Releases: authzed/spicedb
v1.39.1
This patch release includes a fix for a bug where exporting relationships were not including caveats.
What's Changed
- Backport changes from #2163 into 1.39.0 by @josephschorr in #2164
Full Changelog: v1.39.0...v1.39.1
Docker Images
This release is available at authzed/spicedb:v1.39.1
, quay.io/authzed/spicedb:v1.39.1
, ghcr.io/authzed/spicedb:v1.39.1
v1.39.0
Warning
1.39.0 has a bug in BulkExportRelationships
where caveat data is not included in exported relationships. Please update to v1.39.1 if you are using Bulk Export and Caveats.
Highlights
Introducing
📊 Native histograms for gRPC server metrics
🏥 Smarter health checks with user-specified set of safe migrations
🧹 Remove LookupResources v1 implementation
🗃️ Improvements for transaction metadata
Foundational work
⌛ Expiring relationships: foundational work to natively support defining relations in schema that last for set amount of time. This release introduces core system updates and changes to the type system and schema compiler.
🎼 Composable schemas: initial steps to support multi-part SpiceDB schemas by implementing local import functionality in this release.
Features
- Type system changes for first-class expiration support by @josephschorr in #2145
- Parser changes for supporting relationship expiration by @josephschorr in #2141
- Schema compiler support for relationship expiration trait by @josephschorr in #2142
- Add explicit option to enable expiration in schema by @josephschorr in #2144
- Add support to the core and tuple packages for relationship expiration by @josephschorr in #2146
- Copy old schema package into new package by @tstirrat15 in #2101
- Implement parsing of local imports by @tstirrat15 in #2103
- Update compiler to consume local imports by @tstirrat15 in #2116
- Handle circular and duplicate imports by @tstirrat15 in #2123
- Enable native histograms in server latency metrics by @bison in #2102
- Make all and any into keywords by @tstirrat15 in #2105
- Adds postgres index to support efficient querying via Watch API by @vroldanbet in #2143
- Add subject filters in schema relation delete to force use of the index by @josephschorr in #2131
- Introduce emission strategy into CockroachDB Watch API by @vroldanbet in #2120
- Introduces ByteSortable method in Revision by @vroldanbet in #2125
Enhancements
- Increase the aggressive postgres instantiation timeout of 5 seconds to 30 seconds #2094 by @anoopsundial in #2095
- Change from using protos to structs for relationships, ONRs and RRs by @josephschorr in #2081
- Updates to tuple helpers by @tstirrat15 in #2107
- Add relationtuple stringifying function by @tstirrat15 in #2112
- Add currently-enabled workflow to release windows by @tstirrat15 in #2087
- Add a new consistency middleware for full-consistency-only callers by @josephschorr in #2109
- Move consistency middleware into pkg so embedded uses can override by @josephschorr in #2110
- Remove internal label from consistency middleware to allow it to be replaced by @josephschorr in #2111
- Small improvements for transaction metadata by @josephschorr in #2115
- Add a flag to allow spicedb to run against non-head migrations by @ecordell in #2137
-Issue a checkpoint when head revision moved outside an application transaction by @vroldanbet in #2139 - Ensure caveats are read in bulk import by @josephschorr in #2147
Fixes
- Fix MySQL test breakage caused by daylight savings change by @josephschorr in #2117
- Change the trivy database to work around rate limits by @josephschorr in #2104
- Remove LookupResources v1 implementation by @tstirrat15 in #2099
- Fix signature of MustParseV1Rel by @tstirrat15 in #2108
- Use complete sentence in error by @drigz in #2118
- Improve PG serialization error on writes by @josephschorr in #2126
- Fix HCLRevision mismatch on zero logical clock by @vroldanbet in #2122
- Add missing limit in schema delta checking by @josephschorr in #2130
- Postgres watch: checkpoints should move the high watermark revision by @vroldanbet in #2140
- Fix cache inconsistency segfault by @tstirrat15 in #2148
- Fix: schema watch causes incorrect delete event for schema changes by @vroldanbet in #2149
- Changes to address flaky DB tests by @josephschorr in #2154
- Remove duplicate clause from namespace deletion in PG driver by @josephschorr in #2153
- Remove t.Parallel from pgbouncer tests to fix flakes by @josephschorr in #2155
- Add missing service label in metrics for consistency by @josephschorr in #2156
Updated dependencies
- pkg/proto: adopt CodecV2 and gRPC buffer pooling by @jzelinskie in #2070
- Bump golang from 1.23.1-alpine3.20 to 1.23.2-alpine3.20 in the docker group by @dependabot in #2114
- Bump the go-mod group across 1 directory with 23 updates by @dependabot in #2119
- Bump golang from 1.23.2-alpine3.20 to 1.23.3-alpine3.20 in the docker group by @dependabot in #2151
- Bump the go-mod group with 18 updates by @dependabot in #2150
New Contributors
- @anoopsundial made their first contribution in #2095
- @drigz made their first contribution in #2118
Full Changelog: v1.38.0...v1.39.0
v1.38.1
What's Changed
- backport: Add subject filters in schema relation delete to force use of the index by @vroldanbet in #2136
Full Changelog: v1.38.0...v1.38.1
Docker Images
This release is available at authzed/spicedb:v1.38.1
, quay.io/authzed/spicedb:v1.38.1
, ghcr.io/authzed/spicedb:v1.38.1
v1.37.2
What's Changed
- backport: Add subject filters in schema relation delete to force use of the index by @vroldanbet in #2132
Full Changelog: v1.37.1...v1.37.2
Docker Images
This release is available at authzed/spicedb:v1.37.2
, quay.io/authzed/spicedb:v1.37.2
, ghcr.io/authzed/spicedb:v1.37.2
v1.38.0
Note
All datastores have a migration to add new columns (MySQL, Postgres) or new tables (CRDB, Spanner) for transaction metadata
Highlights
ℹ️ Write transactions now support metadata which can be attached to the call and which is then returned by the Watch API
Features
- Implement support for metadata associated with read-write transactions by @josephschorr in #1914
- Add API support for transaction metadata on WriteRels and DeleteRels by @josephschorr in #2084
- Metrics: spicedb_environment_info from telemetry by @jzelinskie in #2093
Enhancements
- Emit memdb checkpoints after changes by @vroldanbet in #2082
Fixes
- Fix CI errors on recent merge by @vroldanbet in #2092
Updated Dependencies
- Bump the go-mod group with 15 updates by @dependabot in #2083
Full Changelog: v1.37.0...v1.38.0
Docker Images
This release is available at authzed/spicedb:v1.38.0
, quay.io/authzed/spicedb:v1.38.0
, ghcr.io/authzed/spicedb:v1.38.0
v1.37.1
Note
1.37.1 fixes a reported issue with LookupResources v2. It is recommended that all users of v1.37.0 upgrade to v1.37.1. See: GHSA-3c32-4hq9-6wgj
Full Changelog: v1.37.0...v1.37.1
Docker Images
This release is available at authzed/spicedb:v1.37.1
, quay.io/authzed/spicedb:v1.37.1
, ghcr.io/authzed/spicedb:v1.37.1
v1.37.0
Warning
1.37.0 enables LookupResources v2 by default, which was found to not be passing caveat context to dispatches in certain scenarios, causing permissions of CONDITIONAL
to be returned instead of determined results. We recommend upgrading to v1.37.1 which fixes this problem. See: GHSA-3c32-4hq9-6wgj
Highlights
⭐ LookupResources v2 now enabled by default!
Features
- Enable LRv2 by default and update the steelthread tests by @josephschorr in #2079
Enhancements
- Add support for secondary dispatching on LR2 by @josephschorr in #2069
- Stop using yaml anchors in release action configuration by @tstirrat15 in #2071
- Make bulk export service functions use read-only datastore by @vroldanbet in #2072
- README: rework sections: zanzibar, contrib, users by @jzelinskie in #2060
- Register common flags with helper by @tstirrat15 in #2074
Fixes
- Fix serve-devtools command and flags by @tstirrat15 in #2073
- Fixes memory leak via HTTP Gateway by @vroldanbet in #2075
- Remove duplicate and redundant code by @cuishuang in #2080
Updated dependencies
- Bump to most recent version of goreleaser by @tstirrat15 in #2067
New Contributors
@cuishuang made their first contribution in #2080
Full Changelog: v1.36.3...v1.37.0
v1.36.2
This fixes a small issue with the spicedb datastore head
command but is otherwise the same as https://github.com/authzed/spicedb/releases/tag/v1.36.0
Full Changelog: v1.36.0...v1.36.2
Docker Images
This release is available at authzed/spicedb:v1.36.2
, quay.io/authzed/spicedb:v1.36.2
, ghcr.io/authzed/spicedb:v1.36.2
v1.36.0
Highlights
🔐 Added relationship integrity: protects authorization data in an underlying SpiceDB datastore from inadvertent modification.
📋 Reorganized spicedb serve
flags into logically-related flagsets
🚤 Ensure cursored LRv2 calls are dispatched to LRv2
Features
- Relationship integrity by @josephschorr in #1980
- Implement non-experimental bulk import and export by @tstirrat15 in #2065
Enhancements
- Ensure cursored LRv2 calls are dispatched to LRv2 by @josephschorr in #2040
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Check data structure improvements by @josephschorr in #2037
- Reorganize serve flags into flagsets by @tstirrat15 in #2023
- Add a default connect timeout for watch in CRDB driver by @josephschorr in #2041
- Have diffexpr handle the case of adding to a single child expression by @josephschorr in #2038
- Add configurable max buffer size for watch change tracker by @josephschorr in #2044
- Add continuous checkpointing to Datastore Features by @vroldanbet in #2064
- Add analyzer to enforce usage of VT versions of marshalling and unmarshalling by @tstirrat15 in #2043
- Make the max size exceeded error public by @josephschorr in #2049
- Add goreleaser configuration to push Windows package to Chocolatey by @josephschorr in #1879
Fixes
- Cleanup handling of internal errors in Check dispatch by @josephschorr in #2029
- Only add the finalizer on iterators when CI testing by @josephschorr in #2034
- Ensure the validationfile loader passes the full caveats to the typesystem by @josephschorr in #2042
- Fix data type for pg_class relcount by @josephschorr in #2046
- Remove unnecessary branch from limit logic by @tstirrat15 in #2030
- Remove duplicate update test by @josephschorr in #2051
- Remove warning for an arrow referencing a relation in its own namespace by @josephschorr in #2062
- Fix security errors in lint steps by @tstirrat15 in #2061
Updated dependencies
- Integrate updates to cobrautil by @tstirrat15 in #2031
- Bump golang from 1.22.5-alpine3.20 to 1.23.0-alpine3.20 in the docker group by @dependabot in #2050
- Bump the go-mod group with 32 updates by @dependabot in #2052
- Bump github.com/opencontainers/runc from 1.1.13 to 1.1.14 in the go_modules group by @dependabot in #2054
What's Changed
Full Changelog: v1.35.3...v1.36.0
Docker Images
This release is available at authzed/spicedb:v1.36.0
, quay.io/authzed/spicedb:v1.36.0
, ghcr.io/authzed/spicedb:v1.36.0
v1.35.3
What's Changed
- Ensure debug information is returned for recursive checks that dispatch by @josephschorr in #2017
- Add expression diffing library for schema by @josephschorr in #2016
- Change the filter count check to a debug assertions by @josephschorr in #2014
- Fix logging behavior around setting goproc limits by @tstirrat15 in #2018
- Add nicer error if the Postgres primary node has gone readonly by @josephschorr in #2025
- Ensure all resources are returned for relation check when caveats are specified by @josephschorr in #2027
- bump cobrautil for automaxprocs fix by @ecordell in #2028
Full Changelog: v1.35.2...v1.35.3
Docker Images
This release is available at authzed/spicedb:v1.35.3
, quay.io/authzed/spicedb:v1.35.3
, ghcr.io/authzed/spicedb:v1.35.3