Release 2025-02-07 - (expected chart version 5.11.0) #4445
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Master->Develop after release
* testMigratingPasswordHashingAlgorithm: Disable suspending inactive users The test takes long and suspending inactive users causes flakes * integration: Add HasCallStack to functions for starting dynamic backends * federator: Close sockets on SIGINT/SIGTERM * integration: Delete ensureFederatorPortIsFree The function could potentially kill other services as they could inherit a leaked federator socket FD. Now that we handle signals in the federator, this should not be problem just like other services.
…e asserting that WS should be closed (#4400) Also ensure that lingering connections from previous uses of the dynamic backend are not causing flakiness.
Instead of killing processes, wait for the port to be freed.
…4403) Merely waiting doesn't seem to work, sometimes there are 4 connections called "pool 0" in RabbitMQ, possible because those cannons were SIGKILLed.
* charts: Use bitnami helm repo from github The main repo seems to have some intermittent issues * hack/helmfile: Remove unused repo
* integration: Add type to quickly run tests multiple times * integration: Wait for websocket to be connected before calling the continuation * cannon: Create queue before responding to the websocket This way tests can run more reliably. * integrations: Slightly better failures when ws closes unexpectedly * integrations: Fail if events websocket doesn't connect in time * integrations: Catch WS handshake exceptions * cannon: Respond with HTTP 503 when there are too many channels * integrations/testChannelLimit: Expect 503 when channel limit is reached * integration: Simplify codenstiy code --------- Co-authored-by: Paolo Capriotti <[email protected]>
Fixup for #4410 The service account needs to be unset expliclty otherwise the previous value remains. kubernetes/kubernetes#72519
* Improve error reporting in test Knowing the index name(s) to handle, simplifies debugging the ElasticSearch test proxy. * Use correct ElasticSearch URL for additional index The additional index doesn't have to reside on the same ElasticSearch instance. In fact, in some tests we simulate (with proxies) that it doesn't. These tests were flaky due to the second index not being refreshed. * Add changelog entry
…n constraints. (#4409) * Modify POST /teams/{id}/invitations to check for domain configuration [WIP] * domain registration store in mem interpreter * unit test module for TeamInvitationSubsystem. * Enumerate unimplemented actions in miniGalleyAPIAccess interpreter. * fix flaky dotless email arbitrary instance * Add guard for /register to EnterpriseLoginSubsystem. * More structure for guard errors. * Arbitrary: use instance for Domain in instance for EmailAddress. * Call register guard in brig. (test still missing) * Add link to confluence in comment. --------- Co-authored-by: Leif Battermann <[email protected]> Co-authored-by: Sven Tennie <[email protected]>
* Setup technitium * Setup DoH and wire-server-enterprise * Follow wire-server-enterprise * Implement domain verification endpoints * Domain verification integration tests * Add domain verification endpoints to nginx conf * Add CHANGELOG entry * Fix DNS test and prevent UTF8 crash * fixup! Setup DoH and wire-server-enterprise * Make enterprise service endpoint optional in brig * Disable enterprise service on the second backend * Remove TODOs --------- Co-authored-by: Paolo Capriotti <[email protected]>
* Add failing test reproducing the issue * Disable guards when the enterprise service is disabled * Add CHANGELOG entry
Seperate the handling of - /bot/conversation and - /bot/conversation/.+ . For /bot/conversation/.+ - redirect to and authenticate for brig. For /bot/conversation - leave redirected to and authenticated for galley.
* Make wire-server-enterprise point to main history * Remove branch setting in .gitmodules --------- Co-authored-by: Stefan Matting <[email protected]> Co-authored-by: Leif Battermann <[email protected]>
* MLS: send ext commit before sending ext proposals * add changelog and streamline test
- Return Maybe when trying to get domain registration - Move GuardEmailDomainRegistrationTeamInvitation to TeamInvitationSubsystem
This reverts commit 7d439e6.
[WPB-14310] Move domain registration guards to their respective subsystems
* Save group info within commit lock This makes the behaviour for internal commits consistent with that of external commits. As a side effect, `propagateMessage` is called inside the lock, which is not necessary.
* Special case of getDomainRegistrationPublic Add a flag to the response body of `POST /get-domain-registration` to indicate whether `domain_redirect` is set to `none` due to the existence of a registered account. This makes it possible for clients to let a user log in with an existing cloud account even if a redirection to an on-prem backend is set up for their domain.
zebot
added
the
ok-to-test
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2025-02-07] (Chart Release 5.11.0)
API changes
New endpoints for domain registration and verification ([WPB-14307] domain verification (enterprise feature) #4389, WPB-14307 Update Authentication Flow #4422, WPB-15551 Domain Registration Team Feature Integration #4433, WPB-14307 Fix nginx configs #4434, WPB-15801 GET and DELETE Registered Domains #4438)
Deprecated API endpoints were removed from API version V8. (WPB-15030 Delete deprecated and unqualified endpoints from V8 #4407)
Add a flag to the response body of
POST /get-domain-registrationto indicatewhether
domain_redirectis set tononedue to the existence of a registeredaccount. This makes it possible for clients to let a user log in with an
existing cloud account even if a redirection to an on-prem backend is set up
for their domain. (WPB-15933 Special case of getDomainRegistrationPublic #4441)
Features
Bug fixes and other updates
Fix 503 on user registration when the enterprise service is disabled (Fix 503 on registration with disabled enterprise service #4421)
Fix 503 on team invitation when wire-server-enterprise is disabled (Fix 503 on team invitation with wire-server-enterprise disabled #4439)
Fix bug in nginz:
/consent/<foo>requests not correctly forwarded togaleb. (fix bug: consent request not correctly forwarded to galeb #4376)MLS: when recreating external (backend) proposals, these are now propagated to
the clients only after the corresponding external commit has been forwarded to
the clients. (MLS: send ext commit before sending ext proposals #4412)
MLS group info is now saved with the commit lock held. This prevents a bug where group info on a later commit was overwritten by an earlier group info, leading to out-of-sync MLS state between backends and clients. (Save group info within commit lock #4436)
Internal changes
Internal spar endpoint to retrieve the team's identity providers (WPB-14307 internal spar endpoint to get the team's identity providers #4417)
Adjust existing onboarding flow to new domain registration constraints.
Endpoints:
federator: Install signal handlers for SIGINT and SIGTERM, close sockets when receiving these signals ( federator: Close sockets on SIGINT/SIGTERM #4398)
/i/index/refresh now uses the correct URL for additional indices. Thus, the
refreshed indices can reside on different ElasticSearch instances. This
endpoint is exclusively called from tests. (Stabilize index migration tests #4413)
Test single consumer behaviour of notifications (Test single consumer behaviour of notifications #4443)