1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Commit Graph

1845 Commits

Author SHA1 Message Date
Christopher Kolstad
0887999dd0
fix: setRolesForUser and setRolesForGroup role check (#6380)
In order to stop privilege escalation via
`/api/admin/projects/:project/users/:userId/roles` and
`/api/admin/projects/:project/groups/:groupId/roles` this PR adds the
same check we added to setAccess methods to the methods updating access
for these two methods.

Also adds tests that verify that we throw an exception if you try to
assign roles you do not have.

Thank you @nunogois for spotting this during testing.
2024-02-29 09:38:32 +01:00
Jaanus Sellin
df93827002
feat: remove applications from project list that do not exist (#6377) 2024-02-28 16:26:53 +02:00
Christopher Kolstad
c9e7bec690
task: upgrade edge banner now toggleable by flag (#6363)
So, since our assumption about client instances ended up being wrong (or, less than stable).
This PR moves the EdgeUpgradeBanner to be displayed if the featureflag
displayEdgeBanner is enabled. That way, if customers comes back and says
they have upgraded but still get the banner, we can remove them from the
segment.
2024-02-28 14:06:46 +01:00
Jaanus Sellin
7af7b32bd5
feat: application overview ux improvements (#6371)
1. Added navigation from environments to instances
2. Last seen is now shown as TimeAgo
3. Added icons for total environments and features
4. Fixed schema


![image](https://github.com/Unleash/unleash/assets/964450/4d0a51a9-7141-4854-ada9-72676e42239c)
2024-02-28 12:39:33 +02:00
andreas-unleash
74c760bf4c
chore: remove changeRequestConflictHandling flag (#6364)
What it says on the tin

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-02-28 10:16:35 +02:00
Mateusz Kwasniewski
b82a650dab
feat: connected instances support query param for env (#6362) 2024-02-28 08:57:34 +01:00
Gastón Fournier
70499dc1d4
feat: allow api token middleware to fetch from db (#6344)
## About the changes
When edge is configured to automatically generate tokens, it requires
the token to be present in all unleash instances.
It's behind a flag which enables us to turn it on on a case by case
scenario.

The risk of this implementation is that we'd be adding load to the
database in the middleware that evaluates tokens (which are present in
mostly all our API calls. We only query when the token is missing but
because the /client and /frontend endpoints which will be the affected
ones are high throughput, we want to be extra careful to avoid DDoSing
ourselves

## Alternatives:
One alternative would be that we merge the two endpoints into one.
Currently, Edge does the following:
If the token is not valid, it tries to create a token using a service
account token and /api/admin/create-token endpoint. Then it uses the
token generated (which is returned from the prior endpoint) to query
/api/frontend. What if we could call /api/frontend with the same service
account we use to create the token? It may sound risky but if the same
application holding the service account token with permission to create
a token, can call /api/frontend via the generated token, shouldn't it be
able to call the endpoint directly?

The purpose of the token is authentication and authorization. With the
two tokens we are authenticating the same app with 2 different
authorization scopes, but because it's the same app we are
authenticating, can't we just use one token and assume that the app has
both scopes?

If the service account already has permissions to create a token and
then use that token for further actions, allowing it to directly call
/api/frontend does not necessarily introduce new security risks. The
only risk is allowing the app to generate new tokens. Which leads to the
third alternative: should we just remove this option from edge?
2024-02-27 16:08:44 +01:00
andreas-unleash
9101c39eb7
chore: remove scheduledConfigurationChanges flag (#6360)
What is says on the box

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-02-27 14:57:34 +02:00
Simon Hornby
43b013ff2f
chore: add a flag for scim (#6361) 2024-02-27 14:33:57 +02:00
Mateusz Kwasniewski
c049374a25
chore: remove new strategy configuration flag (#6335) 2024-02-27 11:23:49 +01:00
David Leek
f351ad821b
chore: set proxy-repo interval to 45mins instead of 20secs (#6340)
Since we're polling for updates to max revision id every second, and
listening for update events for revision id in the proxy repository then
running a refresh interval of 20secs in the proxy repo refresh seems
excessive.

This PR changes the frequency of the refresh to once per 45mins.
2024-02-26 14:32:56 +01:00
Mateusz Kwasniewski
91c08593a6
feat: app env instances api (#6339) 2024-02-26 14:27:44 +01:00
Jaanus Sellin
3b7b816b44
feat: application missing strategies (#6334)
Now also showing missing strategies, that SDK sends, but do not exist in
Unleash.
2024-02-26 12:59:50 +02:00
Jaanus Sellin
89d113f1ff
feat: application missing features backend (#6330)
This PR adds a property issues to application schema, and also adds all
the missing features that have been reported by SDK, but do not exist in
Unleash.
2024-02-26 12:26:01 +02:00
Jaanus Sellin
1633722877
feat: updating last seen now will create instance if does not exist (#6328) 2024-02-26 10:08:28 +02:00
Jaanus Sellin
822851814a
feat: application overview issues schema (#6329) 2024-02-23 13:01:49 +02:00
andreas-unleash
7a08a121f0
feat: create the project-metrics-summary-trends table (#6313)
Adds a migration to create and fill the `project_metrics_summary_trends`

This table is to be used in enterprise to update the metrics data daily
per project (after the aggregation of the hourly data)

Driving force for this was doing performance testing on the executive
dashboard.
This will allow to remove the expensive query to aggregate the data on
demand and will drop the total response time from 2.5sec to 125ms
(measurements done with 100 Projects, 10000 features and over 1M rows in
`client_metrics_env_daily`

Closes #
[1-2080](https://linear.app/unleash/issue/1-2080/create-the-project-metrics-summary-trends-table)

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-02-22 17:21:08 +02:00
Jaanus Sellin
fb63f21d8a
feat: project applications paging backend (#6312) 2024-02-22 15:35:16 +02:00
David Leek
adb6f61015
chore: proxy repository load features metrics (#6314)
## About the changes

- Adds createHistogram
- Adds histogram metrics for proxy-repositorys loading features
2024-02-22 14:29:21 +01:00
David Leek
3bfafcf87e
chore: remove redundant check for project names in db (#6311)
Skips the fetching project names from db part in the proxy-repository
that was done when the token had ALL_PROJECTS
2024-02-22 13:44:47 +01:00
Mateusz Kwasniewski
81ab77cf7c
feat: schema for paginated applications (#6309) 2024-02-22 12:18:23 +01:00
Jaanus Sellin
3c4457af00
feat: application overview backend (#6303) 2024-02-22 08:20:57 +02:00
Nuno Góis
6246459926
chore: db drop action_states (#6300)
Follow up to: https://github.com/Unleash/unleash/pull/6298

We no longer need this table, since it was superseded by `action_events`
and is no longer used.
I believe it's safe to drop this table right away since the feature is
not being used yet.
2024-02-21 17:32:08 +00:00
Nuno Góis
4a4d5388d9
chore: action_set_events db table migration (#6298)
https://linear.app/unleash/issue/2-1962/implement-new-action-events-logic

Adds a new `action_set_events` table for the new action events logic.

Even though observable events are technically immutable, we're storing
the observable event along with the action set event. This allows us to
avoid 1 join while allowing us to persist action set event information
after deleting observable events, if we wish to do so at a later stage.
2024-02-21 14:02:19 +00:00
Jaanus Sellin
7baed29c07
feat: application overview schema (#6295) 2024-02-21 12:59:55 +02:00
David Leek
869e33138b
chore: adds killswitch to scheduled per sec caches (#6291)
## About the changes

Adds killswitches to update revision id and publish unpublished events
2024-02-21 10:12:23 +01:00
Mateusz Kwasniewski
e5c07f00cb
feat: rate limit password reset attempts (#6257) 2024-02-21 08:49:54 +01:00
Nuno Góis
17c0d7137f
chore: add action state db indexes (#6283)
Adds some relevant indexes to `action_states`, useful for our new
"action events" query.
2024-02-20 15:45:33 +00:00
Christopher Kolstad
7350c91a1e
fix: display all roles if we can't get project roles 2024-02-20 16:23:25 +01:00
Christopher Kolstad
e9d9db17fe
feat: Adding Project access requires same role (#6270)
In order to prevent users from being able to assign roles/permissions
they don't have, this PR adds a check that the user performing the
action either is Admin, Project owner or has the same role they are
trying to grant/add.

This addAccess method is only used from Enterprise, so there will be a
separate PR there, updating how we return the roles list for a user, so
that our frontend can only present the roles a user is actually allowed
to grant.

This adds the validation to the backend to ensure that even if the
frontend thinks we're allowed to add any role to any user here, the
backend can be smart enough to stop it.

We should still update frontend as well, so that it doesn't look like we
can add roles we won't be allowed to.
2024-02-20 15:56:53 +01:00
Gastón Fournier
9c156ac31f
chore: avoid printing out warnings from known frontend proxies (#6271)
## About the changes
Our frontend API creates new instances of unleash-client-proxy. Because
this is by-design, we don't want to log a warning that was designed to
warn users about potential misconfiguration of Unleash Proxy.

As an extra, I'm renaming ProxyController to FrontendAPIController to
better reflect the intent of this controller.
2024-02-20 11:27:21 +01:00
Jaanus Sellin
03929e3031
feat: project applications UI (#6260)
![image](https://github.com/Unleash/unleash/assets/964450/a1129857-820c-4e93-ac59-ef5f4743d774)
2024-02-19 09:50:53 +02:00
Nuno Góis
5f781b4c8f
refactor: better prom metric helper types (#6261)
Improves typing in our Prometheus metric helpers.
2024-02-16 15:11:29 +00:00
Tymoteusz Czech
b02f8005f1
migration: flag-trends - add users column (#6254)
Add `users` column to per-project trends.
2024-02-16 15:42:47 +01:00
Gastón Fournier
7a48fb57a6
feat: permission matrix (PoC) (#6223)
## About the changes
This is a rough initial version as a PoC for a permission matrix. 

This is only available after enabling the flag `userAccessUIEnabled`
that is set to true by default in local development.

The access was added to the users' admin page but could be embedded in
different contexts (e.g. when assigning a role to a user):

![image](https://github.com/Unleash/unleash/assets/455064/3f541f46-99bb-409b-a0fe-13f5d3f9572a)


This is how the matrix looks like

![screencapture-localhost-3000-admin-users-3-access-2024-02-13-12_15_44](https://github.com/Unleash/unleash/assets/455064/183deeb6-a0dc-470f-924c-f435c6196407)

---------

Co-authored-by: Nuno Góis <github@nunogois.com>
2024-02-16 14:31:33 +01:00
Ivar Conradi Østhus
4a81f0932f
fix: Allow AuthType None to use valid API tokens (#6247)
Fixes ##5799 and #5785

When you do not provide a token we should resolve to the "default"
environment to maintain backward compatibility. If you actually provide
a token we should prefer that and even block the request if it is not
valid.

An interesting fact is that "default" environment is not available on a
fresh installation of Unleash. This means that you need to provide a
token to actually get access to toggle configurations.


---------

Co-authored-by: Thomas Heartman <thomas@getunleash.io>
2024-02-16 08:24:56 +00:00
Mateusz Kwasniewski
f0d5c8e3d1
fix: include first day of range in the extended metrics (#6245) 2024-02-16 08:36:25 +01:00
Nuno Góis
e4649e6421
chore: add call incoming webhook rate limit metric (#6252)
Follow up to https://github.com/Unleash/unleash/pull/6248 - Add this
rate limit to metrics.


![image](https://github.com/Unleash/unleash/assets/14320932/6b458f5d-2e13-4ac4-8331-7950e7784585)
2024-02-15 17:05:52 +00:00
David Leek
cb53df6176
chore: emit PROXY_REPOSITORY_CREATED event when creating new repo (#6251)
## About the changes

- Emits a new event on the eventBus when Proxy-service creates a new
repository for a frontend token
- Adds a prometheus metrics counter for created proxy-repositories


![image](https://github.com/Unleash/unleash/assets/707867/85a84fa7-4f03-4dc1-b0ba-3ffd2477045b)
2024-02-15 14:58:48 +01:00
Nuno Góis
ef8d2edcc0
chore: rate limit calling inc webhooks (#6248)
https://linear.app/unleash/issue/2-1942/rate-limit-incoming-webhooks-call-endpoint

Adds a configurable rate limit to calling incoming webhooks. We're
setting a 1RPS limit for now, but I'm open to suggestions.
2024-02-15 10:25:32 +00:00
Jaanus Sellin
8dc27204d1
feat: add gen:api:clean for clean orval schemas (#6244)
Created a build script that generates orval schemas with automatic
cleanup. Also generating new ones.

1. yarn gen:api **(generates schemas)**
2. rm -rf src/openapi/apis **(remove apis)**
3.  sed -i '1q' src/openapi/index.ts **(remove all rows except first)**
2024-02-15 11:45:35 +02:00
Mateusz Kwasniewski
2999f8df2d
fix: remove jitter from time sensitive scheduled jobs (#6240) 2024-02-14 15:10:44 +01:00
Jaanus Sellin
3d77825493
feat: project applications server side paging and sorting and filtering (#6236)
Uses exactly same pattern as search-store. Nothing too crazy here.
Most code is in tests.
2024-02-14 13:03:44 +02:00
Thomas Heartman
7eb9a01bda
chore: extract and export type used by CR emails (#6234)
This change takes the (now rather involved) type used to send CR
schedule suspension emails and extracts it into a proper exported type.

This will allow us to import it in enterprise as well instead of
redefining it.
2024-02-14 10:38:13 +09:00
Thomas Heartman
e366e48b4c
feat: support environment variant updates in email service (#6183)
This change updates the email service's `sendScheduleSuspendedEmail`
method to support environment variants being changed.
2024-02-14 10:11:39 +09:00
Jaanus Sellin
eb5d7a3788
feat: sdk reporting flag and e2e test (#6216)
1. Add flag
2. Add e2e test with more complete example
3. Some bug fixes
2024-02-13 14:13:21 +02:00
Nicolae Socaciu
12d2a1ba63
fix-css-update-for-CR-email-template (#6186)
Fix: removing a css line that was blocking some style
Improvement: clean up some unnecessary comments 

Before the fix:

![image](https://github.com/Unleash/unleash/assets/103567375/7a94c20d-ea7c-40cd-b207-128ab5674e97)


after:

![image](https://github.com/Unleash/unleash/assets/103567375/11ebb46e-c724-4b38-91f6-f2f3e4aff9e6)
2024-02-13 10:16:25 +09:00
Jaanus Sellin
5a75093cbc
feat: project applications e2e PoC (#6189)
1. Adding store layer
2. Updating schemas
3. Refactoring project files that I touched into feature oriented
architecture

Next steps E2E tests.
2024-02-12 16:00:59 +02:00
David Leek
ccd2fee4ee
feat: implement a store for stat_traffic_data (#6190)
## About the changes

Implements a new store for collected traffic data usage that connects to
the new table `stat_traffic_data` primary key'd on [day, trafficGroup,
status_code_series].

Day being a date
Traffic group being which endpoint is being counted for, ie /api/admin,
/api/frontend etc
Status code series grouping 2xx status responses and 304 into their
respective 200 / 300 series.

No service here, this is for pro/enterprise
2024-02-12 08:39:51 +01:00
Fredrik Strand Oseberg
260ef70309
Feat/UI error observability (#6169)
This PR adds an endpoint to Unleash that accepts an error message and
option error stack and logs it as an error. This allows us to leverage
errors in logs observability to catch UI errors consistently.

Considered a test, but this endpoint only accepts and logs input, so I'm
not sure how useful it would be.
2024-02-09 13:07:44 +01:00