* ui: Upgrade ember-data models to use native classes/decorators
* ui: Update remaining ember-data imports
* ui: Move ember-data Adapters to use native classes
* ui: Upgrade serializers to native classes/decorators
* ui: remove meta from roles, they never had it to start with
* ui: Apply native class codemod to all services
* ui: Apply native class codemod to routes
* ui: Apply native class codemod to controllers
* Fix up ember proxy `content` issue
* Add a CreateTime on policy creation
* Minor formatting
* Convert child based saving to use ec instead of custom approach
* Remove custom event source repo wrapping initializer
* Repos here are no longer proxy objects revert to using them normally
* Remove areas of code that were used to set up source backed repos
* ui: Add a warning dialog if you go to remove permissions from an intention
* ui: Move modal styles next to component, add warning style
* ui: Move back to using the input name for a selector
* ui: Fixup negative "isn't" step so its optional
* Add warning modal to pageobject
* Fixup test for whether to show the warning modal or not
* Intention change action warning acceptence test
* Add a null/undefined Action
* Add consul-api-double under api
* Update config to reflect api change
* Remove consul-api-double as a dependency
* api -> mock-api
* Fixup mocks path for staging
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:
```
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
namespace_prefix "" {
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
}
```
This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
* Remove local httpGet and shim one in from options
* Add custom httpGet to pass through to provider
* Make a fetch wrapper that adds your token
* Pass the fetch like fetchWithToken wrapper through to the provider
* Fix up httpGet to encode query params again and use fetch-like
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.
Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)