This has the biggest impact on enterprise test cases that use namespaced
registrations, which prior to this change sometimes failed the initial
registration because the namespace was not yet created.
* ui: Upgrade ember-data models to use native classes/decorators
* ui: Update remaining ember-data imports
* ui: Move ember-data Adapters to use native classes
* ui: Upgrade serializers to native classes/decorators
* ui: remove meta from roles, they never had it to start with
* ui: Apply native class codemod to all services
* ui: Apply native class codemod to routes
* ui: Apply native class codemod to controllers
* Fix up ember proxy `content` issue
* Add a CreateTime on policy creation
* Minor formatting
* Convert child based saving to use ec instead of custom approach
* Remove custom event source repo wrapping initializer
* Repos here are no longer proxy objects revert to using them normally
* Remove areas of code that were used to set up source backed repos
* ui: Add a warning dialog if you go to remove permissions from an intention
* ui: Move modal styles next to component, add warning style
* ui: Move back to using the input name for a selector
* ui: Fixup negative "isn't" step so its optional
* Add warning modal to pageobject
* Fixup test for whether to show the warning modal or not
* Intention change action warning acceptence test
* Add a null/undefined Action
* Add consul-api-double under api
* Update config to reflect api change
* Remove consul-api-double as a dependency
* api -> mock-api
* Fixup mocks path for staging
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:
```
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
namespace_prefix "" {
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
}
```
This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
* Remove local httpGet and shim one in from options
* Add custom httpGet to pass through to provider
* Make a fetch wrapper that adds your token
* Pass the fetch like fetchWithToken wrapper through to the provider
* Fix up httpGet to encode query params again and use fetch-like
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.
Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)
Mike Morris
R.B. Boyer
Matt Keeler
John Cowen
Paul Banks
Kit Patella
Alvin Huang
Freddy
Kim Ngo
Daniel Nephin
Jimmy Merritello