🇪🇺 Wire back-end services
wire-server helm charts using Ingress resources are now compatible with kubernetes versions 1.22, 1.23 and 1.24 (but remain compatible with older versions of kubernetes).
If you upgrade to this version of helm charts and/or you upgrade your version of kubernetes while wire-server is deployed, you may find that helm update
or helmfile apply/sync
gives an error like this:
Error: UPGRADE FAILED: current release manifest contains removed kubernetes api(s) for this kubernetes version and it is therefore unable to build the kubernetes objects for performing the diff. error from kubernetes: unable to recognize "": no matches for kind "Ingress" in version "extensions/v1beta1" In which case you can use the helm mapkubeapis plugin to upgrade an existing release with the following command:
# install plugin version 0.1.0 (more recent may not work)
helm plugin install --version v0.1.0 https://github.com/helm/helm-mapkubeapis
# adjust helm release name and namespace as required
helm mapkubeapis --namespace wire nginx-ingress-services
Alternatively, if a few minutes of downtime are not a problem; you can helm delete
a release and re-install it again, which will work without the above plugin. (#3002)
Upgrade team-settings version to 4.14.0-v0.31.9-0-bf82b46 (#2180)
Upgrade webapp version to 2023-01-24-production.0-v0.31.9-0-17b742f (#2302)
GET /conversations/:id
endpoint has been removed from API v3, and is restored to the previous behaviour of returning a Conversation using the v2 schema. Similarly, its qualified counterpart GET /conversations/:domain/:id
now returns a v2 Conversation when accessed through API v2. (#2992)Fix pagination in team user search (make search key unique) (#2968)
Update inbucket
(fake smtp server) chart dependency: The prior version relied on an image that has been removed from docker hub. Thus, our own inbucket
chart could not be deployed anymore. (#2998)
Add sphinx-copybutton plugin to make copying snippets of code from docs.wire.com easier. (#2900)
Hook federated API call documentation into docs.wire.com (manually). (#2988)
Tool for dumping fed call graphs (dot/graphviz and csv); see README for details (#2973)
Add Helm chart to configure clusters managed by k8ssandra-operator for test environments. (#2981)
Fix kind setup for running end-to-end federation tests locally. (#3008)
Fix Makefile target kind-restart-all. (#3015)
Add combinators for creating mocked federator responses in integration tests (#3014)
Add two integration tests arounds last prekeys (#2694)
Fix make clean
(#2965, #2978)
Make ID tags more readable by expanding abbreviations to full names. (#2991)
Unused old swagger code removed from stern and team features (#3017)
Refactor Writetime from Int64 to wrapper of UTCTime (#2994)
Restructure docs.wire.com (#2986)
Fixed flaky team user search integration test (#2996)
This realease migrates data from galley.member_client
to galley.mls_group_member_client
. When upgrading wire-server no manual steps are required. (#2859)
Upgrade webapp version to 2022-12-19-production.0-v0.31.9-0-6b2f2bf (#2302)
POST /conversations/list
and GET /conversations
have been removed. Use POST /conversations/list-ids
followed by POST /conversations/list
instead.PUT /conversations/:id/access
has been removed. Use its qualified counterpart instead.access_role_v2
in the Conversation
type, in the request body of POST /conversations
, and in the request body of PUT /conversations/:domain/:id/access
has been removed. Its content is now contained in the access_role
field instead. It replaces the legacy access role, previously contained in the access_role
field.Added a domain parameter to the typing indicator status update API (#2892)
Support MLS self-conversations via a new endpoint GET /conversations/mls-self
. This removes the PUT
counterpart introduced in #2730 (#2839)
List the MLS self-conversation automatically without needing to call GET /conversations/mls-self
first (#2856)
Fail early in galley when the MLS removal key is not configured (#2899)
Introduce a flag in brig to enable MLS explicitly. When this flag is set to false or absent, MLS functionality is completely disabled and all MLS endpoints fail immediately. (#2913)
Conversation events may have a "subconv" field for events that originate in a MLS subconversation (#2933)
GET /system/settings/unauthorized
returns a curated set of system settings from brig. The endpoint is reachable without authentication/authorization. It's meant to be used by apps to adjust their behavior (e.g. to show a registration dialog if registrations are enabled on the backend.) Currently, only the setRestrictUserCreation
flag is exported. Other options may be added in future (in consultation with the security department.) (#2903)
The coturn Helm chart now has a .tls.ciphers
option to allow setting
the cipher list for TLS connections, when TLS is enabled. By default,
this option is set to a cipher list which is compliant with BSI
TR-02102-2. (#2924)
Nginz helm chart: The list of upstreams is split into nginx_conf.upstreams
and
nginx_conf.extra_upstreams
. Extra upstreams are disabled by default. They can
be enabled by adding their name (entry's key) to
nginx_conf.enabled_extra_upstreams
. nginx_conf.ignored_upstreams
is only
applied to upstreams from nginx_conf.upstreams
. In the default configuration
of nginz
extra upstreams are ibis
, galeb
, calling-test
and proxy
. If one
of those is deployed, its name has be be added to
nginx_conf.enabled_extra_upstreams
(otherwise, it won't be reachable). Unless
nginx_conf.upstreams
hasn't been changed manually (overriding its default),
this should be the only needed migration step. (#2849)
A team member's role can now be provisioned via SCIM (#2851, #2855)
Team search endpoint now supports pagination (#2898, #2895)
Introduce optional disabledAPIVersions configuration setting (#2951)
Add more logs to SMTP mail sending. Ensure that logs are written before the application fails due to SMTP misconfiguration. (#2818)
Added typing indicator status propagation to federated environments (#2892)
Allow vhost style addressing for S3 as path style is not supported for newer buckets.
More info: https://aws.amazon.com/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/ (#2955)
Fix typo for Servicemonitor enable var in default values for helm charts. (#2896)
The parser for the AWS/SNS error message to explain that an endpoint is already in use was incorrect. This lead to an "invalid token" error when registering push tokens for multiple user accounts (user ids) instead of updating the SNS endpoint with an additional user id. (#2921)
Avoid client deletion edge case condition which can lead to inconsistent data between brig and galley's clients tables. (#2830)
Conversations inside events are now serialised using the format of API V2 (#2971)
Do not throw 500 when listing conversations and MLS is not configured (#2893)
Do not list MLS self-conversation in client API v1 and v2 if it exists (#2872)
Limit 2FA code retries to 3 attempts (#2960)
Fix bug in MLS user removal from conversation: the list of removed clients has to be compared with those in the conversation, not the list of all clients of that user (#2817)
Due to sftd
changing how configuration is handled for "multi-SFT" calling (starting with version 3.1.10), new options have been added to the sftd
Helm chart for compatibility with these newer versions. (#2886)
For sftd/coturn/restund, fixed a bug in external ip address lookup, in case Kubernetes Node Name doesn't equal hostname. (#2837)
Requesting a new token with the client_id now works correctly when the old token is part of the request (#2860)
Add extra section to the deeplink docs to explain the socks proxy support while login. (#2885)
Describe the auth cookie throttling mechanism. And overhaul the description of auth cookies in general. (#2941)
PR guidelines docs are updated with correct helm configuration syntax (#2889)
Log AWS / SNS invalid token responses. This is helpful for native push notification debugging purposes. (#2908)
Add tests for invitation urls in team invitation responses. These depend on the settings of galley. (#2797)
brig: Allow multiple threads to run simultaneously (#2972)
Remove support for compiling local docker images with buildah. Nix is used to build docker images these days (#2822)
Nix-created docker images: add some debugging tools in the containers, and add 'make build-image-
Added typeclasses to track uses of federated calls across the codebase. (#2940)
Split galley API routes and handler definitions into several modules (#2820)
Default intraListing to true. This means that the list of clients, so far saved in both brig's and galley's databases, will still be written to both, but only read from brig's database. This avoids cases where these two tables go out of sync. Brig becomes the source of truth for clients. In the future, if this holds, code and data for galley's clients table can be removed. (#2847)
Introduce the MakesFederatedCall
Servant combinator (#2950)
Bump nixpkgs to latest unstable. Stop using forked nixpkgs. (#2828)
Optimize memory usage while creating large conversations (#2970)
Reduce Polysemy-induced high memory requirements (#2947)
Brig calling API is now migrated to servant (#2815)
Fixed flaky feature TTL integration test (#2823)
Brig teams API is now migrated to servant (#2824)
Add 'inconsistencies' tool to check for, and repair certain kinds of data inconsistencies across different cassandra tables. (#2840)
Backoffice Swagger 2.x docs is exposed on /
and the old Swagger has been removed. Backoffice helm chart only runs stern without an extra nginx. (#2846)
Give proxy service a servant routing table for swagger (not for replacing wai-route; see comments in source code) (#2848)
Stern API endpoint GET ejpd-info
has now the correct HTTP method (#2850)
External commits: add additional checks (#2852)
Golden tests for conversation and feature config event schemas (#2861)
Add startup probe to brig helm chart. (#2878)
Track federated calls in types across the codebase. (#2940)
Update nix pins to point at polysemy-1.8.0.0 (#2949)
Add MakesFederatedCall combinators to Galley (#2957)
Fix make clean
; allow new data constructors in ToSchema Version
instance (#2965)
Refactor and simplify MLS message handling logic (#2844)
Remove cassandra queries to the user_keys_hash table, as they are never read anymore since 'onboarding' / auto-connect was removed in https://github.com/wireapp/wire-server/pull/1005 (#2902)
Replay external backend proposals after forwarding external commits. One column added to Galley's mls_proposal_refs. (#2842)
Remove an unused effect for remote conversation listing (#2954)
Introduce types for subconversations (#2925)
Use treefmt to ensure consistent formatting of .nix files, use for shellcheck too (#2831)
Honour MLS flag in brig's federation API (#2946)
Split the Proteus and MLS message sending requests into separate types. The MLS request now supports MLS subconversations. This is a federation API breaking change. (#2925)
Injects federated calls into the x-wire-makes-federated-calls-to
extension of the swagger Operations (#2950)
If you have not upgraded to release 2021-03-21 (Chart Release 2.103.0) yet, please do that now!
NB: we only support releases 6 months back, so this should not be an issue. But in this particular case we are positive that things will break if you don't do an intermediate upgrade. (#2768)
Build docker images using nix derivations instead of Dockerfiles (#2331, #2771, #2772, #2775, #2776)
Upgrade team-settings version to 4.13.0-v0.31.5-0-4754212 (#2180)
Upgrade webapp version to 2022-11-02-production.0-v0.31.9-0-337e400 (#2302)
The experimental wire-server-metrics helm chart has been removed.
These were mostly a wrapper around prometheus operator. It makes more sense to refer to the upstream docs of Prometheus Operator or Grafana Agent Operator for installation instead. (#2740)
Do not expose swagger-ui on prod systems (to minimize attack surface) (#2800)
Change mime type of body of /v3/mls/commit-bundles endpoint (#2773)
Stop rate-limiting asset-signed-url requests on /assets/.* (#2786)
The /access
endpoint now takes an optional client_id
query parameter. The first time it is provided, a new user token will be generated containing the given client ID. Successive invocations of /access
will ignore the client_id
parameter. Some endpoints can now potentially require a client ID as part of the access token. When trying to invoke them with an access token that does not contain a client ID, an authentication error will occur. (#2764)
Introduce support for external commits in MLS (#2765)
The GET /teams/{tid}/members
endpoint now supports pagination (#2802)
tentatively allow GET /api/event-notification-schemas
for json schemas of server-initiated events (missing pieces tracked in https://wearezeta.atlassian.net/browse/FS-1008) (#2739)
Fix copyright date on docs.wire.com (#2792)
Improve and cross-link documentation on SNS / push notifications. (#PR_NOT_FOUND)
Add extension sphinx-reredirects and configuration to generate simple JavaScript based redirects to new locations of previously inconsistently named files/URLs. (#2811)
Convert brig's auth endpoints to servant (#2750)
Remove deprecated table for storing scim external_ids.
Data has been migrated away in release 2021-03-21 (Chart Release 2.103.0) (see /services/spar/migrate-data/src/Spar/DataMigration/V1_ExternalIds.hs
); last time it has been touched in production is before upgrade to release 2021-03-23 (Chart Release 2.104.0). (#2768)
Refactor some internal Scim user tests (#2762)
Reduce the payload size of internal client.delete
event (#2807, #2816)
Bump servant-swagger-ui package. (#2747)
Increase charts/galley memory limit to 500M. (#2798)
Add RPC, ServiceRPC and GalleyProvider effects to brig (#2653)
Use locally build schema binaries for db migrations and execute them right before running integration tests. (#2791)
Rename the make targets from db-migrate-package
and db-reset-package
to db-migrate
and db-reset
and allow migrating and resetting all keyspaces. (#2791)
Add a Make target for ghci (#2749)
Upgrade nginz/nginx to 1.22.1 (#2777)
The dev environment provided by nix now contains all the haskell packages compiled by nix. This could casue linker errors while compiling haskell code in this repo. One way to get resolve them is to delete the 'dist-newstyle' directory. (#2331)
Implemented a new intersperse combinator for Polysemy (#2767)
Add a Concurrency effect for Polysemy (#2748)
Don't fail client deletion when mls remove key is undefined (#2738)
Migrate stern to swagger2-ui (remaining backwards compatible with circulating backoffice images) (see also #2742 from last release) (#2744)
Gundeck push token API and notification API is migrated to Servant (#2769)
Delete deploy/services-demo
directory (#2789)
Upgrade Servant to 0.19 (#2809)
Release notes
API changes
Remove /legalhold/conversation alias from v2 (#2734)
Make v2 a supported version and start v3 (#2734)
Features
Bug fixes and other updates
Documentation
Internal changes
Skeleton implementation of new endpoint for JWT DPoP access token generation (#2652, #2686)
Add swagger2-ui to stern (#2742 …)
For users of the (currently alpha) coturn Helm chart, manual action is
required when upgrading to this version. The labels applied to the Kubernetes
manifests in this chart have changed, in order to match the conventions used
in the wire-server charts. However, this may mean that upgrading with Helm can
fail, due to changes to the StatefulSet
included in this chart -- in this
case, the StatefulSet
must be deleted before the chart is upgraded. (#2677)
wire-server helm charts: Adjust default CPU/Memory resources: Remove CPU limits to avoid CPU throttling; adjust request CPU and memory based on observed values. Overall this decreases the amount of CPU/memory that the wire-server chart needs to install/schedule pods. (#2675)
Upgrade team-settings version to 4.12.1-v0.31.5-0-0167ea4 (#2180)
Upgrade webapp version to 2022-09-20-production.0-v0.31.2-0-7f74074 (#2302)
Add new endpoint /mls/commit-bundles
for submitting MLS CommitBundle
s. A CommitBundle
is a triple consisting of a commit message, an optional welcome message and a public group state. (#2688)
MLS: Store and expose group info via GET /conversations/:domain/:id/groupinfo
(#2721)
Add /mls/public-keys to nginz chart (#2676)
Users being kicked out results in member-leave events originating from the user who caused the change in the conversation (#2724)
Leaving an MLS conversation is now possible using the regular endpoint DELETE /conversations/{cnv_domain}/{cnv}/members/{usr_domain}/{usr}
. When a user leaves, the backend sends external remove proposals for all their clients in the corresponding MLS group. (#2667)
Validate remotely claimed key packages (#2692)
The coturn chart now has support for exposing its metric endpoint with a ServiceMonitor, which can be ingested by third-party metrics collection tools. (#2677)
Deleting clients creates MLS remove proposals (#2674)
External remove proposals are now sent to a group when a user is deleted (#2650)
Allow non-admins to commit add proposals in MLS conversations (#2691)
Optionally add invitation urls to the body of /teams/{tid}/invitations
. This allows further processing; e.g. to send those links with custom emails or distribute them as QR codes. See docs for details and privacy implications. (#2684)
SCIM user deletion suffered from a couple of race conditions. The user in now first deleted in spar, because this process depends on data from brig. Then, the user is deleted in brig. If any error occurs, the SCIM deletion request can be made again. This change depends on brig being completely deployed before using the SCIM deletion endpoint in brig. In the unlikely event of using SCIM deletion during the deployment, these requests can be retried (in case of error). (#2637)
The 2nd factor password challenge team feature is disabled for SSO users (#2693)
Less surprising handling of SIGINT, SIGTERM for proxy, stern. Increase grace period for shutdown from 5s to 30s for all services. (#2715)
Drop Client model (unused) from old swagger. Add a description and example data for mls_public_keys field in new swagger. (#2657)
Document user deactivation (aka suspension) with SCIM. (#2720)
Monitoring page showed wrong wrong configuration charts. Updated prometheus-operator to kube-prometheus-stack chart in the documentation. (#2708)
Make client deletion asynchronous (#2669)
Allow external add proposals without previously uploading key packages. (#2661)
Allow legalhold tokens access to /converations/<uuid>
endpoint (#2682, #2726)
Move Brig.Sem.* modules to Brig.Effects (consistency) (#2672)
The labels applied to resources in the coturn chart have been changed to reflect the conventions in the wire-server charts. (#2677)
Drop the managed
column from team_conv
table in Galley (#2127)
Fix link in PR template (#2673)
In Gundeck's 'notifications' cassandra table, switch to TWCS compaction strategy, which should be more efficient for this workload, and possibly bring performance benefits to latencies.
It may be beneficial to run a manual compaction before rolling out this
change (but things should also work without this manual operation).
In case you have time, run the following from a cassandra machine before deploying this update: nodetool compact gundeck notifications
. (#2615)
Add regular expression support to libzauth ACL language (#2714)
Make test API calls point to the most recent version by default (#2695)
Clients and key package refs in an MLS conversation are now stored in their own table. (#2667)
Refactor MLS test framework (#2678)
Update mls-test-cli to version 0.5 (#2685)
Added rusty-jwt-tools to docker images (#2686)
The account API is now migrated to servant. (#2699, #2700, #2701, #2702, #2703, #2704, #2705, #2707)
Update nginz and cannon ACLs to match api-versioned paths (#2725)
For wire-server cloud, on kubernetes 1.21+, favour topology-aware routing, which reduces unnecessary inter-availability-zone traffic, reducing latency and cloud provider cross-AZ traffic costs. (#2723)
GET i/mls/clients
has been changed, and it now returns a list of ClientInfo
instead of a list of ClientId
. (#2631)Fix key package error description (#2651)
Expose MLS public keys in a new endpoint GET /mls/public-keys
. (#2602)
The coturn chart now supports exposing the control port over TLS. (#2620)
Forward all MLS default proposal types (#2628)
New endpoints HEAD
and GET /nonce/clients
to request new nonces for client certificate requests (coming up soon). (#2641, #2655)
Fix cql-io bug where restarting whole cassandra cluster could cause downtime. Upstream changes in https://gitlab.com/twittner/cql-io/-/merge_requests/20 (#2640)
Improve client check when adding clients to MLS conversations (#2631)
Move developer docs onto docs.wire.com (instead of exposing them on github only) (#2622, #2649)
Add build instructions for developers (#2621)
Make target audience explicit on docs.wire.com (#2662)
Support for external Add proposals (#2567)
Add additional checks on incoming MLS messages:
Apply changes introduced by cabal-fmt. (#2624)
Remove some redudant constraints in brig (#2638)
Brig Polysemy: Port UserPendingActivationStore to polysemy (#2636)
Add make target delete-cache-on-linker-errors
to delete all Haskell compilation related caches. This is useful in cases where the development environment gets into an inconsistent state. (#2623)
Move Paging effect from galley into polysemy-wire-zoo (#2648)
Fix broken hls-hlint-plugin in nix env (#2629)
Adjust developer PR template and document config and API procedures in-tree. (#2617)
Add mls-test-cli to builder image (#2626)
Add mls-test-cli to deps image (#2630)
mls-test-cli: Use Cargo.lock file when building (#2634)
Move common Arbitrary instances to types-common package for compilation speed (#2658)
LoginId
migrated to schema-profunctor (#2633, #2645)
Improve cleaning rules in Makefile. (#2639)
Fix typos, dangling reference in source code haddocs, etc. (#2586)
Update the Elastic Search version used for running integration tests to the one that is delivered by wire-server-deploy. (#2656)
charts/cannon: Ensure HSTS headers are set for all endpoints (#2574)
Expired MLS key packages are deleted from the database (#2582)
Add support for MLS Remove proposals (#2561)
Human readable names for SAML IdPs (#2565)
The preferredLanguage
field from SCIM now maps to the user locale in BRIG and will be set and updated on post SCIM user and on update SCIM user using SAML. (#2605)
For TLS1.2, by default, remove ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256 ciphers for ingress traffic. (#2528)
charts/wire-server: default log format everywhere to StructuredJSON format (introduced in #1951 and #1959) (#2559)
The coturn chart now supports multiple authentication secrets, which permits multiple backend instances to use the same TURN servers without needing to share authentication secrets between the backend instances.
Correspondingly, the .Values.secrets.zrestSecret
configuration option, which
took a single authentication secret as its argument, has been replaced with the
option .Values.secrets.zrestSecrets
(note spelling!), which instead takes a
list of authentication secrets as its argument. (#2553)
Add support for bare MLS proposals (#2436)
Fix a bug in charts/cannon. It's now possible to use a custom TLS certificate when enabling cannon's nginz sidecar container. (Previously only letsencrypt certificates worked, and were tested) (#2558)
Minor fixes in helmcharts:
Port brig UserHandle API to servant (#2556)
Bump timeout for integration tests to 15 minutes (from 10 minutes), as 10 minutes is no longer enough. (#2570)
Internal endpoints to PATCH
feature status (#2555)
Change the proposal hold time to 28 days (#2568)
Deploy spar before galley (#2543)
Upgrade team-settings version to 4.11.0-v0.31.1-0-9e64150 (#2180)
2nd factor authentication code generation is rate limited now (#2522)
The team member CSV export now fills created_on
for SCIM users (#2543)
Add Helm chart for inbucket. Inbucket is a SMTP server that does not relay, but instead display received mail in a webapp and make them accessible via an API. (#2544)
Bump saml2-web-sso (#2545, #2546)
use checkedConnectCluster to avoid dropping requests to Redis when Gundeck reconnects to the Redis cluster (#2542)
Do not log polysemy errors in Galley (#2531)
Remove old crypto-cli tool from the ubuntu image (#2538)
Added new-remote-conversation RPC, used to notify a backend of a remote conversation the first time any user from that backend is added to it. (#2378)
Added federation endpoint send-mls-message
used to send messages to remote converesations (#2378)