v1.21.0

Highlights

📄 Datastore accesses are now paginated to efficiently handle large Reads and LookUps
🚀 Revisions now crossfade across quantization windows to ensure cache usage
🔨 Clients can now leverage gRPC's gzip compression
♾️ Fixed an infinite loop in the Postgres datastore Watch API

What's Changed

• Paginated datastore API by @jakedt in #1265
• Add a prometheus counter over the different kinds of write operations by @josephschorr in #1268
• some follow ups to paginated datastore by @vroldanbet in #1271
• Revert "goreleaser: publish PRs to brew and not commits" by @josephschorr in #1273
• Fix goreleaser by @josephschorr in #1274
• fix CRDB ReadRelationships throughput regression with new paginated approach by @vroldanbet in #1275
• Improve MySQL ReadRelationships paginated throughput by @vroldanbet in #1276
• Fix typo in comment by @AmbientLighter in #1279
• pkg/cmd/server: enable gzip server compression by @jakedt in #1282
• dockerfile: fix path to include /usr/local/bin by @ecordell in #1287
• Fix issue where Watch in Postgres was looping endlessly by @josephschorr in #1278
• Fix flake in the proxy test by @josephschorr in #1288
• Add v1 integration test for stream timeout by @josephschorr in #1277
• Add pagination support to ReverseQueryRelationships by @josephschorr in #1280
• Crossfade revisions when a new optimized revision is picked by @jakedt in #1285
• Fix flake in PG test by @josephschorr in #1298
• document the implications of using the insecure overlap strategy for cockroachdb by @ecordell in #1251
• Dependabot updates for May 2023 by @josephschorr in #1301
• Move to Go 1.20.4 to fix a reported vuln in Go by @josephschorr in #1305
• Skip initializing the telemetry collector if telemetry is disabled by @josephschorr in #1304
• Fix serialization of custom types in caveat context by @josephschorr in #1302

New Contributors

• @AmbientLighter made their first contribution in #1279

Full Changelog: v1.20.0...v1.21.0

v1.21.0-rc1

What's Changed

• Hashring test perf fix by @jakedt in #1246
• gomod: bump cobrautil by @jzelinskie in #1245
• Fix flakiness of graceful termination test by @josephschorr in #1250
• Move to v4 of kuberesolver by @josephschorr in #1249
• datastore/benchmark: add a datastore driver benchmark by @jakedt in #1231
• Move to Go version 1.20.3 to fix reported vulns in Go 1.20.2 by @josephschorr in #1252
• Set a subdictionary key for pgx logs adaptor by @josephschorr in #1253
• Fix deduplication bug in reachable resources by @josephschorr in #1226
• Make sure to bind vars in table driven tests by @josephschorr in #1255
• makes hashring spread configurable by @vroldanbet in #1256
• Bind all loop variable uses in function closures by @josephschorr in #1258
• Fix bound variables in e2e by @josephschorr in #1260
• Allow for reuse and replace of the serverversion middleware by @josephschorr in #1259
• CRDB retry backoff by @ecordell in #1195
• Add support for extended object ids by @josephschorr in #1254
• goreleaser: publish PRs to brew and not commits by @jzelinskie in #1257
• Fix flakiness of bootstrap file in serve-testing by squashing all memdb revisions by @josephschorr in #1263
• Check the defaults for hashring construction by @josephschorr in #1270
• Paginated datastore API by @jakedt in #1265
• Add a prometheus counter over the different kinds of write operations by @josephschorr in #1268
• some follow ups to paginated datastore by @vroldanbet in #1271
• Revert "goreleaser: publish PRs to brew and not commits" by @josephschorr in #1273
• Fix goreleaser by @josephschorr in #1274
• fix CRDB ReadRelationships throughput regression with new paginated approach by @vroldanbet in #1275
• Improve MySQL ReadRelationships paginated throughput by @vroldanbet in #1276
• Fix typo in comment by @AmbientLighter in #1279
• pkg/cmd/server: enable gzip server compression by @jakedt in #1282
• dockerfile: fix path to include /usr/local/bin by @ecordell in #1287
• Fix issue where Watch in Postgres was looping endlessly by @josephschorr in #1278
• Fix flake in the proxy test by @josephschorr in #1288
• Add v1 integration test for stream timeout by @josephschorr in #1277
• Add pagination support to ReverseQueryRelationships by @josephschorr in #1280
• Crossfade revisions when a new optimized revision is picked by @jakedt in #1285
• Fix flake in PG test by @josephschorr in #1298
• document the implications of using the insecure overlap strategy for cockroachdb by @ecordell in #1251
• Dependabot updates for May 2023 by @josephschorr in #1301
• Move to Go 1.20.4 to fix a reported vuln in Go by @josephschorr in #1305
• Skip initializing the telemetry collector if telemetry is disabled by @josephschorr in #1304
• Fix serialization of custom types in caveat context by @josephschorr in #1302

New Contributors

• @AmbientLighter made their first contribution in #1279

Full Changelog: v1.19.0...v1.21.0-rc1

v1.20.0

Warning
This is release includes migrations for the MySQL datastore to support extended object IDs.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

This version also has a known performance regression and it is recommended that folks running at larger scales upgrade to v1.21.0

Highlights

📛 Objects now support more characters in their names/IDs (including the full web-safe Base64 character set) and can be up to 1024 characters in length
🧪 Fix to an issue with serve-testing and ZedTokens
🐞 Fix to lookup resources deduplication bug

What's Changed

• Hashring test perf fix by @jakedt in #1246
• gomod: bump cobrautil by @jzelinskie in #1245
• Fix flakiness of graceful termination test by @josephschorr in #1250
• Move to v4 of kuberesolver by @josephschorr in #1249
• datastore/benchmark: add a datastore driver benchmark by @jakedt in #1231
• Move to Go version 1.20.3 to fix reported vulns in Go 1.20.2 by @josephschorr in #1252
• Set a subdictionary key for pgx logs adaptor by @josephschorr in #1253
• Fix deduplication bug in reachable resources by @josephschorr in #1226
• Make sure to bind vars in table driven tests by @josephschorr in #1255
• makes hashring spread configurable by @vroldanbet in #1256
• Bind all loop variable uses in function closures by @josephschorr in #1258
• Fix bound variables in e2e by @josephschorr in #1260
• Allow for reuse and replace of the serverversion middleware by @josephschorr in #1259
• CRDB retry backoff by @ecordell in #1195
• Add support for extended object ids by @josephschorr in #1254
• goreleaser: publish PRs to brew and not commits by @jzelinskie in #1257
• Fix flakiness of bootstrap file in serve-testing by squashing all memdb revisions by @josephschorr in #1263
• Check the defaults for hashring construction by @josephschorr in #1270

Full Changelog: v1.19.0...v1.20.0

Docker Images

This release is available at authzed/spicedb:v1.20.0, quay.io/authzed/spicedb:v1.20.0, ghcr.io/authzed/spicedb:v1.20.0

v1.19.1

Upgrade Notes

Warning
This is release includes a fix for CVE-2023-29193
Please read the Security Advisory to determine if you are affected and what workarounds can be applied if you cannot upgrade.

Full Changelog: v1.19.0...v1.19.1

Docker Images

This release is available at authzed/spicedb:v1.19.1, quay.io/authzed/spicedb:v1.19.1, ghcr.io/authzed/spicedb:v1.19.1

v1.19.0

Upgrade Notes

Warning
This is release includes migrations for the Postgres datastore that adds indices.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

Highlights

🚀 Cockroach and Postgres datastores are much faster
🎏 Several new flags for tuning SpiceDB for best performance
🪵 Improved log messages

What's Changed

• postgres, crdb: update pgx to v5 by @ecordell in #1232
• Add flags for maxlifetime jitter by @ecordell in #1235
• Add covering indexes to Postgres and associated testing by @josephschorr in #1118
• port: datastore/postgres: fix invalid slice appends in snapshots by @vroldanbet in #1219
• use cgr.dev/chainguard/busybox as base instead of distroless.dev/busybox by @imjasonh in #1220
• Change schema compiler to squash union and intersection trees by @josephschorr in #1213
• mysql: prevents misleading log messages by avoiding Rollback if committed by @vroldanbet in #1180
• Add better logs for when datastore or dispatcher is not ready by @josephschorr in #1221
• reverts caveat covering index for postgres datastore by @vroldanbet in #1222
• Skip checking of relation on direct computed_userset by @josephschorr in #1225
• use implicit transactions for reads on crdb and postgres by @jakedt in #1230
• introduces configurable dispatch hashring replication factor by @vroldanbet in #1227

Docker Images

This release is available at authzed/spicedb:v1.19.0, quay.io/authzed/spicedb:v1.19.0, ghcr.io/authzed/spicedb:v1.19.0

Full Changelog: v1.18.0...v1.19.0

v1.18.1

Upgrade Notes

Warning
This release breaks our semantic versioning policy and as a result is not recommended.
Please use v1.19.0 which includes this release's changes but with a version number that better reflects the contents of the release.

This is release includes migrations for the Postgres datastore that adds indices.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.

What's Changed

• Add covering indexes to Postgres and associated testing by @josephschorr in #1118
• port: datastore/postgres: fix invalid slice appends in snapshots by @vroldanbet in #1219
• use cgr.dev/chainguard/busybox as base instead of distroless.dev/busybox by @imjasonh in #1220
• Change schema compiler to squash union and intersection trees by @josephschorr in #1213
• mysql: prevents misleading log messages by avoiding Rollback if committed by @vroldanbet in #1180
• Add better logs for when datastore or dispatcher is not ready by @josephschorr in #1221
• reverts caveat covering index for postgres datastore by @vroldanbet in #1222
• Skip checking of relation on direct computed_userset by @josephschorr in #1225
• use implicit transactions for reads on crdb and postgres by @jakedt in #1230
• introduces configurable dispatch hashring replication factor by @vroldanbet in #1227

Full Changelog: v1.17.0...v1.18.1

Docker Images

This release is available at authzed/spicedb:v1.18.1, quay.io/authzed/spicedb:v1.18.1, ghcr.io/authzed/spicedb:v1.18.1

v1.18.0

Highlights

🚀 Cockroach and Postgres datastores can now configure separate connection pools for read and write queries
📈 Additional metrics for datastore GC
🔄 Improved Postgres revision collision detection
🚫 Improved error codes when access is denied

What's Changed

• Add prometheus metric for GC failure in datastore by @josephschorr in #1177
• Dependabot updates for March 2023 by @josephschorr in #1188
• datastore/postgres: switch to DB snapshots as primary component of revisions by @jakedt in #1153
• makes the request caveat context size configurable by @vroldanbet in #1190
• README: refresh with more dev instructions by @jzelinskie in #1191
• README: add debug containers by @jzelinskie in #1194
• internal/datastore/crdb: split read/write connpools by @jzelinskie in #1179
• propagate option to disable stats in spanner datastore by @vroldanbet in #1192
• fixes behaviour of various datastores when HeadRevision is outside GC window by @vroldanbet in #1200
• Txid join fix by @jakedt in #1204
• fixes regression of revision precision problem in MacOS for MemDB by @vroldanbet in #1207
• changes the order gRPC prometheus middleware by @vroldanbet in #1209
• Bump golang.org/x/mod from 0.8.0 to 0.9.0 by @dependabot in #1189
• spanner: close row iterators when done by @ecordell in #1212
• datastore/postgres: fix invalid slice appends in snapshots by @jakedt in #1218

Full Changelog: v1.17.0...v1.18.0

Docker Images

This release is available at authzed/spicedb:v1.18.0, quay.io/authzed/spicedb:v1.18.0, ghcr.io/authzed/spicedb:v1.18.0

v1.17.0

Highlights

🎉 Caveats are now Generally Available!
🚀 APIs without configurable consistency have been reduced by one datastore roundtrip
☑ WriteRelationships validation now batch-loads schemas
⚠️ Additional metrics for caching and the Spanner datastore have added, requiring changes to users' PromQL queries
🪳The CockroachDB datastore GC window now warns instead of failing if the user configures an invalid window

What's Changed

• pkg/cache: implement a central collector by @jzelinskie in #1149
• makes dispatch metrics toggleable by @vroldanbet in #1151
• Change release notes update mode by @ecordell in #1150
• make cache collector unregister on close by @vroldanbet in #1152
• Mark caveats as a production-ready feature by @josephschorr in #1154
• Remove now-unused caveats flag by @josephschorr in #1155
• Fix MySQL parseTime check to use the DSN lib by @josephschorr in #1159
• improve CRDB GC error message by @vroldanbet in #1166
• adds caveats to AppliedSchemaChanges by @vroldanbet in #1167
• Fix spanner telemetry by @ecordell in #1156
• does not return an error if GC windows aren't aligned by @vroldanbet in #1169
• Move to Golang 1.19.6 to bring some security fixes by @josephschorr in #1172
• Use the shared relationships validation in dev package by @josephschorr in #1171
• Have validation for WriteRelationships batch load namespaces by @josephschorr in #1175
• Skip loading of head revision on write calls by @josephschorr in #1176

Full Changelog: v1.16.2...v1.17.0

Docker Images

This release is available at authzed/spicedb:v1.17.0, quay.io/authzed/spicedb:v1.17.0, ghcr.io/authzed/spicedb:v1.17.0

v1.16.2

What's Changed

• Expose the V1 API debug information in dev package by @josephschorr in #1107
• fixes problem with caveats not resolving protobuf types by @vroldanbet in #1109
• Make sure to catch error tokens in caveat parsing by @josephschorr in #1111
• .github: explicit github token for buf-generate by @jzelinskie in #1113
• Add additional option to CEL to compile caveat macro expressions by @josephschorr in #1112
• Part 2 of consistency tests using caveats by @josephschorr in #1106
• fixes positional argument errors failing silently by @vroldanbet in #1101
• Add a consistency test for the ipaddress type for caveats by @josephschorr in #1116
• Add consistency test for maps in caveats and better typed errors on caveat evaluation by @josephschorr in #1115
• pkg/cache: default TTL of 2x quantization window by @jzelinskie in #1110
• Remove TODOs in caveat CEL code by @josephschorr in #1121
• Only write caveats that have been possibly updated by @josephschorr in #1120

Docker Images

This release is available at:

• authzed/spicedb:v1.16.2
• quay.io/authzed/spicedb:v1.16.2
• ghcr.io/authzed/spicedb:v1.16.2
• authzed/spicedb:v1.16.2-debug
• quay.io/authzed/spicedb:v1.16.2-debug
• ghcr.io/authzed/spicedb:v1.16.2-debug

Full Changelog: v1.16.1...v1.16.2

v1.16.1

What's Changed

• Add additional goroutine leak testing to Lookup* and fix possible deadlock in ReachableResources by @josephschorr in #1086
• README: rephrase project description by @samkim in #1091
• refactor datastore flags to make them reusable by @vroldanbet in #1089
• Update reported min version for Postgres by @josephschorr in #1093
• align datastore defaults by @vroldanbet in #1092
• adds log.Ctx(ctx) calls (almost) everywhere by @vroldanbet in #1094
• Add an API test for deleting a relationship that does not exist by @josephschorr in #1095
• Consistency test reimplementation by @josephschorr in #1087
• Cleanup lock handling in task runner by @josephschorr in #1096
• Add consistency test for reading relationships by @josephschorr in #1097
• Add a distinct validation error type for schema write by @josephschorr in #1102
• Add additional consistency test cases and enable chunk size changing by @josephschorr in #1099
• Fix flake in debug tests by @josephschorr in #1104
• Optimize allocations by removing sprintf, using strings.Cut by @jzelinskie in #1098

Docker Images

This release is available at:

• authzed/spicedb:v1.16.1
• quay.io/authzed/spicedb:v1.16.1
• ghcr.io/authzed/spicedb:v1.16.1
• authzed/spicedb:v1.16.1-debug
• quay.io/authzed/spicedb:v1.16.1-debug
• ghcr.io/authzed/spicedb:v1.16.1-debug

Full Changelog: v1.16.0...v1.16.1