This repository has been archived by the owner on Jul 12, 2023. It is now read-only.
v0.19.0
Release notes for main
Changelog since v0.18.0
Changes by Kind
Breaking change
- Breaking: To continue using the Terraform module, the following input variable is needed to avoid introducing a diff (#1513, @yegle)
revision_annotations = {
adminapi = { "autoscaling.knative.dev/maxScale" : "1000" }
apiserver = { "autoscaling.knative.dev/maxScale" : "1000" }
appsync = { "autoscaling.knative.dev/maxScale" : "1000" }
cleanup = { "autoscaling.knative.dev/maxScale" : "1000" }
e2e-runner = { "autoscaling.knative.dev/maxScale" : "1000" }
enx-redirect = { "autoscaling.knative.dev/maxScale" : "1000" }
modeler = { "autoscaling.knative.dev/maxScale" : "1000" }
}
Monitoring
- Improved SLO-based alerting reset time (#1294, @yuriatgoogle)
- Add SLO chart in Verificatoin Server dashboard. (#1315, @yegle)
- Monitoring: Add Availability SLO alert to all Cloud Run services. (#1351, @yegle)
- Add Latency SLO and related alert. Currently a rudimentary threshold (90% requests are returned in <10s) is set on all services. (#1361, @yegle)
- Modified service and SLOs configurations for better configurability (#1449, @yuriatgoogle)
- Latency alerting done via threshold, rather than SLO (#1510, @yuriatgoogle)
Role based authentication
- *Major change- Introduce Role-Based Access Controls (RBAC) to replace legacy user/admin roles. Existing users will retain their existing permissions, but new users will be able to have more granular permissions. This change involves an *irreversible database migration- and should be planned accordingly. We recommend system operators put the servers into maintenance mode before applying these migrations. (#1335, @sethvargo)
- Add descriptions for RBAC permissions (#1405, @sethvargo)
- Improve UX on permissions selection (#1435, @sethvargo)
- Require UserWrite for admin reset of another user's password (#1445, @whaught)
- Document implied permissions, enforce via javascript (#1418, @sethvargo)
- Setting write permissions automatically add required read permissions. (#1411, @mikehelmick)
Bulk issue codes
- Add SMS template selection to bulk uploader (#1370, @whaught)
- Clearer outer error message for batch issue API (#1369, @whaught)
- End to end test runner now tests bulk issue in a separate handler and scheduler (#1436, @mikehelmick)
- Remember the issuing user's last used SMS template. (#1379, @whaught)
- Fix logging error in batch issue API. (#1336, @mikehelmick)
- Fix off-by-one line numbers for bulk uploader (#1460, @whaught)
- Integration / e2e test cases for BatchIssueCode (#1376, @whaught)
- Show first 50 success / error cases for bulk-issue with UUIDs
Allow download of log file for bulk-issue (#1458, @whaught) - RBAC check for BulkIssue on the API (#1400, @whaught)
- Return a more detailed error when bulk issue is not enabled (#1331, @sethvargo)
- Adding more docs (#1365, @whaught)
Statistics
- Add more left padding to graphs for large y-axis numbers. (#1342, @sethvargo)
- Add statistics endpoints to adminapi (#1402, @sethvargo)
- Move stats calculations to be out-of-band (#1500, @sethvargo)
- Move user stat caching into the model (#1494, @sethvargo)
- Only display daily actives graph if enabled (#1398, @sethvargo)
- Serve user statistics via javascript (#1496, @sethvargo)
- Make daily active stats collection a realm configurable (#1396, @sethvargo)
- Introduce a new API key type for accessing statistics. The statistics endpoints of the admin API are currently in preview and are subject to change. (#1404, @sethvargo)
- Collect invalid codes and token statistics (backend only) (#1499, @sethvargo)
Internationalization
- Add ph translations (#1407, @sethvargo)
- Allow realm to have multiple SMS templates. Adds UI in realm settings to select and edit templates. (#1338, @whaught)
- Allow user to select an SMS template on code-issue. Add template label field to issueAPI. (#1352, @whaught)
- Enable postgres hstore. Add fields to realm to store multiple SMS templates and add validation for them. (#1325, @whaught)
- Japanese (ja) translation (#1303, @yuryu)
Redirect mobile apps
- Fix json output for iOS universal links (#1374, @whaught)
- Fixes to iOS Universal Links formatting (#1308, @whaught)
- Give admins the ability to disable AppStore redirects for apps (#1466, @sethvargo)
- Display OS on the mobile apps index table (#1484, @whaught)
- Switch to older Associated Domains format for iOS (#1307, @whaught)
Fixes
- Users added to realm don't get password reset email - only newly created firebase users do (#1395, @whaught)
- Wait for Redis connections to become available (#1419, @sethvargo)
- Calculate grace periods from membership date (#1485, @sethvargo)
- Correct response for invalid_test_type previously returned unsupported_test_type even if unparsable.
- Do not return 500s from redirect service for missing realms (#1382, @sethvargo)
- Make bad query params a 400-level user error (#1438, @sethvargo)
- Return 400 (instead of 500) on Twilio errors (#1313, @sethvargo)
- Select a realm-localized template for reset password (#1448, @whaught)
- Properly redirect to login page after session expiration. Previously the user would get an "Unauthorized" page. (#1353, @sethvargo)
- Fix for long code expiry being set to short code expiry (#1511, @whaught)
Presubmit checks
- Add zapw to detect misuse of logger (#1461, @sethvargo)
- Check for unclosed response bodies in CI (#1457, @sethvargo)
Test Coverage
- Unify in-memory server bootstrap (#1504, @sethvargo)
- Add harness and tests for testing internal errors (#1446, @sethvargo)
- Add test for ensuring database migration numbers are strictly increasing (#1349, @sethvargo)
- Add tests for MFA middleware (#1486, @sethvargo)
- Add tests for apikey middleware (#1455, @sethvargo)
- Add tests for authorized app stats (#1443, @sethvargo)
- Add tests for chaff middleware (#1474, @sethvargo)
- Add tests for csrf middleware (#1478, @sethvargo)
- Add tests for current_path middleware (#1480, @sethvargo)
- Add tests for debug middleware (#1473, @sethvargo)
- Add tests for email_verified middleware (#1477, @sethvargo)
- Add tests for firewall (#1453, @sethvargo)
- Add tests for header middleware (#1481, @sethvargo)
- Add tests for i18n middleware (#1482, @sethvargo)
- Add tests for membership middleware (#1483, @sethvargo)
- Add tests for method middleware (#1472, @sethvargo)
- Add tests for mobileapps (#1444, @sethvargo)
- Add tests for request_id middleware (#1487, @sethvargo)
- Add tests for sessions middleware (#1488, @sethvargo)
- Add tests for template middleware (#1489, @sethvargo)
- Add tests for users (#1493, @sethvargo)
- Add full integration test coverage for API keys (#1437, @sethvargo)
- Add more tests for realmadmin (#1450, @sethvargo)
- Increased test coverage for /issue and /batch-issue APIs
Parallel execution for batch (#1406, @whaught) - added integration test coverage for code issue (#1426, @whaught)
- Improve database test coverage (#1372, @sethvargo)
- Pass in zaptest.Logger to tests (#1498, @sethvargo)
- Added more test coverage of issue error cases
added error code 'invalid_date' for dates older the allowed for the realm (#1432, @whaught)
Error levels, logging, and debugging
- Don't log phone numbers on SMS failure. (#1360, @mikehelmick)
- Make SMS message failures info level in logs (#1420, @sethvargo)
- Modify error message levels for CertAPI
Change unhandled errors to StatusServerInternal (#1456, @whaught) - Extract trace context if present and add to logger (#1422, @sethvargo)
- Only generate Apache logs for local dev (#1403, @sethvargo)
- Update logger package (#1471, @sethvargo)
- Recover from panics in main (#1479, @sethvargo)
Uncategorized
- Allow short code to be in the ENX SMS message. (#1326, @mikehelmick)
- Do not rate limit health checks (#1506, @sethvargo)
- Ping db on /health instead of opening new connection (#1503, @sethvargo)
- Remove old /home route (#1332, @sethvargo)
- Support multiple 'from' numbers for system SMS configs (#1312, @sethvargo)
- Temporarily disable database service check due to incompatibility between releases (#1507, @sethvargo)
- The SMS Template max size is being doubled from 400 to 800. (#1295, @mikehelmick)
- Don't load captcha unless SMS factor needed (#1495, @whaught)
Dependencies
Added
- github.com/Microsoft/hcsshim: v0.8.9
- github.com/c2h5oh/datasize: 28bbd47
- github.com/cenkalti/backoff/v3: v3.0.0
- github.com/cenkalti/backoff/v4: v4.0.2
- github.com/containerd/cgroups: bf292b2
- github.com/containerd/console: c12b1e7
- github.com/containerd/fifo: a9fb20d
- github.com/containerd/go-runc: 5a6d9f3
- github.com/containerd/ttrpc: 0e0f228
- github.com/containerd/typeurl: a93fcdb
- github.com/couchbase/gocb/v2: v2.1.4
- github.com/couchbase/gocbcore/v9: v9.0.4
- github.com/denverdino/aliyungo: d330864
- github.com/digitalocean/godo: v1.7.5
- github.com/gobuffalo/attrs: a9411de
- github.com/gobuffalo/depgen: v0.1.0
- github.com/gobuffalo/envy: v1.7.0
- github.com/gobuffalo/flect: v0.1.3
- github.com/gobuffalo/genny: v0.1.1
- github.com/gobuffalo/gitgen: cc08618
- github.com/gobuffalo/gogen: v0.1.1
- github.com/gobuffalo/logger: 86e12af
- github.com/gobuffalo/mapi: v1.0.2
- github.com/gobuffalo/packd: v0.1.0
- github.com/gobuffalo/packr/v2: v2.2.0
- github.com/gobuffalo/syncx: 33c2958
- github.com/godbus/dbus: ade71ed
- github.com/google/safehtml: v0.0.2
- github.com/gophercloud/gophercloud: v0.1.0
- github.com/gostaticanalysis/analysisutil: v0.6.1
- github.com/gostaticanalysis/comment: v1.4.1
- github.com/gregjones/httpcache: 9cad4c3
- github.com/hashicorp/go-discover: c4b85f6
- github.com/hashicorp/vault-plugin-database-couchbase: v0.2.1
- github.com/hashicorp/vault-plugin-mock: v0.16.1
- github.com/hashicorp/vic: bbfe86e
- github.com/jackc/puddle: v1.1.3
- github.com/jba/templatecheck: v0.4.0
- github.com/josharian/intern: v1.0.0
- github.com/k0kubun/colorstring: 9440f19
- github.com/k0kubun/pp: v2.3.0+incompatible
- github.com/karrick/godirwalk: v1.10.3
- github.com/ktrysmt/go-bitbucket: v0.6.4
- github.com/linode/linodego: v0.7.1
- github.com/markbates/oncer: bf2de49
- github.com/markbates/safe: v1.0.1
- github.com/moby/term: 7f0af18
- github.com/montanaflynn/stats: 1bf9dbc
- github.com/mutecomm/go-sqlcipher/v4: v4.4.0
- github.com/nicolai86/scaleway-sdk: 798f60e
- github.com/okta/okta-sdk-golang/v2: v2.0.0
- github.com/opencontainers/runtime-spec: 5b71a03
- github.com/openlyinc/pointy: v1.1.2
- github.com/ory/dockertest/v3: v3.6.2
- github.com/packethost/packngo: b9cb509
- github.com/peterbourgon/diskv: v2.0.1+incompatible
- github.com/rboyer/safeio: v0.2.1
- github.com/renier/xmlrpc: ce4a1a4
- github.com/sethvargo/zapw: v0.1.0
- github.com/softlayer/softlayer-go: 260589d
- github.com/timakin/bodyclose: cb62158
- github.com/vmware/govmomi: v0.18.0
- github.com/yandex-cloud/go-genproto: 762fe96
- github.com/yandex-cloud/go-sdk: 2194e50
- go.mongodb.org/atlas: v0.5.0
- golang.org/x/term: 7de9c90
- k8s.io/client-go: v0.18.2
- k8s.io/utils: a9aa75a
Changed
- cloud.google.com/go/firestore: v1.3.0 → v1.4.0
- cloud.google.com/go/spanner: v1.8.0 → v1.9.0
- cloud.google.com/go: v0.71.0 → v0.74.0
- contrib.go.opencensus.io/integrations/ocsql: v0.1.6 → v0.1.7
- github.com/Azure/azure-sdk-for-go: v48.1.0+incompatible → v49.2.0+incompatible
- github.com/Azure/azure-storage-blob-go: v0.10.0 → v0.12.0
- github.com/Azure/go-autorest/autorest/adal: v0.9.5 → v0.9.10
- github.com/Azure/go-autorest/autorest/azure/auth: v0.5.3 → v0.5.5
- github.com/Azure/go-autorest/autorest/validation: v0.3.0 → v0.3.1
- github.com/Azure/go-autorest/autorest: v0.11.11 → v0.11.15
- github.com/Microsoft/go-winio: v0.4.15 → v0.4.16
- github.com/alecthomas/units: f65c72e → 1786d5e
- github.com/armon/go-metrics: v0.3.3 → v0.3.4
- github.com/aws/aws-sdk-go: v1.35.24 → v1.36.16
- github.com/bitly/go-hostpool: a3a6125 → v0.1.0
- github.com/chromedp/cdproto: 1c6a710 → be40c82
- github.com/chromedp/chromedp: v0.5.3 → v0.5.4
- github.com/chromedp/sysutil: dc95e7e → v1.0.0
- github.com/cncf/udpa/go: 269d4d4 → efcf912
- github.com/containerd/containerd: v1.3.3 → v1.4.1
- github.com/containerd/continuity: f2cc351 → 1805252
- github.com/dhui/dktest: v0.3.2 → v0.3.3
- github.com/docker/docker: 31a86c4 → 9dc6525
- github.com/envoyproxy/go-control-plane: v0.9.4 → v0.9.7
- github.com/frankban/quicktest: v1.8.1 → v1.10.0
- github.com/go-playground/validator/v10: v10.3.0 → v10.4.1
- github.com/go-test/deep: v1.0.6 → v1.0.7
- github.com/gobwas/httphead: 2c6c146 → v0.1.0
- github.com/gobwas/pool: v0.2.0 → v0.2.1
- github.com/gobwas/ws: v1.0.2 → v1.0.4
- github.com/gocql/gocql: 0e1d5de → 34081ed
- github.com/golang-migrate/migrate/v4: v4.12.2 → v4.14.1
- github.com/google/exposure-notifications-server: v0.18.0 → v0.19.0
- github.com/google/go-cmp: v0.5.2 → v0.5.4
- github.com/google/pprof: 3e6fc7f → 1bf35d6
- github.com/googleapis/gnostic: v0.1.0 → v0.2.0
- github.com/hashicorp/consul-template: v0.25.0 → v0.25.1
- github.com/hashicorp/go-hclog: v0.13.0 → v0.14.1
- github.com/hashicorp/go-kms-wrapping: v0.5.10 → v0.5.16
- github.com/hashicorp/go-version: v1.2.0 → v1.2.1
- github.com/hashicorp/hcl/v2: v2.7.0 → v2.8.1
- github.com/hashicorp/hcl: v1.0.0 → v1.0.1-vault
- github.com/hashicorp/mdns: v1.0.0 → v1.0.1
- github.com/hashicorp/raft-snapshot: 8117efc → v1.0.3
- github.com/hashicorp/raft: v1.1.2 → f367681
- github.com/hashicorp/vault-plugin-auth-alicloud: v0.5.5 → v0.7.0
- github.com/hashicorp/vault-plugin-auth-azure: v0.5.5 → v0.6.0
- github.com/hashicorp/vault-plugin-auth-centrify: v0.5.5 → v0.7.0
- github.com/hashicorp/vault-plugin-auth-cf: v0.5.4 → v0.7.0
- github.com/hashicorp/vault-plugin-auth-jwt: v0.6.2 → v0.8.1
- github.com/hashicorp/vault-plugin-auth-kerberos: v0.1.5 → v0.2.0
- github.com/hashicorp/vault-plugin-auth-kubernetes: v0.6.1 → v0.8.0
- github.com/hashicorp/vault-plugin-auth-oci: v0.5.4 → v0.6.0
- github.com/hashicorp/vault-plugin-database-elasticsearch: v0.5.4 → v0.6.1
- github.com/hashicorp/vault-plugin-database-mongodbatlas: v0.1.1 → v0.2.1
- github.com/hashicorp/vault-plugin-secrets-ad: 3dceeb3 → v0.8.0
- github.com/hashicorp/vault-plugin-secrets-alicloud: v0.5.5 → v0.7.0
- github.com/hashicorp/vault-plugin-secrets-azure: v0.5.6 → v0.8.0
- github.com/hashicorp/vault-plugin-secrets-gcp: v0.6.1 → v0.8.1
- github.com/hashicorp/vault-plugin-secrets-gcpkms: v0.5.5 → v0.7.0
- github.com/hashicorp/vault-plugin-secrets-kv: v0.5.5 → v0.7.0
- github.com/hashicorp/vault-plugin-secrets-mongodbatlas: v0.1.2 → v0.2.0
- github.com/hashicorp/vault-plugin-secrets-openldap: e19ec0c → v0.3.0
- github.com/hashicorp/vault/api: 6f72d4f → 38d91b7
- github.com/hashicorp/vault/sdk: e0cfd64 → d8fffe0
- github.com/hashicorp/vault: 6f72d4f → v1.6.1
- github.com/jackc/pgconn: v1.6.4 → v1.8.0
- github.com/jackc/pgproto3/v2: v2.0.4 → v2.0.6
- github.com/jackc/pgtype: v1.4.2 → v1.6.2
- github.com/jackc/pgx/v4: v4.8.1 → v4.10.0
- github.com/jarcoal/httpmock: v1.0.4 → v1.0.5
- github.com/jinzhu/now: v1.1.1 → v1.0.1
- github.com/klauspost/compress: v1.4.1 → v1.9.5
- github.com/kr/pretty: v0.2.0 → v0.2.1
- github.com/leodido/go-urn: v1.2.0 → v1.2.1
- github.com/lib/pq: v1.8.0 → v1.9.0
- github.com/mailru/easyjson: v0.7.1 → v0.7.6
- github.com/mattn/go-sqlite3: v2.0.1+incompatible → v1.14.0
- github.com/mitchellh/mapstructure: v1.3.3 → v1.4.0
- github.com/mitchellh/pointerstructure: f252a8f → v1.0.0
- github.com/nwaples/rardecode: v1.0.0 → v1.1.0
- github.com/opencontainers/runc: v0.1.1 → v1.0.0-rc9
- github.com/pelletier/go-toml: v1.2.0 → v1.7.0
- github.com/prometheus/client_golang: v1.8.0 → v1.9.0
- github.com/russross/blackfriday/v2: v2.0.1 → v2.1.0
- github.com/shirou/gopsutil: v2.20.4+incompatible → afe0c04
- github.com/shopspring/decimal: 1884f45 → 02e2044
- github.com/spf13/afero: v1.2.1 → v1.2.2
- github.com/tidwall/pretty: v1.0.0 → v1.0.1
- github.com/ugorji/go/codec: v1.1.8 → v1.2.1
- github.com/ugorji/go: v1.1.8 → v1.2.1
- github.com/ulikunitz/xz: v0.5.6 → v0.5.7
- go.etcd.io/bbolt: v1.3.4 → v1.3.5
- go.mongodb.org/mongo-driver: v1.2.1 → v1.4.2
- golang.org/x/crypto: 9e8e0b3 → eec23a3
- golang.org/x/lint: 738671d → 83fdc39
- golang.org/x/mod: v0.3.0 → v0.4.0
- golang.org/x/net: 69a7880 → 6772e93
- golang.org/x/oauth2: 9fd6049 → 08078c5
- golang.org/x/sync: 67f06af → 09787c9
- golang.org/x/sys: f9321e4 → 0d417f6
- golang.org/x/time: 3af7569 → 7e3f01d
- golang.org/x/tools: 1d69943 → 84d76fe
- google.golang.org/api: v0.35.0 → v0.36.0
- google.golang.org/genproto: 8816d57 → 8c77b98
- google.golang.org/grpc: v1.33.2 → v1.34.0
- gopkg.in/yaml.v2: v2.3.0 → v2.4.0
- honnef.co/go/tools: v0.0.1-2020.1.6 → v0.1.0