Release 2024-10-25 - (expected chart version 5.6.0) #4312
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Master->Develop after release
* allow subconversations for MLS 1-1 conversation * add changelog entry
* delete phone keys * hide ctor of phone for safety * log while searching for phone keys * db migration for dropping phone column * changelog * moved to tools/db, renamed to remove-phone-keys * removed phone from inconsistencies tool * remove phone from move-team tool * remove phone from queries * Better split and organize the changelog * Update the README of remove-phone-keys tool * remove db tool * updated changelog --------- Co-authored-by: Marko Dimjašević <[email protected]>
* Initial v1 docker-compose setup * Update service configuration in federation-v1 * Improve run script * Rename federation-v0 and federation-v1 services * Make federation-v* optional * Allow PTest to use IO * Introduce VersionedFed * Setup federation-v1 in integration tests * Fix coredns network * Use legacy backends in some of the tests * Fix background worker config in fed-v1 * federation-v0 and -v1 configuration for integration tests * fix linter * fix Helm chart for integration tests * Add CHANGELOG entry * Enable debug log level for federator * Disable one of the tests on legacy backends --------- Co-authored-by: Stefan Berthold <[email protected]>
* add textStatus to user record * changelog * hide ctor of text status * update some golden tests * gen nix packages * clean up --------- Co-authored-by: Leif Battermann <[email protected]>
* Replace random data with user ID hash in SFT auth * Use base26 to encode sft username * Regenerate nix packages * Add CHANGELOG entry
…ages on replacing key packages (#4158)
* Test leaving one2one subconversations * Simplify websocket assertions in removal test * Take removal key from conversation backend Instead of using a hardcoded removal key, get the removal key from the correct backend using its public API. * Remove loading of public keys from configuration * Remove dead code
* Migrate integration tests for user properties to the new suite * AsciiText: Write correct instance for FromHttpApiData * AsciiText: Write correct instance for FromJSONKey * Allow setting existing properties even if we have max properties * Rename UserEvents -> Events, also support PropertyEvent * Introduce PropertiesSubsystem
* moved blocklist to subsystems * Drop old BlacklistStore effect in Brig * Add a changelog --------- Co-authored-by: Marko Dimjašević <[email protected]>
some parts of it were outdated or wrong, and what was valid is now tracked in WPB-1031{5,6}.
Co-authored-by: Matthias Fischmann <[email protected]>
…ersion (#4149) * Drop endpoints for updating and removing phone num * Remove a few phone endpoints * Drop phone from desc's of /activate endpoints * remove obsolete tests * Drop 'phone' from request in `POST /activate/send` * Drop phone from team invitations * Drop 'phone' from Brig's 'team_invitation' DB table * Add a changelog * Drop phone from the invitation request body in V6 * Give a versioned 'Invitation' response For client API versions up to and including V5, the response is the same and the 'phone' field is always null. The field does not exist in versions V6 and above. * Ignore phone when registering a user The response to `POST /register` no longer throws an error when the request contains a phone number. Instead, the "phone" and "phone_code" fields are not parsed and are therefore ignored. * Drop meaningless phone login tests The tests should have been dropped when removing phone number support in client API versions v0..v5 as they lost meaning at least then, if not even before that. * Delete a misguiding test in brig-integration The test's name is suggesting one, but testing a different thing. The test does not make much sense in the current situation. * Delete another meaningless test * Drop phone from `POST /login` in client API v6 * Drop phone from request for `POST /activate` in v6 * Add a changelog on the API change * remove everything V5 related from wire-api * updated brig after removing V5 types * Adjust expectation in phone v5 test --------- Co-authored-by: Leif Battermann <[email protected]>
* WIP: trying to weed out some dead code. * Weeding out more. * More weeding. * Lint. * Weed+. * Updated cassandra schema cql. * More weeding * Weed the Second. * Weed+ * Restoring. * More cleaning. * Ignored more test and util code. * Fixed golden test. * Restore more. * Fix cql
* Restore weeded-out wsPatch * Add field to ConferenceCallingConfig * Use patch endpoint to set feature status in stern * Remove FeatureTrivialConfig class * Add migration to add conference calling sft flag * Implement get/set conference calling feature flag * Fix golden tests * Add endpoint to put ConferenceCallingConfig. * Added lock status to conf. calling. WIP: Tests need fixing sinnce it's no longer a SimpleFlag. * Fix golden test cases * Update conference call ttl test * Fix conference calling patch test * Update CHANGELOG entry * Fix assertions in conferenceCalling TTL test * Move user feature test to integration Also remove its dependency on Cassandra, simplify logic and expand its scope to include team users. * Remove dead code * Update cassandra schema file * Change how conferenceCalling is stored and loaded * Add general AllFeatures for any type constructor * Return Maybe values from FeatureStore * Compute feature values in a uniform manner * Unify logic for fetching features from db * Use adhoc DbFeature type instead of WithStatusBase * Fix default logic of MlsE2EI flag * Implement getAllFeatureConfigs * Lint * Change conference option from boolean to int * Repurpose conference_calling column for lock status Also add a new column to hold the feature status * Ignore TTL for conferenceCalling Now the TTL field is completely ignored when writing for all feature flags. We will get rid of the TTL code in a future refactoring. * Add default logic for conference calling * Remove feature ttl tests * Add CHANGELOG entry about TTL * Add note about unsettable features * Lint * Conference calling flag should be locked by default * Make lockStatus field optional in galley's conf It used to be implicit before, now it is a normal flag, so we need to make this field optional to preserve compatibility with older configuration files. * Remove unused ToJSON instance * Lint * Align conferenceCalling setting in CI * Fix stern integration tests * Update cassandra schema * Use bindResponse in tests * Revert default lock status when parsing feature Instead of hardcoding an unlocked status when parsing the conferenceCalling default configuration, set the default in the helm chart. --------- Co-authored-by: Igor Ranieri <[email protected]>
* Fix swagger generation for Versioned responses * Introduce version 7 and finalise version 6 * Move changes to capabilities field to v7 * Add pregenerated v6 swagger * Add CHANGELOG entries * Fix swagger tests
* [feat] bump nixpkgs - allow cabal-install 3.12 * [chore] don't allow Cabal <3.12 * [fix] fix federator * [fix] junit-formatter: restore old behaviour and leave futurework
This can e.g. be used to set external-dns annotations. Or, any other annotations (depending on the setup of the K8s cluster.)
* Remove redundant team lookups for user features * Remove pointless CPS * Add CHANGELOG entry
#4191) * Weeding out and enabling dangling golden test. * Removed remaining weeds, restored legahold swagger. * Added changelog.
* Servantify internal routing table for proxy. * Allow for combined wai-routing + servant metrics. * Always use defRequestId, not "N/A". --------- Co-authored-by: Sven Tennie <[email protected]>
* Initial endpoint skeleton * Set up finalisation for CSV streaming * Implement internal API to get user activity * Test activity endpoint * Initial refactoring of CSV export * getUserRecord implemented * fix integration package * New implementation of getTeamMembersCSV * Implement inviter handle cache * Remove old CSV export handler * Add activity timestamp to csv export * Regenerate nix packages * Linter * Remove new stern endpoint * Add status field to CSV export * Remove new brig internal endpoint This is not needed anymore since the stern endpoint to get user activity has been removed. * Add CHANGELOG entry * Regenerate nix packages * Fix CSV roundtrip test * Remove lookupRichInfo * Remove stern endpoint test * Simplify SCIM user info lookup * fixup! Simplify SCIM user info lookup --------- Co-authored-by: Leif Battermann <[email protected]>
#4298) Making it first causes all requests to be routed into the handler for Servant.Raw
* types-common: Add type to represent an email address with name * brig: Use Mailbox type to parse a SESNotification * brig: Print parser error when failing to parse a message from SQS * Add Orphan ToJSON instance for Mailbox in integration tests The instance is probably not correct enough for prod uses so it lives in brig-integration. Co-authored-by: Matthias Fischmann <[email protected]>
* Fix simple openapi spec violations * Add operation IDs to swagger * Add names to cargohold API * Add names to more endpoints * Fix more swagger validation errors * Add make rule to run openapi validator --------- Co-authored-by: Matthias Fischmann <[email protected]>
* Remove redundant copy of SpecializeToVersion type family. * Clearer error message. * Fix: show openapi docs for blocked versions. * Changelog.
… (so it'll run in CI). (#4302) * Add integration test for vacuum (swagger linter). * Clean up swagger lint integration test * Fix overlapping paths in API v7 * Update nginx paths * Fix tests in new integration suite * Fix brig integration tests * Fix galley integration tests * Add vacuum-go deriv. to integration image. * Haddocks. * missed one! * Partially openapi-lint internal routing tables. * ... another one? * Fix imports. * Simplify schema of iGetRichInfoMulti response * Fix overlapping internal brig endpoint * Add IDs to some internal brig endpoints * Remove unused legalhold API * fixup! Fix brig integration tests * Add compatibility middleware This should avoid temporary failures during deployment. * Add CHANGELOG entry * Fix endpoint path in brig integration tests --------- Co-authored-by: Paolo Capriotti <[email protected]>
echoes-hq
bot
added
echoes: unplanned
zebot
added
the
ok-to-test
|
Please do not forget to merge https://github.com/zinfra/cailleach/pull/2354 before the release. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2024-10-25] (Chart Release 5.6.0)
Release notes
To remove phone keys from brig's
user_keystable an ad hoc data-migration can be run. See PR [DO NOT MERGE] WPB-10058 remove phone keys ad hoc data migration #4146 which contains the implementation. (WPB-10058 delete phone column in brig's user table #4130)Because the
phonecolumn is deleted from Brig'susertable in a schemamigration, temporarily there might be 5xx errors during deployment if Wire
server 5.4.0 was not deployed previously. To avoid these errors, please deploy
the Wire server 5.4.0 release first. (WPB-10058 delete phone column in brig's user table #4130)
With this release it will be possible to invite personal users to teams. In
brig's config,emailSMS.team.tExistingUserInvitationUrlis required to be set to a value that points to the correct teams/account page.If
emailSMS.teamis not defined at all in the current environment, the value ofexternalUrls.teamSettings(or, if not present,externalUrls.nginz) will be used to construct the correct url, and no configuration change is necessary. (WPB-10658 invitation and acceptance of individual users to teams #4229)charts/wire-server: There is a new config value called
background-worker.config.enableFederationwhich defaults tofalse. This must be kept in sync withtags.federation. (WPB-10660 Enable and deploy background worker in non federation environments #4243)If you are mapping an email address to the
externalIdfield in thescim schema, please check the following list for items that apply to
you and recommended steps before/during/after upgrade.
Situation: the
emailsfield of in your scim user records isempty.
What you need to do: change your schema mapping to contain the
same address in
externalIdand (as a record with one element) inemails.Situation: the
emailsfield of your scim user records isnon-empty.
What you need to do: make sure
emailscontains exactly oneentry, which is the email from
externalId. If there is adiscrepancy, the address from
emailswill become the new(unvalidated) address of the user, and the user will receive an
email to validate it. If the email cannot be sent or is ignored
by the recipient, the valid address will not be changed. (Handle
emailsfield in scim user record #4221)A schema migration drops column 'phone' from Brig's 'team_invitation' table. Previous releases were still reading this column. As there is no Team Settings UI action to enter a phone number, this reading will not miss to read actual phone numbers. Therefore, during deployment this will lead to benign 5xx errors. ([WPB-8707] Remove phone functionality in the development client API version #4149)
Password hashing is now done using argon2id instead of scrypt. The argon2id parameters can be configured using these options:
These have default values, which should work for most deployments. Please see documentation on config-options for more. ([feat] Allow configuring argon2id parameters #4291)
Config value
gundeck.config.bulkPushhas been removed. This is purely aninternal change, in case the value was overriden to
false, operators might seemore spiky usage of CPU and memory from gundeck due to bulk processing. (gundeck: Remove bulkPush config option #4290)
API changes
A new endpoint
POST /teams/invitations/acceptallows a non-team user to accept an invitation to join a team (WPB-10658 invitation and acceptance of individual users to teams #4229)Services allowlist are blocked by 409 (mls-services-not-allowed) for teams with default protocol MLS. (Block services whitelist for teams with default protocol MLS #4266)
The
POST /clientsandPUT /clients/:cidendpoints support a new capability "consume-notifications" ([WPB-11163] Support for a consumable notifications capability #4259)New variant in API version 7 of endpoints for creating and listing SCIM tokens that support a
namefield. New endpoint in version 7 for updating a SCIM token name. (WPB-685 give SCIM connections human readable names #4307)All the phone number-based functionality is removed from the client API v6 ([WPB-8707] Remove phone functionality in the development client API version #4149)
The team CSV export endpoint has gained two extra columns:
last_activeandstatus. The streaming behaviour has also been improved. (Refactor CSV export #4293)The changes to the
capabilitiesfield of theClientstructure, introduced in v6, have now been postponed to v7 (Finalise version 6 #4179)Finalise version 6 and introduce new development version 7 (Finalise version 6 #4179, Finalise version 6 #4179)
From API version 7 the
GET /mls/public-keyandGET /conversations/one2one/:domain/:uidendpoints now take aformatquery parameter which can be eitherraw(default, for raw base64-encoded keys) orjwk(for JWK keys) (Add format paramter to mls public key endpoint #4216, Return MLS public keys as part of getting a 1:1 conversation #4224)GET /conversations/one2one/:domain/:uidnow returnspublic_keysalong with the conversation containing all MLS public keys for the backend which will host this conversation (since v6). (Return MLS public keys as part of getting a 1:1 conversation #4224)Remove the ability to set the TTL of a feature flag. Existing TTLs are still retrieved and returned as before. Note that this only applies to the conferenceCalling feature, as none of the others supported TTL anyway. (One to one SFT feature flag config #4164)
Add useSFTForOneToOneCalls as a config option for the Conference Calling feature flag and make its lock status explicit. (One to one SFT feature flag config #4164)
Add endpoint to upgrade a personal user to a team owner ([WPB-10708] personal account to own team #4251)
Features
DB migration for dropping
phonecolumn fromusertable (WPB-10058 delete phone column in brig's user table #4130)A text status field was added to user and user profile (WPB-10204 Add text status field to user (profile) data #4155)
Allow an existing non-team user to migrate to a team (WPB-10658 invitation and acceptance of individual users to teams #4229, WPB-10658 invitation and acceptance of individual users to teams #4229)
Makes it impossible for a user to join an MLS conversation while already under legalhold (at least pending)
This implies two things:
Email template for inviting a personal user to a team added (WPB-11050 email templates for invitation of personal user to existing team #4310)
Clients can declare to be supporting a capability for consuming notifications ([WPB-11163] Support for a consumable notifications capability #4259)
New endpoint to revoke an OAuth session (WPB-1333 OAuth endpoint to revoke single refresh tokens #4213)
Adds a field which contains a list of all active sessions to each OAuth application in the response of
GET /oauth/applications(WPB-1334 extend list of OAuth apps with active refresh token ids #4211)SCIM's emails field is now handled and the external ID is not restricted to being an email anymore (Handle
emailsfield in scim user record #4221)Added human readable names for SCIM tokens (WPB-685 give SCIM connections human readable names #4307)
allow subconversations for MLS 1-1 conversations (allow subconversations for MLS 1-1 conversation #4133)
Allow configuring Argon2id parameters ([feat] Allow configuring argon2id parameters #4291)
Deny requests for a legalhold device for users who are part of any MLS conversations ([WPB-10783] Prevent MLS-Legalhold interactions #4245)
Allow setting of Kubernetes annotations for the
coturnService. (coturn: Allow setting of K8s annotations at the Service #4189)Add
initialConfigsetting for themlsfeature flag (Initial MLS configuration for new teams #4262)added open telemetry instrumentation for brig, galley, gundeck and cannon ([WPB-10092] open telemetry instrumentation #3901)
Send confirmation email after adding a personal user to a new team (Send confirmation email after upgrade to team owner #4253)
The SFT and turn usernames returned by
/calls/config/v2are now deterministically computed from the user ID (Use user ID hashes as SFT usernames #4156)Use latest stable RabbitMQ version (
3.13.7) and Helm chart (14.6.9). Pleasenote that this minor RabbitMQ version upgrade (
3.11.xto3.13.x) may needspecial treatment regarding existing RabbitMQ instances. See
https://www.rabbitmq.com/docs/upgrade#rabbitmq-version-upgradability . The major
Helm chart version upgrade may (depending on your setup/values) need attention
as well: https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq#upgrading (upgrade to latest stable rabbitmq #4227)
Bug fixes and other updates
Fixed API version check. It has now precedence over other checks like e.g. method check. ([fix] API version check comes before method check #4152)
Fix handling of defaults of
mlsE2EIDfeature config (Fix clrProxy field of MLSE2EId feature flag #4233)Match cipher suite tag in query parameters against key packages on replacing key packages (WPB-10207 Match cipher suite tag in query parameters against key packages on replacing key packages #4158)
Users with SAML-SSO are allowed to delete their email address on the rest api. If they do that, the search indices are not updated correctly, and finding the user by the removed email address is still possible. ([WPB-11122] Disallow searching user by old email #4260)
Exclude exception message from error response (Stop leaking ES error info. #4153)
Return HTTP 400 instead of 500 when property key is not printable ASCII (Introduce PropertySubsystem #4148)
move cipher suite updates into the commit lock (move ciphersuite updates into the commit lock #4151)
Fix feature flag default calculation for
mlsMigrationandenforceFileDownloadLocation(Fix feature flag defaults #4265)Allow setting existing properties even if we have max properties (Introduce PropertySubsystem #4148)
removed spam from nginx (nginz) by using the new style http/2 directive ([WPB-10092] open telemetry instrumentation #3901)
brig: Make
GET /services/tagswork again (brig: MakeGET /services/tagswork again #4250)Process bounce and complaint notifications from SES correctly. (Process bounce and complaint notifications from SES correctly #4301)
Documentation
Call graph of federated endpoints was removed from the docs (WPB-11502 remove transitive-anns #4299)
Restored LegalHold internal API swagger as part of Brig. ( [chore] Remove more dead code, restore LegalHold internal API swagger #4191)
Fix: show openapi docs for blocked versions (Fix swagger #4309)
Deleted proteus-specific test documentation tags and added some new tags to MLS tests (Move test documentation tags from proteus to MLS #4240)
Fix openapi validation errors (Validate swagger #4295, Validate swagger #4295)
Re-introduce test case tags for BSI audit (revert [WPB-8628] Clean up syntax of test cases that occur in BSI audit. #4041) (Re-introduce test case tags for BSI audit (revert #4041). #4192)
Internal changes
Introduced API versioning and version negotiation for external LegalHold Service supporting
v0andv1([WPB-11188] LegalHold support V1 #4284)Read sftTokenSecret from secrets.yaml and mount to /etc/wire/brig/secrets/sftTokenSecret by default (Read sftToken from secrets.yaml #4214)
Added node based topology constraint to ensure pods are distributed uniformly on all nodes. (Wpb 10335 | Ensure pods are distributed evenly on each k8s node #4222)
Move smallstep-accomp
helm charts towireapp/helm-charts` (Remove smallstep-accomp helm chart #4204)Remove coturn helm chart. It is moved to
wireapp/coturn. (WPB-10581: Remove coturn helm chat #4209)Additional test for password reset, port tests to new integration test suite (WPB-11000 Test password reset with wrong key/code should fail #4249)
Remove unused invitation tables from brig. (WPB-11101 remove invitation tables from brig #4263)
Improve abstraction in the invitation store and hide DB interaction-specific internal types from the application code. ([WPB-11101] Refactor invitation store #4280)
Move some invitation handling from brig to wire-subsystems.
tools/db/team-info: collects last login times of all team members ([WPB-11301] db script for collecting last login times of all team members #4274)
Introduce length-preserving function mapRange to replace Functor instance for Range data type. ([WPB-11386] Introduce length-preserving function mapRange to replace fmap. #4279)
TransitiveAnns compiler plugin was removed (WPB-11502 remove transitive-anns #4299)
Servantify internal routing table for proxy. ([WPB-1220] servantify proxy internal #4296)
Servantify gundeck internal api ([WPB-1228] Servantify gundeck internal api #4246)
Removed
indexReindexandindexReindexIfSameOrNewerfrom internal Brig/SearchIndex. (Move search operations to UserSubsystem #4188)Introduced ElasticSearch effects related to user search. (Move search operations to UserSubsystem #4188)
Brig was refactored by pulling out email block-listing into a wire subsystems effect, and its actions are exposed via the user subsystem. ([WPB-8892] Add block list operations to the user subsystem #4167)
charts/wire-server: Deploy background-worker even when tags.federation is
false(Drain rabbitmq consumers slowly from Cannon #4342, Fix FromJSON AmqpEndpoint error message #4248)Updated email templates to v1.0.122 (Update email templates to v1.0.122. #4308)
Refactor feature flags
Feature,LockableFeatureandLockableFeaturePatchAllFeaturesinto an extensible record typeWithStatusBasebarbie.computeFeatureConfigForTeamUsergetFeatureandsetFeatureClean up and reorganise feature flag endpoints (Feature flag refactoring (part 2) #4193)
Clean up feature default configuration code (Feature flag refactoring (part 3) #4196)
Add federation-v1 environment for testing compatibility of the federation API with version 1 (Federation V1 test setup #4125)
nginz/local-conf: Update list of endpoints (Enable manual usage of locally running wire-server #4176)
Expose gundeck internal API on swagger. Mv some types and routes to wire-api. (Gundeck internal API swagger #4247)
dockerephemeral: Use inbucket for SMTP (Enable manual usage of locally running wire-server #4176)
Makefile: Add target
crmto run services tuned for manual usage (Enable manual usage of locally running wire-server #4176)Postgresql helm chart is removed from charts/ directory and migrated to wireapp/helm-charts repo (remove postgres wrapper chart from wire-server #4208)
Simplify NewTeam and related types and remove lenses (NewTeam types refactoring #4257)
Add openapi validation test to integration ([WPB-10314] validate swagger: add swagger linter to integration tests (so it'll run in CI). #4302)
Optimize getting a lot of users by concurrently getting target users (Concurrently fetch user profiles from the DB #4140)
charts/{brig,galley}: Allow setting a preStop hook for the deployments ( charts/{brig,galley}: Allow setting a preStop hook for the deployments #4200)
Introduce proeprty subsytem (Introduce PropertySubsystem #4148)
Changed default password hashing from Scrypt to Argon2id. ([Brig] Move password verification to the AuthenticationSubsystem, move to Argon2id with new settings. #4271)
Factored out our Email type in favour of EmailAddress from email-validate. ([chore] Simplify email types #4206)
Move CSV export test to integration ([WPB-11368] Test for export team member CSV #4292)
add the TODO pattern and the todo function to Imports (add the
todofunction and theTODOpattern #4198)Refactor user feature logic (Simplify user feature logic #4178)
Remove
UserAccountandExtendedUserAccountand their fields to theUsertype (Refactor user types #4275)Started weeding out dead code. ([chore] Weed out dead code. #4170)
New user subsystem operation
getAccountsByfor complex account lookups. ([WPB-8887] wire-subsystems: implement the GetBy* account queries, includes InvitationCodeStore. #4218)Added warning when deploying wire-server helm chart with User/Team creation over internet enabled. (add warning when team/user creation is enabled over internet #4212)