v1.21.0-rc1

What's Changed

• Hashring test perf fix by @jakedt in #1246
• gomod: bump cobrautil by @jzelinskie in #1245
• Fix flakiness of graceful termination test by @josephschorr in #1250
• Move to v4 of kuberesolver by @josephschorr in #1249
• datastore/benchmark: add a datastore driver benchmark by @jakedt in #1231
• Move to Go version 1.20.3 to fix reported vulns in Go 1.20.2 by @josephschorr in #1252
• Set a subdictionary key for pgx logs adaptor by @josephschorr in #1253
• Fix deduplication bug in reachable resources by @josephschorr in #1226
• Make sure to bind vars in table driven tests by @josephschorr in #1255
• makes hashring spread configurable by @vroldanbet in #1256
• Bind all loop variable uses in function closures by @josephschorr in #1258
• Fix bound variables in e2e by @josephschorr in #1260
• Allow for reuse and replace of the serverversion middleware by @josephschorr in #1259
• CRDB retry backoff by @ecordell in #1195
• Add support for extended object ids by @josephschorr in #1254
• goreleaser: publish PRs to brew and not commits by @jzelinskie in #1257
• Fix flakiness of bootstrap file in serve-testing by squashing all memdb revisions by @josephschorr in #1263
• Check the defaults for hashring construction by @josephschorr in #1270
• Paginated datastore API by @jakedt in #1265
• Add a prometheus counter over the different kinds of write operations by @josephschorr in #1268
• some follow ups to paginated datastore by @vroldanbet in #1271
• Revert "goreleaser: publish PRs to brew and not commits" by @josephschorr in #1273
• Fix goreleaser by @josephschorr in #1274
• fix CRDB ReadRelationships throughput regression with new paginated approach by @vroldanbet in #1275
• Improve MySQL ReadRelationships paginated throughput by @vroldanbet in #1276
• Fix typo in comment by @AmbientLighter in #1279
• pkg/cmd/server: enable gzip server compression by @jakedt in #1282
• dockerfile: fix path to include /usr/local/bin by @ecordell in #1287
• Fix issue where Watch in Postgres was looping endlessly by @josephschorr in #1278
• Fix flake in the proxy test by @josephschorr in #1288
• Add v1 integration test for stream timeout by @josephschorr in #1277
• Add pagination support to ReverseQueryRelationships by @josephschorr in #1280
• Crossfade revisions when a new optimized revision is picked by @jakedt in #1285
• Fix flake in PG test by @josephschorr in #1298
• document the implications of using the insecure overlap strategy for cockroachdb by @ecordell in #1251
• Dependabot updates for May 2023 by @josephschorr in #1301
• Move to Go 1.20.4 to fix a reported vuln in Go by @josephschorr in #1305
• Skip initializing the telemetry collector if telemetry is disabled by @josephschorr in #1304
• Fix serialization of custom types in caveat context by @josephschorr in #1302

New Contributors

• @AmbientLighter made their first contribution in #1279

Full Changelog: v1.19.0...v1.21.0-rc1

v1.20.0

Warning
This is release includes migrations for the MySQL datastore to support extended object IDs.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

This version also has a known performance regression and it is recommended that folks running at larger scales upgrade to v1.21.0

Highlights

📛 Objects now support more characters in their names/IDs (including the full web-safe Base64 character set) and can be up to 1024 characters in length
🧪 Fix to an issue with serve-testing and ZedTokens
🐞 Fix to lookup resources deduplication bug

What's Changed

• Hashring test perf fix by @jakedt in #1246
• gomod: bump cobrautil by @jzelinskie in #1245
• Fix flakiness of graceful termination test by @josephschorr in #1250
• Move to v4 of kuberesolver by @josephschorr in #1249
• datastore/benchmark: add a datastore driver benchmark by @jakedt in #1231
• Move to Go version 1.20.3 to fix reported vulns in Go 1.20.2 by @josephschorr in #1252
• Set a subdictionary key for pgx logs adaptor by @josephschorr in #1253
• Fix deduplication bug in reachable resources by @josephschorr in #1226
• Make sure to bind vars in table driven tests by @josephschorr in #1255
• makes hashring spread configurable by @vroldanbet in #1256
• Bind all loop variable uses in function closures by @josephschorr in #1258
• Fix bound variables in e2e by @josephschorr in #1260
• Allow for reuse and replace of the serverversion middleware by @josephschorr in #1259
• CRDB retry backoff by @ecordell in #1195
• Add support for extended object ids by @josephschorr in #1254
• goreleaser: publish PRs to brew and not commits by @jzelinskie in #1257
• Fix flakiness of bootstrap file in serve-testing by squashing all memdb revisions by @josephschorr in #1263
• Check the defaults for hashring construction by @josephschorr in #1270

Full Changelog: v1.19.0...v1.20.0

Docker Images

This release is available at authzed/spicedb:v1.20.0, quay.io/authzed/spicedb:v1.20.0, ghcr.io/authzed/spicedb:v1.20.0

v1.19.1

Upgrade Notes

Warning
This is release includes a fix for CVE-2023-29193
Please read the Security Advisory to determine if you are affected and what workarounds can be applied if you cannot upgrade.

Full Changelog: v1.19.0...v1.19.1

Docker Images

This release is available at authzed/spicedb:v1.19.1, quay.io/authzed/spicedb:v1.19.1, ghcr.io/authzed/spicedb:v1.19.1

v1.19.0

Upgrade Notes

Warning
This is release includes migrations for the Postgres datastore that adds indices.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

Highlights

🚀 Cockroach and Postgres datastores are much faster
🎏 Several new flags for tuning SpiceDB for best performance
🪵 Improved log messages

What's Changed

• postgres, crdb: update pgx to v5 by @ecordell in #1232
• Add flags for maxlifetime jitter by @ecordell in #1235
• Add covering indexes to Postgres and associated testing by @josephschorr in #1118
• port: datastore/postgres: fix invalid slice appends in snapshots by @vroldanbet in #1219
• use cgr.dev/chainguard/busybox as base instead of distroless.dev/busybox by @imjasonh in #1220
• Change schema compiler to squash union and intersection trees by @josephschorr in #1213
• mysql: prevents misleading log messages by avoiding Rollback if committed by @vroldanbet in #1180
• Add better logs for when datastore or dispatcher is not ready by @josephschorr in #1221
• reverts caveat covering index for postgres datastore by @vroldanbet in #1222
• Skip checking of relation on direct computed_userset by @josephschorr in #1225
• use implicit transactions for reads on crdb and postgres by @jakedt in #1230
• introduces configurable dispatch hashring replication factor by @vroldanbet in #1227

Docker Images

This release is available at authzed/spicedb:v1.19.0, quay.io/authzed/spicedb:v1.19.0, ghcr.io/authzed/spicedb:v1.19.0

Full Changelog: v1.18.0...v1.19.0

v1.18.1

Upgrade Notes

Warning
This release breaks our semantic versioning policy and as a result is not recommended.
Please use v1.19.0 which includes this release's changes but with a version number that better reflects the contents of the release.

This is release includes migrations for the Postgres datastore that adds indices.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

What's Changed

• Add covering indexes to Postgres and associated testing by @josephschorr in #1118
• port: datastore/postgres: fix invalid slice appends in snapshots by @vroldanbet in #1219
• use cgr.dev/chainguard/busybox as base instead of distroless.dev/busybox by @imjasonh in #1220
• Change schema compiler to squash union and intersection trees by @josephschorr in #1213
• mysql: prevents misleading log messages by avoiding Rollback if committed by @vroldanbet in #1180
• Add better logs for when datastore or dispatcher is not ready by @josephschorr in #1221
• reverts caveat covering index for postgres datastore by @vroldanbet in #1222
• Skip checking of relation on direct computed_userset by @josephschorr in #1225
• use implicit transactions for reads on crdb and postgres by @jakedt in #1230
• introduces configurable dispatch hashring replication factor by @vroldanbet in #1227

Full Changelog: v1.17.0...v1.18.1

Docker Images

This release is available at authzed/spicedb:v1.18.1, quay.io/authzed/spicedb:v1.18.1, ghcr.io/authzed/spicedb:v1.18.1

v1.18.0

Highlights

🚀 Cockroach and Postgres datastores can now configure separate connection pools for read and write queries
📈 Additional metrics for datastore GC
🔄 Improved Postgres revision collision detection
🚫 Improved error codes when access is denied

What's Changed

• Add prometheus metric for GC failure in datastore by @josephschorr in #1177
• Dependabot updates for March 2023 by @josephschorr in #1188
• datastore/postgres: switch to DB snapshots as primary component of revisions by @jakedt in #1153
• makes the request caveat context size configurable by @vroldanbet in #1190
• README: refresh with more dev instructions by @jzelinskie in #1191
• README: add debug containers by @jzelinskie in #1194
• internal/datastore/crdb: split read/write connpools by @jzelinskie in #1179
• propagate option to disable stats in spanner datastore by @vroldanbet in #1192
• fixes behaviour of various datastores when HeadRevision is outside GC window by @vroldanbet in #1200
• Txid join fix by @jakedt in #1204
• fixes regression of revision precision problem in MacOS for MemDB by @vroldanbet in #1207
• changes the order gRPC prometheus middleware by @vroldanbet in #1209
• Bump golang.org/x/mod from 0.8.0 to 0.9.0 by @dependabot in #1189
• spanner: close row iterators when done by @ecordell in #1212
• datastore/postgres: fix invalid slice appends in snapshots by @jakedt in #1218

Full Changelog: v1.17.0...v1.18.0

Docker Images

This release is available at authzed/spicedb:v1.18.0, quay.io/authzed/spicedb:v1.18.0, ghcr.io/authzed/spicedb:v1.18.0

v1.17.0

Highlights

🎉 Caveats are now Generally Available!
🚀 APIs without configurable consistency have been reduced by one datastore roundtrip
☑ WriteRelationships validation now batch-loads schemas
⚠️ Additional metrics for caching and the Spanner datastore have added, requiring changes to users' PromQL queries
🪳The CockroachDB datastore GC window now warns instead of failing if the user configures an invalid window

What's Changed

• pkg/cache: implement a central collector by @jzelinskie in #1149
• makes dispatch metrics toggleable by @vroldanbet in #1151
• Change release notes update mode by @ecordell in #1150
• make cache collector unregister on close by @vroldanbet in #1152
• Mark caveats as a production-ready feature by @josephschorr in #1154
• Remove now-unused caveats flag by @josephschorr in #1155
• Fix MySQL parseTime check to use the DSN lib by @josephschorr in #1159
• improve CRDB GC error message by @vroldanbet in #1166
• adds caveats to AppliedSchemaChanges by @vroldanbet in #1167
• Fix spanner telemetry by @ecordell in #1156
• does not return an error if GC windows aren't aligned by @vroldanbet in #1169
• Move to Golang 1.19.6 to bring some security fixes by @josephschorr in #1172
• Use the shared relationships validation in dev package by @josephschorr in #1171
• Have validation for WriteRelationships batch load namespaces by @josephschorr in #1175
• Skip loading of head revision on write calls by @josephschorr in #1176

Full Changelog: v1.16.2...v1.17.0

Docker Images

This release is available at authzed/spicedb:v1.17.0, quay.io/authzed/spicedb:v1.17.0, ghcr.io/authzed/spicedb:v1.17.0

v1.16.2

What's Changed

• Expose the V1 API debug information in dev package by @josephschorr in #1107
• fixes problem with caveats not resolving protobuf types by @vroldanbet in #1109
• Make sure to catch error tokens in caveat parsing by @josephschorr in #1111
• .github: explicit github token for buf-generate by @jzelinskie in #1113
• Add additional option to CEL to compile caveat macro expressions by @josephschorr in #1112
• Part 2 of consistency tests using caveats by @josephschorr in #1106
• fixes positional argument errors failing silently by @vroldanbet in #1101
• Add a consistency test for the ipaddress type for caveats by @josephschorr in #1116
• Add consistency test for maps in caveats and better typed errors on caveat evaluation by @josephschorr in #1115
• pkg/cache: default TTL of 2x quantization window by @jzelinskie in #1110
• Remove TODOs in caveat CEL code by @josephschorr in #1121
• Only write caveats that have been possibly updated by @josephschorr in #1120

Docker Images

This release is available at:

• authzed/spicedb:v1.16.2
• quay.io/authzed/spicedb:v1.16.2
• ghcr.io/authzed/spicedb:v1.16.2
• authzed/spicedb:v1.16.2-debug
• quay.io/authzed/spicedb:v1.16.2-debug
• ghcr.io/authzed/spicedb:v1.16.2-debug

Full Changelog: v1.16.1...v1.16.2

v1.16.1

What's Changed

• Add additional goroutine leak testing to Lookup* and fix possible deadlock in ReachableResources by @josephschorr in #1086
• README: rephrase project description by @samkim in #1091
• refactor datastore flags to make them reusable by @vroldanbet in #1089
• Update reported min version for Postgres by @josephschorr in #1093
• align datastore defaults by @vroldanbet in #1092
• adds log.Ctx(ctx) calls (almost) everywhere by @vroldanbet in #1094
• Add an API test for deleting a relationship that does not exist by @josephschorr in #1095
• Consistency test reimplementation by @josephschorr in #1087
• Cleanup lock handling in task runner by @josephschorr in #1096
• Add consistency test for reading relationships by @josephschorr in #1097
• Add a distinct validation error type for schema write by @josephschorr in #1102
• Add additional consistency test cases and enable chunk size changing by @josephschorr in #1099
• Fix flake in debug tests by @josephschorr in #1104
• Optimize allocations by removing sprintf, using strings.Cut by @jzelinskie in #1098

Docker Images

This release is available at:

• authzed/spicedb:v1.16.1
• quay.io/authzed/spicedb:v1.16.1
• ghcr.io/authzed/spicedb:v1.16.1
• authzed/spicedb:v1.16.1-debug
• quay.io/authzed/spicedb:v1.16.1-debug
• ghcr.io/authzed/spicedb:v1.16.1-debug

Full Changelog: v1.16.0...v1.16.1

v1.16.0

Highlights

• Major performance improvements to the Watch API for the Postgres datastore
• v1.CheckPermission is now uses an optimization when there are many subjects with the same relation
• Caveats (experimental) are now supported in the development API
• Dispatch concurrency limits are now configurable per request type (e.g. --dispatch-check-permission-concurrency-limit)

What's Changed

• HTTP gateway graceful termination by @vroldanbet in #1001
• move off ristretto fork by @vroldanbet in #1012
• Add brief sleeps to fix flaky test on macos by @josephschorr in #1014
• Return a more descriptive error for watch when not enabled by @josephschorr in #1009
• Fix memdb to always generate unique revision IDs by @josephschorr in #1015
• Early iterator closing in dispatch by @josephschorr in #1016
• Debug API improvements by @josephschorr in #963
• Add configurable concurrency limits per dispatch type by @josephschorr in #1010
• Switch the namespace cache to use estimated costs and no serialization by @josephschorr in #1019
• internal/datastore: remove unused lock by @jzelinskie in #1021
• Fix the flake in the estimated size test for nsdefs by @josephschorr in #1023
• Fix metadata on ErrCannotWriteToPermission by @josephschorr in #1025
• Add a metric for estimated check direct queries by @josephschorr in #1024
• Remove old error message from CRDB test by @josephschorr in #1036
• Add support for caveat name and context to tuple syntax by @josephschorr in #1028
• Dependabot updates for Dec 2022 by @josephschorr in #1037
• Adjust estimated query count metric to only count dispatch if it was necessary by @josephschorr in #1030
• Link to annotated paper by @samkim in #1044
• Move to golang 1.19.4 by @josephschorr in #1049
• datastore/crdb: upgrade to v22.2.0 to get arm support by @jakedt in #1042
• Add warning when PG max connection count is lower than min by @josephschorr in #1052
• Improve the watch API performance and correctness for postgres by @jakedt in #1039
• Add prom metric for number of batch check dispatches by @josephschorr in #1048
• Add retries to the estimated size test to remove flakiness by @josephschorr in #1053
• Debug supporting caveats by @josephschorr in #1041
• Add support for tracking caveats in membership for development by @josephschorr in #1047
• Fix revision checking in memdb to allow for past now by @josephschorr in #1029
• Add another relationship parsing test by @josephschorr in #1056
• Change confusing flag help output. by @ensonic in #1043
• gomod: update cobraotel to support sample ratios by @jzelinskie in #1058
• Fix concurrent access issue in reachable resources and add additional testing and a small perf improvement by @josephschorr in #1061
• Fix debug tracing for batch dispatches by @josephschorr in #1060
• improvements on context cancellation by @vroldanbet in #1062
• Add test for dispatch metadata on all endpoints by @josephschorr in #1066
• redesigns middlware options for RunnableServer v2 by @vroldanbet in #1063
• datastore/proxy: add prom metrics to datastore operations by @jakedt in #1069
• Add exponential backoff to the GC worker for datastores by @josephschorr in #1068
• Add accessor in the dev package for V1 API by @josephschorr in #1071
• Fix bug in reachable resources that was causing extra work by @josephschorr in #1073
• Add a linter for improper use of panics and fix all found instances by @josephschorr in #1054
• Add datastore GC command to synchronously run GC by @josephschorr in #1067
• Add support for caveats in development package by @josephschorr in #1064
• reference libraries through awesome spicedb by @vroldanbet in #1076
• Dependabot updates for Jan 2023 by @josephschorr in #1084
• Direct check performance improvements by @josephschorr in #839

Docker Images

This release is available at:

• authzed/spicedb:v1.16.0
• quay.io/authzed/spicedb:v1.16.0
• ghcr.io/authzed/spicedb:v1.16.0
• authzed/spicedb:v1.16.0-debug
• quay.io/authzed/spicedb:v1.16.0-debug
• ghcr.io/authzed/spicedb:v1.16.0-debug

New Contributors

• @ensonic made their first contribution in #1043

Full Changelog: v1.15.0...v1.16.0