mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
0d7e73be3caf2bb02a528be538e3155d5b3f87eb
806 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Jamil
|
48319df9f0 |
revert(#8893): Revert adding wal2json dev image (#8908)
Turns out that the standard `pgoutput` plugin shipped with Postgres will do everything we need it to, and there are good examples of prior art decoding its binary output in Elixir (in production). So to avoid adding a dependency on `wal2json` here, we'll go with that. |
||
|
Brian Manifold
|
3f3f007920 |
fix(portal): Update copy to clipboard button (#8907)
Why: * The copy to clipboard button was not working at all on the API new token page due to the fact that the FlowbiteJS library expects the presence of the elements in the DOM on first render. This was not true of the API Token code block. Along with that issue the existing code blocks copy to clipboard buttons did not give any visual indication that the copy had been completed. It was also somewhat difficult to see the copy to clipboard button on those code blocks as well. This commit updates the buttons to be more visible, as well as adds a phx-hook to make sure the FlowbiteJS init functions are run on every code block even if it's inserted after the initial load of the page and adds functions that are run as a callback to toggle the button text and icon to show the text has been copied. |
||
|
Jamil
|
f6ae7559e8 |
feat(ci): Add custom postgres Dockerfile for wal2json (#8893)
In order to develop and test WAL replication, we need the wal2json module installed in our dev postgres image. The module itself builds very quickly, but I thought it would be better to have this automatically built and pushed as part of a nightly job so that CI and developers can make use of it. |
||
|
Jamil
|
1a1c812f66 |
fix(portal): Set migration_lock to advisory lock (#8902)
The migration that failed today got hung up on a global migration lock. This PR would alleviate that if we also run the index creation concurrently, which we should do in many cases. See https://hexdocs.pm/ecto_sql/Ecto.Migration.html#index/3-adding-dropping-indexes-concurrently |
||
|
Jamil
|
0a2a393d4c |
fix(portal): Prevent additional email identities per actor (#8888)
This is a UI-only change for now to serve as a stop-gap while we work to overhaul the identity domain model. Related: #6294 |
||
|
Jamil
|
8293e6c440 |
fix(portal): Don't peek groups for api_client actors (#8890)
API clients don't belong to any actor_groups and attempting to deep link into the `groups` section when viewing an actor raises a 500 error. This PR fixes that by removing the deep link into `actor_groups` from the actors index view. |
||
|
Jamil
|
0f300f2484 |
fix(portal): Prevent dupe sync adapters (#8887)
Prevents more than one sync-enabled adapter per account in order to prepare for eventually adding a unique constraint on `provider_identifier` for identities and groups per account. Related: #6294 --------- Signed-off-by: Jamil <jamilbk@users.noreply.github.com> Co-authored-by: Brian Manifold <bmanifold@users.noreply.github.com> |
||
|
Jamil
|
d10c77c17d |
chore(portal): Drop unused table configurations (#8881)
This was left behind in a large refactor as part of #3642 and was never cleaned up. I verified on prod this table in fact has no meaningful data in it and has not changed since that PR was merged. |
||
|
dependabot[bot]
|
5d196075b6 |
build(deps): bump phoenix_live_view from 1.0.9 to 1.0.10 in /elixir (#8831)
Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.0.9 to 1.0.10. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.10/CHANGELOG.md">phoenix_live_view's changelog</a>.</em></p> <blockquote> <h2>1.0.10 (2025-04-17)</h2> <h3>Bug fixes</h3> <ul> <li>Fix flash getting lost when falling back to a full page reload due to navigating across live sessions (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3686">#3686</a>)</li> <li>Fix edge case where locked DOM nodes were not properly patched on unlock (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3758">#3758</a>)</li> <li>Fix <code>used_input?</code> returning <code>false</code> when a form parameter value is a struct (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3757">#3757</a>)</li> <li>Catch promise rejections from <code>pushWithReply</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3766">#3766</a>)</li> <li>Fix empty optgroups breaking DOM patching of other select options (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3742">#3742</a>)</li> <li>Don't shutdown sticky LiveViews when they <code>push_navigate</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3612">#3612</a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>Allow testing <code>phx-viewport-bottom</code> and <code>phx-viewport-top</code> with <code>Phoenix.LiveViewTest.render_hook/3</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3755">#3755</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
eb16fdc11c |
build(deps-dev): bump credo from 1.7.11 to 1.7.12 in /elixir (#8836)
Bumps [credo](https://github.com/rrrene/credo) from 1.7.11 to 1.7.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rrrene/credo/releases">credo's releases</a>.</em></p> <blockquote> <h2>v1.7.12</h2> <p>Check it out on Hex: <a href="https://hex.pm/packages/credo/1.7.12">https://hex.pm/packages/credo/1.7.12</a></p> <ul> <li>Fix compatibility & compiler warnings with Elixir 1.19 (dev)</li> <li>Provide <code>:column</code> on all checks</li> <li>Fix check docs in other project's documentation</li> <li><code>Credo.Check.Refactor.DoubleBooleanNegation</code> fixed false positive</li> <li><code>Credo.Check.Readability.NestedFunctionCalls</code> fixed false positive</li> <li><code>Credo.Check.Consistency.UnusedVariableNames</code> fixed duplicate issues</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rrrene/credo/blob/master/CHANGELOG.md">credo's changelog</a>.</em></p> <blockquote> <h2>1.7.12</h2> <ul> <li>Fix compatibility & compiler warnings with Elixir 1.19 (dev)</li> <li>Provide <code>:column</code> on all checks</li> <li>Fix check docs in other project's documentation</li> <li><code>Credo.Check.Refactor.DoubleBooleanNegation</code> fixed false positive</li> <li><code>Credo.Check.Readability.NestedFunctionCalls</code> fixed false positive</li> <li><code>Credo.Check.Consistency.UnusedVariableNames</code> fixed duplicate issues</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
982009b4bb |
build(deps): bump libcluster from 3.3.3 to 3.5.0 in /elixir (#8838)
Bumps [libcluster](https://github.com/bitwalker/libcluster) from 3.3.3
to 3.5.0.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/bitwalker/libcluster/blob/main/CHANGELOG.md">libcluster's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>Unreleased</h2>
<ul>
<li>Add <code>kubernetes_use_cached_resources</code> option to
Kubernetes strategy</li>
</ul>
<h2>3.4.1</h2>
<ul>
<li>Use new cypher names</li>
<li>Allow Epmd strategy to reconnect after connection failures</li>
<li>Detect Self Signed Certificate Authority for Kubernetes
Strategy</li>
<li>Remove calls to deprecated <code>Logger.warn/2</code></li>
<li>Correct misspell of 'Empd' -> 'Epmd' in
<code>Cluster.Strategy.LocalEpmd</code> moduledoc</li>
</ul>
<h2>3.4.0</h2>
<h3>Added</h3>
<ul>
<li>Telemetry events added for tracking node connects and
disconnects</li>
</ul>
<h3>3.3.0</h3>
<h3>Changed</h3>
<ul>
<li>Default multicast address is now 233.252.1.32, was 230.1.1.251, <a
href="
|
||
|
dependabot[bot]
|
387dff8fad |
build(deps-dev): bump phoenix_live_reload from 1.5.3 to 1.6.0 in /elixir (#8824)
Bumps [phoenix_live_reload](https://github.com/phoenixframework/phoenix_live_reload) from 1.5.3 to 1.6.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_reload/blob/main/CHANGELOG.md">phoenix_live_reload's changelog</a>.</em></p> <blockquote> <h2>1.6.0 (2025-04-10)</h2> <ul> <li> <p>Enhancements</p> <ul> <li>Add support for <code>__RELATIVEFILE__</code> when invoking editors</li> <li>Change the default target window to <code>:parent</code> to not reload the whole page if a Phoenix app is shown inside an iframe. You can get the old behavior back by setting the <code>:target_window</code> option to <code>:top</code>: <pre lang="elixir"><code>config :phoenix_live_reload, MyAppWeb.Endpoint, target_window: :top, ... </code></pre> </li> </ul> </li> <li> <p>Bug fixes</p> <ul> <li>Inject iframe if web console logger is enabled but there are no patterns</li> <li>Allow web console to shutdown cleanly</li> </ul> </li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Brian Manifold
|
74ccf8e0b2 |
fix(portal): Update elixir OIDC library (#8802)
Why: * Updating the Elixir OIDC library to pick up a fix made in the library regarding EdDSA keys https://github.com/firezone/openid_connect/pull/8 |
||
|
Brian Manifold
|
4c9848453d |
refactor(portal): Add more logging around sign in errors (#8789)
Why: * To allow for more accurate and efficient troubleshooting in production. |
||
|
Jamil
|
2bbc0abc3a |
feat(portal): Add Oban (#8786)
Our current bespoke job system, while it's worked out well so far, has the following shortcomings: - No retry logic - No robust to guarantee job isolation / uniqueness without resorting to row-level locking - No support for cron-based scheduling This PR adds the boilerplate required to get started with [Oban](https://hexdocs.pm/oban/Oban.html), the job management system for Elixir. |
||
|
Jamil
|
6cd7616b5c |
refactor(portal): Expect members key to be missing when empty (#8781)
This will prevent warning spam we're currently seeing in Sentry. |
||
|
Jamil
|
2f0d2462c9 |
fix(portal): Increase directory sync timeout to 8 hours (#8771)
Large Okta directories can take a very long time (> 1 hour) to sync. This currently times out, preventing any entities from making it into the database. There are many things to address in our sync operation, but this should hopefully resolve the immediate issue with the customer. https://firezone-inc.sentry.io/issues/6537862651/?project=4508756715569152&query=is%3Aunresolved%20issue.priority%3A%5Bhigh%2C%20medium%5D%20Enum.to_list&referrer=issue-stream&stream_index=0 |
||
|
Jamil
|
649c03e290 |
chore(portal): Bump LoggerJSON to 7.0.0, fixing config (#8759)
There was slight API change in the way LoggerJSON's configuration is
generation, so I took the time to do a little fixing and cleanup here.
Specifically, we should be using the `new/1` callback to create the
Logger config which fixes the below exception due to missing config
keys:
```
FORMATTER CRASH: {report,[{formatter_crashed,'Elixir.LoggerJSON.Formatters.GoogleCloud'},{config,[{metadata,{all_except,[socket,conn]}},{redactors,[{'Elixir.LoggerJSON.Redactors.RedactKeys',[<<"password">>,<<"secret">>,<<"nonce">>,<<"fragment">>,<<"state">>,<<"token">>,<<"public_key">>,<<"private_key">>,<<"preshared_key">>,<<"session">>,<<"sessions">>]}]}]},{log_event,#{meta => #{line => 15,pid => <0.308.0>,time => 1744145139650804,file => "lib/logger.ex",gl => <0.281.0>,domain => [elixir],application => libcluster,mfa => {'Elixir.Cluster.Logger',info,2}},msg => {string,<<"[libcluster:default] connected to :\"web@web.cluster.local\"">>},level => info}},{reason,{error,{badmatch,[{metadata,{all_except,[socket,conn]}},{redactors,[{'Elixir.LoggerJSON.Redactors.RedactKeys',[<<"password">>,<<"secret">>,<<"nonce">>,<<"fragment">>,<<"state">>,<<"token">>,<<"public_key">>,<<"private_key">>,<<"preshared_key">>,<<"session">>,<<"sessions">>]}]}]},[{'Elixir.LoggerJSON.Formatters.GoogleCloud',format,2,[{file,"lib/logger_json/formatters/google_cloud.ex"},{line,148}]}]}}]}
```
Supersedes #8714
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
||
|
Brian Manifold
|
bed6a60056 |
fix(portal): Fetch latest Okta access_token before API call (#8745)
Why: * The Okta IdP sync job needs to make sure it is always using the latest access token available. If not, there is the possibility for the job to take too long to complete and the access token that the job started with might time out. This commit updates the Okta API client to always check and make sure it is using the latest access token for each request to the Okta API. |
||
|
Jamil
|
d2fd57a3b6 |
fix(portal): Attach Sentry in each umbrella app (#8749)
- Attaches the Sentry Logging hook in each of [api, web, domain] - Removes errant Sentry logging configuration in config/config.exs - Fixes the exception logger to default to logging exceptions, use `skip_sentry: true` to skip Tested successfully in dev. Hopefully the cluster behaves the same way. Fixes #8639 |
||
|
dependabot[bot]
|
8b08be15b3 |
build(deps): bump sentry from 10.8.1 to 10.9.0 in /elixir (#8704)
Bumps [sentry](https://github.com/getsentry/sentry-elixir) from 10.8.1 to 10.9.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-elixir/releases">sentry's releases</a>.</em></p> <blockquote> <h2>10.9.0</h2> <p>This release adds a bunch of new features and fixes a few papercut bugs.</p> <h3>New features</h3> <ul> <li>Add <code>:tags_from_metadata</code> option to <code>Sentry.LoggerHandler</code>. Use this to better structure reports that come from logs (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/840">#840</a> by <a href="https://github.com/icehaunter"><code>@icehaunter</code></a>).</li> <li>Add <code>:discard_threshold</code> option to <code>Sentry.LoggerHandler</code> to implement load shedding when the logger gets overloaded.</li> <li>If you want to use Elixir 1.18's new <code>JSON</code> module, now you can (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/845">#845</a>).</li> <li>Add <code>:in_app_otp_apps</code> configuration option. This should replace <code>:in_app_module_allow_list</code> for most use cases, making configuration simpler (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/854">#854</a> by <a href="https://github.com/solnic"><code>@solnic</code></a>).</li> <li>Add support for per-module custom options for check ins. This means you can now configure single Oban (or Quantum) jobs with per-worker options such as timezones and more (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/833">#833</a> by <a href="https://github.com/savhappy"><code>@savhappy</code></a>).</li> <li>Add a global <code>:extra</code> config that can be set at the <code>:sentry</code> application level (akin to <code>:tags</code> today).</li> <li>Improve Oban error reporting.</li> </ul> <h3>Bug fixes</h3> <ul> <li>We now deduplicate identical events significantly less, reducing the risk of not reporting events that are not duplicates.</li> <li>When dropping breadcrumbs (because of the limit being reached), we now retain <em>newest</em> breadcrumbs instead of older ones (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/858">#858</a> by <a href="https://github.com/dajinchu"><code>@dajinchu</code></a>).</li> <li>Ensure log messages are not captured with <code>:capture_log_messages</code> is <code>false</code> (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/865">#865</a> by <a href="https://github.com/joladev"><code>@joladev</code></a>).</li> <li>Normalize Oban exception reasons for better reports.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/getsentry/sentry-elixir/blob/master/CHANGELOG.md">sentry's changelog</a>.</em></p> <blockquote> <h2>10.9.0</h2> <p>This release adds a bunch of new features and fixes a few papercut bugs.</p> <h3>New features</h3> <ul> <li>Add <code>:tags_from_metadata</code> option to <code>Sentry.LoggerHandler</code>. Use this to better structure reports that come from logs (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/840">#840</a> by <a href="https://github.com/icehaunter"><code>@icehaunter</code></a>).</li> <li>Add <code>:discard_threshold</code> option to <code>Sentry.LoggerHandler</code> to implement load shedding when the logger gets overloaded.</li> <li>If you want to use Elixir 1.18's new <code>JSON</code> module, now you can (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/845">#845</a>).</li> <li>Add <code>:in_app_otp_apps</code> configuration option. This should replace <code>:in_app_module_allow_list</code> for most use cases, making configuration simpler (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/854">#854</a> by <a href="https://github.com/solnic"><code>@solnic</code></a>).</li> <li>Add support for per-module custom options for check ins. This means you can now configure single Oban (or Quantum) jobs with per-worker options such as timezones and more (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/833">#833</a> by <a href="https://github.com/savhappy"><code>@savhappy</code></a>).</li> <li>Add a global <code>:extra</code> config that can be set at the <code>:sentry</code> application level (akin to <code>:tags</code> today).</li> <li>Improve Oban error reporting.</li> </ul> <h3>Bug fixes</h3> <ul> <li>We now deduplicate identical events significantly less, reducing the risk of not reporting events that are not duplicates.</li> <li>When dropping breadcrumbs (because of the limit being reached), we now retain <em>newest</em> breadcrumbs instead of older ones (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/858">#858</a> by <a href="https://github.com/dajinchu"><code>@dajinchu</code></a>).</li> <li>Ensure log messages are not captured with <code>:capture_log_messages</code> is <code>false</code> (<a href="https://redirect.github.com/getsentry/sentry-elixir/issues/865">#865</a> by <a href="https://github.com/joladev"><code>@joladev</code></a>).</li> <li>Normalize Oban exception reasons for better reports.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
3458d7f151 |
build(deps): bump tailwind from 0.2.4 to 0.3.1 in /elixir (#8707)
Bumps [tailwind](https://github.com/phoenixframework/tailwind) from 0.2.4 to 0.3.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/tailwind/blob/main/CHANGELOG.md">tailwind's changelog</a>.</em></p> <blockquote> <h2>v0.3.1 (2025-02-28)</h2> <ul> <li>Support correct target for Linux MUSL with Tailwind v3.</li> </ul> <h2>v0.3.0 (2025-02-26)</h2> <ul> <li>Support Tailwind v4+. This release assumes Tailwind v4 for new projects.</li> </ul> <p>Note: v0.3.0 dropped target code for handling Linux MUSL with Tailwind v3. Use v0.3.1+ instead.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
336b322a39 |
build(deps): bump opentelemetry_phoenix from 2.0.0 to 2.0.1 in /elixir (#8717)
Bumps [opentelemetry_phoenix](https://github.com/open-telemetry/opentelemetry-erlang-contrib) from 2.0.0 to 2.0.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/open-telemetry/opentelemetry-erlang-contrib/releases">opentelemetry_phoenix's releases</a>.</em></p> <blockquote> <h2>Opentelemetry Phoenix - v2.0.1</h2> <h2>What's Changed</h2> <ul> <li>add http.route attribute. issue <a href="https://redirect.github.com/open-telemetry/opentelemetry-erlang-contrib/issues/464">#464</a> <a href="https://github.com/sc-yan"><code>@sc-yan</code></a> (<a href="https://redirect.github.com/open-telemetry/opentelemetry-erlang-contrib/issues/465">#465</a>)</li> <li>add spec for liveview option to OpentelemetryPhoenix <a href="https://github.com/kenichi"><code>@kenichi</code></a> (<a href="https://redirect.github.com/open-telemetry/opentelemetry-erlang-contrib/issues/460">#460</a>)</li> </ul> <p>Note: <code>http.route</code> attribute was inadvertently removed and replaced with <code>url.template</code>. Apologies for any inconvenience.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
0a5ac2af2f |
build(deps): bump bandit from 1.6.10 to 1.6.11 in /elixir (#8720)
Bumps [bandit](https://github.com/mtrudel/bandit) from 1.6.10 to 1.6.11. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mtrudel/bandit/blob/main/CHANGELOG.md">bandit's changelog</a>.</em></p> <blockquote> <h2>1.6.11 (31 Mar 2025)</h2> <h3>Changes</h3> <ul> <li>Ensure that HTTP/1 request headers are sent to the Plug in the order they're sent (<a href="https://redirect.github.com/mtrudel/bandit/issues/482">#482</a>)</li> <li>Do not populate the <code>cookies</code> header with an empty string if no cookies were sent in HTTP/2 (<a href="https://redirect.github.com/mtrudel/bandit/issues/483">#483</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
093c107973 |
build(deps): bump plug_crypto from 2.1.0 to 2.1.1 in /elixir (#8723)
Bumps [plug_crypto](https://github.com/elixir-plug/plug_crypto) from 2.1.0 to 2.1.1. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elixir-plug/plug_crypto/blob/main/CHANGELOG.md">plug_crypto's changelog</a>.</em></p> <blockquote> <h2>v2.1.1 (2025-04-03)</h2> <ul> <li>Fall back <code>hash_equals</code> when missing OpenSSL support</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Jamil
|
b9532bc243 |
revert: "Enable automatic tax calculation by default" (#8743)
This needs #8670 in order to function. Reverts firezone/firezone#8552 |
||
|
Jamil
|
05dafabbad |
fix(portal): Fix human display of geo location (#8665)
These seem to be swapped. Generally accepted is `city, country`. |
||
|
Jamil
|
8ca43300cd | chore(portal): Fix typo: counties -> countries (#8666) | ||
|
dependabot[bot]
|
e99399e316 |
build(deps): bump telemetry_poller from 1.1.0 to 1.2.0 in /elixir (#8566)
Bumps [telemetry_poller](https://github.com/beam-telemetry/telemetry_poller) from 1.1.0 to 1.2.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/beam-telemetry/telemetry_poller/blob/main/CHANGELOG.md">telemetry_poller's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/beam-telemetry/telemetry_poller/tree/v1.2.0">1.2.0</a></h2> <h3>Added</h3> <ul> <li>Support <code>persistent_term</code> measurements.</li> <li>Require Erlang/OTP 24+.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/beam-telemetry/telemetry_poller/commits">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
dependabot[bot]
|
3a6500162c |
build(deps): bump phoenix_live_view from 1.0.3 to 1.0.9 in /elixir (#8569)
Bumps [phoenix_live_view](https://github.com/phoenixframework/phoenix_live_view) from 1.0.3 to 1.0.9. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/phoenixframework/phoenix_live_view/blob/v1.0.9/CHANGELOG.md">phoenix_live_view's changelog</a>.</em></p> <blockquote> <h2>1.0.9 (2025-03-26)</h2> <h3>Bug fixes</h3> <ul> <li>Fix testing uploads inside nested LiveViews with LiveViewTest (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3732">#3732</a>)</li> </ul> <h2>1.0.8 (2025-03-26)</h2> <h3>Bug fixes</h3> <ul> <li>Regression: ensure <code>_target</code> is sent as <code>["undefined"]</code> when an input has no name (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3727">#3727</a>)</li> <li>Fix stream items from disconnected render not being removed when rendered inside a nested stream (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3730">#3730</a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>Add <code>Phoenix.LiveViewTest.refute_redirected/1</code> to assert that no redirect took place (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3729">#3729</a>)</li> </ul> <h2>1.0.7 (2025-03-21)</h2> <h3>Bug fixes</h3> <ul> <li>Fix <code>_target</code> parameter being sent incorrectly (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3720">#3719</a>).</li> </ul> <h2>1.0.6 (2025-03-20)</h2> <h3>Bug fixes</h3> <ul> <li>Fix race condition where patches were discarded when a new navigation was already pending (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3710">#3710</a>)</li> <li>Fix phx-debounce="blur" re-sending events for subsequent blurs (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3689">#3689</a>)</li> <li>Fix <code>code_change</code> callback not returning the new channel state (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3712">#3712</a>)</li> <li>Fix LiveViews not being able to reconnect without a full page reload after a deployment that changed the router (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3715">#3715</a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>Improve performance of large forms (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3696">#3696</a>)</li> <li>Ensure <code>JS.push</code> values are sent on form events (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3674">#3674</a>)</li> <li>Allow to skip persistent_id generation in <code>Phoenix.Component.inputs_for/1</code> (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3677">#3677</a>)</li> <li>Delay <code>phx-disconnected</code> binding to prevent brief flash of "Attempting to reconnect" message for short disconnects (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3680">#3680</a>). This can be configured by passing the <code>disconnectedTimeout</code> option to the LiveSocket constructor.</li> </ul> <h2>1.0.5 (2025-02-27)</h2> <h3>Bug fixes</h3> <ul> <li>Fix <code>JS.exec</code> failing when a selector is passed (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3678">#3678</a>)</li> <li>Fix race conditions when testing a live upload that redirects in the progress callback (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3676">#3676</a>)</li> <li>Fix streams in sticky LiveView being reset under some circumstances when another LiveView also contains a stream (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3681">#3681</a>)</li> <li>Fix recursively locked elements not being correctly patched on unlock (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3684">#3684</a>)</li> <li>Fix JS.show/hide/toggle behavior while also fixing JS.focus() on Mobile Safari (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3692">#3692</a>)</li> </ul> <h3>Enhancements</h3> <ul> <li>Detect infinite patch redirect loops and raise an error (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/pull/3670">#3670</a>)</li> </ul> <h2>1.0.4 (2025-02-04)</h2> <h3>Bug fixes</h3> <ul> <li>Fix elements with <code>phx-remove</code> inside sticky LiveViews being unintentionally removed on navigation (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3658">#3658</a>)</li> <li>Fix <code>phx-click-loading</code> not being removed from links in sticky LiveViews (<a href="https://redirect.github.com/phoenixframework/phoenix_live_view/issues/3656">#3656</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
57d8462527 |
build(deps): bump observer_cli from 1.8.1 to 1.8.2 in /elixir (#8572)
Bumps [observer_cli](https://github.com/zhongwencool/observer_cli) from 1.8.1 to 1.8.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zhongwencool/observer_cli/releases">observer_cli's releases</a>.</em></p> <blockquote> <h2>v1.8.2</h2> <h2>What's Changed</h2> <ul> <li>Fix unit of fullsweep_after by <a href="https://github.com/binaryseed"><code>@binaryseed</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/108">zhongwencool/observer_cli#108</a></li> <li>chore: fix typo lable -> label by <a href="https://github.com/zmstone"><code>@zmstone</code></a> in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/109">zhongwencool/observer_cli#109</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/binaryseed"><code>@binaryseed</code></a> made their first contribution in <a href="https://redirect.github.com/zhongwencool/observer_cli/pull/108">zhongwencool/observer_cli#108</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/zhongwencool/observer_cli/compare/1.8.1...v1.8.2">https://github.com/zhongwencool/observer_cli/compare/1.8.1...v1.8.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
f7fbabf692 |
build(deps): bump ex_cldr_dates_times from 2.20.3 to 2.22.0 in /elixir (#8578)
Bumps [ex_cldr_dates_times](https://github.com/elixir-cldr/cldr_dates_times) from 2.20.3 to 2.22.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/elixir-cldr/cldr_dates_times/releases">ex_cldr_dates_times's releases</a>.</em></p> <blockquote> <h2>Cldr Dates Times version 2.22.0</h2> <h3>Breaking Data format changes</h3> <p>There are some changes to the underlying locale data format that will be a breaking change for results returned from:</p> <ul> <li><code>Cldr.DateTime.Format.time_formats/{1,2,3}</code></li> <li><code>MyApp.Cldr.Calendar.day_periods/{0, 1, 2}</code></li> </ul> <p>The data changes are summarised as:</p> <ul> <li>Time formats now group the <code>:default</code> and <code>:ascii</code> alternatives.</li> <li>Day periods used for date/time formatting now group the alternatives for <code>am</code> and <code>pm</code> where the data is available.</li> <li>Day period display names now group the alternatives for <code>am</code> and <code>pm</code> where the data is available.</li> </ul> <h3>Enhancements</h3> <ul> <li>Update to <a href="https://cldr.unicode.org/downloads/cldr-47">CLDR 47</a> data.</li> </ul> <h2>Cldr Dates Times version 2.21.0</h2> <h3>Enhancements</h3> <ul> <li>Allow configuration of <code>ex_cldr_calendars</code> version 2.0 and later.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/elixir-cldr/cldr_dates_times/blob/main/CHANGELOG.md">ex_cldr_dates_times's changelog</a>.</em></p> <blockquote> <h2>Cldr_Dates_Times v2.22.0</h2> <p>This is the changelog for Cldr_Dates_Times v2.22.0 released on March 18th, 2025. For older changelogs please consult the release tag on <a href="https://github.com/elixir-cldr/cldr_cldr_dates_times/tags">GitHub</a></p> <h3>Breaking Data format changes</h3> <p>There are some changes to the underlying locale data format that will be a breaking change for results returned from:</p> <ul> <li><code>Cldr.DateTime.Format.time_formats/{1,2,3}</code></li> <li><code>MyApp.Cldr.Calendar.day_periods/{0, 1, 2}</code></li> </ul> <p>The data changes are summarised as:</p> <ul> <li>Time formats now group the <code>:default</code> and <code>:ascii</code> alternatives.</li> <li>Day periods used for date/time formatting now group the alternatives for <code>am</code> and <code>pm</code> where the data is available.</li> <li>Day period display names now group the alternatives for <code>am</code> and <code>pm</code> where the data is available.</li> </ul> <h3>Enhancements</h3> <ul> <li>Update to <a href="https://cldr.unicode.org/downloads/cldr-47">CLDR 47</a> data.</li> </ul> <h2>Cldr_Dates_Times v2.21.0</h2> <p>This is the changelog for Cldr_Dates_Times v2.21.0 released on January 31st, 2025. For older changelogs please consult the release tag on <a href="https://github.com/elixir-cldr/cldr_cldr_dates_times/tags">GitHub</a></p> <h3>Enhancements</h3> <ul> <li>Allow configuration of <code>ex_cldr_calendars</code> version 2.0 and later.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
dependabot[bot]
|
a66423c25c |
build(deps): bump @fontsource/source-sans-3 from 5.1.1 to 5.2.6 in /elixir/apps/web/assets (#8599)
Bumps [@fontsource/source-sans-3](https://github.com/fontsource/font-files/tree/HEAD/fonts/google/source-sans-3) from 5.1.1 to 5.2.6. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/fontsource/font-files/commits/HEAD/fonts/google/source-sans-3">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Jamil
|
6e336fc3bc |
fix(portal): Update flows fkey constraints to cascade deletes (#8645)
The `flows` table currently has `ON DELETE SET NULL` behavior for many of its foreign key constraints. The problem is that if we try to delete any of the associated entities, setting a null here causes the DB operation to fail with: ``` ERROR: null value in column "policy_id" of relation "flows" violates not-null constraint ``` I can understand why it was originally architected like this to preserve connection log data, but we'll be using another approach for that that doesn't require maintaining relational data in perpetuity. Related: #949 |
||
|
Jamil
|
fb9f132a49 |
fix(portal): Interpret missing members as empty list (#8640)
The Google API will often return a missing `members` key alongside a `200` response from their members API. The documentation here isn't clear whether this key is expected or not, but since the sync has been working fine up until #8608, we can only surmise that the missing key in fact means the group has no members. This PR updates the Google API client so that a `default_if_missing` can be passed in which is returned if the API response is missing the JSON key to fetch. For the users, groups, and organization units fetches, we consider a missing key to be an error and we return `{:error, :invalid_response}` since this most likely indicates an API problem. For the members endpoint, we consider the missing key to be the empty set. Additionally, a bug is fixed that was introduced in #8608 whereupon we returned `{:error, :retry_later}` for newly-accounted-for API responses, which would have caused a "sync failed" email to be sent to the admins on the instance. Instead, we want to return `{:error, :invalid_response}` which will stop the sync from progressing, and log it internally. |
||
|
Jamil
|
2f7598c648 |
fix(portal): Delete soft-deleted synced actor_groups (#8638)
The previous migration only accounted for soft-deleted rows that have an active counterpart. This fails the new unique index if multiple soft-deleted rows exist for the same `account_id, provider_id, provider_identifier` combination. Instead, to appease the new index, we need to delete all soft-deleted rows where these fields exist. Related: #8615 |
||
|
Jamil
|
713ff1e7de |
chore(portal): Log problematic identity api responses (#8623)
After merging #8608, we discovered that we receive unexpected API responses on the regular. This adds improved logging to uncover what exactly these unexpected API responses are. |
||
|
Jamil
|
f275bf70d9 |
fix(portal): Resurrect deleted identities and groups (#8615)
When syncing identities from an identity, we have logic in place that resurrects any soft-deleted identities in order to maintain their session history, group memberships and any other relevant data. Users can be temporarily suspended from their identity provider and then resumed. Groups, however, based on cursory research, can never be temporarily suspended at the identity provider. However, this doesn't mean that we can't see the group disappear and reappear at a later point in time. This can happen due to a temporary sync issue, or in the upcoming Group Filters PR: #8381. This PR adds more robust testing to ensure we can in fact resurrect identities as expected. It also updates the group sync logic to similarly resurrect soft-deleted groups if they are seen again in a subsequent sync. To achieve this, we need to update the `UNIQUE CONSTRAINT` used in the upsert clause during the sync. Before, it was possible for two (or more) groups to exist with the same provider_identifier and provider_id, if `deleted_at IS NOT NULL`. Now, we need to ensure that only one group with the same `account_id, provider_id, provider_identifier` can exist, since we want to resurrect and not recreate these. To do this, we use a migration that does the following: 1. Ensures any potentially problematic data is permanently deleted 2. Drops the existing unique constraint 3. Recreates it, omitting `WHERE DELETED_AT IS NULL` from the partial index. Based on exploring the production DB data, this should not cause any issues, but it would be a good idea to double-check before rolling this out to prod. Lastly, the final missing piece to the resurrection story is Policies. This is saved for a future PR since we need to first define the difference between a policy that was soft-deleted via a sync job, and a policy that was "perma" deleted by a user. Related: #8187 |
||
|
Jamil
|
88c4e723a6 |
fix(portal): Gracefully handle dir sync error responses (#8608)
When calling the various directory sync endpoints, we had error cases
that matched a few of the possible error scenarios in an appropriate way
by returning either `{:error, :retry_later}` or the `{:error, ...}`
tuples.
However, as we've recently learned in [this
thread](https://firezonehq.slack.com/archives/C069H865MHP/p1743521884037159),
it's possible for identity provider APIs to return all kinds of bogus
data here, and we need a more defensive approach.
The specific issue this PR addresses is the case where we receive a
`2xx` response, but without the expected JSON key in the response body.
That will result in the `list*` functions returning an empty list, which
the calling code paths then use to soft-delete all existing record types
in the DB.
This is wrong. If the JSON response is missing a key we're expecting, we
instead log a warning and return `{:error, :retry_later}`. It's
currently unknown when exactly this happens and why, but with better
monitoring here we'll have a much better picture as to why.
|
||
|
Jamil
|
8805d906aa |
chore(portal): Leave notes around sync frequency (#8605)
When reading through these modules, it's helpful to know that the actual sync data update doesn't occur more often than 10 minutes due to a database check. |
||
|
Jamil
|
ce82859cd4 |
fix(portal): Disable mock sync job in prod (#8606)
The adapter itself isn't enabled in the UI on prod, but the background job to sync mock data was. This prevents the job from being started and emitting log noise into production logs. |
||
|
Jamil
|
936f5ddb01 |
chore(billing): Enable automatic tax calculation by default (#8552)
When a customer signs up for Starter or Team, we don't enable tax calculation by default. This means customers can upgrade to Team, start paying invoices, and we won't collect taxes. This creates a management issue and possible tax liability since I need to manually reconcile these. Instead, since we have Stripe Tax configured on our account, we can enable automatic tax calculation when the subscription is created. Any products (Starter/Team/Enterprise) therefore in the subscription will automatically collect tax appropriately. In most cases in the US, the tax rate is 0. In EU transactions, for B2B sales, the tax rate for us is also 0 (reverse charge basis). If we sell a Team subscription to an individual, however, we need to collect VAT. There doesn't seem to be a way to block consumer EU transactions in Stripe, so we'll likely need to register for VAT in the EU if we cross the reporting threshold. |
||
|
Jamil
|
2dbfae9ba9 |
fix(portal): Use old policy for broadcasting events when updated (#8550)
A regression was introduced in
|
||
|
Jamil
|
95d3f765f4 |
feat(portal): Show Internet Resource in resources/index (#8495)
After removing some of the functionality for viewing the Internet
Resource, customer was confused where to find it again.
This places an `Internet` section in the Resources index page (similar
to Sites page) with a short help text and an action button to view the
Internet Resource.
This also adds a convenient helper that allows us to route to
`/#{account}/resources/internet` for a nicer-looking URL that users can
bookmark if needed.
<img width="1423" alt="Screenshot 2025-03-19 at 11 52 31 PM"
src="https://github.com/user-attachments/assets/f2da1c31-92b2-429e-832f-73ddd0524155"
/>
Fixes #8479
|
||
|
Brian Manifold
|
3313e7377e |
feat(portal): Add account delete button (#8487)
Why: * This commit will allow account admins to send a request through the Firezone portal to schedule a deletion of their account, rather than having the account admins email their request manually. Doing this through the portal allows us to verify that the request actually came from an admin of the account. |
||
|
Jamil
|
595fb7efd9 |
refactor(portal): Rename resource_cidrs -> device_cidrs (#8482)
I was debugging some of this just now and realized our naming / comments are incorrect here, so thought I'd open a PR to tidy things up for the next person reading this. Resource CIDRs actually occupy the `100.96.0.0/11` range (and IPv6 equivalent), but the portal doesn't generate these. |
||
|
Brian Manifold
|
e14e5c4008 |
refactor(portal): Use appropriate access token for Google IdP (#8478)
Why: * Previously, when running a directory sync with the Google Workspace IdP adapter, if a service account had been configured but there was a problem getting an access token for the service account, the sync job would fall back to using a personal access token. We no longer want to rely on any personal access token once a service account has been configured. This commit will make sure that if a service account is configured there is no way to fall back to any personal access token. Fixes #8409 |
||
|
Jamil
|
366215b1d6 |
fix(gateway): Prefer setting FIREZONE_ID over /var/lib/firezone (#8475)
When deploying a Gateway from the admin portal UI, we show various environment variables required for setup. Until now, we've relied on the `/var/lib/firezone` persistence method for identifying the Gateway. However, this can cause issues on some systems that don't have writeable access to /var/lib/firezone, or old versions of systemd that don't support sandboxed access to this directory. This PR updates each deployment method to use `FIREZONE_ID` instead everywhere. Additionally, since the Docker upgrade script needs to reinvoke the new container using the same arguments (more or less) as the install, we need to extract the old `/var/lib/firezone/gateway_id` file out of the existing container if it exists, and try to insert it into the upgraded container. Tested both scripts, including upgrades for the Docker script. Fixes: #8471 |
||
|
Jamil
|
d143d4dc89 |
feat(portal): Add changelog link to outdated gateway email (#8458)
It would be useful to have a link to the changelog in our outdated gateway email. See https://firezonehq.slack.com/archives/C069H865MHP/p1742088424077639 <img width="638" alt="Screenshot 2025-03-16 at 9 39 22 PM" src="https://github.com/user-attachments/assets/f67b9b3e-9796-45a9-ae90-26eeabc40740" /> |
||
|
Jamil
|
4ce2f160e3 |
fix(portal): Allow .local for search_domains (#8472)
This apparently is explicitly used by customers. See https://firezonehq.slack.com/archives/C08FPHECLUF/p1742221580587719?thread_ts=1741639183.188459&cid=C08FPHECLUF |