Release 2021-06-08

CHANGELOG.md

@@ -14,6 +14,58 @@
 
 -->
 
+# [2021-06-08]
+
+## Release Notes
+
+This release doesn't require any extra considerations to deploy.
+
+## Release Notes for Wire.com Cloud operators
+
+Deploy brig before galley (#1526, #1549)
+
+## Features
+* Update versions of webapp, team-settings, account-pages (#1559)
+* Add missing /list-users route (#1572)
+* [Legalhold] Block device handshake in case of LH policy conflict (#1526)
+* [Legalhold] Fix: Connection type when unblocking after LH (#1549)
+* [Legalhold] Allow Legalhold for large teams (>2000) if enabled via whitelist (#1546)
+* [Legalhold] Add ClientCapabilities to NewClient. (#1552)
+* [Legalhold] Dynamic whitelisted teams & whitelist-teams-and-implicit-consent feature in tests (#1557, #1574)
+* [Federation] Add remote members to conversations (#1529)
+* [Federation] Federation: new endpoint: GET /conversations/{domain}/{cnv} (#1566)
+* [Federation] Parametric mock federator (#1558)
+* [Federation] Add more information to federation errors (#1560)
+* [Federation] Add remote users when creating a conversation (#1569)
+* [Federation] Update conversation membership in a remote backend (#1540)
+* [Federation] expose /conversations/{cnv}/members/v2 for federation backends (#1543)
+
+## Bug fixes and other updates
+* Fix MIME-type of asset artifacts 
+* Add some missing charts (#1533)
+
+# Internal changes
+* Qualify users and conversations in Event (#1547)
+* Make botsAndUsers pure (#1562)
+* Set swagger type of text schema (#1561)
+* More examples in schema-profunctor documentation (#1539)
+* Refactoring-friendly FutureWork data type (#1550)
+* nginz/Dockerfile: Run 'apk add' verbosely for debugging (#1565)
+* Introduce a generalized version of wai-extra Session type constructor (#1563)
+* Avoid wrapping error in rethrow middleware (#1567)
+* wire-api: Introduce ErrorDescription (#1573)
+* [Federation] Use Servant.respond instead of explicit SOP (#1535)
+* [Federation] Add end2end test for adding remote users to a conversation (#1538)
+* [Federation] Add required fields to Swagger for SchemaP (#1536)
+* [Federation] Add Galley component to federator API (#1555)
+* [Federation] Generalises the mock federator to work with any MonadIO m monad (#1564)
+* [Federation] Introduces the HasGalley class (#1568)
+* [Federation] Servantify JSON endpoint to send messages (#1532)
+* [Federation] federator: rename Brig -> Service and add galley (#1570)
+
+## Documentation
+* Update Rich Info docs (#1544)
+
 # [2021-05-26]
 
 ## Release Notes

Makefile

@@ -14,7 +14,7 @@ CHARTS_INTEGRATION    := wire-server databases-ephemeral fake-aws nginx-ingress-
 # (e.g. move charts/brig to charts/wire-server/brig)
 # this list could be generated from the folder names under ./charts/ like so:
 # CHARTS_RELEASE := $(shell find charts/ -maxdepth 1 -type d | xargs -n 1 basename | grep -v charts)
-CHARTS_RELEASE        := wire-server databases-ephemeral fake-aws aws-ingress backoffice calling-test demo-smtp elasticsearch-curator elasticsearch-external fluent-bit minio-external cassandra-external nginx-ingress-controller nginx-ingress-services reaper wire-server-metrics sftd
+CHARTS_RELEASE        := wire-server redis-ephemeral databases-ephemeral fake-aws fake-aws-s3 fake-aws-sqs aws-ingress  fluent-bit kibana backoffice calling-test demo-smtp elasticsearch-curator elasticsearch-external elasticsearch-ephemeral fluent-bit minio-external cassandra-external nginx-ingress-controller nginx-ingress-services reaper wire-server-metrics sftd
 BUILDAH_PUSH          ?= 0
 KIND_CLUSTER_NAME     := wire-server
 BUILDAH_KIND_LOAD     ?= 1

charts/account-pages/values.yaml

@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/account
-  tag: 2.1.4-5f9c54-v0.26.5-production
+  tag: 2.1.6-7ee369-v0.27.5-production
 service:
   https:
     externalPort: 443

charts/brig/templates/configmap.yaml

@@ -46,6 +46,7 @@ data:
       host: gundeck
       port: 8080
 
+    {{- if .enableFederator }}
     # TODO remove this
     federator:
       host: federator
@@ -54,6 +55,7 @@ data:
     federatorInternal:
       host: federator
       port: 8080
+    {{- end }}
 
     {{- with .aws }}
     aws:

charts/brig/values.yaml

@@ -29,6 +29,7 @@ config:
   # -- If set to false,  'dynamoDBEndpoint' _must_ be set.
   randomPrekeys: true
   useSES: true
+  enableFederator: false # keep enableFederator default in sync with galley chart's config.enableFederator as well as wire-server chart's tag.federator
   emailSMS:
     general:
       templateBranding:

charts/federator/templates/configmap.yaml

@@ -27,6 +27,10 @@ data:
       host: brig
       port: 8080
 
+    galley:
+      host: galley
+      port: 8080
+
     {{- with .Values.config }}
 
     logNetStrings: True # log using netstrings encoding:

charts/federator/templates/tests/configmap.yaml

@@ -13,4 +13,6 @@ data:
     brig:
       host: brig
       port: 8080
-
+    galley:
+      host: galley
+      port: 8080

charts/galley/templates/configmap.yaml

@@ -32,6 +32,12 @@ data:
       host: spar
       port: 8080
 
+    {{- if .enableFederator }}
+    federator:
+      host: federator
+      port: 8080
+    {{- end }}
+
     {{- if (.journal) }}
     journal:
       queueName: {{ .journal.queue }}

charts/galley/templates/tests/configmap.yaml

@@ -16,6 +16,10 @@ data:
       host: cannon
       port: 8080
 
+    federator:
+      host: federator
+      port: 8080
+
     provider:
       privateKey: /etc/wire/integration-secrets/provider-privatekey.pem
       publicKey: /etc/wire/integration-secrets/provider-publickey.pem

charts/galley/values.yaml

@@ -19,6 +19,7 @@ config:
   cassandra:
     host: aws-cassandra
     replicaCount: 3
+  enableFederator: false # keep enableFederator default in sync with brig chart's config.enableFederator as well as wire-server chart's tag.federator
   settings:
     maxTeamSize: 500
     maxConvSize: 500

charts/nginz/values.yaml

@@ -80,6 +80,9 @@ nginx_conf:
       envs:
       - all
       doc: true
+    - path: /list-users
+      envs:
+      - all
     - path: ~* ^/api/swagger.json$
       disable_zauth: true
       envs:
@@ -210,6 +213,11 @@ nginx_conf:
       - staging
       disable_zauth: true
       basic_auth: true
+    - path: ~* ^/i/legalhold/whitelisted-teams(.*)
+      envs:
+        - staging
+      disable_zauth: true
+      basic_auth: true
     - path: /cookies
       envs:
       - all

charts/team-settings/values.yaml

@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/team-settings
-  tag: 3.4.0-03c7a9-v0.28.2-production
+  tag: 3.5.1-e08322-v0.28.10-production
 service:
   https:
     externalPort: 443

charts/webapp/values.yaml

@@ -9,7 +9,7 @@ resources:
     cpu: "1"
 image:
   repository: quay.io/wire/webapp
-  tag: 2021-04-01-production.0-254d51-v0.28.3-production
+  tag: 2021-05-10-production.0-2e9ab3-v0.28.10-production
 service:
   https:
     externalPort: 443

charts/wire-server/values.yaml

@@ -9,5 +9,5 @@ tags:
   team-settings: false
   account-pages: false
   legalhold: false
-  federator: false
+  federator: false # see also galley.config.enableFederator and brig.config.enableFederator
   sftd: false

deploy/services-demo/conf/nginz/nginx.conf

@@ -226,6 +226,11 @@ http {
       proxy_pass http://brig;
     }
 
+    location /list-users {
+      include common_response_with_zauth.conf;
+      proxy_pass http://brig;
+    }
+
     location /search {
       include common_response_with_zauth.conf;
       proxy_pass http://brig;

docs/reference/user/rich-info.md

@@ -70,35 +70,76 @@ Connected users who are not members of user's team will not receive an event (no
 
 ## SCIM support {#RefRichInfoScim}
 
-Rich info can be pushed to Wire by setting the `"richInfo"` field belonging to the `"urn:wire:scim:schemas:profile:1.0"` extension. Both `PUT /scim/v2/Users/:id` and `POST /scim/v2/Users/:id` can contain rich info. Here is an example for `PUT`:
+Rich info can be pushed to Wire by setting JSON keys under the `"urn:ietf:params:scim:schemas:extension:wire:1.0:User"` extension. Both `PUT /scim/v2/Users/:id` , `PATCH /scim/v2/Users/:id` and `POST /scim/v2/Users/:id` can contain rich info. Here is an example for `PUT`:
 
 ```javascript
 PUT /scim/v2/Users/:id
 
 {
     ...,
-    "urn:wire:scim:schemas:profile:1.0": {
-        "richInfo": [
-            {
-                "type": "Department",
-                "value": "Sales & Marketing"
-            },
-            {
-                "type": "Favorite color",
-                "value": "Blue"
-            }
-        ]
+    "urn:ietf:params:scim:schemas:extension:wire:1.0:User": {
+        "Department": "Sales & Marketing",
+        "FavoriteColor": "Blue"
     }
 }
 ```
 
+Here is an example for `PATCH`:
+
+```json
+PATCH /scim/v2/Users/:id
+
+{
+  "schemas": [
+    "urn:ietf:params:scim:api:messages:2.0:PatchOp"
+  ],
+  "operations": [
+    {
+      "op": "add",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:Department",
+      "value": "Development "
+    },
+    {
+      "op": "replace",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:Country",
+      "value": "Germany"
+    },
+    {
+      "op": "remove",
+      "path": "urn:ietf:params:scim:schemas:extension:wire:1.0:User:City"
+    }
+  ]
+}
+
+```
+
 Rich info set via SCIM can be queried by doing a `GET /scim/v2/Users` or `GET /scim/v2/Users/:id` query.
 
-### SCIM provisioning agent support {#RefRichInfoScimAgents}
+### Set up SCIM RichInfo mapping in Azure {#RefRichInfoScimAgents}
+
+Go to your provisioning page
+
+![image](https://user-images.githubusercontent.com/628387/119977043-393b3000-bfb8-11eb-9e5b-18a955ca3181.png)
+
+Click "Edit attribute mappings"
+
+Then click "Mappings" And then click **Synchronize Azure Active Directory Users to _appname_**
+![image](https://user-images.githubusercontent.com/628387/119977488-c9797500-bfb8-11eb-81b8-46376f5fdadb.png)
+
+Click "Show Advanced options" and then **Edit attribute list for _appname_**
+![image](https://user-images.githubusercontent.com/628387/119977905-3f7ddc00-bfb9-11eb-90e2-28da82c6f13e.png)
+
+Add a new attribute name. The type should be `String` and the name should be prefixed with `urn:ietf:params:scim:schemas:extension:wire:1.0:User:`
+e.g. `urn:ietf:params:scim:schemas:extension:wire:1.0:User:Location`
+
+![image](https://user-images.githubusercontent.com/628387/119978050-70f6a780-bfb9-11eb-8919-93e32bf76d79.png)
+
+Hit **Save** and afterwards hit **Add New Mapping**
+
+Select the Azure AD Source attribute you want to map, and map it to the custom **Target Attribute** that you just added.
+![image](https://user-images.githubusercontent.com/628387/119978316-c5018c00-bfb9-11eb-9290-2076ac1a05df.png)
 
-* Okta: unable to push fields in the format we require (checked on 2019-02-21).
 
-* OneLogin: likely able to push fields.
 
 ## Limitations {#RefRichInfoLimitations}
 

hack/helm_vars/wire-server/values.yaml

@@ -6,7 +6,7 @@ tags:
   cannon: true
   cargohold: true
   spar: true
-  federator: true
+  federator: true # also see galley.config.enableFederator and brig.config.enableFederator
   proxy: false
   webapp: false
   team-settings: false
@@ -53,6 +53,7 @@ brig:
       sessionTokenTimeout: 20
       accessTokenTimeout: 30
       providerTokenTimeout: 60
+    enableFederator: true # keep in sync with galley.config.enableFederator and tags.federator!
     optSettings:
       setActivationTimeout: 5
       # keep this in sync with brigSettingsTeamInvitationTimeout in spar/templates/tests/configmap.yaml
@@ -140,6 +141,7 @@ galley:
     cassandra:
       host: cassandra-ephemeral
       replicaCount: 1
+    enableFederator: true # keep in sync with brig.config.enableFederator and tags.federator!
     settings:
       maxConvAndTeamSize: 16
       maxTeamSize: 32
@@ -150,7 +152,7 @@ galley:
       federationDomain: integration.example.com
       featureFlags:
         sso: disabled-by-default  # this needs to be the default; tests can enable it when needed.
-        legalhold: disabled-by-default
+        legalhold: whitelist-teams-and-implicit-consent
         teamSearchVisibility: disabled-by-default
     journal:
       endpoint: http://fake-aws-sqs:4568

libs/api-bot/src/Network/Wire/Bot/Monad.hs

@@ -387,7 +387,8 @@ addBotClient self cty label = do
             newClientType = cty,
             newClientClass = Nothing,
             newClientCookie = Nothing,
-            newClientModel = Nothing
+            newClientModel = Nothing,
+            newClientCapabilities = Nothing
           }
   cid <- clientId <$> runBotSession self (registerClient nc)
   clt <- BotClient cid label box <$> liftIO Clients.empty

libs/api-client/src/Network/Wire/Client/API/Conversation.hs

@@ -140,6 +140,6 @@ createConv users name = sessionRequest req rsc readBody
       method POST
         . path "conversations"
         . acceptJson
-        . json (NewConvUnmanaged (NewConv users name mempty Nothing Nothing Nothing Nothing roleNameWireAdmin))
+        . json (NewConvUnmanaged (NewConv users [] name mempty Nothing Nothing Nothing Nothing roleNameWireAdmin))
         $ empty
     rsc = status201 :| []

libs/api-client/src/Network/Wire/Client/API/Push.hs

@@ -36,6 +36,7 @@ module Network.Wire.Client.API.Push
     OtrMessage (..),
     SimpleMembers (..),
     SimpleMember (..),
+    smId,
     UserIdList (..),
     UserInfo (..),
 

libs/bilge/bilge.cabal

@@ -4,7 +4,7 @@ cabal-version: 1.12
 --
 -- see: https://github.com/sol/hpack
 --
--- hash: d7b6994200506c693bb43f8b717b697cb25b91d7f649aea638af47d010c72c40
+-- hash: 8edb13a7bddfafe7d2906bff5e3671bd529be1c1726e113907c70a373cfc2606
 
 name:           bilge
 version:        0.22.0
@@ -30,6 +30,7 @@ library
       Bilge.Response
       Bilge.Retry
       Bilge.RPC
+      Bilge.TestSession
   other-modules:
       Paths_bilge
   hs-source-dirs: