Commit Graph

56292 Commits

Author SHA1 Message Date
Alex Vandiver 1ac6e24eaa puppet: Rename exec resource of systemd_daemon_reload.
This makes it easier to put as a "notify" resource.
2024-02-02 17:54:02 -08:00
Alex Vandiver 4947753bfd puppet: Remove unused systemd_daemon_reload.
572443edc6 removed the callsite that triggered the exec in
`zulip::systemd_daemon_reload`, making its inclusion and ordering via
`require` moot.

Remove the call.
2024-02-02 17:54:02 -08:00
Mateusz Mandera 6dd6fc045f realm_settings: Improve authentication_methods param validation.
The endpoint was lacking validation that the authentication_methods dict
submitted by the user made sense. So e.g. it allowed submitting a
nonsense key like NoSuchBackend or modifying the realm's configured
authentication methods for a backend that's not enabled on the server,
which should not be allowed.

Both were ultimately harmless, because:
1. Submitting NoSuchBackend would luckily just trigger a KeyError inside
   the transaction.atomic() block in do_set_realm_authentication_methods
   so it would actually roll back the database changes it was trying to
   make. So this couldn't actually create some weird
   RealmAuthenticationMethod entries.
2. Silently enabling or disabling e.g. GitHub for a realm when GitHub
   isn't enabled on the server doesn't really change anything. And this
   action is only available to the realm's admins to begin with, so
   there's no attack vector here.

test_supported_backends_only_updated wasn't actually testing anything,
because the state it was asserting:
```
        self.assertFalse(github_auth_enabled(realm))
        self.assertTrue(dev_auth_enabled(realm))
        self.assertFalse(password_auth_enabled(realm))
```

matched the desired state submitted to the API...
```
        result = self.client_patch(
            "/json/realm",
            {
                "authentication_methods": orjson.dumps(
                    {"Email": False, "Dev": True, "GitHub": False}
                ).decode()
            },
        )
```

so we just replace it with a new test that tests the param validation.
2024-02-02 17:26:32 -08:00
Alex Vandiver 6e9b25d993 puppet: Add key to allow prod to write ccache on zmirrorp. 2024-02-02 17:24:12 -08:00
Alex Vandiver 96b65cbeab install-ssh-authorized-keys: Merge multiple authorized_keys secrets. 2024-02-02 17:24:12 -08:00
Alex Vandiver 1567275959 install-ssh-authorized-keys: Use --check rather than another argument. 2024-02-02 17:24:12 -08:00
Alex Vandiver afa24923e5 install-ssh-authorized-keys: Enable -o pipefail to catch AWS errors. 2024-02-02 17:24:12 -08:00
Alex Vandiver a0347e76cb install-ssh-keys: Enable -o pipefail to catch AWS errors. 2024-02-02 17:24:12 -08:00
Alex Vandiver f8a9edc382 install-ssh-*: Pass -a to rsync to preserve rights, owners, and times. 2024-02-02 17:24:12 -08:00
Alex Vandiver 0bd1e2b434 puppet: Rename and limit production key distribution. 2024-02-02 17:24:12 -08:00
Alex Vandiver d910ea27fe puppet: Allow profiles to override zulip_ops::profile::base. 2024-02-02 17:24:12 -08:00
Tim Abbott a0e7f1296f puppet: Increase minimum memory for multiprocess queue workers.
This should give some more room for systems that are still below 4GB
of RAM to use the lower-memory multithreaded mode, which is less
likely to have OOM kills (a very bad experience).

There should be little cost, as few systems are likely allocated with
memory in this range.
2024-02-02 13:45:25 -08:00
Tim Abbott 43c0c77610 puppet: Update rules for number of uwsgi processes.
The defaults for how many uwsgi processes to run no longer depend on
the queue processor mode, but instead the total memory on the system.
2024-02-02 13:45:25 -08:00
Aman Agrawal ea2bd14480
bootstrap: Remove duplicate `invisible` class.
The same definition is already present app_components.css, so
we don't need it here.
2024-02-02 11:00:35 -08:00
Alya Abbott ceeeacb20d help: Finish renaming Self-managed plan to Free. 2024-02-02 11:00:14 -08:00
Alya Abbott e32d3ced5c billing: Rename Self-hosted/Self-managed plan to Free on billing page. 2024-02-02 11:00:14 -08:00
N-Shar-ma dbd2c80108 copy_and_paste: Refactor code block turndown code to reduce duplication.
So far, there were 2 separate turndown rules for code blocks; one for
general ones, and the other for Zulip message code blocks.

Now the filter rule has been generalised to handle both cases together.
As a side effect, the bug where partially copied Zulip code blocks
lost formatting on pasting has been fixed.
2024-02-02 10:34:09 -08:00
Charlie Marsh c8e77b6cac ruff: Upgrade configuration for Ruff v0.2.0. 2024-02-02 10:30:45 -08:00
Anders Kaseorg 53e80c41ea ruff: Fix SIM113 Use `enumerate()` for index variable in `for` loop.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
Anders Kaseorg f165ba0fb3 ruff: Fix SIM910 Use `d.get(…)` instead of `d.get(…, None)`.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
Anders Kaseorg 712917b2c9 ruff: Fix RUF019 Unnecessary key check before dictionary access.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-02 10:30:45 -08:00
Anders Kaseorg 70f491eae2 push-to-pull-request: Accept intermixed options and arguments again.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-01 17:08:44 -08:00
Tim Abbott 652fea9bdf narrow: Clarify some confusing details.
The update_selection function name was rather misleading, since that
function call is in fact what renders the message list object for the
view.

Also add comments about a few subtle/confusing details that I noticed
while debugging this code path today.
2024-02-01 12:27:46 -08:00
Tim Abbott 7d4ec1f93b narrow: Open compose box before rendering main message feed.
As discussed in the new comments, we had a bug where the
system-initiated animated scroll that happens when the compose box
opens as a result of narrowing would race with the internal
rerendering that occurs when the message_fetch request asking the
server for additional data returns.

The correct fix for this is just to open the compose box, if we're
going to do so, before setting the user's scroll position in the
narrowing/rendering process.

This ends up being a UI improvement (in that the compose box is
available for typing a bit earlier) as well as avoiding both the risk
of this race as well as the bad UX of adjusting the user's scroll
position multiple times as part of entering the view.

This does not address an as-yet-unknown bug wherein the animated
scroll that occurs when opening the compose box, when racing with a
background rerender, results in a bogus ending scroll position, though
it's easy to see how that might occur given that rerendering does
clear the DOM briefly.
2024-02-01 12:27:46 -08:00
evykassirer 07234f6a31 marked: Stub marked and convert markdown module to typescript. 2024-02-01 12:12:06 -08:00
evykassirer f8875bf32f markdown: Pass individual arguments to contains_problematic_linkifier. 2024-02-01 12:12:06 -08:00
evykassirer 2fe6c5b041 markdown: Pass individual arguments to content_contains_backend_only_syntax. 2024-02-01 12:12:06 -08:00
evykassirer 66a56b8862 markdown: Pass individual arguments to parse_with_options. 2024-02-01 12:12:06 -08:00
evykassirer 0571145029 markdown: Remove wrapper around get_topic_links.
Since it's only used in one place, and all callers
of it user the same value for the linkifier.

https://github.com/zulip/zulip/pull/28652#discussion_r1470516258
2024-02-01 12:12:06 -08:00
evykassirer fb47efc981 markdown: Don't mutate the message in apply_markdown/render.
Needed for typescript, because we want to preserve
types, so instead of mutating a message object,
we can instead calculate return these values
for a message object before it's created in full.

This commit also renames apply_markdown
to render, see this comment
https://github.com/zulip/zulip/pull/28652#discussion_r1470514780
2024-02-01 12:12:06 -08:00
Lauryn Menard 47a5459637 zilencer: Add index on RemoteInstallationCount for remote activity.
When profiling the database query in `remote_activity.py`,
push_forwarded_count was identified as an expensive part of
the overall work. Adds an index on RemoteInstallationCount
so this is more efficient.
2024-02-01 12:01:16 -08:00
David Rosa 78f90860b2 help: Update links to Bots and Integrations overview pages.
- Cross-link as appropriate, both in related articles and in the
  content of the pages.

Fixes #28758.
2024-02-01 09:45:56 -08:00
David Rosa fe0d4db153 help: Improve integrations documentation.
- Renames "Bots and integrations" to "Bots overview" everywhere
  (sidebar, page title, page URL).
- Adds a copy of /api/integrations-overview (symbolic link) as the
  second page in the Bots & integrations section, titled
  "Integrations overview".

Fixes #28758.
2024-02-01 09:45:56 -08:00
Anders Kaseorg 474703a963 push-to-pull-request: Use getopts for macOS compatibility.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
2024-02-01 09:29:32 -08:00
Aman Agrawal 130aecbf9e stripe: Extract method to get org_name. 2024-02-01 09:29:08 -08:00
Lauryn Menard ff8552269d activity: Move links columns to be first in chart.
Moves links in installation and remote server activity charts
to be the first column.
2024-02-01 09:17:26 -08:00
Alex Vandiver 0e6f013e03 puppet: Drop mosh package -- teleport is now the supported login. 2024-01-31 16:41:04 -08:00
Alex Vandiver 16117e6139 puppet: Drop now-unnecessary common-session change. 2024-01-31 16:41:04 -08:00
Alex Vandiver 9810200d78 puppet: Stop writing custom sshd_config.
The only relevant changes are `PasswordAuthentication no` (which
is now the default) and `MaxStartups 40:50:60` (which is now
unneccesary due to autossh tunnels.
2024-01-31 16:41:04 -08:00
Alex Vandiver 1fe5e7c7da puppet: Use a dedicated user for redis tunneling. 2024-01-31 16:41:04 -08:00
Alex Vandiver 795621771f puppet: Pull authorized_keys from AWS secretsmanager. 2024-01-31 16:41:04 -08:00
Alex Vandiver ff00c01538 bootstrap-aws-installer: Pull all keys from secretsmanager. 2024-01-31 16:41:04 -08:00
Alex Vandiver 65d2e855a0 puppet: Switch removal of MOTD directories for .hushlogin.
Rather than have to keep resolving apt conflicts with the lack of
`/etc/update-motd.d`, have each user disable the motds with a
`.hushlogin` file.
2024-01-31 16:41:04 -08:00
Alex Vandiver 1bddf41731 puppet: Factor out creation of basic user dotfiles. 2024-01-31 16:41:04 -08:00
Alex Vandiver 69ef808d7b puppet: Use IAM Roles Anywhere to get AWS credentials outside EC2. 2024-01-31 16:41:04 -08:00
Alex Vandiver 16305761ac puppet: Use IAM join method, when possible. 2024-01-31 16:41:04 -08:00
Alex Vandiver 24d3832926 teleport: Upgrade to Teleport 14. 2024-01-31 16:41:04 -08:00
Alex Vandiver dbb60dbeb9 puppet: Factor out $is_ec2, clarify comments. 2024-01-31 16:41:04 -08:00
Alex Vandiver 6902d5db47 install-aws-cli: Also install and keep up to date using Puppet.
We previously only did this install on the developer machine and on
initial boot.  Also run it from puppet to make sure we keep the binary
up-to-date.
2024-01-31 16:41:04 -08:00
Alex Vandiver e49fc8873b install-aws-cli: Check version before no-op'ing.
We previously just ensured that _a_ version was installed.  Since we
were only using this at initial boot, that was all that was required.
2024-01-31 16:41:04 -08:00