Summary:
As this isn't a real script upstream, there are quite a few special cases added for it.

{F107513}
{F107514}

Test Plan: In the live view, go to select a script. There should be a new item at the top of the list, that will not pre-select unless it's the only thing left from filtering. Choosing it will switch to a new script with some explaining comments. It should be just as ephemeral as edits to other scripts are.

Reviewers: michelle, #engineering, nick

Reviewed By: michelle, #engineering

Subscribers: htroisi, zasgar

JIRA Issues: PC-723

Differential Revision: https://phab.corp.pixielabs.ai/D6981

GitOrigin-RevId: 1254832b1bf06bd361660f00d53f6e0727f7f5dd

Summary:
this command lets you manage your api keys.
this is heavily copied from the existing deploy-key command. since this is basically just a wrapper around the GRPC call, theres not much to pull out into shared code/generalize.

Test Plan: tested with staging

Reviewers: nserrino, zasgar, philkuz, #engineering

Reviewed By: nserrino, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6979

GitOrigin-RevId: 6f8b4e38910813e8c5bf03ba1e60fc11d918bce9

Summary: More accurately, finish implementing an ugly hack that was placed in this loading code to fix, well, the same problem in different conditions.

Test Plan: Difficult to repro, but the bug was most common to trigger with a custom script being run from the editor, in Chrome.

Reviewers: nserrino, michelle, philkuz, #engineering

Reviewed By: nserrino, #engineering

JIRA Issues: PC-688

Differential Revision: https://phab.corp.pixielabs.ai/D6982

GitOrigin-RevId: fd2f519d1fa2f2960c4e902b73303c17ba3a4a81

Summary: in #ui @nserrino pointed out our bar charts would yield NaNUndefined for labels. This happened when a value was a metadata because the code was incorrectly trying to format the label. Simplified the interface to the internal bar chart implementation so that users directly manage the formatting function on the axis they want instead of the implicit / bug-prone solution before.

Test Plan: Tested with px/service_stats and natalie's script from #ui and both work.

Reviewers: nserrino, nick, michelle, vihang, #engineering

Reviewed By: vihang, #engineering

Subscribers: nserrino

Differential Revision: https://phab.corp.pixielabs.ai/D6978

GitOrigin-RevId: b2e7dbcf43ae2d1386f068dd40b48bd96e0810ba

Summary: this was accidentally included in the cloud prod kustomization file, before I'd decided to move the new relic deployment to a cloud_monitoring directory instead.

Test Plan: n/a

Reviewers: vihang, #engineering

Reviewed By: vihang, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6976

GitOrigin-RevId: ea4a2bd41197e6f3696db4229bbe013fa969a6b4

Summary:
Here is the current plan:
- Update GetAugmentedToken to take an additional API key field. Now, users can either specify a token (normal workflow) or API key (new workflow) to get the augmented token. The change to the proto is in this diff.
- In followup diff(s): Update GetAugmentedToken to use the APIKey, match it to a user, and create an augmented token for that user.

Alternatives:
- We can add a separate GetAugmentedTokenfromAPIKey rpc call if we want to separate these two flows more

Test Plan: n/a

Reviewers: zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6957

GitOrigin-RevId: b3bb00872339bacc81dcd2bab5a3d417627c7350

Summary:
We have a lot of clusters and only so many certs. Since clusters don't
need certs in passthrough mode, we should only assign certs to clusters in direct
mode.

This change shortcircuits vzrmgr to not assign certs for a cluster running in
passthrough mode.
This change also sends passthrough information from vzrmgr to certmgr so that
certmgr can stop requesting certs in passthrough mode. (Instead of completely
disabling, we just request very infrequently. This should handle edge cases
where the passthrough mode changes but NATS somehow drops the message).
This change also tells certmgr to keep asking for certs even after successfully
retrieving a cert. This is to handle the scenario where the cert in the DB was
updated to extend the expriation date. (Perhaps we should compare the cert to
the last cert and not `k8s` apply unless it's different?)

Test Plan:
Run dev cloud and skaffold deploy pixie.
Check the certmgr log messages.
certmgr should recieve passthrouhg info.
certmgr should not recieve SSL certs in passthrough mode.
Changing modes immediately notifies certmgr.
certmge recieves SSL certs when passthrough is disabled.

Reviewers: michelle, philkuz, zasgar, #engineering

Reviewed By: michelle, #engineering

JIRA Issues: PC-721

Differential Revision: https://phab.corp.pixielabs.ai/D6968

GitOrigin-RevId: 143fd27777edfb345bf42a2d7009eef927ab78be

Summary:
There's a bunch of places where we'd like to do things periodically.
Instead of using a multi channel blocking select that waits on a `time.After`
which causes us to recreate, recycle and GC timers, use time.NewTicker which
should be more efficient.

Test Plan: Existing tests + skaffold deploy vizier

Reviewers: zasgar, michelle, nserrino, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6972

GitOrigin-RevId: 8159ec0a75c45f2c6b69282cb0a67fd650485909

Summary:
https://phab.corp.pixielabs.ai/D6948 removed these 2 code places.
https://phab.corp.pixielabs.ai/D6945 accidentally added them back
because of rebase glitches, and were not noticed.

NOTE: go proto were not updated for shared.proto, because it was not changed in D6945

Test Plan: Jenkins

Reviewers: oazizi, #engineering, vihang

Reviewed By: #engineering, vihang

Differential Revision: https://phab.corp.pixielabs.ai/D6974

GitOrigin-RevId: 5b31f94986806e9d3354a24989236c0c7dccef1e

Summary:
test_px_on_minikube.sh: add container runtie as a command line arg.

test_minikube_versions.py: improve printout / include which runtime is in use

Test Plan: Local

Reviewers: oazizi, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6962

GitOrigin-RevId: 1edb15e2ee7b7c37ccd2b768c58416cea4ddd3ca

Summary: we are going to use new relic monitoring to power our statuspage alerts (at least for now)

Test Plan: deployed it.

Reviewers: zasgar, vihang, #engineering

Reviewed By: vihang, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6959

GitOrigin-RevId: a4bea177f83ed3d6be34151749d15d96dced1f8e

Summary:
when fetching info about an org's viziers, we would make a call to vzmgr per vizier, asynchronously.
this slowed down the clusters request in the pixie org, since we were making 188 API + db calls in a single request.
there was a leftover TODO for parallelizing this  code... i figured making 188+ API calls to vzmgr was still suboptimal, when we should be able to make a single call to the db to fetch all of the data we need.
added a GetVizierInfos method for fetching the vizier info for multiple viziers. if requesting an invalid vizier, or a vizier not belonging to the org, we just return a nil VizierInfo. this is to avoid leaking info about existing vizierIds.

Test Plan: unit tests

Reviewers: zasgar, nserrino, #engineering, vihang

Reviewed By: #engineering, vihang

Subscribers: vihang

Differential Revision: https://phab.corp.pixielabs.ai/D6964

GitOrigin-RevId: 6606c1970f74d053accd479256a43410b8c8d8eb

Test Plan: Jenkins

Reviewers: philkuz, #engineering

Reviewed By: philkuz, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6945

GitOrigin-RevId: b96a5111243312675934368da5e408a5c147e497

Test Plan: Jenkins

Reviewers: oazizi, philkuz, #engineering

Reviewed By: oazizi, philkuz, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6948

GitOrigin-RevId: ee8d54224675edfecbf2fd539cbb803257eaee6d

Summary:
A cluster not available error from the CLI is an error from a user
perspective but isn't a error we can do much about so let's not log it to sentry.

Test Plan: N/A

Reviewers: zasgar, #engineering, michelle

Reviewed By: #engineering, michelle

Differential Revision: https://phab.corp.pixielabs.ai/D6971

GitOrigin-RevId: 5bf299c12f884835525678c27b56e84c36598c18

Summary:
Most callers have a UUID not a UUID pointer. Most `ProtoFrom*` utils
take objects not pointers. So this changes the signature and the callers
accordingly to make this cleaner to use.

Test Plan: `bazel build //...`

Reviewers: zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6970

GitOrigin-RevId: fdd63751f039385b4a95d5fcddce3c3b21133a5b

Summary:
`healthz` is very chatty and causes other messages to be drowned
A successful healthz is mostly uninteresting and should be a Trace level log.

Test Plan: skaffold deploy

Reviewers: michelle, zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6969

GitOrigin-RevId: 823f13a5ee4a42f3ec96f1b051131b0e37fcdfe9

Summary: as with the other diffs, this is copied from the deployment key resolver impl.

Test Plan: unit test

Reviewers: zasgar, nserrino, philkuz, #engineering

Reviewed By: philkuz, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6967

GitOrigin-RevId: e302eafcc4da8cdc9bd580041c53d4c60c5a2da8

Summary:
This adds a connection lost handler to STAN, that fatals the caller
when then STAN connection is lost. This will cause the binary to terminate
and then reconnect to STAN when it is run again.

This is a worse hack than actually capturing the lost connection and trying
to reconnect, however since the connection is created in the servers but used by
the bridge after a few layers of redirection, that will require a bit more plumbing
to get working.

Test Plan:
Terminate the stan pods on a cloud deployment, watch `vzconn` fatal,
restart and observer that `cloud-connector` eventually ends up healthy wihtout
any manual intervention.

Reviewers: michelle, zasgar, #engineering

Reviewed By: michelle, #engineering

JIRA Issues: PP-1701

Differential Revision: https://phab.corp.pixielabs.ai/D6953

GitOrigin-RevId: cf3a2033b6bcef79d721b5936b062ce8a9550101

Summary:
This should make pixie cloud more robust to STAN going away and coming back.

Depends on D6923

Test Plan:
Bring up a pixie cloud, deploy pixie. Delete all NATS/STAN resources and
kubectl apply with kustomize.
Delete and restart `vzconn` `vzmgr` and `vizier-cloud-connector`
Make sure that pixie cloud is accessible, cluster is heartbeating and autocomplete
works.

Kill stan, we see that the run button gets disabled immediately as we lose connection to STAN but comes back online in ~60sec

Reviewers: michelle, philkuz, zasgar, #engineering

Reviewed By: michelle, #engineering

JIRA Issues: PP-1701

Differential Revision: https://phab.corp.pixielabs.ai/D6912

GitOrigin-RevId: 0d76a6e0a2bf87eb4bab28aaae9f21acb7c40ddf

Summary:
again, this is mostly copied from the DeploymentKey API service impl.
this is just a wrapper around the auth service's API key service, to make it available through grpc for the CLI.

Test Plan: unit tests, deployed on skaffold

Reviewers: zasgar, nserrino, philkuz, #engineering

Reviewed By: philkuz, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6966

GitOrigin-RevId: 86906025f4daa3ffa1592fbf24b85b46eb0a2679

Summary:
Noticed that px.pod_name_to_pod_stop_time accidentally points to the wrong UDF, fixed that.
Added pod_name_to_pod_ip while handling that bug, as requested by Omid.

Test Plan: added unit

Reviewers: oazizi, philkuz, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6963

GitOrigin-RevId: 9ca34ddd396457a03e5fb2d37f78aff3ea64de28

Summary:
this is mostly copied from vzmgr's deploymentKey rpc service implementation.
i debated whether or not we should pull out some common functionality to avoid copying & pasting code, but the implementation here is pretty simple and mostly involves getting things in and out of postgres.
we also forsee there being more divergence between deploymentKeys/APIkeys in the future, as we add more permissioning schemes, so I think this is fine for now.

Test Plan: test passes, auth service deploys

Reviewers: zasgar, nserrino, philkuz, #engineering

Reviewed By: nserrino, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6955

GitOrigin-RevId: d1b44bbff482dfa28318be9c8e8507e29089d63d

Summary:
this diff adds the GQL schema for handling API key calls. the functionality itself will be implemented in a future diff.
this is copied from the deployment keys.

Test Plan: current tests pass

Reviewers: zasgar, nserrino, philkuz, #engineering

Reviewed By: nserrino, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6954

GitOrigin-RevId: 6f74293468e141f21b750e31ac5cca2e76c373ec

Summary:
https://phab.corp.pixielabs.ai/D6950 added the internal auth svc proto for the API key manager.
we also need to expose this endpoint in the cloudproto, so that it can be accessed by the CLI.

Test Plan: n/a

Reviewers: zasgar, philkuz, nserrino, #engineering

Reviewed By: nserrino, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6952

GitOrigin-RevId: ee84aaf6b463bb49a654f4d415d7c8cb18a12cc4

Add file 'test_minikube_versions.py' to test multiple minikube versions.Useful for pre-release testing.

Summary:
Add file 'test_minikube_versions.py' to test multiple minikube versions.
Useful for pre-release testing.

Test Plan: Local test.

Reviewers: #engineering, zasgar, michelle, oazizi

Reviewed By: #engineering, oazizi

Subscribers: oazizi

Differential Revision: https://phab.corp.pixielabs.ai/D6947

GitOrigin-RevId: 1225bbb4c9e1af1f926b5a5338c702714cbde129

Summary: I originally made it select so that a user could choose to edit what they had already typed, or start typing something else. Users did not care about that, but did want to browse the suggestions right away. Emptying the input allows this.

Test Plan: In the live views, type out a script, a cluster, etc. Select it. Open the same dropdown again. In prod, it keeps what was typed

Reviewers: nserrino, michelle, vihang, #engineering

Reviewed By: nserrino, #engineering

JIRA Issues: PC-706

Differential Revision: https://phab.corp.pixielabs.ai/D6960

GitOrigin-RevId: be59cab77662fa6de05d27d0279d837a5d83b3ea

Summary: Moving things around. Forked from a larger branch.

Test Plan: Existing tests

Reviewers: yzhao, #engineering

Reviewed By: yzhao, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6939

GitOrigin-RevId: 899d1399e5be2aae9844558c4f9dae6a730738bc

Summary:
Array message is formatted as: *<array_size_str>\r\n[non-array message]...
I.e., size of array, followed by given number of non-array messages

Changes are:
* Factor out ParseSize() to parse and check size.
* Factor out ParseNonArray() to parse all data types that are not array.
* Add TranslateErrorStatus() to translate a status to ParseState.

This concludes the parsing APIs implementation for Redis.

Test Plan: Jenkins

Reviewers: oazizi, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6908

GitOrigin-RevId: 4d4b2f4f596ad207e1d648a1aebe0a964a384672

Summary: the auth svc will be responsible for managing API keys. this diff adds the svc proto for the grpc API

Test Plan: n/a

Reviewers: zasgar, philkuz, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6950

GitOrigin-RevId: 356c72b877f26d390cbff4a4cb80852388734114

Summary:
we need api keys that can be used with the Pixie API.
in a previous diff, i originally added the API keys table to vzmgr, since that is where our deployment keys are.
however, after some clarification and further thinking, i think it makes more sense to be in the auth service.

Test Plan: n/a

Reviewers: zasgar, philkuz, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6943

GitOrigin-RevId: 060b68db5a4a4845fe9a1b650e50eadbd43e8a9f

Summary:
we were seeing an issue on a lot of customer clusters where they would occasionally hit a "stream read error". upon closer examination, this would turn out to be a "invalid auth token: use before issue" error.
this is because on passthrough mode, we generate cluster tokens on the cloud side. these tokens are sent in the passthrough request and used as the token when executing healthcheck/executeScript queries.
the problem occurs when the time on the user's cluster is earlier than the cloud's time.
we should account for this by sending a token with an earlier "issued at".
this will not fix bugs where the user's cluster's clock skew is much larger... but that is not a problem we should aim to solve

Test Plan: deployed to staging, verified that my cluster can still run scripts.

Reviewers: zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6938

GitOrigin-RevId: 3951e671a631b46e86e1e0afa1f849867554b823

Summary: This is to ensure it isn't discoverable anymore. The experience needs a lot of work, and we've chosen to hide it for now rather than introduce new users to it. Existing users can still press Ctrl/Cmd+K to open it.

Test Plan: In the live views, the PX logo in the breadcrumbs bar is no longer a button.

Reviewers: nserrino, michelle, zasgar, #engineering

Reviewed By: michelle, #engineering

JIRA Issues: PC-720

Differential Revision: https://phab.corp.pixielabs.ai/D6946

GitOrigin-RevId: 47fdacb26d7f8caf35a323f051ad067c78c5ec84

Summary:
This uses the `kubectl create` to produce a yaml file, and then pipe to
`kubectl apply`.

Create is imperative, so it fails if the target resource already exists.
Apply is declarative, which ignores the same error.

Test Plan: Manual test

Reviewers: oazizi, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6942

GitOrigin-RevId: a9a5f7d2f9ef5686d2ef6cf86ab7c39983364bdb

Summary:
we have some users that are running k8s clusters with non-gcp auth schemes: https://github.com/pixie-labs/pixie/issues/181
as a result, we're unable to get their kubeconfig to start the deploy process.

we're currently only importing the specific gcp auth. however, if we import the whole package, we should be able to support all other auth schemes

Test Plan: verified that gke clusters still work. not sure how we can get our own IBM cloud to test out the customer's particular usecase

Reviewers: zasgar, vihang, nserrino, philkuz, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6940

GitOrigin-RevId: bf5443507445b24a349c25255de7497bd444e431

Summary:
I plan to reuse it for redis::StitchFrames(), as both can be handled with the same logic.

Changes are only replacing the Record and Message with the template parameters.
And updates comments.

Test Plan: Jenkins

Reviewers: oazizi, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6931

GitOrigin-RevId: c7df682f0224604f0cfea8abbae4d8c5b82c12b7

Summary: This uses a new SVG that shows the same in all browsers, makes it fully visible, a bit bigger, and turns it into a button. Clicking it does the same thing as pressing the keyboard shortcut that it's hinting at.

Test Plan: Open the command input, attempt to type any command, and try both Shift+Enter and the hint/button. In both cases, nothing should happen when there is no valid command entered, and the command will run if it is valid.

Reviewers: nserrino, michelle, vihang, #engineering

Reviewed By: michelle, #engineering

JIRA Issues: PC-705

Differential Revision: https://phab.corp.pixielabs.ai/D6932

GitOrigin-RevId: 8c74970d0ed8a994ef0e608fd3fdb5f7fb2f07a8

Summary: A user from customer tried to do a count on a UINT128 type, it didn't exist, this diff adds it.

Test Plan: existing

Reviewers: philkuz, oazizi, #engineering

Reviewed By: oazizi, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6935

GitOrigin-RevId: a033345c14087dd18c28394a8e851957ae3bf53c

Summary:
we want to track cluster heartbeats, so that we can get info about the clusters and their # of nodes without having to probe the db.
this currently sends an event for every heartbeat (5s) and is tracking it from the cloud-side since we don't have a segment source for Viziers. this does, however, make sending the event after X heartbeats more difficult, since we would have to track that info in vzmgr per Vizier. I think we should just try out the current method for now, and if the # of events is too overwhelming, we can add that in if need-be.

Test Plan: deploy to staging and try it out

Reviewers: zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6936

GitOrigin-RevId: fbc9b8736c2bdd92d971c941c4b0249897e6ca5e

Summary:
We are seeing a problem in single-node clusters where the cloudconnector does not get deleted in an update/deploy. as a result, two cloudconnectors end up sticking around, with one in a pending state.
this is because the steps during an update/deploy are:
- Delete old vz resources except cloudconn.
- Deploy new vz resources, including cloudconn.
Usually what happens in this last step is that the cloudconn deployment is updated, so it launches a new pod with the new version. Once that pod starts up, k8s deployments automatically handle deleting the old pod.
The problem in the one-node cluster is that the new pod can't deploy because the port is already in use.
Taking a look at the deployment yaml itself, this is because we've specified the hostport and two containers using the same hostPort cannot be scheduled on the same node
we dont actually need hostport to be specified.

Test Plan: created an rc. tried deploys and updates on minikube + gke

Reviewers: zasgar, #engineering

Reviewed By: zasgar, #engineering

Differential Revision: https://phab.corp.pixielabs.ai/D6933

GitOrigin-RevId: c440123f3643d6a6abb8e0d5a3ae5360fc777f0f