consul/ui/packages/consul-ui
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816)
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
2024-10-16 12:23:33 -04:00
..
app [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 2024-10-16 12:23:33 -04:00
blueprints [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
config NET-5398: Update UI server to include if v2 is enabled (#20353) 2024-01-26 14:38:51 -07:00
docs OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
lib Cc 7146/convert consul hcp to a simpler component for some upcoming changes (#20344) 2024-01-26 16:39:50 -08:00
mock-api [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 2024-10-16 12:23:33 -04:00
node-tests/config NET-5398: Update UI server to include if v2 is enabled (#20353) 2024-01-26 14:38:51 -07:00
public Update brand assets (#10081) 2021-05-03 16:19:09 +01:00
server [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
tests Revert link existing but better 🪦 (#20830) 2024-03-13 13:59:00 -07:00
translations Revert link existing but better 🪦 (#20830) 2024-03-13 13:59:00 -07:00
vendor NET-5398: V2 unavailable UI message (#20359) 2024-01-29 14:28:41 -07:00
.docfy-config.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
.editorconfig
.ember-cli
.eslintignore [UI]: update Ember to 3.27 (#16227) 2023-02-10 13:32:19 -08:00
.eslintrc.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
.gitignore add scripts for testing locally consul-ui-toolkit (#16794) 2023-03-27 17:00:59 -07:00
.istanbul.yml [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
.prettierignore ui: chore - upgrade ember and friends (#14518) 2022-09-15 09:43:17 +01:00
.prettierrc
.prettierrc.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
.template-lintrc.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
.watchmanconfig
GNUmakefile OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
README.md Upgrade Consul UI to Node 18 (#19252) 2023-10-23 12:29:04 -06:00
ember-cli-build.js [ui] Prettify ember-cli-build (#21731) 2024-09-13 15:30:46 -04:00
package.json [ui] codemirror lint removal (#21726) 2024-09-13 13:59:40 -04:00
tailwind.config.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
testem.js [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00

README.md

consul-ui

Prerequisites

You will need the following things properly installed on your computer.

Installation

  • git clone https://github.com/hashicorp/consul.git this repository
  • cd ui/packages/consul-ui

then:

To run the UI

From within ui/packages/consul-ui directory run:

  • make start

To run tests

From within ui/packages/consul-ui directory run:

  • make test-oss-view which will run the tests in Chrome

(see below and/or the testing section of the engineering docs for further detail)

Yarn Commands

Most used tooling scripts below primarily use make which will yarn install and in turn call node package scripts.

List of available project commands. yarn run <command-name>

Command Description
build:staging Builds the UI in staging mode (ready for PR preview site).
build:ci Builds the UI for CI.
build Builds the UI for production.
lint Runs all lint commands.
lint:hbs Lints hbs template files.
lint:js Lints js files.
format Runs all auto-formatters.
format:js Auto-formats js files using Prettier.
format:sass Auto-formats scss files using Prettier.
start Runs the development app on a local server using the mock API.
start:consul Runs the development app local server using a real consul instance as the backend.
start:staging Runs the staging app local server.
test Runs the ember tests in a headless browser.
test:view Runs the ember tests in a non-headless browser.
test:oss Runs only the OSS ember tests in a headless browser.
test:oss:view Runs only the OSS ember tests in a non-headless browser.
test:coverage:view Runs only the test specified for coverage in a non-headless browser.
test:node Runs tests that can't be run in ember using node.
doc:toc Automatically generates a table of contents for this README file.

Running / Development

The source code comes with a small development mode that runs enough of the consul API as a set of mocks/fixtures to be able to run the UI without having to run consul.

You can also run the UI against a normal Consul installation.

  • consul server -dev to start consul listening on http://localhost:8500
  • make start-consul to start the ember app proxying to consul (this will respect the CONSUL_HTTP_ADDR environment variable to locate the Consul installation.
  • Visit your app at http://localhost:4200.

Example:

CONSUL_HTTP_ADDR=http://10.0.0.1:8500 make start-consul

Environment Variables

See ./docs/index.mdx

Branching

We follow a ui/**/** branch naming pattern. This branch naming pattern allows front-end focused builds, such as FE tests, to run automatically in Pull Requests. Please note this only works if you are a member of the HashiCorp GitHub Org. If you are an external contributor, these tests won't run and will instead be run by a member of our team during review.

Examples:

  • ui/feature/add...
  • ui/bugfix/fix...
  • ui/enhancement/update...

Contributing/Engineering Documentation

We have an in-app (only during development) component storybook and documentation site which can be visited using the Eng Docs link in the top navigation of the UI. Alternatively all of these docs are also readable via GitHub's UI, so folks can use whatever works best for them.

Browser 'Debug Utility' Functions and 'Environment' Variables

Run make start then visit http://localhost:4200/ui/docs/bookmarklets for a list of debug/engineering utilities you can use to help development of the UI under certain scenarios.

Code Generators

Many classes used in the UI can be generated with ember generators, try ember help generate for more details

Running Tests

Tests use the mock api (see ./mock-api for details), the mock-api runs automatically during testing, you don't need to run anything separately from the below commands in order for the tests to use the mock-api.

  • make test or yarn run test
  • make test-view or yarn run test:view to view the tests running in Chrome

For more guidance on running tests, see the testing section of the engineering docs.

OSS only tests can also be run using:

  • make test-oss or yarn run test:oss
  • make test-oss-view or yarn run test:oss:view to view the tests running in Chrome

Linting

make lint currently runs linting on the majority of js files and hbs files (using ember-template-lint).

See .eslintrc.js and .eslintignore for specific configuration.

Testing local changes to @hashicorp/consul-ui-toolkit

Command Description
yarn toolkit:link Similar to npm link it adds the dependency locally from yalc store
yarn toolkit:remove" It will remove package info from package.json and yarn.lock file

Building

  • make build builds the UI for production usage (env=production)
  • make build-ci builds the UI for CI/test usage (env=test)

Static files are built into ./dist

Running Tests in Parallel

You probably don't need to understand this if you are simply running some tests locally.

Alternatively, ember-exam can be used to split the tests across multiple browser instances for faster results. Most options are the same as ember test. To see a full list of options, run ember exam --help.

Note: The EMBER_EXAM_PARALLEL environment variable must be set to override the default parallel value of 1 browser instance in testem.js.

To quickly run the tests across 4 parallel browser instances:

make test-parallel

To run manually:

$ EMBER_EXAM_PARALLEL=true ./node_modules/.bin/ember exam --split <num> --parallel

More ways to split tests can be found in the ember-exam README.md.

Vercel Deploys

A Vercel preview deploy Github action triggers after each pushed change in a pull request. Vercel checks if there was changes within the UI folder in the last commit. If there are no changes the build is cancelled. If the build proceeds it will include a link to the preview deploy in your PRs feed.

If you were to push changes to the UI folder and then immediately follow it up with a change to something outside of the UI folder, the lastest Vercel build will be ignored. Because of this, the preview link will not get posted to the PR feed even if the original Vercel build completes. If that is the case, you may browse the Vercel deploys for the original build.

Another scenario to watch for is when you rebase a series of commits, but the last commit is outside of the UI folder. Doing this will not trigger a new Vercel deploy as the last commit doesn't have any changes in the UI folder.