Versions Compared

Old Version 7

changes.mady.by.user Dominik Meyer

Saved on

compared with

New Version Current

changes.mady.by.user Enerel Khuyag

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The App Logs setup is neither simple nor rocket science but was chosen with a bit of scalability in mind. This is why logs get written to a Storage Account via a Diagnostic setting. Instead of putting the logs into the clients database, producing unnecessary load to the database, the applications logs (App Logs) are put into a Storage Account and get read back from there to display them in the App Repository.

Panel
panelIconId2139
panelIcon:information_source:
panelIconTextℹ️
bgColor#E6FCFF

Learn more about some of the architectural components below in https://unique-ch.atlassian.net/wiki/spaces/

...

SD/pages/545292322/App+Logs#Architecture and how they are secured in https://unique-ch.atlassian.net/wiki/spaces/

...

SD/pages/545292322/App+Logs#Security .

Get started

Pre-requisites

...

Deploying Action

In the App Repository

Works (tick)

Code Block
uses: Unique-AG/sdk-deploy-action@v3 # >v3
  with:
    module: my_own_app
    environment: playground
    azure_storage_account_id: ${{ vars.AZURE_STORAGE_ACCOUNT_ID }}

Name: my-own-app

Azure Environment Name: playground

Does not work 🤯

Code Block
uses: Unique-AG/sdk-deploy-action@v3 # >v3
  with:
    module: my_own_app
    environment: playground
    azure_storage_account_id: ${{ vars.AZURE_STORAGE_ACCOUNT_ID }}

Name: my-own-app

Azure Environment Name: proid

Does not work 🤯

Code Block
uses: Unique-AG/sdk-deploy-action@v3 # >v3
  with:
    module: my_own_app
    environment: playground
    azure_storage_account_id: ${{ vars.AZURE_STORAGE_ACCOUNT_ID }}

Name: joke-teller-app

Azure Environment Name: playground

Does not work 🤯

Code Block
uses: Unique-AG/sdk-deploy-action@v3 # >v3
  with:
    module: my_own_app
    environment: playground
    azure_storage_account_id: ${{ vars.AZURE_STORAGE_ACCOUNT_ID }}

Name: my-own-app

Azure Environment Name: playground

Forgetting to set the correct account.

Specs

The logs clear use case is application insights and secure development of apps. A developer can consult them in the rare event of discovering an edge case only in production or when triaging an unseen issue.

...

Naturally, the maximum duration of logs you can browse are limited by the Retention. The UI currently shows only the last 10 48 hours of logs in separate entries. If the feature matures, further improvements could be done on this behalf.

The logs are not live streams, it can take some worst case some minutes for them to appear. Unique does not offer real time log streaming. Clients requiring faster scrape intervals than Azure Monitors maximum 5 minute interval must self host apps.

Each hour a new file gets created by the Azure Monitor and Unique caches the last 10 hours (except the last one) refreshing them every hour (the latter nine).

The logs capture stdout (the console), means they also show container or boot errors etc.

...

Azure Monitor is the only allowed writer to the account while the App Repository (via Workload Identity) is the sole reader (both via RBAC). No humans have access to the account, also not via PIM or privileged roles.

Secure Deployment

Panel
panelIconId2139
panelIcon:information_source:
panelIconTextℹ️
bgColor#E6FCFF

See Hosted SDK, only mentioned here for completeness.

Log scrubbing

The setup does not scrub the logs or sanitize them. If developers log classified data, it will be present in the logs within the retention period. The Legal Amendment to the Co-Development Agreement holds more information about the logs and their use case (or not-use-case) and how developers must interact with them.

...