From 215be27f7966f3bd604613f7afbdf388bbcb58b2 Mon Sep 17 00:00:00 2001 From: LaunchDarklyReleaseBot <86431345+LaunchDarklyReleaseBot@users.noreply.github.com> Date: Fri, 10 Feb 2023 15:17:22 -0800 Subject: [PATCH] prepare 7.1.0 release (#220) * Edit doc * move Relay release logic to .ldrelease script * suppress SDK big segments status query if we've never synced big segments * dump Relay logs including debug logs if integration test fails * include environment prefix in BigSegmentSynchronizer logging * increase big segment integration test timeout (#274) * generate client-side stream pings if big segments have changed * clear big segments cache as needed + simplify state management * fix tests and simplify component creation * use GA releases of SDK packages * disable CI package-build-test in Go 1.16+ * Migrate Relay release to Releaser v2 and support dry run (#278) * Adding degraded doc blurb for big segments (#280) * respect Redis password & TLS options for big segments; add Redis password integration tests * redact Redis URL password in logs and status resource * update go-server-sdk-redis-redigo to 1.2.1 for Redis URL logging fix * Part 1, add the config and the documentation for the new config * Part 2, Add the configuration validation and test * Part 3, the actual logic to include the headers in the CORS Access-Control-Allow-Headers * Linter * update Alpine version to 3.14.2 to fix openssl CVEs * Fix the global variable modification * Go format * turn off unnecessary metrics integrations in config for Docker smoke test * rename test.env to smoke-test.env to clarify what it's for * fix setting of custom Access-Control-Allow-Origin and add test (#285) * add more explanatory test output and more verbose debugging for big segments integration tests (#287) * update to Go 1.16.10 + Alpine 3.14.3; add some docs about releases (#288) * update go-server-sdk-consul version for Consul API version update * override x/crypto dependency version for CVE-2020-29652 * bump Prometheus dependency to eliminate jwt-go vulnerability * drop support for Go 1.14 & 1.15 * make sure defaults are always applied for base URL properties * rm unused * rm unnecessary linter directive * add separate configuration for server-side/client-side SDK base URLs & update the defaults * remove Whitesource CI job + remove obsolete dependency issue note * don't include any big segment status info in status resource unless that feature is active (#296) * don't include any big segment status info in status resource unless that feature is active * fix Big Segments staleness logic in status resource * documentation * update x/text package for vulnerability GO-2021-0113 * add Trivy security scan to CI (#297) * add daily re-scan with Trivy * use long timeout when awaiting changes related to file mod watching * update Go version to 1.17.6 (#301) * always terminate if auto-config stream fails with a fatal error * pass along tags header when proxying events * comments, rm debugging * fix auth header logic * fix auth header logic some more * comments * add tags header to CORS header whitelist (#304) * update to Alpine 3.14.4 for CVE-2022-0778 fix * minimal changes for using prerelease Go SDK v6 (#306) * revise "summarizing" event proxy logic to use new event processor * comments * force upgrade of openssl in Alpine * also upgrade libretls * fix it in both files * update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (#308) * update to Alpine 3.14.5 for CVE-2022-0778 * revert patches that are now included in Alpine 3.14.5 * add scripts for checking and updating Go/Alpine versions (#309) * update to Alpine 3.14.5 for CVE-2022-0778 * add scripts for checking and updating Go/Alpine versions * also make sure the Docker images really exist * update CONTRIBUTING.md * fix file rename * revert patches that are now included in Alpine 3.14.5 * add support & tests for handling any kind of context in eval endpoints * move some constants and test code out of internal/core/internal/... * use a clearer import alias * refactoring * move packages from core/ and core/internal/ to internal/ * fix linting * update Alpine to 3.14.6 for CVE-2022-28391 * merge RelayCore logic into Relay and remove the core package (#315) * merge RelayCore logic into Relay and remove the core package * don't export these fields * fix tests * comment * update SDK packages (includes sc-136333 fix) * don't include "v" prefix in Docker image version * update go-server-sdk-dynamodb for data size error fix & add docs (#316) * update builds to use Go 1.17.9 and fix the update script * update go-server-sdk-consul to latest release * update remote Docker version * update golang.org/x/crypto for CVE-2022-27191 (#321) * update golang.org/x/crypto for CVE-2022-27191 * fix go.sum * update eventsource for SSE output efficiency fix (#322) * Cache the replay event in case we get multiple new client connections (#189) * Cache the replay event in case we get multiple new client connections * Use singleflight to ensure only one replay event is generated at a time Co-authored-by: Moshe Good * don't install curl in Docker images * fix makefile logic for lint step * remove indirect curl-based request logic in integration tests * fix linter installation * update Go to 1.17.11, Alpine to 3.16.0 * improve concurrency test to verify that the data is or isn't from a separate query * fix lint warnings and remove unnecessary error return * use latest prerelease packages, update for misc SDK API changes (interfaces package) * update libssl & libcrypto versions for CVE-2022-2097 * add security scan of already-published Docker image (#328) * update Alpine version and some Go libraries to address CVEs (#329) * use Alpine 3.16.1 * update golang.org/x/net and golang.org/x/sync patch versions for CVEs * update golang.org/x/sys patch version for CVE * update Prometheus client library for CVE-2022-21698 * ensure that DynamoDB config is consistent between Big Segments and regular data store * comment * update Alpine to 3.16.2 * update golangci-lint and go-junit-report * fix CI * prevent traversal of directories outside target path when expanding archive * enforce TLS >= 1.2 for secure Redis * misc linter updates * fix test message * add Go 1.18 & 1.19 jobs * make test expectation less Go-version-dependent * linting * revert unnecessary change * fix installation of test coverage tool * add "context" URL paths for evaluations, update endpoint docs * fix tests * bump minimum Go to 1.18, build images in 1.19 * linter + misc fixes * "latest" Go image is no longer a thing * fix TLS test * fix command to run coverage enforcer * fix vulnerable dependencies * migrate to AWS Go SDK v2 for DynamoDB (#333) * remove obsolete "eval" endpoints superseded by "evalx" (#338) * remove obsolete "eval" endpoints superseded by "evalx" * fix tests & examples * fix more tests * update AWS SDK and related packages on u2c branch (#341) * update to Go 1.19.2 * update golang.org/x/net for CVE-2022-27664 * update golang.org/x/text for CVE-2022-32149 * update Consul API dependency to avoid false report of CVE-2022-40716 * switch to fork of Stackdriver metrics client to remove AWS transitive dependency (#343) * use latest Go SDK prerelease packages, update for API changes * lint * streamline test code using go-test-helpers v3 * remove some more unnecessary helpers * fix test app * use latest SDK packages * use Go SDK v6.0.0 and latest releases of database integrations * update to Go 1.19.4 and Alpine 3.16.3 * override golang.org/x/net for CVE-2022-41717 (even though the fix is also bundled in Go 1.19.4) * update to Go 1.19.4 and Alpine 3.16.3 * override golang.org/x/net for CVE-2022-41717 only when building executables for release * prepare 6.7.15 release (#212) * don't return 503 if SDK initialization has timed out * add in-repo docs about error/503 behavior (#249) * [ch102255] BigSegments DynamoDB (#245) * add init timeout config option + better test coverage + misc refactoring (#250) * fix example build command * use public prerelease tags instead of private dependencies * fix Go installation in CI * update SDK dependencies for JSON number parsing bugfix * update gorilla/mux to 1.8.0 * update OpenCensus packages * add Go 1.16 CI + "latest Go" CI + use latest 1.15 patch for release * cimg images use "current", not "latest" * seems there isn't any cimg/go "latest" or "current" * add daily package build test in CI * job names * bump SDK version for traffic allocation feature * [ch113491] update alpine base image (#258) * use latest prerelease SDK * fix enabling of test tags in CI * add DynamoDB docker image in CI * set a polling base URI in end-to-end tests since big segments logic will use it * fix initialization logic so SDK client creation errors aren't lost when big segments are enabled * fix use of prefix key in DynamoDB + improve tests (#260) * more debug logging, less info logging for big segments logic * make logging of big segments patch version mismatch clearer and use Warn level * fix log parameter * fix DynamoDB updates for big segments metadata * add test to make sure sync time and cursor can be updated independently * only start big seg synchronizer if necessary * use SDK GA releases * change applyPatch to exit early on version mismatch; go back to restarting stream in this case * add unit tests for version mismatch behavior + DRY tests * add log assertion * fix retry logic on big segments stream failure * add more logging for big segments connection status * fix logging assertion * add more big segments integration tests * fix overly-time-sensitive file data tests * fix more flaky tests * run big segments tests with DynamoDB too * Migrate transitive dep (jwt-go) to use modern version without vulnerability. * Edit doc * move Relay release logic to .ldrelease script * suppress SDK big segments status query if we've never synced big segments * dump Relay logs including debug logs if integration test fails * include environment prefix in BigSegmentSynchronizer logging * increase big segment integration test timeout (#274) * generate client-side stream pings if big segments have changed * clear big segments cache as needed + simplify state management * fix tests and simplify component creation * use GA releases of SDK packages * disable CI package-build-test in Go 1.16+ * Migrate Relay release to Releaser v2 and support dry run (#278) * Adding degraded doc blurb for big segments (#280) * respect Redis password & TLS options for big segments; add Redis password integration tests * redact Redis URL password in logs and status resource * update go-server-sdk-redis-redigo to 1.2.1 for Redis URL logging fix * Part 1, add the config and the documentation for the new config * Part 2, Add the configuration validation and test * Part 3, the actual logic to include the headers in the CORS Access-Control-Allow-Headers * Linter * update Alpine version to 3.14.2 to fix openssl CVEs * Fix the global variable modification * Go format * turn off unnecessary metrics integrations in config for Docker smoke test * rename test.env to smoke-test.env to clarify what it's for * fix setting of custom Access-Control-Allow-Origin and add test (#285) * add more explanatory test output and more verbose debugging for big segments integration tests (#287) * update to Go 1.16.10 + Alpine 3.14.3; add some docs about releases (#288) * update go-server-sdk-consul version for Consul API version update * override x/crypto dependency version for CVE-2020-29652 * bump Prometheus dependency to eliminate jwt-go vulnerability * drop support for Go 1.14 & 1.15 * make sure defaults are always applied for base URL properties * rm unused * rm unnecessary linter directive * add separate configuration for server-side/client-side SDK base URLs & update the defaults * remove Whitesource CI job + remove obsolete dependency issue note * don't include any big segment status info in status resource unless that feature is active (#296) * don't include any big segment status info in status resource unless that feature is active * fix Big Segments staleness logic in status resource * documentation * update x/text package for vulnerability GO-2021-0113 * add Trivy security scan to CI (#297) * add daily re-scan with Trivy * use long timeout when awaiting changes related to file mod watching * update Go version to 1.17.6 (#301) * always terminate if auto-config stream fails with a fatal error * pass along tags header when proxying events * comments, rm debugging * fix auth header logic * fix auth header logic some more * comments * add tags header to CORS header whitelist (#304) * update to Alpine 3.14.4 for CVE-2022-0778 fix * force upgrade of openssl in Alpine * also upgrade libretls * fix it in both files * update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (#308) * update to Alpine 3.14.5 for CVE-2022-0778 * revert patches that are now included in Alpine 3.14.5 * add scripts for checking and updating Go/Alpine versions (#309) * update to Alpine 3.14.5 for CVE-2022-0778 * add scripts for checking and updating Go/Alpine versions * also make sure the Docker images really exist * update CONTRIBUTING.md * fix file rename * revert patches that are now included in Alpine 3.14.5 * update Alpine to 3.14.6 for CVE-2022-28391 * update SDK packages (includes sc-136333 fix) * don't include "v" prefix in Docker image version * update go-server-sdk-dynamodb for data size error fix & add docs (#316) * update builds to use Go 1.17.9 and fix the update script * update go-server-sdk-consul to latest release * update remote Docker version * update golang.org/x/crypto for CVE-2022-27191 (#321) * update golang.org/x/crypto for CVE-2022-27191 * fix go.sum * update eventsource for SSE output efficiency fix (#322) * Cache the replay event in case we get multiple new client connections (#189) * Cache the replay event in case we get multiple new client connections * Use singleflight to ensure only one replay event is generated at a time Co-authored-by: Moshe Good * don't install curl in Docker images * fix makefile logic for lint step * remove indirect curl-based request logic in integration tests * fix linter installation * update Go to 1.17.11, Alpine to 3.16.0 * improve concurrency test to verify that the data is or isn't from a separate query * fix lint warnings and remove unnecessary error return * update libssl & libcrypto versions for CVE-2022-2097 * add security scan of already-published Docker image (#328) * update Alpine version and some Go libraries to address CVEs (#329) * use Alpine 3.16.1 * update golang.org/x/net and golang.org/x/sync patch versions for CVEs * update golang.org/x/sys patch version for CVE * update Prometheus client library for CVE-2022-21698 * ensure that DynamoDB config is consistent between Big Segments and regular data store * comment * update Alpine to 3.16.2 * update golangci-lint and go-junit-report * fix CI * prevent traversal of directories outside target path when expanding archive * enforce TLS >= 1.2 for secure Redis * misc linter updates * fix test message * add Go 1.18 & 1.19 jobs * make test expectation less Go-version-dependent * linting * revert unnecessary change * fix installation of test coverage tool * migrate to AWS Go SDK v2 for DynamoDB (#333) * update to Go 1.19.2 * update golang.org/x/net for CVE-2022-27664 * update golang.org/x/text for CVE-2022-32149 * update Consul API dependency to avoid false report of CVE-2022-40716 * switch to fork of Stackdriver metrics client to remove AWS transitive dependency (#343) * update to Go 1.19.4 and Alpine 3.16.3 * override golang.org/x/net for CVE-2022-41717 only when building executables for release Co-authored-by: Eli Bishop Co-authored-by: LaunchDarklyCI Co-authored-by: hroederld Co-authored-by: LaunchDarklyReleaseBot Co-authored-by: Dan Richelson Co-authored-by: Dan Richelson Co-authored-by: Ben Woskow <48036130+bwoskow-ld@users.noreply.github.com> Co-authored-by: Ben Woskow Co-authored-by: Louis Chan Co-authored-by: Louis Chan <91093020+louis-launchdarkly@users.noreply.github.com> Co-authored-by: Moshe Good Co-authored-by: Moshe Good * Releasing version 6.7.15 * redo the security patch by updating go.mod for all builds; drop Go 1.16 * prepare 6.7.16 release (#214) * [ch102255] BigSegments DynamoDB (#245) * add init timeout config option + better test coverage + misc refactoring (#250) * fix example build command * use public prerelease tags instead of private dependencies * fix Go installation in CI * update SDK dependencies for JSON number parsing bugfix * update gorilla/mux to 1.8.0 * update OpenCensus packages * add Go 1.16 CI + "latest Go" CI + use latest 1.15 patch for release * cimg images use "current", not "latest" * seems there isn't any cimg/go "latest" or "current" * add daily package build test in CI * job names * bump SDK version for traffic allocation feature * [ch113491] update alpine base image (#258) * use latest prerelease SDK * fix enabling of test tags in CI * add DynamoDB docker image in CI * set a polling base URI in end-to-end tests since big segments logic will use it * fix initialization logic so SDK client creation errors aren't lost when big segments are enabled * fix use of prefix key in DynamoDB + improve tests (#260) * more debug logging, less info logging for big segments logic * make logging of big segments patch version mismatch clearer and use Warn level * fix log parameter * fix DynamoDB updates for big segments metadata * add test to make sure sync time and cursor can be updated independently * only start big seg synchronizer if necessary * use SDK GA releases * change applyPatch to exit early on version mismatch; go back to restarting stream in this case * add unit tests for version mismatch behavior + DRY tests * add log assertion * fix retry logic on big segments stream failure * add more logging for big segments connection status * fix logging assertion * add more big segments integration tests * fix overly-time-sensitive file data tests * fix more flaky tests * run big segments tests with DynamoDB too * Migrate transitive dep (jwt-go) to use modern version without vulnerability. * Edit doc * move Relay release logic to .ldrelease script * suppress SDK big segments status query if we've never synced big segments * dump Relay logs including debug logs if integration test fails * include environment prefix in BigSegmentSynchronizer logging * increase big segment integration test timeout (#274) * generate client-side stream pings if big segments have changed * clear big segments cache as needed + simplify state management * fix tests and simplify component creation * use GA releases of SDK packages * disable CI package-build-test in Go 1.16+ * Migrate Relay release to Releaser v2 and support dry run (#278) * Adding degraded doc blurb for big segments (#280) * respect Redis password & TLS options for big segments; add Redis password integration tests * redact Redis URL password in logs and status resource * update go-server-sdk-redis-redigo to 1.2.1 for Redis URL logging fix * Part 1, add the config and the documentation for the new config * Part 2, Add the configuration validation and test * Part 3, the actual logic to include the headers in the CORS Access-Control-Allow-Headers * Linter * update Alpine version to 3.14.2 to fix openssl CVEs * Fix the global variable modification * Go format * turn off unnecessary metrics integrations in config for Docker smoke test * rename test.env to smoke-test.env to clarify what it's for * fix setting of custom Access-Control-Allow-Origin and add test (#285) * add more explanatory test output and more verbose debugging for big segments integration tests (#287) * update to Go 1.16.10 + Alpine 3.14.3; add some docs about releases (#288) * update go-server-sdk-consul version for Consul API version update * override x/crypto dependency version for CVE-2020-29652 * bump Prometheus dependency to eliminate jwt-go vulnerability * drop support for Go 1.14 & 1.15 * make sure defaults are always applied for base URL properties * rm unused * rm unnecessary linter directive * add separate configuration for server-side/client-side SDK base URLs & update the defaults * remove Whitesource CI job + remove obsolete dependency issue note * don't include any big segment status info in status resource unless that feature is active (#296) * don't include any big segment status info in status resource unless that feature is active * fix Big Segments staleness logic in status resource * documentation * update x/text package for vulnerability GO-2021-0113 * add Trivy security scan to CI (#297) * add daily re-scan with Trivy * use long timeout when awaiting changes related to file mod watching * update Go version to 1.17.6 (#301) * always terminate if auto-config stream fails with a fatal error * pass along tags header when proxying events * comments, rm debugging * fix auth header logic * fix auth header logic some more * comments * add tags header to CORS header whitelist (#304) * update to Alpine 3.14.4 for CVE-2022-0778 fix * force upgrade of openssl in Alpine * also upgrade libretls * fix it in both files * update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (#308) * update to Alpine 3.14.5 for CVE-2022-0778 * revert patches that are now included in Alpine 3.14.5 * add scripts for checking and updating Go/Alpine versions (#309) * update to Alpine 3.14.5 for CVE-2022-0778 * add scripts for checking and updating Go/Alpine versions * also make sure the Docker images really exist * update CONTRIBUTING.md * fix file rename * revert patches that are now included in Alpine 3.14.5 * update Alpine to 3.14.6 for CVE-2022-28391 * update SDK packages (includes sc-136333 fix) * don't include "v" prefix in Docker image version * update go-server-sdk-dynamodb for data size error fix & add docs (#316) * update builds to use Go 1.17.9 and fix the update script * update go-server-sdk-consul to latest release * update remote Docker version * update golang.org/x/crypto for CVE-2022-27191 (#321) * update golang.org/x/crypto for CVE-2022-27191 * fix go.sum * update eventsource for SSE output efficiency fix (#322) * Cache the replay event in case we get multiple new client connections (#189) * Cache the replay event in case we get multiple new client connections * Use singleflight to ensure only one replay event is generated at a time Co-authored-by: Moshe Good * don't install curl in Docker images * fix makefile logic for lint step * remove indirect curl-based request logic in integration tests * fix linter installation * update Go to 1.17.11, Alpine to 3.16.0 * improve concurrency test to verify that the data is or isn't from a separate query * fix lint warnings and remove unnecessary error return * update libssl & libcrypto versions for CVE-2022-2097 * add security scan of already-published Docker image (#328) * update Alpine version and some Go libraries to address CVEs (#329) * use Alpine 3.16.1 * update golang.org/x/net and golang.org/x/sync patch versions for CVEs * update golang.org/x/sys patch version for CVE * update Prometheus client library for CVE-2022-21698 * ensure that DynamoDB config is consistent between Big Segments and regular data store * comment * update Alpine to 3.16.2 * update golangci-lint and go-junit-report * fix CI * prevent traversal of directories outside target path when expanding archive * enforce TLS >= 1.2 for secure Redis * misc linter updates * fix test message * add Go 1.18 & 1.19 jobs * make test expectation less Go-version-dependent * linting * revert unnecessary change * fix installation of test coverage tool * migrate to AWS Go SDK v2 for DynamoDB (#333) * update to Go 1.19.2 * update golang.org/x/net for CVE-2022-27664 * update golang.org/x/text for CVE-2022-32149 * update Consul API dependency to avoid false report of CVE-2022-40716 * switch to fork of Stackdriver metrics client to remove AWS transitive dependency (#343) * update to Go 1.19.4 and Alpine 3.16.3 * override golang.org/x/net for CVE-2022-41717 only when building executables for release * redo the security patch by updating go.mod for all builds; drop Go 1.16 Co-authored-by: LaunchDarklyCI Co-authored-by: hroederld Co-authored-by: Eli Bishop Co-authored-by: LaunchDarklyReleaseBot Co-authored-by: Dan Richelson Co-authored-by: Dan Richelson Co-authored-by: Ben Woskow <48036130+bwoskow-ld@users.noreply.github.com> Co-authored-by: Ben Woskow Co-authored-by: Louis Chan Co-authored-by: Louis Chan <91093020+louis-launchdarkly@users.noreply.github.com> Co-authored-by: Moshe Good Co-authored-by: Moshe Good * Releasing version 6.7.16 * update Redis/DDB integrations to remove misleading error logging * prepare 6.7.17 release (#215) * fix example build command * use public prerelease tags instead of private dependencies * fix Go installation in CI * update SDK dependencies for JSON number parsing bugfix * update gorilla/mux to 1.8.0 * update OpenCensus packages * add Go 1.16 CI + "latest Go" CI + use latest 1.15 patch for release * cimg images use "current", not "latest" * seems there isn't any cimg/go "latest" or "current" * add daily package build test in CI * job names * bump SDK version for traffic allocation feature * [ch113491] update alpine base image (#258) * use latest prerelease SDK * fix enabling of test tags in CI * add DynamoDB docker image in CI * set a polling base URI in end-to-end tests since big segments logic will use it * fix initialization logic so SDK client creation errors aren't lost when big segments are enabled * fix use of prefix key in DynamoDB + improve tests (#260) * more debug logging, less info logging for big segments logic * make logging of big segments patch version mismatch clearer and use Warn level * fix log parameter * fix DynamoDB updates for big segments metadata * add test to make sure sync time and cursor can be updated independently * only start big seg synchronizer if necessary * use SDK GA releases * change applyPatch to exit early on version mismatch; go back to restarting stream in this case * add unit tests for version mismatch behavior + DRY tests * add log assertion * fix retry logic on big segments stream failure * add more logging for big segments connection status * fix logging assertion * add more big segments integration tests * fix overly-time-sensitive file data tests * fix more flaky tests * run big segments tests with DynamoDB too * Migrate transitive dep (jwt-go) to use modern version without vulnerability. * Edit doc * move Relay release logic to .ldrelease script * suppress SDK big segments status query if we've never synced big segments * dump Relay logs including debug logs if integration test fails * include environment prefix in BigSegmentSynchronizer logging * increase big segment integration test timeout (#274) * generate client-side stream pings if big segments have changed * clear big segments cache as needed + simplify state management * fix tests and simplify component creation * use GA releases of SDK packages * disable CI package-build-test in Go 1.16+ * Migrate Relay release to Releaser v2 and support dry run (#278) * Adding degraded doc blurb for big segments (#280) * respect Redis password & TLS options for big segments; add Redis password integration tests * redact Redis URL password in logs and status resource * update go-server-sdk-redis-redigo to 1.2.1 for Redis URL logging fix * Part 1, add the config and the documentation for the new config * Part 2, Add the configuration validation and test * Part 3, the actual logic to include the headers in the CORS Access-Control-Allow-Headers * Linter * update Alpine version to 3.14.2 to fix openssl CVEs * Fix the global variable modification * Go format * turn off unnecessary metrics integrations in config for Docker smoke test * rename test.env to smoke-test.env to clarify what it's for * fix setting of custom Access-Control-Allow-Origin and add test (#285) * add more explanatory test output and more verbose debugging for big segments integration tests (#287) * update to Go 1.16.10 + Alpine 3.14.3; add some docs about releases (#288) * update go-server-sdk-consul version for Consul API version update * override x/crypto dependency version for CVE-2020-29652 * bump Prometheus dependency to eliminate jwt-go vulnerability * drop support for Go 1.14 & 1.15 * make sure defaults are always applied for base URL properties * rm unused * rm unnecessary linter directive * add separate configuration for server-side/client-side SDK base URLs & update the defaults * remove Whitesource CI job + remove obsolete dependency issue note * don't include any big segment status info in status resource unless that feature is active (#296) * don't include any big segment status info in status resource unless that feature is active * fix Big Segments staleness logic in status resource * documentation * update x/text package for vulnerability GO-2021-0113 * add Trivy security scan to CI (#297) * add daily re-scan with Trivy * use long timeout when awaiting changes related to file mod watching * update Go version to 1.17.6 (#301) * always terminate if auto-config stream fails with a fatal error * pass along tags header when proxying events * comments, rm debugging * fix auth header logic * fix auth header logic some more * comments * add tags header to CORS header whitelist (#304) * update to Alpine 3.14.4 for CVE-2022-0778 fix * force upgrade of openssl in Alpine * also upgrade libretls * fix it in both files * update to Alpine 3.14.5 for CVE-2022-0778/CVE-2018-25032 (#308) * update to Alpine 3.14.5 for CVE-2022-0778 * revert patches that are now included in Alpine 3.14.5 * add scripts for checking and updating Go/Alpine versions (#309) * update to Alpine 3.14.5 for CVE-2022-0778 * add scripts for checking and updating Go/Alpine versions * also make sure the Docker images really exist * update CONTRIBUTING.md * fix file rename * revert patches that are now included in Alpine 3.14.5 * update Alpine to 3.14.6 for CVE-2022-28391 * update SDK packages (includes sc-136333 fix) * don't include "v" prefix in Docker image version * update go-server-sdk-dynamodb for data size error fix & add docs (#316) * update builds to use Go 1.17.9 and fix the update script * update go-server-sdk-consul to latest release * update remote Docker version * update golang.org/x/crypto for CVE-2022-27191 (#321) * update golang.org/x/crypto for CVE-2022-27191 * fix go.sum * update eventsource for SSE output efficiency fix (#322) * Cache the replay event in case we get multiple new client connections (#189) * Cache the replay event in case we get multiple new client connections * Use singleflight to ensure only one replay event is generated at a time Co-authored-by: Moshe Good * don't install curl in Docker images * fix makefile logic for lint step * remove indirect curl-based request logic in integration tests * fix linter installation * update Go to 1.17.11, Alpine to 3.16.0 * improve concurrency test to verify that the data is or isn't from a separate query * fix lint warnings and remove unnecessary error return * update libssl & libcrypto versions for CVE-2022-2097 * add security scan of already-published Docker image (#328) * update Alpine version and some Go libraries to address CVEs (#329) * use Alpine 3.16.1 * update golang.org/x/net and golang.org/x/sync patch versions for CVEs * update golang.org/x/sys patch version for CVE * update Prometheus client library for CVE-2022-21698 * ensure that DynamoDB config is consistent between Big Segments and regular data store * comment * update Alpine to 3.16.2 * update golangci-lint and go-junit-report * fix CI * prevent traversal of directories outside target path when expanding archive * enforce TLS >= 1.2 for secure Redis * misc linter updates * fix test message * add Go 1.18 & 1.19 jobs * make test expectation less Go-version-dependent * linting * revert unnecessary change * fix installation of test coverage tool * migrate to AWS Go SDK v2 for DynamoDB (#333) * update to Go 1.19.2 * update golang.org/x/net for CVE-2022-27664 * update golang.org/x/text for CVE-2022-32149 * update Consul API dependency to avoid false report of CVE-2022-40716 * switch to fork of Stackdriver metrics client to remove AWS transitive dependency (#343) * update to Go 1.19.4 and Alpine 3.16.3 * override golang.org/x/net for CVE-2022-41717 only when building executables for release * redo the security patch by updating go.mod for all builds; drop Go 1.16 * update Redis/DDB integrations to remove misleading error logging Co-authored-by: Eli Bishop Co-authored-by: LaunchDarklyCI Co-authored-by: hroederld Co-authored-by: LaunchDarklyReleaseBot Co-authored-by: Dan Richelson Co-authored-by: Dan Richelson Co-authored-by: Ben Woskow <48036130+bwoskow-ld@users.noreply.github.com> Co-authored-by: Ben Woskow Co-authored-by: Louis Chan Co-authored-by: Louis Chan <91093020+louis-launchdarkly@users.noreply.github.com> Co-authored-by: Moshe Good Co-authored-by: Moshe Good * Releasing version 6.7.17 * chore: update markdown tables to include borders (#351) * update markdown tables to include borders * fix a couple of broken links in docs * fix: update Go module path to github.com/launchdarkly/ld-relay/v7 (#353) * feat: allow specifying redis username (#359) * feat: allow specifying redis username via config or environment variable * Update docs to include new username parameter --------- Co-authored-by: Dan Richelson Co-authored-by: Eli Bishop Co-authored-by: Dan Richelson Co-authored-by: LaunchDarklyReleaseBot Co-authored-by: Ben Woskow <48036130+bwoskow-ld@users.noreply.github.com> Co-authored-by: Ben Woskow Co-authored-by: Louis Chan Co-authored-by: Louis Chan <91093020+louis-launchdarkly@users.noreply.github.com> Co-authored-by: Moshe Good Co-authored-by: Moshe Good Co-authored-by: LaunchDarklyCI Co-authored-by: hroederld Co-authored-by: Casey Waldren --- config/config.go | 1 + config/test_data_configs_valid_test.go | 3 +++ docs/configuration.md | 8 +++++++- integrationtests/database_params_test.go | 24 ++++++++++++++++++++++++ integrationtests/database_test.go | 4 ++++ internal/bigsegments/store_redis.go | 3 +++ internal/sdks/data_stores.go | 3 +++ 7 files changed, 45 insertions(+), 1 deletion(-) diff --git a/config/config.go b/config/config.go index b68af56e..375c3150 100644 --- a/config/config.go +++ b/config/config.go @@ -191,6 +191,7 @@ type RedisConfig struct { URL ct.OptURLAbsolute `conf:"REDIS_URL"` LocalTTL ct.OptDuration `conf:"CACHE_TTL"` TLS bool `conf:"REDIS_TLS"` + Username string `conf:"REDIS_USERNAME"` Password string `conf:"REDIS_PASSWORD"` } diff --git a/config/test_data_configs_valid_test.go b/config/test_data_configs_valid_test.go index 322149f9..8c8b5e0d 100644 --- a/config/test_data_configs_valid_test.go +++ b/config/test_data_configs_valid_test.go @@ -379,6 +379,7 @@ func makeValidConfigRedisAll() testDataValidConfig { LocalTTL: ct.NewOptDuration(3 * time.Second), TLS: true, Password: "pass", + Username: "user", } } c.envVars = map[string]string{ @@ -387,6 +388,7 @@ func makeValidConfigRedisAll() testDataValidConfig { "REDIS_PORT": "6400", "REDIS_TLS": "1", "REDIS_PASSWORD": "pass", + "REDIS_USERNAME": "user", "CACHE_TTL": "3s", } c.fileContent = ` @@ -395,6 +397,7 @@ Host = "redishost" Port = 6400 TLS = 1 Password = "pass" +Username = "user" LocalTTL = 3s ` return c diff --git a/docs/configuration.md b/docs/configuration.md index 85bd2f4e..e085b365 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -175,9 +175,15 @@ To learn more, read [Persistent storage](./persistent-storage.md). | `url` | `REDIS_URL` | String | | URL of the Redis database (overrides `host` & `port`). | | `tls` | `REDIS_TLS` | Boolean | `false` | If `true`, will use a secure connection to Redis (not all Redis servers support this). If you specified a `redis://` URL, setting `tls` to `true` will change it to `rediss://`. | | `password` | `REDIS_PASSWORD` | String | | Optional password if Redis require authentication. | +| `username` | `REDIS_USERNAME` | String | | Optional username if Redis requires authentication. | | `localTtl` | `CACHE_TTL` | Duration | `30s` | Length of time that database items can be cached in memory. | -Note that the TLS and password options can also be specified as part of the URL: `rediss://` instead of `redis://` enables TLS, and `redis://:password@host` instead of `redis://host` sets a password. You may want to use the separate options instead if, for instance, you want your configuration file to contain the basic Redis configuration, but for security reasons you would rather set the password in an environment variable (`REDIS_PASSWORD`). +Note that the TLS and password options can also be specified as part of the URL: `rediss://` instead of `redis://` +enables TLS, and `redis://:password@host` or `redis://user:password@host` instead of `redis://host` sets an (optional) +username and password. + +You may want to use the separate options instead if, for instance, you want your configuration file to contain the basic +Redis configuration, but for security reasons you would rather set the password in an environment variable (`REDIS_PASSWORD`). ### File section: `[DynamoDB]` diff --git a/integrationtests/database_params_test.go b/integrationtests/database_params_test.go index 084136d1..4fc1cf81 100644 --- a/integrationtests/database_params_test.go +++ b/integrationtests/database_params_test.go @@ -132,6 +132,30 @@ var redisWithPasswordDatabaseTestParams = databaseTestParams{ }, } +var redisWithACLDatabaseTestParams = databaseTestParams{ + dbImageName: "redis", + dbDockerParams: []string{"--requirepass", "secret"}, + setupFn: func(manager *integrationTestManager, container *docker.Container) error { + redisCmd := "ACL SETUSER alice on +@all >secret" + return container.CommandInContainer("/bin/sh", "-c", "redis-cli", redisCmd).Run() + }, + hostnamePrefix: "redis", + envVarsFn: func(dbContainer *docker.Container) map[string]string { + return map[string]string{ + "USE_REDIS": "true", + "REDIS_HOST": dbContainer.GetName(), + "REDIS_PASSWORD": "secret", + "REDIS_USER": "alice", + } + }, + expectedStatusFn: func(dbContainer *docker.Container) api.DataStoreStatusRep { + return api.DataStoreStatusRep{ + Database: "redis", + DBServer: fmt.Sprintf("redis://%s:6379", dbContainer.GetName()), + } + }, +} + var consulDatabaseTestParams = databaseTestParams{ dbImageName: "consul", hostnamePrefix: "consul", diff --git a/integrationtests/database_test.go b/integrationtests/database_test.go index 7c865c0a..0a5cf167 100644 --- a/integrationtests/database_test.go +++ b/integrationtests/database_test.go @@ -24,6 +24,10 @@ func testDatabaseIntegrations(t *testing.T, manager *integrationTestManager) { doDatabaseTest(t, manager, redisWithPasswordDatabaseTestParams) }) + t.Run("Redis with ACL (username + password)", func(t *testing.T) { + doDatabaseTest(t, manager, redisWithACLDatabaseTestParams) + }) + t.Run("Consul", func(t *testing.T) { doDatabaseTest(t, manager, consulDatabaseTestParams) }) diff --git a/internal/bigsegments/store_redis.go b/internal/bigsegments/store_redis.go index 363a289c..723f1710 100644 --- a/internal/bigsegments/store_redis.go +++ b/internal/bigsegments/store_redis.go @@ -69,6 +69,9 @@ func newRedisBigSegmentStore( if redisConfig.Password != "" { opts.Password = redisConfig.Password } + if redisConfig.Username != "" { + opts.Username = redisConfig.Username + } if redisConfig.TLS && opts.TLSConfig == nil { opts.TLSConfig = &tls.Config{ ServerName: redisConfig.URL.Get().Hostname(), diff --git a/internal/sdks/data_stores.go b/internal/sdks/data_stores.go index 03033f91..fcee78b3 100644 --- a/internal/sdks/data_stores.go +++ b/internal/sdks/data_stores.go @@ -158,6 +158,9 @@ func makeRedisDataStoreBuilder[T any]( if allConfig.Redis.Password != "" { dialOptions = append(dialOptions, redigo.DialPassword(allConfig.Redis.Password)) } + if allConfig.Redis.Username != "" { + dialOptions = append(dialOptions, redigo.DialUsername(allConfig.Redis.Username)) + } b := constructor(). URL(redisURL).