Release 2023-08-11 - (expected chart version 4.36.0) #3493
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: fisx <[email protected]>
Master->Develop after release
Also fixed header level for other how-tos.
Co-authored-by: fisx <[email protected]> Co-authored-by: Sven Tennie <[email protected]>
[FS-1844] Deploy RabbitMQ for development (docker-compose)
* http2-manager: Allow accepting a certificate without a trailing dot * federator: Use http2-manager to communicate with remotes
* Renew certificates for e2e integration tests * Document how to renew e2e integration test certs Co-authored-by: Igor Ranieri <[email protected]>
…-default-null FS-1879 Backend Docs: Change default. Add explanation of acmeDiscoveryUrl.
Using load balancer could work also, but requires additional annotations that are environment-specific. This is a fix to a previous PR which was first tested, then refactored without properly being tested, which is why the intended type: Nodeport line was missing.
* Remove dead code. * Fix hlint.sh
We run `helm dep update` right before running the helmfile command, so this shouldn't be required.
add section about having more than 500 users
* WPB-3266: Adding metrics to federator. Adding the existing metrics into federator, and extending the RoutesToPaths instances with the Endpath type that Federator uses. Metrics are added to both the internal and external servers, as there were already status endpoints on both. * WPB-3266: Adding federator integration tests in the new suite. * WPB-3266: Changelog * WPB-3266: PR feedback Changing how services are iterated for local testing. Removing the two Federator service entries from the Bounded instance as they were causing problems with config loading. This new method also has problems, but hopefully less than before. * WPB-3266: Changing how federator tests call the server due to its ports * ... * ... --------- Co-authored-by: Matthias Fischmann <[email protected]>
* When defederating, don't crash on already-deleted conversations.
* Migrate from Haskell2010 to GHC2021. * Format * Formating * Enable DeepSubsumption instead of explicit lambda
…backends when creating a Proteus conversation (#3479) * Rename to FederationUnreachableDomainOld - this is in preparation to make the data constructor go away and to introduce a separate newtype under the same name * Extend ConversationResponse: unreachable backends * Simplify mocking unreachable backends * Fixing integration tests * Fix an integration test with invalid domain - The new logic should be that no conversation is created when a user from an invalid domain is attempted to be added to a new conversation * Fix a remote member deleting test - The test relies on the conversation creation endpoint, but that one wasn't properly mocked * Add a changelog * fixup! Extend ConversationResponse: unreachable backends
* integration: Produce non-zero exitcode on failures * charts/integration: Also mount all the missing configs * docker-images: Set LANG and LOCALE_ARCHIVE * integration: Stop assuming domains, read them from config * integration-image: Add binaries for all the service * integration: Special case starting nginx in K8s * charts/integration: Fail if any of the init scripts fail * integration/scripts: No need to run `aws configure` Running `aws configure` doesn't work because the image is setup to be run as `nobody` which cannot write to its `$HOME` at `/var/empty`. However, running `aws configure` is unnecessary given we expect the scripts to run when `$AWS_ACCESS_KEY_ID`, `$AWS_SECRET_ACCESS_KEY` and `$AWS_REGION` are already set. * integration-dynamic-backends-s3.sh: Create bucket only if it doesn't exist * integration: Don't hardcode names of RabbitMq vhosts * charts/integration: Make federation work for dynamic backends Create services and ingresses so they discoverable and routable. * integration: Set log level correctly for spar * integration: Delete a test which cannot be tested in K8s The test expects a DNS failure, this happens locally because the local coredns service doesn't know how to recurse when it doesn't know about a domain. This is not true in K8s. * integration: Setup creds for fake aws services correctly For local environment it relies on .envrc For K8s it relies on environment variables set from the helm chart * integration: Add HasCallStack in couple of places
…fter federation delete event (#3485)
Co-authored-by: Leif Battermann <[email protected]>
This makes it easier to separate BUND releases from development work. Co-authored-by: Sven Tennie <[email protected]>
|
|
zebot
added
the
ok-to-test
fisx
approved these changes
Aug 11, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2023-08-11] (Chart Release 4.36.0)
Release notes
federation only Introduce background-worker
This release introduces a new component: background-worker. This is currently
only used to federation-related tasks. Enabling federation in
the wire-server helm chart automatically installs this component.
When federation is enabled, wire-server will require running RabbitMQ. The helm
chart in
rabbitmqcan be used to install RabbitMQ. Please refer to thedocumentation at https://docs.wire.com to install RabbitMQ in Kubernetes. These
new configurations are required:
The above are the default values (except for secrets, which do not have
defaults), if they work they are not required to be configured.
([FS-1940] Start sending backend notifications through rabbitMQ and consuming them #3276, brig: Make RabbitMQ config optional #3314, galley: Send on-user-deleted-conversations backend notification through RabbitMQ #3333, backend-notification-pusher: Dynamically discover remote domains #3366, background-worker: Add status endpoint #3383, background-worker: Add metrics #3391)
Federation only A few helm values related to federation have been renamed, no action is required if federation was disabled.
If federation was enabled these values must be renamed in the wire-server chart:
So, an old config which looked like this:
would now look like this:
([FS-1845] Deploy RabbitMQ on k8s for CI #3236)
Federation only From this release on, remote connections can be configured via an
internal REST API; the remote connections configured in the
values.yaml file(s) will be honored for a transition period, but will
be ignored starting in some future release.
YOU NEED TO UPDATE YOUR BRIG HELM VALUES BEFORE DEPLOYING THIS RELEASE.
Add the following to brig:
allowNoneis equivalent toallowListwith empty list;allowAllremains the same as before;
allowDynamicisallowList, but thelist is now stored in cassandra, not the config file.
If your federator config values contain something like this:
you need to make sure that the following lines are part of your brig
config (after the upgrade and until you have loaded the data into
casssandra, federation with those domains won't possible if you forget
this):
The search policy for a remote backend can be:
no_search: No users are returned by federated searches. default.exact_handle_search: Only users where the handle exactly matches are returned.full_search: Additionally to exact_handle_search, users are found by a freetext search on handle and display name.Once the new release is deployed, you need to copy all the data from
the config files into
brig.federation_remotesin cassandra internalCRUD
API;
look for
/i/federation/remotes).Once the upgrade has been deployed and cassandra has been filled
with the temporary contents of
brig.config.optSettings.setFederationDomainConfigs, it is safe toremove the latter and the above lines from the federator config.
See also. (Dynamic federator remotes #3260, Tweak changelog. #3384, Remove dead code from cannon. #3389)
Upgrade team-settings version to 4.15.0-v0.31.16-0-8138d2e (Update team-settings version in Helm chart [skip ci] #2180)
Upgrade webapp version to 2023-07-13-production.0-v0.31.16-0-a9b67c6 (Update webapp version in Helm chart [skip ci] #2302)
Update email templates from https://github.com/wireapp/wire-emails (chore: update emails templates #3386)
Removed brig configuration value from gundeck. (Removing domain sync threads where not currently used. #3404)
API changes
Updating conversation meta-data APIs to be fault tolerant of unavailable federation servers. (FS-1467: Make conversation metadata APIs fault tolerant to federation errors #3229)
Adding users in Proteus will only succeed if all federated backends hosting the
users are available. Otherwise, the endpoint will fail with a Federation error,
enumerating all unavailable domains. (Adding members to conversations with offline remote backends #3449)
Added a new notification event type, "federation.delete". (WPB-240: Generate and fan out events about stopping to federate #3397)
This event contains a single domain for a remote server that the local server is de-federating from.
This notification is sent twice during de-federation. Once before and once after cleaning up and removing references to the remote server from the local database.
list unavailable backends as JSON on federation-unreachable-domains-error
federation-unreachable-domains-errorbyFederationErrorDatadomainsfield inFederationErrorData, containing the list of failingdomains
domainfield inFederationErrorDatawhich now contains the firstelement of
domains(list unavailable backends as JSON in fed errors #3407)Throw when remote users to be added to an MLS conversation are unreachable ([FS-1148] Backport general changes from
mlstodevelop#3322)The
connection-updateinternal Brig endpoint now has a different JSON format for its request body. See the swagger documentation for details. (Implement schema for UpdateConnectionsInternal #3458)Client objects have gained an optional
last_activefield. Whenever a client fetches notifications viaGET /notifications, as long as it provides a client parameter, thelast_activefield of that client is updated, and set to the current timestamp, rounded to the next multiple of a week. (Add last_active field to clients #3409)The
POST /conversationsendpoint now in case of the Proteus protocol gives a 503 error response listing unreachable backends in case there were any, instead of a 2xx response by adding only members from reachable backends. ([WPB-3640] Disallow partial success and fix reporting of unreachable backends when creating a Proteus conversation #3479)User objects have gained a
supported_protocolsfield. Users can set it to any subset of["proteus", "mls"]usingPUT /self/supported-protocols. There is also a new endpointGET /users/:domain/:id/supported-protocols. The backend does not assign any semantics to this field, but it is intended to be used to coordinate migration to MLS across the clients of a user, as well as between two users participating in a 1-1 conversation. (Add supported protocols #3326)Several federation Galley endpoints have a breaking change in their response types: "leave-conversation", "update-conversation" and "send-mls-message". They have been extended with information related to unreachable users. ([FS-1148] Resilient member adding in presence of unreachable backends (1/2) #3248)
Features
Add federation options to the
coturnHelm chart including DTLS support. The options themselves are strongly inspired by therestundHelm chart. (coturn: Add federation and DTLS support to Helm chart #3283)Let cargohold redirect to different s3 download endpoints according to a
multiIngressconfiguration. This is part of a larger multi-ingress story where one backend can pretend to be multiple ones by using different domains for different users. (Make cargohold redirect target configurable by requesting host #3264)Introduce
nginx_conf.additional_external_env_domains(nginz and cannon) setting to configure CORS headers for multiple domains. (nginz cannon additional cors domains (multi-domain backend) #3368)Add configuration options to setup instances of the
nginx-ingress-serviceschart to act as additional ingresses (with sourrounding infrastructure) to provide additional domains for the same backend. (multi ingress ingress services #3375)Nonce base 64 encoding is now unpadded (fix: Get correct host during DPoP token generation #3255)
MlsE2EIdConfigdoes now contain an ACME discovery URL andverificationExpirationis now a duration. ([FS-1849] Change Team Management settings for End-to-end Identity #3237, FS-1879 Backend Docs: Change default. Add explanation of acmeDiscoveryUrl. #3244)Functionality to determine the federation status between federating remote backends ([FS-1928] Retrieve Federation Status Between Remote Backends #3290)
Prevent conversation creation if any two federated backends are not connected to each other ([WBP-198] Prevent conversation creation for non-fully connected graphs #3382)
Improve gundeck performance: notifications to multiple recipients are stored in a normalized manner. (Gundeck: payload deduplication #3403)
When a proteus message is send and a remote user's backend is offline, the message will be enqueued and reported as
failed_to_confirm_clients([WPB-3394] Sending proteus messages when a remote backend is offline #3460, [WPB-3394] Sending proteus messages when a remote backend is offline (update) #3474)Check if remote backends are connected on adding conversation members (Refactor NFCG error response #3483)
In a setting where remote participants are included in a freshly created Proteus conversation, the backend now sends a conversation.create and a conversation.member-join event per user once all remote participants are confirmed. This fixes a bug where remote conv members would get false entries in the member lists in these events. ([WPB-1085] Two-event member adding process during conversation creation #3359)
Enable indexed billing members by default and remove the feature flag (WPB 2565 remove indexed billing members feature flag #3434)
stern/backoffice: read, update, delete domain login redirects to custom backends (Expose sso-deep-link api on stern/backoffice #3471)
Bug fixes and other updates
If role is not set ([], null, or field missing) in scim-put-user, do not change role to default in brig (Fix SCIM role update #3488)
Do not accept federation traffic from not-federating backends (Do not accept federation traffic from not-federating backends. #3484)
Bump coturn default image to upstream coturn 4.6.2 + custom Wire code including a bugfix for a bug that resulted in unstable operation during higher load. (bump coturn version #3250)
Get the correct domain for DPoP access token generation (fix: Get correct host during DPoP token generation #3255)
Correct http host is passed to proxy request (fix: forward original http host to proxy request in nginz as
Z-Host#3263)Use backend domain for DPoP access token request ([FS-1927] Use Correct Domain During DPoP Access Token Request #3267)
The DPoP access token is now base64 encoded (once) ([FS-1931] Dpop Access Token Should Be Base64 Encoded #3269)
Fix
nginx.conffor local integration tests (fix: local integration tests nginx.conf #3362)Fix cross domain user search ([WPB-3064] Fix cross domain user search #3420)
backoffice/stern
/i/user/meta-info(fix: ster get-meta-info #3436)/i/user/meta-info(Fix:/i/user/meta-info(stern) #3281)Fix: When defederating, don't crash on already-deleted conversations. (Fix defederate loop - the easy part #3478)
No
conversation.deleteevent is sent to users during de-federation clean up ([WPB-3633] client receives conversation deleted conversation events after federation delete event #3485)Documentation
Improve the cassandra developer guidelines under https://docs.wire.com/developer/developer/cassandra-interaction.html (Write cassandra developer guidelines. #3342)
Document crypto library dependencies and sources of randomness ([docs] think about sources of randomness and crypto. #3254)
Add 'grepinclude' sphinx directive to document with some code snippets. (Grepinclude sphinx directive #3256)
swagger:
Namednames as "internal route ID" in swagger UI. (RenderNamednames as "internal route ID" in swagger UI. #3319)SSO Faq entry on CSP (#PR_NOT_FOUND)
Internal changes
Export
Data.String.Conversions.csfromImports(Export Data.String.Conversions.cs from Imports #3320)Metrics for federator are available at
GET /i/metricsfor both the internal and external servers. (WPB-3266: Federator metrics #3467)Add the status endpoint to both federator ports (federator: Add status endpoints and migrate to servant #3443)
Better errors in golden tests (Better errors in golden tests. #3370)
In CI integration tests, use redis-ephemeral in master mode (may be reverted in the future, see PR details) (In CI, use redis-ephemeral master mode #3446)
Containers now run as non-root, to improve compatibility with default PodSecurityPolicies in more recent versions of Kubernetes. (Run containers as non-root #3352)
By default, the coturn helm chart will no longer log verbosely. This can be enabled if desired. (coturn: disable verbose by default. #3238)
Delete libraries api-bot and api-client. Also delete tools from api-simulation. (Delete api-bot, api-client and api-simulation #3395)
Use feature singletons in TeamFeatureStore (Use feature singletons in TeamFeatureStore #3308)
Adding a new internal API to Brig and Galley to defederate domains. Background-Worker has been reworked to seperate AMQP channel handling from processing. This was done to allow a defederation worker to share the same connection management process with notification pusher. (FS-1179/WPB-1107: Clean local state when stopping to federate with another backend #3378)
Improved websocket tests:
/integration (Small improvements to the new integration suite #3293)
On CI runs, provide additional context when 'helmfile install' fails. (Debug info ci failures #3400)
[hscim] make
jsonLowerfail on duplicate fields (Servantify more of brig internal api #3346)Clean up output and logs (Clean up output and logs #3371)
End-to-end test for creating a DPoP access token for the E2EID client certificate enrollment (fix: Get correct host during DPoP token generation #3255)
backoffice/stern
sternis added to the new run-services implementation for the integration tests (internal fix: Addsternto run-services implementation for integration tests #3425)Fixed eventually function in test for potentially less flakiness (fix eventually #3240)
Script to bulk-change/-repair user's scim and brig email address (Script to bulk-change/-repair user's scim and brig email address #3321, Fix change_email.py #3331)
Servantify brig internal api (Servantify more of brig internal api #3346, Servantify brig internal api: /i/index/... #3338, Servantify brig internal api: misc #3339)
Updated rusty-jwt-tools and error mapping (Battermann/update rusty jwt tools to deploy 044 #3348)
Reuse HTTP2 connections from brig, galley, cargohold and federator (Introduce Http2Manager to help with reusing http2 connections #3120, Use http2-manager to communicate with remotes #3233)
Add combinator for maps with arbitrary keys in
schema-profunctor(Add combinator for maps with arbitrary keys #3372)Introduce SearchContacts permission (Introduce SearchContacts permission. #3252)
All wire-server containers now run in a restricted securityContext when run on k8s >= 1.24 (k8s 1.26/1.27 compatibility: podsecuritycontext #3351)
Adding graceful shutdown handling to background-worker to allow it to finish processing its current message before the service quits. (WPB-2986: Background-worker graceful termination #3421)