v0.19.0

Release notes for main

Documentation

Changelog since v0.18.0

Changes by Kind

Breaking change

• Breaking: To continue using the Terraform module, the following input variable is needed to avoid introducing a diff (#1513, @yegle)

  revision_annotations = {                                                       
      adminapi     = { "autoscaling.knative.dev/maxScale" : "1000" }
      apiserver    = { "autoscaling.knative.dev/maxScale" : "1000" }
      appsync      = { "autoscaling.knative.dev/maxScale" : "1000" }
      cleanup      = { "autoscaling.knative.dev/maxScale" : "1000" }
      e2e-runner   = { "autoscaling.knative.dev/maxScale" : "1000" }
      enx-redirect = { "autoscaling.knative.dev/maxScale" : "1000" }
      modeler      = { "autoscaling.knative.dev/maxScale" : "1000" }
  } 

Monitoring

• Improved SLO-based alerting reset time (#1294, @yuriatgoogle)
• Add SLO chart in Verificatoin Server dashboard. (#1315, @yegle)
• Monitoring: Add Availability SLO alert to all Cloud Run services. (#1351, @yegle)
• Add Latency SLO and related alert. Currently a rudimentary threshold (90% requests are returned in <10s) is set on all services. (#1361, @yegle)
• Modified service and SLOs configurations for better configurability (#1449, @yuriatgoogle)
• Latency alerting done via threshold, rather than SLO (#1510, @yuriatgoogle)

Role based authentication

• *Major change- Introduce Role-Based Access Controls (RBAC) to replace legacy user/admin roles. Existing users will retain their existing permissions, but new users will be able to have more granular permissions. This change involves an *irreversible database migration- and should be planned accordingly. We recommend system operators put the servers into maintenance mode before applying these migrations. (#1335, @sethvargo)
• Add descriptions for RBAC permissions (#1405, @sethvargo)
• Improve UX on permissions selection (#1435, @sethvargo)
• Require UserWrite for admin reset of another user's password (#1445, @whaught)
• Document implied permissions, enforce via javascript (#1418, @sethvargo)
• Setting write permissions automatically add required read permissions. (#1411, @mikehelmick)

Bulk issue codes

• Add SMS template selection to bulk uploader (#1370, @whaught)
• Clearer outer error message for batch issue API (#1369, @whaught)
• End to end test runner now tests bulk issue in a separate handler and scheduler (#1436, @mikehelmick)
• Remember the issuing user's last used SMS template. (#1379, @whaught)
• Fix logging error in batch issue API. (#1336, @mikehelmick)
• Fix off-by-one line numbers for bulk uploader (#1460, @whaught)
• Integration / e2e test cases for BatchIssueCode (#1376, @whaught)
• Show first 50 success / error cases for bulk-issue with UUIDs
  Allow download of log file for bulk-issue (#1458, @whaught)
• RBAC check for BulkIssue on the API (#1400, @whaught)
• Return a more detailed error when bulk issue is not enabled (#1331, @sethvargo)
• Adding more docs (#1365, @whaught)

Statistics

• Add more left padding to graphs for large y-axis numbers. (#1342, @sethvargo)
• Add statistics endpoints to adminapi (#1402, @sethvargo)
• Move stats calculations to be out-of-band (#1500, @sethvargo)
• Move user stat caching into the model (#1494, @sethvargo)
• Only display daily actives graph if enabled (#1398, @sethvargo)
• Serve user statistics via javascript (#1496, @sethvargo)
• Make daily active stats collection a realm configurable (#1396, @sethvargo)
• Introduce a new API key type for accessing statistics. The statistics endpoints of the admin API are currently in preview and are subject to change. (#1404, @sethvargo)
• Collect invalid codes and token statistics (backend only) (#1499, @sethvargo)

Internationalization

• Add ph translations (#1407, @sethvargo)
• Allow realm to have multiple SMS templates. Adds UI in realm settings to select and edit templates. (#1338, @whaught)
• Allow user to select an SMS template on code-issue. Add template label field to issueAPI. (#1352, @whaught)
• Enable postgres hstore. Add fields to realm to store multiple SMS templates and add validation for them. (#1325, @whaught)
• Japanese (ja) translation (#1303, @yuryu)

Redirect mobile apps

• Fix json output for iOS universal links (#1374, @whaught)
• Fixes to iOS Universal Links formatting (#1308, @whaught)
• Give admins the ability to disable AppStore redirects for apps (#1466, @sethvargo)
• Display OS on the mobile apps index table (#1484, @whaught)
• Switch to older Associated Domains format for iOS (#1307, @whaught)

Fixes

• Users added to realm don't get password reset email - only newly created firebase users do (#1395, @whaught)
• Wait for Redis connections to become available (#1419, @sethvargo)
• Calculate grace periods from membership date (#1485, @sethvargo)
• Correct response for invalid_test_type previously returned unsupported_test_type even if unparsable.
• Do not return 500s from redirect service for missing realms (#1382, @sethvargo)
• Make bad query params a 400-level user error (#1438, @sethvargo)
• Return 400 (instead of 500) on Twilio errors (#1313, @sethvargo)
• Select a realm-localized template for reset password (#1448, @whaught)
• Properly redirect to login page after session expiration. Previously the user would get an "Unauthorized" page. (#1353, @sethvargo)
• Fix for long code expiry being set to short code expiry (#1511, @whaught)

Presubmit checks

• Add zapw to detect misuse of logger (#1461, @sethvargo)
• Check for unclosed response bodies in CI (#1457, @sethvargo)

Test Coverage

• Unify in-memory server bootstrap (#1504, @sethvargo)
• Add harness and tests for testing internal errors (#1446, @sethvargo)
• Add test for ensuring database migration numbers are strictly increasing (#1349, @sethvargo)
• Add tests for MFA middleware (#1486, @sethvargo)
• Add tests for apikey middleware (#1455, @sethvargo)
• Add tests for authorized app stats (#1443, @sethvargo)
• Add tests for chaff middleware (#1474, @sethvargo)
• Add tests for csrf middleware (#1478, @sethvargo)
• Add tests for current_path middleware (#1480, @sethvargo)
• Add tests for debug middleware (#1473, @sethvargo)
• Add tests for email_verified middleware (#1477, @sethvargo)
• Add tests for firewall (#1453, @sethvargo)
• Add tests for header middleware (#1481, @sethvargo)
• Add tests for i18n middleware (#1482, @sethvargo)
• Add tests for membership middleware (#1483, @sethvargo)
• Add tests for method middleware (#1472, @sethvargo)
• Add tests for mobileapps (#1444, @sethvargo)
• Add tests for request_id middleware (#1487, @sethvargo)
• Add tests for sessions middleware (#1488, @sethvargo)
• Add tests for template middleware (#1489, @sethvargo)
• Add tests for users (#1493, @sethvargo)
• Add full integration test coverage for API keys (#1437, @sethvargo)
• Add more tests for realmadmin (#1450, @sethvargo)
• Increased test coverage for /issue and /batch-issue APIs
  Parallel execution for batch (#1406, @whaught)
• added integration test coverage for code issue (#1426, @whaught)
• Improve database test coverage (#1372, @sethvargo)
• Pass in zaptest.Logger to tests (#1498, @sethvargo)
• Added more test coverage of issue error cases
  added error code 'invalid_date' for dates older the allowed for the realm (#1432, @whaught)

Error levels, logging, and debugging

• Don't log phone numbers on SMS failure. (#1360, @mikehelmick)
• Make SMS message failures info level in logs (#1420, @sethvargo)
• Modify error message levels for CertAPI
  Change unhandled errors to StatusServerInternal (#1456, @whaught)
• Extract trace context if present and add to logger (#1422, @sethvargo)
• Only generate Apache logs for local dev (#1403, @sethvargo)
• Update logger package (#1471, @sethvargo)
• Recover from panics in main (#1479, @sethvargo)

Uncategorized

• Allow short code to be in the ENX SMS message. (#1326, @mikehelmick)
• Do not rate limit health checks (#1506, @sethvargo)
• Ping db on /health instead of opening new connection (#1503, @sethvargo)
• Remove old /home route (#1332, @sethvargo)
• Support multiple 'from' numbers for system SMS configs (#1312, @sethvargo)
• Temporarily disable database service check due to incompatibility between releases (#1507, @sethvargo)
• The SMS Template max size is being doubled from 400 to 800. (#1295, @mikehelmick)
• Don't load captcha unless SMS factor needed (#1495, @whaught)

Dependencies

Added

• github.com/Microsoft/hcsshim: v0.8.9
• github.com/c2h5oh/datasize: 28bbd47
• github.com/cenkalti/backoff/v3: v3.0.0
• github.com/cenkalti/backoff/v4: v4.0.2
• github.com/containerd/cgroups: bf292b2
• github.com/containerd/console: c12b1e7
• github.com/containerd/fifo: a9fb20d
• github.com/containerd/go-runc: 5a6d9f3
• github.com/containerd/ttrpc: 0e0f228
• github.com/containerd/typeurl: a93fcdb
• github.com/couchbase/gocb/v2: v2.1.4
• github.com/couchbase/gocbcore/v9: v9.0.4
• github.com/denverdino/aliyungo: d330864
• github.com/digitalocean/godo: v1.7.5
• github.com/gobuffalo/attrs: a9411de
• github.com/gobuffalo/depgen: v0.1.0
• github.com/gobuffalo/envy: v1.7.0
• github.com/gobuffalo/flect: v0.1.3
• github.com/gobuffalo/genny: v0.1.1
• github.com/gobuffalo/gitgen: cc08618
• github.com/gobuffalo/gogen: v0.1.1
• github.com/gobuffalo/logger: 86e12af
• github.com/gobuffalo/mapi: v1.0.2
• github.com/gobuffalo/packd: v0.1.0
• github.com/gobuffalo/packr/v2: v2.2.0
• github.com/gobuffalo/syncx: 33c2958
• github.com/godbus/dbus: ade71ed
• github.com/google/safehtml: v0.0.2
• github.com/gophercloud/gophercloud: v0.1.0
• github.com/gostaticanalysis/analysisutil: v0.6.1
• github.com/gostaticanalysis/comment: v1.4.1
• github.com/gregjones/httpcache: 9cad4c3
• github.com/hashicorp/go-discover: c4b85f6
• github.com/hashicorp/vault-plugin-database-couchbase: v0.2.1
• github.com/hashicorp/vault-plugin-mock: v0.16.1
• github.com/hashicorp/vic: bbfe86e
• github.com/jackc/puddle: v1.1.3
• github.com/jba/templatecheck: v0.4.0
• github.com/josharian/intern: v1.0.0
• github.com/k0kubun/colorstring: 9440f19
• github.com/k0kubun/pp: v2.3.0+incompatible
• github.com/karrick/godirwalk: v1.10.3
• github.com/ktrysmt/go-bitbucket: v0.6.4
• github.com/linode/linodego: v0.7.1
• github.com/markbates/oncer: bf2de49
• github.com/markbates/safe: v1.0.1
• github.com/moby/term: 7f0af18
• github.com/montanaflynn/stats: 1bf9dbc
• github.com/mutecomm/go-sqlcipher/v4: v4.4.0
• github.com/nicolai86/scaleway-sdk: 798f60e
• github.com/okta/okta-sdk-golang/v2: v2.0.0
• github.com/opencontainers/runtime-spec: 5b71a03
• github.com/openlyinc/pointy: v1.1.2
• github.com/ory/dockertest/v3: v3.6.2
• github.com/packethost/packngo: b9cb509
• github.com/peterbourgon/diskv: v2.0.1+incompatible
• github.com/rboyer/safeio: v0.2.1
• github.com/renier/xmlrpc: ce4a1a4
• github.com/sethvargo/zapw: v0.1.0
• github.com/softlayer/softlayer-go: 260589d
• github.com/timakin/bodyclose: cb62158
• github.com/vmware/govmomi: v0.18.0
• github.com/yandex-cloud/go-genproto: 762fe96
• github.com/yandex-cloud/go-sdk: 2194e50
• go.mongodb.org/atlas: v0.5.0
• golang.org/x/term: 7de9c90
• k8s.io/client-go: v0.18.2
• k8s.io/utils: a9aa75a

Changed

• cloud.google.com/go/firestore: v1.3.0 → v1.4.0
• cloud.google.com/go/spanner: v1.8.0 → v1.9.0
• cloud.google.com/go: v0.71.0 → v0.74.0
• contrib.go.opencensus.io/integrations/ocsql: v0.1.6 → v0.1.7
• github.com/Azure/azure-sdk-for-go: v48.1.0+incompatible → v49.2.0+incompatible
• github.com/Azure/azure-storage-blob-go: v0.10.0 → v0.12.0
• github.com/Azure/go-autorest/autorest/adal: v0.9.5 → v0.9.10
• github.com/Azure/go-autorest/autorest/azure/auth: v0.5.3 → v0.5.5
• github.com/Azure/go-autorest/autorest/validation: v0.3.0 → v0.3.1
• github.com/Azure/go-autorest/autorest: v0.11.11 → v0.11.15
• github.com/Microsoft/go-winio: v0.4.15 → v0.4.16
• github.com/alecthomas/units: f65c72e → 1786d5e
• github.com/armon/go-metrics: v0.3.3 → v0.3.4
• github.com/aws/aws-sdk-go: v1.35.24 → v1.36.16
• github.com/bitly/go-hostpool: a3a6125 → v0.1.0
• github.com/chromedp/cdproto: 1c6a710 → be40c82
• github.com/chromedp/chromedp: v0.5.3 → v0.5.4
• github.com/chromedp/sysutil: dc95e7e → v1.0.0
• github.com/cncf/udpa/go: 269d4d4 → efcf912
• github.com/containerd/containerd: v1.3.3 → v1.4.1
• github.com/containerd/continuity: f2cc351 → 1805252
• github.com/dhui/dktest: v0.3.2 → v0.3.3
• github.com/docker/docker: 31a86c4 → 9dc6525
• github.com/envoyproxy/go-control-plane: v0.9.4 → v0.9.7
• github.com/frankban/quicktest: v1.8.1 → v1.10.0
• github.com/go-playground/validator/v10: v10.3.0 → v10.4.1
• github.com/go-test/deep: v1.0.6 → v1.0.7
• github.com/gobwas/httphead: 2c6c146 → v0.1.0
• github.com/gobwas/pool: v0.2.0 → v0.2.1
• github.com/gobwas/ws: v1.0.2 → v1.0.4
• github.com/gocql/gocql: 0e1d5de → 34081ed
• github.com/golang-migrate/migrate/v4: v4.12.2 → v4.14.1
• github.com/google/exposure-notifications-server: v0.18.0 → v0.19.0
• github.com/google/go-cmp: v0.5.2 → v0.5.4
• github.com/google/pprof: 3e6fc7f → 1bf35d6
• github.com/googleapis/gnostic: v0.1.0 → v0.2.0
• github.com/hashicorp/consul-template: v0.25.0 → v0.25.1
• github.com/hashicorp/go-hclog: v0.13.0 → v0.14.1
• github.com/hashicorp/go-kms-wrapping: v0.5.10 → v0.5.16
• github.com/hashicorp/go-version: v1.2.0 → v1.2.1
• github.com/hashicorp/hcl/v2: v2.7.0 → v2.8.1
• github.com/hashicorp/hcl: v1.0.0 → v1.0.1-vault
• github.com/hashicorp/mdns: v1.0.0 → v1.0.1
• github.com/hashicorp/raft-snapshot: 8117efc → v1.0.3
• github.com/hashicorp/raft: v1.1.2 → f367681
• github.com/hashicorp/vault-plugin-auth-alicloud: v0.5.5 → v0.7.0
• github.com/hashicorp/vault-plugin-auth-azure: v0.5.5 → v0.6.0
• github.com/hashicorp/vault-plugin-auth-centrify: v0.5.5 → v0.7.0
• github.com/hashicorp/vault-plugin-auth-cf: v0.5.4 → v0.7.0
• github.com/hashicorp/vault-plugin-auth-jwt: v0.6.2 → v0.8.1
• github.com/hashicorp/vault-plugin-auth-kerberos: v0.1.5 → v0.2.0
• github.com/hashicorp/vault-plugin-auth-kubernetes: v0.6.1 → v0.8.0
• github.com/hashicorp/vault-plugin-auth-oci: v0.5.4 → v0.6.0
• github.com/hashicorp/vault-plugin-database-elasticsearch: v0.5.4 → v0.6.1
• github.com/hashicorp/vault-plugin-database-mongodbatlas: v0.1.1 → v0.2.1
• github.com/hashicorp/vault-plugin-secrets-ad: 3dceeb3 → v0.8.0
• github.com/hashicorp/vault-plugin-secrets-alicloud: v0.5.5 → v0.7.0
• github.com/hashicorp/vault-plugin-secrets-azure: v0.5.6 → v0.8.0
• github.com/hashicorp/vault-plugin-secrets-gcp: v0.6.1 → v0.8.1
• github.com/hashicorp/vault-plugin-secrets-gcpkms: v0.5.5 → v0.7.0
• github.com/hashicorp/vault-plugin-secrets-kv: v0.5.5 → v0.7.0
• github.com/hashicorp/vault-plugin-secrets-mongodbatlas: v0.1.2 → v0.2.0
• github.com/hashicorp/vault-plugin-secrets-openldap: e19ec0c → v0.3.0
• github.com/hashicorp/vault/api: 6f72d4f → 38d91b7
• github.com/hashicorp/vault/sdk: e0cfd64 → d8fffe0
• github.com/hashicorp/vault: 6f72d4f → v1.6.1
• github.com/jackc/pgconn: v1.6.4 → v1.8.0
• github.com/jackc/pgproto3/v2: v2.0.4 → v2.0.6
• github.com/jackc/pgtype: v1.4.2 → v1.6.2
• github.com/jackc/pgx/v4: v4.8.1 → v4.10.0
• github.com/jarcoal/httpmock: v1.0.4 → v1.0.5
• github.com/jinzhu/now: v1.1.1 → v1.0.1
• github.com/klauspost/compress: v1.4.1 → v1.9.5
• github.com/kr/pretty: v0.2.0 → v0.2.1
• github.com/leodido/go-urn: v1.2.0 → v1.2.1
• github.com/lib/pq: v1.8.0 → v1.9.0
• github.com/mailru/easyjson: v0.7.1 → v0.7.6
• github.com/mattn/go-sqlite3: v2.0.1+incompatible → v1.14.0
• github.com/mitchellh/mapstructure: v1.3.3 → v1.4.0
• github.com/mitchellh/pointerstructure: f252a8f → v1.0.0
• github.com/nwaples/rardecode: v1.0.0 → v1.1.0
• github.com/opencontainers/runc: v0.1.1 → v1.0.0-rc9
• github.com/pelletier/go-toml: v1.2.0 → v1.7.0
• github.com/prometheus/client_golang: v1.8.0 → v1.9.0
• github.com/russross/blackfriday/v2: v2.0.1 → v2.1.0
• github.com/shirou/gopsutil: v2.20.4+incompatible → afe0c04
• github.com/shopspring/decimal: 1884f45 → 02e2044
• github.com/spf13/afero: v1.2.1 → v1.2.2
• github.com/tidwall/pretty: v1.0.0 → v1.0.1
• github.com/ugorji/go/codec: v1.1.8 → v1.2.1
• github.com/ugorji/go: v1.1.8 → v1.2.1
• github.com/ulikunitz/xz: v0.5.6 → v0.5.7
• go.etcd.io/bbolt: v1.3.4 → v1.3.5
• go.mongodb.org/mongo-driver: v1.2.1 → v1.4.2
• golang.org/x/crypto: 9e8e0b3 → eec23a3
• golang.org/x/lint: 738671d → 83fdc39
• golang.org/x/mod: v0.3.0 → v0.4.0
• golang.org/x/net: 69a7880 → 6772e93
• golang.org/x/oauth2: 9fd6049 → 08078c5
• golang.org/x/sync: 67f06af → 09787c9
• golang.org/x/sys: f9321e4 → 0d417f6
• golang.org/x/time: 3af7569 → 7e3f01d
• golang.org/x/tools: 1d69943 → 84d76fe
• google.golang.org/api: v0.35.0 → v0.36.0
• google.golang.org/genproto: 8816d57 → 8c77b98
• google.golang.org/grpc: v1.33.2 → v1.34.0
• gopkg.in/yaml.v2: v2.3.0 → v2.4.0
• honnef.co/go/tools: v0.0.1-2020.1.6 → v0.1.0

Removed

• github.com/DataDog/zstd: v1.4.4
• github.com/jeremyfaller/puddle: 91d0159
• github.com/knq/sysutil: 15668db
• github.com/shirou/w32: bb4de01