weave-gitops
weave-gitops copied to clipboard
weaveworks
Initial pendo integration
This first of all turns dev-mode into a feature flag, because I wanted it available on the front end to tag traffic from developer machines separately from end-users - anyway, we might want to flash something if someone has turned off cookie verification that they really shouldn't.
Then, it adds an inital pendo integration for extra telemetry data. It is completely, 100% turned off by default - the javascript isn't even loaded unless the user opts in.
This turns on the feature in tilt, so we can see that it actually works - but I expect we'll turn it off eventually.
The frontend integration is done using a "component" that does nothing - I don't think this is good react, and I'm happy to try something else, but I need it to run after contexts have been initialized so the feature flags are in place, which this seems to accomplish.
There's a backend bit to it to get a unique cluster value. This completely abuses the feature flag system to smuggle out a unique string value using this mechanism we already have. Again, this is not enabled or active unless the user opts in.
There's two "secret-looking" things - one is the pendo application id, the other is the key I've hashed all user data with. Both are committed in the open:
- The pendo application ID is write-only - the worst you could do is to push fake data.
- While the key are used together with user info (emails), it is only there to make sure we can't use the hash against a password dump to cross-reference users - there is no way to figure out who is who other than complete brute force.
Both the visitor ID and the account ID have been mnemonic encoded, so that they're easier to remember - they're probably unnecessarily long, but we can always make changes later.
This resolves #2451.
This is what I see when going to the login page in this branch (doesn't happen in main). Do I need to enable smth. else?
I think it didn't happen if I was already logged in from main.
