V4.32.0 #1234

Cabecinha84 · 2024-02-27T12:44:11Z

Fix iptables generation to prevent dockers to access private network of the fluxnode;
Fix adding back the option to update applications specification without extending subscription;
Added job to clean automaticaly backup files after 24h they were created;
Big change on UI, simplified menus and big change on application management, is no longer needed to go to Fluxnodes where your app was running to have local management available;
Other optimizations.

This version will be enforced on March 13th, make sure you update your Fluxnode before that day.

* Update iptables rules to make them idempotent * Add missing return statements * Fix catch logic error * Only catch one statement with try * Remove broken catches (sync code) * Move to explictly denying flux 172.23.0.0/16 and use DOCKER-USER chain * Add a bit more to docstring * Remove erroneous extra function call from testing * Greatly simplify how default gateway / local subnet is determined * Lint * Remove requirement for , will protect all operator networks * Modify rules slightly to match iptables output, add tests * Add allow for Flux networks, remove RETURN that docker keeps adding * Full refactor - see below This commit now blocks 100% of access to private address space, while maintaining isolation for each Flux docker network. Now apps can be sure no other app is snooping their traffic, and operators can be sure that apps do not have access to ANY private network they are routing. Tests will all be broken - I'll fix up in next commit. * Lint * Update tests * Move the docker interface fetch up a level to avoid circular * Add dockerService to serviceManager, fix up tests * Fix typing for return * Stub console output (from Flux log) so it doesn't clog up the testing output * Add missing remove private stanza for softInstallLocally * Update compatibility with older iptables 1.8.4 - see below Older iptables (legacy) on ubuntu 20.04 operates slightly differently than the nf_tables version, the check output command doesn't return anything. Some of the output strings are different, so we don't check those anymore. Have also added a check to make sure the iptables binary is in the root users path. * Add iptables exists check and fix up tests

…re failing app install

…development

gitguardian · 2024-02-27T12:44:16Z

⚠️ GitGuardian has uncovered 24 secrets following the scan of your pull request.

Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.

🔎 Detected hardcoded secrets in your pull request

GitGuardian id	GitGuardian status	Secret	Commit	Filename
8398280	Triggered	PGP Private Key	`aad25a2`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`aad25a2`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`4b55f1d`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`4b55f1d`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`60fb79b`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`60fb79b`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`1bcf794`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`1bcf794`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`d5455c7`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`d5455c7`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`4d8d207`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`4d8d207`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`ef043fd`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`ef043fd`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`717c399`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`717c399`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`62a24ab`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`62a24ab`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`0453b1f`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`0453b1f`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`56a0eff`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`56a0eff`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`2117b4a`	HomeUI/dist/js/index.js	View secret
8398280	Triggered	PGP Private Key	`2117b4a`	HomeUI/dist/js/index.js	View secret

🛠 Guidelines to remediate hardcoded secrets

Understand the implications of revoking this secret by investigating where it is used in your code.
Replace and store your secrets safely. Learn here the best practices.
Revoke and rotate these secrets.
If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.

To avoid such incidents in the future consider

following these best practices for managing and storing secrets including API keys and other credentials
install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.

^{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.

Our GitHub checks need improvements? Share your feedbacks!}

codecov · 2024-02-27T12:44:33Z

Codecov Report

Attention: Patch coverage is 45.77465% with 77 lines in your changes are missing coverage. Please review.

Project coverage is 48.52%. Comparing base (8fbfecd) to head (56a0eff).
Report is 8 commits behind head on master.

❗ Current head 56a0eff differs from pull request most recent head 2117b4a. Consider uploading reports for the commit 2117b4a to get more accurate results

Files	Patch %	Lines
ZelBack/src/services/appsService.js	0.00%	26 Missing ⚠️
ZelBack/src/services/backupRestoreService.js	4.34%	22 Missing ⚠️
ZelBack/src/services/serviceHelper.js	0.00%	11 Missing ⚠️
ZelBack/src/services/dockerService.js	0.00%	10 Missing ⚠️
ZelBack/src/services/fluxNetworkHelper.js	88.88%	8 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1234      +/-   ##
==========================================
+ Coverage   48.49%   48.52%   +0.02%     
==========================================
  Files          45       45              
  Lines       14796    14925     +129     
==========================================
+ Hits         7176     7242      +66     
- Misses       7620     7683      +63

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

adjust width on management

David White and others added 27 commits February 21, 2024 08:33

Try different local docker network addresses for the app network befo…

43c9c8f

…re failing app install

Fix reverted changes by accident on v4.31.0

099215c

rebuild HomeUI

aad25a2

Fix showing undefined on expires in label

4b55f1d

[ADD] cleanLocalBackup

e0eca14

[FIX] eslint in fluxNetworkInterfaces

47f0ecf

Cleanup

0e3efaf

use Date now

1bfd2d3

[ADD] Run cleanLocalBackup every 25 minutes

1bbfc68

Update Menu Navigation

955236d

rebuild homeUI

60fb79b

Update Home page and Menus

3729c48

rebuild homeUI

1bcf794

Change some text on home page

d5455c7

Completly refactor UI and Management section

4d8d207

[FIX] Terminal

0453eaa

[FIX] Backup/Restore

6e55887

[FIX] Restore

344d395

Add Global Apps separated from management and other fixs

ef043fd

Re add global control menu

717c399

add 5 seconds delay after docker stop on backup and restore

6705f2d

[FIX] getUploadFolder

de248ba

Merge branch 'development' of https://github.com/RunOnFlux/flux into …

3aafe75

…development

Bump version

557c121

Merge branch 'development' of https://github.com/RunOnFlux/flux into …

d0f4e5c

…development

rebuild homeUI

62a24ab

Cabecinha84 requested review from TheTrunk and XK4MiLX February 27, 2024 12:44

Cabecinha84 requested a review from alihm February 27, 2024 12:44

Change label for Register Flux App to Register New App

0453b1f

Cabecinha84 temporarily deployed to github-pages February 27, 2024 12:51 — with GitHub Pages Inactive

TheTrunk and others added 2 commits February 27, 2024 20:12

adjust width on management

5eb5bad

Merge pull request #1235 from RunOnFlux/adjustWidth

f6564cc

adjust width on management

TheTrunk temporarily deployed to github-pages February 27, 2024 13:13 — with GitHub Pages Inactive

fix

ae45647

TheTrunk temporarily deployed to github-pages February 27, 2024 13:23 — with GitHub Pages Inactive

fix Management window size

56a0eff

Cabecinha84 temporarily deployed to github-pages February 27, 2024 13:52 — with GitHub Pages Inactive

Change label description

2117b4a

Cabecinha84 temporarily deployed to github-pages February 27, 2024 14:07 — with GitHub Pages Inactive

TheTrunk merged commit fe40df7 into master Feb 27, 2024
4 of 5 checks passed

MorningLightMountain713 mentioned this pull request Feb 28, 2024

[BUG] IPTABLES - need to check prior to adding rule if it exists already - iptables is not idempotent #1213

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

V4.32.0 #1234

V4.32.0 #1234

Cabecinha84 commented Feb 27, 2024

gitguardian bot commented Feb 27, 2024 •

edited

codecov bot commented Feb 27, 2024 •

edited

V4.32.0 #1234

V4.32.0 #1234

Conversation

Cabecinha84 commented Feb 27, 2024

gitguardian bot commented Feb 27, 2024 • edited

⚠️ GitGuardian has uncovered 24 secrets following the scan of your pull request.

codecov bot commented Feb 27, 2024 • edited

Codecov Report

gitguardian bot commented Feb 27, 2024 •

edited

codecov bot commented Feb 27, 2024 •

edited