Release 2024-12-30 - (expected chart version 5.9.0) #4393
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implements "temporary" queues for listening to events not bound to a specific client, meant to be used by team management or similar services. When GET /events is called without a client_id parameter, we create a new temporary queue and bind it to the user-notifications exchange with routing keys <user-id> and <user-id>.temporary. When a notification is published to RabbitMQ to all clients of a user, nothing changes, and <user-id> is used as its routing key. When it is published to a list of clients, it is now also published with routing key <user-id>.temporary. Each notifications is only published once with the <user-id>.temporary routing key even if the user has multiple capable clients. When the websocket is closed, the temporary queue is deleted. --------- Co-authored-by: Sven Tennie <[email protected]>
…ple endpoints (#4364) - new DB table - internal endpoints in brig - new optional config for audit mail recipients - backoffice/stern support
Co-authored-by: Akshay Mankar <[email protected]> Co-authored-by: Matthias Fischmann <[email protected]> Co-authored-by: Sven Tennie <[email protected]>
Master->Develop after release
* services/wire-server-enterprise: Introduce * GHA: Use special token to checkout so private submodules can be pulled * services/wire-server-enterprise: Use https URL for submodule * cabal.project: Add wire-server-enterprise service * Update wire-server-enterprise submodule * Add internal endpoint for enterprise It defines only /status. * Follow feature branch * docs: Describe the Git repo URL rewriting hack * Add `wire-server-enterprise` to `integration` No tests so far, however we can start the service this way (`make cr`.) * Add changelog entry This should be improved / added to while we grow this feature. * Use latest version of actions/checkout We use this to clone wire-server for checking docs. * CI: Try different auth token Debugging... * Hi CI * Hi CI * Upgrade wire-server-enterprise * Install wire-server-enterprise for integration tests This may not work due to missing registry pull secrets. We'll see... * Provide wire-server-enterprise config to integration * Set image chart version for wire-server-enterprise * Take image pull secret from env variable Secrets won't work as they are scoped to the namespace. * Document usage of ENTERPRISE_IMAGE_PULL_SECRET * `integration` needs service binary * Mention that wire-server-enterprise is required to build wire-server * Let submodule point to main Feature branch has been merged. * More changelog --------- Co-authored-by: Matthias Fischmann <[email protected]>
…v1 after running tests (#4374) This ensures that the queues don't accumulate in the statically deployed instances over time. https://wearezeta.atlassian.net/browse/WPB-11810 Co-authored-by: Akshay Mankar <[email protected]>
…ates a new team (#4380)
* Format submodule with existing Ormolu script The wrapper calls the renamed old script to also format the wire-server-enterprise submodule. * Add changelog * Upgrade wire-server-enterprise submodule To fix formatting issues.
* gundeck: Allow temporary recipients to receive events even when the user doesn't have any regular RabbitMQ clients * integration: Add test to ensure temp notif queues are deleted Also: - Extract function to create RabbitMQAdminClient for a backend resource - Extract function to runDynamicBackends returning the BackendResources instead of returning just the domains. * cannon: Use exclusive auto-delete queues for temp clients Also: * Use Data.Unique.Unqiue to keep track of channels instead of (ByteString, ByteString) because it is way less fuss to generate the Unqiue and it doesn't really need to be (UserId, ClientId) tuple. This also removes polymorphism for the RabbitMqPool type. * Log conneciton close while draining at Debug level instead of Info * integration: Make tests less flaky by expecting races The race in these tests is between the RabbitMQ exchange doing the fanout for previous events and the test creating a temporary queue.
Co-authored-by: Sven Tennie <[email protected]>
* Add line breaks in code. * Translate one more test (that was skipped from all runs before). * Aesthetic surgery. --------- Co-authored-by: Sven Tennie <[email protected]>
Also, remove hard-coded default cipher suite in key-package related endpoints by requiring the query parameter.
…port (#4388) `ss` prints other processes, but it is not clear why. Using lsof seems to work better. Also: don't ignore exceptions when stopping dynamic backends.
echoes-hq
bot
added
echoes: technical-roadmap/security
zebot
added
the
ok-to-test
fisx
approved these changes
Dec 30, 2024
fisx
force-pushed
the
release_2024-12-30_08_50
branch
from
cbe4798 to
f2732f9
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2024-12-30] (Chart Release 5.9.0)
Release notes
POST /scim/auth-token request body allows you to choose an IdP UUID to associate with. If none is given, do not associate.
WARNING: the new behavior differs from the old one when first creating a unique SAML IdP and then the SCIM token: before this release, this request would associate the two, now it doesn't. (WPB-689 Remove the restriction that SCIM allows at most one IdP #4349)
We changed the default MLS cipher suite from
to
and the allowed MLS cipher suites from only
to only
ATTENTION: This breaks your MLS clients if they used the previous defaults before. This is even true if you allow several cipher suites, since current MLS clients only support one cipher suite at a time.
Adjust the defaults in the server configuration to switch the values of
defaultCipherSuiteandallowedCipherSuitesback to the previous defaults,1and[1], respectively. Once MLS clients support several cipher suites, you could even use[1,2]or a list of other cipher suites inallowedCipherSuites. Make sure that this list contains the currently used cipher suite! (switch default ciphersuite to 2 #4373)This release contains a new Git submodule:
wire-server-enterprise. This module represents a service which contains all non-open-source features. Wire can still be deployed and run without this service. Building it withoutwire-server-enterpriseis currently not documented, but Wire will keep providing the artefacts.The service can be deployed with a dedicated Helm chart (
charts/wire-server-enterprise.) The required service image is not freely available (the registry is password protected.) ([WPB-14285] wire-server-enterprise as a service #4357)API changes
client_idquery parameter of theGET /eventsendpoint is now optional. When not provided, events are returned from a temporary queue that's not bound to any specific client. The queue is deleted when the websocket disconnects. (RabbitMQ temporary clients #4360)Features
You can now create both multiple SCIM peers and multiple SAML IdPs, and freely associate them with each other (team management app implementation pending). (WPB-689 Remove the restriction that SCIM allows at most one IdP #4349)
Internal API and backoffice support for managing email domains for enterprise login (WPB-14306 [enterprise login] Implement common prerequisites for multiple endpoints #4364)
Bug fixes and other updates
Fix
gzip filter failed to use preallocated memoryalerts in nginz by upgrading (bump nixpkgs #4365)Send team active event in personal user to team flow (WPB-15072 team activated is not sent to ibis when a personal user creates a new team #4380)
Add profile name to new team owner welcome mail (Add profile name to new team owner welcome mail #4378)
Internal changes
Delete federation V0 and V1 queues after integration tests (WPB-11810 Delete federation queues in CI #4374)
Stabilize
index migrationtests by fixing a race on index names. ([WPB-15037] fix flaky test migration to new index #4382)Adjust the existing Ormolu script to format the wire-server-enterprise submodule
as well. (Format submodule with existing Ormolu script #4377)
Revive and translate old integration test ([WPB-15151] translate legalhold tests, part 3. #4387, [WPB-15151] eliminate legahold test redundancy #4386)
Translate integration test to new suite. ([WPB-15151] Fix flaky test #4384)