v0.22.0

Changes since v0.21.0

Upgrade notes

• This upgrade includes multiple database migrations that improve performance and indexing. While the migrations run (~5min), the exposures table will be locked. We recommend putting the servers into maintenance mode before running the migrations, and scheduling this upgrade off peak hours.

• Cloud-specific dependencies are now a compile-time dependency. When building the binary, you must specify the build tag for your target environments to compile the appropriate Key Manager, Secret Manager, and Blobstore support for that target platform.

• Introduce paging and non-paging alert types. This requires an update to the alerting channels in the Terraform configuration.

Build and CI/CD

• Switch cloud dependencies to a compile-time dependency. When building the binary, you must specify the build tag for your target environments to compile the appropropriate Key Manager, Secret Manager, and Blobstore support for that target platform. (#1363, @sethvargo)
• Switch linting to GitHub Actions (#1373, @sethvargo)

Observability and reliability

• Add logic to recover from panics in service entrypoints. A panic will still terminate the service with a non-zero exit code, but it will cleanup existing connections and log the panic before doing so. (#1340, @sethvargo)
• Always check if a connection is valid after acquiring it from the pool. (#1345, @sethvargo)
• Check database connection in health check (#1362, @sethvargo)
• Paging and non-paging email channels should be configured in the Terraform files for each individual project. (#1354, @mariliamelo)
• Move DEBUG SERVER message to warning level (#1327, @sethvargo)
• Do not log lock acquisition failure when the lock is already held (#1337, @sethvargo)
• Only log internal errors on publish, move others to debug level (#1330, @sethvargo)

Database

• Improve database indexes to maximize search and delete performance
• DB migrations will have a 15 minute timeout by default (was 15 seconds) (#1332, @mikehelmick)
• Drop usage of serializable transactions (#1325, @sethvargo)
• Switch to ReadCommitted isolation level for locking (#1324, @sethvargo)
• Update database types to their larger values (VARCHAR -> TEXT and INT -> BIGINT) and add indices to common fields to improve performance. (#1326, @sethvargo)

Key Management

• Wait up to 5 seconds for Google Cloud KMS keys to become ready when generating new keys (#1338, @sethvargo)

Service: publish

• Fix lower bound of the accepted key set when validating keys. (#1372, @mikehelmick)

Service: jwks

• Use a custom http client with a separate request timeout for the jwks service. Operators can customize the timeout by setting REQUEST_TIMEOUT on the jwks service. The default value is 5 seconds. (#1342, @sethvargo)

Terraform

• Update ignore_changes to avoid recurring diff in Terraform (#1343, @sethvargo)

Misc

• Update to gcloud 324.0.0 in builds (#1339, @sethvargo)
• Upgrade Cloud SQL Proxy to 1.19.1 (#1334, @sethvargo)
• Remove unused performance tests (#1367, @sethvargo)
• Mount middlewares and pull from request context in debugger, e2e, exportimport, keyrotation, and mirror (#1350, @sethvargo)
• Move chaff handling into middleware (#1357, @sethvargo)
• Move e2e into integration, simplify helpers (#1371, @sethvargo)
• Move federationin to middleware/server pattern (#1351, @sethvargo)
• Move maintenance mode handling to middleware (#1355, @sethvargo)
• Move publish to middleware/server pattern (#1353, @sethvargo)
• Pull context from request in export service (#1347, @sethvargo)
• Pull logger and request_id from context in jwks service (#1341, @sethvargo)
• Refactor generate service to be a proper server, use new middlewares (#1344, @sethvargo)

Dependencies

Added

Nothing has changed.

Changed

• cloud.google.com/go/storage: v1.12.0 → v1.13.0
• cloud.google.com/go: v0.74.0 → v0.76.0
• contrib.go.opencensus.io/exporter/ocagent: v0.7.0 → f8c219d
• contrib.go.opencensus.io/exporter/prometheus: v0.2.0 → 6bcf6f8
• github.com/Azure/azure-sdk-for-go: v49.1.0+incompatible → v51.1.0+incompatible
• github.com/Azure/azure-storage-blob-go: v0.12.0 → v0.13.0
• github.com/Azure/go-autorest/autorest/adal: v0.9.10 → v0.9.13
• github.com/Azure/go-autorest/autorest/azure/auth: v0.5.5 → v0.5.7
• github.com/Azure/go-autorest/autorest: v0.11.15 → v0.11.18
• github.com/Azure/go-autorest/logger: v0.2.0 → v0.2.1
• github.com/alecthomas/units: 1786d5e → ff826a3
• github.com/armon/go-metrics: v0.3.4 → v0.3.3
• github.com/aws/aws-sdk-go: v1.36.11 → v1.37.8
• github.com/bitly/go-hostpool: v0.1.0 → a3a6125
• github.com/cncf/udpa/go: efcf912 → 5459f2c
• github.com/containerd/continuity: 1805252 → 50096c9
• github.com/coreos/pkg: 399ea9e → 3ac0863
• github.com/envoyproxy/go-control-plane: v0.9.7 → fd9021f
• github.com/frankban/quicktest: v1.10.0 → v1.11.3
• github.com/ghodss/yaml: 25d852a → v1.0.0
• github.com/gocql/gocql: 34081ed → f6df828
• github.com/google/gofuzz: v1.1.0 → v1.0.0
• github.com/google/pprof: 1bf35d6 → d980be6
• github.com/google/uuid: v1.1.2 → v1.2.0
• github.com/gorilla/handlers: v1.5.1 → v1.4.2
• github.com/gorilla/websocket: v1.4.1 → 4201258
• github.com/gostaticanalysis/analysisutil: v0.6.1 → 4088753
• github.com/hashicorp/consul/api: v1.4.0 → v1.3.0
• github.com/hashicorp/consul/sdk: v0.4.0 → v0.3.0
• github.com/hashicorp/go-cleanhttp: v0.5.1 → v0.5.2
• github.com/hashicorp/go-msgpack: v0.5.5 → v0.5.3
• github.com/hashicorp/go-version: v1.2.1 → v1.2.0
• github.com/hashicorp/hcl/v2: v2.8.1 → v2.8.2
• github.com/hashicorp/mdns: v1.0.1 → v1.0.0
• github.com/hashicorp/memberlist: v0.1.4 → v0.1.3
• github.com/hashicorp/serf: v0.8.3 → v0.8.2
• github.com/hashicorp/vault/sdk: d8fffe0 → 8477cfe
• github.com/hashicorp/yamux: 2f1d1f2 → 3520598
• github.com/jackc/pgproto3/v2: v2.0.6 → v2.0.7
• github.com/jackc/pgx/v4: v4.10.0 → v4.10.1
• github.com/mattn/go-colorable: v0.1.6 → v0.1.7
• github.com/mattn/go-runewidth: v0.0.3 → v0.0.2
• github.com/miekg/dns: v1.1.15 → v1.0.14
• github.com/mitchellh/cli: v1.1.1 → v1.0.0
• github.com/mitchellh/gox: v1.0.1 → v0.4.0
• github.com/mitchellh/mapstructure: v1.4.0 → v1.4.1
• github.com/mitchellh/reflectwalk: v1.0.1 → v1.0.0
• github.com/olekukonko/tablewriter: b8a9be0 → a0225b3
• github.com/posener/complete: v1.2.1 → v1.1.1
• github.com/prometheus/procfs: v0.2.0 → v0.6.0
• github.com/prometheus/statsd_exporter: v0.18.0 → v0.20.0
• github.com/spf13/cobra: v0.0.5 → v0.0.3
• github.com/spf13/pflag: v1.0.5 → v1.0.3
• github.com/tidwall/pretty: v1.0.1 → 65a9db5
• github.com/tmc/grpc-websocket-proxy: 0ad062e → 89b8d40
• github.com/ugorji/go/codec: v1.2.1 → v1.2.4
• github.com/ugorji/go: v1.2.1 → v1.2.4
• go.etcd.io/bbolt: v1.3.5 → v1.3.3
• go.etcd.io/etcd: 262c939 → 3cf2f69
• go.mongodb.org/mongo-driver: v1.4.2 → v1.1.0
• go.opencensus.io: v0.22.5 → v0.22.6
• golang.org/x/crypto: 9d13527 → eec23a3
• golang.org/x/mod: v0.4.0 → v0.4.1
• golang.org/x/net: 986b41b → 5f4716e
• golang.org/x/oauth2: 08078c5 → 6667018
• golang.org/x/sys: f9fddec → 22da62e
• golang.org/x/text: v0.3.4 → v0.3.5
• golang.org/x/tools: b1c9089 → v0.1.0
• google.golang.org/api: v0.36.0 → v0.39.0
• google.golang.org/genproto: 8c77b98 → bba0dbe
• google.golang.org/grpc: v1.34.0 → v1.35.0
• honnef.co/go/tools: v0.1.0 → v0.0.1-2020.1.4
• sigs.k8s.io/yaml: v1.2.0 → v1.1.0

Removed

• code.cloudfoundry.org/gofileutils: 4d0c800
• git.apache.org/thrift.git: v0.12.0
• github.com/Jeffail/gabs: v1.1.1
• github.com/Masterminds/semver: v1.4.2
• github.com/NYTimes/gziphandler: v1.1.1
• github.com/OneOfOne/xxhash: v1.2.2
• github.com/PuerkitoBio/purell: v1.0.0
• github.com/PuerkitoBio/urlesc: 5bd2802
• github.com/SAP/go-hdb: v0.14.1
• github.com/Sectorbob/mlab-ns2: d3aa0c2
• github.com/StackExchange/wmi: cbe6696
• github.com/abdullin/seq: d5467c1
• github.com/aliyun/alibaba-cloud-sdk-go: 9418d7b
• github.com/aliyun/aliyun-oss-go-sdk: 86c17b9
• github.com/apple/foundationdb/bindings/go: cd5c9d9
• github.com/armon/consul-api: eb2c6b5
• github.com/armon/go-proxyproto: 68259f7
• github.com/asaskevich/govalidator: f9ffefc
• github.com/baiyubin/aliyun-sts-go-sdk: cfa1a18
• github.com/boltdb/bolt: v1.3.1
• github.com/boombuler/barcode: 6c82451
• github.com/briankassouf/jose: d256946
• github.com/c2h5oh/datasize: 28bbd47
• github.com/cenkalti/backoff/v3: v3.0.0
• github.com/centrify/cloud-golang-sdk: 1191100
• github.com/cespare/xxhash: v1.1.0
• github.com/chrismalek/oktasdk-go: 3430665
• github.com/cloudfoundry-community/go-cfclient: f136f92
• github.com/codegangsta/inject: 33e0aa1
• github.com/coreos/bbolt: v1.3.2
• github.com/coreos/etcd: v3.3.10+incompatible
• github.com/coreos/go-etcd: v2.0.0+incompatible
• github.com/coreos/go-oidc: v2.1.0+incompatible
• github.com/coreos/go-systemd/v22: v22.0.0
• github.com/couchbase/gocb/v2: v2.1.4
• github.com/couchbase/gocbcore/v9: v9.0.4
• github.com/cpuguy83/go-md2man: v1.0.10
• github.com/denverdino/aliyungo: d330864
• github.com/dgryski/go-sip13: e10d5fe
• github.com/digitalocean/godo: v1.7.5
• github.com/dnaeon/go-vcr: v1.0.1
• github.com/docker/spdystream: 449fdfc
• github.com/dsnet/compress: v0.0.1
• github.com/dsnet/golib: 1ea1667
• github.com/duosecurity/duo_api_golang: 6c680f7
• github.com/elazarl/go-bindata-assetfs: 234c15e
• github.com/elazarl/goproxy: 947c36d
• github.com/emicklei/go-restful: ff4f55a
• github.com/evanphx/json-patch: v4.2.0+incompatible
• github.com/felixge/httpsnoop: v1.0.1
• github.com/fullsailor/pkcs7: d7302db
• github.com/gammazero/deque: 2afb385
• github.com/gammazero/workerpool: 88d534f
• github.com/go-errors/errors: v1.0.1
• github.com/go-ldap/ldap: v3.0.2+incompatible
• github.com/go-logr/logr: v0.1.0
• github.com/go-martini/martini: 22fa469
• github.com/go-ole/go-ole: v1.2.4
• github.com/go-openapi/jsonpointer: 46af16f
• github.com/go-openapi/jsonreference: 13c6e35
• github.com/go-openapi/spec: 6aced65
• github.com/go-openapi/swag: 1d0bd11
• github.com/go-yaml/yaml: v2.1.0+incompatible
• github.com/gobuffalo/attrs: a9411de
• github.com/gobuffalo/depgen: v0.1.0
• github.com/gobuffalo/envy: v1.7.0
• github.com/gobuffalo/flect: v0.1.3
• github.com/gobuffalo/genny: v0.1.1
• github.com/gobuffalo/gitgen: cc08618
• github.com/gobuffalo/gogen: v0.1.1
• github.com/gobuffalo/logger: 86e12af
• github.com/gobuffalo/mapi: v1.0.2
• github.com/gobuffalo/packd: v0.1.0
• github.com/gobuffalo/packr/v2: v2.2.0
• github.com/gobuffalo/syncx: 33c2958
• github.com/godbus/dbus/v5: v5.0.3
• github.com/goji/httpauth: 2da839a
• github.com/golang/lint: 06c8688
• github.com/google/go-metrics-stackdriver: v0.2.0
• github.com/google/mako: v0.2.0
• github.com/googleapis/gnostic: v0.2.0
• github.com/gophercloud/gophercloud: v0.1.0
• github.com/gorhill/cronexpr: 88b0669
• github.com/gorilla/securecookie: v1.1.1
• github.com/gorilla/sessions: v1.2.0
• github.com/gostaticanalysis/comment: v1.4.1
• github.com/gregjones/httpcache: 9cad4c3
• github.com/hashicorp/consul-template: v0.25.1
• github.com/hashicorp/go-bindata: bf7910a
• github.com/hashicorp/go-discover: c4b85f6
• github.com/hashicorp/go-gatedio: v0.5.0
• github.com/hashicorp/go-gcp-common: v0.6.0
• github.com/hashicorp/go-kms-wrapping: v0.5.16
• github.com/hashicorp/go-memdb: v1.0.2
• github.com/hashicorp/go-raftchunking: 7e9e852
• github.com/hashicorp/nomad/api: edc62ac
• github.com/hashicorp/raft-boltdb: 6e5ba93
• github.com/hashicorp/raft-snapshot: v1.0.3
• github.com/hashicorp/raft: f367681
• github.com/hashicorp/vault-plugin-auth-alicloud: v0.7.0
• github.com/hashicorp/vault-plugin-auth-azure: v0.6.0
• github.com/hashicorp/vault-plugin-auth-centrify: v0.7.0
• github.com/hashicorp/vault-plugin-auth-cf: v0.7.0
• github.com/hashicorp/vault-plugin-auth-gcp: v0.8.0
• github.com/hashicorp/vault-plugin-auth-jwt: v0.8.1
• github.com/hashicorp/vault-plugin-auth-kerberos: v0.2.0
• github.com/hashicorp/vault-plugin-auth-kubernetes: v0.8.0
• github.com/hashicorp/vault-plugin-auth-oci: v0.6.0
• github.com/hashicorp/vault-plugin-database-couchbase: v0.2.1
• github.com/hashicorp/vault-plugin-database-elasticsearch: v0.6.1
• github.com/hashicorp/vault-plugin-database-mongodbatlas: v0.2.1
• github.com/hashicorp/vault-plugin-mock: v0.16.1
• github.com/hashicorp/vault-plugin-secrets-ad: v0.8.0
• github.com/hashicorp/vault-plugin-secrets-alicloud: v0.7.0
• github.com/hashicorp/vault-plugin-secrets-azure: v0.8.0
• github.com/hashicorp/vault-plugin-secrets-gcp: v0.8.1
• github.com/hashicorp/vault-plugin-secrets-gcpkms: v0.7.0
• github.com/hashicorp/vault-plugin-secrets-kv: v0.7.0
• github.com/hashicorp/vault-plugin-secrets-mongodbatlas: v0.2.0
• github.com/hashicorp/vault-plugin-secrets-openldap: v0.3.0
• github.com/hashicorp/vault: v1.6.1
• github.com/hashicorp/vic: bbfe86e
• github.com/huaweicloud/golangsdk: 45ec079
• github.com/imdario/mergo: v0.3.6
• github.com/influxdata/influxdb: d24b7ba
• github.com/jackc/fake: 812a484
• github.com/jackc/pgx: v3.3.0+incompatible
• github.com/jarcoal/httpmock: v1.0.5
• github.com/jcmturner/aescts: v1.0.1
• github.com/jcmturner/dnsutils: v1.0.1
• github.com/jcmturner/gofork: v1.0.0
• github.com/jcmturner/goidentity/v6: v6.0.1
• github.com/jcmturner/gokrb5/v8: v8.0.0
• github.com/jcmturner/rpc/v2: v2.0.2
• github.com/jeffchao/backoff: 9d7fd7a
• github.com/jefferai/isbadcipher: 51d2077
• github.com/jefferai/jsonx: v1.0.0
• github.com/joho/godotenv: v1.3.0
• github.com/joyent/triton-go: 6801d15
• github.com/karrick/godirwalk: v1.10.3
• github.com/kelseyhightower/envconfig: v1.4.0
• github.com/keybase/go-crypto: d65b6b9
• github.com/klauspost/compress: v1.9.5
• github.com/klauspost/cpuid: v1.2.0
• github.com/lestrrat-go/jwx: v0.9.0
• github.com/linode/linodego: v0.7.1
• github.com/magiconair/properties: v1.8.0
• github.com/mailru/easyjson: d5b7844
• github.com/markbates/oncer: bf2de49
• github.com/markbates/safe: v1.0.1
• github.com/martini-contrib/render: ec18f83
• github.com/mattn/go-shellwords: v1.0.5
• github.com/mholt/archiver: v3.1.1+incompatible
• github.com/michaelklishin/rabbit-hole: 93d9988
• github.com/mitchellh/hashstructure: v1.0.0
• github.com/mitchellh/pointerstructure: v1.0.0
• github.com/moby/term: 7f0af18
• github.com/mongodb/go-client-mongodb-atlas: v0.1.2
• github.com/montanaflynn/stats: 1bf9dbc
• github.com/munnerz/goautoneg: a547fc6
• github.com/mwielbut/pointy: v1.1.0
• github.com/mxk/go-flowrate: cca7078
• github.com/natefinch/atomic: a62ce92
• github.com/ncw/swift: v1.0.47
• github.com/nicolai86/scaleway-sdk: 798f60e
• github.com/nwaples/rardecode: v1.1.0
• github.com/oklog/ulid: v1.3.1
• github.com/okta/okta-sdk-golang/v2: v2.0.0
• github.com/okta/okta-sdk-golang: v1.1.0
• github.com/openlyinc/pointy: v1.1.2
• github.com/oracle/oci-go-sdk: v12.5.0+incompatible
• github.com/ory/dockertest/v3: v3.6.2
• github.com/oxtoacart/bpool: 4e1c556
• github.com/packethost/packngo: b9cb509
• github.com/patrickmn/go-cache: v2.1.0+incompatible
• github.com/pelletier/go-toml: v1.7.0
• github.com/peterbourgon/diskv: v2.0.1+incompatible
• github.com/petermattis/goid: b0b1615
• github.com/pquerna/cachecontrol: 1555304
• github.com/pquerna/otp: 468c2dd
• github.com/prometheus/tsdb: v0.7.1
• github.com/rboyer/safeio: v0.2.1
• github.com/renier/xmlrpc: ce4a1a4
• github.com/russross/blackfriday: v1.5.2
• github.com/sasha-s/go-deadlock: v0.2.0
• github.com/sean-/conswriter: f5ae391
• github.com/sean-/pager: 666be9b
• github.com/sethvargo/go-limiter: v0.3.0
• github.com/shirou/gopsutil: afe0c04
• github.com/softlayer/softlayer-go: 260589d
• github.com/spaolacci/murmur3: f09979e
• github.com/spf13/afero: v1.2.2
• github.com/spf13/cast: v1.3.0
• github.com/spf13/jwalterweatherman: v1.0.0
• github.com/spf13/viper: v1.4.0
• github.com/square/go-jose/v3: 708a9fe
• github.com/square/go-jose: v2.4.1+incompatible
• github.com/tencentcloud/tencentcloud-sdk-go: v3.0.171+incompatible
• github.com/ulikunitz/xz: v0.5.7
• github.com/vmware/govmomi: v0.18.0
• github.com/xi2/xz: 48954b6
• github.com/xordataexchange/crypt: b2862e3
• github.com/yandex-cloud/go-genproto: 762fe96
• github.com/yandex-cloud/go-sdk: 2194e50
• go.mongodb.org/atlas: v0.5.0
• gopkg.in/asn1-ber.v1: f715ec2
• gopkg.in/ini.v1: v1.42.0
• gopkg.in/jcmturner/goidentity.v3: v3.0.0
• gopkg.in/ldap.v3: v3.0.3
• gopkg.in/mgo.v2: 9856a29
• gopkg.in/ory-am/dockertest.v3: v3.3.4
• k8s.io/api: v0.18.2
• k8s.io/apimachinery: v0.18.2
• k8s.io/client-go: v0.18.2
• k8s.io/gengo: 0689ccc
• k8s.io/klog: v1.0.0
• k8s.io/kube-openapi: bf4fb3b
• k8s.io/utils: a9aa75a
• layeh.com/radius: 890bc10
• sigs.k8s.io/structured-merge-diff/v3: v3.0.0