Skip to content

Commit

Permalink
Merge pull request #2728 from wireapp/release_2022-09-27_13_14
Browse files Browse the repository at this point in the history
Release 2022-09-27 - (expected chart version 4.24.0)
  • Loading branch information
supersven authored Sep 27, 2022
2 parents 3d8fb69 + d31ab52 commit b0b3f1c
Show file tree
Hide file tree
Showing 359 changed files with 8,568 additions and 6,464 deletions.
3 changes: 1 addition & 2 deletions .github/pull_request_template.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
## Checklist

- [ ] Add a new entry in an appropriate subdirectory of `changelog.d`
- [ ] Read and follow the
[PR guidelines](https://github.com/wireapp/wire-server/blob/develop/docs/developer/pr-guidelines.md)
- [ ] Read and follow the [PR guidelines](https://docs.wire.com/developer/developer/pr-guidelines.html)
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -116,3 +116,6 @@ result-*

# emacs misc
.dir-locals.el

/integration-ca-key.pem
/integration-ca.pem
7 changes: 6 additions & 1 deletion .hlint.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,13 @@
# Left for the programmer to decide. See discussion at https://github.com/wireapp/wire-server/pull/2382#discussion_r871194424
- ignore: { name: Avoid lambda }
- ignore: { name: Avoid lambda using `infix` }

- ignore: { name: Eta reduce }
- ignore: { name: Use section }
- ignore: { name: Use underscore }

# custom rules:
- hint: { lhs: (() <$), rhs: void }
- hint: { lhs: return, rhs: pure }
## We want the latter to properly handle signals.
- error: { name: Use shutdown, lhs: runSettings, rhs: runSettingsWithShutdown }
- ignore: { name: Use shutdown, within: [Network.Wai.Utilities.Server, Federator.Response] }
113 changes: 113 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,116 @@
# [2022-09-27] (Chart Release 4.24.0)

## Release notes


* For users of the (currently alpha) coturn Helm chart, **manual action is
required** when upgrading to this version. The labels applied to the Kubernetes
manifests in this chart have changed, in order to match the conventions used
in the wire-server charts. However, this may mean that upgrading with Helm can
fail, due to changes to the `StatefulSet` included in this chart -- in this
case, the `StatefulSet` must be deleted before the chart is upgraded. (#2677)

* wire-server helm charts: Adjust default CPU/Memory resources: Remove CPU limits to avoid CPU throttling; adjust request CPU and memory based on observed values. Overall this decreases the amount of CPU/memory that the wire-server chart needs to install/schedule pods. (#2675)

* Upgrade team-settings version to 4.12.1-v0.31.5-0-0167ea4 (#2180)

* Upgrade webapp version to 2022-09-20-production.0-v0.31.2-0-7f74074 (#2302)


## API changes


* Add new endpoint `/mls/commit-bundles` for submitting MLS `CommitBundle`s. A `CommitBundle` is a triple consisting of a commit message, an optional welcome message and a public group state. (#2688)

* MLS: Store and expose group info via `GET /conversations/:domain/:id/groupinfo` (#2721)

* Add /mls/public-keys to nginz chart (#2676)

* Users being kicked out results in member-leave events originating from the user who caused the change in the conversation (#2724)

* Leaving an MLS conversation is now possible using the regular endpoint `DELETE /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}`. When a user leaves, the backend sends external remove proposals for all their clients in the corresponding MLS group. (#2667)

* Validate remotely claimed key packages (#2692)


## Features


* The coturn chart now has support for exposing its metric endpoint with a
ServiceMonitor, which can be ingested by third-party metrics collection tools. (#2677)

* Deleting clients creates MLS remove proposals (#2674)

* External remove proposals are now sent to a group when a user is deleted (#2650)

* Allow non-admins to commit add proposals in MLS conversations (#2691)

* Optionally add invitation urls to the body of `/teams/{tid}/invitations`. This allows further processing; e.g. to send those links with custom emails or distribute them as QR codes. See [docs](https://docs.wire.com/developer/reference/config-options.html#expose-invitation-urls-to-team-admin) for details and privacy implications. (#2684)


## Bug fixes and other updates


* SCIM user deletion suffered from a couple of race conditions. The user in now first deleted in spar, because this process depends on data from brig. Then, the user is deleted in brig. If any error occurs, the SCIM deletion request can be made again. This change depends on brig being completely deployed before using the SCIM deletion endpoint in brig. In the unlikely event of using SCIM deletion during the deployment, these requests can be retried (in case of error). (#2637)

* The 2nd factor password challenge team feature is disabled for SSO users (#2693)

* Less surprising handling of SIGINT, SIGTERM for proxy, stern. Increase grace period for shutdown from 5s to 30s for all services. (#2715)


## Documentation


* Drop Client model (unused) from old swagger.
Add a description and example data for mls_public_keys field in new swagger. (#2657)

* Document user deactivation (aka suspension) with SCIM. (#2720)

* Monitoring page showed wrong wrong configuration charts. Updated prometheus-operator to kube-prometheus-stack chart in the documentation. (#2708)


## Internal changes


* Make client deletion asynchronous (#2669)

* Allow external add proposals without previously uploading key packages. (#2661)

* Allow legalhold tokens access to `/converations/<uuid>` endpoint (#2682, #2726)

* Move Brig.Sem.* modules to Brig.Effects (consistency) (#2672)

* The labels applied to resources in the coturn chart have been changed to
reflect the conventions in the wire-server charts. (#2677)

* Drop the `managed` column from `team_conv` table in Galley (#2127)

* Fix link in PR template (#2673)

* In Gundeck's 'notifications' cassandra table, switch to [TWCS](https://cassandra.apache.org/doc/latest/cassandra/operating/compaction/twcs.html) compaction strategy, which should be more efficient for this workload, and possibly bring performance benefits to latencies.
It may be beneficial to run a manual compaction before rolling out this
change (but things should also work without this manual operation).
In case you have time, run the following from a cassandra machine before deploying this update: `nodetool compact gundeck notifications`. (#2615)

* Add regular expression support to libzauth ACL language (#2714)

* Make test API calls point to the most recent version by default (#2695)

* Clients and key package refs in an MLS conversation are now stored in their own table. (#2667)

* Refactor MLS test framework (#2678)

* Update mls-test-cli to version 0.5 (#2685)

* Added rusty-jwt-tools to docker images (#2686)

* The account API is now migrated to servant. (#2699, #2700, #2701, #2702, #2703, #2704, #2705, #2707)

* Update nginz and cannon ACLs to match api-versioned paths (#2725)

* For wire-server cloud, on kubernetes 1.21+, favour topology-aware routing, which reduces unnecessary inter-availability-zone traffic, reducing latency and cloud provider cross-AZ traffic costs. (#2723)


# [2022-09-01] (Chart Release 4.23.0)

## Release notes
Expand Down
25 changes: 25 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,31 @@ cabal-fmt:
ghcid:
ghcid -l=hlint --command "cabal repl $(target)"

.PHONY: hlint-check-all
hlint-check-all:
./tools/hlint.sh -f all -m check

.PHONY: hlint-check-pr
hlint-check-pr:
./tools/hlint.sh -f pr -m check

.PHONY: hlint-inplace-pr
hlint-inplace-pr:
./tools/hlint.sh -f pr -m inplace


.PHONY: hlint-inplace-all
hlint-inplace-all:
./tools/hlint.sh -f all -m inplace

.PHONY: hlint-check
hlint-check:
./tools/hlint.sh -f changeset -m check

.PHONY: hlint-inplace
hlint-inplace:
./tools/hlint.sh -f changeset -m inplace

# reset db using cabal
.PHONY: db-reset-package
db-reset-package: c
Expand Down
13 changes: 13 additions & 0 deletions build/ubuntu/Dockerfile.builder
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,22 @@ RUN cd /tmp && \

RUN cd /tmp/mls-test-cli && RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target x86_64-unknown-linux-gnu

FROM rust:1.63 as rusty-jwt-tools-builder

# compile rusty-jwt-tools
RUN cd /tmp && \
git clone https://github.com/wireapp/rusty-jwt-tools && \
cd rusty-jwt-tools && \
git checkout 6370cd556f03f6834d0b8043615ffaf0044ef1fa && \
git rev-parse HEAD

RUN cd /tmp/rusty-jwt-tools && cargo build --release --target x86_64-unknown-linux-gnu

FROM ${prebuilder}

COPY --from=mls-test-cli-builder /tmp/mls-test-cli/target/x86_64-unknown-linux-gnu/release/mls-test-cli /usr/bin/mls-test-cli
COPY --from=rusty-jwt-tools-builder /tmp/rusty-jwt-tools/target/x86_64-unknown-linux-gnu/release/librusty_jwt_tools.so /usr/lib
COPY --from=rusty-jwt-tools-builder /tmp/rusty-jwt-tools/target/x86_64-unknown-linux-gnu/release/librusty_jwt_tools_ffi.so /usr/lib

WORKDIR /

Expand Down
14 changes: 14 additions & 0 deletions build/ubuntu/Dockerfile.deps
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,25 @@ RUN cd /tmp && \

RUN cd /tmp/mls-test-cli && RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --target x86_64-unknown-linux-gnu

FROM rust:1.63 as rusty-jwt-tools-builder

# compile rusty-jwt-tools
RUN cd /tmp && \
git clone https://github.com/wireapp/rusty-jwt-tools && \
cd rusty-jwt-tools && \
git checkout 6370cd556f03f6834d0b8043615ffaf0044ef1fa && \
git rev-parse HEAD

RUN cd /tmp/rusty-jwt-tools && cargo build --release --target x86_64-unknown-linux-gnu


# Minimal dependencies for ubuntu-compiled, dynamically linked wire-server Haskell services
FROM ubuntu:20.04

COPY --from=cryptobox-builder /tmp/cryptobox-c/target/release/libcryptobox.so /usr/lib
COPY --from=mls-test-cli-builder /tmp/mls-test-cli/target/x86_64-unknown-linux-gnu/release/mls-test-cli /usr/bin/mls-test-cli
COPY --from=rusty-jwt-tools-builder /tmp/rusty-jwt-tools/target/x86_64-unknown-linux-gnu/release/librusty_jwt_tools.so /usr/lib
COPY --from=rusty-jwt-tools-builder /tmp/rusty-jwt-tools/target/x86_64-unknown-linux-gnu/release/librusty_jwt_tools_ffi.so /usr/lib

RUN export DEBIAN_FRONTEND=noninteractive && \
apt-get update && \
Expand Down
6 changes: 6 additions & 0 deletions cabal.project
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,12 @@ source-repository-package
location: https://gitlab.com/twittner/wai-routing
tag: 7e996a93fec5901767f845a50316b3c18e51a61d

source-repository-package
type: git
location: https://github.com/wireapp/tasty.git
tag: 394943c7672e5ad269e5587528b7678caf3b0720
subdir: hunit

allow-older: *
allow-newer: *

Expand Down
42 changes: 32 additions & 10 deletions cassandra-schema.cql
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@ CREATE TABLE galley_test.meta (
CREATE TABLE galley_test.team_conv (
team uuid,
conv uuid,
managed boolean,
PRIMARY KEY (team, conv)
) WITH CLUSTERING ORDER BY (conv ASC)
AND bloom_filter_fp_chance = 0.1
Expand Down Expand Up @@ -129,6 +128,7 @@ CREATE TABLE galley_test.team_features (
app_lock_status int,
conference_calling int,
digital_signatures int,
expose_invitation_urls_to_team_admin int,
file_sharing int,
file_sharing_lock_status int,
guest_links_lock_status int,
Expand Down Expand Up @@ -169,7 +169,6 @@ CREATE TABLE galley_test.member (
conversation_role text,
hidden boolean,
hidden_ref text,
mls_clients set<text>,
otr_archived boolean,
otr_archived_ref text,
otr_muted boolean,
Expand Down Expand Up @@ -263,7 +262,6 @@ CREATE TABLE galley_test.member_remote_user (
user_remote_domain text,
user_remote_id uuid,
conversation_role text,
mls_clients set<text>,
PRIMARY KEY (conv, user_remote_domain, user_remote_id)
) WITH CLUSTERING ORDER BY (user_remote_domain ASC, user_remote_id ASC)
AND bloom_filter_fp_chance = 0.1
Expand Down Expand Up @@ -366,15 +364,18 @@ CREATE TABLE galley_test.group_id_conv_id (
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE galley_test.user (
user uuid,
CREATE TABLE galley_test.member_client (
conv uuid,
PRIMARY KEY (user, conv)
) WITH CLUSTERING ORDER BY (conv ASC)
AND bloom_filter_fp_chance = 0.1
user_domain text,
user uuid,
client text,
key_package_ref blob,
PRIMARY KEY (conv, user_domain, user, client)
) WITH CLUSTERING ORDER BY (user_domain ASC, user ASC, client ASC)
AND bloom_filter_fp_chance = 0.01
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
AND compaction = {'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy'}
AND compaction = {'class': 'org.apache.cassandra.db.compaction.SizeTieredCompactionStrategy', 'max_threshold': '32', 'min_threshold': '4'}
AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
AND crc_check_chance = 1.0
AND dclocal_read_repair_chance = 0.1
Expand Down Expand Up @@ -460,6 +461,7 @@ CREATE TABLE galley_test.conversation (
message_timer bigint,
name text,
protocol int,
public_group_state blob,
receipt_mode int,
team uuid,
type int
Expand Down Expand Up @@ -566,6 +568,26 @@ CREATE TABLE galley_test.mls_proposal_refs (
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE TABLE galley_test.user (
user uuid,
conv uuid,
PRIMARY KEY (user, conv)
) WITH CLUSTERING ORDER BY (conv ASC)
AND bloom_filter_fp_chance = 0.1
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
AND compaction = {'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy'}
AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
AND crc_check_chance = 1.0
AND dclocal_read_repair_chance = 0.1
AND default_time_to_live = 0
AND gc_grace_seconds = 864000
AND max_index_interval = 2048
AND memtable_flush_period_in_ms = 0
AND min_index_interval = 128
AND read_repair_chance = 0.0
AND speculative_retry = '99PERCENTILE';

CREATE KEYSPACE gundeck_test WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'} AND durable_writes = true;

CREATE TABLE gundeck_test.push (
Expand Down Expand Up @@ -602,7 +624,7 @@ CREATE TABLE gundeck_test.notifications (
AND bloom_filter_fp_chance = 0.1
AND caching = {'keys': 'ALL', 'rows_per_partition': 'NONE'}
AND comment = ''
AND compaction = {'class': 'org.apache.cassandra.db.compaction.LeveledCompactionStrategy', 'tombstone_threshold': '0.1'}
AND compaction = {'class': 'org.apache.cassandra.db.compaction.TimeWindowCompactionStrategy', 'compaction_window_size': '1', 'compaction_window_unit': 'DAYS', 'max_threshold': '32', 'min_threshold': '4'}
AND compression = {'chunk_length_in_kb': '64', 'class': 'org.apache.cassandra.io.compress.LZ4Compressor'}
AND crc_check_chance = 1.0
AND dclocal_read_repair_chance = 0.1
Expand Down
2 changes: 2 additions & 0 deletions charts/backoffice/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
service.kubernetes.io/topology-aware-hints: auto
spec:
type: ClusterIP
ports:
Expand Down
7 changes: 3 additions & 4 deletions charts/backoffice/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,10 @@ service:
externalPort: 8080
resources:
requests:
memory: 128Mi
cpu: 125m
memory: 20Mi
cpu: 30m
limits:
memory: 512Mi
cpu: 500m
memory: 50Mi
config:
logLevel: Info
galebHost: galeb.integrations
Expand Down
2 changes: 2 additions & 0 deletions charts/brig/templates/service.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ metadata:
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
annotations:
service.kubernetes.io/topology-aware-hints: auto
spec:
type: ClusterIP
ports:
Expand Down
3 changes: 1 addition & 2 deletions charts/brig/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,10 @@ service:
internalPort: 8080
resources:
requests:
memory: "256Mi"
memory: "200Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
metrics:
serviceMonitor:
enable: false
Expand Down
Loading

0 comments on commit b0b3f1c

Please sign in to comment.