Merge pull request #1322 from kuzzleio/1.8.0-proposal

Release 1.8.0

Bug fixes

    [ #1311 ] Fix promise leaks (scottinet)
    [ #1298 ] Fix disabled protocol initialization (Aschen)
    [ #1297 ] Fix timeouts on plugin action returing the request (benoitvidis)
    [ #1288 ] Fix an error when trying a non-partial bulk update (scottinet)
    [ #1286 ] Allows bulk inserts on aliases (benoitvidis)
    [ #1282 ] Scan keys on redis cluster (benoitvidis)
    [ #1279 ] Users must be authenticated to use auth:logout (scottinet)

New features

    [ #1315 ] Add the new Vault module to handle encrypted application secrets (Aschen)
    [ #1302 ] Add write and mWrite (Aschen)
    [ #1305 ] Add pipes & hooks wildcard event (thomasarbona)

Enhancements

    [ #1318 ] Add a maximum ttl to auth:login (benoitvidis)
    [ #1301 ] Upgrade the WebSocket libraries (scottinet)
    [ #1308 ] Events triggering refactor (scottinet)
    [ #1300 ] Collection specifications methods cloisoned to a collection (thomasarbona)
    [ #1295 ] Improve validation error messages (benoitvidis)
    [ #1292 ] Throw an error when the realtime controller is invoked by plugin developers (benoitvidis)
    [ #1257 ] Add ability to define mapping policy for new fields (Aschen)
    [ #1291 ] Fix --help on subcommands (Yoann-Abbes)
    [ #1289 ] Handle ping/pong packets (scottinet)
    [ #1273 ] Fix incomplete access logs (scottinet)

Others

    [ #1317 ] Add ps dependency to plugin-dev Docker image for pm2 (benoitvidis)
    [ #1312 ] Check that .kuzzlerc.sample is well-formed (scottinet)
    [ #1299 ] Add Kuzzle Nightly & Redis 3 and 4 test (alexandrebouthinon)

.ci/test-aarch64.yml

@@ -42,7 +42,7 @@ services:
       - TRAVIS_REPO_SLUG
 
   redis:
-    image: redis:3.2
+    image: redis:${REDIS_VERSION:-5}
 
   elasticsearch:
     image: kuzzleio/elasticsearch:5.6.10

.ci/test-armhf.yml

@@ -42,7 +42,7 @@ services:
       - TRAVIS_REPO_SLUG
 
   redis:
-    image: redis:3.2
+    image: redis:${REDIS_VERSION:-5}
 
   elasticsearch:
     image: kuzzleio/elasticsearch:5.6.10

.ci/test.yml

@@ -42,7 +42,7 @@ services:
       - TRAVIS_REPO_SLUG
 
   redis:
-    image: redis:3.2
+    image: redis:${REDIS_VERSION:-5}
 
   elasticsearch:
     image: kuzzleio/elasticsearch:5.6.10

.gitignore

@@ -49,3 +49,8 @@ plugins/available/*
 plugins/enabled/*
 !plugins/enabled/kuzzle-plugin-auth-passport-local
 !plugins/enabled/kuzzle-plugin-logger
+
+#secrets files
+config/secrets.json
+config/testsecrets.json
+config/testsecrets.enc.json

.kuzzlerc.sample

@@ -2,8 +2,8 @@
   // -------------------------------------------------------------------------
   // Kuzzle configuration sample file
   //
-  // You can copy this file to a valid [rc](https://github.com/dominictarr/rc)
-  // file location to customize Kuzzle configuration
+  // You can copy this file to a valid rc file location to customize Kuzzle
+  // configuration (see https://github.com/dominictarr/rc)
   // -------------------------------------------------------------------------
 
   // The HTTP section lets you configure how Kuzzle should handle HTTP requests
@@ -49,24 +49,31 @@
     //      (see https://docs.kuzzle.io/plugins/1/events/core-overload/)
     // * subscriptionConditionsCount
     //      Maximum number of conditions a subscription filter can contain
-    //      NB: A condition is either a "simple" operator (anything but and, or and bool)
-    //      or a boolean condition that contains only simple operators.
+    //      NB: A condition is either a "simple" operator (anything but "and",
+    //          "or" and "bool"), or a boolean condition that contains only
+    //          simple operators.
     // * subscriptionMinterms
     //      Maximum number of minterms (AND) clauses after the filters are
     //      transformed in their Canonical Disjunctive Normal Form (CDNF).
     //      Set to 0 for no limit.
     // * subscriptionRooms
     //      Maximum number of different subscription rooms
-    //      (i.e. different index+collection+filters subscription configurations)
+    //      (i.e. different index+collection+filters subscription
+    //      configurations)
     //      Depends primarily on available memory.
     //      If set to 0, an unlimited number of rooms can be created
     // * subscriptionDocumentTTL
-    //      Maximum time (in seconds) a document will be kept in cache for real-time subscriptions.
-    //      This cache is used to notify subscriber when a document enters or leaves a scope after an update.
+    //      Maximum time (in seconds) a document will be kept in cache for
+    //      real-time subscriptions.
+    //      This cache is used to notify subscriber when a document enters or
+    //      leaves a scope after an update.
     //      By default, subscriptions will be kept 72 hours.
-    //      /!\ Please note that keeping subscriptions over a long period of time may result in memory overuse. /!\
+    //      /!\ Please note that keeping subscriptions over a long period of
+    //      /!\ time may result in memory overuse.
     //      If set to 0, the subscription will be kept in cache forever.
-    //      /!\ Setting the property to 0 will lead to a memory leak if documents enter a real-time subscription scope and never exit that scope. /!\
+    //      /!\ Setting the property to 0 will lead to a memory leak if
+    //      /!\ documents enter a real-time subscription scope and never exit
+    //      /!\ that scope.
     "concurrentRequests": 50,
     "documentsFetchCount": 10000,
     "documentsWriteCount": 200,
@@ -79,7 +86,7 @@
   },
 
   // The plugins section lets you define plugins behaviors
-  // (see http://kuzzle.io/guide/#plugins)
+  // (see https://docs.kuzzle.io/guide/1/essentials/plugins/)
   "plugins": {
     // [Common]
     //   * bootstrapLockTimeout
@@ -131,8 +138,8 @@
     // users/_createRestricted
     "restrictedProfileIds": ["default"],
     // [jwt]
-    // configuration for npm
-    // [jsonwebtoken package](https://github.com/auth0/node-jsonwebtoken)
+    // configuration for the npm package jsonwebtoken
+    // (see https://github.com/auth0/node-jsonwebtoken)
     //
     //   * algorithm:
     //      hash/encryption method used to sign the token
@@ -142,6 +149,10 @@
     //   * gracePeriod:
     //      Duration in ms during which a renewed jwt is still
     //      considered valid
+    //   * maxTTL:
+    //      Maximum duration in milliseconds a token can be requested
+    //      to be valid.
+    //      If set to -1 (default), no maximum duration is set.
     //   * secret:
     //      String or buffer data containing either the secret for HMAC
     //      algorithms, or the PEM encoded private key for RSA and ECDSA.
@@ -151,6 +162,7 @@
       "algorithm": "HS256",
       "expiresIn": "1h",
       "gracePeriod": 1000,
+      "maxTTL": -1,
       "secret": null
     },
     // [default]
@@ -287,8 +299,8 @@
     //       for more information on transports configuration.
     //   * accessLogFormat:
     //       Access log format.
-    //       Currently supported are "combined" (=Apache combined logs format) and
-    //       "logstash".
+    //       Currently supported are "combined" (=Apache combined logs format)
+    //       and "logstash".
     //       "logstash" will output the whole request input to JSON, ready to
     //       be consumed by logstash agent.
     //   * accessLogIpOffset:
@@ -335,7 +347,8 @@
         // * allowCompression:
         //    Enable support for compressed requests, using the
         //    Content-Encoding header
-        //    Currently supported compression algorithms: gzip, deflate, identity
+        //    Currently supported compression algorithms:
+        //      gzip, deflate, identity
         //    Note: "identity" is always an accepted value, even if
         //    compression support is disabled
         "enabled": true,
@@ -380,10 +393,25 @@
       "websocket": {
         // * enabled:
         //    Set to true to enable WebSocket support
+        // * idleTimeout:
+        //    The maximum time (in milliseconds) without sending or receiving a
+        //    message from a client. Once reached, the client's socket is
+        //    forcibly closed.
+        //    Contrary to heartbeats (see below), this is a passive check,
+        //    forcing all clients to actively send either PINGs or messages to
+        //    maintain their connection active.
+        //    Set the value to 0 to disable this feature (should only be
+        //    activated if heartbeat is disabled)
         // * heartbeat:
-        //    The time, in milliseconds, between the server's PING requests.
-        //    Setting this value to 0 disables PING/PONG requests entirely.
+        //    The time, in milliseconds, between the server's PING requests to
+        //    clients, to make sure they are still active.
+        //    Setting this value to 0 disables PING requests from the server
+        //    (it will still respond with a PONG to PING requests from clients).
+        //    If heartbeat is deactivated, then setting a non-zero value to
+        //    idleTimeout is strongly recommended to detect and remove
+        //    dead sockets.
         "enabled": true,
+        "idleTimeout": 0,
         "heartbeat": 60000
       }
     }
@@ -404,8 +432,8 @@
     },
 
     // [internalCache]
-    // The cache service relies on Redis
-    // sample settings for Redis service (see also https://github.com/luin/ioredis):
+    // The cache service relies on Redis sample settings for Redis service
+    // (see also https://github.com/luin/ioredis)
     //
     // 1. using a single Redis database:
     //   node:
@@ -503,16 +531,22 @@
     // The default database layer is Elasticsearch and it is
     // currently the only database layer we support.
     //   * client:
-    //       Elasticsearch constructor options. Use this field to specify your Elasticsearch config options, this object
-    //       is passed through to the Elasticsearch constructor and can contain all options/keys outlined here:
-    //       https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/configuration.html
+    //       Elasticsearch constructor options. Use this field to specify your
+    //       Elasticsearch config options, this object is passed through to the
+    //       Elasticsearch constructor and can contain all options/keys outlined
+    //       here:
+    //       https://www.elastic.co/guide/en/elasticsearch/client/javascript-api/current/client-configuration.html
     //   * dynamic:
-    //       Default policy against new fields that are not referenced in the collection mapping.
-    //       The value of this configuration will change Elasticsearch behavior on fields that are not declared in the collection mapping.
-    //         - "true": Stores document and update the collection mapping with infered type
-    //         - "false": Stores document and does not update the collection mapping (field are not indexed)
+    //       Default policy against new fields that are not referenced in the
+    //       collection mapping.
+    //       The value of this configuration will change Elasticsearch behavior
+    //       on fields that are not declared in the collection mapping.
+    //         - "true": Stores document and update the collection mapping with
+    //           infered type
+    //         - "false": Stores document and does not update the collection
+    //           mapping (field are not indexed)
     //         - "strict": Rejects document
-    //       See https://www.elastic.co/guide/en/elasticsearch/guide/current/dynamic-mapping.html
+    //       See https://www.elastic.co/guide/en/elasticsearch/reference/5.6/dynamic-mapping.html
     "db": {
       "backend": "elasticsearch",
       "aliases": ["storageEngine"],