- The platform is accessible at app.fluidattacks.com.
- Changes to the user interface of the platform that are "significant" will be announced via the appropriate communication mechanism.
- The API is accessible at app.fluidattacks.com/api.
- The API is backward compatible, meaning that no changes made to it by the Developers should break the End Users code that depends on it.
- A six-month notice period will be given should backward incompatible changes need to be made in the API, for example, but not limited to: deprecating attributes and entities, making optional arguments mandatory, changes in the authentication or authorization system, and so on.
Integrates is a standard client-server application divided into a front-end, a back-end, and out-of-band computing tasks.
Integrates has three environments:
The local environment is deployed by each developer on their personal computers. However, this environment is not represented or further explained in this architecture, but instructions can be found below.
The front-end is deployed into AWS S3 buckets, using the corresponding bucket for the environment (
Dynamic DNS entries are generated automatically for each back-end deployment using the Kubernetes ingress controller for AWS, which essentially binds the corresponding domain to an AWS Elastic Load Balancer (ELB) that routes traffic from the internet into the corresponding cluster nodes, allowing Cloudflare to act as a firewall between the internet and the web application, and providing rate-limiting.
The backend uses:
DynamoDB by Amazon Web Services (AWS) as a database.
We also have enabled DynamoDB Streams on some of our tables, to respond to item changes within the database and perform actions like updating OpenSearch indexes or putting items into Redshift by Amazon Web Services (AWS).
OpenSearch by Amazon Web Services (AWS) (previously known as ElasticSearch) as a search provider.
- As a durable file system,
- As an ephemeral file system whose objects are deleted after some time.
- As a staging area for file uploads/downloads (using pre-signed URLs).
The Compute component of Common provides us with out-of-band processing power that we use for things like periodic tasks (schedules), or tasks that can be computed outside of the request/response lifecycle and/or that require more beefy machines (like generating PDF reports).
You can right-click on the image below to open it in a new tab, or save it to your computer.
Please read the contributing page first.
Follow the steps in the Development Environment section of our documentation.
When prompted for an AWS role, choose
and when prompted for a Development Environment, pick
Two approaches for deploying
a local environment of Integrates
are described below.
Either of them will launch a replica
All in one
You can use mprocs for handling all components in a single terminal:
m . /integrates.
- Jobs can be restarted using
- Jobs can be stopped using
Run each of the following commands in different terminals:
universe $ m . /integrates/back dev
universe $ m . /integrates/db
universe $ m . /integrates/front
universe $ m . /integrates/storage/dev
Each terminal will serve a key component of Integrates.
Accessing local environment
https://localhost:3000and accept the self-signed certificates offered by the server.
This will allow the backend to fetch the files to render the UI.
https://localhost:8001and, again, accept the self-signed certificates offered by the server.
Now you should see the login portal of the application.
Once you upload your local changes to your remote branch in Gitlab, a pipeline will begin and run some verifications on your branch.
Some of those verifications
require a complete working environment
to test against.
This environment can be found
and it will be available
once the pipeline stage
In order to login to your ephemeral environment, SSO needs to be set up for it. You can write to [email protected] with the URL of your environment so it can be configured.
Enable SSO on Ephemeral Environments
This requires you to have access to the Fluid Attacks organization on Google Cloud.
Access the Google Cloud Console.
Choose the project
On the left sidebar, choose
APIs & Services > Credentials.
On the Credentials dashboard, under
OAuth 2.0 Client IDs, choose the client ID not created by Google Services.
Authorized redirect URIs, add the URI of the ephemeral environment you want to enable SSO on,