From 89ee7ef8ac83617a42cd3a1300aeff48d8923a6d Mon Sep 17 00:00:00 2001 From: Jim Ehrismann Date: Mon, 1 Nov 2021 11:54:28 -0400 Subject: [PATCH 1/6] checkout appropriate commit of lens-ide for lens 5.2 Signed-off-by: Jim Ehrismann --- .azure-pipelines.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 3e1b43f875..1bfdf3e44b 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -41,6 +41,9 @@ jobs: - bash: | set -e git clone "https://${GH_TOKEN}@github.com/lensapp/lens-ide.git" .lens-ide-overlay + cd .lens-ide-overlay + git checkout -b v5.2 0d3d9140a0f151c3ca6d7651c092f8ba44091794 + cd .. rm -rf .lens-ide-overlay/.git cp -r .lens-ide-overlay/* ./ jq -s '.[0] * .[1]' package.json package.ide.json > package.custom.json && mv package.custom.json package.json @@ -87,6 +90,9 @@ jobs: - bash: | set -e git clone "https://${GH_TOKEN}@github.com/lensapp/lens-ide.git" .lens-ide-overlay + cd .lens-ide-overlay + git checkout -b v5.2 0d3d9140a0f151c3ca6d7651c092f8ba44091794 + cd .. rm -rf .lens-ide-overlay/.git cp -r .lens-ide-overlay/* ./ jq -s '.[0] * .[1]' package.json package.ide.json > package.custom.json && mv package.custom.json package.json @@ -135,6 +141,9 @@ jobs: - bash: | set -e git clone "https://${GH_TOKEN}@github.com/lensapp/lens-ide.git" .lens-ide-overlay + cd .lens-ide-overlay + git checkout -b v5.2 0d3d9140a0f151c3ca6d7651c092f8ba44091794 + cd .. rm -rf .lens-ide-overlay/.git cp -r .lens-ide-overlay/* ./ jq -s '.[0] * .[1]' package.json package.ide.json > package.custom.json && mv package.custom.json package.json From 65d7fca691c0f5a6d01a0f324b4209ce092f9888 Mon Sep 17 00:00:00 2001 From: Jari Kolehmainen Date: Mon, 27 Sep 2021 11:32:37 +0300 Subject: [PATCH 2/6] Electron 13.4.0 (#3820) * electron 13.4.0 Signed-off-by: Jari Kolehmainen * electron 13.4.0 Signed-off-by: Jari Kolehmainen * refactor deprecated window event handler Signed-off-by: Jari Kolehmainen Signed-off-by: Jim Ehrismann --- .yarnrc | 2 +- package.json | 2 +- src/main/window-manager.ts | 8 ++++---- yarn.lock | 8 ++++---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.yarnrc b/.yarnrc index 0ffbd73e54..3666616e0b 100644 --- a/.yarnrc +++ b/.yarnrc @@ -1,3 +1,3 @@ disturl "https://atom.io/download/electron" -target "12.2.1" +target "13.4.0" runtime "electron" diff --git a/package.json b/package.json index 5dba768a49..9b9fa8d594 100644 --- a/package.json +++ b/package.json @@ -326,7 +326,7 @@ "css-loader": "^5.2.6", "deepdash": "^5.3.5", "dompurify": "^2.3.1", - "electron": "^12.2.1", + "electron": "^13.4.0", "electron-builder": "^22.10.5", "electron-notarize": "^0.3.0", "esbuild": "^0.12.24", diff --git a/src/main/window-manager.ts b/src/main/window-manager.ts index 80e3224fd4..f751d79790 100644 --- a/src/main/window-manager.ts +++ b/src/main/window-manager.ts @@ -109,10 +109,6 @@ export class WindowManager extends Singleton { app.dock?.hide(); // hide icon in dock (mac-os) }) .webContents - .on("new-window", (event, url) => { - event.preventDefault(); - shell.openExternal(url); - }) .on("dom-ready", () => { appEventBus.emit({ name: "app", action: "dom-ready" }); }) @@ -150,6 +146,10 @@ export class WindowManager extends Singleton { // Always disable Node.js integration for all webviews webPreferences.nodeIntegration = false; + }).setWindowOpenHandler((details) => { + shell.openExternal(details.url); + + return { action: "deny" }; }); } diff --git a/yarn.lock b/yarn.lock index 081fc44d94..a0f22f0e98 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5269,10 +5269,10 @@ electron@*: "@types/node" "^12.0.12" extract-zip "^1.0.3" -electron@^12.2.1: - version "12.2.1" - resolved "https://registry.yarnpkg.com/electron/-/electron-12.2.1.tgz#ef138fde11efd01743934c3e0df717cc53ee362b" - integrity sha512-Gp+rO81qoaRDP7PTVtBOvnSgDgGlwUuAEWXxi621uOJMIlYFas9ChXe8pjdL0R0vyUpiHVzp6Vrjx41VZqEpsw== +electron@^13.4.0: + version "13.4.0" + resolved "https://registry.yarnpkg.com/electron/-/electron-13.4.0.tgz#f9f9e518d8c6bf23bfa8b69580447eea3ca0f880" + integrity sha512-KJGWS2qa0xZXIMPMDUNkRVO8/JxRd4+M0ejYYOzu2LIQ5ijecPzNuNR9nvDkml9XyyRBzu975FkhJcwD17ietQ== dependencies: "@electron/get" "^1.0.1" "@types/node" "^14.6.2" From 213b5560148469d5c00b5a2dee0f94941370b0ac Mon Sep 17 00:00:00 2001 From: Jari Kolehmainen Date: Mon, 25 Oct 2021 17:42:28 +0300 Subject: [PATCH 3/6] remove cors headers from LensProxy (#4126) Signed-off-by: Jari Kolehmainen --- src/main/lens-proxy.ts | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/main/lens-proxy.ts b/src/main/lens-proxy.ts index 47f4c4756f..7ce2ec29df 100644 --- a/src/main/lens-proxy.ts +++ b/src/main/lens-proxy.ts @@ -200,10 +200,6 @@ export class LensProxy extends Singleton { const proxyTarget = await this.getProxyTarget(req, cluster.contextHandler); if (proxyTarget) { - // allow to fetch apis in "clusterId.localhost:port" from "localhost:port" - // this should be safe because we have already validated cluster uuid - res.setHeader("Access-Control-Allow-Origin", "*"); - return this.proxy.web(req, res, proxyTarget); } } From b00ca67d7065817b3f2eac71db0ebfe0a7e2e39e Mon Sep 17 00:00:00 2001 From: Jari Kolehmainen Date: Tue, 26 Oct 2021 14:59:36 +0300 Subject: [PATCH 4/6] use random api prefix on kubectl-proxy (#4137) Signed-off-by: Jari Kolehmainen --- src/main/context-handler.ts | 2 +- src/main/kube-auth-proxy.ts | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/src/main/context-handler.ts b/src/main/context-handler.ts index b6e14df4e5..ce1273646b 100644 --- a/src/main/context-handler.ts +++ b/src/main/context-handler.ts @@ -114,7 +114,7 @@ export class ContextHandler { await this.ensureServer(); const path = this.clusterUrl.path !== "/" ? this.clusterUrl.path : ""; - return `http://127.0.0.1:${this.kubeAuthProxy.port}${path}`; + return `http://127.0.0.1:${this.kubeAuthProxy.port}${this.kubeAuthProxy.apiPrefix}${path}`; } async getApiTarget(isLongRunningRequest = false): Promise { diff --git a/src/main/kube-auth-proxy.ts b/src/main/kube-auth-proxy.ts index ac3bdf8dd1..4362f4f314 100644 --- a/src/main/kube-auth-proxy.ts +++ b/src/main/kube-auth-proxy.ts @@ -21,6 +21,7 @@ import { ChildProcess, spawn } from "child_process"; import { waitUntilUsed } from "tcp-port-used"; +import { randomBytes } from "crypto"; import { broadcastMessage } from "../common/ipc"; import type { Cluster } from "./cluster"; import { Kubectl } from "./kubectl"; @@ -38,6 +39,7 @@ const startingServeRegex = /^starting to serve on (?
.+)/i; export class KubeAuthProxy { public lastError: string; + public readonly apiPrefix: string; public get port(): number { return this._port; @@ -56,6 +58,7 @@ export class KubeAuthProxy { this.env = env; this.cluster = cluster; this.kubectl = Kubectl.bundled(); + this.apiPrefix = `/${randomBytes(8).toString("hex")}`; } get acceptHosts() { @@ -78,7 +81,8 @@ export class KubeAuthProxy { "--kubeconfig", `${this.cluster.kubeConfigPath}`, "--context", `${this.cluster.contextName}`, "--accept-hosts", this.acceptHosts, - "--reject-paths", "^[^/]" + "--reject-paths", "^[^/]", + "--api-prefix", this.apiPrefix ]; if (process.env.DEBUG_PROXY === "true") { @@ -112,7 +116,7 @@ export class KubeAuthProxy { }); await waitUntilUsed(this.port, 500, 10000); - + this.ready = true; } From 8327546ed70d1c36c1fbde7501c2db8c9f7d2d37 Mon Sep 17 00:00:00 2001 From: Jim Ehrismann Date: Mon, 1 Nov 2021 12:44:19 -0400 Subject: [PATCH 5/6] release v5.2.6-beta.0 Signed-off-by: Jim Ehrismann --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 9b9fa8d594..525d5c2087 100644 --- a/package.json +++ b/package.json @@ -3,7 +3,7 @@ "productName": "OpenLens", "description": "OpenLens - Open Source IDE for Kubernetes", "homepage": "https://github.com/lensapp/lens", - "version": "5.2.5", + "version": "5.2.6-beta.0", "main": "static/build/main.js", "copyright": "© 2021 OpenLens Authors", "license": "MIT", From 948d21c252d134fa03cb80cb3436a321fc258c58 Mon Sep 17 00:00:00 2001 From: Jim Ehrismann Date: Mon, 1 Nov 2021 14:26:33 -0400 Subject: [PATCH 6/6] make sure ubuntu-16 images are no longer used Signed-off-by: Jim Ehrismann --- .azure-pipelines-k8s-matrix.yml | 2 +- .azure-pipelines.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.azure-pipelines-k8s-matrix.yml b/.azure-pipelines-k8s-matrix.yml index 77129460a3..7b61c9e8c6 100644 --- a/.azure-pipelines-k8s-matrix.yml +++ b/.azure-pipelines-k8s-matrix.yml @@ -15,7 +15,7 @@ trigger: none jobs: - job: Linux pool: - vmImage: ubuntu-16.04 + vmImage: ubuntu-18.04 strategy: matrix: kube_1.16: diff --git a/.azure-pipelines.yml b/.azure-pipelines.yml index 1bfdf3e44b..a11fa412a0 100644 --- a/.azure-pipelines.yml +++ b/.azure-pipelines.yml @@ -115,7 +115,7 @@ jobs: - job: Linux pool: - vmImage: ubuntu-16.04 + vmImage: ubuntu-18.04 strategy: matrix: node_14.x: