A transparent, highly scalable and cryptographically verifiable data store.
Added docs which describe the Claimant Model of transparency, a useful framework for reasoning about the design and architecture of transparent systems.
New database-integration tests, #1740 have identified and help resolve inconsistencies and missing features between the various storage implementations.
QueueLeaves
has been removed from the LogTreeTX
interface because
QueueLeaves
is not transactionaal. All callers use the
QueueLeaves
function in the LogStorage
interface.AddSequencedLeaves
has been removed from the LogTreeTX
for the same reason.mysql will now remove leaves from the queue inside of UpdateLeaves
rather than directly inside of Dequeue
.
This change brings the behavior of the mysql storage implementation into line with the spanner implementation
and makes consistent testing possible.
See all changes
The HTTP/JSON APIs have been removed in favor of a pure gRPC intereface. grpcurl is the recommended way of interacting with the gRPC API from the commandline.
The trillian_log_server
, trillian_log_signer
and trillian_map_server
binaries have moved from github.com/google/trillian/server/
to
github.com/google/trillian/cmd
. A subset of the server
package has also
moved and has been split into cmd/internal/serverutil
, quota/etcd
and
quota/mysqlqm
packages.
the kubernetes configs will now provision 5 nodes for trillian's etcd cluster, instead of 3 nodes. this makes the etcd cluster more resilient to nodes becoming temporarily unavailable, such as during updates (it can now tolerate 2 nodes being unavailable, instead of just 1).
A count of the total number of individual leaves the logserver attempts to fetch via the GetEntries.* API methods has been added.
A potential deadlock condition in the log sequencer when the process is attempting to exit has been addressed.
An experimental Redis-based quota.Manager
implementation has been added.
Quota used to be refunded for all failed requests. For uses of quota that were
to protect against abuse or fair utilization, this could allow infinite QPS in
situations that really should have the requests throttled. Refunds are now only
performed for tokens in Global
buckets, which prevents tokens being leaked if
duplicate leaves are queued.
The licenses
tool has been moved from "scripts/licenses" to a dedicated
repository.
Python support is disabled unless we hear that the community cares about this being re-enabled. This was broken by a downstream change and without a signal from the Trillian community to say this is needed, the pragmatic action is to not spend time investigating this issue.
Invalid release. Do not use
Patch release to address Go Module issue. Removes replace directives in our go.mod file now that our dependencies have fixed their invalid pseudo-version issues.
Patch release to address Go Module issue. Some dependencies use invalid pseudo- versions in their go.mod files that Go 1.13 rejects. We've added replace directives to our go.mod file to fix these invalid pseudo-versions.