Merge pull request #2551 from wireapp/release_2022-07-12_07_51

Release 2022-07-12 - (expected chart version 4.19.0)

CHANGELOG.md

@@ -1,3 +1,49 @@
+# [2022-07-12] (Chart Release 4.19.0)
+
+## Release notes
+
+
+* Deploy spar before galley (#2543)
+
+* Upgrade team-settings version to 4.11.0-v0.31.1-0-9e64150 (#2180)
+
+
+## API changes
+
+
+* Restore PUT /v2/connections endpoint (#2539)
+
+
+## Features
+
+
+* 2nd factor authentication code generation is rate limited now (#2522)
+
+* The team member CSV export now fills `created_on` for SCIM users (#2543)
+
+
+## Internal changes
+
+
+* Add Helm chart for inbucket. Inbucket is a SMTP server that does not relay, but instead display received mail in a webapp and make them accessible via an API. (#2544)
+
+* Bump saml2-web-sso (#2545, #2546)
+
+* use checkedConnectCluster to avoid dropping requests to Redis when Gundeck reconnects to the Redis cluster (#2542)
+
+* Do not log polysemy errors in Galley (#2531)
+
+* Remove old crypto-cli tool from the ubuntu image (#2538)
+
+
+## Federation changes
+
+
+* Added new-remote-conversation RPC, used to notify a backend of a remote conversation the first time any user from that backend is added to it. (#2378)
+
+* Added federation endpoint `send-mls-message` used to send messages to remote converesations (#2378)
+
+
 # [2022-07-05] (Chart Release 4.18.0)
 
 ## Release notes

Makefile

@@ -13,7 +13,7 @@ CHARTS_INTEGRATION    := wire-server databases-ephemeral redis-cluster fake-aws
 # (e.g. move charts/brig to charts/wire-server/brig)
 # this list could be generated from the folder names under ./charts/ like so:
 # CHARTS_RELEASE := $(shell find charts/ -maxdepth 1 -type d | xargs -n 1 basename | grep -v charts)
-CHARTS_RELEASE        := wire-server redis-ephemeral redis-cluster databases-ephemeral fake-aws fake-aws-s3 fake-aws-sqs aws-ingress  fluent-bit kibana backoffice calling-test demo-smtp elasticsearch-curator elasticsearch-external elasticsearch-ephemeral minio-external cassandra-external nginx-ingress-controller nginx-ingress-services reaper wire-server-metrics sftd restund coturn
+CHARTS_RELEASE        := wire-server redis-ephemeral redis-cluster databases-ephemeral fake-aws fake-aws-s3 fake-aws-sqs aws-ingress  fluent-bit kibana backoffice calling-test demo-smtp elasticsearch-curator elasticsearch-external elasticsearch-ephemeral minio-external cassandra-external nginx-ingress-controller nginx-ingress-services reaper wire-server-metrics sftd restund coturn inbucket
 BUILDAH_PUSH          ?= 0
 KIND_CLUSTER_NAME     := wire-server
 BUILDAH_KIND_LOAD     ?= 1
@@ -409,6 +409,10 @@ charts-integration: $(foreach chartName,$(CHARTS_INTEGRATION),chart-$(chartName)
 charts-serve: charts-integration
 	./hack/bin/serve-charts.sh $(CHARTS_INTEGRATION)
 
+.PHONY: charts-serve-all
+charts-serve-all: $(foreach chartName,$(CHARTS_RELEASE),chart-$(chartName))
+	./hack/bin/serve-charts.sh $(CHARTS_RELEASE)
+
 # Usecase for this make target:
 # 1. for releases of helm charts
 # 2. for testing helm charts more generally

build/ubuntu/Dockerfile.deps

@@ -10,14 +10,6 @@ RUN export DEBIAN_FRONTEND=noninteractive && \
     export SODIUM_USE_PKG_CONFIG=1 && \
     cargo build --release
 
-# FUTUREWORK: remove core-crypto once #2508 is merged
-# compile legacy core-crypto cli tool
-RUN cd /tmp && \
-  apt-get install -y libssl-dev && \
-  git clone -b cli https://github.com/wireapp/core-crypto && \
-  cd core-crypto/cli && \
-  cargo build --release
-
 # compile mls-test-cli tool
 RUN cd /tmp && \
   git clone https://github.com/wireapp/mls-test-cli && \
@@ -29,9 +21,8 @@ FROM ubuntu:20.04
 
 COPY --from=cryptobox-builder /tmp/cryptobox-c/target/release/libcryptobox.so /usr/lib
 
-# FUTUREWORK: only copy crypto-cli and mls-test-cli executables if we are building an
+# FUTUREWORK: only copy mls-test-cli executables if we are building an
 # integration test image
-COPY --from=cryptobox-builder /tmp/core-crypto/cli/target/release/crypto-cli /usr/bin
 COPY --from=cryptobox-builder /tmp/mls-test-cli/target/release/mls-test-cli /usr/bin
 
 RUN export DEBIAN_FRONTEND=noninteractive && \

cabal.project

@@ -142,7 +142,7 @@ source-repository-package
 source-repository-package
     type: git
     location: https://github.com/wireapp/saml2-web-sso
-    tag: 4227e38be5c0810012dc472fc6931f6087fbce68
+    tag: 74371cd775cb98d6cf85f6e182244a3c4fd48702
 
 source-repository-package
     type: git

cassandra-schema.cql

@@ -1214,6 +1214,27 @@ CREATE TABLE brig_test.user (
     AND read_repair_chance = 0.0
     AND speculative_retry = '99PERCENTILE';
 
+CREATE TABLE brig_test.vcodes_throttle (
+    key ascii,
+    scope int,
+    initial_delay int,
+    PRIMARY KEY (key, scope)
+) WITH CLUSTERING ORDER BY (scope ASC)
+    AND bloom_filter_fp_chance = 0.01
+    AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
+    AND comment = ''
+    AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
+    AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
+    AND crc_check_chance = 1.0
+    AND dclocal_read_repair_chance = 0.1
+    AND default_time_to_live = 0
+    AND gc_grace_seconds = 864000
+    AND max_index_interval = 2048
+    AND memtable_flush_period_in_ms = 0
+    AND min_index_interval = 128
+    AND read_repair_chance = 0.0
+    AND speculative_retry = '99PERCENTILE';
+
 CREATE TABLE brig_test.properties (
     user uuid,
     key ascii,

charts/brig/templates/configmap.yaml

@@ -282,5 +282,8 @@ data:
       {{- if .setCustomerExtensions }}
       setCustomerExtensions: {{ toYaml .setCustomerExtensions | nindent 8 }}
       {{- end }}
+      {{- if .set2FACodeGenerationDelaySecs }}
+      set2FACodeGenerationDelaySecs: {{ .set2FACodeGenerationDelaySecs }}
+      {{- end }}
     {{- end }}
   {{- end }}

charts/brig/templates/tests/configmap.yaml

@@ -69,6 +69,10 @@ data:
         host: cargohold.{{ .Release.Namespace }}-fed2.svc.cluster.local
         port: 8080
 
+      cannon:
+        host: cannon.{{ .Release.Namespace }}-fed2.svc.cluster.local
+        port: 8080
+
       # TODO remove this
       federator:
         host: federator.{{ .Release.Namespace }}-fed2.svc.cluster.local

charts/brig/values.yaml

@@ -84,6 +84,7 @@ config:
     # setCustomerExtensions:
     #   domainsBlockedForRegistration:
     #   - example.com
+    set2FACodeGenerationDelaySecs: 300 # 5 minutes
   smtp:
     passwordFile: /etc/wire/brig/secrets/smtp-password.txt
   proxy: {}

charts/inbucket/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+name: inbucket
+version: 0.0.42
+description: Inbucket is an email testing application; it will accept messages for any email address and make them available to view via a web interface.
+home: https://www.inbucket.org/
+sources:
+  - https://github.com/inbucket/inbucket
+  - https://artifacthub.io/packages/helm/inbucket/inbucket
+  - https://hub.docker.com/r/inbucket/inbucket
+appVersion: 3.0.0

charts/inbucket/README.md

@@ -0,0 +1,10 @@
+# Inbucket chart
+
+[*Inbucket*](https://www.inbucket.org/) is a fake SMTP server that provides all
+captured eMails via a webapp and a REST API. At *Wire* it is used in testing
+environments to not have to deal with concrete SMTP server configurations.
+Especially, it saves us to care about topics like *SPAM filters* and *server
+grey & black listing*.
+
+This chart exists to adjust the [`inbucket/inbucket`
+chart](https://artifacthub.io/packages/helm/inbucket/inbucket) to our needs.

charts/inbucket/requirements.yaml

@@ -0,0 +1,4 @@
+dependencies:
+- name: inbucket
+  version: 2.0.1
+  repository: https://inbucket.github.io/inbucket-community

charts/inbucket/templates/ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: "inbucket"
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "inbucket.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    helm.sh/chart: {{ include "inbucket.chart" . }}
+spec:
+  rules:
+    - host: {{ required "must specify host" .Values.host | quote }}
+      http:
+        paths:
+          - path: /
+            backend:
+                serviceName: {{ include "inbucket.fullname" . }}
+                servicePort: http

charts/inbucket/values.yaml

@@ -0,0 +1,13 @@
+# Fully qualified domain name (FQDN) of the domain where to serve inbucket.
+# E.g. 'inbucket.my-test-env.wire.link'
+host:
+
+# Configure the inbucket "parent" chart
+inbucket:
+  image:
+    tag: 3.0.2
+
+  extraEnv:
+    INBUCKET_WEB_GREETINGFILE: "/config/greeting.html"
+    INBUCKET_MAILBOXNAMING: full
+    INBUCKET_STORAGE_RETENTIONPERIOD: "72h"

charts/team-settings/values.yaml

@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/team-settings
-  tag: "4.10.0-v0.29.7-0-3be8ca3"
+  tag: "4.11.0-v0.31.1-0-9e64150"
 service:
   https:
     externalPort: 443