Wgrant/chore/stacklet upgrade 2025 05 #75
Draft
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Lucas Fernando Cardoso Nunes <[email protected]>
Updated from Python 3.8 to 3.10. Python 3.10 is the default for Ubuntu 22. This change necessitated upgrading to SQLAlchemy_Utils 0.38.3, and importing the sort_query function from an older version of SQLAlchemy_Utils because it was dropped in newer versions. Co-authored-by: Ezra Odio <[email protected]>
This covers cases where partitioned tables are part of a schema that is not accessible by the current user. CREATE SCHEMA xyz; CREATE TABLE xyz.tab ( id bigint GENERATED ALWAYS AS IDENTITY, ts timestamp NOT NULL ) PARTITION BY LIST ((ts::date)); CREATE TABLE xyz.tab_default PARTITION OF xyz.tab DEFAULT;
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ezra Odio <[email protected]> Co-authored-by: Eric Radman <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.11.17 to 2024.7.4. - [Commits](certifi/python-certifi@2023.11.17...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Created Moment in ISO 8601 format instead of using the default Date() constructor. Co-authored-by: Ezra Odio <[email protected]>
2.32.0 was yanked
Co-authored-by: Ezra Odio <[email protected]> Co-authored-by: Justin Clift <[email protected]>
Bumps [zipp](https://github.com/jaraco/zipp) from 3.17.0 to 3.19.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.17.0...v3.19.1) --- updated-dependencies: - dependency-name: zipp dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Justin Clift <[email protected]>
Bumps [setuptools](https://github.com/pypa/setuptools) from 69.0.3 to 70.0.0. - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v69.0.3...v70.0.0) --- updated-dependencies: - dependency-name: setuptools dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This change involved adding an extra option to the GridSettings editor, adding the "fixed" option to columns, and adding styling for the fixed columns. In order to change the number of fixed columns, which will default to 0, one has to go to Edit visualization -> Grid -> Choose number of columns to fix -> Save.
* Made Edit alert tooltip render conditionally
Co-authored-by: Ezra Odio <[email protected]> Co-authored-by: Eric Radman <[email protected]>
Co-authored-by: SeongTae Jeong <[email protected]>
Co-authored-by: Ezra Odio <[email protected]> Co-authored-by: Restyled.io <[email protected]>
Co-authored-by: Justin Clift <[email protected]>
Signed-off-by: Wayne Witzel III <[email protected]>
create schema if needed and use in migrations and all queries Signed-off-by: Wayne Witzel III <[email protected]>
Add support for AUTH on Redis. Part of: [ENG-4206](https://stacklet.atlassian.net/browse/ENG-4206)
Makes the JWT support more flexible by allowing the claim which contains the user info configurable, rather than being hard-coded to `email`. Fix JWT validation when no "aud" claim expected Add support for validating the client ID feat: support external login redirection URL (PLATFORM-2411) Add support for sending failed authentication to an external URL when using JWT. feat: reflect stacklet admin in redash (PLATFORM-2545) Now that the JWT token includes the stacklet permissions, we can add or remove the Redash admin group based on whether the user is an admin (has `system: write` permission) in Stacklet. XXX this is not actually this at all; some previous rebase clearly went very wrong fix: compat with Athena queries by locking PyAthena to a max version fix: surface invalid token errors (PLATFORM-2679) Surface invalid token errors to user instead of treating them the same as "not logged in". Part of: [PLATFORM-2679][] [PLATFORM-2679]: https://stacklet.atlassian.net/browse/PLATFORM-2679 fix: find identity from multiple fields in token (PLATFORM-2688) Depending on the identity provider's configuration, the email address (identity) might be present in several different fields. Add logic to be more forgiving of where it is collected from. Fixes [PLATFORM-2688](https://stacklet.atlassian.net/browse/PLATFORM-2688) Return identity instead of mutating payload fix: handle expired tokens properly In PR #31, invalid token errors were changed to surface rather than be ignored. However, since expired tokens weren't handled separately, they were inadvertently included and surfaced as errors when that specific case of "invalid" should actually just be treated as unauthorized (i.e., ignored) and redirected to the Console to be replaced / updated.
…5) (#45) * feat: add db_role to user model (ENG-2473) Part of the Row Level Security (RLS) changes. * Fix is_db_empty check not accounting for schema prefix * Fix DB upgrades not being run * Add db_role to QueryResults as well (ENG-2475) fix: handle missing db_role attribute for ApiUser (ENG-3212) (#54) Public dashboard URLs use the `ApiUser` class rather than `User` which doesn't have the `db_role` attribute. We handle this in most places, but a couple got missed. This prevents public dashboards from properly refreshing their data. Part of: [ENG-3212](https://stacklet.atlassian.net/browse/ENG-3212)
Add the row-level security policy to prevent users from seeing query results that they should not.
…8) (#47) If the current user has a `db_role`, they should only see query results that they have generated, so that they don't see results which contain info about resources they don't have permission to view. feat: use per-user db role for query exec (ENG-2474) (#48) * feat: use per-user db role for query exec (ENG-2474) Login with per-user PG database role, if available, to ensure that RLS policies are applied to user queries. * Reject login from unknown SSO users * Use pre-filtered query for QueryResults rather than session-level `set role` * Add docstring with non-obvious context
* fix: make UI redirect to console for expired auth (ENG-3278) * Make login popup work with Stacklet login * Popup login window doesn't work with Stacklet login * Preserve path on login redirect * Append redirectPath JIT so that it is accurate
…58) * feat: support return redirect for unauthed links and explicit logout Implementing ENG-3278 added support for returning to the desired page after login for existing tabs whose auth had expired, but it still doesn't work for fresh links when not authed. This also adds support for logging out via the Redash menu when using shared auth. * Fix logout redirect
* Handle unsupported data source schema refreshes as skips * Check and log missing periodic jobs
PR #42 added the check for expected periodic jobs to the worker health check, but that doesn't actually help because it restarts the worker process rather than the scheduler process. This creates a health check for the scheduler and moves the periodic jobs check to that. Fixes: [ENG-2154](https://stacklet.atlassian.net/browse/ENG-2154)
Sometimes the task for the existing scheduler takes a bit of time to terminate / cleanup, which can leave the scheduler not running. This adds additional retries and some waiting to give it time to take over as the active scheduler.
Don't raise an exception when checking for outdated queries, if a query's schedule is missing an "until" key. That can lead to valid queries being accidentally disabled.
For redash-infra to stick the root user's in SSM.
fix: local => locale (#16) Revert "fix: local => locale (#16)" (#19) This reverts commit a0a1e0a. fix: fix js error when query schedule includes a time (ENG-859) (#34) Not sure how we haven't hit this before, but it appears that having a query with a schedule value detailed enough to include a time component rather than just a weekday triggers a bug in the moment date library which blows up the Redash UI. This works around it to avoid that error. Fixes: [ENG-859](https://stacklet.atlassian.net/browse/ENG-859)
Add Segment tracking code to get analytics data for Redash usage. Fixes: [PLATFORM-2626](https://stacklet.atlassian.net/browse/PLATFORM-2626)
* chore: change styling to match stacklet (ENG-966) Adjust colors and logos / icons to match Stacklet branding. Fixes: [ENG-966](https://stacklet.atlassian.net/browse/ENG-966) * Fix navbar bg color
* chore(deps): upgrade dompurify (security), axios-auth-refresh - upgrade to latest dompurify on 2.x branch (2.4.7) - upgrade axios-auth-refresh as axios dep version no longer on registry * Update lockfile to fix build error --------- Co-authored-by: Cory Johns <[email protected]>
- install @stacklet/ui Revert "build: add auth script for codeartifact (ENG-4145)" reintroduce stacklet components fix: updated justfile pkg-login to work with macOS userlad (ENG-4259)
* chore: RIOT double-install cleanup (ENG-2706) Remove duplicate superuser and bulitin groups. * make sure we have exactly one org and user * make sure we no-op in non-riot deployments
wgrant
force-pushed
the
wgrant/chore/stacklet-upgrade-2025-05
branch
from
c656d05 to
d7e572c
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
Description
How is this tested?
Related Tickets & Documents
Mobile & Desktop Screenshots/Recordings (if there are UI changes)