and make sure only one event per course+student is
emitted
1. change an assignment grade for a student enrolled in multiple
sections -- only one event should be triggered
2. group assignments
3. a call to compute_and_save_scores where
@update_all_grading_period_scores is true (we start grading a
course/student and this kicks off scoring of all grading period
scores)
4. a call to compute_and_save_scores where @update_course_score is
true (we start by scoring a grading period and this starts scoring the
related student/course)
5. any thing else we can think of. grade_calculator experts or other
product experts may be able to suggest other scenarios.
- test these scenarios out with the "observer alerts" in the Canvas
Parent mobile app to make sure these events still work right.
Change-Id: I1d6d530149962a97890656566e26bc32dbb4c190
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/219208
Tested-by: Jenkins
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Oxana Jurosevic
Reviewed-by: Matt Sessions <msessions@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
closes PLAT-5096
Test Plan:
- trigger an asset_accessed as a non-admin
- verify that the enrollment_id and course_section_id is included
in the payload
Change-Id: Iea99daa7df03323b22181751c4fafd784025636d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/217905
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
Closes PLAT-5098
Test Plan:
Verify both learning_outcome_result_created and
learning_outcome_result_updated events now send
the model's "mastery" value for the live event
"mastery" property
Change-Id: Ib450e5a46dec939f13a397a686a30763991c8fcb
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/216047
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
closes PLAT-4968
test plan:
* give a student a grade for an assignment
* configure the live events plugin using `doc/live_events.md`
* tail the kinesis stream following the directions in `doc/live_events.md`
* change the grade for the student
* assert that the assigment_name is present in the event body
Change-Id: Ibcabdada2a1c4ba7cd9b29bc6bacdbb387ec41f1
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/215983
Reviewed-by: Evan Battaglia <ebattaglia@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Xander Moffatt <xmoffatt@instructure.com>
Tested-by: Jenkins
refs PLAT-4955
Test Plan:
- see that calendar feeds now have the context_id and context_type
for the asset_accessed live event
Change-Id: If86c43a07538648c7bdddcd33460bbd23ac916f9
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/214246
Tested-by: Jenkins
Reviewed-by: Clint Furse <cfurse@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes PLAT-5027
Test Plan:
- setup account/course to allow final grade override
- override a student's final grade in gradebook
- a live event should be created called 'grade override'
Change-Id: I4c45ced4a3e21e612ad6c43849e1d4b80c3623c0
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/214166
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Evan Battaglia <ebattaglia@instructure.com>
Product-Review: Oxana Jurosevic
test plan:
* enabling and locking the usage rights required setting
on an account should also enable on all courses
(and vis-versa)
closes #ADMIN-2977
Change-Id: Ieb55d5860b38e6001c1de4290f111e06131582ec
Reviewed-on: https://gerrit.instructure.com/212764
Reviewed-by: Carl Kibler <ckibler@instructure.com>
QA-Review: Carl Kibler <ckibler@instructure.com>
Product-Review: Carl Kibler <ckibler@instructure.com>
Tested-by: Jenkins
refs OUT-3177
Test plan:
- set env var for jobs container/BASE in
docker-compose.override.yml
STUB_LIVE_EVENTS_KINESIS: "true"
(see live_events.md)
- at canvas.docker/plugins/live_events
- uncheck "Disable this plugin"
- add anything to fields
- Apply
- tail Canvas containers for stubbed events
> docker-compose logs -f | grep stubbed_kinesis_stream
- verify that the following live events are seen and have
reasonable data:
learning_outcome_created
- when outcome created manually or via csv
learning_outcome_updated
- when outcome edited or deleted (in original context)
manually or via csv
learning_outcome_group_created
- when created manually, via import from account,
or via import from csv
learning_outcome_group_updated
- when group edited or deleted manually or via csv
learning_outcome_link_created
- when outcome created manually or via csv
- when outcome imported from account
learning_outcome_link_updated
- when outcome moved or deleted manually or via
csv
Change-Id: I70a62617f745b884951d22f2cb29c0178f283c12
Reviewed-on: https://gerrit.instructure.com/211460
Tested-by: Jenkins
Reviewed-by: Frank Murphy III <fmurphy@instructure.com>
Reviewed-by: Clint Furse <cfurse@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Oxana Jurosevic
fixes: ADMIN-2525
fixes: ADMIN-2531
Test-Plan:
ensure that the settings work the same as the flags did
Change-Id: If5dd8e1d1700357321592fa433bbdfe49c75c886
Reviewed-on: https://gerrit.instructure.com/205261
Tested-by: Jenkins
QA-Review: Anju Reddy <areddy@instructure.com>
Product-Review: Carl Kibler <ckibler@instructure.com>
Reviewed-by: Carl Kibler <ckibler@instructure.com>
* specifically to user_created and user_updated
closes PLAT-4829
test plan:
* enable live events (see doc/live_events.md) on your local machine
* create a user with a sis id
* the live event generated should contain these 2 new fields
* update that user
* the live event generated should contain these 2 new fields
Change-Id: Ic199173ba9cd54723dba73dcc381be7b6de644aa
Reviewed-on: https://gerrit.instructure.com/209171
Reviewed-by: Marc Phillips <mphillips@instructure.com>
Tested-by: Jenkins
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Xander Moffatt <xmoffatt@instructure.com>
fixes PLAT-4773
Test Plan:
- Verify the new "compact_live_event_payloads"
release flag is visible in the root account and
defaults to "off"
- Enable the feature flag
- Verify null values are removed from live event
payloads
Change-Id: I8f91ead101fa3cd81fe8553f7f8ff6e94b294128
Reviewed-on: https://gerrit.instructure.com/206307
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Tested-by: Jenkins
QA-Review: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Oxana Jurosevic
Fixes PLAT-4718
Test Plan:
-create an event
-verify asset_name is in body of event
-create a context external tool
-verify asset name is not in body of event
Change-Id: I96d38dfc74b1888aae962e62ee06d025f83ff35b
Reviewed-on: https://gerrit.instructure.com/204268
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Oxana Jurosevic
RedisStore is no longer supported
somewhat surprisingly, the serialization formats are compatible, so we don't
need to do any namespacing
Change-Id: Iede3a023cada95313875f0ce419b649c364ee97c
Reviewed-on: https://gerrit.instructure.com/202663
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
When post policies is enabled, pass the current submission's
posted/hidden status in the "muted" field so that it accurately reflects
the state of the submission. When post policies is disabled, pass the
assignment's muted status as before. Also, update some queries in the
conditional release service to check the submission's posted status if
post policies is enabled.
fixes GRADE-2316
Test plan:
- Have Canvas and conditional release set up
- In Canvas, enable new gradebook for a course and flip on the post
policies setting:
> PostPolicy.enable_feature!
- Create two assignments
- In the gradebook, change the grade posting policy of one of the
assignments to "Manually"
- Leave the other as "Automatically"
- Assign grades to students in each assignment
- For the auto-posted assignment, grade change events should be
emitted with muted = false
- For the manual-posted assignment, grade change events should be
emitted with muted = true
- Post grades for the manual-posted assignment
- Grade change events should now be emitted with muted = false
- Confirm that mastery paths are generally doing the right thing
Change-Id: I7af38836ebd9b3361526a4c03565694ae0770f88
Reviewed-on: https://gerrit.instructure.com/202283
Tested-by: Jenkins
QA-Review: Michael Brewer-Davis <mbd@instructure.com>
Product-Review: Michael Brewer-Davis <mbd@instructure.com>
Reviewed-by: Derek Bender <djbender@instructure.com>
Reviewed-by: Jeremy Neander <jneander@instructure.com>
test plan:
* create an access token
* blacklist your user id in console
* try to access canvas with your access token
* it should not work
Change-Id: I9cf30798e844a648040a396258ca923cb4d77513
Reviewed-on: https://gerrit.instructure.com/199202
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Closes PLAT-4633
Test Plan:
Verify you can fetch and use access tokens from
https://canvas.instructure.com/login/oauth2/token
in LTI services
For local testing you may create a new account
domain and temporarily change the
UNIVERSAL_GRANT_HOST constant
This is just one approach we could take. In my testing this is the
only change required to use AGS and NRPS
Change-Id: I50fb6da85ed91bd19b8d8b2b8afe4b5d48a120dc
Reviewed-on: https://gerrit.instructure.com/200059
Tested-by: Jenkins
Reviewed-by: Clint Furse <cfurse@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Because we were calling rce_js_env before @context was set, and
rce_js_env calls js_env. We were not setting an
ENV.context_context_asset_string on the /dashboard/eportfolios page
Test plan:
* go to /dashboard/eportfolios
* in a browser console type: window.ENV.context_context_asset_string
* it should say “user_3” or something like that
Change-Id: Ica3e2d008d23a8d009e42f0e5dc114a38d66916a
Reviewed-on: https://gerrit.instructure.com/200929
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
QA-Review: Ryan Shaw <ryan@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
closes PLAT-4632
Test Plan:
- Create a new comment on a submission
- verify the body of the live event includes local ids opposed to
global ids
Change-Id: I82a595d0207e4a134d9960bdc93c62a3c81fb9b2
Reviewed-on: https://gerrit.instructure.com/200290
Tested-by: Jenkins
Product-Review: Oxana Jurosevic
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
refs PLAT-4494
Test Plan:
-make a request that goes through the client credentials flow
-validate that it works
Change-Id: Ic008485f1a286b9923e514abeda17f88b9d39a5c
Reviewed-on: https://gerrit.instructure.com/200219
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
QA-Review: Drake Harper <dharper@instructure.com>
Product-Review: Drake Harper <dharper@instructure.com>
Tested-by: Jenkins
closes PLAT-4549
Test Plan:
- Live events should only be sent in batches
Change-Id: I72f8e210ae74b32b09e16a8d4fb515e0c4f699fc
Reviewed-on: https://gerrit.instructure.com/197993
Tested-by: Jenkins
Reviewed-by: Clint Furse <cfurse@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Brent Burgoyne <bburgoyne@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes PLAT-3929
Test Plan:
- Create a new comment on a submission
- verify that the live event is created
Change-Id: I8ebdeda24f356ddf51d2f90cb9ad8ae2effc3e31
Reviewed-on: https://gerrit.instructure.com/199520
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-4457
Test Plan:
- Create a new entry/reply on a discussion
- a new event should be created: discussion_entry_submitted
- If discussion is graded, the submission and assignment
ids should be included in the LiveEvent payload
Change-Id: I5c6a6ea7c7df7fd1e6ff92d941c1b993b452bc0c
Reviewed-on: https://gerrit.instructure.com/199449
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
refs: GH-1466
Test Plan:
- Set up a developer key with scopes enabled.
- Using a tool like oauth2-client-shell request access at
https://<canvas-install-url>/login/oauth2/auth with at least a
single scope which is not enabled on the developer key.
- Observe the error message (it should contain the requested scope
which is missing, but none of the scopes which are requested, but
not enabled).
Change-Id: I66789f556f7105377459a34fddd43ffdb6e6f93e
Reviewed-on: https://gerrit.instructure.com/198402
Tested-by: Jenkins
Reviewed-by: Spencer Olson <solson@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Bryan Petty <bpetty@instructure.com>
Product-Review: Bryan Petty <bpetty@instructure.com>
Closes PLAT-4604
Test Plan:
- Install a 1.3 tool and retrieve an access token using
the client credentials grant type
- Validate the token may be used with LTI services after
5 minutes have passed
- Validate the token may not be used with LTI services
after an hour has passed
Change-Id: Icad60c80f9926bf5801fb124f334adc3d2301fe1
Reviewed-on: https://gerrit.instructure.com/199914
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Clint Furse <cfurse@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-3849
Test Plan:
- Trigger a live event by download a file from 1 of a few places including:
1. Your account > Files
2. Course > Files
- Verify an asset_accessed event is created and includes 2 new fields:
(filename & display_name)
Change-Id: I9c0ca7c21b373250ed69c025da59d6057a598c87
Reviewed-on: https://gerrit.instructure.com/197857
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Oxana Jurosevic
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
test plan:
* in an environment with multiple redis rings
separated by shard (e.g. production) enrolling a user
from one ring (e.g. a site admin user) in to a
course in an other ring should clear their cache
(can be checeked via a call to /api/v1/courses )
closes #CORE-3080
Change-Id: I5d948e942652679c7698415c2ebaf1a5ccedd4e0
Reviewed-on: https://gerrit.instructure.com/197677
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
test plan:
* permissions should behave exactly as before
* cached permissions should update correctly when changed
through the UI (or if accounts associations are changed)
refs #CORE-2851
Change-Id: I5c39547039b44f77e1f3bd3978783520b8191e3c
Reviewed-on: https://gerrit.instructure.com/193004
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
use the new cacheregister keys for a more reliable store
that should only be invalidated when an account_user
is created for the user
should improve performance of permission calls
refs #CORE-2851
Change-Id: Ia293c8e206a2fd83e7b6bc6e17d29d36c9cae87f
Reviewed-on: https://gerrit.instructure.com/192666
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
this test is to add coverage so that the thing that happened on
caturday doesn’t happen again
Test plan:
* automated specs should pass
Change-Id: I954090cd992c0dc5f8d04c20dc608c8b8c5d21c2
Reviewed-on: https://gerrit.instructure.com/194232
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
test plan:
* copying a course with "select content" should
work and copy the selected content properly
closes #ADMIN-2656
Change-Id: Ib03db34178138b2a4215991b45cd54599e783c56
Reviewed-on: https://gerrit.instructure.com/193220
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Was hardcoding the aud to be https, when we
are requiring http endpoints.
refs PLAT-4474
Test Plan:
- Use of the 1.3 tool to do services should work
Change-Id: Id8bd6ce92dcefecb6d046316704cf7db937fdebc
Reviewed-on: https://gerrit.instructure.com/193079
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
use the redis-based cache keys inside several calls that
rely only on a user's enrollments, group memberships, or
account_users
test plan:
* have redis configured as the cache store
* updating a user's enrollments, group memberhips,
or account admin associations should not result in
stale data being shown
refs #CORE-2851
Change-Id: I773a20eba40ff02a6aa37e35ffe345ba3554c4fd
Reviewed-on: https://gerrit.instructure.com/192271
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
adds methods to get and invalidate timestamps for use
in cache keys (similar to how updated_at is currently used)
but separated by purpose (and stored in redis to ease db use)
e.g. a cached function dependent only on a user's current
enrollments can use `user.cache_key(:enrollments)`,
that will then be cleared when the user's enrollments
actually change
once most of our cache keys are migrated to the new format
we can hopefully stop running 'touch_all' all over the place
ulimately should help improve cache read rates
refs #CORE-2851
Change-Id: I4cb40faa30b85d9c3865dadc5e58a5424e2d6928
Reviewed-on: https://gerrit.instructure.com/191834
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
test plan:
* before checking this commit out, copy some
content into a course
* after checking it out, make sure re-copying
the course overwrites the content from
the earlier copy (tl;dr migration identifiers
are being changed but not for old exported/copied courses)
* make sure course copies/imports/exports still work
closes #CORE-2718 #CORE-2720
Change-Id: I7515c7ec2943afaaf502432f1510d3e580f13ced
Reviewed-on: https://gerrit.instructure.com/188371
Tested-by: Jenkins
QA-Review: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
this should speed things up by reducing the amount of traffic over the
Wire for our JS/CSS/images from our cdn for most browsers/users
(everyone besides IE 11 supports brotli). Should especially help people
on mobile connections and in remote areas.
For example, our vendor webpack bundle went from 850KB to ~500KB
closes: CORE-2755
Test plan:
* with the dev CDN set up in canvs_cdn.yml
* run: RAILS_ENV=production bundle exec rake canvas:compile_assets
* then run: bundle exec rake canvas:cdn:upload_to_s3
* then run:
RAILS_ENV=production bin/rake brand_configs:generate_and_upload_all
* then run RAILS_ENV=production bundle exec rails s
now go to canvas in your browser
* from any browser that supports brotli compression, the assets you get
From the CDN should come from /br/dist/whatever
(instead of /dist/whatever)
* everything should work the same but you should notice smaller file
Sizes in the network panel for your js and css assets
Now go to canvas in a browser that doesn’t support brotli, like IE 11
* you should see that it gets its css and js files from
<cdn host>.com/dist/whatever (and not from /br/dist/whatever)
* you should notice that the assets you are looking at are gzipped
Just like before, and you can compare against those in chrome and see
That the gzip version of those files is bigger than the brotli version
Change-Id: I81d28fa31c307d745ecd9b84f1fd55c07fba88ca
Reviewed-on: https://gerrit.instructure.com/188866
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
fixes CORE-2538
test plan
- configure statsd to use data dog
- it should work
Change-Id: Ie8428e4e99973b35506bd7a8e4d1a18f5a7875a1
Reviewed-on: https://gerrit.instructure.com/182083
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Closes: ADMIN-2496
Test plan:
- create a course with at least one page
- create a new course and open course settings
- select import course button
- select the copy a canvas course content type
- select the course with the existing page
- in the content selection, click the select
specific content b utton
- click the import button
- in the current jobs section, click the select
content button
- in the content list, view 'wiki pages' changed
to 'pages'
- specs pass
Change-Id: I4e1410629104a0eb5a95386c2bd5921a26cd6512
Reviewed-on: https://gerrit.instructure.com/185115
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Erin Hallmark <erin@instructure.com>
Closes PLAT-3916
Test Plan:
- Create an assignment group
- Verify the workflow state is sent in the assignmnet
group created event
- Modify the assignment group
- Verify the workflow state is sent in the assignment
group updated event
Change-Id: Iefcf885bfd6b7ce20895fd855fee2cf934e667d6
Reviewed-on: https://gerrit.instructure.com/182463
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
refs QUIZ-5864
test plan:
- do a course copy
- find an assignment, set workflow_state to 'failed_to_duplicate'
in rails console
- expect Retry button is available in UI
- click Retry button and wait, the failed assignment can be duplicated
again
- regression on assignment copy, course copy
Change-Id: I1594a68cf15c4994cd916b25e100ed277cc6cdc1
Reviewed-on: https://gerrit.instructure.com/180012
Tested-by: Jenkins
Product-Review: Hannah Bottalla <hannah@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Reviewed-by: Stephen Kacsmark <skacsmark@instructure.com>
closes PLAT-3843
test plan:
* enable live events locally (see doc/live-events.md)
* tail the stream (see same doc)
* create a new discussion topic
* look at the stream and see if the new
fields have been added to the event
Change-Id: I0bc9aef8ae82faac37df7a6f1feffd38e4961664
Reviewed-on: https://gerrit.instructure.com/178920
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Xander Moffatt <xmoffatt@instructure.com>
Closes PLAT-4157
Test Plan:
Attempt to retrieve an access token using a client credentials
grant. The iat of the claimshould be 10 seconds in the future.
Verify you are still able to retrieve an access token.
Verify you cannot retrieve an access token if the iat is more than
30 seconds in the future.
Change-Id: I884f569c3ab4bcafaaa459c70fe3d0c2326153cd
Reviewed-on: https://gerrit.instructure.com/178477
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Tested-by: Jenkins
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Closes PLAT-4143
Test Plan:
- Attempt to retrieve an access token using the client
credentials grant type. Make the exp or iat claims
non-numeric
- Verify Canvas responds with a 400 and error message
- Verify the aud must be https
Change-Id: Iefc9b286d9198f0afd759c9a05b1dd8b22647aa4
Reviewed-on: https://gerrit.instructure.com/177837
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Erroneously checking the jti as if it was a nonce.
This allows the tokens to be used more often than
once.
closes PLAT-4084
Test Plan:
Generate a ccg token and attempt to make a call
a few times. Note that it works. Make sure that
you have redis enabled locally.
Change-Id: I4eeed1019ac9ca04956713ed84a2a922b4ffdde0
Reviewed-on: https://gerrit.instructure.com/176586
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: Nathan Mills <nathanm@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Phillips <mphillips@instructure.com>
closes CORE-1847
test plan:
* have your user inheriting the default locale
* go to /api/v1/users/self, /api/v1/users/self/profile. they should
both have a non-null value for effective_locale, even though
locale is null
* to through the OAuth flow. notice that a value is provided
for effective_locale in the user portion of the /token response
Change-Id: Ia8b5b555168db395fe15075d70b296c264a59d6d
Reviewed-on: https://gerrit.instructure.com/171446
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
This does not remove the old dead code, just all the places
that checked to see if it was enabled.
closes PLAT-3752
Test Plan:
- Regression test on the developer keys page
- Also need to check that creating an oauth 2 token is
not broken (using client credentials)
Change-Id: I89983922a894ff7f20e86c034728d55284c8c668
Reviewed-on: https://gerrit.instructure.com/168271
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes CORE-1891
test plan:
- put null encryption and/or signing secretys in consul (or
dynamic_settings.yml)
- go to a page with an rce
- should not 500
- sidebar requests should 401
Change-Id: I8fd169c74df06fc5d5e04684a95e41023ea23c61
Reviewed-on: https://gerrit.instructure.com/164501
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
Oauth2.0 client_credentials grant_type is added as a means
to support LTI Advantage services. Will accept only the
client_assertion_type of jwt-bearer and returns a JWS as
the access token. LTI services using the jws will be able to
authenticate, but other api endpoints will fail when using
this jwt.
closes PLAT-3659
Test Plan:
- Create an oauth 2.0 request using a jwt signed by a
developer key
- Request should be validated and returns a jwt with
the correct scopes
Change-Id: I786b71e39f8d3c2c9c71aa3eff4ea490f6d56285
Reviewed-on: https://gerrit.instructure.com/161245
Tested-by: Jenkins
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
instead of Setting. it's extremely rarely changed, and it's early enough in
the boot process (and part of redis itself) that it can't be cached
Change-Id: Ibdcb3ea025a6b06d204db2a4340d911d9e3f0919
Reviewed-on: https://gerrit.instructure.com/162495
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes CAT-2293
test plan:
- add `:docker-compose/kinesis.override.yml` to your .env file
- do docker-compose up
- in another terminal window, type `AWS_ACCESS_KEY_ID=key
AWS_SECRET_ACCESS_KEY=secret aws --endpoint-url
http://kinesis.canvaslms.docker/ kinesis create-stream
--stream-name=live-events --shard-count=1 --region=us-east-1`
- go to canvas.docker/plugins
- find the Live Events plugin
- select All Accounts and click Create Config
- deselect the Disable this Plugin checkbox
- enter the following information and save:
Kinesis Stream Name live-events
AWS Region us-east-1
AWS Endpoint http://kinesis:4567
AWS Access Key ID key
AWS Secret Access Key secret
- close and reopen docker-compose up
- create a course with a single student enrolled
- create an assignment with web text entry worth 10 points in a module
- create a requirement for the module to earn 10/10 on the assignment
- masquerade as the student
- submit the assignment
- stop masquerading
- type `docker-compose run --rm web script/tail_kinesis
http://kinesis:4567 live-events` in another terminal window
- grade the assignment as a 10/10 for the student
- ensure an event appears with its event_name as "course_completed"
Change-Id: Iffd5d6148fadcb66da3f8eca3a4caa9355485a90
Reviewed-on: https://gerrit.instructure.com/161106
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Dariusz Dzien <ddzien@instructure.com>
Product-Review: Neil Gupta <ngupta@instructure.com>
Closes PLAT-3508 & PLAT-3509
Test Plan:
- Verify the key rotate correctly (set current to past, future
to current, and the new key to future) in both cases: when there
is no existing key AND when there is key already in Consul
- Verify the script will be running every month
- Verify the keys got rotated using Imperium gem version '0.4.0'
Change-Id: I630f230b3cd1c515ebb266b532901b4260622173
Reviewed-on: https://gerrit.instructure.com/154529
Reviewed-by: Stewie aka Nicholas Stewart <nstewart@instructure.com>
QA-Review: Nathan Mills <nathanm@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Tested-by: Jenkins
test plan:
- in user files (not course files),
- upload a zip file and select "Expand it"
- it should complete without having to reload the page
fixes ADMIN-1180
Change-Id: I9fbb52a1fa50f55ac294bc6df3057b7e4084fda6
Reviewed-on: https://gerrit.instructure.com/154982
Reviewed-by: Han Yan <hyan@instructure.com>
Reviewed-by: Steve Kacsmark <skacsmark@instructure.com>
Reviewed-by: Robert Lamb <rlamb@instructure.com>
Product-Review: Robert Lamb <rlamb@instructure.com>
QA-Review: Robert Lamb <rlamb@instructure.com>
Tested-by: Jenkins
refs QUIZ-4415
test plan:
- cr
- Quiz.Next CC import is not ready for test with only this patch
- regression on `Import Content`, to make sure:
1) `Qti .zip file` import works
2) `Common Catridge 1.x Package` import works
Change-Id: Iba2818a2b864020b6c59ef55e02f122b996e4c40
Reviewed-on: https://gerrit.instructure.com/149978
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Han Yan <hyan@instructure.com>
closes RECNVS-417
We want to give InstFS accurate information about who is actually
accessing files in canvas, even if they're masquerading as someone else.
This commit adds that additional information without breaking the normal
oauth flow for other apps that use oauth.
test plan:
* Check out g/148868 in your instfs repo
* Have canvas configured with inst-fs
* Log in to canvas as an admin
* While masqueraded as another user
- delete your inst-fs session cookie
(Go to api.instfs.docker and clear your cookies for that site)
- visit a canvas page displaying inst-fs files; this will
regenerate your inst-fs session
* base64 decode the new inst-fs session cookie; verify that it holds
the admin's user id and not the masqueraded-as user's id
Change-Id: I0790be317bf41290bcbeec672145dc64625573a0
Reviewed-on: https://gerrit.instructure.com/148142
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Collin Parrish <cparrish@instructure.com>
Product-Review: Andrew Huff <ahuff@instructure.com>
Reviewed-by: Andrew Huff <ahuff@instructure.com>
The course id is needed to be able to access
that resource through the API.
Also only send the module updated live event
when the order changes. Previously they were
getting sent for all modules in the course,
even if the position hadn't changed.
Test plan:
- Create and make a change to context modules
and validate that the live event has the course_id
- Create and make a change to module items
and validate that the live event has the course_id
and module_id
- Reorder modules in a course and validate that the
only live events sent are for modules whose position
changed.
refs SKUNK-17
Change-Id: I8443eae28b6d8cddfc8560a22a79b99504e6664c
Reviewed-on: https://gerrit.instructure.com/148580
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Product-Review: Nate Collings <ncollings@instructure.com>
QA-Review: Nate Collings <ncollings@instructure.com>
refs PLAT-3024
test plan:
* request the scopes from api/v1/accounts/:account_id/scopes
- you should get back a json object that matches the documentation
* request the scopes from api/v1/accounts/:account_id/scopes passing
the query param "group_by=resources"
- you should get back a json object with the scopes grouped by
resource
Change-Id: I4562121a44e3baccc7de8e56e19629377f1931df
Reviewed-on: https://gerrit.instructure.com/148623
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
Test plan:
- Merge and warmfix onto beta
- Configure our EventManager Kinesis stream
to listen to the Module and ModuleItem
live events
- Create a Module and a ModuleItem and
validate that the events were sent
- Update a Module and a ModuleItem and
validate that the events were sent
refs SKUNK-17, SKUNK-18
Change-Id: Ia047024b0f5d38e5c14a19194f75b131f9fc68cc
Reviewed-on: https://gerrit.instructure.com/146858
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Reviewed-by: Brent Burgoyne <bburgoyne@instructure.com>
Tested-by: Jenkins
Product-Review: Nate Collings <ncollings@instructure.com>
QA-Review: Nate Collings <ncollings@instructure.com>
refs QUIZ-4175
Test Plan:
- qa-cr for now. A subsequent commit will include a comprehensive
test plan once the Quiz LTI contract test is published.
Change-Id: I2ffe962d8a626994614f3cc904d131e41e3a00b1
Reviewed-on: https://gerrit.instructure.com/145857
Tested-by: Jenkins
Reviewed-by: Mark Grant <mgrant@instructure.com>
Product-Review: Michael Hargiss <mhargiss@instructure.com>
QA-Review: Michael Hargiss <mhargiss@instructure.com>
fixes PLAT-3033
test plan:
* The specs should pass and be less brittle
Change-Id: Iefbe9f82259cb1aa2768ba150038d3974688ce3c
Reviewed-on: https://gerrit.instructure.com/144862
Tested-by: Jenkins
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Nathan Mills <nathanm@instructure.com>
fixes ADMIN-753
Test plan
- Set up a course with Mastery Paths and BluePrint
- Set up a child course for the BluePrint sync
- Set up a graded quiz and discussion with an item
unlocked with Mastery Paths
- Also set up any kind of item with a wiki page
unlocked by Mastery Paths
- Run the master course sync
- Verify the child course has the correct Mastery
Path links
- Remove the links from the parent course
- Ensure they are removed
Change-Id: Iad8672f295b041756821fe9f4e02b33f752c0ccb
Reviewed-on: https://gerrit.instructure.com/143566
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
QA-Review: Leo Abner <rabner@instructure.com>
Product-Review: Mysti Sadler <mysti@instructure.com>
Closes: QUIZ-4112
Test-Plan:
- We could set up local live events and run a course copy
and assert that there is a live event being pushed to the kinesis
queue
- Then assert that the kinesis queue has the event looking correct
Change-Id: Ic98d026b2c087c2be4e0b2aefae85a374a827d2a
Reviewed-on: https://gerrit.instructure.com/143322
Tested-by: Jenkins
Reviewed-by: Hannah Bottalla <hannah@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Jayce Higgins <jhiggins@instructure.com>
refs gh-1229
also make clear how the collator is configured, vs. the defaults
also also document each of our three uses of ICU to point to each
other if you change anything in the future
Change-Id: Ib911302a96a9d9a667923793ebb2be095b62d8ab
Reviewed-on: https://gerrit.instructure.com/142772
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
refs #COMMS-867
Change-Id: Ib28258633a539bf44c8d2575877ac182dfe24598
Reviewed-on: https://gerrit.instructure.com/141493
Tested-by: Jenkins
Reviewed-by: Steven Burnett <sburnett@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
This commit updates Assignment#duplicate to store a reference to the
original assignment on the duplicated assignment. Both the original
assignment and the new assignment's lti_resource_link_id are included
in the `assignment_created` live event emitted when the new assignment
is saved.
This allows LTI tools listening for Canvas live events to identify when
an assignment has been duplicated, and duplicate their own data
accordingly.
Closes QUIZ-3749
Test plan:
- Set up live events and tail the kinesis stream as per the instructions
in doc/live_events.md
- Create an LTI assignment
- An `assignment_created` live event containing this assignment's
lti_resource_link_id should appear in the kinesis log. Make a note of
this lti_resource_link_id
- Duplicate this assignment by clicking the "kebab" menu and clicking
"Duplicate"
- Check that another `assignment_created` live event appears in the
kinesis log, containing both the original assignment's
lti_resource_link_id and the new assignment's lti_resource_link_id
Change-Id: I64bdb9a2132e58c4e7be0ab7687c2c819a3587fd
Reviewed-on: https://gerrit.instructure.com/140877
Tested-by: Jenkins
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Reviewed-by: Jeff Belser <jbelser@instructure.com>
Product-Review: Michael Hargiss <mhargiss@instructure.com>
fixes CORE-1008
test plan:
* configure redis.yml to point to cache_store
* log in via CAS
* it shouldn't go into a redirect loop
Change-Id: I8dd278d3d1ba75f0a4c9336bc5b9603f09f4ca53
Reviewed-on: https://gerrit.instructure.com/140913
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fetch the entire tree at once, stuff it all in the cache, and
then only read from the cache (don't read for real, since we want
negative cache effects as well)
Change-Id: I18bfca57dcbeb0c1bbfdc90d210ac8de9290d434
Reviewed-on: https://gerrit.instructure.com/138754
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Change-Id: Ifa6ffd36ef44ad25195321b82f090ac0ec33988b
Reviewed-on: https://gerrit.instructure.com/136459
Tested-by: Jenkins
Reviewed-by: Steven Burnett <sburnett@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
it is no longer necessary to use this directly;
use methods on @package_root instead
test plan: ensure each of the following types of migration succeed:
- course copy
- Canvas cartridge
- QTI import
- Blackboard
- Angel
- D2L
- Moodle
closes ADMIN-528
Change-Id: I3b1ce55e94d4cd98f262b653844fdc8ec64d299a
Reviewed-on: https://gerrit.instructure.com/132934
Reviewed-by: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Closes PLAT-2874
Test Plan:
- Create a group assignment associated with a
plagiarism detection tool.
- As a student submit to the assignment and verify
the resulting live event contains the group id.
- Resubmit to the assignment and verify the resulting
live event contains the group id.
- Create an originality report for the submission.
- From speed grader trigger the resubmit to plagiarism
tool provider button to emit a live event.
- Verify the resulting live event contains the submission's
group id.
Change-Id: I3ae14946c2b08e4f0ae6bb5175621609bf31524c
Reviewed-on: https://gerrit.instructure.com/128835
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Note: Since this is a live events change this must
be merged into and QAd on beta
Change-Id: Iac407dafcca989b0c17298ffffef260d9e47a46c
refs: PFS-8567
Reviewed-on: https://gerrit.instructure.com/126477
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Jay Shaffer <jshaffer@instructure.com>
Product-Review: Jay Shaffer <jshaffer@instructure.com>
Tested-by: Jenkins
fixes CNVS-39263
otherwise they may never get dinged for the cost of the current request
test plan:
* have redis configured
* watch the response headers on several requests
* the X-Rate-Limit-Remaining should never be exactly equal to the
high water mark (defaults to 600); it should be slightly below
Change-Id: I89e85f873b405e0bd93a6e89730dd504ca934104
Reviewed-on: https://gerrit.instructure.com/125866
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Fixes: CNVS-39293
Since we eliminated the pre-population functionality from our Consul
wrapper we needed something to conveniently populate the KV store.
Test Plan:
- Start a Consul server
- Run `bin/rake canvas:seed_consul`
- Verify that values were written to the KV store.
Change-Id: I340011b7d00ed4e3dd2918e3f101f6377fc72d7e
Reviewed-on: https://gerrit.instructure.com/126574
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Closes PLAT-2824
Test Plan:
- Create a submission with an attachment as a student in an
assignmetn associated with a plagiarism detection tool.
- Verify that the live event emitted contains an `lti_user_id`
that matches the `lti_context_id` of the student.
- As a teacher click the `resubmit to plagiarism tool` button in
speedgrader. Verify that the live event emitted contains the
`lti_user_id` filed set to the student's `lti_context_id`.
Change-Id: I26d1da652f22ef7fd1cde361688704598db29fa7
Reviewed-on: https://gerrit.instructure.com/125503
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
note that this doesn't stop the service sections from also appearing as
keys in the canvas service, but I don't expect we'll have to worry about
collisions
test-plan:
- disable consul
- have a config/dynamic_settings.yml with
- a service section (e.g. an address-book key whose value is a hash
with at least an app-host key)
- a non-service prefix section (e.g. a canvas key whose value is a
hash with at least an encryption-secret key)
- in a rails console, both the service data and the non-service data can
be found. e.g.:
- Canvas::DynamicSettings.find(service: "address-book")["app-host"] works
- Canvas::DynamicSettings.find("canvas")["encryption-secret"] still works
Change-Id: I46ab240b6d5f82b524128510e46f8b5976e05349
Reviewed-on: https://gerrit.instructure.com/125966
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Tested-by: Jenkins
QA-Review: Tyler Pickett <tpickett@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
fixes CNVS-39262
test plan
- disable throttling
- it should still return X-Rate-Limit-Remaining
Change-Id: Id6e0110d641d214797ac5657beccc91920207a58
Reviewed-on: https://gerrit.instructure.com/125863
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
just pretend it's empty. the caller should be responsible for dealing
with missing consul data as appropriate
Change-Id: I2c37d33481b55776b14c6c17e109005a75dd600b
Reviewed-on: https://gerrit.instructure.com/125567
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-35834
* allow specifying tree, service, and cluster for consul stuff
* check multiple consul keys for each setting (cluster, env, region, global)
test plan:
* an existing consul environment still works
Change-Id: I48e8fadeac2e140973bfc4b41c1cfb386532d15c
Reviewed-on: https://gerrit.instructure.com/125271
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Change-Id: I60ec3b519219fcb5256a132c05f63538600df73f
Reviewed-on: https://gerrit.instructure.com/121760
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Now:
irb(main):001:0> Canvas::Security.config
=> {"encryption_key"=>"<%= ENV[\"ENCRYPTION_KEY\"] %>"}
With this fix:
irb(main):001:0> Canvas::Security.config
=> {"encryption_key"=>"facdd3a131ddd8988b14f6e4e01039c93cfa0160"}
Test plan:
- Apply this patch over a fresh clone of the canvas-lms repo
- Run `docker-compose run --rm web bundle exec rails console`
- Run `Canvas::Security.config['encryption_key']`
- Check that the result is `facdd3a131ddd8988b14f6e4e01039c93cfa0160`
Change-Id: Ieba33697900cb4c539aa204d0c0dd14ad8baa896
Reviewed-on: https://gerrit.instructure.com/121036
Tested-by: Jenkins
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
when we're aggregating error data and don't have a request url, we need
a way to map back to the shard where the job ran.
closes CNVS-38370
test plan:
- queue a bogus job (like `Assignment.send_later(:blah)`)
- look at the last generated error report
- it should capture the shard_id in the data field
Change-Id: Icd03ac52e0158d98081d431c45f516a7f088ff79
Reviewed-on: https://gerrit.instructure.com/120436
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
fixes PLAT-2634
Test plan:
* Using a course with two lti 2 tools installed
* Export the course
* Then selectively import the course into a new course that doesn't
have the LTI 2 tools installed
* Ensure that the 2 lti tools are listed in the dialog
* Ensure that only the tool profiles that are checked leave warnings
during the import
* Do a selective course copy from the course that has the two lti 2
tools installed.
* Ensure all the same stuff as above
* Do selective course export via the api
* Go through the export process using the following endpoint and
options
/api/v1/courses/:course_id/content_exports?export_type=common_cartridge&select[all_tool_profiles]=1
* Ensure that all the tool profiles in the course are exported
* Go through the export process using the following endpoint and
options
/api/v1/courses/:course_id/content_exports?export_type=common_cartridge&select[tool_profiles][]=<id for a tool profile in the course>
* Ensure that only the selected tool profile is exported
Change-Id: Ib4cfbad35476369aafd8bf66214ef3efb51850e0
Reviewed-on: https://gerrit.instructure.com/116286
Reviewed-by: James Williams <jamesw@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Fixes: CNVS-35833
There is a lot more than just moving to Consul going on here. The whole
PrefixProxy business wouldn't be required for this change, but it will
be really useful as we move to adding cluster awareness.
Test Plan:
- Have MathMan running
- Update config/consul.yml to enable use_for_svg and
use_for_mml under the math-man init values key
- Start Canvas
- Build an equation with the rich content editor
- The equation should be rendered as usual.
Change-Id: I650527ebaecb6224c6ee6ba26346d27dee33b9d7
Reviewed-on: https://gerrit.instructure.com/111543
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Reviewed-by: Brent Burgoyne <bburgoyne@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
fixes DS-1714
Currently, the logged_in event does not send user information.
This change explicitly passes in the user and pseudonym when
sending the logged_in event, which merges them into the context.
This change also adds the pseudonym's account id and sis id.
Test Plan:
- Login to Canvas
- View live event data, ensure that user_id and user_login
exist in the payload.
- Ensure user account id and sis id are in the attributes.
Change-Id: If720a2b8094de558f79cbae42a7c5156ad86c556
Reviewed-on: https://gerrit.instructure.com/110289
Tested-by: Jenkins
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Spencer Uresk <suresk@instructure.com>
Stringify ID's all the time, everywhere
Test-Plan:
- Should have stringified ID's in the live event when it posts
- Only quiz_export_complete and grade_changed use the amended context
Change-Id: I4797426d42fe89603410eff332c29c83b04e7ff8
Reviewed-on: https://gerrit.instructure.com/111748
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Product-Review: Jayce Higgins <jhiggins@instructure.com>
refs CNVS-35271
test plan:
- test with one user that has rights to create pages, and one who
does not
- make sure rcs flags are enabled
- go to a discussion (easier for students)
- get ENV.JWT from the browser console
- in the rails console run
jwt = Canvas::Security::ServicesJwt.new("<jwt here>", false)
jwt.original_token
- make sure the `can_create_pages` if correct for the user
Change-Id: Ie89660af46d18bd5edfcfdebdb2f5199403dfa39
Reviewed-on: https://gerrit.instructure.com/112478
Tested-by: Jenkins
Reviewed-by: brian kirkby <bkirkby@instructure.com>
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
QA-Review: Brent Burgoyne <bburgoyne@instructure.com>
fixes CNVS-33651
Test plan:
* Create a course
* Enroll 3 students
* Create 2 assignments with different due dates
* In rails console:
* Submission.pluck(:assignment_id, :cached_due_date) should return
an array of 6 tuples of (assignment id, its due date)
* Create an override for one student on one assignment
* In rails console:
* Submission.where(
assignment_id: <assignment picked above>,
user_id: <user picked above>
).cached_due_date should equal the override date
* Smoke test grading and viewing students in different places to make
sure the new dummy submissions aren't breaking anything
Change-Id: Idc2721fd3f05214555db780b452ddf53e67ff404
Reviewed-on: https://gerrit.instructure.com/109027
Tested-by: Jenkins
Reviewed-by: Keith T. Garner <kgarner@instructure.com>
QA-Review: Anju Reddy <areddy@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
Since some environments share a consul datacenter we need to be able to
differentiate configurations.
Fixes: CNVS-34341
Test Plan:
- Nothing uses this yet but we need to make sure we haven't broken JWT
secrets, the RCE, and Address Book.
Change-Id: I496a8f7d2cafd02c3177a28b348679e552965c0d
Reviewed-on: https://gerrit.instructure.com/99650
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
this allows customizing the throttle settings value by updating a JSON
hash in the Setting table: `request_throttle.custom_settings` (see
formatting below)
The Setting value is a hash of client identifiers -> custom settings.
A custom setting is a hash with some subset of the following keys: hwm,
maximum, outflow, up_front_cost. the values of those keys are floats.
For example:
Setting.set(
'request_throttle.custom_settings',
{ 'user:10000000000001' => { 'hwm' => 1000.0 } }.to_json
)
these values will be used instead of the default values for requests
from that specific client_identifier
fixes CNVS-35965
test plan:
- set up a script that hammers the API and gets throttled
- create two users with two tokens
- set maximum and hwm to really high values for one (by user id), and
verify that it is no longer throttled
- repeat, but use the access token as the id
Change-Id: I8a5e393721c7cbd4c754989ba219f92f0e280ee1
Reviewed-on: https://gerrit.instructure.com/105302
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Setting.set('redis_log_style', 'json') - verbose logging as JSON
Setting.set('redis_log_style', 'compact') - similar to rails SQL logs
Setting.set('redis_log_style', 'off') - no redis logging
'compact' is the default
closes CNVS-36152
test plan: set the setting to all three levels, and verify the logs look
right
Change-Id: I8f56cbb61250243f0f1976809cf28e11fd4921eb
Reviewed-on: https://gerrit.instructure.com/107706
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
Also, make Consul container accessible from the host.
Fixes: CNVS-35831
Refs: CNVS-34341, CNVS-32864
Test Plan:
- Smoke test RCS and Canvas running together to make sure they still
play nice.
Change-Id: I418d54a176677b1df8ec42a009752807908a847c
Reviewed-on: https://gerrit.instructure.com/99443
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Tyler Pickett <tpickett@instructure.com>
No test plan or ticket
Change-Id: I0768709c22f5c8c63d48add246b1a1de37a30d74
Reviewed-on: https://gerrit.instructure.com/107736
Tested-by: Jenkins
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
Fixes: QUIZ-1478
Move the context_type/id to the attributes
Tack on amended_context to the payload
Test-Plan:
o With live events set up for local testing
- Assert that the quiz_export_complete event looks right
- It should contain uuid/root_account_id/and everything else
in the attributes
- It should not contain context_type/id in the body
Change-Id: I15387ce81f6d0ed8a7c72831d08b34c1bc40221e
Reviewed-on: https://gerrit.instructure.com/106811
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: Dariusz Dzien <ddzien@instructure.com>
Product-Review: Jayce Higgins <jhiggins@instructure.com>
Closes PLAT-2438
Test Plan:
For each of the following live event types, verify that a field
named 'lti_assignment_id' is included and set to the 'lti_context_id'
of the assignment associated with the event:
* submission_created
* submission_updated
* plagiarsim_resubmit
* assignment_created
* assignment_updated
Change-Id: I7fa46e414da3a2fab8e4a5ac2c7d213a0dd3ec3c
Reviewed-on: https://gerrit.instructure.com/107104
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
refs CNVS-32764
for address book
- add group_updated and group_membership_updated events
- add associated_user_id to enrollment_created and enrollment_updated
events for observer enrollments
- add workflow_state to group_memberhsip_created events
- add context_type, context_id, account_id, and workflow_state to
group_created events
test-plan:
- configure local canvas to write live events to a local kinesis stream
[group fields, group_updated events]
- create a course group; the group_created event in the stream should
have a context_type of 'Course', a context_id of the group's course,
an account_id of the group's account, and a workflow_state of created
- create an account group; the group_created event in the stream should
have a context_type of 'Account', a context_id of the group's account,
an account_id of the same, and a workflow_state of 'created'
- delete a group; a group_updated event should be emitted in the stream,
with all the same fields and a workflow_state of 'deleted'
[group_membership fields, group_membership_updated events]
- add a user to a group; the group_membership_created event in the
stream should have a workflow_state of 'accepted'
- remove the user from the same group; a group_membership_updated event
should be emitted in the stream, with all the same fields and a
workflow_state of 'deleted'
[enrollment associated_user_id field]
- create a non-observer enrollment (e.g. teacher); the
enrollment_created event should not include an associated_user_id
- create an observer enrollment without an assigned observee; the
enrollment_created event should include a null associated_user_id
- attach the observer enrollment to an observee; the enrollment_updated
event should include the updated associated_user_id
Change-Id: I15066b7c6cc85f914be433530d542c6f13643e6a
Reviewed-on: https://gerrit.instructure.com/106335
Tested-by: Jenkins
Reviewed-by: Jonathan Featherstone <jfeatherstone@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
Closes PLAT-2404, PLAT-1910
Test Plan:
- Create an assignment associated with a similarity
detection tool.
- Verify that a subscription with the
'submission_created' and 'plagiarism_resubmit'
event types is created in Dynamo.
- Create an assignment of type online upload
- As a student submit a document for the assignment
submission.
- Create an originality report for the submission with
the workflow state set to 'error'
- Navigate to the submission in speed grader and
click the resubmit to TII button.
- Verify canvas emits a 'plagiarism_resubmit'
event
- Verify you can create/manage subscriptions of this new
type via the subscriptions api (See https://docs.google.com/
document/d/12x6Peif-I-0zvl2uMv2JVbQdZumGGqMtspWKYTqlL9o/edit)
Change-Id: Ia9eff1c61bf0b5662e0b6bc1d088026afd03e8af
Reviewed-on: https://gerrit.instructure.com/106187
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
now that services jwts have a concept of workflows and extra data
encoded in the token based on workflow requirements, the existing jwts
endpoint is insufficient for refreshing expired jwts. to some extent
it was already broken since it lost the context when refreshed with
that endpoint
a new refresh endpoint has been addded that takes an exisintg jwt as
a param. this makes it possible to get a new token with the same
workflows, state, and context as an existing expired token as long as
the token matches your user and is requested with a valid session or
oauth token.
tokens may only be used for refresh up to six hours past expiration.
refs CNVS-35199
test plan:
- go to "Pages" in a couse with RCS enabled
- open the console, and get the jwt from ENV.JWT
- wait at least an hour
- make a POST to [same-domain]/api/v1/jwts/refresh with the token as
the `jwt` param
- it should return a json response with a token property
- copy the token
- open up your rails console
- run Canvas::Security.ServicesJwt.new("[copied token]").original_token
- should return hash with the following proerties
- should have :sub with your users global id
- should have :domain that matches your canvas domain
- should have :context_type of Course
- should have :context_id of the course you generated the original
token from
- should have :workflows with rich_content and ui
- repeat process masquerading as another user
- when making a the post to the refresh endpoint use your user and
set a param `as_user_id` to the id of the user you are
masquerading as
- the hash in the console should have
- :sub with the global id of the user you are masquerading as
- :masq_sub with your user id
Change-Id: I399569ed8f2d3d0646728f72910456b77b3ed46a
Reviewed-on: https://gerrit.instructure.com/102909
Reviewed-by: Tucker McKnight <tmcknight@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
most of these are simple fixes, but there are a few where the spec has
actually been broken due to underlying API changes, that were masked
due to the generic raise_error matcher
fixes CNVS-35542
Change-Id: I982e7ab9af59101b79fdf6b2e0816b374a6a6d5b
Reviewed-on: https://gerrit.instructure.com/104750
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
refs CNVS-34863
the services jwt thing is just autoloading confusion. by not nesting
the modules, it forces Canvas::Security to load even if you load
Canvas::Security::ServicesJwt first (via an explicit require_dependency
that the spec uses)
Change-Id: Ie08e34ab41502cf8e5c76126d7c6853af9c5947a
Reviewed-on: https://gerrit.instructure.com/103797
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
error_report.email gets generated and cached on creation, so if user
isn't set, it gets cached to a bad value.
fixes CNVS-34410
test plan:
- set up the external ticketing adapter
- report an error
- your email address should come through
Change-Id: Iadf721628475e33379668c54e705fe519cbb8e5b
Reviewed-on: https://gerrit.instructure.com/100253
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
* BigDecimal now validates its input, so where we don't care about invalid
input, catch the error and return 0.0 like it did before
* iso8601 in UTC serializes differently, so fix a spec that doesn't care
about the serialization to be tolerant of that
* fix some rspec-mock weirdness for both ruby 2.3 and ruby 2.4
Change-Id: Icea56eae5949e795a0c1c29dc1f4833dd885f7f5
Reviewed-on: https://gerrit.instructure.com/101039
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-33864
test plan: specs pass
Change-Id: Ida6d8adfde3e4c59f40dd876d2f184dc7ae97256
Reviewed-on: https://gerrit.instructure.com/97641
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
refs CNVS-33864
test plan: specs should pass
Change-Id: I03ed7f231300a080663ed222ad12f3b97d39b75f
Reviewed-on: https://gerrit.instructure.com/97639
Tested-by: Jenkins
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
This movies from using multiple redis calls in ruby to redis server
side lua scripts for the rolling counter and the math contained in
FailurePercentCounter. This provides atomic operation over all the set
of redis calls and should provides efficiency over multiple separate
call for the data.
closes CNVS-34236
ref CNVS-34031
test plan:
- Ensure canvas is configured to use redis
- In the rails console do the following:
Setting.set('service_qatesting_timeout', 1)
Setting.set('service_qatesting_timeout_protection_method',
'percentage')
Setting.set('service_qatesting_min_samples', 10)
- The following must be completed in the rails console in under a
minute:
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { sleep 2 }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { sleep 2 }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.redis.ttl("service:timeouts:qatesting:percent_counter:protection_activated")
- Note that after each 'sleep' above that an error report of type
'service_timeout' was generated
- Note that after 10 samples, we went into timeout protection by
the log message of "Skipping service call due to error count: qatesting 0.2"
- Note that the Canvas.redis call returns a number between 0 and 60
Change-Id: Ic04eaab4edb49518e47538feda06dd32a32b49ec
Reviewed-on: https://gerrit.instructure.com/99764
Tested-by: Jenkins
Reviewed-by: Shahbaz Javeed <sjaveed@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: KC Naegle <knaegle@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
- add muted and grading_complete fields to live events
refs: OUT-577
Test alongside g/97097
Test plan:
- Partially graded items
1. Create a quiz with some automated and some manually graded
content. Apply mastery paths rules to trigger other assignments.
2. As student, take the quiz, such that your score on the
automatically graded content would trigger a mastery path rule
3. Verify that no content is released
4. As teacher, grade the remaining questions of the quiz such that
master paths content should be released.
5. Verify that the appropriate content is released to the student.
- Muted items
1. Create an assignment with mastery paths rules
2. As student, submit the assignment
3. As teacher, mute the assignment
4. Grade the submissions such that master paths content should be
released
5. As student, verify that no content has been released
6. As teacher, unmute the assignment
7. As student, verify that the appopriate content has been released.
Change-Id: I312aba018ca262a907c6a23a938af739842e28ae
Reviewed-on: https://gerrit.instructure.com/97098
Reviewed-by: Matt Berns <mberns@instructure.com>
Reviewed-by: Augusto Callejas <acallejas@instructure.com>
QA-Review: Cemal Aktas <caktas@instructure.com>
Tested-by: Jenkins
Product-Review: Michael Brewer-Davis <mbd@instructure.com>
refs #CNVS-32574
Change-Id: I272579bba8c1993fc5af872abe685f21318833a2
Reviewed-on: https://gerrit.instructure.com/94567
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
refs #CNVS-32574
Change-Id: Ic3cd179a7cfb22e3b25a72500313f1baa8f96bb9
Reviewed-on: https://gerrit.instructure.com/94680
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
refs #CNVS-32574
Change-Id: Ifd139bf1e8296370d1d793ceed7c8e2e50440059
Reviewed-on: https://gerrit.instructure.com/94684
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Using rolling counters in redis, build up data to go into timeout
protection when the percent of failures reaches a certain level.
Also, the existing timeout protection is tweaked to use redis keys
that won't overlap with the rolling counters redis keys.
The default values for failure rate cutoff is 20%, the default minimum
samples is 100, the default rolling counter time is 60 seconds. The
default protection time is the error_ttl time.
closes CNVS-34031
test plan:
- Ensure canvas is configured to use redis
- In the rails console do the following:
Setting.set('service_qatesting_timeout', 1)
Setting.set('service_qatesting_timeout_protection_method',
'percentage')
Setting.set('service_qatesting_min_samples', 10)
- The following must be completed in the rails console in under a
minute:
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { sleep 2 }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { sleep 2 }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.timeout_protection('qatesting') { }
Canvas.redis.ttl("service:timeouts:qatesting:percent_counter:protection_activated")
- Note that after each 'sleep' above that an error report of type
'service_timeout' was generated
- Note that after 10 samples, we went into timeout protection by
the log message of "Skipping service call due to error count: qatesting 0.2"
- Note that the Canvas.redis call returns a number between 0 and 60
Change-Id: Id14f2c86c11ded7bb8c18ecfcf51eed2faf4df33
Reviewed-on: https://gerrit.instructure.com/97247
Tested-by: Jenkins
Reviewed-by: Derek Bender <djbender@instructure.com>
QA-Review: KC Naegle <knaegle@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
This cop encourages explit require_dependency calls for ambiguous nested
constants in specs. What does that mean? Consider:
module Analytics
describe Assignments do
Depending on what has been required and/or autoloaded, `Assignments` could
either resolve to `Analytics::Assignments`, or just the top-level
`Assignments`. This is a cause of flickering failures and test-queue woes.
This example should either have an explicit `require_dependency` call, or
get rid of the module and just do `describe Analytics::Assignments``
Correct all existing ones in the codebase, except for a few
ActiveRecord-related ones (the auto-correct isn't quite perfect, i.e. it
assumes the file path will be `const_name.underscore`, which is no bueno
for things like ActiveRecord::ConnectionAdapters::PostgreSQLAdapter)
Test plan:
n/a, specs
Change-Id: Ic24bf3e0f547ca11c46887d4af92804da091912a
Reviewed-on: https://gerrit.instructure.com/98752
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
maybe this is totally overkill but whatever
it'll put my mind at ease about conflicts in the future
also we can hack this later if we want to make
content exports for future courses shard-aware too
Change-Id: I1568e47ec1037d6e7554e7ccb0ea80965842db49
Reviewed-on: https://gerrit.instructure.com/96482
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
closes CNVS-32945
This logs a lot more data on each redis request, and does it at the
redis connection level so that non-cache (Canvas.redis) requests are
logged as well.
I've structured the log line as JSON. This might appear to be a little
odd since none of the other Canvas logging is JSON yet, but I figured
that any other format I choose would be just as arbitrary, and likely more
difficult to parse. Maybe someday other Canvas logging will join our
glorious JSON future. Definitely open to feedback here.
Data logged includes:
- command (get/set/etc)
- redis key
- request size
- response size
- time the request took
- redis hostname
- controller/action or job tag
- for cache :fetch requests, the time ruby spent in the block generating
the cached value
Since we're specifically interested in cache misses, it's important to
point out that a cache miss will be logged as:
{ "command": "get", "response_size": 0 }
test plan:
* enable redis and redis cache_store
* click around in canvas or do something else to generate redis requests
* `grep redis_request log/development.log` will show the log lines
* since these are structured json, you can use a tool like `jq` to do
adhoc analysis. for instance, to get the average size of items stored
into redis in that log:
grep redis_request log/development.log | grep -o '{.*' | \
jq -s 'map(select(.command == "set")) | map(.request_size) | add / length
Change-Id: I4f9192f986b92c43297fd286487b94078915ef65
Reviewed-on: https://gerrit.instructure.com/94032
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
closes: CYOE-357
Test plan:
On a Canvas instance running in rails production mode:
1. Create an assignment with some graded submissions
2. Modify the points possible of the assignment so
that the submission scores will be updated
3. Verify that the generated live events are
- coming from a delayed job
- include the job information in the context
- include the account id, account lti_guid,
context id (course id) and context type ("Course")
Change-Id: I651b97a47f61f9d969161bc6c2360102e61eb2d3
Reviewed-on: https://gerrit.instructure.com/93663
Tested-by: Jenkins
Reviewed-by: Dan Minkevitch <dan@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Michael Brewer-Davis <mbd@instructure.com>
fixes CNVS-32680
test plan:
- set up the email ticketing system plugin
- generate an error
- the body of the email that is sent should be valid json
Change-Id: I6cf0f0d76b813e1f8b0f9dbe48bf40b60100e2af
Reviewed-on: https://gerrit.instructure.com/93591
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Refs PFS-5573
Test plan:
- in a course with a student submission, change the grade of
said submission
- verify submission_updated live events payload contains correct
graded_at timestamp
Change-Id: I4f9a6f67ea3656edd8f62cbb78367118e38a0d90
Reviewed-on: https://gerrit.instructure.com/91942
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Ben Young <byoung@instructure.com>
define a new workflow inteded to be used by any service that needs to
render a ui. this workflow includes state indicating if high contrast
styles should be used.
refs CNVS-31909, closes CNVS-31983
test plan:
- enable high contrast
- make sure rcs is enabled
- go to view with rce sidebar
- get the jwt from Authoriation header of requests to rcs
- don't inclued "Bearer "
- open the canvas console, run:
Canvas::Security.decrypt_services_jwt(
Canvas::Security.base64_decode('<token here>')
)
- make suer the token inclues use_high_contrast: true
- disable high contrast
- repeat, but use_high_contrast should be false in the token
Change-Id: I8752ad534928081d2e4b8e8d748f8dd9897222a2
Reviewed-on: https://gerrit.instructure.com/90452
Tested-by: Jenkins
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
for a given workflow, services consuming canvas jwts may need access
to additional state (feature flags, permissions, etc). this commit
introduces the ability to to define state requirements for a jwt
based on its workflows, context and user.
the concept of jwt workflow has been made plural and it expects it to
be an array of workflows. a token for one service may need to be used
in multiple workflows (i.e. a quiz token may need to work as a rich
content token as well).
this commit defines the :rich_content workflow which includes upload
and usage rights information.
tokens also include context type and id. since the workflow state may
be specific to the context, this provides a way for the service to
validate that the token is being used in the correct context.
code that generates conditional-release tokens has been updated to use
the workflows array. this won't break anything becuase, even though it
is including in the token, it is not being validated yet. future
validations will check for inclusion in the array.
refs CNVS-30966, refs CNVS-32094
test plan:
- launch a page with the rich content service side bar
- ensure the request to the proxy don't return 401 status codes
- a test plan for the consuption of the new data in the token will
come with a seperate RCS commit
Change-Id: I9e643995cb98547664f721a9b5d8c9441010eea9
Reviewed-on: https://gerrit.instructure.com/89012
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
test plan:
1. create two outcomes in an account
2. link these outcomes to a course, putting one of them at
the root level and another one in an outcome group
3. attach each outcome to an assignment rubric in the course
4. do a selective course copy, select assignments, and
ensure the outcomes are both migrated to the new course
5. do another selective course copy and ensure "Learning Outcomes"
is in the list. select it, and ensure both outcomes
are linked in the new course
fixes CNVS-31288
Change-Id: I22837626bbbceb64063523450e108b33d03ad973
Reviewed-on: https://gerrit.instructure.com/89066
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
fixes CNVS-30442
test plan:
- Navigate to plugin management page.
- Observe that plugin for MathMan is present in the list.
- Click on MathMan.
- Observe that a base_url can be provided, and MathMan can be configured
to be used for the conversion of latex to svg & MathML.
- Observe that entering a non-url value for the base url will fail.
Change-Id: If72075a57921ae3e3e13fa4665fe093678412da4
Reviewed-on: https://gerrit.instructure.com/85311
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: John Corrigan <jcorrigan@instructure.com>
refs CYOE-120
Test Plan
0. Enable conditional release feature flag.
1. Create a few pages, mark one conditional content.
2. Via course settings, copy the pages to another course.
3. Ensure any conditional pages have their assignments intact. They
should appear in Pages and in Assignments. (for teachers and those
students who have visibility) Ensure non-conditional pages didn't
have assignments assigned.
Change-Id: I3ab27877ef530bd68c5c5a6990ea59a6af37e5a9
Reviewed-on: https://gerrit.instructure.com/83767
Reviewed-by: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Christian Prescott <cprescott@instructure.com>
services can be integrated to be told when a course export
(or course copy) occurs and can send custom data to be
saved in the package
the data can use keys with the format '$canvas_TYPE_id'
where TYPE is a canvas object (e.g. 'assignment')
where the values are ids for objects in the source course
so when the package is imported, the saved data will have the
ids translated to the new copied objects, thus preserving
relationships between objects
closes #CNVS-30161
Change-Id: Iee5400c45d6189305b8626219dbe9aef345fea9e
Reviewed-on: https://gerrit.instructure.com/83531
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
refs CYOE-190
Test Plan
1. Monitor live events as sent from canvas, or as received by the CYOE
lambda or web app. Ensure grade_change events are raised with
correct attributes for all cases where grade or score is affected:
- submission is graded for the first time in an assignment. ensure nil
old_score and old_grade.
- submission is regraded. ensure (old_)points_possible is not changed.
- assignment changes grading_type. ensure grade changes, but score does
not.
- assignment changes points_possible. ensure score is unchanged,
old_points_possible is correct. ensure subsequent events have correct
old_points_possible.
Change-Id: I0ae18772fc816340a23a9b48aee3c00af7a12bcf
Reviewed-on: https://gerrit.instructure.com/81381
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Robert Lamb <rlamb@instructure.com>
Product-Review: Christian Prescott <cprescott@instructure.com>
fixes CNVS-30198
TEST PLAN:
1) kill a consul local agent
2) the whole fleet should not start timing out to consul
Change-Id: Ic699339862ddfd17c1cb973d93b0091d452649a5
Reviewed-on: https://gerrit.instructure.com/83627
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes CNVS-29727
test plan:
- enable live events
- ensure that all global ids come through as strings
Change-Id: I54d1105d442dc92b0d973777fd745864bea1f232
Reviewed-on: https://gerrit.instructure.com/81428
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Refs CNVS-28275, closes CNVS-28885
Generate a json file to go along with the scss file for each brand config.
The intention is that the json file for each brand config will be pushed
to the cdn. One difference from the scss file is that it includes all
variables, even if they are not specified in the brand config. Variable
that have not been customized will use the default value.
In addition to generating a json file for each brand, a json file for that
inclues all default values is generated so other services don't need to
know the defaults if no brand config is available.
To allow for long term caching the filename of the json file includes a
hash of the current defaults (including fingerprinted urls for default
images). This way when the defaults change (or a default image) it will
point to a new file even if the brand config didn't change.
Test plan:
- Save a new brand config.
- Look in public/dist/brandable_css/[brand config hash]/
- There should be a [hash of defaults].json file
- Should include custom values from brand config
- Should include default values not specified in the brand config
- Run rake brand_configs:clean && rake brand_configs:write
- Should generate json file for all brand configs
- Open console in browser
- ENV.active_brand_config_json_url should be path the current brand json file
- Go back to the default brand
- ENV.active_brand_config_json_url should be path to default json file
- Test with a real s3 bucket for the CDN
- JSON files should be uploaded to the CDN
- ENV.active_brand_config_json should work when used with ENV.ASSET_HOST
Change-Id: Ibcaf54a2bff324f419a7614a8d3906c0c49aed9e
Reviewed-on: https://gerrit.instructure.com/77427
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes CNVS-28863
test plan:
* go through oauth flow
* the response giving you your access token should include
"token_type": "Bearer"
Change-Id: I8a94f4f6df8db8fb5be3a50143af646c0ba61c31
Reviewed-on: https://gerrit.instructure.com/77642
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-28858
also get rid of deprecated messages, and return a proper 401 for
invalid client credentials, as per spec
test plan:
* have a developer key, go through the oauth flow, and get a refresh
token
* user the refresh token to get a new access token making sure it works
* create a second developer key; try to get a new access token with
your existing refresh token, but authenticating with the new
client credentials
* it should fail
Change-Id: Ide95e317dd8768abd9fb3ab4eb67225a6e58bbcb
Reviewed-on: https://gerrit.instructure.com/77634
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
- callback jwt for canvas
- assignment info
refs: CYOE-74
Test plan:
1. Launch conditional release endpoint
2. Ensure CONDITIONAL_RELEASE_JWT are in the JS env
for assignments, quizzes, and discussions
3. Decode jwt using canvas keys
4. Verify that add'l data is present
Change-Id: Ib33d15ea6fc91fc3c10e81c74ef52dc122687e1c
Reviewed-on: https://gerrit.instructure.com/77476
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
Reviewed-by: Christian Prescott <cprescott@instructure.com>
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
fixes CNVS-28330
TEST PLAN:
1) generate a JWT with the "for_user" method
2) if a masquerading user is provided, it should be included in the
body
3) eventually, using a wrapping service should be able to preserve
audit trail across an external api call with JWT
Change-Id: Ic10bcc4ac2e8b4222005d765cec2df3dd4740f64
Reviewed-on: https://gerrit.instructure.com/75741
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes CNVS-28141
TEST PLAN:
1) setup consul init data in consul.yml
2) let one settings group only have one key/val entry
3) DynamicSettings.find should not blow up when you try to load it
Change-Id: Ifd665a53e0bd57970162f535669c7b1b5695d7f0
Reviewed-on: https://gerrit.instructure.com/74910
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-28105
TEST PLAN:
1) remove consul config file
2) use a dynamic_settings.yml file
3) Canvas::DynamicSettings calls should work from the console
returning the data in the file
Change-Id: I90ee2a3fb3e660ef4f527f23bcf2d5b24db8fad4
Reviewed-on: https://gerrit.instructure.com/74782
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
test plan:
* try Rails.cache.instance_variable_get(:@data).keys, or any other way
you can think of to try and get all keys (or flushdb or other scary
stuff) from redis
* it should raise an error
* Shackles.activate!(:deploy)
* try again
* it should work
Change-Id: I57772df3851fd14b6a46a56c9cd8ef6ddce015e3
Reviewed-on: https://gerrit.instructure.com/73940
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
- allows CYOE listener to avoid api call to reconcile
students/assignments/grades
refs CYOE-80
Test plan:
1. Set up live_events in Canvas
2. Monitor the live_events stream using
`script/tail_kinesis`
3. Create and grade on a student assignment
4. Verify that there are user_id and assignment_id
fields on the `grade_change`, `submission_created`,
and `submission_updated` events
Change-Id: I0c24d6773e5f635b0f6a00cd18865600c498a98d
Reviewed-on: https://gerrit.instructure.com/74155
Reviewed-by: Michael Brewer-Davis <mbd@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
QA-Review: Dan Minkevitch <dan@instructure.com>
Tested-by: Jenkins
Reviewed-by: Matt Smith <msmith@instructure.com>
closes CNVS-27667
if consul goes down, we want to use the most recent value
for each key checked until it recovers. This will only help
active processes, new procs won't have a cache to pull from,
but partial failure is preferable to total outage.
TEST PLAN:
1) store some stuff in consul
2) ask for it through "DynamicSettings"
3) abruptly kill the consul process
4) ask for the same value
5) instead of a failure, you should get the value returned
when consul was up
Change-Id: I3f57b70d4d8db7a4051c4a68906ddc5d616bb34e
Reviewed-on: https://gerrit.instructure.com/73505
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
refs CNVS-27581
this ensures we have one correlation ID for a request coming
through the ecosystem rather than a seperate ID for each request
at each service. Each request id must be signed to make sure
others can't just submit whatever they want.
TEST PLAN:
1) make an API request and provide the header 'X-Request-Context-Id'
2) make sure to include the X-Request-Context-Signature header, which
should have the value of the sha512 signature with the shared
secret for the services ecosystem
2) the logs should show your provided value as the context Id for that
canvas request
Change-Id: I610fbe8c4df355d43c05360670f80971d1459644
Reviewed-on: https://gerrit.instructure.com/73166
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-27597
We need to not slam consul for rarely changing data.
the '#find' method still gets the value from consul everytime.
Cache can be infinite or with timeout.
TEST PLAN:
1) have some data in consul for what the signing secret is for canvas
2) Make sure to query it (Canvas::Security::ServicesJwt.signing_secret)
3) change the consul data
4) query it again, it should not have updated
5) send a SIGHUP
6) query it again, it should have changed
Change-Id: I5b923b8e44ab90692e87969c494a7c65fafcad72
Reviewed-on: https://gerrit.instructure.com/73198
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins
Reviewed-by: David Adams <dadams@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
closes CNVS-27576
TEST PLAN:
1) JWT with nbf in the future should get rejected (tests prove this)
Change-Id: I55f5bde030a6be4caee323a14988e3fbb49cfa95
Reviewed-on: https://gerrit.instructure.com/73132
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
refs CNVS-24823
having the host in the token means we don't need to pass multiple
parameters to give a service context for proxying API calls.
TEST PLAN:
1) jwt should still be able to be generated
2) decypted/decoded JWT should include a 'domain' entry
Change-Id: Ib886e37a12aba23f4f938a4b5cfa10adb44083af
Reviewed-on: https://gerrit.instructure.com/71727
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-26734
distributing env vars through production is harder
than updating a shared highly available store. We put this stuff
in consul now so it's easy to update everywhere at once.
also clean up webmock spec usage, it causes a lot of errors
because it's configuration seeps outside the specs it's currently used
in
TEST PLAN:
1) no production changes (does not touch app code)
2) clean install, clean config directory
3) copy docker-compose/config/ files to your config directory
4) you shouldn't be missing any config files when you start your
compose file up
5) Canvas::DynamicSettings.find("canvas") should give you a hash
with your secrets from the init values in your config file
6) ServicesJwt.signing_secret and ServicesJwt.encryption secret
should pull those same values
7) if you have env vars for ECOSYSTEM_KEY or ECOSYSTEM_SECRET, they
should be ignored
Change-Id: I3b3c1b19d6e2a05af3e6caa2e0af6c5d1dc6df66
Reviewed-on: https://gerrit.instructure.com/71559
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
QA-Review: Ethan Vizitei <evizitei@instructure.com>
The request body params can be unbounded in size, so if they're too
large, truncate the string.
Change-Id: Icc3a7bc27227f38a05cc5fc67789616cd3c71fd3
Reviewed-on: https://gerrit.instructure.com/71867
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
test plan:
* user_spec.rb:2085 should actually run, and pass, on ubuntu
Change-Id: I28b31cbc56d4225f83001c506e1fb752223a8843
Reviewed-on: https://gerrit.instructure.com/71072
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs CNVS-26792
messages are easier to group back to their accounts if the
root_account_id is popluated when a ticketing system ticket
is created and a send via email is attempted.
TEST PLAN:
1) enable ticketing connector for email
2) file a ticket
3) in the rails console, the generated message object
has it's root_account_id populated
Change-Id: Iceae2d09c6a33ba522a4333f634d238a78c81e03
Reviewed-on: https://gerrit.instructure.com/71068
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-26758
Sentry has a dedicated field for this now, opening up additional
functionality such as a count of affected users for each error.
test plan: enable sentry and trigger an in-request error, the error
report will now include your user id in a separate "user" section.
Change-Id: Ia58d54b923f7daa67e2ce060c02f0cfa0494387d
Reviewed-on: https://gerrit.instructure.com/70918
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
refs #CNVS-26056
Change-Id: Ia94ee2fcfded1ec66cb77a19085b005c81304800
Reviewed-on: https://gerrit.instructure.com/70251
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
It is a middleware so it was in the wrong place. This solves class
reloading problems in dev.
test plan:
request throttling should still function (you can look for "request
throttling increment" log lines) and should no longer cause "A copy of
Canvas::RequestThrottle has been removed from the module tree but is
still active" errors.
Change-Id: Ied6aaa6de4ac64ddfb14c80c76463f253b988bd7
Reviewed-on: https://gerrit.instructure.com/70265
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
closes CNVS-26405
Some access tokens were generated which, when base64 decoded, happened
to have the right number of dot-delimited segments to look like a JWT,
and then the decoding library would choke parsing what it thought
was a JSON segment. This catches that parse error, and lets
access_token processing continue.
TEST PLAN:
1) create an access token for your user, and then overwrite it's token
value to be the same token as is in the specs accompanying this
patch set
2) you should be able to use the APi with that token ok
Change-Id: I7d6ee4e2d40f1fef08bd223e90fdd8dca3bb5779
Reviewed-on: https://gerrit.instructure.com/70160
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
closes CNVS-18870
CNVS-18870 as described in the ticket description is not a bug. see
comments on the ticket for more details. but while investigating and
confirming that, it became obvious that the odd structure and scattered
implementation of the CSRF protection was both making it hard to reason
about and easy to introduce new bugs. after the refactor, we still:
* don't perform CSRF validation on GET requests
* don't perform it on token-authenticated API requests
* do perform it on session-authenticated API requests
* do perform it on non-API requests regardless of authentication method
additionally, we now:
* don't perform CSRF validation on HEAD requests
finally, we _don't_ support a csrf_token in the session anymore. that's
been deprecated forever; we can remove the code now.
test-plan:
- should not perform CSRF validation for:
- GET requests
- token-authenticated POST requests to API endpoints (path prefixed
by /api/) without an authenticity_token parameter or X-CSRF-Token
header
- token-authenticated POST requests to API endpoints even with an
authenticity_token parameter
- token-authenticated POST requests to API endpoints even with an
X-CSRF-Token header
- should perform CSRF validation for:
- POST requests to non-API endpoints
- session-authenticated POST requests to API endpoints
- when CSRF validation should occur, but the user has cookies off:
- POST requests to non-API endpoints should redirect to a "need
cookies" page
- XHR POST requests to non-API endpoints should not redirect
- POST requests to API endpoints should not redirect
Change-Id: I3dbb3a68623bc9d03a3e744a9d4e1f038a32709c
Reviewed-on: https://gerrit.instructure.com/65103
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
Ethan Vizitei