Embedded Files
What is a service account (on GCP)
What is a service account (on GCP)
Service accounts are REAL accounts that are not associated with a person. For detailed information read the google cloud guide for service accounts. Typically, service accounts are used to run jobs for an application. As an example, think about a job that needs to be run every night. If the job runs as a user, then that person needs all the permissions that the job requires which may not be ideal. A service account with a small set of permissions tightly bound to the requirements of the application can run the job without problems. Another issue, which Connect for Cancer Prevention actually had, was when a developer leaves the project and loses permission. The application also loses permission. So running as a service account prevents the jobs from failing when developers leave.
The drawback of service accounts is the loss of accountability. If a hacker gets control of a service account, they can run code as the service account. Our audit sees that the service account performed a task, but not who started the job. How do you get control of a service account? via service account keys. The keys are like passwords. Developers use keys run jobs on GCP as a service account. This is why Daniel is paranoid about keys and always warns users to never hardcode key or check keys into GitHub. The only way to delete a key from GitHub is to delete the entire repository.
Lorena: Update on QA/QC
Lorena: Update on QA/QC
Lorena is updating QAQC. She is dynamically creating R code using JavaScript. She plans on updating her code in order to update the QAQC based in CloudRun. The video of this discussion is on Teams (you may have to download the mp4 video to watch).
Here is the R script for the Biospecimen QC. It's composed of one QC check for testing. https://github.com/episphere/qaqc/tree/master/Biospecimen
The R script was created by uploading the following rules.csv file to the qaqc app. https://github.com/episphere/qaqc/blob/master/Biospecimen/Biospecimen_rules_testing.csv
Adit: Update on epiDonate
Adit: Update on epiDonate
Adit is working on using cloudflare workers as a backend for epiDonate. He pointed out that only 1 function doesn't have a cloudflare worker alternative (fs.syncFileWrite??). However, we are not sure this is even needed with KV data. He is looking into it. Adit also brought up a question about testing. Daniel mentioned using mocha.js to test and showed how he tests the tree in quest. The source code, the test runner html code, and the current test results of Quest's tree.js are online.
Page updated
Google Sites
Report abuse