Release 2021-05-31

CHANGELOG.md

@@ -14,6 +14,36 @@
 
 -->
 
+[2021-05-31]
+
+## Release Notes
+
+- deploy brig before galley (#1526, #1549)
+
+## Features
+
+- Legalhold: Ensure device handshake is blocked in case of policy conflict (#1526)
+- Legalhold: Allow for large teams (>2000) if enabled via whitelist (#1546)
+- Legalhold: Add ClientCapabilities to NewClient type and addClient end-point (#1552)
+
+## Bug fixes and other updates
+
+ - Fix: Connection type when unblocking after LH (#1549)
+ - cargohold: Override outside mimetype on upload (20d0028c)
+
+## Documentation
+
+ - Update Rich Info docs (#1544)
+
+## Internal changes
+
+ - Refactoring-friendly FutureWork data type (#1550)
+ - Add required fields to Swagger for SchemaP (#1536)
+ - Add end2end test for adding remote users to a conversation (#1538)
+ - Add remote members to conversations (#1529)
+ - Use Servant.respond instead of explicit SOP (#1535)
+ - More examples in schema-profunctor documentation (#1539)
+
 # [2021-05-26]
 
 ## Release Notes

charts/galley/templates/configmap.yaml

@@ -32,6 +32,10 @@ data:
       host: spar
       port: 8080
 
+    federator:
+      host: federator
+      port: 8080
+
     {{- if (.journal) }}
     journal:
       queueName: {{ .journal.queue }}

charts/galley/templates/tests/configmap.yaml

@@ -16,6 +16,10 @@ data:
       host: cannon
       port: 8080
 
+    federator:
+      host: federator
+      port: 8080
+
     provider:
       privateKey: /etc/wire/integration-secrets/provider-privatekey.pem
       publicKey: /etc/wire/integration-secrets/provider-publickey.pem

docs/reference/user/rich-info.md

@@ -70,35 +70,76 @@ Connected users who are not members of user's team will not receive an event (no
 
 ## SCIM support {#RefRichInfoScim}
 
-Rich info can be pushed to Wire by setting the `"richInfo"` field belonging to the `"urn:wire:scim:schemas:profile:1.0"` extension. Both `PUT /scim/v2/Users/:id` and `POST /scim/v2/Users/:id` can contain rich info. Here is an example for `PUT`:
+Rich info can be pushed to Wire by setting JSON keys under the `"urn:ietf:params:scim:schemas:extension:wire:1.0:User"` extension. Both `PUT /scim/v2/Users/:id` , `PATCH /scim/v2/Users/:id` and `POST /scim/v2/Users/:id` can contain rich info. Here is an example for `PUT`:
 
 ```javascript
 PUT /scim/v2/Users/:id
 
 {
     ...,
-    "urn:wire:scim:schemas:profile:1.0": {
-        "richInfo": [
-            {
-                "type": "Department",
-                "value": "Sales & Marketing"
-            },
-            {
-                "type": "Favorite color",
-                "value": "Blue"
-            }
-        ]
+    "urn:ietf:params:scim:schemas:extension:wire:1.0:User": {
+        "Department": "Sales & Marketing",
+        "FavoriteColor": "Blue"
     }
 }
 ```
 
+Here is an example for `PATCH`:
+
+```json
+PATCH /scim/v2/Users/:id
+
+{
+  "schemas": [
+    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
+  ],
+  "operations": [
+    {
+      "op": "add",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:Department",
+      "value": "Development "
+    },
+    {
+      "op": "replace",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:Country",
+      "value": "Germany"
+    },
+    {
+      "op": "remove",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:City"
+    }
+  ]
+}
+
+```
+
 Rich info set via SCIM can be queried by doing a `GET /scim/v2/Users` or `GET /scim/v2/Users/:id` query.
 
-### SCIM provisioning agent support {#RefRichInfoScimAgents}
+### Set up SCIM RichInfo mapping in Azure {#RefRichInfoScimAgents}
+
+Go to your provisioning page
+
+![image](https://user-images.githubusercontent.com/628387/119977043-393b3000-bfb8-11eb-9e5b-18a955ca3181.png)
+
+Click "Edit attribute mappings"
+
+Then click "Mappings" And then click **Synchronize Azure Active Directory Users to _appname_**
+![image](https://user-images.githubusercontent.com/628387/119977488-c9797500-bfb8-11eb-81b8-46376f5fdadb.png)
+
+Click "Show Advanced options" and then **Edit attribute list for _appname_**
+![image](https://user-images.githubusercontent.com/628387/119977905-3f7ddc00-bfb9-11eb-90e2-28da82c6f13e.png)
+
+Add a new attribute name. The type should be `String` and the name should be prefixed with `urn:ietf:params:scim:schemas:extension:wire:1.0:User:`
+e.g. `urn:ietf:params:scim:schemas:extension:wire:1.0:User:Location`
+
+![image](https://user-images.githubusercontent.com/628387/119978050-70f6a780-bfb9-11eb-8919-93e32bf76d79.png)
+
+Hit **Save** and afterwards hit **Add New Mapping**
+
+Select the Azure AD Source attribute you want to map, and map it to the custom **Target Attribute** that you just added.
+![image](https://user-images.githubusercontent.com/628387/119978316-c5018c00-bfb9-11eb-9290-2076ac1a05df.png)
 
-* Okta: unable to push fields in the format we require (checked on 2019-02-21).
 
-* OneLogin: likely able to push fields.
 
 ## Limitations {#RefRichInfoLimitations}
 

libs/api-bot/src/Network/Wire/Bot/Monad.hs

@@ -387,7 +387,8 @@ addBotClient self cty label = do
             newClientType = cty,
             newClientClass = Nothing,
             newClientCookie = Nothing,
-            newClientModel = Nothing
+            newClientModel = Nothing,
+            newClientCapabilities = Nothing
           }
   cid <- clientId <$> runBotSession self (registerClient nc)
   clt <- BotClient cid label box <$> liftIO Clients.empty

libs/brig-types/src/Brig/Types/Connection.hs

@@ -55,7 +55,7 @@ data UserIds = UserIds
 -- | Data that is passed to the @\/i\/users\/connections-status@ endpoint.
 data ConnectionsStatusRequest = ConnectionsStatusRequest
   { csrFrom :: ![UserId],
-    csrTo :: ![UserId]
+    csrTo :: !(Maybe [UserId])
   }
   deriving (Eq, Show, Generic)
 

libs/galley-types/src/Galley/Types/Teams/Intra.hs

@@ -23,6 +23,7 @@ module Galley.Types.Teams.Intra
     TeamData (..),
     TeamStatusUpdate (..),
     TeamName (..),
+    GuardLegalholdPolicyConflicts (..),
   )
 where
 
@@ -33,6 +34,10 @@ import Data.Json.Util
 import Data.Time (UTCTime)
 import Galley.Types.Teams (Team)
 import Imports
+import Test.QuickCheck.Arbitrary (Arbitrary)
+import Wire.API.Arbitrary (GenericUniform (..))
+import Wire.API.Message (UserClients)
+import Wire.API.Team.LegalHold (LegalholdProtectee)
 
 data TeamStatus
   = Active
@@ -102,3 +107,14 @@ newtype TeamName = TeamName
   deriving (Eq, Show, Generic)
 
 deriveJSON toJSONFieldName ''TeamName
+
+data GuardLegalholdPolicyConflicts = GuardLegalholdPolicyConflicts
+  { glhProtectee :: LegalholdProtectee,
+    glhUserClients :: UserClients
+  }
+  deriving (Show, Eq, Generic)
+  deriving (Arbitrary) via (GenericUniform GuardLegalholdPolicyConflicts)
+
+instance ToJSON GuardLegalholdPolicyConflicts
+
+instance FromJSON GuardLegalholdPolicyConflicts

libs/galley-types/test/unit/Test/Galley/Types.hs

@@ -24,6 +24,7 @@ module Test.Galley.Types where
 import Control.Lens
 import Data.Set hiding (drop)
 import Galley.Types.Teams
+import Galley.Types.Teams.Intra (GuardLegalholdPolicyConflicts)
 import Imports
 import Test.Galley.Roundtrip (testRoundTrip)
 import Test.QuickCheck (Arbitrary (arbitrary))
@@ -52,7 +53,8 @@ tests =
         -- accordingly.  Just maintain the property that adding a new feature name will break
         -- this test, and force future develpers to consider what permissions they want to set.
         assertBool "all covered" (all (roleHasPerm RoleExternalPartner) (ViewTeamFeature <$> [minBound ..])),
-      testRoundTrip @FeatureFlags
+      testRoundTrip @FeatureFlags,
+      testRoundTrip @GuardLegalholdPolicyConflicts
     ]
 
 instance Arbitrary FeatureFlags where