Fix SQL injection and provide default responses

• the http server module now sets a default response body for 4xx and 5xx responses. It will be a text/plain description of the error like Internal Server Error
• The CRUD module was changed to validate the operator used by the client. In the past, any string would just be embedded into the SQL, allowing the client to conveniently use any advanced SQL operator, but also to embed arbitrary additional conditions or inject other SQL code. This has been fixed and the set of allowed operators limited, any operator unknown by the backend will now be rejected.

ipread: fixed module health issue with disabled refresh

The ipread package has a kernel module which handles automatic updates of the ip database.
If the automatic refresh is disabled, the module exists after the initial load and marks the module as unhealthy, so that the app never gets healthy. To fix this, the health state of the module will be kept healthy on exit if refresh is disabled.

What's Changed

• ipread: fixed module health issue with disabled refresh by @j4k4 in #1174

Full Changelog: v0.27.0...v0.27.1

db: using transactions from the sqlx package instead of native sql

This release changes the interface of the db.Client to use the transaction type sqlx.Tx instead of the native sql.Tx in its transaction functions:

type Client interface {
        ...
	WithTx(ctx context.Context, ops *sql.TxOptions, do func(ctx context.Context, tx *sql.Tx) error) error
        ...
}

changed to

type Client interface {
        ...
	WithTx(ctx context.Context, ops *sql.TxOptions, do func(ctx context.Context, tx *sqlx.Tx) error) error
        ...
}

What's Changed

• db: using transactions from the sqlx package instead of native sql by @j4k4 in #1171

Full Changelog: v0.26.6...v0.27.0

What's Changed

• db: using transactions from the sqlx package instead of native sql by @j4k4 in #1171

Full Changelog: v0.26.6...v0.27.0

Automatically generate trace ids in the logs and added more tags to sentry

This release adds the app family and group to the tags provided to sentry. It also changes the no-op trace id provider to instead provide a local trace id. Thus, you will have a trace id in the future on most logs (from a consumed message or HTTP request) which is forwarded to all downstream services using gosoline. Finally, the X-Request-ID and X-Session-ID HTTP headers are now also added to the context (if present) and will be available for all messages produced in some way from an HTTP request.

v0.26.5

What's Changed

• [db-repo]: disable change history migration by default; by @selm0 in #1162

Full Changelog: v0.26.4...v0.26.5

v0.26.4

What's Changed

• feat: Add delete to cache by @bt-justtrack in #1167

Full Changelog: v0.26.3...v0.26.4

v0.26.3

Currently, fixture loaders will get created, even if the fixture loading is disabled in the config.
In certain scenarios this could cause issues.
To improve it, this release ensures, that the fixture loading middleware does nothing if disabled.

What's Changed

• fixtures: on disabled fixtures, the middleware will do nothing now by @j4k4 in #1165

Full Changelog: v0.26.2...v0.26.3

v0.26.2

What's Changed

• feat: Implement atomic mutates on the cache; by @bt-justtrack in #1161
• fix: Implement restartability on producer daemon without reset; by @bt-justtrack in #1160
• test: added option to disable all custom consumer retries by @j4k4 in #1159

Full Changelog: v0.26.1...v0.26.2

v0.26.1

What's Changed

• test env log collection per log channel by @bt-justtrack in #1158

Full Changelog: v0.26.0...v0.26.1

v0.26.0

This release contains a couple of minor and major changes:

cloud/aws: unified default credentials config and added profile load option #1155

unified default credentials config

before:

cloud:
  aws:
    credentials:
      access_key_id: "*******************"
      secret_access_key: "****************************************"
      session_token: "********************************************************************"
    defaults:
      region: "eu-central-1"
      endpoint: ""

after:

cloud:
  aws:
    defaults:
      credentials:
        access_key_id: "justtrack"
        secret_access_key: "justtrack"
        session_token: "justtrack"
      endpoint: "http://localhost:4566"
      region: "eu-central-1"

added option to gain access via aws profile

It's possible now to use sso credentials via profiles. This can be done via global default or client specific.

cloud:
  aws:
    defaults:
      profile: "sdlc-dev-account"
    cloudwatch:
      clients:
        default:
          profile: "sdlc-dev-account"

ref: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/#specifying-profiles

EndpointResolver V1 deprecation

v1 of the endpoint resolver got deprecated and the code was migrated to use the v2. Resolving the endpoint has to be configured on client level in the code now. This change should be transparent for most of the gosoline use cases.
ref: https://aws.github.io/aws-sdk-go-v2/docs/configuring-sdk/endpoints/#customization

log/mocks: Refactored logger mock factory by adding options and changed return value to interface #1148

Deprecated NewLoggerMockedAll and NewLoggerMockedUntilLevel and replaced them with options to NewLoggerMock with the options WithMockUntilLevel and WithMockAll. Also added the WithTestingT
option to supply a testing.T instance to the logger, allowing for automatic expectation assertions and printing recorded log messages if a test fails for easier debugging.

This commit also breaks backwards compatibility by changing the return value of these methods to the new LoggerMock interface, so if you store the mock in a field of a test suite or similar, you need to adjust the type.

mdlsub: http source based fixture writer for subscribers #1154

fixture groups

On adding fixtures sets to an application, one has to define the group into which the data belongs as the first argument. \

app := application.Default(
    application.WithFixtureSetFactory("default", fixtureSetsFactory),
)

The default group is loaded on default and can be defined in the config:

fixtures:
  enabled: true
  groups: ["default"]

subscriber fixture loading

The mdlsub contains a FixtureSetFactory now which enables fixture loading for subscribers via http endpoints.
On subscriber start the app will request the fixtures via http and persists the data into the configured outputs.

application.RunMdlSubscriber(
    subscribers.Transformers,
    application.WithFixtureSetFactory("subscriber", mdlsub.FixtureSetFactory(subscribers.Transformers)),
)

The source is set via config:

fixtures:
  enabled: true
  groups: ["subscriber"]
  providers:
    subscriber:
      host: http://fixtures.io
      path: /v0/fixtures/subscriber
      dataset_name: management

What's Changed

• cloud/aws: unified default credentials config and added profile load option by @j4k4 in #1155
• db: provide connection for db settings instead of spawning a new one by @applike-ss in #1156
• log/mocks: Refactored logger mock factory by adding options and changed return value to interface by @ajscholl in #1148
• mdlsub: http source based fixture writer for subscribers by @j4k4 in #1154

Full Changelog: v0.25.1...v0.26.0