Releases: authzed/spicedb
v1.34.0
Note
All datastores have a migration to add a new table for the count relationships API
Highlights
🧮 New experimental count relationships API
⏩ Better performance for minimize_latency calls on multi-region Spanner
🚩Better error messages for attempting to write invalid subjects on relationships
What's Changed
- makes it possible to compare datastore-specific revisions with datastore.NoRevision by @vroldanbet in #1907
- Add Experimental Relationship Counter API by @josephschorr in #1901
- goreleaser: refactor brew formula by @jzelinskie in #1912
- Make sure to escape underscores in resource ID prefix matches in filters by @josephschorr in #1911
- goreleaser: use build.head? in install by @jzelinskie in #1913
- Ensure stability of exclusions in validation package by @josephschorr in #1916
- Bump the go-mod group with 21 updates by @dependabot in #1919
- adds automaxprocs and automemlimit by @vroldanbet in #1921
- Update CLA link in
CONTRIBUTING.mdto point to v2 by @coderbydesign in #1918 - Return a proper error code if a wildcard subject is specified by @josephschorr in #1928
- Bump github.com/mostynb/go-grpc-compression from 1.2.2 to 1.2.3 in the go_modules group by @dependabot in #1932
- spanner: use stale reads for current_timestamp for optimized revision by @ecordell in #1935
- README: fix discord badge by @jzelinskie in #1936
- Add the debug trace to the details of the recursion error by @josephschorr in #1930
- Ensure the object type prefix is used for caveat refs as well by @josephschorr in #1940
- Support credential JSON for Spanner by @lexcao in #1942
- Add a custom linter to find any recursive error marshaling for zerolog by @josephschorr in #1944
- Add better subject error messages on write/delete validation by @josephschorr in #1943
- Export Spanner credential JSON for datastore by @lexcao in #1946
- Fix/bulk loader nullstring by @heissa83 in #1945
- Small optimized revision handling improvements by @josephschorr in #1947
- Move to go 1.22.4 for a reported go vuln by @josephschorr in #1950
- Fix empty value on optional credentialsJSON for Spanner by @lexcao in #1948
- .github: bump to snapcraft 8.x by @jzelinskie in #1952
New Contributors
- @coderbydesign made their first contribution in #1918
- @lexcao made their first contribution in #1942
- @heissa83 made their first contribution in #1945
Full Changelog: v1.33.0...v1.34.0
Docker Images
This release is available at authzed/spicedb:v1.34.0, quay.io/authzed/spicedb:v1.34.0, ghcr.io/authzed/spicedb:v1.34.0
Contributors
Assets 16
v1.33.1
Full Changelog: v1.33.0...v1.33.1
Docker Images
This release is available at authzed/spicedb:v1.33.1, quay.io/authzed/spicedb:v1.33.1, ghcr.io/authzed/spicedb:v1.33.1
v1.33.0
Highlights
🪞 Added experimental reflection APIs for reflecting information from SpiceDB schemas
⏩ Improvements in CEL performance
What's Changed
- Bump the go-mod group with 21 updates by @dependabot in #1882
- Improvements around usage of CEL by @josephschorr in #1883
- refactor bulk export relationships logic by @vroldanbet in #1886
- fetch git tags so that trivy sees the right binary version by @vroldanbet in #1887
- expose BulkExportRelationships service controller logic by @vroldanbet in #1888
- .github: pass snap store creds to goreleaser by @jzelinskie in #1889
- Start on experimental reflection apis by @josephschorr in #1885
- pkg/cmd: auto complete otel, log flags by @jzelinskie in #1890
- Update grpc health probe for reported vuln in Go by @josephschorr in #1893
- Add ExperimentalDependentRelations reflection API by @josephschorr in #1891
- Add ExperimentalComputablePermissions API by @josephschorr in #1894
- Switch spanner datastore to use the built-in stats table for estimating rel count by @josephschorr in #1892
- Remove unused datastore config by @josephschorr in #1898
- ROADMAP: init by @jzelinskie in #1902
Full Changelog: v1.32.0...v1.33.0
Docker Images
This release is available at authzed/spicedb:v1.33.0, quay.io/authzed/spicedb:v1.33.0, ghcr.io/authzed/spicedb:v1.33.0
Contributors
Assets 15
v1.32.0
Highlights
🔐 AWS IAM Authentication for Postgres, MySQL datastores
✅ LSP now supports linting rules
🐧 Linux packages now distribute shell completion
What's Changed
- add support for AWS IAM authentication for postgres by @j-white in #1858
- lsp: implement didChange and fix logging by @jzelinskie in #1868
- Ignore AST nodes without rune positioning information (such as comments) by @josephschorr in #1869
- Include doc comments in resolver generated source by @josephschorr in #1870
- Add configurable limits for all APIs by @josephschorr in #1871
- add aws iam authentication for mysql by @j-white in #1867
- goreleaser: init snap, linux shell completions by @jzelinskie in #1744
- Begin support for warnings and linting in schema by @josephschorr in #1880
- Add warnings to the LSP by @josephschorr in #1881
- generate manpages for releases by @jzelinskie in #1779
New Contributors
Full Changelog: v1.31.0...v1.32.0
Docker Images
This release is available at authzed/spicedb:v1.32.0, quay.io/authzed/spicedb:v1.32.0, ghcr.io/authzed/spicedb:v1.32.0
Contributors
Assets 16
v1.31.0
Highlights
🔤 Language Server support via spicedb lsp
🚮 Faster Postgres Garbage Collection, Relationship Touch
🔎 Faster and more memory efficient LookupResources, BulkImport
🐛 Lots of fixes to OpenTelemetry, Prometheus metrics, logging
What's Changed
- adds dependabot configuration to update GitHub Actions by @vroldanbet in #1808
- Bump docker/setup-qemu-action from 1 to 3 by @dependabot in #1811
- Bump actions/labeler from 3 to 5 by @dependabot in #1813
- add github action grouping by @vroldanbet in #1821
- Bump the gomod-version group with 24 updates by @dependabot in #1824
- Bump the gomod-version group with 1 update by @dependabot in #1822
- Bump the gomod-version group with 8 updates by @dependabot in #1823
- Bump github.com/docker/docker from 25.0.4+incompatible to 25.0.5+incompatible in /magefiles by @dependabot in #1827
- Bump the go_modules group group with 1 update by @dependabot in #1828
- report GC stats even in the event of a GC worker error by @vroldanbet in #1830
- Import request ID metadata key from
authzed-goby @alecmerdler in #1829 - Update labeler config for labeler action v5 by @josephschorr in #1832
- Bump the go-mod group with 2 updates by @dependabot in #1825
- Use type information to optimize TOUCH operations in the PG datastore by @josephschorr in #1831
- Add some additional unit tests for expected behavior and fix BulkLoad errors by @josephschorr in #1839
- Update OpenTelemetry middlewares by @alecmerdler in #1836
- Early terminate in LookupResources when no limit was specified by @josephschorr in #1835
- Add some additional deletion tests for relationships by @josephschorr in #1841
- Small mem improvements on BulkImport by @josephschorr in #1838
- Fix re-creating deleted relationships by @alecmerdler in #1843
- fixes prometheus bug where count metrics had incorrect suffixes by @vroldanbet in #1844
- Improve request-id propagation by @vroldanbet in #1845
- Bump the go-mod group with 6 updates by @dependabot in #1847
- Bump the github-actions group with 1 update by @dependabot in #1846
- Add license checking lint step to CI by @josephschorr in #1848
- Correct version requirement for datastore repair by @alecmerdler in #1849
- Update README with playground repo link by @samkim in #1852
- LookupResources Postgres query optimization by @alecmerdler in #1850
- Use a specific relation for arrow lookups in LR when applicable by @josephschorr in #1851
- Development package improvements by @josephschorr in #1853
- Initial implementation of a Language Server for SpiceDB schema by @josephschorr in #1854
- bump analyzers go.work to 1.22.2 by @ecordell in #1855
- Disable the repair tests on PG versions that do not support it by @josephschorr in #1857
- LSP improvements by @josephschorr in #1856
- introduces a faster query to tuple GC by @vroldanbet in #1859
- cmd/server: log dispatching at debug level by @jzelinskie in #1864
Full Changelog: v1.30.0...v1.31.0
Docker Images
This release is available at authzed/spicedb:v1.31.0, quay.io/authzed/spicedb:v1.31.0, ghcr.io/authzed/spicedb:v1.31.0
Contributors
Assets 16
v1.30.1
This is a hotfix release that contains the patch for CVE-2024-32001
Full Changelog: v1.30.0...v1.30.1
Docker Images
This release is available at authzed/spicedb:v1.30.1, quay.io/authzed/spicedb:v1.30.1, ghcr.io/authzed/spicedb:v1.30.1
v1.30.0
Highlights
✨ CheckBulkPermission has now graduated!
⚡ Significantly improved write and delete performance in CockroachDB resulting in a major reduction in serialization errors occurring
⚡ Significantly improve deletion performance on deletions with limits across all datastores
🔍 Filters used for read relationships and delete relationships now have resource_type as optional
✨ WatchRelationships and BulkExportRelationships now support filters
📉 Memory reduction on WriteSchema
🔍 Various improvements in observability
🐛 fixes minimum connection handling for Postgres datastore not working as intended
Note
The CockroachDB datastore has a 2-phase migration in this release, we recommend using the spicedb-operator to automate the process
Warning
BulkExportRelationships cursors have changed and won't be compatible across versions.
What's Changed
- Further fixes to flaky Postgres tests by @josephschorr in #1750
- README: htmlify, update links by @jzelinskie in #1745
- spanner: allow spicedb to run with head or head-1 migration by @ecordell in #1752
- cmd: deprecate root-level head and migrate by @jzelinskie in #1746
- re-enable gosec/G404 by @vroldanbet in #1757
- Fix small TODO in type system with a small code move by @josephschorr in #1753
- Hide a previously deprecated flag by @josephschorr in #1761
- Small improvement in tuple package to remove TODO by @josephschorr in #1754
- skip all steps for matrix jobs when the whole job should be skipped by @ecordell in #1760
- Remove duplicate testing code by @josephschorr in #1762
- VSCode launch config by @alecmerdler in #1756
- reduces chunking allocations for wide relations by @vroldanbet in #1751
- refactor Security related actions and add Snyk by @vroldanbet in #1758
- Use the same default port for the HTTP API across serve and serve-testing by @torbenw in #1749
- Close the parent context in serve_test when complete by @josephschorr in #1763
- disables Snyk checks by @vroldanbet in #1766
- Remove stale TODOs by @josephschorr in #1764
- Fix flake in singleflight test by increasing the run time slightly by @josephschorr in #1767
- enables prometheus exemplars support by @vroldanbet in #1768
- Fix flake on transaction retry test by specifying a longer timeout by @josephschorr in #1769
- Change CRDB driver to use new method for getting transaction timestamp by @josephschorr in #1770
- Delete performance improvements by @josephschorr in #1771
- Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #1777
- Bump golang.org/x/vuln from 1.0.1 to 1.0.4 by @dependabot in #1775
- Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.47.0 to 0.49.0 by @dependabot in #1774
- Bump github.com/planetscale/vtprotobuf from 0.5.1-0.20231212170721-e7d721933795 to 0.6.0 by @dependabot in #1778
- Bump cloud.google.com/go/spanner from 1.54.0 to 1.57.0 by @dependabot in #1776
- Ensure that invalid versions do not cause a nil panic by @josephschorr in #1781
- Ensure SpiceDB release versions are semver by @josephschorr in #1783
- Follow up changes for recent fixes: remove len downcasts and ensure all other downcasts are validated by @josephschorr in #1780
- fix: delete options not being passed by @ryaneorth in #1784
- Debug migrate command in VSCode by @alecmerdler in #1786
- Update gRPC health probe version for recent Go vulns by @josephschorr in #1787
- adds OpenTelemetry TraceID to logs by @vroldanbet in #1772
- Have caveat diffs properly check if an expression has changed by @josephschorr in #1788
- Extend support for relationship filtering and add relationship filtering to other APIs by @josephschorr in #1739
- Small increase in test coverage for subjects testutil by @josephschorr in #1793
- Add mage test:unitcover to generate coverage reports over all unit tests by @josephschorr in #1794
- CheckBulkPermissions by @alecmerdler in #1792
- Move health check logs to debug level by @vroldanbet in #1773
- dependency updates by @vroldanbet in #1797
- fix codeql by @vroldanbet in #1798
- use the most recent Go version with CodeQL by @vroldanbet in #1799
- fixes merge queue not supporting CodeQL by @vroldanbet in #1800
- Fix race on error member of TaskRunner by @ecordell in #1801
- Move debug traces for CheckPermission into the response by @josephschorr in #1795
- make registration of gRPC prom metrics not fail if already registered by @vroldanbet in #1803
- turns gRPC latency histogram into a toggleable option by @vroldanbet in #1805
- do not return backward incompatible
--explaindebug info in trailer by @vroldanbet in #1807
New Contributors
- @torbenw made their first contribution in #1749
- @ryaneorth made their first contribution in #1784
Full Changelog: v1.29.5...v1.30.0
Docker Images
This release is available at authzed/spicedb:v1.30.0, quay.io/authzed/spicedb:v1.30.0, ghcr.io/authzed/spicedb:v1.30.0
Contributors
Assets 15
v1.29.5
This release adds support for a phased migration in Spanner, and is otherwise the same as v1.29.2
Full Changelog: 1.29.2...v1.29.5
Docker Images
This release is available at authzed/spicedb:v1.29.5, quay.io/authzed/spicedb:v1.29.5, ghcr.io/authzed/spicedb:v1.29.5
v1.29.2
Highlights
This is primarily a bugfix release to address GHSA-h3m7-rqc4-7h9p
What's Changed
- Fix typo in datastore by @josephschorr in #1726
- Add a retry to PG connections to reduce test flakiness by @josephschorr in #1727
- Update runc dependency for reported vuln in runc by @josephschorr in #1736
- Bump golang from 1.21.5-alpine3.18 to 1.21.6-alpine3.18 by @dependabot in #1733
- Bump github.com/jackc/pgx/v5 from 5.4.3 to 5.5.2 by @dependabot in #1730
- Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.50.10 by @dependabot in #1737
- Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 by @dependabot in #1732
- Bump google.golang.org/grpc from 1.59.0 to 1.61.0 by @dependabot in #1734
- Bump google.golang.org/api from 0.152.0 to 0.161.0 by @dependabot in #1735
- Add missing datastore READMEs by @josephschorr in #1738
- Clarify that the datastore-revision-quantization-max-staleness-percent is a float value by @josephschorr in #1740
- Prevent the staleness of an optimized revision from exceeding the GC window by @josephschorr in #1741
- Reduce memory usage of WriteSchema by @josephschorr in #1743
- fixes pgx min connection count always being set to max count by @vroldanbet in #1747
Full Changelog: v1.29.1...v1.29.2
Docker Images
This release is available at authzed/spicedb:v1.29.2, quay.io/authzed/spicedb:v1.29.2, ghcr.io/authzed/spicedb:v1.29.2
Contributors
Assets 16
v1.29.1
What's Changed
- Add some invalid schema tests as per a recently reported error by @josephschorr in #1713
- Add invalid permission tests onto the various permissions APIs by @josephschorr in #1714
- Change telemetry failure to a warning and have Postgres check for its unique ID on startup by @josephschorr in #1717
- Respect dispatch concurrency limits for clusterdispatch by @sashayakovtseva in #1676
- implements schema watch support for MemDB by @vroldanbet in #1720
- fix broken v1alpha gRPC reflection support by @vroldanbet in #1718
- HLC Parsing fixes by @josephschorr in #1724
- Fix flaky Postgres GC tests by @josephschorr in #1655
- Add additional datastore revision tests by @josephschorr in #1725
New Contributors
- @sashayakovtseva made their first contribution in #1676
Full Changelog: v1.29.0...v1.29.1
Docker Images
This release is available at authzed/spicedb:v1.29.1, quay.io/authzed/spicedb:v1.29.1, ghcr.io/authzed/spicedb:v1.29.1
