Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 2024-10-30 - (expected chart version 5.6.0) #4321

Merged
merged 137 commits into from
Oct 31, 2024

Conversation

zebot
Copy link
Contributor

@zebot zebot commented Oct 30, 2024

[2024-10-30] (Chart Release 5.6.0)

Release notes

  • To remove phone keys from brig's user_keys table an ad hoc data-migration can be run. See PR [DO NOT MERGE] WPB-10058 remove phone keys ad hoc data migration #4146 which contains the implementation. (WPB-10058 delete phone column in brig's user table #4130)

  • Because the phone column is deleted from Brig's user table in a schema
    migration, temporarily there might be 5xx errors during deployment if Wire
    server 5.4.0 was not deployed previously. To avoid these errors, please deploy
    the Wire server 5.4.0 release first. (WPB-10058 delete phone column in brig's user table #4130)

  • With this release it will be possible to invite personal users to teams. In brig's config, emailSMS.team.tExistingUserInvitationUrl is required to be set to a value that points to the correct teams/account page.
    If emailSMS.team is not defined at all in the current environment, the value of externalUrls.teamSettings (or, if not present, externalUrls.nginz) will be used to construct the correct url, and no configuration change is necessary. (WPB-10658 invitation and acceptance of individual users to teams #4229)

  • charts/wire-server: There is a new config value called background-worker.config.enableFederation which defaults to false. This must be kept in sync with tags.federation. (WPB-10660 Enable and deploy background worker in non federation environments #4243)

  • If you are mapping an email address to the externalId field in the
    scim schema, please check the following list for items that apply to
    you and recommended steps before/during/after upgrade.

    • Situation: the emails field of in your scim user records is
      empty.

      What you need to do: change your schema mapping to contain the
      same address in externalId and (as a record with one element) in
      emails.

    • Situation: the emails field of your scim user records is
      non-empty.

      What you need to do: make sure emails contains exactly one
      entry, which is the email from externalId. If there is a
      discrepancy, the address from emails will become the new
      (unvalidated) address of the user, and the user will receive an
      email to validate it. If the email cannot be sent or is ignored
      by the recipient, the valid address will not be changed. (Handle emails field in scim user record #4221)

  • A schema migration drops column 'phone' from Brig's 'team_invitation' table. Previous releases were still reading this column. As there is no Team Settings UI action to enter a phone number, this reading will not miss to read actual phone numbers. Therefore, during deployment this will lead to benign 5xx errors. ([WPB-8707] Remove phone functionality in the development client API version #4149)

  • Password hashing can now be done using argon2id instead of scrypt. The argon2id parameters can be configured using these options:

    brig:
      optSettings:
        setPasswordHashingOptions:
          algorithm: argon2id
          iterations: ...
          memory: ... # memory needed in KiB
          parallelism: ...
    galley:
      settings:
        passwordHashingOptions:
          algorithm: argon2id
          iterations: ...
          memory: ... # memory needed in KiB
          parallelism: ...

    The default option is still to use scrypt as moving to argon2id might require
    allocating more resources according to configured parameters.

    When configured to use argon2id, the DB will be migrated slowly over time as the
    users enter their passwords (either to login or to do other operations which
    require explicit password entry). This migration is NOT done in reverse,
    i.e., if a deployment started with argon2id as the algorithm then chose to move
    to scrypt, the passwords will not get rehashed automatically, instead the users
    will have to reset their passwords if that is desired.

    NOTE It is highly recommended to move to argon2id as it will be made the
    only available choice for the algorithm config option in future.

    ([feat] Allow configuring argon2id parameters #4291, [feat] Allow configuring argon2id parameters #4291)

  • Config value gundeck.config.bulkPush has been removed. This is purely an
    internal change, in case the value was overriden to false, operators might see
    more spiky usage of CPU and memory from gundeck due to bulk processing. (gundeck: Remove bulkPush config option #4290)

API changes

Features

Bug fixes and other updates

Documentation

Internal changes

akshaymankar and others added 30 commits July 9, 2024 18:27
Master->Develop after release
* allow subconversations for MLS 1-1 conversation

* add changelog entry
* delete phone keys

* hide ctor of phone for safety

* log while searching for phone keys

* db migration for dropping phone column

* changelog

* moved to tools/db, renamed to remove-phone-keys

* removed phone from inconsistencies tool

* remove phone from move-team tool

* remove phone from queries

* Better split and organize the changelog

* Update the README of remove-phone-keys tool

* remove db tool

* updated changelog

---------

Co-authored-by: Marko Dimjašević <[email protected]>
* Initial v1 docker-compose setup

* Update service configuration in federation-v1

* Improve run script

* Rename federation-v0 and federation-v1 services

* Make federation-v* optional

* Allow PTest to use IO

* Introduce VersionedFed

* Setup federation-v1 in integration tests

* Fix coredns network

* Use legacy backends in some of the tests

* Fix background worker config in fed-v1

* federation-v0 and -v1 configuration for integration tests

* fix linter

* fix Helm chart for integration tests

* Add CHANGELOG entry

* Enable debug log level for federator

* Disable one of the tests on legacy backends

---------

Co-authored-by: Stefan Berthold <[email protected]>
* add textStatus to user record

* changelog

* hide ctor of text status

* update some golden tests

* gen nix packages

* clean up

---------

Co-authored-by: Leif Battermann <[email protected]>
* Replace random data with user ID hash in SFT auth

* Use base26 to encode sft username

* Regenerate nix packages

* Add CHANGELOG entry
* Test leaving one2one subconversations

* Simplify websocket assertions in removal test

* Take removal key from conversation backend

Instead of using a hardcoded removal key, get the removal key from the
correct backend using its public API.

* Remove loading of public keys from configuration

* Remove dead code
* Migrate integration tests for user properties to the new suite

* AsciiText: Write correct instance for FromHttpApiData

* AsciiText: Write correct instance for FromJSONKey

* Allow setting existing properties even if we have max properties

* Rename UserEvents -> Events, also support PropertyEvent

* Introduce PropertiesSubsystem
* moved blocklist to subsystems

* Drop old BlacklistStore effect in Brig

* Add a changelog

---------

Co-authored-by: Marko Dimjašević <[email protected]>
some parts of it were outdated or wrong, and what was valid is now
tracked in WPB-1031{5,6}.
Co-authored-by: Matthias Fischmann <[email protected]>
…ersion (#4149)

* Drop endpoints for updating and removing phone num

* Remove a few phone endpoints

* Drop phone from desc's of /activate endpoints

* remove obsolete tests

* Drop 'phone' from request in `POST /activate/send`

* Drop phone from team invitations

* Drop 'phone' from Brig's 'team_invitation' DB table

* Add a changelog

* Drop phone from the invitation request body in V6

* Give a versioned 'Invitation' response

For client API versions up to and including V5, the response is the same
and the 'phone' field is always null. The field does not exist in
versions V6 and above.

* Ignore phone when registering a user

The response to `POST /register` no longer throws an error when the
request contains a phone number. Instead, the "phone" and "phone_code"
fields are not parsed and are therefore ignored.

* Drop meaningless phone login tests

The tests should have been dropped when removing phone number support in
client API versions v0..v5 as they lost meaning at least then, if not
even before that.

* Delete a misguiding test in brig-integration

The test's name is suggesting one, but testing a different thing. The
test does not make much sense in the current situation.

* Delete another meaningless test

* Drop phone from `POST /login` in client API v6

* Drop phone from request for `POST /activate` in v6

* Add a changelog on the API change

* remove everything V5 related from wire-api

* updated brig after removing V5 types

* Adjust expectation in phone v5 test

---------

Co-authored-by: Leif Battermann <[email protected]>
* WIP: trying to weed out some dead code.

* Weeding out more.

* More weeding.

* Lint.

* Weed+.

* Updated cassandra schema cql.

* More weeding

* Weed the Second.

* Weed+

* Restoring.

* More cleaning.

* Ignored more test and util code.

* Fixed golden test.

* Restore more.

* Fix cql
)

* Deleted obsolete golden tests.

* Added more libraries to weeder ignore list.

* Removed dead code from brig and a golden test.

* Restore unused golden test

* Ignore more deps.

* More weeding.

* More ignored deps, dangling phone functions.

* Another golden test, more comments.
* Restore weeded-out wsPatch

* Add field to ConferenceCallingConfig

* Use patch endpoint to set feature status in stern

* Remove FeatureTrivialConfig class

* Add migration to add conference calling sft flag

* Implement get/set conference calling feature flag

* Fix golden tests

* Add endpoint to put ConferenceCallingConfig.

* Added lock status to conf. calling.

WIP: Tests need fixing sinnce it's no longer a SimpleFlag.

* Fix golden test cases

* Update conference call ttl test

* Fix conference calling patch test

* Update CHANGELOG entry

* Fix assertions in conferenceCalling TTL test

* Move user feature test to integration

Also remove its dependency on Cassandra, simplify logic and expand its
scope to include team users.

* Remove dead code

* Update cassandra schema file

* Change how conferenceCalling is stored and loaded

* Add general AllFeatures for any type constructor

* Return Maybe values from FeatureStore

* Compute feature values in a uniform manner

* Unify logic for fetching features from db

* Use adhoc DbFeature type instead of WithStatusBase

* Fix default logic of MlsE2EI flag

* Implement getAllFeatureConfigs

* Lint

* Change conference option from boolean to int

* Repurpose conference_calling column for lock status

Also add a new column to hold the feature status

* Ignore TTL for conferenceCalling

Now the TTL field is completely ignored when writing for all feature
flags. We will get rid of the TTL code in a future refactoring.

* Add default logic for conference calling

* Remove feature ttl tests

* Add CHANGELOG entry about TTL

* Add note about unsettable features

* Lint

* Conference calling flag should be locked by default

* Make lockStatus field optional in galley's conf

It used to be implicit before, now it is a normal flag, so we need to
make this field optional to preserve compatibility with older
configuration files.

* Remove unused ToJSON instance

* Lint

* Align conferenceCalling setting in CI

* Fix stern integration tests

* Update cassandra schema

* Use bindResponse in tests

* Revert default lock status when parsing feature

Instead of hardcoding an unlocked status when parsing the
conferenceCalling default configuration, set the default in the helm
chart.

---------

Co-authored-by: Igor Ranieri <[email protected]>
* Fix swagger generation for Versioned responses

* Introduce version 7 and finalise version 6

* Move changes to capabilities field to v7

* Add pregenerated v6 swagger

* Add CHANGELOG entries

* Fix swagger tests
* [feat] bump nixpkgs - allow cabal-install 3.12

* [chore] don't allow Cabal <3.12

* [fix] fix federator

* [fix] junit-formatter: restore old behaviour and leave futurework
This can e.g. be used to set external-dns annotations. Or, any other
annotations (depending on the setup of the K8s cluster.)
* Remove redundant team lookups for user features

* Remove pointless CPS

* Add CHANGELOG entry
#4191)

* Weeding out and enabling dangling golden test.

* Removed remaining weeds, restored legahold swagger.

* Added changelog.
battermann and others added 5 commits October 30, 2024 10:38
* Allow chosing between argon2id and scrypt as hashing algorithm

The helm charts default to scrypt.

* Update changelogs

* Update docs, also add migration strategy to release notes

* integration: Add test to make sure passwords keep working across hashing algorithm changes

Co-authored-by: Matthias Fischmann <[email protected]>
@echoes-hq echoes-hq bot added echoes: unplanned Any work item that isn’t part of the product or technical roadmap. echoes: technical-roadmap/throughput More specific category, to highlight task aiming at improving the development velocity and effici... echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. echoes: unplanned/support Work items completed to meet a customer or user support request. echoes: technical-roadmap/technical-debt More specific category, to highlight Technical Debt being tackled. echoes: throughput/ci-maintenance echoes/initiative: scale Enterprise Readiness Initiatives echoes/initiative: personal-users-to-team-users... echoes/initiative: federation-and-mls-on-wire-c... Activate Federation with MLS on Wire Cloud labels Oct 30, 2024
@zebot zebot added the ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist label Oct 30, 2024
@akshaymankar akshaymankar merged commit 0118e94 into master Oct 31, 2024
10 checks passed
@akshaymankar akshaymankar deleted the release_2024-10-30_15_36 branch October 31, 2024 10:12
@b1pb1p b1pb1p removed echoes: unplanned Any work item that isn’t part of the product or technical roadmap. echoes: technical-roadmap/security More specific category, to highlight task that tackle security requirements. echoes: technical-roadmap/technical-debt More specific category, to highlight Technical Debt being tackled. echoes: technical-roadmap/throughput More specific category, to highlight task aiming at improving the development velocity and effici... echoes: throughput/ci-maintenance echoes/initiative: personal-users-to-team-users... echoes/initiative: scale Enterprise Readiness Initiatives echoes/initiative: federation-and-mls-on-wire-c... Activate Federation with MLS on Wire Cloud echoes: unplanned/support Work items completed to meet a customer or user support request. labels Nov 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
echoes: product-roadmap Work aligned with the customer-announced roadmap, targeting a specific release date. ok-to-test Approved for running tests in CI, overrides not-ok-to-test if both labels exist
Projects
None yet
Development

Successfully merging this pull request may close these issues.