Ah .... by default, you might find that the REST service used by Atelier is set to Unauthenticated:
/api/atelier
We have found that we need to make sure that this is configured for "Password Authentication" in order for our server-side source control hooks to operate properly.
Last thought - depending on the data that you have in your system and how exposed the server is, one possible solution is to create a new web application which only allows the Dashboard viewer to be served up, and then uses "Matching Roles" feature to look for a certain role that people needing this dashboard should have, and assigning the elevated privs required to see the dashboard to the Web App. This would allow you to give access to people without having to broadly expand their assigned privileges. Depending on how much you have to give them in order for them to see the dashboard, this may be something that you want to consider.
Ian - I completely understand why moving to Private Dev is challenging. It is very much the nature of applications built on top of InterSystems technology, and it is certainly a challenge.
You are absolutely correct in your thinking that you will see a lot of issues in trying to use Client-Side source hooks (especially for a distributed source control system like Git) against a Shared Dev instance. I actually presented at Global Summit last week about the interplay between Client vs Serverside hooks and Private vs Shared Dev instances, and I recommended that people avoid the Client-Side / Shared Dev combination. I would recommend that you download the slides and watch the recording of my session - you will probably find it to be very helpful:
As you are tied to Shared Dev workflow, I would strongly suggest that you consider using Server-side hooks to enable your dev workflow, and that you use a centralized Version Control System (VCS) like Perforce, Deltanji or Subversion rather than a distributed VCS like Git. Serverside hooks will enforce the behavior of both Studio and Atelier, so you can still move to Atelier and still use this (just make sure that you are on 2017.2.0, 2017.1.2 or 2016.2.3 as those are the first versions that contain a fix to a hole that was recently found in serverside protections with Atelier).
In terms of your code promotion question, please keep in mind that Atelier is a development tool and not a deployment tool. As others have said, TEST and PROD should never have code pushed to it from Atelier but rather the code needs to come directly from your VCS. I run internal app dev at InterSystems and our process looks like this:
Shared BASE, TEST and LIVE environments
Private BASEs for some apps
BASE, TEST and LIVE branches
VCS is Perforce
Serverside hooks on Shared BASE control concurrency and locking of items as they are being edited on Shared BASE
All check-ins include a logic identifier for the project (a Job in Perforce)
When project is ready to move from BASE to TEST, we have a script that integrates all changelists with that Job from the BASE branch to the TEST branch
Changed items are pulled from TEST branch into TEST environment and compiled
Same process for moving things from TEST to LIVE
This process works very well for us and scales well on a variety of sized development teams (larger teams use more private BASE environments to prevent check-out collisions on Shared-BASE). We've been working in this mode for about 7 years and it's really stabilized our environments and branches (compared to how things were before) and we're well positioned to move forward with Atelier in use side by side with Studio.
Hope this helps. Please watch my Global Summit session and let me know if you have any questions (I plan to write a new article based on my session so feel free to jump in to the discussion there).
Ian - the appropriateness of your architecture relies very much on whether or not there will be more than one developer working on this application and having access to these environments. Can you please clarify that point?
1) Baseline the code on all three of your servers using the "Caché UDL" project on GitHub
2) Use the PROD baseline to make your PROD branch/repot
3) Fork/Branch to make your TEST repo, and then check in your changes from TEST baseline on top of the changes integrated there from PROD
4) Do the same thing to make DEV - Fork/Branch from TEST and then check in your DEV Baseline on top of it
Now you should be positioned to integrate changes from DEV to TEST and deploy out of source control, and then the same from TEST to PROD. This allows you to handle your merges within source control and not rely on merging from your IDE as part of a code push.
Side note - I expect you'll run into some frustrations trying to use client-side hooks against a shared DEV instance if you are not careful (I just did a presentation at Global Summit this past week which highlighted the challenges of that approach). I would recommend that you move towards Private DEV instances as soon as you can, or if you intend to stay using a Shared DEV, then you might want to consider Server-side hooks instead (that being said - Git doesn't work very well in a shared dev type environment with serverside hooks, so this again points to the importance of moving towards private DEV instances as soon as you are able). There will be several recordings from Global Summit which should be interesting to you on this topic - we'll be posting articles in the near future with the content so stay tuned!
Ah .... by default, you might find that the REST service used by Atelier is set to Unauthenticated:
We have found that we need to make sure that this is configured for "Password Authentication" in order for our server-side source control hooks to operate properly.
Thank you!! Much better :)
Personally, I agree with Tyler that their current location is a distraction. Can we move them after the comments or to the sidebar?
It is possible that no one was clicking on them in the side bar because they were not truly relevant....
You are most welcome - good luck!
Last thought - depending on the data that you have in your system and how exposed the server is, one possible solution is to create a new web application which only allows the Dashboard viewer to be served up, and then uses "Matching Roles" feature to look for a certain role that people needing this dashboard should have, and assigning the elevated privs required to see the dashboard to the Web App. This would allow you to give access to people without having to broadly expand their assigned privileges. Depending on how much you have to give them in order for them to see the dashboard, this may be something that you want to consider.
Did you turn on auditing in order to see what sort of a <PROTECT> is being thrown?
You may need to connect with the WRC if you're having a hard time finding the privs to give to the user.
Thanks for this! I added an Answer which I think should work based on this information.
As email notifications seem to be having issues you may not have seen the answer yet. When you do, please let us know if it works.
What is the URL for this page? I can't seem to find it in my Ensemble instance.
Ian - I completely understand why moving to Private Dev is challenging. It is very much the nature of applications built on top of InterSystems technology, and it is certainly a challenge.
You are absolutely correct in your thinking that you will see a lot of issues in trying to use Client-Side source hooks (especially for a distributed source control system like Git) against a Shared Dev instance. I actually presented at Global Summit last week about the interplay between Client vs Serverside hooks and Private vs Shared Dev instances, and I recommended that people avoid the Client-Side / Shared Dev combination. I would recommend that you download the slides and watch the recording of my session - you will probably find it to be very helpful:
Global Summit 2017: Shared Development for the 21st Century
As you are tied to Shared Dev workflow, I would strongly suggest that you consider using Server-side hooks to enable your dev workflow, and that you use a centralized Version Control System (VCS) like Perforce, Deltanji or Subversion rather than a distributed VCS like Git. Serverside hooks will enforce the behavior of both Studio and Atelier, so you can still move to Atelier and still use this (just make sure that you are on 2017.2.0, 2017.1.2 or 2016.2.3 as those are the first versions that contain a fix to a hole that was recently found in serverside protections with Atelier).
In terms of your code promotion question, please keep in mind that Atelier is a development tool and not a deployment tool. As others have said, TEST and PROD should never have code pushed to it from Atelier but rather the code needs to come directly from your VCS. I run internal app dev at InterSystems and our process looks like this:
This process works very well for us and scales well on a variety of sized development teams (larger teams use more private BASE environments to prevent check-out collisions on Shared-BASE). We've been working in this mode for about 7 years and it's really stabilized our environments and branches (compared to how things were before) and we're well positioned to move forward with Atelier in use side by side with Studio.
Hope this helps. Please watch my Global Summit session and let me know if you have any questions (I plan to write a new article based on my session so feel free to jump in to the discussion there).
Ian - the appropriateness of your architecture relies very much on whether or not there will be more than one developer working on this application and having access to these environments. Can you please clarify that point?
Ian,
If I were you, I would approach this as follows:
1) Baseline the code on all three of your servers using the "Caché UDL" project on GitHub
2) Use the PROD baseline to make your PROD branch/repot
3) Fork/Branch to make your TEST repo, and then check in your changes from TEST baseline on top of the changes integrated there from PROD
4) Do the same thing to make DEV - Fork/Branch from TEST and then check in your DEV Baseline on top of it
Now you should be positioned to integrate changes from DEV to TEST and deploy out of source control, and then the same from TEST to PROD. This allows you to handle your merges within source control and not rely on merging from your IDE as part of a code push.
Side note - I expect you'll run into some frustrations trying to use client-side hooks against a shared DEV instance if you are not careful (I just did a presentation at Global Summit this past week which highlighted the challenges of that approach). I would recommend that you move towards Private DEV instances as soon as you can, or if you intend to stay using a Shared DEV, then you might want to consider Server-side hooks instead (that being said - Git doesn't work very well in a shared dev type environment with serverside hooks, so this again points to the importance of moving towards private DEV instances as soon as you are able). There will be several recordings from Global Summit which should be interesting to you on this topic - we'll be posting articles in the near future with the content so stay tuned!