Summary: Added this in a diff, but scrubbed them away because they weren't necessary for function. Still might be helpful in the future so adding them now.

Test Plan: Ran tests, they still run

Reviewers: vihang, michelle, vjain, nserrino

Reviewed By: vihang, michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8612

GitOrigin-RevId: a8096d5e6b740eb9141c708de8409b080e4bdc54

Summary:
Added a check in login/signup to make sure that a user is approved before they are logged in.

WIP while the rest of the API is being setup.

Test Plan:
Added a test
Have to skaffold deploy to make sure this blocks users.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-899

Differential Revision: https://phab.corp.pixielabs.ai/D8571

GitOrigin-RevId: 8bbe4dedda57b1c5ee3149974be19da442e38bed

Summary: TSIA

Test Plan: n/a

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-914

Differential Revision: https://phab.corp.pixielabs.ai/D8597

GitOrigin-RevId: 585da6c39e865ca2bb116d559afffc7ca96f61ae

Summary: Forking off the ConnStats diff.

Test Plan: Existing tests

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Differential Revision: https://phab.corp.pixielabs.ai/D8619

GitOrigin-RevId: 5b3c259a708b85844e42ea92bb2d3a075df408dc

Summary:
We should only set `ROLE=CI` on the main runs. This is to ensure
that failing tests from unsubmitted changes don't contribute to https://bb.corp.pixielabs.ai/tests/

Similarly we should only upload to remote cache on main runs. So disable on other runs.

Test Plan: N/A

Reviewers: zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8618

GitOrigin-RevId: 844c4b5a6f37ddf27060e41e5cdbd3baf175b323

Summary: we will be calling UpdateUser from the UI, so we need a gql resolver for that

Test Plan: unit test

Reviewers: zasgar, vihang, nserrino, philkuz

Reviewed By: vihang

JIRA Issues: PC-900

Differential Revision: https://phab.corp.pixielabs.ai/D8607

GitOrigin-RevId: 5ea45547684c381871f3a54b700635ae261f61d1

Summary: This addresses the CVE https://app.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1246338

Test Plan: Existing tests.

Reviewers: zasgar, #third_party_approvers, oazizi

Reviewed By: zasgar, #third_party_approvers, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8616

GitOrigin-RevId: b0727f123ac37abb00ff7d38ed9d9a45fa5a276f

Summary:
This addresses https://app.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472
Apparently 3.3.0 is affected but 3.2.1 isn't. Since some dep wans ^3.2.1, let's
give them 3.2.1

Test Plan: Run snyk

Reviewers: zasgar, #third_party_approvers

Reviewed By: zasgar, #third_party_approvers

Differential Revision: https://phab.corp.pixielabs.ai/D8617

GitOrigin-RevId: 7c7e4e3c7fac6d56a6292d6c392ea3d31d1043ee

Summary:
storybook is a great idea in theory and would be useful if we had
many ui components. However it is currently not used and ends up causing us
to download a lot of npm deps and having to constantly address CVEs in those deps.

Let's remove storybook for now. We can consider reviving this in the future
if we see a good usecase for it.

Test Plan: N/A

Reviewers: #third_party_approvers, zasgar

Reviewed By: #third_party_approvers, zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8614

GitOrigin-RevId: 104b3018190d78595fdac5117b9cd7bd1289a937

Summary: Add an init container so that this job is less likely to run and fail.

Test Plan: Ran it.

Reviewers: philkuz

Reviewed By: philkuz

JIRA Issues: PC-910

Differential Revision: https://phab.corp.pixielabs.ai/D8609

GitOrigin-RevId: a08990e3815d0ac57d95026297dece14f0f2762d

Summary:
UpdateUser is also called by our internal services when logging in, using a serviceClaims rather than a userClaims.
When checking permissions, we need to also account for the serviceClaims and only check the orgID/userID otherwise.

Test Plan: tested on staging, made sure login works

Reviewers: vihang, philkuz, zasgar

Reviewed By: vihang

JIRA Issues: PC-900

Differential Revision: https://phab.corp.pixielabs.ai/D8610

GitOrigin-RevId: da9e4d4596b739c60e5ca5df4862024246295e97

Summary:
Setting modtime=0 seemed to use the actual modtime. So set it to 1.
Set the CRD output dir too so that running `go generate ./...` from top of tree
does the correct thing.

Test Plan: Run `go generate ./...`

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8608

GitOrigin-RevId: efa569ecb64c1ec731bfbb15c0380cdfedd76969

Summary:
We used pbutils while we were renaming our proto packages. Now that
the renames are done, pbutils is identical to gogo's original marshal/unmarshal.
So let's go back to using gogoproto

Test Plan: Existing tests.

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8603

GitOrigin-RevId: cca50dcb49dfaeca72c023f4cd6754d62940ee86

Summary: this diff adds disableAutoUpdate to the helm chart. cloudconn is responsible for reading the configmap value and passing it to cloudconn in its heartbeats.

Test Plan: built rc

Reviewers: vihang, zasgar, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8605

GitOrigin-RevId: 7a554062b89e8d89f467f3a815f7222201ba95ca

Summary:
we are moving the auto update config to vizier. vizier communicates the new autoupdate setting in its heartbeats.
this diff updates vzmgr so that it uses the autoupdates from the heartbeat.

Test Plan: deployed to staging and built an rc. verified that updating the rc configmap for disableAutoUpdate works

Reviewers: vihang, zasgar, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8606

GitOrigin-RevId: f36922f04192d31cd5985e07226dad0aef7a64b9

Summary: Users will now be auto-approved/not-approved based on orgs' enable_approvals value. This means by default, orgs with enabled_approvals false can operate as normal even with the approved user check in D8571.

Test Plan:
With default org (enable_approvals=false), could sign up with new user for that org and be auto-approved.
Setting enable_approvals= true, new user sign ups require approval.
Creator of org still auto-approved, whatever the state of enable_approvals is in.

Reviewers: michelle, zasgar, vihang

Reviewed By: michelle

JIRA Issues: PC-916

Differential Revision: https://phab.corp.pixielabs.ai/D8596

GitOrigin-RevId: ee30c39b7eed036a4de2b6e211e09b38222b2483

Summary: Add column for enable_approvals in orgs. Part of our simple authorizaton project that enables/disable users from auto-accessing organization data. When eanble_approvals is true, all users attempting to join the org with their email will require admin approval before continuing. When false, all users attempting to join an org with their email will be auto approveds.

Test Plan: Tested migration on skaffold, enable_approvals was added by default.

Reviewers: michelle, vihang, zasgar

Reviewed By: michelle

JIRA Issues: PC-897

Differential Revision: https://phab.corp.pixielabs.ai/D8595

GitOrigin-RevId: a95507b191426af99548ae5ea9a11eb499c9b930

Summary:
Setting pendingLimits on Chan subs is disallowed.
https://github.com/nats-io/nats.go/blame/6346f3830b6606227dfb8c6dddcb62d204d39fa0/nats.go#L4134-L4136
This was added in D3739 but the returned error was silently ignored.

We started checking and logging the returned error (if any) in D7960 and now
this error shows up in logs and ends up being a red herring when trying to debug
other issues.

Test Plan: N/A

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8604

GitOrigin-RevId: dea749ba93cab844486a9c094148e11999a04715

Summary:
we are moving the autoupdate config to helm charts, which ultimately leads to a configmap.
this diff adds autoUpdate to the heartbeat, so that the vizier can inform vzmgr of whether autoupdate is disabled or not.

Test Plan: n/a

Reviewers: zasgar, vihang, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8601

GitOrigin-RevId: 68b6aab8e1e13367d988376513e59d71902e096e

Summary: we are updating autoUpdate so that users can disable/enable it from a helm chart config. this means we should disable our old scheme of changing autoupdate, as we want to avoid a complex splitbrain problem where it can be updated from two separate methods

Test Plan: tried it out, `px config update` will complain this field is no longer update-able through this method

Reviewers: vihang, zasgar, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8600

GitOrigin-RevId: 94de2e6594bf19c895dc9d62163cc91d9604e12e

Summary: this diff updates UpdateUser so that we can also set the "isApproved" field. there are permission checks to make sure the user can update their profile picture/another user is authorized to approve the user.

Test Plan: existing tests pass  + new unit tests

Reviewers: vihang, philkuz, nserrino

Reviewed By: vihang, philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D8570

GitOrigin-RevId: db872709324060f144241c85e6b3e1de1c577c3e

Summary:
This reverts commit ed05cc19bb9ace61579aa5591ed9d552f2917dc2.
this introduces a few bugs, such as breaking tracepoint execution, and incorrect handling of error states when a user runs an invalid script.

Test Plan: ran on staging. confirmed the existing bugs are gone.

Reviewers: vihang, nlanam

Reviewed By: vihang, nlanam

Differential Revision: https://phab.corp.pixielabs.ai/D8599

GitOrigin-RevId: 676173af1221c4e3dc3cacce57ef5a59284d5bfd

Summary: Move reserved to the bottom, remove fields marked as deprecated.

Test Plan: Existing tests.

Reviewers: zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8560

GitOrigin-RevId: 6d028b664deaa54105d0983b677a9e1ea76f8ccd

Summary: TSIA

Test Plan: Ran it

Reviewers: philkuz

Reviewed By: philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D8592

GitOrigin-RevId: 9533ab31b40dc59011d0cdaef840a7e6ce83ce10

Summary:
This contains a disabled test that demonstrates that we have a BPF map leak with Unix domain sockets.

Next step will be to figure out how to fix the BPF map leak.

Test Plan: This is a demonstrative test.

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Subscribers: yzhao

JIRA Issues: PP-2735

Differential Revision: https://phab.corp.pixielabs.ai/D8580

GitOrigin-RevId: 52dcb288b3ef108ecb7a4708fe7b4e20f187de21

Summary: Parallels TCPSocket. To be used in a test for leaking BPF map entries.

Test Plan: Test included.

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Subscribers: yzhao

JIRA Issues: PP-2735

Differential Revision: https://phab.corp.pixielabs.ai/D8579

GitOrigin-RevId: d0d60edb0ff36291bbc672bb1c7a5d435d3a5641

Summary: Spawning off from a forth-coming large diff. Trying to make that more reviewable.

Test Plan: Existing tests

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Differential Revision: https://phab.corp.pixielabs.ai/D8565

GitOrigin-RevId: 24310fb9531b7d9b4da8c5f271046181ef59ec30

Summary: In the stirling perf-profiler, refactor the symbolizer class such that it creates and owns an instance of ebpf::BPFStackTable, i.e. for the sole purpose of gaining access to the BCC symbolization API. Previously, we inadvertantly and inefficiently used two instances of the same because of our double buffering technique. This change also improves the test cases for the symbolizer and for the perf profile connector.

Test Plan: Existing (and improved) tests.

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Subscribers: oazizi

JIRA Issues: PP-2688

Differential Revision: https://phab.corp.pixielabs.ai/D8584

GitOrigin-RevId: 44a53af140d60edcbb2e40b379c167cfea1dd8c0

Summary: This is not a code change, just moving the function bodies around in file perf_profile_connector.cc. We re-sort the function bodies to be in 'call-stack' order.

Test Plan: Existing tests

Reviewers: #stirling, yzhao, oazizi

Reviewed By: #stirling, yzhao, oazizi

JIRA Issues: PP-2688

Differential Revision: https://phab.corp.pixielabs.ai/D8576

GitOrigin-RevId: 1e2141493030ef98c7ea74263bfbb03bd0545b5f

Summary: Plan on using tracepoints for some BPF map leak cleanup.

Test Plan: Basic test added.

Reviewers: #stirling, jps

Reviewed By: #stirling, jps

Subscribers: jps

Differential Revision: https://phab.corp.pixielabs.ai/D8586

GitOrigin-RevId: 6085d798da8ec6f3048a938b4d30a480afeeab47

Summary: profile test has a lot of critical tests that should be enabled. I disabled one test so that the rest can function.

Test Plan: Ran the tests and had no problems. Test was now discovered in other places.

Reviewers: michelle, vihang, zasgar

Reviewed By: vihang

JIRA Issues: PP-2668

Differential Revision: https://phab.corp.pixielabs.ai/D8590

GitOrigin-RevId: ebf9e020d9881ceb359a9bfae6aa9477a83616af

Summary: Users that create an organization should be default approved.

Test Plan: Tested on skaffold. Users who create an org will be default approved. Subsequent users will not be approved.

Reviewers: michelle, vihang, zasgar

Reviewed By: michelle

JIRA Issues: PC-901

Differential Revision: https://phab.corp.pixielabs.ai/D8588

GitOrigin-RevId: 7b4d2786036e8cb7ac9f7445e1d1c3672e858865

Summary:
We used to hardcode valid server_name values in the cloud ngingx config.
To enable OSS pixie deployments, we need these to be configurable by demand.

nginx/openresty do not allow use of variables in the `server_name` directive,
so instead we use a script to call out to `sed` and set the `server_name` value
based on the `PL_DOMAIN_NAME` env and then start up openresty.

Test Plan:
Ran a dev cloud. Inspected the nginx config inside the proxy container
noticed that the server_name values were correctly set.
Deployed viziers to dev cloud. Accessed via the browser. It all worked.

Reviewers: zasgar, michelle

Reviewed By: zasgar, michelle

JIRA Issues: PC-908

Differential Revision: https://phab.corp.pixielabs.ai/D8587

GitOrigin-RevId: 1bb11a87e9aa8ff723d7a32d296f35b1a0862b3e

Summary:
Using `LC_CTYPE` seems to not work with the BSD based tr on macOS.
Setting `LANG` seems to work on macOS and linux.

Test Plan: Try it out on macOS and Linux

Reviewers: philkuz, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8585

GitOrigin-RevId: c49ec7fa6b0ea809d0afc641e410868c6a804842

Summary: docker pushed the pl-dev-infra image to the new image path.

Test Plan: n/a

Reviewers: zasgar, vihang

Reviewed By: vihang

JIRA Issues: PP-2630

Differential Revision: https://phab.corp.pixielabs.ai/D8540

GitOrigin-RevId: d0f20c927c2fc61e073469293ac3f16d20650e43

Summary: The namespace is templated, so there's no need to pass in the namespace anywhere. cleaning things up so we have less random "pl"s in our codebase.

Test Plan: it builds

Reviewers: vihang, nserrino

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D8577

GitOrigin-RevId: 2948a8944a1f471b490326589fdcdd1b81939957

Summary: Users expect px delete to delete all dependencies installed by Pixie. This diff makes the default behavior px delete --clobber. You can still run px delete --no-clobber.

Test Plan: ran px deplo/delete

Reviewers: vihang, michelle, zasgar

Reviewed By: vihang

Subscribers: htroisi

JIRA Issues: PX-118

Differential Revision: https://phab.corp.pixielabs.ai/D8583

GitOrigin-RevId: 96415cc3de064a9a5cb4b044f64bd24ab94835b9

Summary: TSIA

Test Plan: Deploy public

Reviewers: michelle, philkuz

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8582

GitOrigin-RevId: 2c37578727e17a875bed5ced60ad33f88e7bd5d2

Test Plan: Jenkins

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8573

GitOrigin-RevId: e724c495b7c6d7ded55a82f2c52d7212f6f7d286

Summary: In a few of our CLI commands, we assume Pixie is deployed to pl. We should check to see where it is deployed and use that namespace instead.

Test Plan: ran the cli with different namespaces.

Reviewers: michelle, vihang, zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8569

GitOrigin-RevId: 02cbab14533dffcceaf5f77980e7831162ff0112