| agent: | Auto Exec |
What is an "Expert"? How do we create our own expert?
Add credentials for various integrations
Managing workspaces and access control
DagKnows Architecture Overview
Setting up SSO via Azure AD for Dagknows
Enable "Auto Exec" and "Send Execution Result to LLM" in "Adjust Settings" if desired
(Optionally) Add ubuntu user to docker group and refresh group membership
Deployment of an EKS Cluster with Worker Nodes in AWS
Adding, Deleting, Listing DagKnows Proxy credentials or key-value pairs
Comprehensive AWS Security and Compliance Evaluation Workflow (SOC2 Super Runbook)
AWS EKS Version Update 1.29 to 1.30 via terraform
Instruction to allow WinRM connection
MSP Usecase: User Onboarding Azure + M365
Post a message to a Slack channel
How to debug a kafka cluster and kafka topics?
Open VPN Troubleshooting (Powershell)
Execute a simple task on the proxy
Assign the proxy role to a user
Create roles to access credentials in proxy
Install OpenVPN client on Windows laptop
Setup Kubernetes kubectl and Minikube on Ubuntu 22.04 LTS
Install Prometheus and Grafana on the minikube cluster on EC2 instance in the monitoring namespace
update the EKS versions in different clusters
AI agent session 2024-09-12T09:36:14-07:00 by Sarang Dharmapurikar
Parse EDN content and give a JSON out
Check whether a user is there on Azure AD and if the user account status is enabled
Get the input parameters of a Jenkins pipeline
What's a proxy role? Why is it different from workspace role?
In DagKnows, a workspace role defines what a user can do within the DagKnows web application—such as viewing, creating, editing, deleting, or executing tasks.
However, when a task is executed, it runs on a proxy, and this is where proxy roles come into play.
A proxy role is used to control which credentials a user can access when tasks are executed on the proxy. While the task logic may be the same for all users, the credentials used can vary by user. For example, a task like “List my EC2 instances” may be common, but:
- User A may run it using their own AWS credentials.
- User B may run it with a different set of AWS credentials.
These credentials are securely stored in the HashiCorp Vault on the proxy, organized under named roles. Only users with the appropriate proxy role are allowed to access the credentials associated with that role.
This separation ensures that:
- Multiple users can run the same task with different credentials.
- Access to credentials is tightly controlled and isolated via proxy roles.
When a user executes a task, they reference a specific credential label in their script. DagKnows will:
- Authenticate the user with the Vault.
- Check if the user’s proxy role allows access to the requested credential.
- If permitted, retrieve and use the credentials securely during task execution.