- Stabilized the splinterd feature
"log-config"
. This feature allows for finer-grained configuration of the log output.
- Add
--group
option to thesplinter keygen
subcommand. This option allows the user to modify the group of the resulting key files, or automatically set the group based on the target directory. The group now defaults to the user's group if this option is omitted.
- Stabilize
"log-config"
feature by removing it. The fine-grained log configuration is now available by default.
- Stabilized the
"scabbard/database-support"
,"cli/scabbard-migrations"
, and"splinterd/scabbard-database-support"
features. These features now allow all scabbard state, including merkle state, to be stored in the database instead of being spread across multiple LMDB files. LMDB may be enabled for merkle state storage with the optional flag--scabbard-state lmdb
or by its analogous setting in the TOML config file.
-
Save replaced connection ids for peers in the PeerManager so that old messages can still be routed.
-
Check for inbound unreferenced peer when upgrading an outbound unreferenced peer to peers. If one is found, check whether the outbound or inbound connection should be used. Fixes an issue where a duplicate connection would be kept around.
-
Bump the version of jsonwebtoken to 7 to resolve a build issue with the dependent ring crate.
-
Fix the no-op tap macros such that they can properly accept multiple tags.
-
Modify the
upgrade_scabbard_receipt_store
function to skip the receipt store upgrade process if there are no local circuits found. This fixes a bug where running upgrade with no existing circuits would return an error. -
Stabilize
scabbard-migrations
by removing it.
-
Change loggers to expect an stdout appender. The default loggers expected a "default" named appender, but the name was changed to "stdout".
-
Fix a bug in logging where the verbosity flag was altering the root loggers. The flag now correctly alters the stdout appenders level.
-
Enable
Appender
log level filtering. -
Log all config values after logging configuration so they get recorded in log files.
-
Fix the
ConnectionPool
feature guards around "database-postgres" and "database-sqlite" features, for the case where neither are enabled. -
Simplify the
ByteSize
type and move it into the toml module. -
Stabilize
scabbard-database-support
by removing it. -
Update the root logger to allow levels below
info
. The default root logger had a preset level filter ofinfo
, the value is nowtrace
so all logs will get forwarded to appenders.
-
Replace the boxed function for handling state purge with a trait for the specific operation.
-
Rename the clap value for
scabbard_storage
to bescabbard_state
. -
Move the conversion of the TOML version of
ScabbardState
to the config value to theconfig::toml
module. This ensures theconfig::scabbard_state
module should not have any dependencies on specific formats. -
Add a circuit_tag to the committed_batches, such that the metrics can be correlated for a complete circuit.
-
Update transact dependency to min 0.3.13.
-
Delete the scabbard SQL merkle state on service purge. Replace the
NoOpScabbardPurgeHandler
with DB-specific handlers. These handlers delete the entire merkle state tree on purge. -
Move the to_hex function out of the hex module and localize it to the modules where it will be used. This removes any feature-guard complexity around the function.
-
Make the scabbard CLI only depend on the
client-reqwest
feature, removing the dependency on the service during compilation time. -
Move the
ScabbardState
parsing to the config::clap module. -
Add missing guards for
lmdb
usage to ensure this functionality is not available if the feature is disabled. -
Update all of the factory guards such that the code correctly compiles and lints when no database features are enabled.
-
Remove the use of scabbard default feature in the CLI.
-
Stabilize
database-support
by removing it. -
Collapse the
state_database
andfactory_database
module up into the respective root state and factory modules. -
Remove smart permissions from scabbard CLI. Because Smart permissions has been removed from the new version of sabre, the unused commands are removed to make way for the upgrading to a new version of sabre. Smart permissions were experimental so this does not change the stable API.
- Gameroom was setting SplinterProtocolVersion to 1. This is correct for gameroom but changes had been made to make gameroom handle v2 versions of admin events. Now that admin events version is guarded by protocol version, the v1 messages can be used instead.
- Add an OpenAPI lint step to just and GitHub CI to verify that the OpenAPI files are formatted correctly and follow best practices.
- Verify proposal circuit version is supported for vote. Verify that the circuit version for the proposal that is being voted on is still valid for the currently support circuit versions.
-
Create Database file with 640 permissions.
-
Add receipt store to the
splinter upgrade
CLI command. -
Check that the value given for the
--rest-api-endpoint
splinterd CLI option contains 'http://' or 'https://' and exit with an error if it does not.
- Detect incorrect state daemon. Changes the
ScabbardFactory
builder to fail if LMDB state is not enabled, but there are any existing LMDB files in the state directory.
- Stabilized
scabbard-receipt-store
feature in splinter cli.
-
Update admin routes to error if protocol version is too high.
-
Replace the use of
Vec<u8>
withsplinter::public_key::PublicKey
. For areas that are not on the edges (Rest API/ Database) the structs should usePublicKey
to represent a public key instead of Vec. -
Update admin register route to handle protocol versions. When submitting the request the
SplinterProtocolVersion
will determine the version of admin events that will be returned over the event subscriber If the protocol is set to 1, 0.4 equivalentAdminEvents
are returned. If the protocol is set to 2 or not set, 0.5/0.6AdminEvent
messages will be returned. This allows for backwards compatibility with 0.4 clients to still interact with 0.5 splinter nodes. -
Fix update_proposal so it does not remove incorrect nodes. When updating a proposal, the command was removing all proposed with the same node ID but should remove by circuit ID instead.
-
Configure SQLite PRAGMA for multi-threaded support.
-
Remove the
create_store_factory
function to push the connection type selection decision closer to the caller.
-
Add REST API test that checks permissioned endpoints can’t be accessed by a client without any set permissions.
-
Split connection pool and store factory creation. This change splits the creation of the connection pool and the store factory. It allows the use of the connection pool to be passed to the scabbard service as well.
-
Add
create_store_factory
function to create stores. This functionality used to be in libsplinter. -
Effectively remove the use of the
MemoryStoreFactory
, replacing it with a memory-based SQLite version. -
Improve scabbard_state documentation and position in example configuration file.
-
Remove the
zmq
feature. -
Add checks for log file permissioning issues.
-
Add tests for toml configuration file deserialization.
-
Add state_dir and config_dir keys to deserializable toml configuration structure.
-
Add default quiet loggers for tokio, tokio_reactor, and hyper crates.
-
Add checks for invalid merkle state and database configuration.
-
LMDB files are written with “.lmdb” file extension.
-
Update LMDB default file sizes on 64 bit linux build targets to be 1024^4.
-
Switch from use of postgres connection pool to single postgres connection to prevent cli looping when a connection could not be established.
-
Break apart
scabbard-migration
features. The scabbard migrations were only being run if the scabbard-migrations feature was enabled which was experimental. This means the transaction receipt migrations were not being run on stable. -
Switch the use of Pool with PgConnection to just a PgConnection in splinter database migrate. This enables testing the connection to the postgres database and returning an error if not able to connect. Before with the use of Pool, the connection would be retried, causing the CLI command to loop. Now it returns if the connection cannot be established.
-
Experimental support for database-backed MerkleState in libscabbard has been added.
-
Stabilize argument validation for internal services. This enables being able to validate arbitrary service arguments in the admin service by defining ServiceArgValidator for a service type. The admin service will run the validator against a proposed circuit, rejecting a proposal if they are invalid.
-
Stabilize
"service-arg-validation"
by removing the feature. -
Fix type for admin service event ID for Postgres. The event ID was being set to
INTEGER
but needs to be set toBIGINT
.
-
Stabilize
"service-arg-validation"
by removing the feature. -
Add
scabbard_storage
configuration value. This value will allow splinterd to enable the use of LMDB scabbard state. This value may be configured viasplinterd.toml
or the--scabbard-storage
CLI argument. This is behind the experimental feature"scabbard-database-support"
.
-
Stabilize
"service-arg-validation"
by removing the feature. -
Stabilize
"receipt-store"
by removing the feature. -
Enable the use of dynamic storage in the scabbard service, including the
CommitHashStore
and theReceiptStore
. This is behind the experimental feature"database-support"
. -
Enable the use of the transact library's
SqlMerkleState
in the scabbard service, with LMDB as an optional alternative. This is behind the experimental feature"database-support"
. -
Fix the
dir_path
arg given when creating a newLmdbReceiptStore
. Previously the value given for this argument included the name of the LMDB file in the path which caused an error. -
Fix receipt store configuration in scabbard. Previously, this was setting the wrong value, resulting in the receipt-store configuration to be the default values.
-
Consolidate scabbard migrations, by including transact and sawtooth migration execution under the scabbard migration functions. This removes the need for library consumers to use either of those libraries and prevents situations where the database might be only partially migrated for scabbard's purposes.
-
Challenge authorization has been stabilized and set to default. The splinter daemon now requires that keys are configured that can be used for challenge authorization. Use
splinter keygen --system
to generate these keys. If you still wish to create circuits using trust authorization, when creating the proposal add--auth-type trust
. -
Scabbard feature
commit-store
has been stabilized and has been removed.
-
Add a trait for implementing Authorization types. The trait provides methods for getting all the associated handlers for the defined authorization type.
-
The
AuthorizationDispatchBuilder
has been updated to use these authorization implementations to add the related message handler. This change simplifies the guards around arguments that were only used if 'challenge-authorization' was enabled. Also simplifies the configurations required around handler tests. -
Stabilize
challenge-authorization
. -
Update unreferenced peers to properly switch connections if duplicate. Previously, if there was an unreferenced peer connection when one previously existed, it would always be replaced. This is a bad pattern if one side thinks the connection is a full peer and might remove the incorrect side. This commit updated the logic so unreferenced peers follow the same logic as full peers when removing a duplicate connection.
-
Replace
ServiceArgValidationError
withInvalidArgumentError
. This is behind the experimental feature 'service-arg-validation'. -
Update
node_id
file store to check that the node ID file doesn't only contain whitespace before storing the value. -
Fix the local YAML registry such that it can handle an empty file, as well as an empty YAML array.
-
Stabilize
challenge-authorization
by removing the feature. -
Create a node_id module to hold
node_id
access and selection logic. -
Use the
get_node_id
method in the daemon to simplifynode_id
retrieval. -
Refactor the daemon by splitting out structs and associated implementations into multiple submodules under the same daemon module.
-
Add authorization support to the testing framework.
-
Update sawtooth dependency version to 0.6.7.
-
Stabilize
challenge-authorization
by removing the feature. -
Move postgres migration behavior to its own module to match the sqlite module.
-
Add the required migrations for the scabbard service state and commit hash store to the
splinter database migrate
subcommand. -
Add tests for the node_id store.
-
Add the libscabbard sources to the CLI docker file to support the addition of the scabbard migrations to the CLI.
-
Update sawtooth dependency version to 0.6.7.
-
Add a tag that specifies a circuit and service in the committed batches metric to fix a bug where committed batches from multiple scabbard circuits would override one another.
-
Stabilize
commit-store
by removing the feature -
Stabilize
postgres
andsqlite
features. -
Update sawtooth dependency version to 0.6.7.
-
Rename the
diesel-receipt-store
feature toreceipt-store
. -
Update the diesel backed receipt store in scabbard to include the added
service_id
argument.
- Add missing
splinter keygen --system
for gameroom UI test.
- Splinterd now correctly loads the TOML configuration file from
SPLINTER_HOME
. Previously, splinterd would not take into consideration the value ofSPLINTER_HOME
orSPLINTER_CONFIG_DIR
with respect to the configuration file. This change makes it so that splinterd will check both of those values before loading the configuration.
- Stabilize
challenge-authorization
API by removing guard. This includes adding public keys to the circuit state objects and other API changes required to support challenge authorization. Note this stabilization does not include enabling challenge authorization at the authorization level, that will be stabilized separately.
-
Add generic
TransactCommitHashStore
which uses anytransact::database::Database
implementation with the configured index tables. This is currently available via the experimentalcommit-store
and stablelmdb
features. -
Add Clone to
CommitHashStore
via aclone_boxed
trait method and implementingClone
onBox<dyn CommitHashStore>
-
Add
Sync
andSend
constraints to theCommitHashStore
trait. This brings the store definition in-line with all other splinter stores.
- Fix splinterd so it correctly loads the TOML configuration file from
SPLINTER_HOME
.
- Fix
splinter database migrate
so that an error isn't returned if the splinter_state.db file does not exist yet, as it will be created later on by sqlite when migrating. This fixes a regression that was introduced when a looping error message was removed when a file had insufficient file permissions.
-
The experimental
metrics
feature has been renamed totap
and stabilized. -
The use of PeerAuthorizationToken as the Peer ID has been replaced by
PeerTokenPair
which is made up of both the other nodes authorization type and the local authorization type used for the local node. -
Simple back-pressure has been added to the scabbard
/batches
route. If there are more than 30 pending batches, the scabbard route will start rejecting the batch and returning TOO_MANY_REQUESTS, until the batch queue reduces by half.
-
Update
metrics
feature to use v0.17 of metrics in libsplinter. Due to change in v0.17 themetrics
feature was renamed totap
to avoid conflicts. -
Make
InfluxRecorder::new
private,InfluxRecorder::init
should be used instead. TheInfluxRecorder
is available behind thetap
feature. -
Remove clones from
InfluxRecorder
. This change removes clones from the influx recorder, reducing the clones of entire strings. While small, metrics will happen frequently as more metrics are added, so its performance impact should be as minimal as possible. TheInfluxRecorder
is available behind thetap
feature. -
Add connection_id to
ConnectionManagerNotification::Disconnected
andConnectionManagerNotification::NonFatalConnectionError
. This will help with switching peers to be uniquely identified by the identity and the local identity used. -
Add picked public key to
AuthChallengeSubmitResponse
. This will allow the node to know which public key is being used as their identity on the other node in the case multiple submit requests were used. -
Add local authorization type to
InboundConnection
notification. Because peer connections need to be identified by both the peer's authorization as well as how the local node was authorized, inbound connections need to return this information in the notification. -
Update the
InprocAuthorizer
constructor to require the node ID so it can be added as the local authorization. -
Add local identity to
ConnectionManagerNotification::Connected
notification. Because peer connections need to be identified by both the peer's authorization as well as how the local node was authorized, outbound connections need to return this information in the notification. -
Add
PeerTokenPair
for unique peer identification. Since withchallenge-authorization
a peer can have several connections based on the combinations of different local and remote authorization types, a peer must be uniquely identified by both the authorization type of the peer and how the local peer identified. -
Replace
PeerAuthorizationToken
withPeerTokenPair
which contains both the peer's authorization along with the local nodes authorization type. This is required because a node should be able to connect to another node over different connections using different public keys. -
Update the
PeerManager
,PeerMap
,PeerConnector
andPeerInterconnect
to usePeerTokenPair
as the Peer ID for the peers. -
Update Dispatcher
PeerID
to usePeerTokenPair
along with all of the message handlers. -
Update Admin service to use
PeerTokenPai
r. This required an update to the admin service hack so the admin service id has been updated to include both the peers public key and the local nodes id "admin::public_key::PUBLIC_KEY::public_key::PUBLIC_KEY" -
Replace panics in Authorization handlers to return an
InternalError
instead of panic. -
Add InternalError to
DispatchError
. This required removingPartialEq
from the error. -
Move creation of accepted authorization list to the
AuthProtocolRequestHandlerBuilder
. Before this was done in the handler itself. -
Rename Local/Remote state machine structs to Initiating/Accepting. This will hopefully make it more clear which state is for which node in the authorization processes.
-
Add experimental commit-store feature for database backed commit hash stores.
- Update
metrics-*
arguments toinflux-*
. The arguments in splinterd are now:
--influx-db <db_name> The name of the InfluxDB database for metrics collection
--influx-password <password> The password used for authorization with the
InfluxDB
--influx-url <url> The URL to connect the InfluxDB database for metrics
collection
--influx-username <username> The username used for authorization with the
InfluxDB
- Stabilize
tap
features. This enables sending metrics to an InfluxDB instance.
-
Remove
"factory-builder"
feature. This feature was unnecessary and is required to allow for different storage configurations. -
Remove
"ScabbardFactory::new"
. TheScabbardFactory
must now be constructed via theScabbardFactoryBuilder
. -
Stabilize
back-pressure
feature by removing it. -
Stabilize
metrics
in scabbard.
-
Fix looping database error message for insufficient file permissions to sqlite databases.
-
Breakout list of endpoints in
splinter circuit show
. The endpoints will now be listed separately:Endpoints: tcp://127.0.0.1:18044 tcp://127.0.0.1:18044
- The
splinter admin keygen
command has been removed from the splinter CLI. This command duplicated the functionality ofsplinter keygen
with no additional value.
-
Update connection manager to allow multiple connections for an endpoint. With challenge authorization, it is possible to have more then one connection connected to the same endpoint if the peer authorization token is different.
-
Add
connection_id
to FatalConnectionError. Endpoints are no longer 1:1 with a connection, as such if there is a FatalConnectionError theconnection_id
should be returned as well. -
Update PeerManager to support multiple peers having the same endpoint. Before challenge authorization was implemented, endpoints to peer ID were expected to be 1:1. Now that is no longer true because the same peer may support multiple peer IDs with different authorization types that have the same endpoints.
-
Add tag support for experimental metrics collection.
-
Add the new diesel backed receipt store to scabbard as an alternative to the existing LMDB backed receipt store. The new receipt store is behind the experimental feature
diesel-receipt-store
. -
Add service ID to the batch queue metric, in order to differentiate between multiple scabbard instances on a node.
- Relaxed the URL check to all for
https
endpoints in all subcommands that use--url
.
-
Update the
splinter database migrate
command to run migrations for the new diesel backed receipt store if the experimental feature 'scabbard-receipt-store' is enabled. -
Remove the
splinter admin keygen
subcommand. This command was a duplicate of thesplinter keygen
subcommand.
- Stabilize
node-id-store
by moving the feature to stable.
-
Update docker files to run the system keygen command. If enabled, challenge-authorization requires that a key be configured, the system keygen command generates this key if one does not exist.
-
Add the splinter upgrade command to docker files that use the splinter database migrate command. Not running
splinter upgrade
before starting splinterd can block the daemon from starting. -
Add just recipe for linting Dockerfiles with hadolint.
- Stabilize v1 Trust authorization. This version fixes a race condition that was present in v0 Trust Authorization. Note: v0 is still supported if ConnectRequest is received first instead of AuthProtocolRequest message.
-
Fix several feature guards for
challenge-authorization
. -
Update rust documentation for NodeIdStore.
-
Stabilize the
trust-authorization
feature.
- Stabilize the
trust-authorization
feature by moving it to default.
- If
challenge-authorization
is enabled the the default authorization type is now set to challenge and the Splinter daemon must configure at least one public/private key pair that can be used for identification. To configure the key pair runsplinter keygen --system
.
-
Update default authorization type to be challenge if the experimental features
challenge-authorization
is enabled. Otherwise, the default remains trust. -
Stabilize
biome-replace-keys
by removing the feature. -
Convert
network::auth::v1_handlers
into a module and break outtrust
andchallenge
functionality into submodules.
-
Update challenge authorization key configuration to require at least one key pair if the experimental feature
challenge-authorization
is enabled. -
Add a new toml configuration option
allow_keys_file
that allows a user to specify the exact location of the key file. This is behind the featureconfig-allow-keys
.
-
Update
splinter circuit propose --compat 0.4
to set the authorization type to trust. -
Add bash completion to auto-complete subcommands and options.
- Update circuit creation to explicitly set authorization type to trust. This
will keep gameroom backwards compatible if
challenge-authorization
is enabled.
- Disable websocket test that hit
echo.websocket.org
-
Splinterd will not start if there are database migrations that need to be run and will give information about how to upgrade the database.
-
User configurable logging with stdout, stderr, file, and rotating file log targets as well as fine grain control over where each log statement goes.
-
Replace the use of a Vec to represent a public key in the PeerAuthorizationToken, ConnectionAuthorizationType, Identity, and in the AdminService.
-
Add
any_pending_migrations
to postgres and sqlite migration modules -
Fix identity comparison in PeerManager to decide between inbound/outboud connections. This comparison must now be between the connection's identity and the required local authorization used when requesting the connection originally.
-
Stabilize
admin-service-count
. This makescount_circuits
andcount_proposals
available on theAdminServiceStore
. -
Stabilize
oauth-user-list
feature by removing it, its functionality is included under theoauth
feature.
-
Detect pending migrations and abort if migrations are required
-
Add experimental
--peering-key
option to the splinterd to set which key will be used during challenge authorization with the peers provided with--peer
-
Update
--peer
to default to using challenge authorization to connect to the specified unidentified peer. The--peer
option also has been updated to take the format tcp+trust://ipaddr:port/ if the authorization used must be trust. The feature is experimental. -
Add file base logging configuration options based on the log4j/rs pattern.
splinterd.toml
has new sections for loggers and appenders. Each logger can direct logs to one or more appenders. Each appender can be shared between loggers. There are two special cases, thestdout
appender and theroot
logger both of which are auto added if not otherwise specified in the log file. Both can be overridden fromsplinterd.toml
by including a logger or appender namedstdout
orroot
respectively. The feature is experimental. -
Add new PUT method at /biome/keys to replace existing user keys
- Stabilize
user-list
feature by renaming it touser
and adding it todefault
.
- The initial experimental implementation of Challenge Authorization has been added. See Challenge Authorization for more information.
-
Implement Challenge Authorization. Challenge Authorization is behind an experimental feature
challenge-authorization
. -
Update the Admin Service to support Challenge Authorization. This is behind the experimental feature
challenge-authorization
. -
Update PeerManager and ConnectionManger to pass the expected authorization of the peer, as well as the authorization the local node must use for authorization. This is required to properly connect to a peer based on the requirements of a circuit. This is behind the experimental feature
challenge-authorization
. -
Add experimental NodeIdStore with diesel implementation. This store adds an alternative place to store the node id, which is saved on the first run of splinter.
- Update the creation of the AuthorizationManager to support Challenge Authorization.
- The "authorization", "authorization-handler-allow-keys" and "authorization-handler-rbac" features have been moved to default. This ensures that authorization is included in default builds of splinterd.
-
Update the authorization state machine for trust v0 and trust v1 to more closely match the design in Challenge Authorization
-
Add a node id store trait for getting and setting the instances node_id, this trait is behind the experimental feature "node-id-store"
-
Add integration tests around circuit creation while stopping and restarting nodes throughout the process
-
Move stable authorization features to default to ensure default builds of splinterd will include authorization
- Fix CLI signing path for
--key
.current_user_search_path()
now searchesroot/.splinter/keys
as expected instead ofroot/.cylinder/keys
-
splinterd YAML circuit state is no longer supported, and the splinter CLI subcommand
upgrade
has been stabilized to help users port their legacy YAML circuit state to a database -
Both the "biome-profile" and "oauth-profile" features have been stabilized. This allows for the storage of basic profile information for either authentication scheme.
-
Stabilize the feature “oauth-profile” by removing it. This feature allows for user profile information to be collected from OAuth providers. This functionality is available when the “oauth” feature is enabled.
-
Add user subject to oauth-profile log error message
-
Wrap signing context in
Arc<Mutex>
so it can be shared with scabbard
-
Stabilize the feature “upgrade”. This feature allows a user to upgrade from 0.4 to 0.6 by upgrading the circuit YAML store to a database store.
-
Fix typos in upgrade feature documentation.
-
Stabilize the feature “biome-profile”. This feature allows for user profile information to be saved to the user profile store.
-
Stabilize the feature “deprecate-yaml” by removing it. This feature deprecates the circuit YAML store, directing the user to upgrade using
splinter upgrade
. -
Remove references to
--storage
from configuration and tests -
Update
--state-dir
help to not reference YAML storage -
Correct the proposals location for YAML store detection
- Wrap signing context in
Arc<Mutex>
so it can be shared with splinterd
-
Change splinterd
/var/lib/splinter
file ownership tosplinterd:splinterd
-
Change splinterd
/var/lib/splinter
file permissions to disallow global read -
Create
/etc/splinter/allow_keys
with splinterd postinst script
-
Add a justfile recipe to build Docker images
-
Add Docker build test to GitHub Actions workflows
- The splinter CLI subcommands
splinter authid
,splinter role
,splinter permissions
, andsplinter remove-proposal
have been stabilized.
-
Add native protocol structs for
NetworkMessages
. This reduces the need to use protobuf structs directly. -
Updated sawtooth-sabre to fix a memory leak.
-
Stabilize the feature "permissions" by removing it. This makes the subcommand
splinter permission list
available in the default stable builds. -
Stabilize the feature "authorization-handler-rbac". This makes the Role-based Access Control subcommands
splinter role
andsplinter authid
available in stable builds. -
Stabilize the features "proposal-removal". This makes the subcommand
splinter remove-proposal
available in the default builds.
- Update example config files with new configuration options and documentation.
- It is now possible to abandon and purge circuits and remove proposals that are between a 0.5 node and a 0.4 node. This is allowed because the operations do not require confirmation from the 0.4 node. The 0.4 node will print an error and ignore the notification sent when the circuit is abandoned or a proposal is removed.
-
Update
AuthChallengeSubmitRequest
to have multipleSubmitRequests
that have a signature and public key. This is required because a splinterd can support multiple key pairs and it is not clear which one is the expected public key without a proposal. -
Update circuit abandon, circuit purge and proposal removal to work for circuits and proposals that were created between a 0.5 node and a 0.4 node.
-
Replace string peer id with
PeerAuthorizationToken
. This enables routing over the correct identity based on how the connection was authorized. The layer that knows what authorization type is required is the admin service, as such much of the public API of thePeerManager
,PeerManagerConnector
,PeerInterconnect
, and network dispatchers had to be updated to usePeerAuthorizationToken
instead of a string. -
Fix an issue with default template paths when loading circuit template. In the case where no paths were provided, the defaults would not be added to the final set of search paths. This has been corrected to include the default paths, both from configuration and constant values.
- Adds a
splinter user list
subcommand to the CLI, which should return all users registered with Splinter, through Biome or OAuth. This command currently returns all Splinter users, regardless of how the user registered.
- A new version of Trust Authorization has been added. The v0 had a race
condition that has now been fixed in the new version. It is currently behind
an experimental feature
trust-authorization
.
-
Implement v1 Trust Authorization. This version makes room for adding Challenge Authorization as well as fixes a race condition present in v0 Trust Authorization. If a
ConnectRequest
is the first message received v0 trust will be used. IfAuthProtocolRequest
is the first message v1 Trust will be used. This is required to stay backwards compatible with 0.4. v1 is behind an experimental featurestrust-authorization
-
Update the
RefMap
to take a generic key. The RefMap is used to keep track of peers to know when the connection should be dropped. With the addition of challenge authorization the peer id is going to be updated to be an Enum instead of a String, as such the reference map needs to be updated to take keys that are other types. -
Add a default for YamlCircuitStatus in the
YamlAdminServiceStore
. If a circuit status is not in the yaml state, it defaults to Active. This is required for backwards compatibility with 0.4. -
Add authorization type and public keys to the
RoutingTable
. This information is required for properly routing a message once Challenge Authorization is implemented. -
Update the handling of proposed circuits to check node IDs in the list of proposed disband members to verify nodes that have previously peered still have an agreed upon protocol version.
-
Changed logging libraries to the more flexible log4rs to enable future logging expansions.
-
Add a feature "deprecate-yaml" that deprecates yaml state in splinterd in favor of using sqlite or postgresql. If splinterd is run with yaml state, it will abort and point the user to the "splinter upgrade" command, which imports the yaml state into the specified database.
- Add experimental feature
upgrade
to the splinter CLI. This command will port YAML state files to database state.
- The Splinter daemon now has its own sets of private/public keys that will be used to support Challenge Authorization.
-
Replace MigrationError with InternalError. This has the effect of properly displaying the underlying error that may occur when accessing the database.
-
Add REST endpoint to the OAuthResourceProvider, oauth/users behind the
oauth-user-list
feature, which lists OAuth users. This makes it easy for administrators to get users' Biome IDs so they can be used in RBAC authorization. -
Stabilized the
proposal-removal
feature. This enables removing a circuit proposal for the requesting node.
- Update
splinter keygen --system
to check the environment variablesSPLINTER_HOME
andSPLINTER_CONFIG_DIR
for where to put the generated keys. Also updates the default key name to besplinterd
.
- Add public/private keys to the Splinter daemon. If the experimental feature
challenge-authorization
is enabled, the daemon will check the configured "config" directory and load every key that is in the key directory. These keys will be used in challenge authorization.
-
The
admin/circuit
route now returns a list of nodes in the member list instead of just the node id if theSplinterProtocolVersion
is set to 2. This is a breaking change from previous versions. -
Stabilized
authorization-handler-rbac
feature. This enables authorizing REST API users via a role-based access control system in stable builds.
-
Stabilized
authorization-handler-rbac
feature. -
Update admin REST API to return the nodes in the circuit member list. The nodes will include a public key if the
challenge-authorization
experimental feature is enabled. -
Add a method to the
OAuthUserSessionStore
to list OAuth users. This is available if theoauth-user-list
experimental feature is enabled.
-
Add experimental feature
challenge-authorization
to the splinter CLI -
Add an option to give node's public keys in the
circuit propose
command. The public keys will be used during challenge authorization. This is behind the experimental featurechallenge-authorization
. -
Add
challenge
as an option to the--auth-type
option oncircuit propose
command. This is behind the experimental featurechallenge-authorization
.
-
Stabilized
authorization-handler-rbac
feature. -
Add experimental feature
challenge-authorization
to splinterd. -
Add integration tests for the process of disbanding a circuit, while nodes are stopped throughout the process.
-
Includes a number of minor improvements to mesh stability.
-
Adds experimental support for including a public key in circuit nodes.
-
Add an optional public key to both ProposedNode and CircuitNode. This public key will be used during challenge authorization. This requires that the Circuit member list is updated to contain CircuitNodes instead of just the node id. This will allow storing the public key directly in the circuit. This is a breaking change against the YAML format, as such if a node is using the YamlAdminServiceStore it cannot support including public keys in the member list and thus will not be able to support challenge authorization.
-
Fix a bug that was causing the gameroom example to fail because the Websocket event from Scabbard when a contract was submitted was too large. This was fixed reverting to use json::to_string instead of json::to_string_pretty
-
Remove all mesh connection registrations on shutdown
-
Remove lock contention when adding connections to mesh
-
Change mesh control channel registration from level to edge, in order to process all control messages on a single event firing.
-
Replace inproc connection internals with channels, greatly simplifying the implementation.
-
Add simple circuit generation via CircuitBuilder and ScabbardCircuitBuilderVeil for creating and testing various configurations of Scabbard circuits. Available through the experimental feature "node".
- Stabilized authorization-handler-allow-keys feature. This enables authorizing
REST API users via the
allow_keys
file in the stable builds.
-
Add
Challenge
toAuthorizationType
behind an experimental featurechallenge-authorization
. This is the first step in implementing Challenge Authorization. For more information see the Challenge Authorization feature doc. -
Added new authorization messages to support challenge authorization and v1 trust authorization.
-
Stabilized authorization-handler-allow-keys feature
-
Add
wait_for
andwait_for_filter
methods, which allow a node to wait for a particular admin event type. Thewait_for
method uses the newEventQuery
, which transforms itself into a filter to be consumed bywait_for_filter
-
Stabilized authorization-handler-allow-keys feature
-
Add bug fix to ensure splinterd does not start before network interfaces have IP Addresses
-
Update the registry creation process to not require the "file://" prefix when a file name is being passed as a registry argument
-
Add integration tests related to abandoning circuits
-
Circuit deletion is now stabilized. Circuits can now be disbanded or abandoned and then purged. The CLI commands are now available in the
splinter
CLI. -
Added the
proposal-removal
experimental feature, which enables removing circuit proposals. The experimentalsplinter-circuit-remove-proposal
CLI command is available in thesplinter
CLI.
-
Stabilized
splinter circuit disband
subcommand. -
Stabilized
splinter circuit abandon
subcommand. -
Stabilized
splinter circuit purge
subcommand. -
Added
--dry-run
to the experimental role-based access control subcommands. -
Added
splinter-circuit-remove-proposal
subcommand, guarded by the experimentalproposal-removal
feature.
-
Stabilized
circuit-disband
,circuit-abandon
, andcircuit-purge
. -
Added explicit check for existence of the state directory.
-
Added experimental admin event client trait and Actix Web Client (AWC) implementation. This trait provides a simplified wait to wait for admin service events.
-
Added the
rbac_
prefix to database tables for the experimental role-based access control authorization handler. -
Fixed a timing bug that resulted in important messages being dropped. If a PeerInterconnect did not have the peer id for a connection before a message was received that message would be dropped. Now, the message is retried in the future, allowing time for the peering processes to finish.
-
Fixed a timing bug where the process of adding internal connections to the mesh instance in the orchestrator or the service processor would block indefinitely, due to an internal channel not yet registered with mio::Poll before the connection was added.
-
Log error and drop messages if the orchestrator's send queue is full. Before this commit, a full queue error would kill the loop, breaking the orchestrator.
-
Increased default orchestrator capacity values to 512. Previously, these values were set to 8 messages. This is a very small restriction on the capacity of the message queues, especially during load.
-
Added an experimental feature,
proposal-removal
, which provides the ability to remove circuit proposals. -
Added experimental support for count_circuits and count_proposals to AdminServiceStore.
- Implemented simple back pressure for pending batches. The submit route will
return TOO_MANY_REQUESTS and reject the batch if the pending batch queue is
longer than 30 batches. Scabbard will start accepting batches again when the
batch queue makes it to 15 batches pending. This feature is experimental
behind
back-pressure
.
- Switched to GitHub Actions from Travis CI for builds.
-
Fixed a Splinter daemon connection bug in tcp:// and tcps:// transports which crashed the listener thread if remote disconnects occurred during protocol negotiation.
-
The
scabbard
CLI man pages are now available. Please see the Splinter Website (https://www.splinter.dev/docs/0.5/references/cli/#scabbard-cli) for more information. -
Splinter signing code has been removed and replaced with
cylinder
. This was required for updating to the new version of Sabre. -
Scabbard and Gameroom have been updated to use Sabre v0.7. This will allow sabre to handle 0.5, 0.6 and 1 family versions, making splinter 0.4 work with 0.5.
-
The Splinter circuit state is now owned by the Admin Service. The Splinter daemon components, such as message dispatchers, now use an in memory
RoutingTable
. The AdminService will rebuild theRoutingTable
on restart. -
Splinter state now supports SQLite and PostgreSQL backends. This update requires that the newly stabilized
splinter database migrate
command is run before starting up the Splinter daemon. For information see Configuring Splinter Daemon Database and Data Store Guidelines. The following data stores are now supported - circuits and proposals - admin events - biome - registry -
Stabilize
circuit-template
feature in libsplinter and the CLI. See Using Circuit Templates for more information -
Adds the crate::error module. This error module will provide common reusable errors for the library, reducing redundancy and inconsistency.
-
Circuits now include a human readable display name.
-
The ADMIN_PROTOCOL_VERSION has been increased to 2 to handle updates to the Circuit and Proposal API. Use protocol version 1 for backwards compatibility. The updates includes:
- Allowed nodes list is now node_id in services
- Circuits and Proposal now includes a display name, circuit status, and circuit version
- Application metadata and comments are not optional in Proposals
-
Circuits can now be disbanded or abandoned and then purged.
-
An experimental integration testing framework has been added to splinterd. This framework will enable the creation of integration tests that can be run with the normal
cargo test command
. -
Experimental support for two new authentication schemes: OAuth support (including Azure, Github, Google, and OpenID) and CylinderJWT.
-
Experimental support for authorization, via a set of allowed keys and a role-based access control system.
-
Implement Vec::from for ConnectionMatrixEnvelope. Using Vec::from is cleaner than using the ConnectionMatrixEnvelope::take_payload.
-
Remove the remaining deprecated Network structs. Several tests still relied on the old Network implementation. The tests were updated to use Mesh or the peer module so the deprecated structs could be removed.
-
Add
PeerManagerBuilder
to make creating aPeerManger
easier and reduce errors by starting the background thread on build. The builder matches the pattern of theConnectionManagerBuilder
. -
Add
subscribe_sender
toPeerManagerConnecter
which takes a Sender which can be used to get a PeerManagerNotification and adds the ability to convert the notification to another type. This change updates the PeerManager to match the ConnectionManager. Also addsunsubscribe
to the connector which allows a subscriber to no longer receive notifications. -
Improve log messages around peer creation.
-
Adds missing Rust API documentation to the peer module.
-
Update frame negotiation to result in a handshake failure if the connection is terminated mid-negotiation when using TCP or TLS.
-
Rewrite WsTransport in tungstenite and add SSL support. The websocket crate had serious limitations which manifested when attempting to implement TLS support. After more analysis, Tungstenite looks better overall, so re-implemented with that dependency instead. This is experimental behind the
ws-transport
feature. -
Clean up circuit template API:
- Remove '$()' from template argument names
- Reworks the
apply_rules
method so the organization makes it clear whichrule
is creating the value. - Remove "a:" and "r:" prefix to template arguments.
- Changes the
CircuitTemplate
into_builders
method toapply_to_builder
, which takes in aCreateCircuitBuilder
and applies the template rules using the builder .with_* methods.
-
Add reader and writer traits for the routing table, as well as an in memory implementation. The routing table will replace the splinterd uses of SplinterState, most widely used in the Handlers for messages that are dispatched.
-
Add RegistryStore with YAML, SQLite and PostgreSQL backend implementations. This enables being able to config different backends for the registry. Before, only YAML was supported.
-
Add AdminServiceStore with YAML, SQLite and PostgreSQL backend implementations. This enables storing circuit and proposal state in SQLite and PostgreSQL database while staying backward compatible with the 0.4 YAML state.
-
Update AdminService to use the AdminServiceStore for storing circuit and proposal state. This also requires updating the AdminService to use a RoutingTableWriter to update the RoutingTable for new circuits so that the splinterd message handlers can properly route messages.
-
Replace allowed_nodes list with node_id in service definitions. Only one node ID is currently supported.
-
Replace auth with authorization_type in Circuit Update the AdminServiceStore Circuit struct to have authorization_type instead of auth. This makes the use of authorization_type consistent between Circuit and ProposedCircuit.
-
Replaces the
libsplinter::signing
module with use of thecylinder
crate. This change removes thesawtooth-sdk
dependency as well as thesawtooth-signing-compat
feature. -
Adds the crate::error module that provides common reusable errors for the library, reducing redundancy and inconsistency. The included errors are:
- InternalError
- ConstraintViolationError
- InvalidStateError
- InvalidArgumentError
- ResourceTemporarilyUnavailableError
-
Guard all admin service code with an
admin-service
feature. The admin service code is quite large and is not always required. This feature is stable. -
Move all migrations file to a top level location. Running migrations from multiple locations can cause conflicts because there is only one table for keeping track of what transactions have already been run in the database. That conflict can be removed by having all migrations in one place and only running them once.
-
Stabilize the "store-factory" features. This feature guarded the StoreFactory, which is used to dynamically create the stores for the configured database backend.
-
Add a separate protocol version for the AdminService. Before the admin service used the same protocol version as the admin service REST API. However, the REST API and the protobuf messages have different protocols and should be treated as such.
-
Increase the AdminService protocol level to support handling new requests that cannot be handled by v0.4 AdminService.
-
Replace the in memory only implementation of storing AdminServiceEvents with storying the AdminServiceEvents in the AdminServiceStore. This fixes a bug where the events were only stored in memory so they could not be retrieved after a restart.
-
Use Message::parse_from_bytes instead of protobuf::parse_from_bytes. This fixes a breaking change introduced by protobuf 2.19.
-
Add support to the AdminService for handling a CircuitDisband request. Disbanded a circuit removes all networking support from the circuit while maintaining the circuit state. This is the "friendly" approach for removing a circuit that requires agreement from all members.
-
Add support to the AdminService for handling a CircuitAbandon request. Abandoning a circuit is similar to disbanded but does not require agreement from the other members of a circuit. This will result in broken circuit functionality for the other members.
-
Add support to the AdminService for handling a CircuitPurge request. After a circuit has been disbanded or abandoned, a purge request will remove all circuit state related to the circuit, including service state.
-
Add
purge
to the Service trait.purge
will enable removing the services associated datafiles when a circuit is purged. -
Refactor authentication system to allow more supported authentication methods beyond the provided Biome credentials
-
Add support for OAuth authentication
-
Add support for Cylinder JWT authentication
-
Add experimental permissions extensions to REST API Resource construction
-
Add experimental support for authorization via an allowed keys file. All keys placed in the file are allowed access to any permission-guarded REST API routes. This authorization method is intended namely for system administrators.
-
Add experimental support for authorization via role-based access control. Users, by ID or public key, may be assigned roles which, in turn, are made up of a set of permissions. This allows control over user access at a finer-grained level than "allowed keys".
-
Add experimental support for maintenance mode authorization. This mode set sets the REST API in read-only mode for all role-based access control users. While enabled, any write permissions are denied, but read permissions continue to work as configured. Maintenance mode has no effect on users authorized via the allowed keys file.
-
Add experimental support for Splinter Metrics. This required implementing an InfluxDB specific implementation of the Recorder trait from the metrics crate. This will enable us to gain insight into the inner working of Splinter during load and performance testing by adding metrics throughout the code. Several initial metrics were added throughout the code.
-
Add experimental BiomeClient trait and an reqwest implementation.
-
Add
threading::lifecycle::ShutdownHandle
. Anything which runs a thread will need to implement ShutdownHandle in the future, which will standardize libsplinter's approach to shutdown (a.k.a. joining threads). -
Implement ShutdownHandle trait for the following components (removing the old shutdown pattern):
- ServiceProcessor
- Orchestrator
- PeerManager
- PeerInterconnect
- ConnectionManger
- Mesh
- RemoteYamlRegistry
- DispatchLoop
-
Replace
insert_node
withadd_node
andupdate_node
in the registry. -
Add experimental initial Actix Web 3 support. This adds the start of pieces we need to easily standup and manage the REST API without any wrapper code (such as the approach taken with the Actix Web 1 support). This includes support for a RestApi struct and its lifecycle (RestApiBuilder -> RunnbleRestApi -> RestApi -> shutdown).
-
Version 2PC and add v2 implementation. Moves the existing 2PC implementation to a v1 submodule and creates a new v2 implementation that is not compatible with v1. V2 disables custom verifiers and only allows the coordinator to create proposals. This fixes several bugs found when running under scabbard under load. The AdminService still requires v1.
-
Add man pages for all stable
scabbard
CLI commands -
Update CLI man page 'SEE ALSO' link to point the Splinter website https://www.splinter.dev/docs/0.5/
-
Update CLI signing code to use cylinder. Replaces the use of the
splinter::signing
module with the cylinder crate. -
Update
splinter database migrate
to run migrations for both SQLite and PostgreSQL. -
The CLI has been updated to handle the updated circuit and proposals API returned with ADMIN_PROTOCOL_VERSION 2.
-
Add
--compat=0.4
flag tosplinter circuit propose
. This flag enforces that the circuit created by the proposal will be compatible with v0.4 of Splinter. -
Add experimental support to
splinter cert generate
to generate REST API certificates for https. -
Add experimental support to
splinter circuit
to disband, abandon, and purge circuits. -
Add experimental support for managing role-based access with the
splinter role
andsplinter authid
subcommands. Therole
subcommands may display, create, update or delete roles. Theauthid
subcommands may display, create, update or delete user or key authorizations. -
Fix a bug that enforced that all service arguments were wrapped in a Vec. This made it impossible to provide arguments that were expected to be just a string, such as scabbard "version"
-
Update the daemon to use the
PeerMangerBuilder
. -
Update accept thread to log errors and continue instead of exiting on an AcceptError.
-
Add wss:// handling support to the daemon If TLS is enabled, then create the WsTransport using the same configuration as the socket-based TLS Transport.
-
Update the splinterd to use the store factory to configure all stores with the database value provided by the config. This enables using a SQLite or PostgreSQL database for circuit state, registry, biome, etc.. For backwards compatibility
--storage
is hidden but still available and if--storage yaml
is provided the AdminService will use the YAML implementation of AdminServiceStore. -
Add experimental HTTPS support for the splinterd REST API.
-
Remove
--enable-biome
flag. Removes theenable_biome
option for the Splinter daemon. The inclusion of Biome is now a compile-time choice rather than run-time. Previously, theenable_biome
option was necessary to be able to run splinterd without a database, but soon a database will always be required for splinterd. For backwards compatibility, the--enable-biome
CLI flag is kept but marked as hidden. -
Add experimental support for configuring metrics. If the
metrics
flag is enabled the following flags are available that will be used to connect to a running InfluxDB database:
--metrics-db <metrics_db> The name of the InfluxDB database for metrics
collection
--metrics-password <metrics_password> The password used for authorization with
the InfluxDB
--metrics-url <metrics_url> The URL to connect the InfluxDB database for
metrics collection
--metrics-username <metrics_username> The username used for authorization with
the InfluxDB
-
Add support for the use of the CylinderJWT authentication method
-
Add experimental use of the OAuth authentication method
-
Add experimental use of the "allowed keys" authorization method
-
Add experimental use of the role-based access control authorization method
-
Add experimental use of the maintenance mode authorization method
-
Update CLI signing code to use cylinder. Replaces the use of the
splinter::signing
module with the cylinder. -
Add scabbard support for SPLINTER_REST_API_URL This change modifies scabbard's URL handling to match that of the splinter CLI command.
-
Update scabbard to use cylinder. Replaces the use of the
splinter::signing
module with the cylinder. -
Update sabre version to 0.7.
-
Update the CLI to use the ScabbardClientBuilder.
-
Implement
Service.purge()
method so scabbard state can be removed when a circuit is purged. -
Add a version service argument that tells scabbard what version of 2PC to use. v2 of 2PC fixes several bugs that were found while testing scabbard under load. But for backwards compatibility the with v0.4 Splinter v1 2PC must still be supported.
-
Use correct state directory for scabbard files This initializes the scabbard service with the same state directory used for the rest of the daemon, instead of using scabbard's default. This fixes a bug where the scabbard files were always put in the default directory.
-
Update the scabbard service to handle CSV passed in as service argument. Before the list of admin keys and peer services had to be decoded using json. Now the arguments can be passed in as either JSON or CSV.
-
Add a builder for the ScabbardClient.
-
Use the gameroom circuit template in Gameroom daemon. Updates the
propose_gameroom
REST API endpoint function to use a CircuitCreateTemplate to generate the CreateCircuit admin message used to propose a gameroom. -
Update sabre version to 0.7.
-
Replace the use of sawtooth-sdk with transact-sdk-javascript in the gameroom-app.
- Dockerfiles have been updated from bionic to focal.
-
The default network endpoint for
splinterd
now contains a TLS protocol prefix,tcps://
. When startingsplinterd
with the--no-tls
flag, a valid TCP endpoint must be provided (with thenetwork_endpoint
configuration setting or--network-endpoint
command option). Using the default network endpoint with the TLS protocol prefix will causesplinterd
to fail. -
The
splinterd
service-endpoint
configuration setting andservice_endpoint
command option are now available only with the experimentalservice-endpoint
feature. The command option and config setting no longer have an effect if theservice-endpoint
feature is not enabled. -
The
PeerManager
and its related components have been moved to thesplinter::peer
module.
For upgrade information, see Upgrading to Splinter 0.3.18 from Splinter 0.3.17.
-
Fix a bug where the Transact scheduler was not shut down if a transaction was invalid.
-
Update the peer manager to handle the case where two peers connect to each other simultaneously.
-
Fix a bug where a failure to authorize on peer reconnection would result in retrying authorization indefinitely. This failure now causes the connection to be removed.
-
Update the peer manager to remove inbound connections for a peer when it is disconnected, then retry connecting to the peer's endpoints.
-
Updated
GET /ws/admin/register/{type}
endpoint to check if the admin service is running before creating a websocket connection. If it is not running, the endpoint now returns a 503 service unavailable response. -
Add
on_reconnect
callback toWebsocketClient
that is called before attempting to reconnect to a server. -
Move the peer manager from the
splinter::network::peer_manager
module to thesplinter::peer
module.
-
Change the default service and network endpoints from TCP to TLS and require a valid TCP endpoint when using the
--no-tls
flag. -
Add the experimental
service-endpoint
feature and use it to guard the--service-endpoint
CLI option andservice_endpoint
configuration setting. The option and setting no longer have an effect if theservice-endpoint
feature is not enabled. -
Remove the following features as compilation options so they are always compiled:
config-command-line
config-default
config-env-var
config-toml
- Set crate dependencies to log level
Warn
to reduce noise in the logs.
- Add the following to support checking a scabbard service's current state root
hash:
ScabbardState::current_state_root
methodScabbard::get_current_state_root
methodGET /state_root
REST API endpointScabbardClient::get_current_state_root
methodscabbard state root
CLI subcommand
-
Update gameroom application to wait for
/submit
response and display any error messages from the response. -
Update docker compose files to use static IP addresses for all containers. This fixes a bug where proxy IP addresses would become out-of-date when containers were restarted.
-
Fix a bug that made it impossible to create new gamerooms after an instance of gameroomd reconnected to a previously restarted splinter node.
- Remove the Private Counter and Private XO example applications from the
splinter
repository. These applications are incomplete examples that were maintained primarily to test external services; external services are now considered experimental, so the applications are no longer needed.
- Update several error and log messages to be more descriptive.
-
Connection handling has been updated to use a dedicated connection manager, which provides consistent reconnection and heartbeat logic across both network and component connections.
-
Peering is now performed at the networking layer, rather than by the admin service. The peer manager allows other components (such as the admin service) to request the creation of a peer; these requests are counted to make sure connections remain as long as needed. A peer interconnect component provides the capability for higher-level components to send messages to peers without directly interacting with the underlying connection layer.
-
The Scabbard service, along with its client and other associated code, has been moved from the
splinter
crate to a newscabbard
crate. -
The key registry and node registry have been merged into a single registry. All nodes in the registry now have a list of keys that is used by the admin service to verify circuit management permissions.
-
The scabbard service is no longer provided by the
splinter
crate. The scabbard service and its client now belong to thescabbard
crate. -
The names of several
splinterd
configuration settings and CLI options have changed. For more information, see thesplinterd
section. -
Admin services now negotiate the protocol version after authorization. This change breaks compatibility between the 0.3.17 release and previous releases.
-
The key registry has been removed. Its functionality has been replaced by a new
keys
entry for nodes in the Splinter registry. Registry configurations will need to be updated. (See the upgrade document, linked below, for more details.) -
The
/admin/nodes
endpoints have been moved to/registry/nodes
. -
The Gameroom daemon (
gameroomd
) now uses Biome for user and credential management. There is a new "migrate database" step to correctly populate the Biome tables in the database. In addition, the Splinter nodes backinggameroomd
need to be run with Biome enabled and must be connected to a database. Gameroom's docker-compose files have been updated to handle these changes. (See the upgrade document, linked below, for information on starting Gameroom manually.)
For upgrade information, see Upgrading to Splinter 0.3.17 from Splinter 0.3.16.
-
Remove the
matrix
feature as a compilation option. This code is now always compiled. -
Make the
service::rest_api
module public. -
Update circuit-definition serialization to include the node IDs.
-
Make the
collections
module private to thesplinter
crate.
-
Update the admin service to log (but otherwise ignore) errors when restarting services.
-
Add the
AdminKeyVerifier
trait (with an implementation forRegistryReader
) for verifying proposal/vote permissions. -
Fix a bug in the service restart process that caused a deadlock in some scenarios.
-
Add a
state_dir
argument to configure where the admin service stores files.
-
Add the
registry
feature for optionally compiling the Splinter registry. -
Change the names of the following items:
- Module
node_registry
is nowregistry
NodeRegistryError
is nowRegistryError
NodeRegistryReader
is nowRegistryReader
NodeRegistryWriter
is nowRegistryWriter
RwNodeRegistry
is nowRwRegistry
LocalYamlNodeRegistry
is nowLocalYamlRegistry
RemoteYamlNodeRegistry
is nowRemoteYamlRegistry
UnifiedNodeRegistry
is nowUnifiedRegistry
- Module
-
Add methods for cloning an
RwRegistry
as aBox<RegistryReader>
orBox<RegistryWriter>
. -
Update
NodeIter
to be anExactSizeIterator
. -
Update
LocalYamlRegistry
to reload changes if its file is modified. -
Move
/admin/nodes
endpoints to/registry/nodes
and introduce aREGISTRY_PROTOCOL_VERSION
version number for/registry
endpoints.
-
Change the names of
splinterd
command options and configuration settings to be consistent.Configuration settings:
admin_service_coordinator_timeout
is nowadmin_timeout
bind
is nowrest_api_endpoint
heartbeat_interval
is nowheartbeat
registry_auto_refresh_interval
is nowregistry_auto_refresh
registry_forced_refresh_interval
is nowregistry_forced_refresh
Command options:
--advertised-endpoint
is now--advertised-endpoints
--bind
is now--rest-api-endpoint
--network-endpoint
is now--network-endpoints
--peer
is now--peers
--registry
is now--registries
For more information, see Upgrading to Splinter 0.3.17 from Splinter 0.3.16.
-
Add the
--config-dir
CLI option andSPLINTER_CONFIG_DIR
environment variable for configuring the location of asplinterd
configuration file to load. -
Allow the following TLS-related configuration settings and CLI options to use absolute or relative paths:
tls_ca_file
and--tls-ca-file
tls_client_cert
and--tls-client-cert
tls_client_key
and--tls-client-key
tls_server_cert
and--tls-server-cert
tls_server_key
and--tls-server-key
-
Move the
biome
,biome-key-management
, andbiome-credentials
features fromexperimental
todefault
. -
Fix a typo in the
--enable-biome
option that was causing the flag to never be set to true. -
Add a context string to the
UserError::IoError
variant to provide more details when one of these errors is encountered. -
Make the
node_id
configuration setting and CLI option (--node-id
) optional, and provide a randomly generated default. An automatically generated node ID is an ‘n’ followed by a random five-digit number, such asn12345
. -
Add a
SPLINTER_HOME
environment variable. When set, other directory configuration settings (or command options) do not need to be used to change the location of the TLS certificate directory, state directory, and config directory. This variable sets the following items:tls_cert_dir
is set to$SPLINTER_HOME/certs
state_dir
is set to$SPLINTER_HOME/data
config_dir
is set to$SPLINTER_HOME/etc
-
Add a new
--state-dir
option to thesplinterd
CLI. This option configures the directory location of registry files if the--storage
configuration option is set toyaml
. The--state-dir
CLI option overrides the default value (/var/lib/splinter/
) and any value set by theSPLINTER_STATE_DIR
environment variable.
-
Add the
splinter registry build
command for constructing Splinter registry files. This command queries asplinterd
/status
endpoint for node information, then combines this information with user-specified public key files to add the node to a registry file. -
Move the
database
anddatabase-migrate-biome
features fromexperimental
todefault
.
-
Move the
client
feature (formerly thescabbard-client
feature inlibsplinter
) fromexperimental
tostable
. -
Remove the
scabbard-get-state
feature as a compilation option. This functionality is now always enabled. -
Rename the scabbard client's
Error
struct toScabbardClientError
. -
Update the
ScabbardClient::submit
method to takeDuration
rather than au64
of seconds. -
Update the
ScabbardState::get_state_with_prefix
method to return an empty iterator when the prefix is not in state.
-
Add man pages for the
splinter health
command and its subcommands. -
Make general improvements and corrections to the man pages and Rust API documentation.
-
Update the database creation and migration process to prevent migrations from running when not necessary.
-
Run database migrations for gameroom tests to verify that the migrations are correct.
-
Replace the key registry and static node registry file with a dynamically constructed registry file.
-
Player names now appear in the UI as truncated public keys rather than user-friendly names. This is a side effect of removing the key registry; it will be addressed in a future release.
-
Update both gameroom databases to preserve state across restarts with Docker volumes.
-
Update
gameroomd
to use Biome for user registration and login.
- Remove registry files because they are no longer required by
splinterd
and are not needed for these example applications.
-
Update the Splinter justfile to run lint checks on all Splinter crates and exit on warnings.
-
Add the Splinter logo to the Splinter repository's README.
- The Splinter daemon,
splinterd
, can be configured with multiple read-only node registry files (in YAML format). Specify registries with file paths (prefixed withfile://
) or HTTP(S) URLs (prefixed withhttp://
orhttps://
).
-
The
--transport
option has been removed from thesplinterd
command. Thesplinterd
transport
configuration setting was also removed. -
The protocol prefix for TLS transport has been changed to
tcps://
. The old prefix,tls://
, is still supported but is considered deprecated. -
The TLS options and configuration settings for
splinterd
are now prefixed withtls
.Changed configuration settings:
cert_dir -> tls_cert_dir ca_cert -> tls_ca_file client_cert -> tls_client_cert client_key -> tls_client_key server_cert -> tls_server_cert server_key -> tls_server_key insecure -> tls_insecure
Changed
splinterd
command options:--cert-dir -> --tls-cert-dir --ca-file -> --tls-ca-file --client-cert -> --tls-client-cert --client-key -> --tls-client-key --server-cert -> --tls-server-cert --server-key -> --tls-server-key --insecure -> --tls-insecure
-
A required
version
field has been added to all config objects. TOML configuration files should have aversion = 1
added at the beginning of the file. -
The
splinterd
configuration settingsregistry_backend
andregistry_file
are no longer available. The relatedsplinterd
command options--registry-backend
and--registry-file
are also gone. Instead, use theregistries
configuration file setting or the--registry
option with thesplinterd
command. -
Nodes may now have multiple network endpoints. The
splinterd
configuration settingnetwork_endpoint
, which was previously a single value, has been changed tonetwork_endpoints
and now takes an array of values. Thesplinterd
command line option--network-endpoint
remains the same, but can be specified multiple times. This change also affects node registry files, circuit proposals, and REST API responses; see the upgrade document below for more details.
For upgrade information, see Upgrading to Splinter 0.3.16 from Splinter 0.3.15.
-
Change the following features from experimental to stable. They can be enabled with the “stable” feature flag (instead of the “experimental” feature flag), in addition to being enabled individually. These features will be used by the default and stable Docker images published at splintercommunity.
biome-key-management
biome-credentials
registry-remote
rest-api-cors
-
Remove the following features (no longer available as compilation options), because the functionality is now available by default:
node-registry-unified
-
Update the
Dispatcher
code:- Add
From
implementation forProtoConversionError
in thedispatch_proto
module. This will allow for uses of the various proto conversion traits to be used with the?
operator in handlers. - Add a function to the
Handler
trait formatch_type
, which more tightly couples the message type to the handler. This change greatly reduces the possibility that the handler and the type it is registered to could get out of sync. - Add a trait for message sending that can be coupled to the Source via
generics. A new module,
dispatch_peer
, implements this new trait specifically onPeerId
forNetworkMessageSender
, which supports the existing usages.
- Add
-
Switch the dispatch
Handler
trait from using generics to using associated types. -
Add a new generic parameter on dispatcher-related structs,
Source
, that can be eitherConnectionId
orPeerId
. The generic type defaults toPeerId
for backwards compatibility. -
Add a step to check if a request has method
OPTIONS
ifCORS
is enabled. -
Allow adding a NetworkMessageSender after a Dispatcher has been created.
-
Add an optional whitelist to the RestApi object used to instantiate CORS middleware.
-
Improve the
InprocTransport
ConnectionRefused
error when there's noListener
. -
Improve the error message when a service cannot be initialized.
-
Add the method
port_numbers
toRestApiShutdownHandle
, which returns a list of ports that the REST API was bound to when it was created. -
Simplify the connection manager error implementation.
-
Improve the node registry:
- Remove the no-op node registry since it is no longer used.
- Update node registry errors to match the standard pattern used elsewhere in Splinter.
- Rename
YamlNodeRegistry
toLocalYamlNodeRegistry
to prevent confusion with theRemoteYamlNodeRegistry
. - Add the
RemoteYamlNodeRegistry
for reading node registry files over HTTP(S). - Improve node registry documentation.
- Replace the
Node
constructor with theNodeBuilder
- Add a newline to the end of local YAML node registry files.
-
Switch two phase coordinator timeout from milliseconds to seconds.
- Re-enable two mesh tests
-
Remove the use of concrete stores from the Biome REST API. This makes it possible to test
BiomeRestResourceManager
. -
Add a
CredentialsStore
,RefreshTokenStore
,UserStore
, andKeyStore
implementation that usesArc<Mutex<HashMap>>>
to store objects in memory. -
Change the source field for
<store_error>::StorageError
toOption<Box<dyn Error>>
. This makes it easier to handle cases where the underlying error isn't interesting or important to surface, or if the error doesn't implement theError
trait. -
Fix a bug in the route handler for
GET /biome/key/{public_key}
,PATCH /biome/key/{public_key}
andDELETE /biome/key/{public_key}
. -
Fix a performance issue when updating a user's password.
-
Add initial unit tests for the Biome REST API.
-
Update the response for splinterd's
GET /status
endpoint to include the node's list of network endpoints. -
Add the
advertised_endpoints
configuration setting and--advertised-endpoints
command option tosplinterd
. This value is used to define the node's publicly accessible network endpoints if they differ from the node's bound network endpoints. Theadvertised_endpoints
setting is exposed viaGET /status
REST API endpoint. -
Add the
display_name
configuration setting tosplinterd
. This value is used to give the node a human-readable name. Thedisplay_name
setting is exposed via splinterd'sGET /status
REST API endpoint. -
Update the
splinterd
main
method to use thePath
struct for building file paths. -
Remove the
--transport
option from thesplinterd
command. -
Add a required
version
field to all config objects and check that each config object added to the finalConfigBuilder
object has the correct version -
Add support for './' and '../' in file paths for files necessary for
splinterd
configuration. -
Remove
registry_backend
andregistry_file
config options -
Add the configuration options
registries
,registry_auto_refresh_interval
, andregistry_forced_refresh_interval
. -
Refactor the
splinterd
local registry location configuration.
-
Remove the
keygen
feature (no longer available as compilation option); thesplinter keygen
subcommand is now available by default. -
Add the long option
--url
tosplinter health status
.
-
Add man pages for the following commands:
splinter
,splinterd
,splinter cert
,splinter database
, andsplinter keygen
.To display a man page with the
man
command, use the dashed form of the name, where each space is replaced by a dash. For example,man splinter-cert
.
-
Fix a non-deterministic failure in a gameroom integration test.
-
Update code to support change to multiple endpoints for each node
-
Add a database migration for the change from
endpoint
toendpoints
for thegameroom_member
table.
- Add a justfile to support using
just
for simple cross-repo building, linting, and testing. - Log a commit hash in the
splinter-dev
image. - Add additional cleanup to the
splinter-dev
image. - Update the
protoc-rust
dependency to version 2.14.
- Command name change: Use
splinter circuit propose
to propose a new circuit (instead ofsplinter circuit create
). - The
splinter node alias
subcommands have been removed. - Default values for the circuit management type and service type are now
configurable with the environment variables
SPLINTER_CIRCUIT_MANAGEMENT_TYPE
andSPLINTER_CIRCUIT_SERVICE_TYPE
. - Biome routes for user keys no longer require a user ID.
- The splinterd REST API endpoints for reading and proposing circuits are now in the default compilation target. Previously, this functionality required the "experimental" feature flag during compilation.
- The "biome" and "postgres" features are now available with the "stable" feature flag (instead of "experimental") and will be included in the default and stable Docker images published at splintercommunity.
- There is a new splinter-ui repository for Canopy and saplings.
- Biome routes for user keys no longer require a user ID.
- The endpoint
biome/users/{user_id}/keys
is nowbiome/keys
- The endpoint
biome/user/{user_id}/keys/{public_key}
is nowbiome/keys/{public_key}
- The endpoint
- The
splinter circuit create
subcommand is nowsplinter circuit propose
. - The
splinter node alias
subcommands have been removed. This functionality will be replaced bysplinter circuit template
subcommands in an upcoming release.
For upgrade information, see Upgrading to Splinter 0.3.15 from Splinter 0.3.14.
- Move the "biome" and "postgres" features from experimental to stable. They can be enabled with the “stable” feature flag (instead of the “experimental” feature flag), in addition to being enabled individually. These features will be used by the default and stable Docker images published at splintercommunity.
- Remove the following features (no longer available as compilation options),
because the functionality is now available by default:
biome-rest-api
circuit-read
proposal-read
- Remove the following features (no longer available as compilation options):
database
- Redundant; its functionality can be accessed with the "postgres" feature,json-web-tokens
- Deemed unnecessary, because using authorization tokens throughout the Biome REST API is always required,
- Clean up and expand the transport module:
- Remove unused errors, PollError and StatusError, from the transport module.
- Remove transport status enum.
- Implement
Display
for transport errors.
- Refactor the database module:
- Refactor the constructor for
ConnectionPool
toConnectionPool::new_pg
to support multiple backends. - Replace
database::DatabaseError
withdatabase::ConnectionError
because the only valid database errors were connection related.
- Refactor the constructor for
- The REST API tests now shut down after the tests finish.
- Change two Biome routes so that the user ID is not required in the route. The
user ID is now derived from the provided access token.
biome/users/{USER-ID}/keys
has changed to tobiome/keys
biome/users/{USER-ID}/keys/{public_key}
has changed tobiome/keys/{public_key}
- Add a "refresh_token" feature to the list of experimental features. When
this feature is enabled,
biome/login
now returns a refresh token. (Refresh tokens are sent to thePOST /biome/token
endpoint to generate new access tokens without having to collect credentials when the short-lived access tokens expire.) Also, Biome has a new endpoint, called/biome/tokens
, that validates refresh tokens and returns a new access token to the API consumer. - Add a
/biome/logout
route. - Rename and update several Biome items:
SplinterUserStore
is nowDieselUserStore
SplinterCredentialsStore
is nowDieselCredentialsStore
SplinterUser
is nowUser
.UserCredentials
is nowCredentials
.CredentialsStore
trait methodget_usernames
is nowlist_usernames
.- Remove the generic type definition from the
UserStore
trait and theCredentialsStore
trait. - Add the
update_keys_and_password
method toKeyStore
trait.
- Add the
new_key_pairs
field to thePUT /biome/users/{user_id}
payload.{ "username":"test@test1.com", "hashed_password":"Admin2193!", "new_password":"hello", "new_key_pairs":[{ "display_name":"test", "encrypted_private_key":"<encryped_private_key>", "public_key":"<private_key>" }], }
BiomeRestResourceManager
now requiresCredentialsStore
to be created.
- Add
FromProto
,FromNative
,IntoBytes
, andFromBytes
to the protobuf module. - Add a
ViaProtocol
generic parameter to theFromBytes
andToBytes
traits. This allows for auto-implementations of the types for implementers of FromNative and FromProto. - Add a
splinter::protos::prelude
module.
- Change the following features from "experimental" to "stable". They can now
be enabled with the “stable” feature flag, in addition to being enabled
directly, and will be used by the default and stable Docker images published
at splintercommunity.
database-migrate-biome
circuit
- Remove the following feature (no longer available as compilation options):
node-alias
- Replaced by thecircuit-template
feature
- Remove the
splinter node alias
subcommandsadd
,delete
,list
, andshow
. This functionality will be replaced by thesplinter circuit template
subcommands in an upcoming release. - Update
splinter circuit create
command to display the newly proposed circuit after it is submitted. - Add the
--node-file
option to thesplinter circuit create
command. This option loads a list of nodes from a YAML file, either on the local file system or from a remote server with HTTP. You can use this option with (or instead of) the--node
option. This option supports the Splinter node file types used by the node registry and thesplinter node alias
commands. - Update the
CreateCircuitMessageBuilder::add_node
method (which is used by thesplinter circuit propose
command) to check for duplicate node IDs and endpoints. If a duplicate is detected, an error is returned to the user. - Update the
splinter
CLI'sCreateCircuitMessageBuilder::add_service
method (which is used for adding services specified with the--service
argument), to check for duplicate service IDs. - Remove the
node-alias
feature (thesplinter node alias
subcommands) from the splinter CLI. This will be replaced by thecircuit-template
feature (splinter circuit template
subcommands) . - Simplify proposing a circuit with
splinter circuit propose
by automatically setting the circuit metadata. - Update the
splinter circuit propose
command to check for duplicate service arguments and return an error if one is found. - Remove the
splinter circuit default
subcommands and all associated code. Default values for the circuit management type and service type are now configurable with the environment variablesSPLINTER_CIRCUIT_MANAGEMENT_TYPE
andSPLINTER_CIRCUIT_SERVICE_TYPE
. This change simplifies circuit creation and lets users set default values with environment variables. - Change the
splinter circuit show
command to require a circuit ID as an argument. - Increase the paging limit for
splinter circuit list
to 1000.
- Remove Canopy from the splinter repository and move it to https://github.com/Cargill/splinter-ui
- Add man pages for the
splinter circuit
subcommands andsplinter database migrate
. To display a man page with theman
command, use the dashed form of the name, where each space is replaced by a dash.splinter-circuit
splinter-circuit-list
splinter-circuit-proposals
splinter-circuit-propose
splinter-circuit-show
splinter-circuit-template
splinter-circuit-template-arguments
splinter-circuit-template-list
splinter-circuit-template-show
splinter-circuit-vote
splinter-database-migrate
- Update the examples private_counter and private_xo to be compatible with Splinter version 0.3.15.
- Service ID must now conform to a specific format (a 4-character base-62 string),
which is enforced by the
SplinterServiceBuilder::build
method when provided and randomly generated if one is not. - Circuit ID must now conform to a specific format (an 11-character string composed
of two 5-character base-62 strings, joined with a
-
), which is enforced by theCreateCircuitBuilder::build
method when provided and randomly generated if one is not.
splinter::transport::raw
has been deprecated in favor ofsplinter::socket::tcp
splinter::transport::tls
has been deprecated in favor ofsplinter::socket::tls
- Reorganize the socket-based transports, raw (now renamed tcp) and TLS, under a
transport::socket
module. - Rename
RawTransport
toTcpTransport
to better reflect the underlying capability. Also rename thesocket::raw
module tosocket::tcp
. - Add a
comments
field to theCircuit
object to allow for human-readable comments. - Save a disconnected connection in a
HashMap
to be returned in case the connection is removed again at a later time. - Separate circuit and proposal REST API responses from the internal structs so the internal structures can change as needed without impacting the data exposed via the REST API.
- Add a
BiHashMap
toMesh
for a unique ID to the mesh ID. - Allow
BiHashMap
look-ups with elements that implement theBorrow
trait. - Replace the
RecvError::InternalError
with aDisconnected
error for accuracy. - Experimental feature “circuit-template” (new): Implement
CircuitTemplateManager
with functionality to list and load available templates. - For all experimental Biome features:
- Remove Arc wrappings from Biome’s user store to allow mutable references of the user store.
- Separate Biome models and schemas into their respective modules.
- Add a
/biome/verify
REST API endpoint to verify a user’s password. - Update the Biome Rust API documentation to remove explicit references to Rust features.
- Make the Biome user module private.
- Rename
biome::datastore
tobiome::migrations
and add module-level documentation for biome migrations. - Remove all uses of
super
imports in Biome.
- Correct
json-web-tokens
feature guards. - Experimental feature “proposal-read”:
- Update the
ProposalStore::proposals
arguments to take aProposalFilter
enum to allow the proposal store to filter returned proposals. - Rename the
/admin/proposals
endpoint'sfilter
query parameter tomanagement_type
. - Add
member
filter query parameter to theGET /admin/proposals
REST API endpoint.
- Update the
- Experimental feature “circuit”:
- Update the
splinter circuit create
command to generate a service ID automatically. - Add a
comments
argument to thesplinter circuit create
command to optionally provide comment for the proposed circuit. - Display comments in the output of the
splinter proposals
command. - Update the
circuit-read
andproposal-read
response deserializers to reflect the REST API response objects, rather than the related internal structs. - Add a
member
argument to thesplinter circuit proposals
command for filtering proposals by the given member. - Add
SPLINTER_REST_API_URL
environment variable to be used if-U
or--url
is not specified. - Remove the
required
specification fromsplinter circuit list
andsplinter circuit proposals
arguments that are not actually required.
- Update the
- Experimental feature “circuit-template” (new): Implement the experimental
circuit-template
feature. This feature lets you use a template to create a circuit with the newtemplate
subcommand forsplinter circuit create
.- Add the
dry_run
flag to thecircuit create
command, which displays the circuit definition without submitting the proposal. - Add subcommands behind the
circuit-template
feature to display circuit templates:splinter circuit template list
andsplinter circuit template show
.
- Add the
- Publish the Splinter package to crates.io when the repository is tagged.
- Add pandoc to the
splinter-dev
image. - Update the version of
splinter-dev
to v2 and update Dockerfiles to usesplinter-dev:v2
. - Experimental feature "circuit-template" (new): Include a
scabbard
template with the Splinter CLI and include thegameroom
template with the gameroom daemon.
- Breaking change: Socket-based transports (TCP and TLS) now require a version handshake when connecting.
- New experimental feature
circuit-template
: Circuit template library to simplify circuit creation.
For upgrade information, see Upgrading to Splinter 0.3.13 from Splinter 0.3.12.
- Socket-based transports, such as TCP and TLS, require a version handshake when connecting. This handshake allows the pair to negotiate the header version for messages sent over the connection. The V1 header currently consists of a version, a payload length, and a header checksum.
TlsConnection::new
is deprecated. ATlsConnection
should only be created viaTlsTransport
.
RestApi::run
now returns a bind error if it fails to bind to an address.RestApiServerError
has an additional variant,BindError
. Matching on specific errors will require a new statement for this variant, unless a catch-all statement is used.- Experimental feature "circuit-template" (new): The circuit::template module provides library code for building tools to create circuits using templates.
- All experimental Biome features:
- New OpenAPI documentation for REST API routes.
- Improved Rust documentation; see docs.rs/splinter.
- Restructured data stores to follow new model that enables future database selections.
- Experimental feature "biome-key-management": Added response bodies to the key management REST API routes.
- Experimental feature "biome-user":
- Added response bodies to the user REST API routes.
- Added
/biome/users/{user_id}/keys/{public_key}
endpoint, with both GET and DELETE handlers to fetch a specific user by public key and delete a user, respectively.
- Experimental feature “json-web-tokens” (new): Moved the sessions and secrets modules from behind the biome experimental feature to the REST API module, behind the “json-web-tokens” experimental feature
- Experimental feature "connection-manager":
- Remove
CmResponse
from the Connector API in order to provide a more idiomatic Rust API. - Automatic reconnection for broken connections.
- Remove
- Experimental feature "circuit": The
splinter circuit create
subcommand now displays the circuit ID for a new circuit.
- REST APIs and clients are now versioned with a ProtocolVersion.
- OPTIONS/CORS is now supported by the splinterd REST API
- CanopyJs and SaplingJS have been moved to their own repos.
- The scabbard CLI now provides experimental list and show commands for uploaded smart contracts.
- The scabbard REST API now has an experimental get state route
- Numerous bug fixes and documentation improvements.
For information on upgrading from 0.3.11 to 0.3.12 see Upgrading documentation
- Added “admin” prefix to circuits, key registry and node registry REST API routes.
- Rewrote the circuit create command so it does not accept a circuit definition in a YAML file, but rather it creates the circuit definition based on CLI arguments.
- Removed the deprecated generate-cert feature. Now you must use the
splinter cert generate
command to create development certificates and keys for using the TLS transport. See the how-to for Generating Insecure Certificates for Development for more information. - Changed
scabbard upload
command toscabbard contract upload
and updated .scar file to be loaded by name and version from a specified--path
argument. - Updated the version of Sawtooth Sabre used by scabbard to v0.5.
- Add “admin” prefix to circuits route, key registry and node registry routes.
- Add optional protocol headers to REST APIs. The protocol guard looks for an optional header, SplinterProtocolVersion. If this is provided, it will return a BadRequest if the version provided is out of range.
- Add protocol guards to the Scabbard REST API endpoints
- Add protocol guards to the Admin service REST API endpoints
- Add protocol guards to the splinterd REST API endpoints
- Add protocol version guards to biome endpoints
- Add openapi documentation for the Biome routes.
- Wait full time in scabbard batch status check.
- Add a CircuitStore trait. This trait will be the external interface for access circuit information. This trait was also implemented for SplinterState directly.
- Update the circuit routes to use CircuitStore instead of an Arc<RwLock> directly.
- Include node_id in circuit vote error message when the node is not allowed to vote for a node on the proposal.
- Validate the requestor's public key length when acting on a circuit proposal or vote in the AdminService.
- Reorganize the admin REST API and move circuit REST API into the admin::rest_api module.
- Improve shutdown of event reactor by removing the delay on shutdown caused by the event::Reactor using the combination of a running flag and reacting to that flag based on the, as well as signalling and joining shutdown in the same function (delaying other shutdown activities).
- Remove unwrap in libsplinter storage module. This error was propagated to the CLI and made debugging difficult.
- Add better documentation updates for circuit-read. Includes fixing the openapi documentation for the circuit routes, as well as adding rust doc comments to the route implementations.
- Add ServiceArgValidator and implement the trait for Scabbard. The admin services will now validate that a circuit proposal has valid service arguments, using the new, experimental, trait ServiceArgValidator.
- Add the CircuitFilter, for use as strongly-typed filter parameters to the circuits function on CircuitStore.
- Update the sawtooth, sawtooth-sdk, and transact dependencies to the latest versions.
- Remove sawtooth-sdk dependency from the scabbard client; it is no longer needed with updates to transact.
- Update the scabbard client's ServiceId struct to allow creating directly from circuit and service IDs, and to check that circuit and service ID are non-empty when parsing from a string.
- Add a ClapPartialConfigBuilder object, used to construct a PartialConfig
object from Clap argument values, available behind the
config-command-line
feature flag. - Add a DefaultPartialConfigBuilder object, used to construct a PartialConfig
object from default values, available behind the
config-default
feature flag. - Add an EnvPartialConfigBuilder object, used to construct a PartialConfig
object from configuration values defined as environment variables, available
behind the
config-env-var
feature flag. - Separate the TomlConfig object from the PartialConfigBuilder implementation as this object is now used to define the valid format for a configuration toml file.
- Renamed the previous PartialConfigBuilder implementation for the TomlConfig to TomlPartialConfigBuilder.
- Add the ConfigBuilder object, which takes in PartialConfigs and then constructs a Config object from the values set in the PartialConfig objects.
- Add the Config object; it is used to hold configuration variables compiled from several PartialConfig builder objects as well as the source of each respective value.
- Simplify logging for the Config object to display the raw configuration variables defined in the Config object.
- Added more robust logging for file operations, logging the fully qualified path of a file anytime a file is used.
- Remove the deprecated generate-cert feature. Now you must use the
splinter cert generate
command to create development certificates and keys for using the TLS transport. - Clean up the main function in splinterd, specifically in how the Config objects are used.
- Handle OPTIONS and CORS Requests in splinterd. Respond to an HTTP OPTIONS request by returning all of the allowed methods. Also add support for handling CORS requests, guarded by a rust feature "rest-api-cors". This checks the preflight conditions of the request, and fails the request if the preflight conditions are not met.
- Update the output of the
circuit
andproposal
subcommands to default to a human readable format. - Add experimental
node alias
subcommand to save node information locally. This information can be used to simplify creating circuits. - Add experimental
circuit default
commands to save local defaults for service-types and management type. This information can be used to simplify creating circuits. - Rename keygen
--admin
to--system
to better reflect the functionality of the flag, which is to generate keys for use by a splinter node. - Send the ADMIN_PROTOCOL_VERSION with the SplinterProtocolVersion header when making admin client requests.
- Set the log level for low level crates to Warn to reduce the noise when using the cli with -vv
- Rewrite the circuit create command so it does not accept a circuit definition in a YAML file, but rather it creates the circuit definition based on CLI arguments.
- Add improved help text for
splinter cert generate
.
- Add
GET /state
andGET /state/{address}
endpoints for scabbard, behind the experimentalscabbard-get-state
feature. - Add contract list/show subcommands to scabbard CLI.
scabbard list
will list the name, versions and owners of deployed contracts.scabbard show
will print out the name version, inputs, outputs and who created the contract. - Send the SCABBARD_PROTOCOL_VERSION with the SplinterProtocolVersion header when making scabbard client requests.
- Fix "execute" feature name in cfg's.
- Eliminate recursion in scabbard client's wait. Update the scabbard client's
wait_for_batches
function to use a loop rather than recursion to avoid stack overflows. - Use new transaction/batch building pattern enabled by sabre/sawtooth/transact to simplify submitting transactions.
- Load .scar files using transact's new .scar file loading functionality; this
changes the
contract upload
command to take a path and a contract name/version as arguments rather than a file path for the .scar file.
- Add rest-api feature to Cargo toml. This fixes a bug where it could not build if built outside of the workspace.
- Fix games disappearing on refresh. Adds a check to ensure that games are not refreshed if selectedGameroom state is empty.
- Remove the vuex-module-decorators dependency, which was causing issues with debugging and provides little benefit.
- Implement a new component, Loading, which renders a spinner and a message supplied by a prop. This standardizes the approach to loading indicators throughout gameroom.
- Update the vuex page loading store to store a message.
- Trigger a loading indicator when pages are being lazy loaded or data has to be fetched before the page can fully load
- Update gameroom daemon to actix 2.0.
- Remove unnecessary Pike namespace permissions from setting up the XO contract in the gameroom daemon.
- Use new transaction/batch building pattern enabled by sabre/sawtooth/transact to simplify submitting transactions to scabbard.
- Update the Sabre version for transactions submitted by the gameroom web app to match the Sabre version used by scabbard (v0.5).
- Change gameroom cli version to match the rest of the repo
- Add curl to the scabbard-cli docker image to enable fetching remote .scar files.
- Add scabbard to splinter-dev dockerfile
- Splinter supports dynamic multi-party circuit creation in scenarios where the peers are not connected when the circuit proposal is submitted.
- A new scabbard CLI provides experimental subcommands to submit batches of transactions to a scabbard service.
- New experimental endpoints have been added to get state from a scabbard service.
- Information on how to run the Gameroom demo using Kubernetes is available in docker/kubernetes/README.md.
- Enable more than two-party circuit connection. The admin service now waits for all nodes in the circuit proposal to be peered before handling a consensus proposal.
- Add Biome (user management) routes for fetching, listing and deleting users and updating credentials.
- Establish connection to peers when handling votes. If the connection between nodes is dropped after a proposal is submitted, a node will try to re-establish the connection before submitting the vote.
- Add support to configure the timeout value for two-phase commit.
- Set the default timeout for admin and scabbard services to 30 seconds.
- Add experimental endpoints (behind the "scabbard-get-state" feature) for fetching and listing entries in scabbard state.
- Replace the current Config object with a PartialConfig and a PartialConfigBuilder. This is the first part of significantly refactoring how the Splinter daemon is configured.
- Fix the panic caused by unwrapping a bad protobuf message
- Add example files and instructions (in docker/kubernetes) on how to run the Gameroom demo using Kubernetes.
- Add the scabbard CLI with experimental subcommands that closely resemble those of the sabre CLI in Sawtooth Sabre.
- Add a keygen subcommand to generate a user's public/private key pair. This subcommand uses the "keygen" experimental feature.
- Update the libsplinter Cargo.toml file to include only experimental and stable in the list of features in package.metadata.docs.rs.
- Add the Gameroom CLI to the splinter-dev docker image.
- Publish Docker images built with experimental features during nightly cron builds.
- Fix the wait for batch status in the ScabbardClient by adding the base URL if one is not provided.
- Add comments to ScabbardClient tests.
- Add the CLI flag --enable-biome to the splinterd CLI. The addition of this flag relaxes the requirement that the database-url option must be set. Currently, the database-url option is only required for the Biome subsystem.
- Add migrations for the Gameroom database to support upgrading an existing gameroom daemon.
- Add gameroom CLI, which will initially be used to migrate the gameroom database.
- A Splinter crate is now available at https://crates.io/crates/splinter.
- The "splinter" CLI has new experimental subcommands:
- splinter circuit create (create a circuit)
- splinter circuit vote (vote on a circuit)
- splinter circuit list (display a list of circuits)
- splinter circuit proposals (display a list of circuit proposals)
- splinter circuit show (display circuit and proposal details)
- The new node registry format is enforced as of release 0.3.8. Each entry in the node registry must specify a node ID, a display name, and an endpoint.
- Add experimental list and fetch routes for circuit proposals to the admin service REST API.
- Add key management routes to the Biome REST API, including POST, GET and PATCH to /biome/users/{user_id}/keys.
- Fix Scabbard initial events by rejecting an empty last_seen_event query parameter and properly handling empty transaction receipt stores.
- Add a newline to key files generated by the splinter CLI.
- Start initial implementation of ScabbardClient, which provides a convenient way to submit batches to a scabbard instance.
- Add experimental Biome users API routes to splinterd.
- Add experimental list and fetch routes for circuit proposals to the admin service REST API.
- Log a debug message instead of a warning when the splinterd config file is not found.
- Remove panics that can be caused by a user from Splinter daemon startup.
- Fix typos and standardize capitalization in splinterd help and error messages.
- Implement experimental "circuit create" subcommand.
- Implement experimental "circuit vote" subcommand.
- Add experimental "circuit list" and "circuit show" subcommands.
- Add "splinter circuit proposals" subcommand to list proposals.
- Add support for showing proposal details to "circuit list" subcommand.
- Change verbose and quiet flags to be global.
- Add a docker-compose file that uses published images. This compose file can be used along with the repository in situations where building from scratch is not feasible.
- Update the Gameroom README with CARGO_ARGS instructions for running with experimental features.
- Update splinterd packaging for the current node registry format.
- Log current git HEAD commit hash during docker image builds.
- Add a description to the Cargo.toml files.
- A new "experimental" feature set. Features marked as experimental are available for use, but are subject to change.
- The “splinter-cli” command has been renamed to “splinter”.
- The Splinter CLI name has changed from “splinter-cli” to “splinter”. “splinter-cli” remains as an alias for “splinter”, but should be considered deprecated as of this release.
- The node registry trait was extensively updated to support iteration, implementation-agnostic filtering, and simplified modifications.
- The protobuf files are now under the libsplinter subdirectory. This enables publishing the "splinter" library crate.
- NodeRegistry::list_nodes now returns an iterator.
- NodeRegistry::update_node and add_node have been merged to NodeRegistry::insert.
- The REST API implementations for circuits, node registry, and key registry have moved from splinterd to libsplinter.
- A new "rest-api" stable feature includes the library functions mentioned above.
- New Biome features for user-related functionality such as credentials and key
management. (Biome is the libsplinter module that supports user management.)
- "biome"
- "biome-credentials"
- "biome-key-management"
- "biome-notifications"
- A new "experimental" feature set that includes all experimental features.
- The admin service and the scabbard service can now send catch-up events to bring new subscribers up to date
- The splinterd --generate-certs flag, which was deprecated in 0.3.6, is still available by default. In 0.3.8, the flag will not be available by default. Instead, you must use the Rust compile-time feature “generate-certs” to explicitly enable the deprecated --generate-certs flag. For more information, see the 0.3.6 release notes.
- In the next release, the splinter CLI name will change from “splinter-cli” to “splinter”. “splinter-cli” will exist as an alias for “splinter”, but should be considered deprecated as of release 0.3.8.
- Refactor the admin service and scabbard service to separate the REST API code
- Change admin service events to include a timestamp of when the event occurred
- Update the admin service to send all historical events that have occurred since a given timestamp when an app auth handler subscribes
- Update the scabbard event format to correlate directly with a transaction receipt
- Remove EventHistory from the REST API because it is no longer used
- Remove EventDealer from the REST API and replace it with the EventSender
- Update the event sender to send catch-up events as an asynchronous stream
- Add state-delta catch-up to the scabbard service, sending all events that occurred since a given event ID when a subscription request is received
- Update Network to properly clean up connections on disconnection
- Fix the splinterd --heartbeat argument to properly accept a value
- Update the gameroomd app auth handler to track the timestamp of the last-seen admin event
- Add the timestamp for the last-seen admin event to the app auth handler’s subscription request for getting any catch-up events
- Update the gameroom state-delta subscriber to track the ID of the last-seen scabbard event
- Add the ID of the last-seen scabbard event when subscribing to scabbard on restart, which lets the gameroom daemon receive catch-up events
- Replace the transact git repo dependency with a crates.io dependency
- Peers can now successfully reconnect after restarting
- Faster build times:
- Added a Dockerfile for splinter-dev docker image
- Based the installed images on the splinter-dev image
- Updated the compose files to build the installed docker images
- Added parallelization to Travis CI builds
- Initial database structure for Biome, the libsplinter module that supports user management
- New Gameroom Technical Walkthrough document that explains the Splinter functionality that powers the Gameroom application; see examples/gameroom/README.md for a link to the PDF
- The --generate-certs flag for splinterd is now deprecated. Instead, please generate development certificates and keys using the new command "splinter-cli cert generate". This command will generate the certificates and keys in /etc/splinter/certs/ (by default) or in the specified directory. Note: --generate-certs is still available by default in 0.3.6. It will be turned off in 0.3.7, but will still be available with a Rust compile-time feature flag. If using generated certificates, run splinterd with the --insecure flag.
- Improve logging:
- Log when a peer is removed
- Log an event Reactor background thread error on startup
- Log REST API background thread startup errors immediately, rather than on shutdown
- Log a WebSocket shutdown
- Log a peer connection initiation
- Log the configuration used to start splinterd
- Add timestamp and thread name to log messages
- Return an error when a peer is disconnected
- Allow consensus threads to log error and exit, rather than panic
- Enforce that member, endpoint, and service IDs are unique to a circuit
- Update the example TOML configuration file
- Verify a CircuitManagementPayload message's payload field, header field, and payload signature
- Update example circuit files to use correct enum types
- Fix a typo in DurabilityType enum
- Stop the admin service once a shutdown signal is received
- Fix a locking bug that prevented admin service from properly shutting down
- Stop running services upon admin service shutdown
- Include the service definition in service shutdown error
- Update format lint for Rust 1.39
- Add a Splinter PostgreSQL database to be used by Splinter modules
- Decouple EventDealer and EventHistory to allow the storage of events to be managed separately from event history
- Change the log levels of received messages and pings/pongs
- Update EventDealers to return error from EventDealer.add_sender method and handle errors from EventDealer.dispatch method
- Store AuthServiceEvents in a Mailbox, replacing LocalEventHistory
- Start reorganizing the admin service module
- Store pending changes as transaction receipts in scabbard
- Add a "state_" prefix to variables that refer to the scabbard LMDB backend database, which helps distinguish this database from other databases that scabbard may maintain
- Run tests behind the "experimental" feature
- Move the zmq-transport feature, which loads the ZMQ dependency, to experimental
- Rename the node registry method create_node add_node, which more accurately reflects its functionality
- Update the struct used to build REST API resources to represent multiple method and handler pairs for a given resource
- Fix the node registry implementation’s file editing to completely overwrite the YAML node registry file rather than append changes
- Add a disconnect listener to Network; this listener is used to close the connection when a peer is disconnected from the network
- Register the AuthorizationManager to listen for peer disconnections to clean up old state about the disconnected peer
- Add endpoints for local registry, including:
- POST /nodes
- DELETE /nodes/{identity}
- PATCH /nodes/{identity}
- Move the node registry implementation from splinterd to libsplinter
- Update the struct used to build REST API resources to represent multiple method and handler pairs for a given resource
- Run tests behind the experimental feature
- Add /circuits route, available with circuit-read experimental feature,
- Update splinterd to look for certificates and keys in /etc/splinter/certs (by default) or the location specified by "--cert-dir" or the environment variable SPLINTER_CERT_DIR
- Deprecate the generate-cert flag (will be removed in a future release) now that "splinter-cli cert generate" is available
- Add subcommand "cert generate" to generate certificates and keys that can be used to run splinterd for development.
- Add CSS styles for responsive side navigation bar
- Add default color styles to be used in design app
- Add default typography styles and initial typography documentation
- Add CSS class defaults and themes for navigation
- Add structure and initial introduction page for the documentation app
- Add configuration to build theme CSS bundles
- Add the initial structure for a sapling example (an application to extend Canopy)
- Implement register and initialize functions for saplings in CanopyJS
- Add lint and unit tests to Travis CI
- Refactor CanopyJS to improve clarity and extensibility
- Implement CanopyJS user
- Add a generic-themed Gameroom app to installed docker-compose file
- Add functions to check for active gamerooms and resubscribe on startup
- Add volumes for /var/lib/splinter to the docker-compose file
- Add timestamp and thread name to log messages
- Remove the hardcoded protocol for octet-stream submission; instead, use a relative URL handled by the proxy
- Attempt to reconnect WebSocket clients if a "close" message is received
- Time out WebSocket client connections and attempt to reconnect
- Convert signature hex string to bytes for signing payloads
- Base the test docker image on the splinter-dev docker image
- Fix a bug with cell selection
- Remove known errors during a .deb package install
- Add network-level heartbeats to improve peer connectivity
- Update Gameroom UI to use the WebSocket Secure protocol (wss) when the application protocol is HTTPS
- Improve libsplinter tests
- Add code of conduct to README
- Add the command-line option --common-name to splinterd
- Add initial directory structure for the Canopy project, a web application that hosts pluggable applications and tools built on Splinter
- Remove unnecessary logo files
- Update UI to use wss when the application protocol is HTTPS. This fixes an issue where the application could not communicate via WebSockets if the application was communicating over HTTPS
- Check for batch status after batch is submitted, then wait for batch to be committed or invalidated in gameroomd
- Remove member node’s metadata from gameroom propose request payload
- Fetch member node information from splinterd when gameroomd receives a gameroom propose request
- Add dockerfile for libsplinter crate generation
- Document the limitations for two-phase commit
- Add network-level heartbeats. The network now creates a thread that will send a one-way heartbeat to each connected peer every 30 seconds by default.
- Rename libsplinter crate to splinter
- Store the current state root hash for scabbard's shared transaction state in order to support restarts
- Simplify where services can be connected. This ensures that a service is connected to the first allowed node and that allowed nodes can only have one service.
- Remove peers when a node is disconnected
- Update key_not_registered test to use a valid circuit
- Rename error_msg to msg in AdminDirectMessage tests
- Correctly set message type to CircuitMessageType::CIRCUIT_DIRECT_MESSAGE in AdminDirectMessage tests
- Fix typos in doc comments
- Implement a batch status endpoint for scabbard
- Set up the Cypress integration test framework for the Gameroom UI
- Copy Splinter .proto files into installed client builds
- Redirect the user to a “Not Found” page if the page does not exist
- Set up integration tests using Cypress
- Add XO smart contract to installed gameroomd builds
- Reduce latency of events by replacing run_interval in EventDealerWebSocket with streams
- Change the scabbard database name to be the sha256 hash of service_id::circuit_id to ensure that it will be a valid file name
- Add signature and structure verification to the scabbard service when it receives batches submitted via the REST API
- Add /batch_statuses endpoint to scabbard and update /batches endpoint to return a /batch_statuses link for the submitted batch IDs
- Add config builder with toml loading (experimental feature)
- Add Dockerfile to package gameroom UI
- Update packaging for gameroomd and splinterd so modified systemd files are not overwritten
- Modify gameroomd and splinterd postinst scripts to add data directories
- Add plumbing to properly version deb packages
- Add functionality to create and play XO games
- Add EventHistory trait to EventDealer to allow for new event subscribers to catch up on previous events. This trait describes how events are stored.
- Add LocalEventHistory, a basic implementation of EventHistory that stores events locally in a queue.
- Add MessageWrapper to be consumed by EventDealerWebsockets, to allow for shutdown messages to be sent by the EventDealer
- Enforce that a Splinter service may only be added to Splinter state if the connecting node is in its list of allowed nodes
- Add Context object for WebSocket callbacks to assist in restarting WebSocket connections
- Add specified supported service types to the service orchestrator to determine which service types are locally supported versus externally supported
- Only allow initialization of the orchestrator’s supported service
- On restart, reuse the services of circuits which are stored locally
- Add circuit ID when creating a service factory, in case it is needed by the service
- Replace UUID with service_id::circuit_id, which is guaranteed to be unique on a Splinter node, to name the Scabbard database
- Fix clippy error in events reactor
- Fix tests to match updated cargo args format
- Change certain circuit fields from strings to enums
- Remove Splinter client from CLI to decrease build time
- Add ability in the UI to fetch and list XO games
- Correct arguments used to fetch the members of an existing gameroom, allowing the members to be included in the /gamerooms endpoint response
- Add GET /keys/{public_key} endpoint to gameroomd, to fetch key information associated with a public key
- Add UI functionality to create a new XO game:
- Add ability to calculate addresses
- Add methods to build and sign XO transactions and batches
- Add methods to submit XO transactions and batches
- Add form for user to create new game
- Add new game notification to UI and gameroomd
- Add player information displayed for a game in UI
- Implement XO game board in UI
- Implement XO take functionality and state styling in UI
- Add component to show game information in the Gameroom details page in the UI
- Use md5 hash of game name when creating a game, rather than URL-encoded name that handles special characters
- Add player information when updating an XO game from exported data (from state delta export)
- Add auto-generated protos for the UI
- Remove the explicit caching in the Gameroom Detail view in the UI, because Vue does this automatically
- Make various UI styling fixes
- Remove unused imports to avoid cargo compilation warnings
- Completed the code to propose, accept, and create a gameroom in the Gameroom example application
- Persist AdminService state that includes the pending circuits
- Replace the WebSocketClient with a new events module, which improves multi-threaded capabilities of the clients (libsplinter::events; requires the use of "events" feature flag)
- Improve log messages by logging the length of the bytes instead of the bytes themselves
- Fix issue with sending and receiving large messages (greater than 64k)
- Fix issues with threads exiting without reporting the error
- Removed inaccurate warn log message that said signature verification was not turned off
- Add Key Registry REST API resources
- Increase message queue sizes for the admin service's ServiceProcessor.
- Remove outdated CLI commands
- Add XoStateDeltaProcessor to Gameroom application authorization handler
- Add route to gameroom REST API to submit batches to scabbard service
- Set six-second timeout for toast notifications in the UI
- Add notification in the UI for newly active gamerooms
- Enhance invitation UI and add tabs for viewing sent, received, or all invitations
- Fix bug that caused read notifications to not appear as read in the UI
- Fix bug where the Gameroom WebSocket was sending notifications to the UI every 3 seconds instead of when a new notification was added
- Completion of circuit proposal validation, voting, and dynamic circuit creation
- Addition of key generation and management, as well as role-based permissions
- Continued progress towards proposing, accepting, and creating a gameroom in the Gameroom example application
- Add AdminService, with support for:
- Accepting and verifying votes on circuit proposals
- Committing approved circuit proposals to SplinterState
- Add notification to be sent to application authorization handlers when a circuit is ready
- Update scabbard to properly set up Sabre state by adding admin keys
- Add support for exposing service endpoints using the orchestrator and service factories
- Add WebSocketClient for consuming Splinter service events
- Add KeyRegistry trait for managing key information with a StorageKeyRegistry implementation, backed by the storage module
- Add KeyPermissionsManager trait for accessing simple, role-based permissions using public keys and an insecure AllowAllKeyPermissionManager implementation
- Add SHA512 hash implementation of signing traits, for test cases
- Add Sawtooth-compatible signing trait implementations behind the "sawtooth-signing-compat" feature flag.
- Add package metadata and license field to Cargo.toml file
- Add example configuration files, systemd files, and postinst script to Debian package
- Reorder internal service startup to ensure that the admin service and orchestrator can appropriately connect and start up
- Use SawtoothSecp256k1SignatureVerifier for admin service
- Add "splinter-cli admin keygen" command to generate secp256k1 public/private key pairs
- Add "splinter-cli admin keyregistry" command to generate a key registry and key pairs based on a YAML specification
- Add license field to all Cargo.toml files
- Rename private-xo package to private-xo-service-.deb
- Rename private-counter packages to private-counter-cli-.deb and private-counter-service-.deb
- Add package metadata and license field to gameroomd Cargo.toml file
- Add example configs, systemd files, and postinst script to gameroomd Debian package; rename package to gameroom-.deb
- Implement notification retrieval using WebSocket subscription and notifications endpoints
- Show pending and accepted gamerooms in the Gameroom UI
- Add full support for signing CircuitManagementPayloads with the user's private key and submitting it to splinterd
- Update gameroomd to specify itself as the scabbard admin and submit the XO smart contract when the circuit is ready
- Make various UI enhancements
- Completion of the two-phase commit consensus algorithm with deterministic coordination
- Continued progress towards dynamically generating circuits, including dynamic peering and circuit proposal validation
- Continued progress on the Gameroom example, including UI updates and automatic reconnection
- Add a service orchestration implementation
- Add Scabbard service factory
- Implement a deterministic two-phase commit coordinator
- Reorder the commit/reject process for the two-phase commit coordinator. The coordinator now tells proposal manager to commit/reject before broadcasting the corresponding message to other verifiers.
- Refactor two-phase commit complete_coordination. Move the process of finishing the coordination of a proposal in two-phase commit to a single function to reduce duplication.
- Implement a two-phase commit timeout for consensus proposals
- Update the two-phase commit algorithm to ignore duplicate proposals
- Allow dynamic verifiers for a single instance of two-phase commit consensus
- Add an Authorization Inquisitor trait for inspecting peer authorization state
- Add the ability to queue messages from unauthorized peers and unpeered nodes to the admin service
- Fix an issue that caused the admin service to deadlock when handling proposals
- Add Event Dealers for services to construct websocket endpoints
- Add a subscribe endpoint to Scabbard
- Validate circuit proposals against existing Splinter state
- Update create-circuit notification messages to include durability field
- Log only warning-level messages from Tokio and Hyper
- Improve Splinter component build times
- Add a NoOp registry to handle when a node registry backend is not specified
- Use service IDs as peer node IDs, in order to make them compatible with two-phase consensus
- Add server-side WebSocket notifications to the UI
- Add borders to the Acme UI
- Improve error handling and add reconnects to the Application Authorization Handler
- Add a circuit ID and hash to GET /proposals endpoint
- Standardize buttons and forms in the UI
- Improve error formatting in the UI by adding toasts and progress bar spinners
- Change the Gameroom REST API to retrieve node data automatically on startup
- Split the circuit_proposals table into gameroom and gameroom_proposals tables
- Use the Material elevation strategy for coloring the UI
- Decrease the font size
- Change the UI to redirect users who are not logged in to login page
- Add a dashboard view
- Add an invitation cards view
- Add a button for creating a new gameroom to the UI
- Add new consensus API (libsplinter::consensus)
- Add new consensus implementation for N-party, two-phase commit (libsplinter::consensus::two_phase)
- Add new service SDK with in-process service implementations (libsplinter::service)
- Add initial implementation for Scabbard, a Splinter service for running Sabre transactions with two-phase commit between services (libsplinter::service::scabbard)
- Add REST API SDK (consider this experimental, as the backing implementation may change)
- Add new node registry REST API endpoint for providing information about all possible nodes in the network, with initial YAML-file backed implementation.
- Add new signing API for verifying and signing messages, with optional Ursa-backed implementation (libsplinter::signing, requires the use of "ursa-compat" feature flag)
- Add MultiTransport for managing multiple transport types and selecting connections based on a URI (libsplinter::transport::multi)
- Add ZMQ transport implementation (libsplinter::transport::zmq, requires the use of the "zmq-transport" feature flag)
- Add peer authorization callbacks, in order to notify other system entities that a peer is fully ready to receive messages
- Add REST API instance to provide node registry API endpoints
- Add CLI parameter --bind for the REST API port
- Add CLI parameters for configuring node registryy; the default registry type is "FILE"
- Add gameroom example infrastructure, such as the gameroomd binary, docker images, and compose files
- Add Login and Register UI
- Add New Gameroom UI
- Add UI themes for both parties in demo
- Initialize Gameroom database
- Add circuit proposals table
- Initialize Gameroom REST API
- Implement Gameroom REST API authentication routes
- Implement Gameroom REST API create gameroom endpoint
- Implement Gameroom REST API proposals route
- Implement /nodes endpoint in gameroomd