create_gke_cluster.sh: deprecate use of argument --username, and replace with --no-enable-basic-auth per new requirements from Google.

Summary: create_gke_cluster.sh: deprecate use of argument --username, and replace with --no-enable-basic-auth per new requirements from Google.

Test Plan: Users using this.

Reviewers: #engineering, oazizi

Reviewed By: #engineering, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8649

GitOrigin-RevId: 775b058fbbb555a51469516a776f78fd1b2ca5b8

Summary: Exposes `execute` and `cancelExecution` methods in the new `ScriptContext`; runs it when the script/args/vis/pxl change in the new `ScriptLoader`. Shows the results in the new `LiveView`.

Test Plan: Visit `withpixie.ai:8080/` with `USE_SIMPLIFIED_ROUTING=true` in `vizier.tsx`. Scripts should execute automatically when the URL contains valid execution params.

Reviewers: michelle, vihang, philkuz

Reviewed By: philkuz

JIRA Issues: PC-917

Differential Revision: https://phab.corp.pixielabs.ai/D8643

GitOrigin-RevId: 027f253de20d80f30e875e32f77ab5caaf65288a

Summary:
The ConnInfo and ConnStats exporting is significant.
Without this, CPU usage on single node cluster with sock-shop and online-boutique
grows to 10%.

Test Plan: Manually verify the CPU usage drops with this diff

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8642

GitOrigin-RevId: ffdead9801e75b7fb2887ec88f09a3534a7372f7

Summary: This gives us better support for ES modules, which is useful when we upgrade to a newer material-ui.

Test Plan: Existing

Reviewers: michelle, vihang, nlanam

Reviewed By: michelle

JIRA Issues: PC-937

Differential Revision: https://phab.corp.pixielabs.ai/D8639

GitOrigin-RevId: 62f454a501f8130693b6fb5638ba438421b09433

Summary: This cleans up the links for OSS deploys.

Test Plan: Run `px deploy` and `px live`

Reviewers: zasgar, michelle, nserrino

Reviewed By: nserrino

JIRA Issues: PC-913

Differential Revision: https://phab.corp.pixielabs.ai/D8634

GitOrigin-RevId: bf9656c818416b0e3ed410cb557ca86bb3ff9505

Summary: Was writing a saveEditor() function that only seemed to save one of the editors, but not the other. Both functions were called, but only 1 result remained. Turns out the second call overwrote the first one. Making the state function calls into functions themselves fixed this problem.

Test Plan: Tried my save editor function in `D8638` before this change ( only setVis worked ) then after and saw that both worked.

Reviewers: nlanam, vihang, michelle

Reviewed By: nlanam

JIRA Issues: PC-917

Differential Revision: https://phab.corp.pixielabs.ai/D8644

GitOrigin-RevId: 5c0ee3671e4f5a202cb441a8c4686df20cd1d04e

Summary:
These are lint issues that are triggered by the changes in D8632. It's better to fix them separately to keep that diff size as small as possible.
there are no logic changes here, just movement around of code because of complaints where a component was used before it was defined, addition of default args, etc.

Test Plan: yarn dev

Reviewers: nlanam, vihang, philkuz, zasgar

Reviewed By: vihang

JIRA Issues: PC-928

Differential Revision: https://phab.corp.pixielabs.ai/D8637

GitOrigin-RevId: affa69333ee5300dfd4f6bc525da40f45bcf34a8

Summary:
inuse heap profiles of the api_service showed a large leak from a
alloc at `net/textproto.(*Reader).ReadMIMEHeader`. Some investigation revealed
that this could be due to some of the `gorilla` packages we used.

We used to depend on `gorilla/sessions@v1.1.3` which in turn
depended on `gorilla/context@v1.1.1`.
As per https://groups.google.com/g/gorilla-web/c/clJfCzenuWY/m/N_Xj9-5Lk6wJ
and https://github.com/gorilla/sessions/pull/23/files it seems like the
`gorilla/context` lib relied on explicit removal of request variables at the
end of the request lifetime.

As of `gorilla/sessions@v1.2.0` they switched over to the golang `context`
package and removed the dependency on `gorilla/context`. The golang `context`
lib no longer holds on to the same request variable and hence doesn't exhibit
the same leaky behavior.

Note, I believe the upgrade to `gorilla/handlers` isn't necessary to fix this
leak but it seemed like a good time to upgrade both gorilla deps.

Test Plan:
inuse heap profiles on a skaffold deploy of cloud no longer
seem to exhibit at leak from `ReadMIMEHeader`

Reviewers: zasgar, michelle, #third_party_approvers

Reviewed By: michelle, #third_party_approvers

JIRA Issues: PP-2740

Differential Revision: https://phab.corp.pixielabs.ai/D8636

GitOrigin-RevId: 97ce53644aeed0654d31ecf3f751c71e626aa79a

Summary:
WARNING: In this diff and those based on it, everything is locked behind the `USE_SIMPLIFIED_ROUTING` feature flag in `vizier.tsx`. Do not submit with that flag set to true; do set it to true for testing though.

Implements `VizierRoutingContext`, a context that handles the URL and parameters therein such that no other code should need to interact with the URL directly. Begins to wire updated versions of `ScriptContext` and so forth to use this simplified model. So far, it only handles the state management relating to the active script and the URL. Implementation for running the script (`ScriptLoader` and `ScriptContext.execute`) is just skeletal so far; numerous contexts still need to be ported.

For any updated components/contexts/etc, please create a `new-whatever-context.tsx` beside the original that contains the changes. Use the new version in the `USE_SIMPLIFIED_ROUTING` path. A final diff once everything works again will remove the flag, call the new path only, delete the old versions of everything, and rename the new versions to take their place.

See [PC-917](https://pixie-labs.atlassian.net/browse/PC-917) for details of what still needs to be done. TODOs are sprinkled generously throughout this diff as well.

Test Plan:
First, ensure behavior is unchanged when `USE_SIMPLIFIED_ROUTING = false`.

Then set it to `true`, and visit `withpixie.ai:8080/`. Watch as the URL and the console. The URL should update automatically to choose a default cluster in the same manner we do now; script memory between sessions should be gone; the `Try Another` button should change the URL; the console should emit a debug message each time the script/args/cluster change - but only once per combination of changes. These methods will be the basis for all new script-related state+url management.

Reviewers: michelle

Reviewed By: michelle

Subscribers: vihang, philkuz

JIRA Issues: PC-917

Differential Revision: https://phab.corp.pixielabs.ai/D8629

GitOrigin-RevId: 820fb6746f443aae4fe27571e1c6a05b6d811044

Summary: tsia

Test Plan: n/a

Reviewers: zasgar, vihang

Reviewed By: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D8633

GitOrigin-RevId: dc6a553980236936e00ac3d677f62f12a8fbce81

Summary:
add admin UI for users to manage org settings.
screenshot:
{F156675}

Test Plan: tried with staging + yarn dev

Reviewers: nlanam, philkuz, vihang

Reviewed By: nlanam

JIRA Issues: PC-915

Differential Revision: https://phab.corp.pixielabs.ai/D8631

GitOrigin-RevId: 38f8b4a8c9283461e4e28b3784df732d6212d2cd

Summary:
This diff adds the admin UI page where users can go and approve other users. the button will only show up if the user is unapproved.
screenshot:
{F156630}

Test Plan: updated staging with latest backend changes, and used yarn dev

Reviewers: nlanam, philkuz, vihang

Reviewed By: nlanam, philkuz

JIRA Issues: PC-898

Differential Revision: https://phab.corp.pixielabs.ai/D8625

GitOrigin-RevId: 2365aa4ddf5201b1ff68e532563bb66ad7876b5f

Summary: currently the list changes order when you make any changes, such as accepting a user. we should just keep this sorted. alternative is to sort in UI.

Test Plan: verified query works

Reviewers: philkuz, vihang

Reviewed By: vihang

JIRA Issues: PC-898

Differential Revision: https://phab.corp.pixielabs.ai/D8627

GitOrigin-RevId: 992d01448c29d6cf28337895395e9daba5cde720

Summary: I'm using these variations to test for BPF map leaks.

Test Plan: Existing tests

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Subscribers: yzhao

Differential Revision: https://phab.corp.pixielabs.ai/D8593

GitOrigin-RevId: 207599fc6c849dabc91bbd03a454c14231e0e367

Summary:
Planning to eventually get rid of it entirely.

Note that this part is not a PxL-breaking change, and should be safe.

D8468 is the follow-up and is a PxL-breaking change, which should be handled more carefully.

Test Plan: Existing tests

Reviewers: htroisi, zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8469

GitOrigin-RevId: 60e789e158eb91b2b9d735d8a0f9ccc16a4083bb

Summary:
Forked off from D8510.

Some testing, but nothing is active in production code yet.

Test Plan: The new tests

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Subscribers: yzhao

JIRA Issues: PP-2734

Differential Revision: https://phab.corp.pixielabs.ai/D8623

GitOrigin-RevId: 793d7c7c09e9d1f23e3b96efebdedc3544582e70

Summary: TSIA + moved org related things to own file.

Test Plan: Added test for the org info.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-925

Differential Revision: https://phab.corp.pixielabs.ai/D8626

GitOrigin-RevId: 22867c5a01fe83c19e2bfc3cfcb8a8b954f26adc

Summary:
Users who are invited should be auto-approved when they're invited.

Another option is to add a nullable bool field to CreateUser so that this is a bit cleaner, but it does muddy the CreateUser experience.

Test Plan: Undisabled test and updated the test with encessary fields, then re-disabled to prevent flakes.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-895

Differential Revision: https://phab.corp.pixielabs.ai/D8621

GitOrigin-RevId: fe2feb054a327ff1cff9afb1ddacb27309d814c5

Summary: TSIA

Test Plan: Added a test to make sure interface works.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-925

Differential Revision: https://phab.corp.pixielabs.ai/D8622

GitOrigin-RevId: 9ecef23e06ed9e1448739054231844d808261e34

Summary: In anticipation of ConnStats 2.0, make some changes that make this test more robust.

Test Plan: The test itself.

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

JIRA Issues: PP-2734

Differential Revision: https://phab.corp.pixielabs.ai/D8620

GitOrigin-RevId: 1309c0cc6fddf0583c9e65c003a94dd48900521b

Test Plan: Jenkins

Reviewers: #stirling, oazizi

Reviewed By: #stirling, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8611

GitOrigin-RevId: 8bf67f43f219a79de45e939b80d289107f3f859f

Summary: Changes from running `go mod tidy` and `go mod download` in the api repo.

Test Plan: N/A

Reviewers: zasgar, philkuz

Reviewed By: philkuz

Differential Revision: https://phab.corp.pixielabs.ai/D8624

GitOrigin-RevId: 38a6fc05e52d8ee3d1ab04b0e06f1f940ed1a461

Summary:
UpdateOrg by following UpdateUser conventions. Get the Org info first, then update the fields that we request updated. Only update if an actual update occurs.

If org flips from enableApprovals true -> false, then we approve all users.

Also update the Update.* calls in datastore to use NamedExec (courtesy @vihang) because we didn't properly scan rows w/ `NamedQuery` since we didn't need the data.

Test Plan: Added datastore tests and profile/server_test to make sure data is properly updated.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-914

Differential Revision: https://phab.corp.pixielabs.ai/D8598

GitOrigin-RevId: c4680a699486ad1aba4a8764cfe285b579cfb83b

Summary:
This diff fixes MySQL tracing on the server side.
Issue: MySQL server tends to read in the 4-byte header of the MySQL packet, and the rest of the packet in 2 separate syscalls. This causes protocol inference to fail due to the missing header.
Fix: Keeps a state in struct conn_into_t to keep track of potential headers read by the server.
Compromise: Despite this fix, MySQL tracing on the server side will miss the first packet, due to protocol inference requiring 2 syscalls to identify MySQL queries.

Test Plan: Updated mysql_trace_bpf_test

Reviewers: oazizi, yzhao, jps

Reviewed By: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8476

GitOrigin-RevId: 46982c23c01022ccbe9f7ae6652f651255d33c8a

Summary: Added this in a diff, but scrubbed them away because they weren't necessary for function. Still might be helpful in the future so adding them now.

Test Plan: Ran tests, they still run

Reviewers: vihang, michelle, vjain, nserrino

Reviewed By: vihang, michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8612

GitOrigin-RevId: a8096d5e6b740eb9141c708de8409b080e4bdc54

Summary:
Added a check in login/signup to make sure that a user is approved before they are logged in.

WIP while the rest of the API is being setup.

Test Plan:
Added a test
Have to skaffold deploy to make sure this blocks users.

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-899

Differential Revision: https://phab.corp.pixielabs.ai/D8571

GitOrigin-RevId: 8bbe4dedda57b1c5ee3149974be19da442e38bed

Summary: TSIA

Test Plan: n/a

Reviewers: michelle, vihang

Reviewed By: michelle

JIRA Issues: PC-914

Differential Revision: https://phab.corp.pixielabs.ai/D8597

GitOrigin-RevId: 585da6c39e865ca2bb116d559afffc7ca96f61ae

Summary: Forking off the ConnStats diff.

Test Plan: Existing tests

Reviewers: #stirling, yzhao

Reviewed By: #stirling, yzhao

Differential Revision: https://phab.corp.pixielabs.ai/D8619

GitOrigin-RevId: 5b3c259a708b85844e42ea92bb2d3a075df408dc

Summary:
We should only set `ROLE=CI` on the main runs. This is to ensure
that failing tests from unsubmitted changes don't contribute to https://bb.corp.pixielabs.ai/tests/

Similarly we should only upload to remote cache on main runs. So disable on other runs.

Test Plan: N/A

Reviewers: zasgar

Reviewed By: zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8618

GitOrigin-RevId: 844c4b5a6f37ddf27060e41e5cdbd3baf175b323

Summary: we will be calling UpdateUser from the UI, so we need a gql resolver for that

Test Plan: unit test

Reviewers: zasgar, vihang, nserrino, philkuz

Reviewed By: vihang

JIRA Issues: PC-900

Differential Revision: https://phab.corp.pixielabs.ai/D8607

GitOrigin-RevId: 5ea45547684c381871f3a54b700635ae261f61d1

Summary: This addresses the CVE https://app.snyk.io/vuln/SNYK-ALPINE312-APKTOOLS-1246338

Test Plan: Existing tests.

Reviewers: zasgar, #third_party_approvers, oazizi

Reviewed By: zasgar, #third_party_approvers, oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D8616

GitOrigin-RevId: b0727f123ac37abb00ff7d38ed9d9a45fa5a276f

Summary:
This addresses https://app.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472
Apparently 3.3.0 is affected but 3.2.1 isn't. Since some dep wans ^3.2.1, let's
give them 3.2.1

Test Plan: Run snyk

Reviewers: zasgar, #third_party_approvers

Reviewed By: zasgar, #third_party_approvers

Differential Revision: https://phab.corp.pixielabs.ai/D8617

GitOrigin-RevId: 7c7e4e3c7fac6d56a6292d6c392ea3d31d1043ee

Summary:
storybook is a great idea in theory and would be useful if we had
many ui components. However it is currently not used and ends up causing us
to download a lot of npm deps and having to constantly address CVEs in those deps.

Let's remove storybook for now. We can consider reviving this in the future
if we see a good usecase for it.

Test Plan: N/A

Reviewers: #third_party_approvers, zasgar

Reviewed By: #third_party_approvers, zasgar

Differential Revision: https://phab.corp.pixielabs.ai/D8614

GitOrigin-RevId: 104b3018190d78595fdac5117b9cd7bd1289a937

Summary: Add an init container so that this job is less likely to run and fail.

Test Plan: Ran it.

Reviewers: philkuz

Reviewed By: philkuz

JIRA Issues: PC-910

Differential Revision: https://phab.corp.pixielabs.ai/D8609

GitOrigin-RevId: a08990e3815d0ac57d95026297dece14f0f2762d

Summary:
UpdateUser is also called by our internal services when logging in, using a serviceClaims rather than a userClaims.
When checking permissions, we need to also account for the serviceClaims and only check the orgID/userID otherwise.

Test Plan: tested on staging, made sure login works

Reviewers: vihang, philkuz, zasgar

Reviewed By: vihang

JIRA Issues: PC-900

Differential Revision: https://phab.corp.pixielabs.ai/D8610

GitOrigin-RevId: da9e4d4596b739c60e5ca5df4862024246295e97

Summary:
Setting modtime=0 seemed to use the actual modtime. So set it to 1.
Set the CRD output dir too so that running `go generate ./...` from top of tree
does the correct thing.

Test Plan: Run `go generate ./...`

Reviewers: michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8608

GitOrigin-RevId: efa569ecb64c1ec731bfbb15c0380cdfedd76969

Summary:
We used pbutils while we were renaming our proto packages. Now that
the renames are done, pbutils is identical to gogo's original marshal/unmarshal.
So let's go back to using gogoproto

Test Plan: Existing tests.

Reviewers: zasgar, michelle

Reviewed By: michelle

Differential Revision: https://phab.corp.pixielabs.ai/D8603

GitOrigin-RevId: cca50dcb49dfaeca72c023f4cd6754d62940ee86

Summary: this diff adds disableAutoUpdate to the helm chart. cloudconn is responsible for reading the configmap value and passing it to cloudconn in its heartbeats.

Test Plan: built rc

Reviewers: vihang, zasgar, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8605

GitOrigin-RevId: 7a554062b89e8d89f467f3a815f7222201ba95ca

Summary:
we are moving the auto update config to vizier. vizier communicates the new autoupdate setting in its heartbeats.
this diff updates vzmgr so that it uses the autoupdates from the heartbeat.

Test Plan: deployed to staging and built an rc. verified that updating the rc configmap for disableAutoUpdate works

Reviewers: vihang, zasgar, nserrino

Reviewed By: vihang

JIRA Issues: PP-2736

Differential Revision: https://phab.corp.pixielabs.ai/D8606

GitOrigin-RevId: f36922f04192d31cd5985e07226dad0aef7a64b9

Summary: Users will now be auto-approved/not-approved based on orgs' enable_approvals value. This means by default, orgs with enabled_approvals false can operate as normal even with the approved user check in D8571.

Test Plan:
With default org (enable_approvals=false), could sign up with new user for that org and be auto-approved.
Setting enable_approvals= true, new user sign ups require approval.
Creator of org still auto-approved, whatever the state of enable_approvals is in.

Reviewers: michelle, zasgar, vihang

Reviewed By: michelle

JIRA Issues: PC-916

Differential Revision: https://phab.corp.pixielabs.ai/D8596

GitOrigin-RevId: ee30c39b7eed036a4de2b6e211e09b38222b2483