Merge branch 'main' into flight-livetail

.github/workflows/release.yml

@@ -35,15 +35,15 @@ jobs:
           command: build
           args: --release --target ${{matrix.target}}
 
+      - name: Rename binary
+        run: |
+          mv target/${{ matrix.target }}/release/parseable Parseable_${{ matrix.target }}
+
       - name: Create Artifact
         uses: actions/upload-artifact@v3
         with:
           name: Parseable_${{ matrix.target }}
-          path: target/${{ matrix.target }}/release/parseable
-
-      - name: Rename binary
-        run: |
-          mv target/${{ matrix.target }}/release/parseable Parseable_${{ matrix.target }}
+          path: Parseable_${{ matrix.target }}
 
       - name: Publish Archive to Release Page
         uses: softprops/[email protected]
@@ -71,16 +71,16 @@ jobs:
       - name: Build
         run: cargo build --all --release --target x86_64-pc-windows-msvc
 
-      - name: Create artifact for Windows
-        uses: actions/upload-artifact@v2
-        with:
-          name: Parseable_x86_64-pc-windows-msvc
-          path: target/x86_64-pc-windows-msvc/release/PARSEABLE.exe
-
       - name: Rename binary
         run: |
           mv target/x86_64-pc-windows-msvc/release/PARSEABLE.exe Parseable_x86_64-pc-windows-msvc.exe
 
+      - name: Create artifact for Windows
+        uses: actions/upload-artifact@v2
+        with:
+          name: Parseable_x86_64-pc-windows-msvc.exe
+          path: Parseable_x86_64-pc-windows-msvc.exe
+
       - name: Publish Archive to Release Page
         uses: softprops/[email protected]
         if: ${{ startsWith(github.ref, 'refs/tags/') }}
@@ -116,16 +116,15 @@ jobs:
           cargo build --release --target ${{ matrix.target }}
           strip target/${{ matrix.target }}/release/Parseable
 
+      - name: Rename binary
+        run: |
+          mv target/${{ matrix.target }}/release/Parseable Parseable_${{ matrix.target }}
+
       - name: Create artifact
         uses: actions/upload-artifact@v2
         with:
           name: Parseable_${{ matrix.target }}
-          path: |
-            target/${{ matrix.target }}/release/Parseable
-
-      - name: Rename binary
-        run: |
-          mv target/${{ matrix.target }}/release/Parseable Parseable_${{ matrix.target }}
+          path: Parseable_${{ matrix.target }}
 
       - name: Publish Archive to Release Page
         uses: softprops/[email protected]
@@ -135,3 +134,29 @@ jobs:
           files: Parseable_${{ matrix.target }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  create-checksum:
+    runs-on: ubuntu-latest
+    needs: [build-linux, build-windows, build-mac]
+    steps:
+      - name: Download artifacts created
+        uses: actions/download-artifact@v3
+
+      - name: Run shasum command
+        run: |
+          find . -type f -name "Parseable_*" -exec shasum {} \; | sed 's/.\/.*\///' > checksum.txt
+
+      - name: Create artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: checksum.txt
+          path: checksum.txt
+
+      - name: Publish Check Sum to Release Page
+        uses: softprops/[email protected]
+        if: ${{ startsWith(github.ref, 'refs/tags/') }}
+        with:
+          draft: false
+          files: checksum.txt
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

server/Cargo.toml

@@ -109,14 +109,15 @@ static-files = "0.2"
 ureq = "2.6"
 vergen = { version = "8.1", features = ["build", "git", "cargo", "gitcl"] }
 zip = { version = "0.6", default_features = false, features = ["deflate"] }
+url = "2.4.0"
 
 [dev-dependencies]
 maplit = "1.0"
 rstest = "0.16"
 
 [package.metadata.parseable_ui]
-assets-url = "https://github.com/parseablehq/console/releases/download/v0.3.0/build.zip"
-assets-sha1 = "eef990cfdbb93861ff6164dbf3e0b0e966b7f95b"
+assets-url = "https://github.com/parseablehq/console/releases/download/v0.3.1/build.zip"
+assets-sha1 = "6abd7b5ca5b9c832ff58b8450cffdc83dd7172bf"
 
 [features]
 debug = ["pyroscope", "pyroscope_pprofrs"]

server/build.rs

@@ -139,6 +139,17 @@ mod ui {
         file.write_all(checksum.as_bytes())?;
         file.flush()?;
 
+        if local_assets_path.is_none() {
+            // emit ui version for asset url
+            let url = url::Url::parse(url).expect("valid url");
+            let ui_version = url
+                .path_segments()
+                .expect("has segemnts")
+                .find(|v| v.starts_with('v'))
+                .expect("version segement");
+            println!("cargo:rustc-env=UI_VERSION={}", ui_version);
+        }
+
         Ok(())
     }
 }

server/src/handlers/http.rs

@@ -261,8 +261,14 @@ pub fn configure_routes(
                 .authorize(Action::QueryLLM),
         ),
     );
+
     let role_api = web::scope("/role")
         .service(resource("").route(web::get().to(role::list).authorize(Action::ListRole)))
+        .service(
+            resource("/default")
+                .route(web::put().to(role::put_default).authorize(Action::PutRole))
+                .route(web::get().to(role::get_default).authorize(Action::GetRole)),
+        )
         .service(
             resource("/{name}")
                 .route(web::put().to(role::put).authorize(Action::PutRole))

server/src/handlers/http/about.rs

@@ -44,9 +44,11 @@ pub async fn about() -> Json<serde_json::Value> {
     let store = CONFIG.storage().get_endpoint();
     let is_llm_active = &CONFIG.parseable.open_ai_key.is_some();
     let llm_provider = is_llm_active.then_some("OpenAI");
+    let ui_version = option_env!("UI_VERSION").unwrap_or("development");
 
     Json(json!({
         "version": current_version,
+        "uiVersion": ui_version,
         "commit": commit,
         "deploymentId": deployment_id,
         "updateAvailable": update_available,

server/src/handlers/http/oidc.rs

@@ -35,7 +35,7 @@ use crate::{
     oidc::{Claims, DiscoveredClient},
     option::CONFIG,
     rbac::{
-        map::SessionKey,
+        map::{SessionKey, DEFAULT_ROLE},
         user::{User, UserType},
         Users,
     },
@@ -260,22 +260,27 @@ async fn put_user(
     group: Option<HashSet<String>>,
 ) -> Result<User, ObjectStorageError> {
     let mut metadata = get_metadata().await?;
-    let user = match metadata
+    let group = group.unwrap_or_else(|| {
+        DEFAULT_ROLE
+            .lock()
+            .unwrap()
+            .clone()
+            .map(|role| HashSet::from([role]))
+            .unwrap_or_default()
+    });
+
+    let user = metadata
         .users
         .iter()
         .find(|user| user.username() == username)
-    {
-        Some(user) => user.clone(),
-        None => {
-            let mut user = User::new_oauth(username.to_owned());
-            if let Some(group) = group {
-                user.roles = group
-            }
+        .cloned()
+        .unwrap_or_else(|| {
+            let user = User::new_oauth(username.to_owned(), group);
             metadata.users.push(user.clone());
-            put_metadata(&metadata).await?;
             user
-        }
-    };
+        });
+
+    put_metadata(&metadata).await?;
     Users.put_user(user.clone());
     Ok(user)
 }

server/src/handlers/http/role.rs

@@ -21,7 +21,10 @@ use http::StatusCode;
 
 use crate::{
     option::CONFIG,
-    rbac::{map::mut_roles, role::model::DefaultPrivilege},
+    rbac::{
+        map::{mut_roles, DEFAULT_ROLE},
+        role::model::DefaultPrivilege,
+    },
     storage::{self, ObjectStorageError, StorageMetadata},
 };
 
@@ -71,6 +74,28 @@ pub async fn delete(name: web::Path<String>) -> Result<impl Responder, RoleError
     Ok(HttpResponse::Ok().finish())
 }
 
+// Handler for PUT /api/v1/role/default
+// Delete existing role
+pub async fn put_default(name: web::Json<String>) -> Result<impl Responder, RoleError> {
+    let name = name.into_inner();
+    let mut metadata = get_metadata().await?;
+    metadata.default_role = Some(name.clone());
+    *DEFAULT_ROLE.lock().unwrap() = Some(name);
+    put_metadata(&metadata).await?;
+    Ok(HttpResponse::Ok().finish())
+}
+
+// Handler for GET /api/v1/role/default
+// Delete existing role
+pub async fn get_default() -> Result<impl Responder, RoleError> {
+    let res = match DEFAULT_ROLE.lock().unwrap().clone() {
+        Some(role) => serde_json::Value::String(role),
+        None => serde_json::Value::Null,
+    };
+
+    Ok(web::Json(res))
+}
+
 async fn get_metadata() -> Result<crate::storage::StorageMetadata, ObjectStorageError> {
     let metadata = CONFIG
         .storage()

server/src/main.rs

@@ -66,7 +66,7 @@ async fn main() -> anyhow::Result<()> {
     migration::run_metadata_migration(&CONFIG).await?;
     let metadata = storage::resolve_parseable_metadata().await?;
     banner::print(&CONFIG, &metadata).await;
-    rbac::map::init(metadata.users.clone(), metadata.roles.clone());
+    rbac::map::init(&metadata);
     metadata.set_global();
     let prometheus = metrics::build_metrics_handler();
     CONFIG.storage().register_store_metrics(&prometheus);

server/src/rbac/map.rs

@@ -16,22 +16,23 @@
  *
  */
 
-use crate::option::CONFIG;
 use crate::rbac::user::User;
-use std::collections::HashMap;
+use crate::{option::CONFIG, storage::StorageMetadata};
+use std::{collections::HashMap, sync::Mutex};
 
 use super::{
     role::{model::DefaultPrivilege, Action, Permission, RoleBuilder},
     user,
 };
 use chrono::{DateTime, Utc};
-use once_cell::sync::OnceCell;
+use once_cell::sync::{Lazy, OnceCell};
 use std::sync::{RwLock, RwLockReadGuard, RwLockWriteGuard};
 
 pub type Roles = HashMap<String, Vec<DefaultPrivilege>>;
 
 pub static USERS: OnceCell<RwLock<Users>> = OnceCell::new();
 pub static ROLES: OnceCell<RwLock<Roles>> = OnceCell::new();
+pub static DEFAULT_ROLE: Lazy<Mutex<Option<String>>> = Lazy::new(|| Mutex::new(None));
 pub static SESSIONS: OnceCell<RwLock<Sessions>> = OnceCell::new();
 
 pub fn users() -> RwLockReadGuard<'static, Users> {
@@ -86,7 +87,12 @@ pub fn mut_sessions() -> RwLockWriteGuard<'static, Sessions> {
 // the user_map is initialized from the config file and has a list of all users
 // the auth_map is initialized with admin user only and then gets lazily populated
 // as users authenticate
-pub fn init(users: Vec<User>, mut roles: Roles) {
+pub fn init(metadata: &StorageMetadata) {
+    let users = metadata.users.clone();
+    let mut roles = metadata.roles.clone();
+
+    *DEFAULT_ROLE.lock().unwrap() = metadata.default_role.clone();
+
     let admin_privilege = DefaultPrivilege::Admin;
     let admin_permissions = RoleBuilder::from(&admin_privilege).build();
     roles.insert("admin".to_string(), vec![admin_privilege]);

server/src/rbac/user.rs

@@ -57,10 +57,10 @@ impl User {
         )
     }
 
-    pub fn new_oauth(username: String) -> Self {
+    pub fn new_oauth(username: String, roles: HashSet<String>) -> Self {
         Self {
             ty: UserType::OAuth(OAuth { userid: username }),
-            roles: HashSet::new(),
+            roles,
         }
     }
 

server/src/storage/store_metadata.rs

@@ -57,6 +57,8 @@ pub struct StorageMetadata {
     pub streams: Vec<String>,
     #[serde(default)]
     pub roles: HashMap<String, Vec<DefaultPrivilege>>,
+    #[serde(default)]
+    pub default_role: Option<String>,
 }
 
 impl StorageMetadata {
@@ -70,6 +72,7 @@ impl StorageMetadata {
             users: Vec::new(),
             streams: Vec::new(),
             roles: HashMap::default(),
+            default_role: None,
         }
     }