This repository has been archived by the owner on Jul 12, 2023. It is now read-only.

02 Feb 03:10

v0.21.1

d3f9f2d

v0.21.1

Release notes for v0.21.1

Changelog since v0.21.0

This release fixes an issue where terraform would fail to apply if redis authentication is disabled (which is the default).

Changes by Kind

Infrastructure fixes

Allow for redis auth to be disabled and terraform to apply successfully (#1751, @mikehelmick)

Buf Fixes and Improvements

Basic coverage for /codes pages (#1746, @whaught)
Include multiline and whitespace in search in SMS preview to fix a bug where an SMS message contained newline characters. This did not affect delivered SMSes, only the preview window. (#1745, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

Nothing has changed.

Removed

Nothing has changed.

Assets 2

01 Feb 16:56

whaught

v0.21.0

94f0a2e

v0.21.0

Release notes for v0.21.0

If redis auth is not enabled, please use v0.21.1 instead

Upgrade notes

This release introduces the ability for the verification server to pull statistics from a key server. This functionality is off by default, and can be enabled by a realm administrator. There are new configuration values for the default key server and audience to use.
- KEY_SERVER_URL - base URL for the key server to pull stats from, the /v1/stats path will be appended to this. You must set this value in our terraform configuration for your deployment for this functionality to work.
- KEY_SERVER_STATS_AUDIENCE - default value is the same as default value from the exposure-notifications-server
Authenticated SMS
- This is a new feature under development, it is off by default and subject to change without notice.

Changes by Kind

Statistics

Key-server stats

Add CSV format for key-server stats file (#1691, @whaught)
Add TEK age & onset-upload distribution chart (#1669, @whaught)
Adjustable data smoothing (#1705, @whaught)
Average issue-claim chart (#1710, @whaught)
Claim age distribution chart added to UI (#1709, @whaught)
Dev seed script randomizes the issue to claim time (#1731, @whaught)
Emit key-server stats as json for charting (#1661, @whaught)
Gives stats puller services the correct KMS permissions. (#1686, @mikehelmick)
Redraw all charts with window resize. Move some js to application.js (#1700, @whaught)
Show distributions as 7 day sums (#1698, @whaught)
Show publish requests by OS (#1665, @whaught)
Slider tick marks for issue-claim age chart (#1719, @whaught)
Stats - Claim age distribution chart isn't resized when the scope is changed. (#1720, @mikehelmick)
Styling updates for statistics page & about links (#1724, @whaught)
Use UTC time in stats-puller test (#1740, @sethvargo)
Add random key-server stats data in dev seed script (#1651, @whaught)
Key server histograms have better controls and don't resize as days change (#1718, @mikehelmick)
Logic for executing the v1/stats request and storing results (#1621, @whaught)
Padding for stats sliders (#1725, @whaught)

Verification server stats

Add code issue to claim age average and distribution stat (#1675, @whaught)
Add invalid codes and full token graphs to stats (#1641, @sethvargo)
Add new stats for codes_invalid and tokens to responses (#1631, @sethvargo)
Increment code-issue stats at the end of issuance logic. This avoids recording [known] failures. (#1638, @whaught)
Make codes/stats bit of seeding optional (#1628, @sethvargo)
Make seed script also optionally verify codes and claim tokens (#1629, @sethvargo)
Move API key stats into the API and display invalid claim attempts on API keys page (#1646, @sethvargo)

Authenticated SMS (new feature that is off by default)

Add SMS signing functionality. This functionality is off by default, as Google and Apple are still developing the necessary client-side features to support it. (#1696, @sethvargo)
Add database model for managed keys for signing SMS messages. (#1649, @mikehelmick)
Implement first pass at SMS signature algorithm package (#1650, @sethvargo)
Add utility for verifying SMS signatures (#1721, @sethvargo)
Create SMSSigning config and instantiate SMS signing key manager where needed (#1673, @sethvargo)
Give Admin API signer verifier permissions on the for the keyring containing SMS singing keys. (#1704, @mikehelmick)
Standardize response codes and add tests to SMS keys (#1672, @sethvargo)
Switch to short date with less base64-encoding in returned SMS signature (#1722, @sethvargo)
Realm admins can create/rotate SMS signing keys and enable authenticated SMS. (#1668, @mikehelmick)

Other SMS changes

Move SMS templates into the SMS tab (originally under codes) (#1734, @sethvargo)
Use the same SMS provider for all messages, cache locally for 5 minutes to improve performance (#1674, @sethvargo)
Display a preview of how SMSes could be split across multiple messages at 153 character boundaries. (#1737, @sethvargo)

Test coverage

Add more tests for cacher package (#1659, @sethvargo)
Add more tests for routes (#1657, @sethvargo)
Add more unit tests for internal/project package (#1656, @sethvargo)
Fix e2e test for unknown user-agent header (#1695, @whaught)
Add some more admin tests (#1660, @sethvargo)
Add tests for api package (#1658, @sethvargo)
Run e2e enx-redirector tests as part of CI (#1732, @sethvargo)

Terraform changes

Add optional authentication to Redis. The default behavior remains unchanged, but a new Terraform variable redis_enable_auth exists to opt-in to Redis authentication. Opting in can cause downtime, so if you choose to enable it, we recommend doing i...

Assets 2

19 Jan 02:33

mikehelmick

v0.20.0

4021fea

v0.20.0

Release notes for exposure-notifications-verification-server v0.20.0

Documentation

Changelog since v0.19.0

⚠️ Upgrade notes ⚠️

Deployment Notes

This version introduces both Binary Authorization and multiple new services. To help ensure a successful upgrade, operators should taint the build step before running Terraform. This will ensure new services are built and existing services are attested with the proper signatures for authorization.

terraform taint module.en.null_resource.build

Note this will increase the duration of the Terraform run to about 10 minutes. Upon a successful run, continue with the upgrade process as normal.

Key rotation

This release introduces unattended signing key rotation for both verification token and verification certificate signing.

All key rotation is done, by default, every 30 days.

Verification token key rotation

Keys are now backed by the database, seeded by the key ring that the current token signing key version is on.
Until the new rotate job runs, the legacy key version will be used for signing. Once the rotate job has been
run, there will be a new signing key used to sign new verification tokens. The legacy signing key will be honored
as long as it is still configured. v0.21.0 will move to only database-backed token signing keys.

Verification certificate key rotation

In this release, realm admins will be allowed to configure their signing keys for automatic rotation.
It is important that this realm's key server be configured to use the JWKS public key discovery document
for the health authority signing keys.

Verification signing keys are created, but not made active for at least 1 hour so that there is time
for the key server to import the public key.

Changes by Kind

Breaking changes

Potentially breaking! - Source token signing keys from the database. This completes the move of system token signing keys from environment variables to the database. This change attempts to be backward compatible, but server are encouraged to test changes in an isolated environment before upgrading production systems. (#1602, @sethvargo)

Features

Add intelligence for redirecting post-login (#1550, @sethvargo)
Add audits for saving a Token Signing Key (#1601, @sethvargo)
Add password-reset and email-verification email templates to realm settings (#1555, @whaught)
Add rotation service and schema for rotating token signing keys (#1597, @sethvargo)
Added support for Twilio messaging services (#1526, @whaught)
Adds database column for realm level auto key rotation settings. (#1594, @mikehelmick)
Adds the stats-puller service to run every hour. (#1603, @whaught)
Advanced searching is a new feature for user search that allows for more granular searching. It's backwards-compatible with the former search syntax, but now includes the ability to filter searches by fields. Specifically, you can now query like "name:foo" or "can:APIKeyWrite" to perform advanced queries. Bulk permission management is a new feature that allows people with UserWrite permissions to modify other users' permissions in bulk in their realm. (#1525, @sethvargo)
Allow JWK lookup URLs to work with region codes in addition to IDs (#1559, @sethvargo)
Allow for legacy signing key config for tokens to be used during the upgrade to DB backed tokens. (#1624, @mikehelmick)
Allow for realm admins to enable automatic verification certificate key rotation. Keys are rotated every 30 days, and given 1h soak time for upstream key servers to pull public keys via public key discovery. (#1614, @mikehelmick)
Realm stats: Slider control to select date range to display. Trend lines are shown for codes issued and codes claimed. (#1598, @mikehelmick)
Stop bulk-issue client if the Twilio SMS queue is full (#1571, @whaught)
Support testType field as input for bulk-upload (#1531, @whaught)
The bulk-uploader will skip conflict or already-succeeded lines when re-using a log csv from a previous attempt (#1530, @whaught)

General bug fixes and improvements

Add locking to stats-puller service. Refactor cleanup -> lock (#1608, @whaught)
Add optional enx-redirect tests to e2e-runner (#1585, @sethvargo)
Add tests for cleanup (#1600, @sethvargo)
Check session expiration on login (#1549, @sethvargo)
Clean up nits from verification certification rotation (#1618, @sethvargo)
Cleanup for key-server stats (#1615, @whaught)
Correct padding (#1541, @whaught)
Defensively check deleted_at fields in realm/user join tables for memberships (#1565, @sethvargo)
Delete any orphaned entries before creating foreignkey. This handles an extreme edge case where an entry was manually deleted from the database before the FK constraint existed. (#1533, @sethvargo)
Delete users who are deleted (#1566, @sethvargo)
Display realm_id in system admin event logs (#1605, @sethvargo)
Don't return http.Response when unneeded (#1586, @sethvargo)
Drop foreignkey constraints if they already exist before creating (#1534, @sethvargo)
Drop optional calculation of Daily Active Users (#1544, @sethvargo)
Fix nits from signing key cleanup (#1619, @sethvargo)
Garbage collection of references to deleted signing keys. (#1616, @mikehelmick)
I8n strings for bulk-issue (#1509, @whaught)
Log URLs and response codes in appsync errors, increase max size to 64kb (#1545, @sethvargo)
Move associated site data responses into api package (#1577, @sethvargo)
Move e2e client into internal/ (#1578, @sethvargo)
New tables for storing key-server statistics (#1599, @whaught)
Not-found and invalid for malformed realm_id in jw...

Assets 2

09 Jan 16:46

sethvargo

v0.19.2

50ac860

v0.19.2

Changes since v0.19.1

App-sync service

Log URLs and response codes in appsync errors, increase max size to 64kb (#1545, @sethvargo)
Remove leading slash in clients (#1547, @sethvargo)

Database migrations

Drop foreignkey constraints if they already exist before creating (#1534, @sethvargo)
Drop optional calculation of Daily Active Users (#1544, @sethvargo)

Monitoring, logging, and alerting

Retry database pings in health checks (#1537, @sethvargo)
Simplified alerting configuration to accommodate low-traffic services (#1535, @yuriatgoogle)

Bulk upload

Correct padding (#1541, @whaught)
Use outer padding for bulk-uploader client (#1542, @whaught)

Misc

Display test coverage displayed on presubmit (#1540, @mikehelmick)