1
0
mirror of https://github.com/Unleash/unleash.git synced 2024-12-22 19:07:54 +01:00
Commit Graph

10353 Commits

Author SHA1 Message Date
Christopher Kolstad
3acdfc2cf4
task: Make /edge/metrics toggleable by toggle (#6003)
Previously we used a killswitch and returned 404 if the feature was
enabled. This flips that to a default disabled toggle, that has to be
turned on to handle old Edge (pre 17.0.0) posting bulk metrics
2024-01-24 14:09:03 +01:00
Nnenna Ndukwe
1f7c7940b4
Feature Flags with Python Tutorial (#6016)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->

A new tutorial to get developers to implement feature flags into a
Python Flask app.
We have steps that guide them through the process using a simple
full-stack survey app.

Based off of a reviewed [Google Doc
here](https://docs.google.com/document/d/1YlG-TyQcMEyUrMjiWlYrd-J5DXog5ErbvSKAyuzKAnU/edit#heading=h.ryvmv14764i3)

The tutorial can go live in the docs nav in a new Python section, where
the Python examples will follow.


### Important files
<!-- PRs can contain a lot of changes, but not all changes are equally
important. Where should a reviewer start looking to get an overview of
the changes? Are any files particularly important? -->


`website/docs/feature-flag-tutorials/python/implementing-feature-flags.md`


## Discussion points
<!-- Anything about the PR you'd like to discuss before it gets merged?
Got any questions or doubts? -->

---------

Co-authored-by: Simon Hornby <liquidwicked64@gmail.com>
2024-01-24 08:00:33 -05:00
Jaanus Sellin
e4ca8a3e6c
feat: track search bar events (#6021)
Adding tracking for 2 views, when users use the new search. 

For features view and project view.
2024-01-24 14:23:23 +02:00
Nuno Góis
331033408c
fix: flag resolver get variant (#6020)
https://linear.app/unleash/issue/2-1880/fix-flag-resolver-getvariant-behavior

Fixes the flag resolver `getVariant` behavior when there's a variant
object set in `experimental` - The flag resolver should call the
external resolver `getVariant` when not overridden to be true, even if
set as variant object in `experimental`.

Related: https://github.com/Unleash/unleash/pull/3808
2024-01-24 11:53:04 +00:00
Gastón Fournier
cee2500a4d
feat(2-1879): add enabled to action sets (#6023)
## About the changes
Adds enabled to action sets table
2024-01-24 12:52:04 +01:00
Nuno Góis
5d1d428746
chore: project actions tab (#6009)
https://linear.app/unleash/issue/2-1858/add-new-actions-tab-to-project-settings

Adds the new actions tab to project settings, hidden behind the
`automatedActions` feature flag.


![image](https://github.com/Unleash/unleash/assets/14320932/594ed7e0-6e1a-464e-b649-bee368e14aea)
2024-01-24 10:05:04 +00:00
Maximilian Edison
e087f4226f
Docs: Getting Started Self-Hosting unleash (#6019)
## About the changes

put UNLEASH_DEFAULT_ADMIN_PASSWORD inside ``
2024-01-24 13:06:01 +04:00
Thomas Heartman
01318b11ea
fix: show the updated value instead of the snapshot value (#5989)
This PR fixes a bug in the displayed value of the conflict list so that
it shows the value it would update to instead of the snapshot value.

In doing so, it updates the logic of the algorithm to:

1. if the snapshot value and the current value are the same, it's not a
conflict (it's an intended change)
2. If the snapshot value differs from the current value, it is a
conflict if and only if the value in the change differs from the current
value. Otherwise, it's not a conflict.

The new test cases are:
- it shows a diff for a property if the snapshot and live version differ
for that property and the changed value is different from the live
version
- it does not show a diff for a property if the live version and the
change have the same value, even if the snapshot differs from the live
version
- it does not show a diff for a property if the snapshot and the live
version are the same
2024-01-24 12:39:41 +04:00
Nuno Góis
13a9b1bc13
fix: project settings title (#6011)
Small fix to the project settings title, correcting it and making it
consistent.
2024-01-24 08:38:13 +00:00
Mateusz Kwasniewski
e3fb3fd0be
fix: variant stickiness fix node client (#6017) 2024-01-24 09:28:06 +01:00
Nuno Góis
7413a1ee1a
chore: add support for project and environment in PermissionGuard (#6008)
I noticed some manual `hasAccess` usages in permission guards due to the
fact that `PermissionGuard` does not accept `project` and `environment`.
This PR adds this support to `PermissionGuard` so we can adapt these
`hasAccess` checks to use it instead, adding consistency and cleaning
things up.

This PR does not include these adaptations however, it only adds the
optional properties to the component. We can address these at a later
point.
2024-01-24 08:20:38 +00:00
Tymoteusz Czech
68eb3dec07
fix: upgrade unleash-client to v5.3.0 (#5800) 2024-01-24 09:12:07 +01:00
Ivar Conradi Østhus
3957abf0f6
docs: Minor typos (#6014)
Some minor typos in our docs.
2024-01-23 20:19:06 +01:00
Nicholas Haley
ab24264df9
docs: spelling and grammar (#6007)
<!-- Thanks for creating a PR! To make it easier for reviewers and
everyone else to understand what your changes relate to, please add some
relevant content to the headings below. Feel free to ignore or delete
sections that you don't think are relevant. Thank you! ❤️ -->

## About the changes
<!-- Describe the changes introduced. What are they and why are they
being introduced? Feel free to also add screenshots or steps to view the
changes if they're visual. -->
This is a demo that uses [Floe](https://www.floe.dev/) to review the
`how-to` directory using the `spelling-and-grammar` rule.

You can read more about the tool here: https://www.floe.dev/docs
2024-01-23 19:52:10 +01:00
Mark Fulton
e9d49d68fd
Docs/license keys (#5959)
New docs page for the beta license keys feature introduced in Unleash
5.8 for self-hosted enterprise users.

---------

Co-authored-by: Ivar Conradi Østhus <ivar@getunleash.io>
2024-01-23 12:17:10 -05:00
Gastón Fournier
9f550331ce
chore: validate all tables have primary keys (#6005)
## About the changes
This is a helpful reminder to have primary keys in all our tables.

Related to [#4303](https://github.com/Unleash/unleash/issues/4303)
2024-01-23 16:38:16 +01:00
Gastón Fournier
82ac5a47ad
chore: This helps output the migrations being applied (#6004)
## About the changes
This outputs to console.log but should be indexable:

![image](https://github.com/Unleash/unleash/assets/455064/cb696936-7060-447d-b22d-ff62b4dbcbc3)
2024-01-23 16:01:36 +01:00
Mateusz Kwasniewski
156ba39b42
fix: strategy screen re-rendering table bug (#6006) 2024-01-23 15:49:13 +01:00
Christopher Kolstad
0515b424cd
docs: Added the new more fine-grained project permissions to the docs (#6000)
This adds documentation for the 8 new permissions added last week, in
preparation for including them in the 5.9.0 release.
Related
* https://github.com/Unleash/unleash/pull/5932
* https://github.com/Unleash/unleash/pull/5974
* https://github.com/ivarconr/unleash-enterprise/pull/1000

---------

Co-authored-by: Gastón Fournier <gaston@getunleash.io>
2024-01-23 14:13:03 +01:00
andreas-unleash
cc5a4cbe33
fix: add unleash to default email sender string (#6002)
Adds "Unleash" to the "noreply@getunleash.io" for default email sender

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-01-23 14:32:40 +02:00
Gastón Fournier
db93ab57f0
chore: remove flagResolver option (#6001)
## About the changes
This option is not referenced in the code

I believe its original intent was to be able to override flagResolver,
but it's currently not being used:

a46f54f48a/src/lib/create-config.ts (L490-L491)

Instead, we're using `experimental`, `flags`, and `externalResolver`


a46f54f48a/src/lib/create-config.ts (L64-L73)


f63581c03a/src/lib/util/flag-resolver.ts (L12-L20)
2024-01-23 13:16:32 +01:00
Gastón Fournier
f63581c03a
fix: enabled lock check (#5997)
We should use the enhanced flagResolver
Tested locally:
```
9:44:13 AM - Starting compilation in watch mode...
[dev:backend] 
[dev:backend] 
[dev:backend] 9:44:26 AM - Found 0 errors. Watching for file changes.
[dev:backend] [2024-01-23T09:44:27.498] [INFO] server-impl.js - DB migration: start
[dev:backend] [2024-01-23T09:44:27.499] [INFO] server-impl.js - Running migration with lock
[dev:backend] [2024-01-23T09:44:29.884] [INFO] server-impl.js - DB migration: end
```
2024-01-23 10:46:48 +01:00
Mateusz Kwasniewski
48ef88b4fa
test: variant edit corner cases (#5998) 2024-01-23 10:38:31 +01:00
Gastón Fournier
0b1d565dad
chore: add logs (#5996)
Validate we're not using locks
2024-01-23 10:24:58 +01:00
Mateusz Kwasniewski
3fd735ac7e
fix: move useEffect before renders (#5995) 2024-01-23 09:32:48 +01:00
Mateusz Kwasniewski
5305c868e5
fix: update stickiness between tabs (#5991)
Fixes a bug where stickiness update to the main strategy would not propagate to strategy variants
2024-01-23 08:58:06 +01:00
Simon Prickett
8458619d82
Small typo fix. (#5993)
## About the changes

Fixed a small typo "Learnings Paths" -> "Learning Paths".
2024-01-23 11:21:45 +04:00
Nuno Góis
0847c2e52c
chore: add new action hooks (#5992)
https://linear.app/unleash/issue/2-1857/create-new-action-hooks-on-the-frontend

Adds action hooks to help us with CRUD operations on the frontend,
similar to https://github.com/Unleash/unleash/pull/5788 and
https://github.com/Unleash/unleash/pull/5790
2024-01-22 17:31:04 +00:00
Mark Fulton
b6a219dd36
docs/improve website README.md with local docs server installation step (#5956)
Minor addition to set correct local dir context in terminal when setting
up a local docs instance

---------

Co-authored-by: Thomas Heartman <thomas@getunleash.io>
2024-01-22 09:44:31 -05:00
Christopher Kolstad
8256c2eaf2
task: Use fine-grained project permissions in frontend (#5974)
Connected to [#5932](https://github.com/Unleash/unleash/pull/5932) -
This starts using the new permissions in addition to the old
UPDATE_PROJECT permission. That way, if you're happy with
UPDATE_PROJECT, you don't need to change.

However, you can now add more fine grained permissions for both READ and
WRITE operations.
2024-01-22 15:34:10 +01:00
Tymoteusz Czech
b7483e8989
chore: generate frontend openapi types (#5988)
Update for dashboard types
2024-01-22 14:16:07 +01:00
Thomas Heartman
fd91cd1771
fix: don't use kebab-case for properties (#5979)
These are apparently unsupported in css objects and using the camelCased (or PascalCased) versions was the suggested fix.
2024-01-22 12:26:25 +00:00
Fredrik Strand Oseberg
60d2176efa
feat: add option to use variants with feedback (#5986)
This PR will allow us to use a feature flag with variants to control
whether or not we should show the comments field of the feedback form.
This will allow us to see whether we can increase feedback collection if
we reduce the load on the customer.
2024-01-22 13:14:27 +01:00
Gastón Fournier
c5afa8ff11
fix: unauthorized disable feature (#5982)
## About the changes
This was spotted while testing automated actions. Steps to reproduce:

1. Add an editor user
2. Get a PAT for the editor user
3. As Admin create a feature in a project where the editor user is not a
member and enable the feature
4. Try using the editor's PAT to modify the feature
5. As the editor create a project (you'd be made owner) and try the same
request but just change the project name for the new project just
created (don't change anything else)

**Expected behavior**: you can't disable the feature
**Actual behavior**: the feature is disabled

This does not happen when trying to turn on a flag because during the
turn-on process we do validate if the feature belongs to project when we
call updateStrategy:
c18a7c0dc2/src/lib/features/feature-toggle/feature-toggle-service.ts (L1751-L1764)
2024-01-22 12:50:14 +01:00
Mateusz Kwasniewski
055bab8e7c
feat: include number of flags chart (#5987) 2024-01-22 12:15:49 +01:00
Gastón Fournier
8ba5cdced1
feat: add action states (#5983)
## About the changes
Add action states table without an index yet
2024-01-22 11:49:35 +01:00
Mateusz Kwasniewski
c9b99f41cf
feat: number of flags component (#5984) 2024-01-22 11:47:15 +01:00
Thomas Heartman
312a40ce1c
refactor: prefer 'span' to 'div' in the badge element (#5981)
This changes the badge element to prefer spans instead of divs. The
primary difference between spans and divs is that spans are inline and
divs are block. Styling-wise, we override the display property anyway.
Semantically, most all of the badges are used inline instead of on
their own block level, so this change seems sensible. You can still
provide `div` as the `as` prop if you need to.
2024-01-22 14:44:26 +04:00
Tymoteusz Czech
ec1439e171
Feat: dashboard users chart frontend (#5980)
Users chart with tooltip and legend
2024-01-22 11:07:38 +01:00
Thomas Heartman
edf3cad092
fix: add keys to the features cell component (#5978)
This PR adds the `key` property to the features cell component where it
renders lists of flags. This fixes a few rendering errors we've been
getting in the console.
2024-01-22 07:57:38 +00:00
Thomas Heartman
f7c8180145
Chore: omit snapshot property from event payload (#5972)
This PR hides the "snapshot" data from the diff overview we show in the
UI in a change request.
2024-01-22 11:13:49 +04:00
Thomas Heartman
0bb709a718
feat: show changes that would be overwritten in change request overview UI (#5964)
This PR adds a first, rough iteration of what it could look like to show
changes that would be overwritten by applying a PR.

The changes are listed in a table (semantically; looks more like a list
visually) and show the property, the current live value and the version
that you have in your changes. The changes are hidden by default, but
can be shown by expanding a details element.

@nicolaesocaciu Suggested that we merge this version for now and iterate
on the design later.

Here's what it looks like closed:

![image](https://github.com/Unleash/unleash/assets/17786332/3a641642-0537-4e7a-aeca-b3d3df6b8e31)

Here's what it looks like with a typical change load:

![image](https://github.com/Unleash/unleash/assets/17786332/b7aa7265-d1c7-4b6b-a9a2-f58cb966f25c)


Here's what it looks like if you change more or less every property
changed:

![image](https://github.com/Unleash/unleash/assets/17786332/4d94ab69-86ed-4c3e-be6a-6890c654e37e)
2024-01-22 11:13:38 +04:00
renovate[bot]
8f4780c52f
chore(deps): update dependency vite to v5.0.12 [security] (#5977)
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [vite](https://vitejs.dev)
([source](https://togithub.com/vitejs/vite/tree/HEAD/packages/vite)) |
[`5.0.11` ->
`5.0.12`](https://renovatebot.com/diffs/npm/vite/5.0.11/5.0.12) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/vite/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/vite/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/vite/5.0.11/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/vite/5.0.11/5.0.12?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-23331](https://togithub.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw)

### Summary
[Vite dev server
option](https://vitejs.dev/config/server-options.html#server-fs-deny)
`server.fs.deny` can be bypassed on case-insensitive file systems using
case-augmented versions of filenames. Notably this affects servers
hosted on Windows.

This bypass is similar to
https://nvd.nist.gov/vuln/detail/CVE-2023-34092 -- with surface area
reduced to hosts having case-insensitive filesystems.

### Patches
Fixed in vite@5.0.12, vite@4.5.2, vite@3.2.8, vite@2.9.17

### Details
Since `picomatch` defaults to case-sensitive glob matching, but the file
server doesn't discriminate; a blacklist bypass is possible.

See `picomatch` usage, where `nocase` is defaulted to `false`:
https://github.com/vitejs/vite/blob/v5.1.0-beta.1/packages/vite/src/node/server/index.ts#L632

By requesting raw filesystem paths using augmented casing, the matcher
derived from `config.server.fs.deny` fails to block access to sensitive
files.

### PoC
**Setup**
1. Created vanilla Vite project using `npm create vite@latest` on a
Standard Azure hosted Windows 10 instance.
    - `npm run dev -- --host 0.0.0.0`
- Publicly accessible for the time being here: http://20.12.242.81:5173/
2. Created dummy secret files, e.g. `custom.secret` and `production.pem`
3. Populated `vite.config.js` with
```javascript
export default { server: { fs: { deny: ['.env', '.env.*', '*.{crt,pem}', 'custom.secret'] } } }
```

**Reproduction**
1. `curl -s http://20.12.242.81:5173/@&#8203;fs//`
- Descriptive error page reveals absolute filesystem path to project
root
2. `curl -s
http://20.12.242.81:5173/@&#8203;fs/C:/Users/darbonzo/Desktop/vite-project/vite.config.js`
    - Discoverable configuration file reveals locations of secrets
3. `curl -s
http://20.12.242.81:5173/@&#8203;fs/C:/Users/darbonzo/Desktop/vite-project/custom.sEcReT`
- Secrets are directly accessible using case-augmented version of
filename

**Proof**
![Screenshot 2024-01-19
022736](https://user-images.githubusercontent.com/907968/298020728-3a8d3c06-fcfd-4009-9182-e842f66a6ea5.png)

### Impact
**Who**
- Users with exposed dev servers on environments with case-insensitive
filesystems

**What**
- Files protected by `server.fs.deny` are both discoverable, and
accessible

---

### Release Notes

<details>
<summary>vitejs/vite (vite)</summary>

### [`v5.0.12`](https://togithub.com/vitejs/vite/releases/tag/v5.0.12)

[Compare
Source](https://togithub.com/vitejs/vite/compare/v5.0.11...v5.0.12)

Please refer to
[CHANGELOG.md](https://togithub.com/vitejs/vite/blob/v5.0.12/packages/vite/CHANGELOG.md)
for details.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" in timezone Europe/Madrid,
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Unleash/unleash).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzUuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEzNS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-20 01:38:23 +00:00
Thomas Heartman
01a38becb3
fix: handle title diffing correctly in strategy change diffs (#5971)
A strategy title can be either an empty string or undefined on the
type we use in the frontend. In the snapshot it can be an empty
string, null (presumably), and undefined.

This change updates the diffing logic to handle the various title diff
cases correctly. It also updates the type used for the snapshot to
reflect this.
2024-01-19 18:56:46 +04:00
Nuno Góis
5253482f61
refactor: add typesafe wrappers for prom client metrics (#5969)
https://linear.app/unleash/issue/2-1856/add-typesafe-wrappers-over-prom-clients-metrics

As discussed on the latest knowledge sharing session, this adds typesafe
wrappers over prom client's metrics, requiring us to specify all the
configured labels for each metric.

This uses a functional approach and only exposes the methods that are
currently relevant to us, while also exposing the underlying instance of
the metric for an easy access if needed.

Since we often chain `labels` with `inc` in counters, this adds a
convenience `increment` method for counters which does both in a single
call.
2024-01-19 14:51:29 +00:00
Nuno Góis
77fcc9e840
fix: incoming webhooks form UI adjustments (#5973)
Small UI improvements in the new incoming webhooks form after aligning
with @nicolaesocaciu.


![image](https://github.com/Unleash/unleash/assets/14320932/6f829863-ab94-4d35-a1d7-d8722e8ec159)
2024-01-19 14:50:54 +00:00
Nicolae Socaciu
7b30ab09d2
Fix email template scheduled change conflict (#5957)
Fixing the mobile template (this is before the fix)
- reducing padding around the content
- fixing line-height for the content
- fixing the footer links  

![image](https://github.com/Unleash/unleash/assets/103567375/dbe88f5a-a798-4fd4-ab42-543689605043)
2024-01-19 14:57:00 +02:00
andreas-unleash
dda0fd3fd4
Fix: losing redirect on provider login (#5970)
Fixes the initial redirect to take into account the value from session
storage

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-01-19 14:31:42 +02:00
Mateusz Kwasniewski
84e341bbb7
feat: show select all button when more than 1 item (#5965) 2024-01-19 11:26:03 +01:00
andreas-unleash
a096b2a485
fix: store redirect to localStorage to avoid loss of redirect (#5929)
Stores `redirect` param in localStorage in the Authentication component.
Retrieves the `redirect` param from localStorage at the Login screen if
it is not there in the url.

This will solve losing the redirect information all provider logins

Closes #
[1-1890](https://linear.app/unleash/issue/1-1890/capture-path-before-logging-in-and-redirect-to-it-if-there-and-custom)

---------

Signed-off-by: andreas-unleash <andreas@getunleash.ai>
2024-01-19 11:32:26 +02:00