1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-11-01 19:07:38 +01:00
Commit Graph

395 Commits

Author SHA1 Message Date
sjaanus
ab5da2116a
Remove timeout from store (#3018) 2023-01-30 12:01:44 +01:00
Mateusz Kwasniewski
d9110b6ce5
refactor: separate scheduling from DI (#3017) 2023-01-30 11:13:17 +01:00
Fredrik Strand Oseberg
1c4ba4cc97
Feat/project stats types (#3012)
Update type for project stats
2023-01-27 17:19:27 +01:00
Fredrik Strand Oseberg
897e97330a
Feat/project stats members (#3009)
This PR adds project members to the project stats and connects the stats
to the UI.
2023-01-27 13:13:41 +01:00
Mateusz Kwasniewski
f8473a243f
exclude tags for other features (#3007) 2023-01-27 11:34:20 +01:00
Fredrik Strand Oseberg
d8a250dc9c
Feat/project status monthly (#2986)
This PR takes the project status API a step further by adding the
capability of providing a date to control the selection. We are
currently making calculations based on a gliding 30 day window, updated
once a day. The initial database structure and method for updating the
UI is outlined in this PR.
2023-01-26 16:13:15 +01:00
Mateusz Kwasniewski
6b9a242be5
upload limit and import ui tweaks (#2998) 2023-01-26 12:36:45 +01:00
Mateusz Kwasniewski
527ed5feaf
filter out unused fields as they fail import validation (#2997) 2023-01-26 09:48:10 +01:00
Mateusz Kwasniewski
decb7f320d
feat: import stage (#2985) 2023-01-25 12:34:28 +01:00
Mateusz Kwasniewski
80c444aa99
cleanup in export and import (#2973) 2023-01-24 14:29:59 +01:00
Christopher Kolstad
c961374b24
task: changing variants blocked by cr (#2966)
## About the changes
This PR adds two new functions that is protected by CR. When used
instead of the current setVariantOnEnv and setVariantsOnEnv if the flag
UNLEASH_EXPERIMENTAL_CR_ON_VARIANTS is set, the call is blocked. This
leaves the old functions, which is used from the CR flow in place, and
adds new methods protected by CR.

Also adds e2e tests verifying that the methods will block requests if CR
is enabled for project:environment pair, as well as not block if CR is
not enabled. Tests already in place should confirm that the default
flow, without the flag enabled just works.
2023-01-24 10:43:10 +01:00
Nuno Góis
ccfc046937
feat: adds the PAT_DELETE event (#2965)
<img width="973" alt="image"
src="https://user-images.githubusercontent.com/14320932/214047789-830adae4-daf1-4761-9b77-a49c9b92d0d8.png">

Adds the `PAT_DELETE` event so we can log the relevant information when
a PAT is deleted.

Should cover the following scenarios:

- User deletes their own PAT;
- Admin deletes another user's PAT;
- Admin deletes a Service Account token;
2023-01-23 15:11:16 +02:00
Gastón Fournier
96c65fc10d
feat: Add ability to push variants to multiple environments (#2914)
## About the changes
This PR adds the ability to push variants to multiple environments
overriding the existing variants.

Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#2254

**Note:** This won't fail if there are variants in other environments, because the operation wouldn't be idempotent. It should have that property because setting variants to 1 or more environments once or twice should not make a difference
2023-01-20 10:30:20 +01:00
Fredrik Strand Oseberg
f4d857285b
feat: status API (#2931)
Initial status API
2023-01-19 13:27:50 +01:00
Nuno Góis
7d73d772df
feat: add the account abstraction logic (#2918)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

Builds on top of https://github.com/Unleash/unleash/pull/2917 by moving
the responsibility of handling both account types from `users` to
`accounts`.

Ideally:
 - `users` - Should only handle users;
 - `service-accounts` - Should only handle service accounts;
 - `accounts` - Should handle any type of account;

This should hopefully also provide a good building block in case we
later decide to refactor this further down the `accounts` path.
2023-01-18 16:08:07 +00:00
Fredrik Strand Oseberg
89163b8719
refactor/clean-up-get-project (#2925)
This PR moves the getProjectOverview method out from the project health
controller. It doesn't make sense that this method lives here anymore,
as over time it has grown into method that relays all information about
a single project. It makes more sense that this now lives on the root of
the project api. Also removes unwanted duplication of getProjectOverview
from the project-service and the project-health-service.
2023-01-18 13:22:58 +01:00
Nuno Góis
d63b3c69fe
feat: adapt user logic to better adapt to SAs (#2917)
https://linear.app/unleash/issue/2-579/improve-user-like-behaviour-for-service-accounts-accounts-concept

<img width="803" alt="image"
src="https://user-images.githubusercontent.com/14320932/213011584-75870595-988d-49bc-a7bf-cd1ffd146bca.png">

Makes SAs behave more like users. 

Even though they share the same `users` database table, the `is_service`
column distinguishes them. This PR makes the distinction a bit less
obvious by not filtering out SAs for some methods in the user store,
returning both account types and their respective account type
information so we can handle them properly on the UI.

We felt like this was a good enough approach for now, and a decent
compromise to move SAs forward. In the future, we may want to make a
full refactor with the `accounts` concept in mind, which we've
experimented with in the
[accounts-refactoring](https://github.com/Unleash/unleash/tree/accounts-refactoring)
branches (both OSS and Enterprise).
 
https://github.com/Unleash/unleash/pull/2918 - Moves this a bit further,
by introducing the account service and store.
2023-01-18 12:12:44 +00:00
sjaanus
16bca1260c
Segment export (#2922)
Segment export
2023-01-18 10:41:22 +02:00
sjaanus
b895c99743
Export features (#2905) 2023-01-17 13:10:20 +02:00
Gastón Fournier
005e5b1d15
fix: found an edge case exporting variants (#2900)
## About the changes
When exporting v3, for variants backward compatibility, we need to find
one featureEnvironment and fetch variants from there.
In cases where the default environment is disabled (therefore does not
get variants per environment when added), it can be still be selected
for the export process. Therefore variants don't appear in the feature
when they should be there.

An e2e test that fails with the previous implementation was added to
validate the behavior

This comes from our support ticket 404
2023-01-13 14:55:57 +01:00
Mateusz Kwasniewski
5569101f30
feat: import feature strategies (#2885) 2023-01-12 15:24:34 +01:00
Gastón Fournier
ce815e5f29
feat: report app names only if below a threshold (#2737)
## About the changes
Introduce a snapshot version of instanceStats inside
instance-stats-service to provide a cached state of the statistics
without compromising the DB.

### Important notes
Some rule-of-thumb applied in the PR that can be changed:
1. The snapshot refresh time
2. The threshold to report appName with the metrics

## Discussion points
1. The snapshot could be limited to just the information needed (things
like `hasOIDC` don't change until there's a restart), to optimize the memory usage
3. metrics.ts (used to expose Prometheus metrics) has a [refresh
interval of
2hs](2d16730cc2/src/lib/metrics.ts (L189-L195)),
but with this implementation, we could remove that background task and
rely on the snapshot
4. We could additionally update the snapshot every time someone queries
the DB to fetch stats (`getStats()` method), but it may increase
complexity without a significant benefit

Co-authored-by: Mateusz Kwasniewski <kwasniewski.mateusz@gmail.com>
Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2023-01-12 11:26:59 +01:00
Mateusz Kwasniewski
be1762d33f
Scheduler abstraction (#2829) 2023-01-11 16:15:53 +01:00
sjaanus
eb7e82dff2
Export with strategies (#2877) 2023-01-11 15:00:20 +00:00
Mateusz Kwasniewski
afdcd45042
feat: first skeleton of the batch import (#2868)
First skeleton of batch import:
* injecting feature toggle service because I want to reuse logic and not
just the store
2023-01-11 15:19:16 +01:00
sjaanus
f3f3a59e5e
Import export (#2865) 2023-01-10 15:59:02 +02:00
Gastón Fournier
58dd09f3e1
fix: export features with variants event when feature is disabled (#2824)
## About the changes
When exporting features one is normally also interested in disabled
features, so they are also included in the export file, while the
variants are not. I do not see a good reason for that, so this PR
removes the check and exports the variants then as well.
I could also add an option as well, but as long as there is no good
reason for ignoring the variants I would just export them with the
features.

This PR adds tests on #2719

Closes #2719

Co-authored-by: Martin Joehren <martin.joehren@esailors.de>
2023-01-05 12:30:07 +02:00
Ivar Conradi Østhus
3a8107ce6e
fix: state-service should always keep api keys (#2552)
We have experienced side-effects where the import was unexpected and
resulted in environments thought to be removed. This had the unexpected
side-effect of also deleting API keys for some environments not part of
the import file.

This commit removes the ability of the state-service to mutate api keys
directly. There is no compelling reasons why we should remove API keys
as part of an import query.

Co-authored-by: Gastón Fournier <gaston@getunleash.ai>
Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2023-01-04 11:24:34 +00:00
Gastón Fournier
bf77182ca7
feat: limit the amount of results coming from Prometheus (#2776)
## About the changes
To avoid showing too much data in the traffic screen, limit the number
of results to `topk`.

## Discussion points
Top 10 is a rule of thumb, but maybe we could do top 25. Until we gather
more data, I believe this should be good enough
2023-01-04 11:00:04 +01:00
sjaanus
bae623d69e
Fix joi failing starting from 17.7.0 release (#2790) 2023-01-03 11:50:00 +02:00
Nuno Góis
88004a6138
feat: allows creation of PATs for other users (#2718)
https://linear.app/unleash/issue/2-530/api-allow-creation-of-pats-for-other-users


![image](https://user-images.githubusercontent.com/14320932/208720680-5d5ccee7-1972-4f5b-8024-3a69d50a571f.png)

Adds and takes into account the following permissions:
 - **READ_USER_PAT**;
 - **CREATE_USER_PAT**;
 - **DELETE_USER_PAT**;
 
 API only, will make some exploration on UI soon.

Co-authored-by: Gastón Fournier <gaston@getunleash.ai>
2023-01-02 10:49:57 +00:00
sjaanus
ec535ad7cc
Make it possible to validate enterprise schema with respondWithValidation (#2781)
Now respondWithValidation<T, S = SchemaId> can be called in oss and
enterprise to validate against needed schema.
2023-01-02 12:08:27 +02:00
Christopher Kolstad
5b66346e56
fixes 2-456: Preserve all data from strategy import (#2720)
## What
Previously when importing strategies we've used the same data type we've
used for creating strategies (the minimal, a name, an optional
description, optional parameters and an optional editable column). This
meant that exporting strategies and then importing them would reactivate
deprecated strategies. This PR changes to allow the import to preserve
all the data coming in the export file.

## Tests
Added four new tests, two new unit tests using our fake stores and two
new e2e tests. Interestingly the ones in the fake store ran green before
this change as well, probably because we just insert the parsed json
object in the fake store, whereas the real store actually converts the
object from camelCasing to the postgresql snake_casing standard.

## Discussion points:
### Mismatch between fake and real stores
This is inevitable since storing things in javascript arrays vs saving
in a real database will have some differences, but this again shows the
value of our e2e tests.

### Invariants
Should we see if we can add some invariants to our import/export so that
we can write some proptests for it? One candidate is commutativity of
import/export. On a fresh database importing and then exporting should
yield the same file that was imported provided all flags are turned on.
Candidate for Q1 improvement of import/export.
2022-12-21 13:33:41 +01:00
sjaanus
a0619e963d
Maintenance mode for users (#2716) 2022-12-21 13:23:44 +02:00
Gastón Fournier
4b519ead4f
perf: Simplify queries to prometheus (#2706)
## About the changes
This PR improves our queries to Prometheus (instead of making multiple queries do only one) and improves the UI and the code. 

The reports aggregate all HTTP methods (GET, POST, PUT, DELETE, OPTIONS, HEAD and PATCH) without distinction under the same "endpoint" (a relative path inside unleash up to a certain depth)

Co-authored-by: Nuno Góis <nuno@getunleash.ai>
2022-12-19 17:06:59 +01:00
Gastón Fournier
2979f21631
feat: expose number of registered applications metric (#2692)
## About the changes
This metric will expose an aggregated view of how many client
applications are registered in Unleash. Since applications are ephemeral
we are exposing this metric in different time windows based on when the
application was last seen.

The caveat is that we issue a database query for each new range we want
to add. Hopefully, this should not be a problem because:
a) the amount of ranges we'd expose is small and unlikely to grow
b) this is currently updated at startup time and even if we update it on
a scheduled basis the refresh rate will be rather sparse

## Sample data
This is how metrics will look like
```
# HELP client_apps_total Number of registered client apps aggregated by range by last seen
# TYPE client_apps_total gauge
client_apps_total{range="allTime"} 3
client_apps_total{range="30d"} 3
client_apps_total{range="7d"} 2
```
2022-12-16 11:16:51 +00:00
Nuno Góis
90f0d665f9
fix: disable networkView for dev, fail more gracefully (#2701)
Disables networkView for dev for now. Attempts to fail more gracefully
both on the service and front-end.
2022-12-15 10:12:02 +00:00
Ivar Conradi Østhus
e01167676c
fix: background frontend settings should not crash tests 2022-12-14 20:24:47 +01:00
Ivar Conradi Østhus
09c87c755f
Fix/remove settings cache (#2694)
In this PR we remove the general SettingService cache, as it will not
work across multiple horizontal unleash instances, events are not
published across.

We also fix the CORS origin to: 
- Access-Control-Allow-Origin set to "*" if no Origin is configured
- Access-Control-Allow-Origin set to "*" if any Origin is configured to
"*"
- - Access-Control-Allow-Origin set to array and have the "cors"
middleware to return an exact match on the user provided Origin.

Co-authored-by: Fredrik Oseberg <fredrik.no@gmail.com>
2022-12-14 17:35:22 +01:00
Nuno Góis
5086ec7921
remove feature flag: tokens last seen (#2673)
https://linear.app/unleash/issue/2-470/clean-up-flag
2022-12-12 14:32:35 +00:00
Gastón Fournier
5fe238c896
task: Expose prometheus metrics (#2586)
## About the changes
This connects our backend with Prometheus (or compatible) metrics
service, and exposes raw data (i.e. acting as a proxy)

Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2022-12-12 14:05:56 +01:00
Gastón Fournier
aa20d2d418
Fix PATCH variants (old endpoint) when variants per environment are enabled (#2591)
## About the changes
This PR addresses some issues when working with variants after migrating
to variants per environment.

**Problem:** since PATCH
`/api/admin/projects/default/features/${featureName}/variants` does not
take into account `featureEnvironments`, when variantsPerEnvironment
gets enabled, this method will override the variants in other
environments (i.e. not doing a patch). This method has to be maintained
because of backward compatibility but it has to be adapted to deal with
variants per environment


https://linear.app/unleash/issue/2-476/when-using-patch-for-variants-without-environments-it-wipes-out

Co-authored-by: Nuno Góis <github@nunogois.com>
2022-12-06 09:47:54 +00:00
Mateusz Kwasniewski
e059b755c9
skip change request (#2598) 2022-12-05 15:38:17 +01:00
Mateusz Kwasniewski
b9290dd5ed
CR applier should be able to create strategy (#2597) 2022-12-05 12:39:13 +01:00
Fredrik Strand Oseberg
bc3744d565
fix: remove stray only (#2589)
This removes stray onlys in our tests and adds a linter rule that will
error if only is present. Also updates the test result of one of our
tests as a result of [this pull
request](https://github.com/Unleash/unleash/pull/2344)
2022-12-02 13:10:39 +01:00
Gastón Fournier
bf0171518c
task: continue to return export v3 when variants per env disabled (#2529)
## About the changes
With the latest changes of variants per environment, we switched to
export schema v4 without having the feature toggle enabled. This moves
the variants to `featureEnvironments` when they were previously in
`features`. The main problem is that it can create confusion as the
exported file has the same variants for each one of the environments but
after importing the file the UI will only show one set of variants
attached to the feature.

With this change, we're maintaining the previous schema until the
feature toggle is enabled.
2022-12-01 11:13:49 +00:00
sjaanus
24fee65f7e
Make single project endpoint also return all features favorites (#2578)
Small update, that single project endpoint would also return features
with favorites.
2022-12-01 09:49:49 +02:00
Tymoteusz Czech
5f88269744
feat: favorite feature table icons (#2525) 2022-11-30 12:44:38 +00:00
sjaanus
65851ba51c
Add favorite events (#2572)
This PR adds 4 new events

1. FAVORITE_FEATURE_ADDED
2.  FAVORITE_FEATURE_REMOVED
3. FAVORITE_PROJECT_ADDED
4. FAVORITE_PROJECT_REMOVED
2022-11-30 14:26:17 +02:00
sjaanus
a22d5f5a43
Favorite project (#2569)
Adds ability to favorite projects.

1. Can favorite project
2. Can unfavorite project
3. Favorite field is returned on `/api/admin/projects/default`
4. Favorite field is returned on` /api/admin/projects`
2022-11-30 13:41:53 +02:00
sjaanus
9ac6b945be
Fix super small text issue (#2473)
Fix super small text issue

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-11-30 09:18:49 +02:00
Nuno Góis
7ce38ffe89
feat: update seen_at pat column (#2516)
https://linear.app/unleash/issue/2-451/update-last-seen-column-for-pats
2022-11-30 08:10:31 +02:00
Nuno Góis
564c287025
Feat update token seen at (#2514)
https://linear.app/unleash/issue/2-448/update-last-seen-column-for-api-tokens

Co-authored-by: Ivar Conradi Østhus <ivar@getunleash.ai>
2022-11-29 19:46:40 +00:00
sjaanus
b32d3d0fee
Favorite features (#2550) 2022-11-29 16:06:08 +01:00
Christopher Kolstad
1ecbc32e14
task: Make operations on the API Token store auditable. (#2531)
## About the changes
We need a way to have an audit log for operations made on Api Tokens.
These changes adds three new event types, API_TOKEN_CREATED,
API_TOKEN_UPDATED, API_TOKEN_DELETED and extends api-token-service to
store these to our event store to reflect the action being taken.
2022-11-28 10:56:34 +01:00
Simon Hornby
0897180af5
fix: resolve an issue where cloning a feature toggle with a segment (#2511)
fix an issue where cloning a feature toggle with a strategy with segments would raise an error but still clone successfully
2022-11-23 15:39:09 +02:00
sjaanus
b071de6742
Add possibility to soft delete users (#2497)
Previously we hard deleted the users, but due to change requests and
possibly other features in future, we really want to hard-link user
table and have meaningful relationships.

But this means, when user is deleted, all linked data is also deleted.
**Workaround is to soft delete users and just clear users data and keep
the relationships alive for audit logs.**

This PR implements this feature.
2022-11-23 09:30:54 +02:00
Simon Hornby
801df6953c
fix: force clone feature to correctly copy variant environments (#2498)
patches an issue where cloning a feature would clone variants for
it's last found environment in the db. This now will clone the feature
environments correctly
2022-11-22 17:00:44 +02:00
Mateusz Kwasniewski
8af64e9370
add events and expose them for webhooks (#2493) 2022-11-22 13:39:15 +01:00
Christopher Kolstad
f937e80272
fix: Updated event to include project (#2491)
### What
Our EnvironmentVariant needs project name so this PR makes sure our
service accepts the project id as one of the arguments.
2022-11-22 09:57:12 +01:00
andreas-unleash
6e5b214475
implement proxy all endpoint (#2460)
Signed-off-by: andreas-unleash <andreas@getunleash.ai>

<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

This PR implements the `all` endpoint of unleash-proxy, by adding an
experimental flag that can control the behaviour

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

<!-- Does it close an issue? Multiple? -->
Closes #

<!-- (For internal contributors): Does it relate to an issue on public
roadmap? -->
<!--
Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#
-->

### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2022-11-21 12:57:07 +02:00
Gastón Fournier
efd47b72a8
feat: Add variants per env (#2471)
## About the changes
Variants are now stored in each environment rather than in the feature
toggle. This enables RBAC, suggest changes, etc to also apply to
variants.

Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#2254

### Important files
- **src/lib/db/feature-strategy-store.ts** a complex query was moved to
a view named `features_view`
- **src/lib/services/state-service.ts** export version number increased
due to the new format

## Discussion points
We're keeping the old column as a safeguard to be able to go back

Co-authored-by: sighphyre <liquidwicked64@gmail.com>
Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
2022-11-21 10:37:16 +01:00
Mateusz Kwasniewski
ac65778cfa
separate protected and unprotected routes (#2466) 2022-11-18 09:29:26 +01:00
Gastón Fournier
dc08f1dadd
fix: broken UI after import (#2447)
fix: broken UI when importing features into environments which are not linked to the feature's project

## Related to
- PR: https://github.com/Unleash/unleash/pull/2209
- Issue: https://github.com/Unleash/unleash/issues/2186
- Issue: https://github.com/Unleash/unleash/issues/2193

## Expected behaviour:
After importing we should see:

![image](https://user-images.githubusercontent.com/455064/202149719-fa74b3b7-3936-443b-9d0e-8f1ca2e779f4.png)

## About the changes
**The problem:** when we import we have projects, features and
environments. Each feature belongs to a project (this is by default and
the imported file enforces that). The links between projects and
features, or projects and environments, depend on us creating those
relationships. When we add a feature to an environment we're not
validating that the project and the environment are connected. Because
of that, in some situations (like in this test), we can end up with a
project with features but no environment.

This breaks a weak constraint we had which is that all projects should
have at least one environment.

**This PR makes the following assumption when importing**: _if a feature
is added to an environment, and that environment is still not linked to
the project that feature belongs to, then the project and environments
have to be linked_. The rationale behind this is that the user couldn't
have generated this export file without the project and environment
being linked together.
2022-11-17 14:05:57 +01:00
andreas-unleash
726ede5cbe
Define exports for enterprise (#2435)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->
This PR sets up exports so that we can import in enterprise with just
"unleash-server".
This will free us to refactor unleash internals without breaking
enterprise

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

<!-- Does it close an issue? Multiple? -->
Closes #

<!-- (For internal contributors): Does it relate to an issue on public
roadmap? -->
<!--
Relates to [roadmap](https://github.com/orgs/Unleash/projects/10) item:
#
-->

### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->
2022-11-17 13:02:40 +02:00
sjaanus
9176ffae1e
Change requests - add multiple reviewers (#2448)
This PR adds implements the frontend and migrations part of multiple
reviewers.

2 UI parts:

1. Configuration to add the count of required approvals
2. Handle multiple approvers in review page.
2022-11-17 11:08:29 +02:00
Fredrik Strand Oseberg
978674e33a
feat: update strategy segments with edit / create strategy (#2420)
* Refactors how we add / edit segments to make it more ergonomic to work with in regards to change requests
2022-11-16 15:35:39 +01:00
sjaanus
3ef0ca580a
Remove change request api protection (#2434)
Remove change request api protection
2022-11-15 14:13:09 +02:00
sjaanus
131ebb931a
Permission guards in existing endpoints interacting with feature toggle configuration (#2418)
This PR adds permission guards for operations.

1. Toggling feature flag
2. Adding a strategy
3. Updating a strategy
4. Deleting a strategy
2022-11-14 15:05:26 +02:00
Nuno Góis
2fa154a3e4
Update environments (#2339)
https://linear.app/unleash/issue/2-357/update-environments-pages
2022-11-11 10:24:56 +00:00
Ivar Conradi Østhus
325cd34c0c
fix: remove 'fixHourMetrics' flag 2022-11-09 22:45:30 +01:00
Thomas Heartman
f5fb7b66d1
Fix: validate that the project is correct when getting feature by project (#2344)
## What

This PR fixes a bug where fetching a feature toggle via the
`/api/admin/projects/:projectId/features/:featureName` endpoint doesn't
validate that the feature belongs to the provided project. The same
thing applies to the archive functionality. This has also been fixed.

In doing so, it also adds corresponding tests to check for edge cases,
updates the 403 error response we use to provide clearer steps for the
user, and adds more error responses to the OpenAPI documentation.

## Why

As mentioned in #2337, it's unexpected that the provided project
shouldn't matter at all, and after discussions internally, it was also
discovered that this was never intended to be the case.

## Discussion points

It might be worth rethinking this for Unleash v5. Why does the features
API need the projects part at all when features are unique across the
entire instance? Would it be worth reverting to a simpler feature API
later or would that introduce issues with regards to how different
projects can have different active environments and so on?

### Further improvements

I have _not_ provided schemas for the error responses for the endpoints
at this time. I considered it, but because it would introduce new schema
code, more tests, etc, I decided to leave it for later. There's a
thorough OpenAPI walkthrough coming up, so I think it makes sense to do
it as part of that work instead. I am happy to be challenged on this,
however, and will implement it if you think it's better.

### Why 403 when the project is wrong?

We could also have used the 404 status code for when the feature exists
but doesn't belong to this project, but this would require more (and
more complex) code. We also already use 403 for cases like this for
post, patch, and put. Finally, the [HTTP spec's section on the 403
status code](https://httpwg.org/specs/rfc9110.html#status.403) says the
following (emphasis mine):

> The 403 (Forbidden) status code indicates that the server
**_understood the request but refuses to fulfill it_**. A server that
wishes to make public why the request has been forbidden can describe
that reason in the response content (if any).
>
> If authentication credentials were provided in the request, the server
considers them insufficient to grant access. The client SHOULD NOT
automatically repeat the request with the same credentials. The client
MAY repeat the request with new or different credentials. However, **_a
request might be forbidden for reasons unrelated to the credentials_**.

As such, I think using 403 makes sense in this case.

---

Closes #2337.
2022-11-08 13:34:01 +01:00
Ivar Conradi Østhus
2d2d6f268a
fix: generate all hour buckets if missing (#2319) 2022-11-04 09:30:02 +01:00
Nuno Góis
9fb431aab7
fix: limit total of PATs a user can have (#2301)
* fix: limit total of PATs a user can have

* increase PAT limit to 10

* Update src/lib/services/pat-service.ts

Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>

* disable button on the front-end when PAT limit is reached

* import from server instead of repeating ourselves

Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2022-11-02 08:11:35 +00:00
sjaanus
e3a185d650
Hard cap expiry date of public signup token (#2308)
Validate expiry
2022-11-01 11:38:18 +02:00
sjaanus
c501fb221c
Hyperlink Injection in People Invitation Emails (#2307)
* Strip special characters

* Allow hyphens
2022-11-01 10:38:33 +02:00
Ivar Conradi Østhus
cf4fc2303b
Feat/stats service (#2211)
Introduces an instance stats service exposing usage metrics of the Unleash installation.
2022-10-25 13:10:27 +02:00
sellinjaanus
726674ea3e
UX additions to groups SSO syncing (#2200)
* Initial commit

* Fix snapshot

* Fixes

* Small fix

Co-authored-by: sjaanus <sellinjaanus@gmail.com>
2022-10-20 10:47:19 +03:00
sellinjaanus
8618cec832
Import of feature still showing env on feature, when environment is disabled on project (#2209)
* Import state test

* Update importer

Co-authored-by: sjaanus <sellinjaanus@gmail.com>
2022-10-19 15:05:07 +03:00
sellinjaanus
4068e4749f
Fix all groups being removed, even when no external groups were defined (#2197)
* Syncing groups

* Add tests

* Fix all groups being removed

Co-authored-by: sjaanus <sellinjaanus@gmail.com>
2022-10-17 11:44:36 +03:00
Ivar Conradi Østhus
1f0fa6abfe
fix: filter empty metrics before we collect last seen toggles. (#2172)
* fix: filter empty metrics before we collect last seen toggles.

fixes: #2104

* fix: add a last-seen service to batch last-seen toggle updates

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-10-17 09:06:59 +02:00
Nuno Góis
076a007b42
fix: PATs should have an unique description (per user) (#2191)
* fix: PATs should have an unique description

* add pat validation on the back-end service

* Update src/lib/services/pat-service.ts

Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>

* fix: only consider current user's PATs

* fix tests

* cleanup

* Update frontend/src/component/user/Profile/PersonalAPITokensTab/CreatePersonalAPIToken/CreatePersonalAPIToken.tsx

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Update src/test/e2e/api/admin/user/pat.e2e.test.ts

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-10-14 13:28:29 +01:00
sjaanus
06ebe4fca0
Syncing external groups with unleash group (#2194)
* Syncing groups

* Add tests
2022-10-14 13:08:14 +03:00
andreas-unleash
64b8df7ee0
fixed segments not being copied (#2105)
* fixed segments not being copied

* fix fmt

* bug fix

* return segmentId[] when getting a feature strategy

* do not return segments if they are not there

* Update src/lib/services/feature-toggle-service.ts

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>

* fix lint

* fix: more explicit column sorting and bug fix

* update snapshot

* rollback

* add segment ids to feature strategies

* bug fix

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-10-10 15:32:34 +03:00
sjaanus
c105ca02f1
Change PAT primary key from string to number (#2163)
* Update primary key

* Fix tests
2022-10-10 13:35:12 +03:00
Ivar Conradi Østhus
a09c6313b1
fix: auto add stratgy when enabling empty env. (#2137) 2022-10-05 23:33:36 +02:00
sjaanus
ddc759ac63
Add some extra fields for profile (#2119)
First version
2022-09-30 14:36:45 +03:00
Tymoteusz Czech
47152cf05b
Feat/invite user (#2061)
* refactor: user creation screen cleanup

* feat: deprecation notice for google sso

* fix: docs openid typo

* invite link bar

* invite link page

* fix prettier docs

* regenerated openapi

* hooks for invite page api

* update openapi

* feat: invite link update

* feat: add public signup token soft-delete

* public signup frontend feature flag

* fix: new user api issues

* feat: allow for creating new user from invite link

* Feat/invite user public controller (#2106)

* added PublicInviteController for public urls

* added PublicInviteController for public urls

* added PublicInviteController for public urls

* added PublicInviteController for public urls

* fix test

* fix test

* update openapi

* refactor: password reset props

* fix: public invite schema and validation

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>

* user invite frontend

Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>

* invite link delete confirmation dialog

* refactor: password reset action

* fix: new user invite loading state

* fix: run ts check with ci

* revert openapi changes

* fix: invite token api interface

* fix: openapi schema index

* fix: update test snapshots

* update frontend snapshot

* fix: prettier ci

* fix: updates after review

Co-authored-by: andreas-unleash <104830839+andreas-unleash@users.noreply.github.com>
Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2022-09-30 13:01:32 +02:00
sjaanus
ec7e256140
Backend for profile page (#2114)
* First version of profile

* Fix tests

* Fix typings

* Replace where to andwhere to be more clear
2022-09-29 16:27:54 +03:00
sjaanus
d79ace57ec
Personal access token middleware (#2069)
* Middleware first version

* Middleware tests

* Add tests

* Finish middleware tests

* Add type for request

* Add flagresolver

* Fix snapshot

* Update flags and tests

* Put it back as default

* Update snapshot
2022-09-28 16:53:56 +03:00
Fredrik Strand Oseberg
7fbe227e0f
Fix/frontendapi synchronization (#2100)
* feat: add db fetch polling for proxy endpoints

* feat: add test for retrieving cache on interval

* feat: configurable interval

* fix: add config options

* feat: docs

* fix: add config to proxy-repository

* fix: update snapshots

* Update website/docs/reference/front-end-api.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* fix: update docs

* Update website/docs/deploy/configuring-unleash.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

* Update website/docs/reference/front-end-api.md

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>

Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
2022-09-28 14:23:41 +02:00
Tymoteusz Czech
0086f2f19f
Fix: prevent password reset email flooding (#2076)
* fix: prevent password reset email flooding

* feat: add tests to user service for password reset
2022-09-28 10:24:43 +02:00
andreas-unleash
aa589b5ff5
Fix/oas response (#2068)
* bug fix

* bug fix

* remove doc file

* store fixes

* bug fix

* rollback deleted file

* fix test

* add url to token

* return all tokens not just active

* add url fix

* PR comment

* PR comment

* PR comment

* add the flag to the experimental options

* fix env var name
2022-09-26 13:06:30 +03:00
Thomas Heartman
97c2b3c089
openapi: improve validation testing (#2058)
## What

This PR adds an extra layer of OpenAPI validation testing to what we already have. It also fixes any issues that make the new tests fail.

## Why

While the current OpenAPI validation takes care of _some_ things, there's also things it misses, as shown by #2055. By adding the OpenAPI Enforcer package, we should hopefully be able to catch more of these errors in the future. The enforcer _does_ flag the issue in #2055 as an error.

## How

By adding the OpenAPI Enforcer package and making whatever changes it picks up on.

By adding location headers to all our 201 endpoints. I also had to change some signatures on `create` store methods so that they actually return something (a lot of them just returned `void`).

## Discussion points

### Code changes

Some of the code changes may not be necessary or we may want to change more code to align with what changes have been done. It may be worth standardizing on a pattern for `*store.create` methods, so that they always return an identifier or the stored object, for instance.

### On relative URIs

The 201 location headers use relative URIs to point to the created resources. This seemed to be the easiest way to me, as we don't need to worry about figuring out what the absolute URL of the instance is (though we could probably just concat it to the request URI?). The algorithm for determining relative URIs is described in [RFC 3986 section 5](https://www.rfc-editor.org/rfc/rfc3986#section-5).

There's also some places where I'm not sure we _can_ provide accurate location url. I think they're supposed to point _directly at_ whatever the resource is, but for some resources (such as api tokens), you can only get it as part of a collection. From [RFC 9110 on the location field](https://httpwg.org/specs/rfc9110.html#field.location) (emphasis mine):

> the Location header field in a [201 (Created)](https://httpwg.org/specs/rfc9110.html#status.201) response is supposed to provide a URI that is **specific** to the created resource.

A link to a collection is not specific. I'm not sure what best to do about this.

### Inline comments

I've added a number of inline PR comments that I'd love to get some feedback on too. Have a look and let me know what you think!

### Unfinished business

I've added some juicy comments to some of the files here. They contain non-blocking issues that I'm tracking (via github issues). We should resolve them in the future, but right now they can stay as they are. 

## Commits

* Feat: add openapi-enforcer + tests; fix _some_ issues

* Test: allow non-standard string formats

* validation: fix _some_ 201 created location header endpoints

* #1391: fix remaining 201 location headers missing

* Refactor: use the ajv options object instead of add* methods

* #1391: flag validation errors and warnings as test failures

* #1391: modify patch schema to specify either object or array

We don't provide many patch endpoints, so we _could_ create separate
patch operation objects for each one. I think that makes sense to do
as part of the larger cleanup. For now, I think it's worth to simply
turn it into one of these. While it's not entirely accurate, it's
better than what we had before.

* Refactor: make tests easier to read

* #1391: use enum for valid token types

This was previously only a description. This may seem like a breaking
change because OpenAPI would previously accept any string. However,
Joi also performs validation on this, so invalid values wouldn't work
previously either.

* #1391: Comment out default parameter values for now

This isn't the _right_ way, but it's the pragmatic solution. It's not
a big deal and this works as a stopgap solution.

* #1391:  add todo note for api token schema fixes

* #1391: update snapshot

* Revert "#1391: modify patch schema to specify either object or array"

This reverts commit 0dd5d0faa1.

Turns out we need to allow much more than just objects and arrays.
I'll leave this as is for now.

* Chore(#1391): update comment explaining api token schema TODO

* #1391: modify some test code and add comment

* #1391: update tests and spec to allow 'any' type in schema

* Chore: remove comment

* #1391: add tests for context field stores

* #1391: add location header for public signup links

* #1391: fix query parameter description.

There was indeed a bug in the package, and this has been addressed
now, so we can go back to describing the params properly.
2022-09-23 15:02:09 +02:00
Christopher Kolstad
667fb9a8cf
fix: deletes all sessions for user on logout (#2071)
* fix: deletes all sessions for user on logout
2022-09-23 14:19:17 +02:00
sjaanus
1cf42d6527
Personal access tokens backend (#2064)
* First version ready

* Final

* Refactor

* Update pat store

* Website revert

* Website revert

* Update

* Revert website

* Revert docs to main

* Revert docs to main

* Fix eslint

* Test

* Fix table name
2022-09-16 10:54:27 +03:00
Christopher Kolstad
c52cec5df4
fix: Do not call store function in constructor 2022-09-15 09:48:14 +02:00
andreas-unleash
6778d347cd
PublicSignupTokens (#2053)
* PublicSignupTokens

* bug fix

* bug fixes and test

* bug fixes and test

* bug fixes and test

* Add feature flag

* tests

* tests

* Update 20220908093515-add-public-signup-tokens.js

Bug Fix

* task: use swc instead of ts-jest (#2042)

* Add a counter for total number of environments (#1964)

* add groupId to gradual rollout template (#2045)

* add groupId to gradual rollout template

* FMT

* Improve tabs UI on smaller devices (#2014)

* Improve tabs UI on smaller devices

* Improve tabs UI on smaller devices

* bug fix

* add proper scrollable tabs

* removed centered from Tabs (conflicts with scrollable)

* PR comments

* 4.15.0-beta.10

* Fix broken doc links (#2046)

## What

This PR fixes some broken links that have been hanging around in the
docs for what seems like a very long time.

## Why

As discovered by the link check in #1912, there are a fair few broken
links in the docs. Everyone hates broken links because it makes it
harder to understand what they were supposed to be pointing at.

## How

There are 3 types of links that have been fixed:
- Links that should have been internal but were absolute. E.g.
  `https://docs.getunleash.io/path/article` that should have been
  `./article.md`
- External links that have changed, such as Slack's API description
- GitHub links to files that either no longer exist or that have been
  moved. These links generally pointed to `master`/`main`, meaning
  they are subject to change. They have been replaced with permalinks
  pointing to specific commits.

-----

* docs: fix slack api doc link

* docs: update links in migration guide

* docs: fix broken link to ancient feature schema validation

* docs: update links to v3 auth hooks

* docs: update broken link in the go sdk article

* Fix: use permalink for GitHub link

* docs: fix wrong google auth link

* 4.15.0

* 4.15.1

* docs: update link for symfony sdk (#2048)



The doc link appears to have pointed at an address that is no longer reachable. Instead, let's point to the equivalent GitHub link

Relates to and closes #2047

* docs: test broken links in website (#1912)

The action triggers manually as a first step to test this functionality. In the near future, we might schedule it

* Schedule link checker action (#2050)

Runs at 12:30 UTC on Mon, Tue, Wed, Thu and Fri

* fix: add env and project labels to feature updated metrics. (#2043)

* Revert workflow (#2051)

* update snapshot

* PR comments

* Added Events and tests

* Throw error if token not found

Co-authored-by: Christopher Kolstad <chriswk@getunleash.ai>
Co-authored-by: Thomas Heartman <thomas@getunleash.ai>
Co-authored-by: Gastón Fournier <gaston@getunleash.ai>
Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com>
Co-authored-by: sjaanus <sellinjaanus@gmail.com>
2022-09-14 15:29:12 +03:00
Fredrik Strand Oseberg
721cd20b5d
feat: add method for migrating proxies without environment validation (#2056) 2022-09-12 13:22:23 +00:00
Christopher Kolstad
8648649047
task: use swc instead of ts-jest (#2042) 2022-09-06 13:22:41 +02:00