1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Commit Graph

4024 Commits

Author SHA1 Message Date
Thomas Heartman
5417662f5a
chore: add metrics for conflict creation detection (#6022)
This PR adds a 'change-request-conflict-created' event whenever someone
save a strategy update for a strategy that's used in either pending or
scheduled change requests.

Data for pending change requests will only be sent if change requests
are enabled. Data for scheduled change requests will be sent regardless.

Getting this data is somewhat involved, so I've extracted as much of the
logic into a separate file as possible.

The event re-uses the existing `change_request` metric and sends the
following data for each change request that we discover conflicts on:

```ts 
{
  state: ChangeRequestState,
  changeRequest: string, // <unleash identifier>#<change request id>
  action: 'edit-strategy',
  eventType: 'conflict-created'
}
```

There's only one action for this for now, but we could expand this event
to things such as strategy deletion, feature archival, in the future.
That said, I'd be happy to take it out.

## Discussion points

### Has the strategy actually been updated?

This does not check whether a strategy has actually changed before
emitting the event, only that you save your strategy changes.

This assumes that most people will simply close the modal by
clicking/tapping outside it or using the escape key instead of pressing
save.

However, it will likely lead to some false positives. If we think that
is an issue, I would suggest adding a check that something in the
strategy has actually changed in a follow-up PR.
2024-01-31 18:56:56 +09:00
Tymoteusz Czech
d77e5391ed
refactor: FlagsChart and FlagsProjectChart components (#6087)
Co-authored-by: Fredrik Strand Oseberg <fredrik.no@gmail.com>
2024-01-31 09:50:50 +00:00
Tymoteusz Czech
e6ccd83739
refactor: LineChart component (#6072)
Initial version of a reusable trend chart, with a tooltip and vertical highlight
2024-01-31 10:07:29 +01:00
Jaanus Sellin
d7eb950f3a
chore: remove featureSearchAPI flag (#6081) 2024-01-31 10:01:31 +02:00
Fredrik Strand Oseberg
aae1d0576f
feat: add project flags component (#6070)
This PR adds project flags line chart component
2024-01-31 08:48:10 +01:00
Jaanus Sellin
c6a2303026
chore: remove featureSearchFrontend flag (#6066) 2024-01-31 09:22:26 +02:00
Tymoteusz Czech
c9ac4916e8
feat: executive dashboard responsive grid (#6069)
- unified "Widget" component
- column order dependent on screen width
2024-01-30 17:02:13 +01:00
Ivar Conradi Østhus
38df2e1831
fix: add instanceName to license display (#6065)
## About the changes
- Shows the instanceName from the license
- add new feature flag `enableLicenseChecker` used to enforce a valid
license.
2024-01-30 11:05:27 +01:00
Fredrik Strand Oseberg
7d6d4064a8
feat: connect dashboard static widgets to data (#6062)
This PR connects the static widgets to actual data
2024-01-30 10:07:16 +01:00
Jaanus Sellin
2643ac1356
feat: add CR id to plausible events (#6035)
Added conflict count to CR metrics and CR id.

Something to think about:
There was idea that we can aggregate this data based on CR id, but CR id
is just a number from 0 to x. So it will not be unique across instances.

---------

Co-authored-by: Thomas Heartman <thomas@getunleash.io>
2024-01-30 10:38:39 +02:00
Tymoteusz Czech
46fb40ca08
fix: dashboard layout (#6063)
Align widgets properly on main screen. Responsive view in next PRs
2024-01-30 09:00:06 +01:00
Mateusz Kwasniewski
8a7e65eaa6
refactor: cleanup fix for persistent set (#6060) 2024-01-29 12:33:01 +01:00
Nuno Góis
c1046079dd
chore: actions modal form (#6057)
https://linear.app/unleash/issue/2-1882/ui-add-actions-modal-and-form

Adds actions modal and form, allowing users to create and edit actions.

The main thing that is missing is adding the remaining fields, which
will be included in a later PR.
2024-01-29 11:15:29 +00:00
Nuno Góis
7da9232516
refactor: add temporary ts-expect-error to setGlobalStore in setHiddenEnvironments 2024-01-29 10:26:00 +00:00
Mateusz Kwasniewski
ce219f1b74
fix: hidden envs (#6050) 2024-01-26 17:03:10 +01:00
Tymoteusz Czech
61c6583e24
Feat/dashboard chart tooltip (#6038)
Initial version of new chart tooltip
2024-01-26 14:33:11 +01:00
Fredrik Strand Oseberg
4a025a4b4b
feat: flag widget (#6047)
This PR adds the flag widget:

<img width="333" alt="Skjermbilde 2024-01-26 kl 14 16 19"
src="https://github.com/Unleash/unleash/assets/16081982/57b8c312-fcd5-4a3f-85f7-76514c671912">
2024-01-26 14:22:16 +01:00
Nuno Góis
6ee4d2724e
fix: actions table UI improvements (#6042)
Includes some small fixes and improvements to the actions table UI:
 - Fix webhook icon not properly loading
 - Make actions execution param names bold in the tooltip
 - Make filters param names bold in the tooltip
2024-01-26 09:52:19 +00:00
Nuno Góis
32484460ef
chore: project actions table (#6039)
https://linear.app/unleash/issue/2-1877/ui-add-actions-table

Implements the new project actions table.


![image](https://github.com/Unleash/unleash/assets/14320932/2ce96669-4b8f-46cd-9a87-8b14f0682694)


![image](https://github.com/Unleash/unleash/assets/14320932/d73327f2-1e1a-4d57-8ef8-1f4518c4b5d9)


![image](https://github.com/Unleash/unleash/assets/14320932/27b9ffab-4fff-4fdf-808f-b778987fa198)
2024-01-26 08:20:30 +00:00
Tymoteusz Czech
00b3cbaa8b
Dashboard API hook (#5990)
Data fetching for dashboard

https://linear.app/unleash/issue/1-1969/dashboard-users-chart-api-hook
2024-01-26 09:03:12 +01:00
Fredrik Strand Oseberg
9ac1c88bd4
feat: new user widget (#6037)
Preliminary code for executive dashboard user widget
2024-01-25 14:43:59 +01:00
Jaanus Sellin
b0ecfd4d34
feat: add plausible change-requests-conflicts (#6024) 2024-01-24 21:46:08 +02:00
Christopher Kolstad
17d826ddf4
task: Add banner encouraging edge upgrade (#6018)
Only triggers if there is any rows in client instances that have

    sdk_version: unleash-edge with version < 17.0.0

The function that checks this memoizes the check for 10 minutes to avoid
scanning the client instances table too often.
2024-01-24 14:22:48 +00:00
Jaanus Sellin
e4ca8a3e6c
feat: track search bar events (#6021)
Adding tracking for 2 views, when users use the new search. 

For features view and project view.
2024-01-24 14:23:23 +02:00
Nuno Góis
5d1d428746
chore: project actions tab (#6009)
https://linear.app/unleash/issue/2-1858/add-new-actions-tab-to-project-settings

Adds the new actions tab to project settings, hidden behind the
`automatedActions` feature flag.


![image](https://github.com/Unleash/unleash/assets/14320932/594ed7e0-6e1a-464e-b649-bee368e14aea)
2024-01-24 10:05:04 +00:00
Thomas Heartman
01318b11ea
fix: show the updated value instead of the snapshot value (#5989)
This PR fixes a bug in the displayed value of the conflict list so that
it shows the value it would update to instead of the snapshot value.

In doing so, it updates the logic of the algorithm to:

1. if the snapshot value and the current value are the same, it's not a
conflict (it's an intended change)
2. If the snapshot value differs from the current value, it is a
conflict if and only if the value in the change differs from the current
value. Otherwise, it's not a conflict.

The new test cases are:
- it shows a diff for a property if the snapshot and live version differ
for that property and the changed value is different from the live
version
- it does not show a diff for a property if the live version and the
change have the same value, even if the snapshot differs from the live
version
- it does not show a diff for a property if the snapshot and the live
version are the same
2024-01-24 12:39:41 +04:00
Nuno Góis
13a9b1bc13
fix: project settings title (#6011)
Small fix to the project settings title, correcting it and making it
consistent.
2024-01-24 08:38:13 +00:00
Nuno Góis
7413a1ee1a
chore: add support for project and environment in PermissionGuard (#6008)
I noticed some manual `hasAccess` usages in permission guards due to the
fact that `PermissionGuard` does not accept `project` and `environment`.
This PR adds this support to `PermissionGuard` so we can adapt these
`hasAccess` checks to use it instead, adding consistency and cleaning
things up.

This PR does not include these adaptations however, it only adds the
optional properties to the component. We can address these at a later
point.
2024-01-24 08:20:38 +00:00
Tymoteusz Czech
68eb3dec07
fix: upgrade unleash-client to v5.3.0 (#5800) 2024-01-24 09:12:07 +01:00
Mateusz Kwasniewski
156ba39b42
fix: strategy screen re-rendering table bug (#6006) 2024-01-23 15:49:13 +01:00
Mateusz Kwasniewski
48ef88b4fa
test: variant edit corner cases (#5998) 2024-01-23 10:38:31 +01:00
Mateusz Kwasniewski
3fd735ac7e
fix: move useEffect before renders (#5995) 2024-01-23 09:32:48 +01:00
Mateusz Kwasniewski
5305c868e5
fix: update stickiness between tabs (#5991)
Fixes a bug where stickiness update to the main strategy would not propagate to strategy variants
2024-01-23 08:58:06 +01:00
Nuno Góis
0847c2e52c
chore: add new action hooks (#5992)
https://linear.app/unleash/issue/2-1857/create-new-action-hooks-on-the-frontend

Adds action hooks to help us with CRUD operations on the frontend,
similar to https://github.com/Unleash/unleash/pull/5788 and
https://github.com/Unleash/unleash/pull/5790
2024-01-22 17:31:04 +00:00
Christopher Kolstad
8256c2eaf2
task: Use fine-grained project permissions in frontend (#5974)
Connected to [#5932](https://github.com/Unleash/unleash/pull/5932) -
This starts using the new permissions in addition to the old
UPDATE_PROJECT permission. That way, if you're happy with
UPDATE_PROJECT, you don't need to change.

However, you can now add more fine grained permissions for both READ and
WRITE operations.
2024-01-22 15:34:10 +01:00
Tymoteusz Czech
b7483e8989
chore: generate frontend openapi types (#5988)
Update for dashboard types
2024-01-22 14:16:07 +01:00
Thomas Heartman
fd91cd1771
fix: don't use kebab-case for properties (#5979)
These are apparently unsupported in css objects and using the camelCased (or PascalCased) versions was the suggested fix.
2024-01-22 12:26:25 +00:00
Fredrik Strand Oseberg
60d2176efa
feat: add option to use variants with feedback (#5986)
This PR will allow us to use a feature flag with variants to control
whether or not we should show the comments field of the feedback form.
This will allow us to see whether we can increase feedback collection if
we reduce the load on the customer.
2024-01-22 13:14:27 +01:00
Mateusz Kwasniewski
055bab8e7c
feat: include number of flags chart (#5987) 2024-01-22 12:15:49 +01:00
Mateusz Kwasniewski
c9b99f41cf
feat: number of flags component (#5984) 2024-01-22 11:47:15 +01:00
Thomas Heartman
312a40ce1c
refactor: prefer 'span' to 'div' in the badge element (#5981)
This changes the badge element to prefer spans instead of divs. The
primary difference between spans and divs is that spans are inline and
divs are block. Styling-wise, we override the display property anyway.
Semantically, most all of the badges are used inline instead of on
their own block level, so this change seems sensible. You can still
provide `div` as the `as` prop if you need to.
2024-01-22 14:44:26 +04:00
Tymoteusz Czech
ec1439e171
Feat: dashboard users chart frontend (#5980)
Users chart with tooltip and legend
2024-01-22 11:07:38 +01:00
Thomas Heartman
edf3cad092
fix: add keys to the features cell component (#5978)
This PR adds the `key` property to the features cell component where it
renders lists of flags. This fixes a few rendering errors we've been
getting in the console.
2024-01-22 07:57:38 +00:00
Thomas Heartman
f7c8180145
Chore: omit snapshot property from event payload (#5972)
This PR hides the "snapshot" data from the diff overview we show in the
UI in a change request.
2024-01-22 11:13:49 +04:00
Thomas Heartman
0bb709a718
feat: show changes that would be overwritten in change request overview UI (#5964)
This PR adds a first, rough iteration of what it could look like to show
changes that would be overwritten by applying a PR.

The changes are listed in a table (semantically; looks more like a list
visually) and show the property, the current live value and the version
that you have in your changes. The changes are hidden by default, but
can be shown by expanding a details element.

@nicolaesocaciu Suggested that we merge this version for now and iterate
on the design later.

Here's what it looks like closed:

![image](https://github.com/Unleash/unleash/assets/17786332/3a641642-0537-4e7a-aeca-b3d3df6b8e31)

Here's what it looks like with a typical change load:

![image](https://github.com/Unleash/unleash/assets/17786332/b7aa7265-d1c7-4b6b-a9a2-f58cb966f25c)


Here's what it looks like if you change more or less every property
changed:

![image](https://github.com/Unleash/unleash/assets/17786332/4d94ab69-86ed-4c3e-be6a-6890c654e37e)
2024-01-22 11:13:38 +04:00
renovate[bot]
8f4780c52f
chore(deps): update dependency vite to v5.0.12 [security] (#5977)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev)
([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) |
[`5.0.11` ->
`5.0.12`](https://renovatebot.com/diffs/npm/vite/5.0.11/5.0.12) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.0.11/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.0.11/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-23331](https://togithub.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw)

### Summary
[Vite dev server
option](https://vitejs.dev/config/server-options.html#server-fs-deny)
`server.fs.deny` can be bypassed on case-insensitive file systems using
case-augmented versions of filenames. Notably this affects servers
hosted on Windows.

This bypass is similar to
https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area
reduced to hosts having case-insensitive filesystems.

### Patches
Fixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17

### Details
Since `picomatch` defaults to case-sensitive glob matching, but the file
server doesn't discriminate; a blacklist bypass is possible.

See `picomatch` usage, where `nocase` is defaulted to `false`:
https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632

By requesting raw filesystem paths using augmented casing, the matcher
derived from `config.server.fs.deny` fails to block access to sensitive
files.

### PoC
**Setup**
1. Created vanilla Vite project using `npm create vite@latest` on a
Standard Azure hosted Windows 10 instance.
    - `npm run dev -- --host 0.0.0.0`
- Publicly accessible for the time being here: http://20.12.242.81:5173/
2. Created dummy secret files, e.g. `custom.secret` and `production.pem`
3. Populated `vite.config.js` with
```javascript
export default { server: { fs: { deny: ['.env', '.env.*', '*.{crt,pem}', 'custom.secret'] } } }
```

**Reproduction**
1. `curl -s http://20.12.242.81:5173/@&#8203;fs//`
- Descriptive error page reveals absolute filesystem path to project
root
2. `curl -s
http://20.12.242.81:5173/@&#8203;fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js`
    - Discoverable configuration file reveals locations of secrets
3. `curl -s
http://20.12.242.81:5173/@&#8203;fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT`
- Secrets are directly accessible using case-augmented version of
filename

**Proof**
![Screenshot 2024-01-19
022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)

### Impact
**Who**
- Users with exposed dev servers on environments with case-insensitive
filesystems

**What**
- Files protected by `server.fs.deny` are both discoverable, and
accessible

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

### [`v5.0.12`](https://togithub.com/vitejs/vite/releases/tag/v5.0.12)

[Compare
Source](https://togithub.com/vitejs/vite/compare/v5.0.11...v5.0.12)

Please refer to
[CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v5.0.12/packages/vite/CHANGELOG.md)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-20 01:38:23 +00:00
Thomas Heartman
01a38becb3
fix: handle title diffing correctly in strategy change diffs (#5971)
A strategy title can be either an empty string or undefined on the
type we use in the frontend. In the snapshot it can be an empty
string, null (presumably), and undefined.

This change updates the diffing logic to handle the various title diff
cases correctly. It also updates the type used for the snapshot to
reflect this.
2024-01-19 18:56:46 +04:00
Nuno Góis
77fcc9e840
fix: incoming webhooks form UI adjustments (#5973)
Small UI improvements in the new incoming webhooks form after aligning
with @nicolaesocaciu.


![image](https://github.com/Unleash/unleash/assets/14320932/6f829863-ab94-4d35-a1d7-d8722e8ec159)
2024-01-19 14:50:54 +00:00
andreas-unleash
dda0fd3fd4
Fix: losing redirect on provider login (#5970)
Fixes the initial redirect to take into account the value from session
storage

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-01-19 14:31:42 +02:00
Mateusz Kwasniewski
84e341bbb7
feat: show select all button when more than 1 item (#5965) 2024-01-19 11:26:03 +01:00