Why:
* The portal currently shows API clients in the Actors index list. Each
Actor in the list has a link to their own 'show' page. Prior to this
commit, selecting an API client from the list would result an error.
While API clients are technically an Actor, they aren't quite the same
as all other Actors because they are only used to configure the portal
for a given account. Because of this, they don't have the same
information to show as all other Actors. This commit sets the 'show' URL
for API clients to the 'settings' page to show the proper info for the
API client.
Fixes: #7370
Why:
* Without some type of notification, users do not realize that new
Gateway versions have been released and thus do not seem to be upgrading
their deployed Gateways.
Why:
* A handful of 'show' pages were throwing errors for entities created
using the API. The reason was due to the fact that the
`created_by_actor` was not being preloaded and when the details on the
show page were being rendered. This commit updates the various pages to
preload the `created_by_actor` to allow for both API created entities
and UI created entities.
Now you can "edit" any fields on the policy, when one of fields that
govern the access is changed (resource, actor group or conditions) a new
policy will be created and an old one is deleted. This will be
broadcasted to the clients right away to minimize downtime. New policy
will have it's own flows to prevent confusion while auditing. To make
experience better for external systems we added `persistent_id` that
will be the same across all versions of a given policy.
Resources work in a similar fashion but when they are replaced we will
also replace all corresponding policies.
An additional nice effect of this approach is that we also got
configuration audit log for resources and policies.
Fixes#2504
This adds a feature that will email all admins in a Firezone Account
when sync errors occur with their Identity Provider.
In order to avoid spamming admins with sync error emails, the error
emails are only sent once every 24 hours. One exception to that is when
there is a successful sync the `sync_error_emailed_at` field is reset,
which means in theory if an identity provider was flip flopping between
successful and unsuccessful syncs the admins would be emailed more than
once in a 24 hours period.
### Sample Email Message
<img width="589" alt="idp-sync-error-message"
src="https://github.com/user-attachments/assets/d7128c7c-c10d-4d02-8283-059e2f1f5db5">
Viewing a Resource created by an API client was crashing the view due to
the function creating the link to the actor not accounting for the API
client case.
Closes#6267
We were generating fake tokens when identity was not found but those had
empty ids so the code crashed. Now we fake the entire token and make
sure it's length is stable.
Why:
* Before the REST API is release to all Firezone users a closed beta
program will be run. Rather than blurring out the API Clients page for
users that are not apart of the closed beta program, a 'beta' page will
be shown that will allow users to request access to the closed beta.
Once the REST API is released to all accounts, all of this can be
removed.
Closes: #5920
### Screenshot
<img width="1445" alt="Screenshot 2024-07-24 at 6 55 36 PM"
src="https://github.com/user-attachments/assets/a09591bc-190c-4bd4-9716-9a74a0f09e0a">
Fixes a UX issue somewhat introduced by
https://github.com/firezone/firezone/pull/5870 where we changed behavior
to make the redirect consistent with other CRUD operations.
The behavior we had prior to
https://github.com/firezone/firezone/pull/5870 was to redirect to
Resource show, but feedback from customer (which makes sense) is that
you almost _always_ create a Policy after creating a Resource, so this
PR streamlines the hot path flow there.
This has occurred to a couple users in Discord as well, so by taking
them directly to policies/new it hopefully make clear the user needs to
create a Policy after creating a Resource.
This papercut occurred while customer was demo'ing Firezone to another
potential customer.
Fixes#5929
cc @jameswinegar
…idc users (#5127)
Currently we can only send a welcome email to oidc users who have
already logged in once. For manually provisionned oidc users, we can't.
This PR aims to solve this issue
---------
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
You still can generate a link that will inject a text as long as it has
`@` in it - there is no good ways to validate emails other than just
check for that. The only *reliable* ways to fix that is to either remove
that text (making users more confused) or only show it if identity was
found (leaking the fact of it's existence).
Fixes#5270
- Relaxes the `NOT NULL` constraint because in Clients we already
account for empty address descriptions (by showing the address in its
place if missing). We may want to simply hide the Resource altogether if
the description is missing (based on user feedback). With a blank field,
we can differentiate between not entered vs entered an address.
- Updates help text a bit
```[tasklist]
- [x] Update docs with examples
```
<img width="772" alt="Screenshot 2024-06-06 at 12 01 48 PM"
src="https://github.com/firezone/firezone/assets/167144/523aa0ff-f30d-44cb-bb3c-5d5cda7236e6">
---------
Signed-off-by: Jamil <jamilbk@users.noreply.github.com>
For oidc users, `provider_identifier` is an id and not the email of the
user.
Contributed by @Intuinewin
---------
Co-authored-by: Antoine <antoinelabarussias@gmail.com>
Why:
* JumpCloud directory sync was requested from customers. JumpCloud only
offers the ability to use it's API with an admin level access token that
is tied to a specific user within a given JumpCloud account. This would
require Firezone customers to give an access token with much more
permissions that needed for our directory sync. To avoid this, we've
decide to use WorkOS to provide SCIM support between JumpCloud and
WorkOS, which will allow Firezone to then easily and safely retrieve
JumpCloud directory info from WorkOS.
---------
Co-authored-by: Jamil <jamilbk@users.noreply.github.com>
- Fixes policy creation when `policy_conditions` is disabled
- Updates design so that items are a little more aligned and text has
more / consistent spacing around.
https://github.com/firezone/firezone/assets/167144/b9c29110-ae1c-4841-b999-a0da022f4a38
Test is failing though. Before sinking more time into this I wanted to
open this PR to get @AndrewDryga's input.
