jimfuqian/BB2-3276-Adjust-Splunk-Auth-Flow-Dashboard-Spanish-Lang-Stats

JFU-NAVA-PBC commented 4 months ago

JIRA Ticket: BB2-3276 Also as a convenient bonus fix BB2-3277

User Story or Bug Summary:

Some previous work has been done such that: splunk/authorization_flow_dashboard.xml was updated with a placeholder of what would eventually be added to Splunk for Spanish Language tracking. The metric has since been added to the actual Splunk dashboard, although the details of how it is displayed has not been reviewed with the team, and may be out of sync with what is in the repo in the xml file. This task involves finalizing a landing spot for that metric in Splunk and making sure the xml file reflects any changes.

What Does This PR Do?

Modified splunk/authorization_flow_dashboard.xml:

Added panel - make "Spanish Authorization Count" as a standalone stats panel in the same row as panel titled "Initial Authorization Request / Authorization Completed %"
Added panel - a chart of percent : spanish auth request vs total auth request
Remove the stats panel as step 13 of the AUTH FLOW (logically the language chosen during medicare login is not a step in the auth flow)

What Should Reviewers Watch For?

Checkout the dashboard here: [BB2 Authorization Flow Dashboard (BB2-3276)](https://splunk.cloud.cms.gov/en-US/app/cms_bbapi_landing_app/bb2_authorization_flow_dashboard

Note:

There are references to https://splunk.cloud.cms.gov/en-US/app/cms_bbapi_landing_app/bb2_authorization_flow_dashboard from Django Admin BB2-TOOLS -> Splunk Dashboards which points to https://splunk.cloud.cms.gov/en-US/app/cms_bbapi_landing_app/bb2_authorization_flow_dashboard

TODO: login into django admin, go to BB2 Tools -> Splunk dashboard -> BB2 Authorization Flow Dashboard, click the link, it should take you to the splunk dashboard.

Spanish authorization flow generation facilitate:

A customized sample app at : https://github.com/CMSgov/bluebutton-sample-client-python-react/pull/69 Which is handy to generate auth events logging with Spanish language code, note since the built in TestApp is excluded from Splunk searches of the "BB2 Authorization Flow Dashboard", it is recommended to use the sample app to hit your own app.

If you're reviewing this PR, please check these things, in particular:

TODO

Test A:

Pick an ENV: prod, impl, test Pick a time range e.g. 06/01/2024 - 07/08/2024 with closing end date (before current date to avoid stats and counts varying) Check the numbers for correctness, especially the authorization requests count where Spanish medicare login used.

Test B: Create an app in the ENV, use a client e.g. BB2 sample app to hit the app and trigger a Spanish medicare login with lang=es as query parameter of the authorization URL.

Then check the "Spanish" stats from the dashboard e.g. using time range "past 60 minutes"...

What Security Implications Does This PR Have?

Submitters should complete the following questionnaire:

If the answer to any of the questions below is Yes, then here's a link to the associated Security Impact Assessment (SIA), security checklist, or other similar document in Confluence: N/A.
- Does this PR add any new software dependencies? Yes or No.
- Does this PR modify or invalidate any of our security controls? Yes or No.
- Does this PR store or transmit data that was not stored or transmitted before? Yes or No.
If the answer to any of the questions below is Yes, then please add a Security Engineer and ISSO as a reviewer, and note that this PR should not be merged unless/until he also approves it.
- Do you think this PR requires additional review of its security implications for other reasons? Yes or No.

What Needs to Be Merged and Deployed Before this PR?

This PR cannot be either merged or deployed until the following pre-requisite changes have been fully deployed:

CMSgov/some_repo#42

Any Migrations?

[ ] Yes, there are migrations
- [ ] The migrations should be run PRIOR to the code being deployed
- [ ] The migrations should be run AFTER the code is deployed
- [ ] There is a more complicated migration plan (downtime, etc)
[x] No migrations

Submitter Checklist

I have gone through and verified that...:

[x] This PR is reasonably limited in scope, to help ensure that:
1. It doesn't unnecessarily tie a bunch of disparate features, fixes, refactorings, etc. together.
2. There isn't too much of a burden on reviewers.
3. Any problems it causes have a small "blast radius".
4. It'll be easier to rollback if that becomes necessary.
[x] I have named this PR and its branch such that they'll be automatically be linked to the (most) relevant Jira issue, per: https://confluence.atlassian.com/adminjiracloud/integrating-with-development-tools-776636216.html.
[ ] This PR includes any required documentation changes, including README updates and changelog / release notes entries.
[x] All new and modified code is appropriately commented, such that the what and why of its design would be reasonably clear to engineers, preferably ones unfamiliar with the project.
[ ] All tech debt and/or shortcomings introduced by this PR are detailed in TODO and/or FIXME comments, which include a JIRA ticket ID for any items that require urgent attention.
[x] Reviews are requested from both:
- At least two other engineers on this project, at least one of whom is a senior engineer or owns the relevant component(s) here.
- Any relevant engineers on other projects (e.g. BFD, SLS, etc.).
[ ] Any deviations from the other policies in the DASG Engineering Standards are specifically called out in this PR, above.
- Please review the standards every few months to ensure you're familiar with them.

jimmyfagan commented 3 months ago

Jim, the link in the description is giving me a 404 so it's hard to see the changes here. I would be okay with you just updating the main dashboard directly, if there's anything we're unhappy with, we can always revert to an earlier version of the xml file. Otherwise, I might just need screenshots or a quick huddle to complete this review. The changes do look good, just would like to verify what it looks like in Splunk

loganbertram commented 3 months ago

Yeah, I think we need to see the changes deployed to get an idea. This all looks ok, though.

JFU-NAVA-PBC commented 3 months ago

new dashboard promoted, also generated 5 spanish authorization flows using app = BB2-3276-APP

JFU-NAVA-PBC commented 3 months ago

Looks good to me. Tested both english and Spanish on Test and this makes sense to me. I think in the future we may try to purge the term 'beneficiary' from our UI but that is for a later date.

agree

CMSgov / bluebutton-web-server