Release 2024-07-08 - (expected chart version 5.4.0) #4126
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Master->Develop after release
Co-authored-by: Magnus Viernickel <[email protected]> Co-authored-by: Leif Battermann <[email protected]> Co-authored-by: Stefan Berthold <[email protected]>
* Refactor. * Refactor. * Refactor. * Make test case fail where it should pass. * Cleanup failing test cases. - add old run traces (with approved device) back * FUTUREWORK. * Changelog. * Make failing test case pass. Pending LH devices means user *has* given consent, not the opposite! * Fix terminology. * Make default settings explicit. * Renames; fix more LH logic. transitioning from disabled to pending doesn't block any connections, but from pending to active does. * Rename. * Fixup HEAD~2 * Remove dead code. * testLHMessageExchange: Assert that message exchange works during all stages of multiple people approving the device * Fix comment wording * Delete redundant constraints * testLHMessageExchange: Ensure correct client is used to send messages * testLHNoConsentBlockOne2OneConv: Break the test in 2 for simplicity Also fix assertions about what happens when LH devices are pending * brig: Do not cause LH conflict when a user has pending device while creating connections * testLHPreventAddingNonConsentingUsers: Users are only kicked after approving the LH device * hlint * integration/connectTwoUsers: Don't worry too much if users are already connected * galley: Allow non-lh-consenting users to be added to a conv when lh is pending on a member --------- Co-authored-by: Akshay Mankar <[email protected]>
* create variables for configs in on-prem env * add changelog * fix linting issues
* dockerephemeral: Run redis-cluster with TLS
* Update hedis pin to support TLS with all nodes of a redis-cluster
* gundeck.integration.yaml: Use IP address of the redis cluster node
The certificates are valid only for IP addresses
* Use fork of crypton-x509-validation to support IP Address validation
* charts/{gundeck,integration}: Support TLS for redis
hack: Enable TLS on redis and configure gundeck to not verify CA
hack: Configure custom CA for redis in gundeck
---------
Co-authored-by: Akshay Mankar <[email protected]>
Co-authored-by: Paolo Capriotti <[email protected]>
* [docs] clarify the behaviour of search by exact handle * Update docs/src/understand/searchability.md Co-authored-by: Igor Ranieri Elland <[email protected]> --------- Co-authored-by: Igor Ranieri Elland <[email protected]>
* [feat] add more metadata in nix to own code
Co-authored-by: Igor Ranieri <[email protected]> Co-authored-by: Akshay Mankar <[email protected]> Co-authored-by: Leif Battermann <[email protected]> Co-authored-by: Stefan Berthold <[email protected]>
…d brig) (#4062) * dockerephemeral: add nginz rule to give ES an http interface * Whitespace and typos * Fix elasticsearch proxy * Add CHANGELOG entry * Update deploy/dockerephemeral/federation-v0/brig.yaml --------- Co-authored-by: Paolo Capriotti <[email protected]>
* hedis: Upgrade to fix connection timeout issues with cluster Upstream PR: informatikr/hedis#227 * changelog
* UpdateUser operation; work on Error sub-effects. * Fix build * Rename onUserEvent → generateUserEvent * Use state effect for local users in mini backends * Implement user update in mini backends * Add user update property test * [feat] rethrow errors as wai errors * [feat] test behaviour if user is managed by scim * [feat] set galley api access * [feat] test all of the update record members * [feat] interpret user events * Use MiniBackend state effect in mini-backend stack * Add fake event interpreter * Add Arbitrary instance for AllowSCIMUpdates * Replace UserUpdate with a new type * Use update functionality in brig * Add locale update to user subsystem * Move allowScim argument to update structure * Add handle update functionality to UserSubsystem Some of the functions in brig now have a UserStore constraint. This is only temporary until all the user-related functionality has been migrated to subsystems. * Make sure NotPending users have an identity * Check claimed handles * Implement handle lookup in mini backend * Add DeleteUser action to UserStore * Add some TODOs * Lint and format * Added missing where clause. * Fixed tombstone. * Renamed cql query function for clarity. * usersubsystems: added handle parsing text. * Formatting. * UserSubsystems: Added prop tests for handles. * lint * UserSubsystem: added scim handle update tests. * added changelog * Added update supported protocols. * Fix 2 test cases. * Fixed property test. * Deleted repeated lines. * Regen nix. * Removed ambiguity. * Updated call sites. * Remove bogus (and unnecessary) -Wwarn pragma. * explicit imports, exports. * Removed outdated FUTUREWORK. * Typo. * Make leaking interpreter implementation into brig more explicit. * Drive-by fix. * Send handle update events. * Test for update supportedProtocols. * Update supportedProtocols [wip] * Fixed test for supported protocols. * WIP: fix permission checks * Move BadHandle type and qc generator to types-common. * Fix handle update for blocklisted handles. * Make supported-protocols update test a property. * Fix more failing test cases (same pattern as before). * Simplify checkHandle test * UserSubsystem: Implement GetSelfProfile * UserSubsystem.updateUserProfile: Add assertion for updating locale * Remove TODO deemed requiring discussion * UserSubsystem: Implement GetSelfProfile Needed for testing updates to locale * Rename names. * Re-align userstore and user subsystem interfaces around handle. * Rm some boolean blindness. * Rename names (really bad ones this time...). * Fix UpdateOriginType values in brig api. * rm TODO. * Add TODOs. * Fix TODO syntax :) * Deprioritize TODO. * Haddocs. * Improve error message for invalid handles. * Rename names. * Note on db performance. * Remove unproducable error. * Haddocks. * Remove misguided TODOs. claimHandle is not exported, it's just the cassandra-specific part of updateHandle; errors are handled in user subsystem. * Fix: update locale by client not allowed if user is managed by scim. * Fix names. * remove more low-prio TODOs. * Resolve TODO. * Add test for locale update under scim management. * Fix test. * Fix tests, add happy path for profile update. * Fixup * Fix locale update. * Rm dead code. * Typo * Fix compiler errors. * Rm dead code. * Test coverage. * Fix missing fields in update event. * Dry-by fix: make responseJsonUnsafe more helpful when crashing. * hlint. * hlint. (?!) * Polish haddocks. * Changelog. * Make Handle data type abstract. * Revert "Make Handle data type abstract." This reverts commit 459e966. * Move local function in where block. * Remove FUTUREWORK (misplaced by ormolu, also self-evident.) * Rename local function. * Fix test case. * remove obsolete changelog entry (this has been fixed in WPB-9488). * Rm dead code from rest api. * Revert "Rm dead code from rest api." This reverts commit 8c66230. (maybe this is used elsewhere? also the removal wasn't complete.) * Update services/brig/test/integration/API/UserPendingActivation.hs * Update services/brig/src/Brig/User/Auth.hs * More guards in unit tests against invalid arbitrary values. * Fixup * Fix test case. * Improve error message for `*ManagedByScim`. * Revert "Fix test case." This reverts commit 4059bf9. * Fix application logic around blocking updates because scim or e2eid. * hlint. * failed attempt to port a galley test to /integration * Revert "failed attempt to port a galley test to /integration" This reverts commit c40670e. * I think I found the problem with this test! (fix coming up) * Small fix for legacy integration test. --------- Co-authored-by: Magnus Viernickel <[email protected]> Co-authored-by: Igor Ranieri <[email protected]> Co-authored-by: Matthias Fischmann <[email protected]> Co-authored-by: Akshay Mankar <[email protected]>
…4089) Without this openssl doesn't forward to whole chain causing mTLS to not succeed.
--------- Co-authored-by: Magnus Viernickel <[email protected]> Co-authored-by: Stefan Berthold <[email protected]> Co-authored-by: Paolo Capriotti <[email protected]>
* change externallyCreated to useFakeS3 and change its depth * fix chart values and doc --------- Co-authored-by: Amit Sagtani <[email protected]>
…e metrics-core wrapper (#4085) * catchErrors middleware: Always record metrics Instead of relying on `Metrics`, use top-level metric registered using `unsafeRegister`. * Use `unsafeRegister` for metrics instead of bunch of IORef HashMaps * federator: Enable GC metrics
Co-authored-by: Akshay Mankar <[email protected]>
* Fix repeated with-rtsopts option GHC does not support repeated `--with-rtsopts` options, and it simply applies the last one. This means many of the baked-in options were actually not being passed, including `-N` for some of the services and `-T` for cannon. * [chore] make federatore run with -N --------- Co-authored-by: Magnus Viernickel <[email protected]>
Co-authored-by: Akshay Mankar <[email protected]>
…ions (#4045) * Deny registering a new user with a phone number * Update user registration documentation * Update the user activation documentation * Disable user activation via a phone code * Ignore the voice_call field in POST /activation/send * stern-test: fail to get users by phone with error * stern: prevent updating phone numbers, clean up some brig. * brig: WIP clean up phone-related tests. * brig: updated failing test. * Migrate a test: POST /activate/send: invalid phone * brig: change error label and msg for invalid phone errors * Update SendActivationCode golden tests * Make `PUT i/users/:uid/sso-id` not fail * Fix `POST /activate/send - 403 prefix excluded` * Fix more tests * Remove more phone-related code * Fix Stern calls to internal Brig API * Drop phones from Brig.Code * Remove brig phone modules * Restore public API * Revert brig phone middleware hack * Remove all references to Twilio and Nexmo * Fix test send-phone-code * Fix test "post /register - 201 existing activation" * Fix test for registering w/o email and password * Revert "Ignore the voice_call field in POST /activation/send" This reverts commit c5992c5. * Revert changes to golden tests for NewUser type This undoes the changes to the tests that expected a failure while parsing. Instead, we rely on failing at the handler execution time. * Remove phone and full identity constructor * Fix Cassandra queries in Brig (no phone selection) * Fix spar tests * Remove phone prefix code * Remove PhoneBudgetTimeout * Remove BlacklistedPhone error * Add CHANGELOG entries * Fix last TODOs * Drop "phone" from an identity error message * Fix user identity and activation response unit and golden tests * Remove unused golden test files * Fix NewUser golden tests * Stern: remove tests for removed endpoints * brig-types golden test: use email instead of phone * Drop the excluded_phones DB table * Revert "Drop the excluded_phones DB table" This reverts commit 6174f1b. * Make new Ormolu happy * Align with fisx'es changes Remove some unused phone types * Brig: fix dependency on wire-subsystems * Hi CI --------- Co-authored-by: Igor Ranieri <[email protected]> Co-authored-by: Paolo Capriotti <[email protected]>
…#4119) * replace cabal.project.local template and update cabal.project * use program-options instead of package *
echoes-hq
bot
added
echoes: unplanned
elland
approved these changes
Jul 8, 2024
zebot
added
the
ok-to-test
|
this is because |
lwille
requested changes
Jul 8, 2024
lwille
approved these changes
Jul 8, 2024
related to WPB-9960 Co-authored-by: Leonhardt Wille <[email protected]>
b1pb1p
removed
echoes: unplanned
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2024-07-08] (Chart Release 5.4.0)
Release notes
setTwiliosetNexmosetAllowlistPhonePrefixes. ([WPB-9065] Stop supporting phone numbers in supported client API versions #4045)API changes
Internal API endpoints related to phone numbers have been removed.
In brig:
iGetPhonePrefixiDeletePhonePrefixiPostPhonePrefix.In stern:
get-users-by-phoneput-phone. ([WPB-9065] Stop supporting phone numbers in supported client API versions #4045)Features
charts/coturn: support putting coturn into 'drain' mode when terminating pods, denying new incoming client connections. This speeds up graceful coturn restarts significantly. (WPB 2690 #4098)
Set SFT usernames's
sharedfield according to team settings (WPB-6954 Set SFT username's shared field according to team setting #4117)Updated the
mlsE2EIdfeature config with two additional fieldscrlProxyanduseProxyOnMobile(WPB-8824 MLS E2EID CRL proxy flag #4051)reject MLS messages for future epochs (reject MLS messages for future epochs #4110)
Introduce more configuration options to the
coturnhelm chart (coturn: Add IP configuration options #4083)Update email templates to v1.0.121. (Update email templates to v1.0.121. #4064)
Support connecting to RabbitMQ over TLS. See "Configure RabbitMQ" section in the documentation for details. (RabbitMQ TLS #4094)
Support connecting to Redis over TLS
It can be enabled by setting these options on the wire-server helm chart:
([WPB-6718] Implement TLS support in Wire's Redis interface #4016)
Bug fixes and other updates
fixed stern endpoint
/i/users/meta-info(WPB-9677 fix stern endpoint/i/users/meta-info#4101)Log password reset errors instead of propagating them (WPB-5491 Log password reset errors instead of propagating them #4114)
Log request ids in brig. (Move password reset code to AuthenticationSubsystem #4086)
Do not set update origin "scim" in public brig api. (Do not set update origin "scim" in public brig api. #4072)
Disabling legalhold before user's approval doesn't result in an error ([WPB-9685] don't react with "legalhold already disabled" when on pending state #4104)
Make scim-delete-user idempotent. Hide information about existing users (make delete idempotent) (Fix scim logic: delete dangling external_ids if they happen. #4120)
Expose /providers/assets via nginz (WPB-9062 Provider API asset upload #4082)
federator: Expect a client certificate to be the certificate chain
Without this openssl doesn't forward to whole chain causing mTLS to not succeed. (federator: Expect a client certificate to be the certificate chain #4089)
Only resend proposals once after external commit (Only resend proposals once after external commit #4103)
gundeck: Better tolerance for redis-cluster restarts (WPB-9102 gundeck: Better tolerance for redis-cluster restarts #4084)
GHC does not support repeated --with-rtsopts options, and it simply applies the last one. This means many of the baked-in options were actually not being passed, including -N for some of the services and -T for cannon. (Fix repeated with-rtsopts option #4118)
Ensure that a Request ID is logged whenever unexpected errors are caught in any service ([WPB-7161] Fix Request ID logging in all services #4059)
charts/coturn: use allowed dir to write PID file (WPB 2690 #4098)
Make pending LH requests (with no LH devices listening yet) not throw LH policy errors. This helps eg. in cases where a LH request is issued to the wrong user by accident, and the user can clear up the mistake. (Treat pending legalhold devices as not having a legalhold device #4056)
Documentation
Internal changes
Adapt EJPD data to current requirements. (Add conversations to full ejpd info. #3945)
Port team feature tests to the
integrationpackage (WPB-6442 migrate all team feature tests to integration package part 1 #4063)Ported flaky legalhold test to the new integration test suite (WPB-8757 Port flaky legalhold test from galley to integration #4057)
Added profile update operations to the user subsystem. (User subsystem: add profile update operations #4046)
Introduce authentication subsystem with password reset. (Move password reset code to AuthenticationSubsystem #4086)
update nixpkgs and hence GHC version as well as some other tooling. ([WPB-8943] ghc 9.4 -> 9.6, nixpkgs bump #4071)
nginz: Added
allowlisted_fqdn_originstonginx_confvalue (WPB-9495: nginz: configure extra origins #4087)Add weeder for dead code elimination. (Add weeder (dead code elimination tool) to dev environment #4088)
Introduce email subsystem (Introduce EmailSmsSubsystem, use it for a few emails and password reset SMS #4111)
replace cabal.project.local template and update cabal.project ([chore] replace cabal.project.local template and update cabal.project #4119)
Add HTTP proxy in the local setup for elasticsearch in federation-v0. This makes it possible to use a single elasticsearch instance for both the main backends and federation-v0. (dockerephemeral environment: give ES an http interface (needed for old brig) #4062)
federator: Add metrics for garbage collections and unexpected errors that were caught (Define metrics using
Prometheus.unsafeRegisterinstead of having the metrics-core wrapper #4085)federator: Simplify polysemy setup to make it similar to other services so the
interpreter is only used for hoisting the servant application and not explicitly
inside handler of an endpoint ([WPB-7161] Fix Request ID logging in all services #4059)
Added prometheus enable and datacenter size variables for k8ssandra-test-cluster helm chart. (Update k8ssandra test cluster chart #4011)
Make
Handletype abstract to guarantee it always contains valid Handles. (Make Handle newtype abstract #4076)metrics-core: Delete
Data.Metricsin favour of defining metrics closer to where they are being emitted (Define metrics usingPrometheus.unsafeRegisterinstead of having the metrics-core wrapper #4085)add more metadata into the meta attribute of all nix derivations produced locally ([feat] add more metadata in nix to own code #4069)
Do not log anything when warp kills a worker thread. ( catchErrors middleware: Don't create responses for ThreadKilled errors #4112)
Introduce VerificationCodSubsystem (Introduce VerificationCodeSubsystem #4121)
add tests for bots that use self-signed certs and add documentation on why we cannot test the bots to work with PKI (Add more fingerprint verification tests for bots #4027)