Merge pull request #1982 from openziti/release-next

Release v1.1.1

CHANGELOG.md

@@ -1,3 +1,42 @@
+# Release 1.1.1
+
+## What's New
+
+* HA Alpha-3
+* Bug fixes and minor enhancements
+
+## HA Alpha 3
+
+This release can be run in HA mode. The code is still alpha, as we're still finding and fixing bugs. 
+
+For more information:
+
+* HA overview/getting started/migration: [HA Documementation](https://github.com/openziti/ziti/tree/release-next/doc/ha)
+* Open Issues: [HA Project Board](https://github.com/orgs/openziti/projects/9/views/1) 
+
+## New Contributors
+
+Thanks to new contributors
+
+* @Vrashabh-Sontakke
+
+## Component Updates and Bug Fixes
+* github.com/openziti/edge-api: [v0.26.17 -> v0.26.18](https://github.com/openziti/edge-api/compare/v0.26.17...v0.26.18)
+* github.com/openziti/sdk-golang: [v0.23.27 -> v0.23.32](https://github.com/openziti/sdk-golang/compare/v0.23.27...v0.23.32)
+    * [Issue #554](https://github.com/openziti/sdk-golang/issues/554) - Passing in config types on service list breaks on older controller
+
+* github.com/openziti/storage: [v0.2.36 -> v0.2.37](https://github.com/openziti/storage/compare/v0.2.36...v0.2.37)
+    * [Issue #64](https://github.com/openziti/storage/issues/64) - Add support for transaction complete listeners
+
+* github.com/openziti/ziti: [v1.1.0 -> v1.1.1](https://github.com/openziti/ziti/compare/v1.1.0...v1.1.1)
+    * [Issue #1973](https://github.com/openziti/ziti/issues/1973) - Raft should not initialize if db is misconfigured
+    * [Issue #1971](https://github.com/openziti/ziti/issues/1971) - BUG: OIDC authentication does not convert config type names to ids
+    * [Issue #1966](https://github.com/openziti/ziti/issues/1966) - Handle multi-entity updates in router data model
+    * [Issue #1772](https://github.com/openziti/ziti/issues/1772) - provide a better error when the user is not logged in
+    * [Issue #1964](https://github.com/openziti/ziti/issues/1964) - Add API Session Token Update Messaging
+    * [Issue #1960](https://github.com/openziti/ziti/issues/1960) - JWT Session exchange isn't working
+    * [Issue #1962](https://github.com/openziti/ziti/issues/1962) - permissions enum doesn't contain "Invalid"
+
 # Release 1.1.0
 
 ## What's New

common/event_cache.go

@@ -6,12 +6,12 @@ import (
 	"sync"
 )
 
-type OnStoreSuccess func(index uint64, event *edge_ctrl_pb.DataState_Event)
+type OnStoreSuccess func(index uint64, event *edge_ctrl_pb.DataState_ChangeSet)
 
 type EventCache interface {
 	// Store allows storage of an event and execution of an onSuccess callback while the event cache remains locked.
 	// onSuccess may be nil. This function is blocking.
-	Store(event *edge_ctrl_pb.DataState_Event, onSuccess OnStoreSuccess) error
+	Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error
 
 	// CurrentIndex returns the latest event index applied. This function is blocking.
 	CurrentIndex() (uint64, bool)
@@ -20,7 +20,7 @@ type EventCache interface {
 	// An empty slice and true is returned in cases where the requested startIndex is the current index.
 	// An empty slice and false is returned in cases where the replay cannot be facilitated.
 	// This function is blocking.
-	ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_Event, bool)
+	ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool)
 
 	// WhileLocked allows the execution of arbitrary functionality while the event cache is locked. This function
 	// is blocking.
@@ -55,7 +55,7 @@ func (cache *ForgetfulEventCache) WhileLocked(callback func(uint64, bool)) {
 	callback(cache.currentIndex())
 }
 
-func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_Event, onSuccess OnStoreSuccess) error {
+func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error {
 	cache.lock.Lock()
 	defer cache.lock.Unlock()
 
@@ -81,7 +81,7 @@ func (cache *ForgetfulEventCache) Store(event *edge_ctrl_pb.DataState_Event, onS
 	return nil
 }
 
-func (cache *ForgetfulEventCache) ReplayFrom(_ uint64) ([]*edge_ctrl_pb.DataState_Event, bool) {
+func (cache *ForgetfulEventCache) ReplayFrom(_ uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool) {
 	return nil, false
 }
 
@@ -103,18 +103,18 @@ func (cache *ForgetfulEventCache) currentIndex() (uint64, bool) {
 // LoggingEventCache stores events in order to support replaying (i.e. in controllers).
 type LoggingEventCache struct {
 	lock         sync.Mutex
-	HeadLogIndex uint64
-	LogSize      uint64
-	Log          []uint64
-	Events       map[uint64]*edge_ctrl_pb.DataState_Event
+	HeadLogIndex uint64                                       `json:"-"`
+	LogSize      uint64                                       `json:"-"`
+	Log          []uint64                                     `json:"-"`
+	Events       map[uint64]*edge_ctrl_pb.DataState_ChangeSet `json:"-"`
 }
 
 func NewLoggingEventCache(logSize uint64) *LoggingEventCache {
 	return &LoggingEventCache{
 		HeadLogIndex: 0,
 		LogSize:      logSize,
 		Log:          make([]uint64, logSize),
-		Events:       map[uint64]*edge_ctrl_pb.DataState_Event{},
+		Events:       map[uint64]*edge_ctrl_pb.DataState_ChangeSet{},
 	}
 }
 
@@ -125,7 +125,7 @@ func (cache *LoggingEventCache) SetCurrentIndex(index uint64) {
 	cache.HeadLogIndex = 0
 	cache.Log = make([]uint64, cache.LogSize)
 	cache.Log[0] = index
-	cache.Events = map[uint64]*edge_ctrl_pb.DataState_Event{}
+	cache.Events = map[uint64]*edge_ctrl_pb.DataState_ChangeSet{}
 }
 
 func (cache *LoggingEventCache) WhileLocked(callback func(uint64, bool)) {
@@ -135,7 +135,7 @@ func (cache *LoggingEventCache) WhileLocked(callback func(uint64, bool)) {
 	callback(cache.currentIndex())
 }
 
-func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_Event, onSuccess OnStoreSuccess) error {
+func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_ChangeSet, onSuccess OnStoreSuccess) error {
 	cache.lock.Lock()
 	defer cache.lock.Unlock()
 
@@ -149,7 +149,7 @@ func (cache *LoggingEventCache) Store(event *edge_ctrl_pb.DataState_Event, onSuc
 	currentIndex, ok := cache.currentIndex()
 
 	if ok && currentIndex >= event.Index {
-		return fmt.Errorf("out of order event detected, currentIndex: %d, recievedIndex: %d, type :%T", currentIndex, event.Index, cache)
+		return fmt.Errorf("out of order event detected, currentIndex: %d, receivedIndex: %d, type :%T", currentIndex, event.Index, cache)
 	}
 
 	targetLogIndex := uint64(0)
@@ -188,7 +188,7 @@ func (cache *LoggingEventCache) currentIndex() (uint64, bool) {
 	return cache.Log[cache.HeadLogIndex], true
 }
 
-func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_Event, bool) {
+func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.DataState_ChangeSet, bool) {
 	cache.lock.Lock()
 	defer cache.lock.Unlock()
 
@@ -219,15 +219,15 @@ func (cache *LoggingEventCache) ReplayFrom(startIndex uint64) ([]*edge_ctrl_pb.D
 
 	// ez replay
 	if *startLogIndex < cache.HeadLogIndex {
-		var result []*edge_ctrl_pb.DataState_Event
+		var result []*edge_ctrl_pb.DataState_ChangeSet
 		for _, key := range cache.Log[*startLogIndex:cache.HeadLogIndex] {
 			result = append(result, cache.Events[key])
 		}
 		return result, true
 	}
 
 	//looping replay
-	var result []*edge_ctrl_pb.DataState_Event
+	var result []*edge_ctrl_pb.DataState_ChangeSet
 	for _, key := range cache.Log[*startLogIndex:] {
 		result = append(result, cache.Events[key])
 	}

common/oidc_tokens.go

@@ -220,6 +220,31 @@ type IdTokenClaims struct {
 	CustomClaims
 }
 
+func (r *IdTokenClaims) GetExpirationTime() (*jwt.NumericDate, error) {
+	return &jwt.NumericDate{Time: r.TokenClaims.GetExpiration()}, nil
+}
+
+func (r *IdTokenClaims) GetNotBefore() (*jwt.NumericDate, error) {
+	notBefore := r.TokenClaims.NotBefore.AsTime()
+	return &jwt.NumericDate{Time: notBefore}, nil
+}
+
+func (r *IdTokenClaims) GetIssuedAt() (*jwt.NumericDate, error) {
+	return &jwt.NumericDate{Time: r.TokenClaims.GetIssuedAt()}, nil
+}
+
+func (r *IdTokenClaims) GetIssuer() (string, error) {
+	return r.TokenClaims.Issuer, nil
+}
+
+func (r *IdTokenClaims) GetSubject() (string, error) {
+	return r.TokenClaims.Issuer, nil
+}
+
+func (r *IdTokenClaims) GetAudience() (jwt.ClaimStrings, error) {
+	return jwt.ClaimStrings(r.TokenClaims.Audience), nil
+}
+
 func (c *IdTokenClaims) TotpComplete() bool {
 	for _, amr := range c.AuthenticationMethodsReferences {
 		if amr == "totp" {