Skip to content
Merged
Show file tree
Hide file tree
Changes from 46 commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
95cc4f7
Remove unused setEnableDevelopmentVersions option
pcapriotti Dec 12, 2023
1866995
Version expressions in brig config
pcapriotti Dec 13, 2023
4c205d3
Implement FromJSON instance for VersionExp
pcapriotti Dec 14, 2023
f91ae2f
Introduce VersionExp to all other services
pcapriotti Dec 15, 2023
415d635
WIP: tests
pcapriotti Dec 19, 2023
6108fa1
Merge remote-tracking branch 'origin/develop' into pcapriotti/disable…
battermann Jan 15, 2024
e6a183e
fix test
battermann Jan 15, 2024
312f8d1
finish test
battermann Jan 15, 2024
c3f0f84
linting
battermann Jan 15, 2024
ef740fe
ported other tests
battermann Jan 15, 2024
a79e406
wip disable dev version per default (brig only)
battermann Jan 15, 2024
f0047f7
list -> set, renaming
battermann Jan 16, 2024
d82c74a
enable all api versions locally and on CI
battermann Jan 16, 2024
b3da682
updated docs
battermann Jan 16, 2024
a478bbc
cannon: disable dev api per default
battermann Jan 16, 2024
445e3e0
cargohold: disable dev api per default
battermann Jan 16, 2024
d010fe0
Update docs/src/developer/reference/config-options.md
battermann Jan 19, 2024
a27f8db
galley: disable dev api per default
battermann Jan 16, 2024
30cb616
Merge remote-tracking branch 'origin/develop' into pcapriotti/disable…
battermann Jan 19, 2024
a9739a8
added comments
battermann Jan 19, 2024
fd5d86d
clean up
battermann Jan 19, 2024
d75269e
gundeck: dev API version disabled by default
battermann Jan 22, 2024
9a6bd83
using HasTests instance
battermann Jan 22, 2024
44ede41
proxy: disable dev API version per default
battermann Jan 22, 2024
a4ac4f2
spar: disable dev API version per default
battermann Jan 22, 2024
d928ee9
changelog
battermann Jan 22, 2024
9cbfe12
improve docs and release notes
battermann Jan 22, 2024
d3cf419
Update charts/brig/values.yaml
battermann Jan 23, 2024
03a4ef2
Update charts/cannon/values.yaml
battermann Jan 23, 2024
c5dedd4
Update charts/cargohold/values.yaml
battermann Jan 23, 2024
95b0646
Update charts/galley/values.yaml
battermann Jan 23, 2024
a8c2143
Update charts/gundeck/values.yaml
battermann Jan 23, 2024
1d2b236
Update charts/proxy/values.yaml
battermann Jan 23, 2024
7012688
Update charts/spar/values.yaml
battermann Jan 23, 2024
89de98f
small clean up and comment
battermann Jan 23, 2024
92f0e64
Merge remote-tracking branch 'origin/develop' into pcapriotti/disable…
battermann Jan 24, 2024
6ea88ec
hi ci
battermann Jan 24, 2024
7277a22
fix cannon's config for CI
battermann Jan 25, 2024
13982c0
to be removed: check Helm value propagation on CI
stefanwire Jan 25, 2024
c544fe8
revert version expression
battermann Jan 25, 2024
b04c137
remove comment in default charts
battermann Jan 25, 2024
e9a1e7f
revert changes in CI values
battermann Jan 25, 2024
da26fa4
revert changes in local configs
battermann Jan 25, 2024
b198be9
removed release notes
battermann Jan 25, 2024
8c5a3e7
brig: new flag to enable dev API
battermann Jan 26, 2024
7fb4fb6
add enableDevAPI flag to all services
battermann Jan 26, 2024
8fb59fb
renamed flag
battermann Jan 26, 2024
de47b1a
fixes
battermann Jan 26, 2024
467feb2
hi ci
stefanwire Jan 26, 2024
41cda08
Revert "fix cannon's config for CI"
battermann Jan 29, 2024
c28ee81
made disabledAPIversions required, removed VersionExpSetDefaultDev
battermann Jan 29, 2024
923a7a8
set default for disabledAPIVersions in template
battermann Jan 29, 2024
95e3b66
fix gundeck config and remove redundant test
battermann Jan 29, 2024
a5d757d
Merge remote-tracking branch 'origin/develop' into pcapriotti/disable…
battermann Jan 29, 2024
e6d6ecd
changelog and docs
battermann Jan 29, 2024
e6a7423
Fix whitespace in galley configmap
pcapriotti Jan 29, 2024
4b144f8
fix values.yaml.gotmpl
battermann Jan 29, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/5-internal/WPB-4657
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
The development API version is now disabled by default
3 changes: 3 additions & 0 deletions charts/brig/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -332,5 +332,8 @@ data:
{{- if .setOAuthMaxActiveRefreshTokens }}
setOAuthMaxActiveRefreshTokens: {{ .setOAuthMaxActiveRefreshTokens }}
{{- end }}
{{- if .setEnableDevAPI }}
setEnableDevAPI: {{ .setEnableDevAPI }}
{{- end }}
{{- end }}
{{- end }}
4 changes: 4 additions & 0 deletions charts/cannon/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ data:
disabledAPIVersions: {{ .Values.config.disabledAPIVersions }}
{{- end }}

{{- if .Values.config.enableDevAPI }}
enableDevAPI: {{ .Values.config.enableDevAPI }}
{{- end }}

kind: ConfigMap
metadata:
name: cannon
3 changes: 3 additions & 0 deletions charts/cargohold/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -59,4 +59,7 @@ data:
{{- if .disabledAPIVersions }}
disabledAPIVersions: {{ .disabledAPIVersions }}
{{- end }}
{{- if .enableDevAPI }}
enableDevAPI: {{ .enableDevAPI }}
{{- end }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/galley/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,9 @@ data:
{{- if .settings.guestLinkTTLSeconds }}
guestLinkTTLSeconds: {{ .settings.guestLinkTTLSeconds }}
{{- end }}
{{- if .settings.enableDevAPI }}
enableDevAPI: {{ .settings.enableDevAPI }}
{{- end }}
featureFlags:
sso: {{ .settings.featureFlags.sso }}
legalhold: {{ .settings.featureFlags.legalhold }}
Expand Down
4 changes: 3 additions & 1 deletion charts/gundeck/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,6 @@ data:
{{- if .disabledAPIVersions }}
disabledAPIVersions: {{ .disabledAPIVersions }}
{{- end }}
# disabledAPIVersions: [ 2 ]
maxConcurrentNativePushes:
soft: {{ .maxConcurrentNativePushes.soft }}
{{- if hasKey .maxConcurrentNativePushes "hard" }}
Expand All @@ -72,5 +71,8 @@ data:
# hard: 30 # more than this number of threads will not be allowed
maxPayloadLoadSize : {{ .maxPayloadLoadSize }}
internalPageSize : {{ .internalPageSize }}
{{- if .enableDevAPI }}
enableDevAPI: {{ .enableDevAPI }}
{{- end }}

{{- end }}
3 changes: 3 additions & 0 deletions charts/proxy/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ data:
{{- if .Values.config.disabledAPIVersions }}
disabledAPIVersions: {{ .Values.config.disabledAPIVersions }}
{{- end }}
{{- if .Values.config.enableDevAPI }}
enableDevAPI: {{ .Values.config.enableDevAPI }}
{{- end }}
host: 0.0.0.0
port: {{ .Values.service.internalPort }}
httpPoolSize: 1000
Expand Down
3 changes: 3 additions & 0 deletions charts/spar/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,9 @@ data:
{{- if .disabledAPIVersions }}
disabledAPIVersions: {{ .disabledAPIVersions }}
{{- end }}
{{- if .enableDevAPI }}
enableDevAPI: {{ .enableDevAPI }}
{{- end }}

saml:
version: SAML2.0
Expand Down
32 changes: 30 additions & 2 deletions docs/src/developer/reference/config-options.md
Original file line number Diff line number Diff line change
Expand Up @@ -648,16 +648,44 @@ optSettings:
setOAuthMaxActiveRefreshTokens: 10
```

#### Enable Development API

To enable the development API version(s), set the following flags to true for brig, cannon, cargohold, galley, gundeck, proxy, spar. This setting should be consistent across all services.

```yaml
# brig's values.yaml
config.optSettings.setEnableDevAPI: true

# cannon's values.yaml
config.enableDevAPI: true

# cargohold's values.yaml
config.settings.enableDevAPI: true

# galley's values.yaml
config.settings.enableDevAPI: true

# gundecks' values.yaml
config.enableDevAPI: true

# proxy's values.yaml
config.enableDevAPI: true

# spar's values.yaml
config.enableDevAPI: true
```

Per default the development API version(s) are disabled. Disabling an API version explicitly (as described below) takes precedence over enabled development API versions.

#### Disabling API versions

It is possible to disable one ore more API versions. When an API version is disabled it won't be advertised on the `GET /api-version` endpoint, neither in the `supported`, nor in the `development` section. Requests made to any endpoint of a disabled API version will result in the same error response as a request made to an API version that does not exist.

Each of the services brig, cannon, cargohold, galley, gundeck, proxy, spar should to be configured with the same set of disable API versions in each service's values.yaml config files.


For example to disable API version v3, you need to configure:

```
```yaml
# brig's values.yaml
config.optSettings.setDisabledAPIVersions: [ v3 ]

Expand Down
9 changes: 9 additions & 0 deletions hack/helm_vars/wire-server/values.yaml.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ brig:
setOAuthEnabled: true
setOAuthRefreshTokenExpirationTimeSecs: 14515200 # 24 weeks
setOAuthMaxActiveRefreshTokens: 10
setEnableDevAPI: true
aws:
sesEndpoint: http://fake-aws-ses:4569
sqsEndpoint: http://fake-aws-sqs:4568
Expand Down Expand Up @@ -169,6 +170,8 @@ cannon:
limits:
memory: 512Mi
drainTimeout: 0
config:
enableDevAPI: true
cargohold:
replicaCount: 1
imagePullPolicy: {{ .Values.imagePullPolicy }}
Expand All @@ -184,6 +187,7 @@ cargohold:
settings:
# See helmfile for the real value
federationDomain: integration.example.com
enableDevAPI: true
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
Expand Down Expand Up @@ -218,6 +222,7 @@ galley:
conversationCodeURI: https://kube-staging-nginz-https.zinfra.io/conversation-join/
# See helmfile for the real value
federationDomain: integration.example.com
enableDevAPI: true
featureFlags:
sso: disabled-by-default # this needs to be the default; tests can enable it when needed.
legalhold: whitelist-teams-and-implicit-consent
Expand Down Expand Up @@ -293,6 +298,7 @@ gundeck:
setMaxConcurrentNativePushes:
hard: 30
soft: 10
enableDevAPI: true
secrets:
awsKeyId: dummykey
awsSecretKey: dummysecret
Expand Down Expand Up @@ -332,6 +338,8 @@ nginz:
proxy:
replicaCount: 1
imagePullPolicy: {{ .Values.imagePullPolicy }}
config:
enableDevAPI: true
secrets:
proxy_config: |-
secrets {
Expand Down Expand Up @@ -368,6 +376,7 @@ spar:
- type: ContactSupport
company: Example Company
email: email:backend+spar@wire.com
enableDevAPI: true
tests:
{{- if .Values.uploadXml }}
config:
Expand Down
1 change: 1 addition & 0 deletions integration/integration.cabal
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ library
Test.Services
Test.Swagger
Test.User
Test.Version
Testlib.App
Testlib.Assertions
Testlib.Cannon
Expand Down
14 changes: 6 additions & 8 deletions integration/test/API/Brig.hs
Original file line number Diff line number Diff line change
Expand Up @@ -394,18 +394,16 @@ replaceKeyPackages cid suites kps = do
& addJSONObject ["key_packages" .= map (T.decodeUtf8 . Base64.encode) kps]

-- | https://staging-nginz-https.zinfra.io/v6/api/swagger-ui/#/default/get_self
getSelf :: (HasCallStack, MakesValue caller) => caller -> App Response
getSelf caller = do
req <- baseRequest caller Brig Versioned "/self"
submit "GET" req
getSelf :: (HasCallStack, MakesValue user) => user -> App Response
getSelf = getSelfWithVersion Versioned

getSelfWithVersion :: (HasCallStack, MakesValue user) => Versioned -> user -> App Response
getSelfWithVersion v user = baseRequest user Brig v "/self" >>= submit "GET"

-- | https://staging-nginz-https.zinfra.io/v6/api/swagger-ui/#/default/get_self
-- this is a low-level version of `getSelf` for testing some error conditions.
getSelf' :: HasCallStack => String -> String -> App Response
getSelf' domain uid = do
let user = object ["domain" .= domain, "id" .= uid]
req <- baseRequest user Brig Versioned "/self"
submit "GET" req
getSelf' domain uid = getSelfWithVersion Versioned $ object ["domain" .= domain, "id" .= uid]

data PutSelf = PutSelf
{ accent :: Maybe Int,
Expand Down
4 changes: 2 additions & 2 deletions integration/test/Test/Demo.hs
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ testDynamicBackend = do
ownDomain <- objDomain OwnDomain
user <- randomUser OwnDomain def
uid <- objId user
bindResponse (BrigP.getSelf' ownDomain uid) $ \resp -> do
bindResponse (BrigP.getSelf user) $ \resp -> do
resp.status `shouldMatchInt` 200
(resp.json %. "id") `shouldMatch` objId user

Expand All @@ -123,7 +123,7 @@ testDynamicBackend = do
-- now create a user in the dynamic backend
userD1 <- randomUser dynDomain def
uidD1 <- objId userD1
bindResponse (BrigP.getSelf' dynDomain uidD1) $ \resp -> do
bindResponse (BrigP.getSelf userD1) $ \resp -> do
resp.status `shouldMatchInt` 200
(resp.json %. "id") `shouldMatch` objId userD1

Expand Down
7 changes: 0 additions & 7 deletions integration/test/Test/Swagger.hs
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,6 @@ testSwagger = do
dev <- resp.json %. "development" & asSetOf asIntegral
pure $ sup <> dev
assertBool ("unexpected actually existing versions: " <> show actualVersions) $
-- make sure nobody has added a new version without adding it to `existingVersions`.
-- make sure nobody has added a new version without adding it to `existingVersions`.
-- ("subset" because blocked versions like v3 are not actually existing, but still
-- ("subset" because blocked versions like v3 are not actually existing, but still
-- documented.)
-- documented.)

-- make sure nobody has added a new version without adding it to `existingVersions`.
-- ("subset" because blocked versions like v3 are not actually existing, but still
-- documented.)
Expand Down
97 changes: 97 additions & 0 deletions integration/test/Test/Version.hs
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
module Test.Version where

import API.Brig
import qualified Data.Set as Set
import SetupHelpers
import Testlib.Prelude

newtype Versioned' = Versioned' Versioned
Comment thread
battermann marked this conversation as resolved.

-- | This instance is used to generate tests for some of the versions. (Not checking all of them for time efficiency reasons)
instance HasTests x => HasTests (Versioned' -> x) where
mkTests m n s f x =
mkTests m (n <> "[version=unversioned]") s f (x (Versioned' Unversioned))
<> mkTests m (n <> "[version=versioned]") s f (x (Versioned' Versioned))
<> mkTests m (n <> "[version=v1]") s f (x (Versioned' (ExplicitVersion 1)))
<> mkTests m (n <> "[version=v3]") s f (x (Versioned' (ExplicitVersion 3)))
<> mkTests m (n <> "[version=v6]") s f (x (Versioned' (ExplicitVersion 6)))

testVersion :: Versioned' -> App ()
testVersion (Versioned' v) = withModifiedBackend
def {brigCfg = setField "optSettings.setDisabledAPIVersions" ([] :: [String])}
$ \dom ->
bindResponse (baseRequest dom Brig v "/api-version" >>= submit "GET") $ \resp -> do
resp.status `shouldMatchInt` 200
dev <- resp.json %. "development" & asSet
supported <- resp.json %. "supported" & asSet
domain <- resp.json %. "domain" & asString
federation <- resp.json %. "federation" & asBool

-- currently there is only one development version
-- it is however theoretically possible to have multiple development versions
length dev `shouldMatchInt` 1
Comment thread
battermann marked this conversation as resolved.
domain `shouldMatch` dom
federation `shouldMatch` True

unless (null (Set.intersection supported dev)) $
assertFailure "development and supported versions should not overlap"

testVersionUnsupported :: App ()
testVersionUnsupported = bindResponse (baseRequest OwnDomain Brig (ExplicitVersion 500) "/api-version" >>= submit "GET") $
\resp -> do
resp.status `shouldMatchInt` 404
resp.json %. "label" `shouldMatch` "unsupported-version"

testVersionDisabled :: App ()
testVersionDisabled = withModifiedBackend
def {brigCfg = setField "optSettings.setDisabledAPIVersions" ["v2"]}
$ \domain -> do
do
user <- randomUser OwnDomain def
void $ getSelfWithVersion (ExplicitVersion 2) user >>= getJSON 200
Comment thread
battermann marked this conversation as resolved.

do
user <- randomUser domain def
bindResponse (getSelfWithVersion (ExplicitVersion 2) user) $ \resp -> do
resp.status `shouldMatchInt` 404
resp.json %. "label" `shouldMatch` "unsupported-version"

void $ getSelfWithVersion (ExplicitVersion 1) user >>= getJSON 200
void $ getSelfWithVersion (ExplicitVersion 3) user >>= getJSON 200
void $ getSelfWithVersion (ExplicitVersion 4) user >>= getJSON 200
void $ getSelfWithVersion (ExplicitVersion 5) user >>= getJSON 200
void $ getSelfWithVersion (ExplicitVersion 6) user >>= getJSON 200
void $ getSelfWithVersion Unversioned user >>= getJSON 200

testVersionDisabledNotAdvertised :: App ()
testVersionDisabledNotAdvertised = do
allVersions <- bindResponse (baseRequest OwnDomain Brig Versioned "/api-version" >>= submit "GET") $ \resp ->
(<>)
<$> (resp.json %. "development" & asList >>= traverse asInt)
<*> (resp.json %. "supported" & asList >>= traverse asInt)
forM_ allVersions testWithVersion
where
testWithVersion :: Int -> App ()
testWithVersion v = withModifiedBackend
def {brigCfg = setField "optSettings.setDisabledAPIVersions" ["v" <> show v]}
$ \domain -> do
bindResponse (getAPIVersion domain) $ \resp -> do
resp.status `shouldMatchInt` 200
dev <- resp.json %. "development" & asList >>= traverse asInt
supported <- resp.json %. "supported" & asList >>= traverse asInt

assertBool "supported versions should not be empty" $ not (null supported)
assertBool "the disabled version should not be propagated as dev version" $ v `notElem` dev
assertBool "the disabled version should not be propagated as supported version" $ v `notElem` supported

testVersionDevDisabledPerDefault :: App ()
testVersionDevDisabledPerDefault = withModifiedBackend
def {brigCfg = removeField "optSettings.setEnableDevAPI"}
$ \domain -> do
bindResponse (getAPIVersion domain) $ \resp -> do
resp.status `shouldMatchInt` 200
dev <- resp.json %. "development" & asList
supported <- resp.json %. "supported" & asList

assertBool "supported versions should not be empty" $ not (null supported)
assertBool "development versions should be empty" $ null dev
3 changes: 3 additions & 0 deletions integration/test/Testlib/JSON.hs
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,9 @@ asListOf :: HasCallStack => (Value -> App b) -> MakesValue a => a -> App [b]
asListOf makeElem x =
asList x >>= mapM makeElem

asSet :: HasCallStack => MakesValue a => a -> App (Set.Set Value)
asSet = fmap Set.fromList . asList

asSetOf :: (HasCallStack, Ord b) => (Value -> App b) -> MakesValue a => a -> App (Set.Set b)
asSetOf makeElem x = Set.fromList <$> asListOf makeElem x

Expand Down
8 changes: 7 additions & 1 deletion libs/wire-api/src/Wire/API/Routes/Version.hs
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{-# LANGUAGE DeriveAnyClass #-}
{-# LANGUAGE GeneralizedNewtypeDeriving #-}
{-# LANGUAGE StandaloneKindSignatures #-}
{-# LANGUAGE TemplateHaskell #-}
Expand Down Expand Up @@ -34,6 +35,7 @@ module Wire.API.Routes.Version
supportedVersions,
isDevelopmentVersion,
developmentVersions,
toDisabledVersions,

-- * Servant combinators
Until,
Expand All @@ -55,6 +57,7 @@ import Data.ByteString.Lazy qualified as LBS
import Data.Domain
import Data.OpenApi qualified as S
import Data.Schema
import Data.Set qualified as Set
import Data.Singletons.Base.TH
import Data.Text qualified as Text
import Data.Text.Encoding as Text
Expand All @@ -64,7 +67,7 @@ import Servant
import Servant.API.Extended.RawM
import Wire.API.Deprecated
import Wire.API.Routes.MultiVerb
import Wire.API.Routes.Named
import Wire.API.Routes.Named hiding (unnamed)
import Wire.API.VersionInfo
import Wire.Arbitrary (Arbitrary, GenericUniform (GenericUniform))

Expand Down Expand Up @@ -204,6 +207,9 @@ isDevelopmentVersion _ = True
developmentVersions :: [Version]
developmentVersions = filter isDevelopmentVersion supportedVersions

toDisabledVersions :: Maybe Bool -> Set Version
toDisabledVersions mEnableDevAPI = Set.fromList $ maybe developmentVersions (const []) mEnableDevAPI
Comment thread
battermann marked this conversation as resolved.
Outdated

-- Version-aware swagger generation

$(promoteOrdInstances [''Version])
Expand Down
Loading