Disable code editor in the UI when modification disabled. Fix mispell…

…ing and renamed to match other SCRIPT_ prefixed settings Signed-off-by: Dom Del Nano <[email protected]>
pixie-io · Dec 23, 2024 · 1c57303 · 1c57303
1 parent 661be10
commit 1c57303
Show file tree

Hide file tree

Showing 15 changed files with 33 additions and 16 deletions.
diff --git a/k8s/cloud/base/api_deployment.yaml b/k8s/cloud/base/api_deployment.yaml
@@ -40,6 +40,8 @@ spec:
             name: pl-ory-service-config
         - configMapRef:
             name: pl-auth-connector-config
+        - configMapRef:
+            name: pl-script-bundles-config
         - configMapRef:
             name: pl-errors-config
             optional: true

diff --git a/k8s/cloud/base/proxy_nginx_config.yaml b/k8s/cloud/base/proxy_nginx_config.yaml
@@ -35,6 +35,7 @@ data:
     sub_filter '__CONFIG_DOMAIN_NAME__' "'${domain_name}'";
     sub_filter '__CONFIG_SCRIPT_BUNDLE_URLS__' "'${script_bundle_urls}'";
     sub_filter '__CONFIG_SCRIPT_BUNDLE_DEV__' "'${script_bundle_dev}'";
+    sub_filter '__CONFIG_SCRIPT_MODIFICATION_DISABLED__' "'${script_modification_disabled}'";
     sub_filter '__SEGMENT_UI_WRITE_KEY__' "'${segment_ui_write_key}'";
     sub_filter '__SEGMENT_ANALYTICS_JS_DOMAIN__' "'segment.${domain_name}'";
     sub_filter '__CONFIG_LD_CLIENT_ID__' "'${ld_client_id}'";
@@ -134,6 +135,7 @@ data:
     set_by_lua_block $segment_cli_write_key  { return os.getenv("PL_SEGMENT_CLI_WRITE_KEY") }
     set_by_lua_block $script_bundle_urls  { return os.getenv("SCRIPT_BUNDLE_URLS") }
     set_by_lua_block $script_bundle_dev  { return os.getenv("SCRIPT_BUNDLE_DEV") }
+    set_by_lua_block $script_modification_disabled  { return os.getenv("SCRIPT_MODIFICATION_DISABLED") }
     set_by_lua_block $analytics_enabled  { return os.getenv("ANALYTICS_ENABLED") }
     set_by_lua_block $announcement_enabled  { return os.getenv("ANNOUNCEMENT_ENABLED") }
     set_by_lua_block $announce_widget_url  { return os.getenv("ANNOUNCE_WIDGET_URL") }
@@ -169,7 +171,8 @@ data:
     env PL_HYDRA_SERVICE;
     env PL_KRATOS_SERVICE;
     env SCRIPT_BUNDLE_URLS;
-    env SCRIPT_BUNDE_DEV;
+    env SCRIPT_BUNDLE_DEV;
+    env SCRIPT_MODIFICATION_DISABLED;
     env ANALYTICS_ENABLED;
     env ANNOUNCEMENT_ENABLED;
     env ANNOUNCE_WIDGET_URL;

diff --git a/k8s/cloud/base/script_bundles_config.yaml b/k8s/cloud/base/script_bundles_config.yaml
@@ -9,3 +9,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/k8s/cloud/dev/script_bundles_config.yaml b/k8s/cloud/dev/script_bundles_config.yaml
@@ -10,3 +10,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/k8s/cloud/prod/script_bundles_config.yaml b/k8s/cloud/prod/script_bundles_config.yaml
@@ -10,3 +10,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/k8s/cloud/public/base/script_bundles_config.yaml b/k8s/cloud/public/base/script_bundles_config.yaml
@@ -9,3 +9,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/k8s/cloud/staging/script_bundles_config.yaml b/k8s/cloud/staging/script_bundles_config.yaml
@@ -10,3 +10,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/k8s/cloud/testing/script_bundles_config.yaml b/k8s/cloud/testing/script_bundles_config.yaml
@@ -10,3 +10,4 @@ data:
     "https://artifacts.px.dev/pxl_scripts/bundle.json"
     ]
   SCRIPT_BUNDLE_DEV: "false"
+  SCRIPT_MODIFICATION_DISABLED: "false"
diff --git a/src/cloud/api/api_server.go b/src/cloud/api/api_server.go
@@ -66,7 +66,7 @@ func init() {
 
 	pflag.String("auth_connector_name", "", "If any, the name of the auth connector to be used with Pixie")
 	pflag.String("auth_connector_callback_url", "", "If any, the callback URL for the auth connector")
-	pflag.Bool("disable_script_modification", false, "If script modification should be disallowed to prevent arbitrary script execution")
+	pflag.Bool("script_modification_disabled", false, "If script modification should be disallowed to prevent arbitrary script execution")
 }
 
 func main() {
@@ -221,8 +221,8 @@ func main() {
 	sms := &controllers.ScriptMgrServer{ScriptMgr: sm}
 	cloudpb.RegisterScriptMgrServer(s.GRPCServer(), sms)
 
-	disableScriptModification := viper.GetBool("disable_script_modification")
-	vpt := ptproxy.NewVizierPassThroughProxy(nc, vc, sm, disableScriptModification)
+	scriptModificationDisabled := viper.GetBool("script_modification_disabled")
+	vpt := ptproxy.NewVizierPassThroughProxy(nc, vc, sm, scriptModificationDisabled)
 	vizierpb.RegisterVizierServiceServer(s.GRPCServer(), vpt)
 	vizierpb.RegisterVizierDebugServiceServer(s.GRPCServer(), vpt)
 

diff --git a/src/cloud/api/ptproxy/vizier_pt_proxy.go b/src/cloud/api/ptproxy/vizier_pt_proxy.go
@@ -52,10 +52,10 @@ type scriptmgrClient interface {
 // VizierPassThroughProxy implements the VizierAPI and allows proxying the data to the actual
 // vizier cluster.
 type VizierPassThroughProxy struct {
-	nc                       *nats.Conn
-	vc                       vzmgrClient
-	sm                       scriptmgrClient
-	disableScriptModifiation bool
+	nc                         *nats.Conn
+	vc                         vzmgrClient
+	sm                         scriptmgrClient
+	scriptModificationDisabled bool
 }
 
 // getServiceCredentials returns JWT credentials for inter-service requests.
@@ -65,8 +65,8 @@ func getServiceCredentials(signingKey string) (string, error) {
 }
 
 // NewVizierPassThroughProxy creates a new passthrough proxy.
-func NewVizierPassThroughProxy(nc *nats.Conn, vc vzmgrClient, sm scriptmgrClient, disableScriptModifiation bool) *VizierPassThroughProxy {
-	return &VizierPassThroughProxy{nc: nc, vc: vc, sm: sm, disableScriptModifiation: disableScriptModifiation}
+func NewVizierPassThroughProxy(nc *nats.Conn, vc vzmgrClient, sm scriptmgrClient, scriptModificationDisabled bool) *VizierPassThroughProxy {
+	return &VizierPassThroughProxy{nc: nc, vc: vc, sm: sm, scriptModificationDisabled: scriptModificationDisabled}
 }
 
 func (v *VizierPassThroughProxy) isScriptModified(ctx context.Context, script string) (bool, error) {
@@ -98,7 +98,7 @@ func (v *VizierPassThroughProxy) ExecuteScript(req *vizierpb.ExecuteScriptReques
 		return err
 	}
 	defer rp.Finish()
-	if v.disableScriptModifiation {
+	if v.scriptModificationDisabled {
 		modified, err := v.isScriptModified(srv.Context(), req.QueryStr)
 		if err != nil {
 			return err

diff --git a/src/cloud/api/ptproxy/vizier_pt_proxy_test.go b/src/cloud/api/ptproxy/vizier_pt_proxy_test.go
@@ -66,15 +66,15 @@ type testState struct {
 	conn *grpc.ClientConn
 }
 
-func createTestState(t *testing.T, disableScriptModification bool) (*testState, func(t *testing.T)) {
+func createTestState(t *testing.T, scriptModificationDisabled bool) (*testState, func(t *testing.T)) {
 	lis := bufconn.Listen(bufSize)
 	env := env.New("withpixie.ai")
 	s := server.CreateGRPCServer(env, &server.GRPCServerOptions{})
 
 	nc, natsCleanup := testingutils.MustStartTestNATS(t)
 
-	vizierpb.RegisterVizierServiceServer(s, ptproxy.NewVizierPassThroughProxy(nc, &fakeVzMgr{}, &fakeScriptMgr{}, disableScriptModification))
-	vizierpb.RegisterVizierDebugServiceServer(s, ptproxy.NewVizierPassThroughProxy(nc, &fakeVzMgr{}, &fakeScriptMgr{}, disableScriptModification))
+	vizierpb.RegisterVizierServiceServer(s, ptproxy.NewVizierPassThroughProxy(nc, &fakeVzMgr{}, &fakeScriptMgr{}, scriptModificationDisabled))
+	vizierpb.RegisterVizierDebugServiceServer(s, ptproxy.NewVizierPassThroughProxy(nc, &fakeVzMgr{}, &fakeScriptMgr{}, scriptModificationDisabled))
 
 	eg := errgroup.Group{}
 	eg.Go(func() error { return s.Serve(lis) })

diff --git a/src/ui/src/components/code-editor/code-editor.tsx b/src/ui/src/components/code-editor/code-editor.tsx
@@ -24,6 +24,7 @@ import type { MonacoEditorProps } from 'react-monaco-editor';
 
 import { COMMON_THEME } from 'app/components/mui-theme';
 import { Spinner } from 'app/components/spinner/spinner';
+import { SCRIPT_MODIFICATION_DISABLED } from 'app/containers/constants';
 import { buildClass } from 'app/utils/build-class';
 
 interface CodeEditorProps {
@@ -85,7 +86,7 @@ export class CodeEditor extends React.PureComponent<CodeEditorProps, CodeEditorS
         scrollBeyondLastColumn: 3, // Prevents hiding text behind the minimap or the scrollbar. Expands the scroll area.
         scrollBeyondLastLine: false,
         fontFamily: COMMON_THEME.typography.monospace.fontFamily,
-        readOnly: this.props.isReadOnly === true,
+        readOnly: this.props.isReadOnly === true || SCRIPT_MODIFICATION_DISABLED,
       },
     };
     this.onChange = this.onChange.bind(this);

diff --git a/src/ui/src/containers/constants.ts b/src/ui/src/containers/constants.ts
@@ -35,6 +35,7 @@ declare global {
       LD_CLIENT_ID: string;
       SCRIPT_BUNDLE_URLS: string; // Actually a string[] in JSON form
       SCRIPT_BUNDLE_DEV: boolean;
+      SCRIPT_MODIFICATION_DISABLED: boolean;
       ANALYTICS_ENABLED: boolean;
       ANNOUNCEMENT_ENABLED: boolean;
       ANNOUNCE_WIDGET_URL: string;
@@ -60,6 +61,7 @@ export const { SEGMENT_UI_WRITE_KEY } = window.__PIXIE_FLAGS__;
 export const { LD_CLIENT_ID } = window.__PIXIE_FLAGS__;
 export const { SCRIPT_BUNDLE_URLS } = window.__PIXIE_FLAGS__;
 export const { SCRIPT_BUNDLE_DEV } = window.__PIXIE_FLAGS__;
+export const { SCRIPT_MODIFICATION_DISABLED } = window.__PIXIE_FLAGS__;
 export const { ANALYTICS_ENABLED } = window.__PIXIE_FLAGS__;
 export const { ANNOUNCEMENT_ENABLED } = window.__PIXIE_FLAGS__;
 export const { ANNOUNCE_WIDGET_URL } = window.__PIXIE_FLAGS__;

diff --git a/src/ui/src/flags.js b/src/ui/src/flags.js
@@ -21,7 +21,7 @@ __CONFIG_AUTH_URI__, __CONFIG_AUTH_EMAIL_PASSWORD_CONN__, __CONFIG_DOMAIN_NAME__
 __CONFIG_OIDC_HOST__, __CONFIG_OIDC_METADATA_URL__, __CONFIG_OIDC_CLIENT_ID__, __CONFIG_OIDC_ADDITIONAL_SCOPES__,
 __CONFIG_OIDC_SOCIAL_CONFIG_LOGIN__, __CONFIG_OIDC_SOCIAL_CONFIG_SIGNUP__,
 __CONFIG_LD_CLIENT_ID__, __CONFIG_SCRIPT_BUNDLE_URLS__, __CONFIG_SCRIPT_BUNDLE_DEV__,
-__SEGMENT_UI_WRITE_KEY__, __ANALYTICS_ENABLED__,
+__CONFIG_SCRIPT_MODIFICATION_DISABLED__, __SEGMENT_UI_WRITE_KEY__, __ANALYTICS_ENABLED__,
 __ANNOUNCEMENT_ENABLED__, __ANNOUNCE_WIDGET_URL__, __CONTACT_ENABLED__,
 __PASSTHROUGH_PROXY_PORT__ */
 const OAUTH_PROVIDER = __CONFIG_OAUTH_PROVIDER__;
@@ -38,6 +38,7 @@ const DOMAIN_NAME = __CONFIG_DOMAIN_NAME__;
 const LD_CLIENT_ID = __CONFIG_LD_CLIENT_ID__;
 const SCRIPT_BUNDLE_URLS = __CONFIG_SCRIPT_BUNDLE_URLS__;
 const SCRIPT_BUNDLE_DEV = __CONFIG_SCRIPT_BUNDLE_DEV__;
+const SCRIPT_MODIFICATION_DISABLED = __CONFIG_SCRIPT_MODIFICATION_DISABLED__;
 const SEGMENT_UI_WRITE_KEY = __SEGMENT_UI_WRITE_KEY__;
 const ANALYTICS_ENABLED = __ANALYTICS_ENABLED__;
 const ANNOUNCEMENT_ENABLED = __ANNOUNCEMENT_ENABLED__;
@@ -63,6 +64,7 @@ window.__PIXIE_FLAGS__ = {
   LD_CLIENT_ID,
   SCRIPT_BUNDLE_URLS,
   SCRIPT_BUNDLE_DEV,
+  SCRIPT_MODIFICATION_DISABLED,
   SEGMENT_UI_WRITE_KEY,
   ANALYTICS_ENABLED,
   ANNOUNCEMENT_ENABLED,

diff --git a/src/ui/webpack.config.js b/src/ui/webpack.config.js
@@ -302,6 +302,7 @@ module.exports = (env, argv) => {
       __CONFIG_LD_CLIENT_ID__: JSON.stringify(yamls.ld.data.PL_LD_CLIENT_ID),
       __CONFIG_SCRIPT_BUNDLE_URLS__: JSON.stringify(yamls.scriptBundle.data.SCRIPT_BUNDLE_URLS),
       __CONFIG_SCRIPT_BUNDLE_DEV__: JSON.parse(yamls.scriptBundle.data.SCRIPT_BUNDLE_DEV),
+      __CONFIG_SCRIPT_MODIFICATION_DISABLED__: JSON.parse(yamls.scriptBundle.data.SCRIPT_MODIFICATION_DISABLED),
       __SEGMENT_ANALYTICS_JS_DOMAIN__: `"segment.${yamls.domain.data.PL_DOMAIN_NAME}"`,
     }),
   );