- Moved json encoding to
bondy_json
module which now uses the newjson
moduled instead ofjsone
when running on OTP27. In addition, float and date formatting has been implemented to mirror those existing injsone
. Also the defaul float format respects the deprecatedjsx
lib format for backwards compatibility. - A new option
serializers.json.float_format
has been added tobondy.conf
that takes a string representation of the options supported byerlang:float_to_bionary/2
. - NOTICE: This only affects HTTP Gateway JSON encoding at the moment and not WAMP. This will be addressed in the next release.
- Fixed bug in password hash comparison for version 1.0 passwords (PR #40)
- Removed
enacl
andpbkdf2
libraries, replacing its funcionality with Erlang'spublic_key
andcrypto
applications for password hashing and WAMP Cryptosign. - Upgraded several dependencies BREAKING CHANGE NOTICE
- As a result of
enacl
removal we have temporarily retired support for theargon2
algorithm until we finish an implementation via Rustler.
- Fixes a bug in
bondy_rbac:conca_role
function that affected the RBAC APIs.
- Upgraded PlumDB and Partisan with fix to avoid partisan_plumree_brodcast to crash when the behaviour implementors raise an exception
- Fixes to Debian dockerfile
BREAKING CHANGE NOTICE
- This version replaces Leveldb with Rocksdb - Rocksdb storage is incompatible with Leveldb so if you rely on Bondy storing real information (realms, users, groups, grants, etc), you will need to export/import them using the
bondy.backup.create
andbondy.backup.restore
WAMP procedures. - Bug fix in
bondy_resgistry_entry:dirty_delete/1
- Fix CI for OTP26 docker variant
- Fix checking user credentials changes in
on_merge
(#31) - Fixes several bugs reported in #30:
- Missing
authroles
in WAMP context for Oauth2 flow - Pattern matching exception in Bondy Dealer where the atom
no_proc
was wrongly used instead ofnoproc
- Fix in bondy Oauth2 un be able to handle undefined as a "token_type" in the
revoke_token
operation
- Missing
- Drop Min OTP version to OTP25 and CI workflow to publish Bondy build with OTP25 and OTP26
- Upgrade Dockerfile to OTP 26.2.5 to avoid memory-related bugs in BEAM
- Downgrade to OTP 26.2.2 to avoid issue with cgroups cpu_quota bug in 26.2.4 and avoid memory crash issue with 26.2.3 until 26.2.5 is released.
- Fixes a bug when synchronising legacy formatted data
- Bug introduced
1.0.0-rc.15
on JWT parsing
- Partisan forwarding guarantees configuration.
router.forward.ack
router.forward.retransmission
bridge.forward.ack
bridge.forward.retransmission
- Until Partisan gurantees are provided by a more scalable backend we are disabling them by default by removing the previosuly hardcoded configuration and defining the following
bondy.conf
options defaulsrouter.forward.ack = on|off
router.forward.retransmission = on|off
bridge.forward.ack = on|off
bridge.forward.retransmission = on|off
- Fixed a bug that occured in
bondy_rpc_laod_balancer
when entries are empty
- Support for TCP/TLS proxy protocol and HTTP equivalent via headers
forwarded
,x-real-ip
,x-forwarded-for
. The algorithm searches for the presence of headers in that order and chooses the first Private IP found, returning the first IP Address if none are private.- New config options to enable/disable it
wamp.tcp.proxy_protocol
wamp.tls.proxy_protocol
admin_api.http.proxy_protocol
admin_api.https.proxy_protocol
api_gateway.http.proxy_protocol
api_gateway.https.proxy_protocol
bridge.listener.tcp.proxy_protocol
bridge.listener.tls.proxy_protocol
- Default:
off
- New config options to define whether to reject connections when a
source_ip
address cannot be obtained from the proxy (strict
) or fallback to the local IP address (relaxed
).wamp.tcp.proxy_protocol.mode
wamp.tls.proxy_protocol.mode
admin_api.http.proxy_protocol.mode
admin_api.https.proxy_protocol.mode
api_gateway.http.proxy_protocol.mode
api_gateway.https.proxy_protocol.mode
bridge.listener.tcp.proxy_protocol.mode
bridge.listener.tls.proxy_protocol.mode
- Default:
relaxed
- New config options to enable/disable it
- Fix bug in WAMP procedure
bondy.oauth2.token.revoke
- Re-establish support for HTTP
x-forwarded-for
andx-real-ip
headers - Fixed logger formatter so that metadata values for keys not included in the
template are included as part of the message.
- Fixes #28 - default configuration value for Bridge Relay produces a crash. This happened because some of the Bridge Relay options in the schema were using
default
as opposed tocommented
. The result was an invalid configuration for a Bridge relayed calledname
when this should be empty.
- Fixes #24 - missing command in Makefile target
- Upgrades PlumDB to latest
- Upgrades Partisan to latest
- Upgrades OTP to latest
- Fixes trying to restore non expired OAUTH2 refresh tokens based on its expiration time (issued at + expires in) from an old backup (tested case
0.41.6
version).
- Fixes bug in enacl dependency via a fork
- Fixes bug in authentication when migrating from Bondy version =< 0.8
- Change in Backup restore to avoid restoring and migrating expired OAUTH2 refresh tokens
- Updated Docker image base OS version to match those of the new OTP26 images
- Upgrade Partisan with fixes to fast forward which was not working
- Upgrade PlumDB with fixes to hashtree encoding on OTP26
- PlumDB no creates a manifest will be used in the near future to enable database migration
- New config params
cluter.peer_ip
andcluster.listen_addresses
based on updated Partisan
- Added support for IPv6 across all listeners
- Fixed port validaros accepting full port range (as opposed to previous rule which prescribed system ports)
- Added marketplace demo realm for testing
- Added Fly deployment
- Added dnsutils to Dockerimage
- Upgraded Partisan with support for IPv6 in DNS discovery.
cluster.peer_discovery.type = dns
cluster.peer_discovery.config.record_type = aaaa
cluster.peer_discovery.config.nameservers.1 = fdaa::3
cluster.peer_discovery.config.query = bondy.internal
cluster.peer_discovery.config.node_basename = bondy
- The peer discovery capabilities was moved from bondy to Partisan. The interface remains very similar. The following two examples show how to configure the
list
anddns
strategies inbondy.conf
cluster.peer_discovery.enabled = on
cluster.peer_discovery.initial_delay = 10s
cluster.peer_discovery.polling_interval = 10s
cluster.peer_discovery.timeout = 5s
cluster.peer_discovery.type = list
cluster.peer_discovery.config.addresses = [127.0.0.1:18086]
cluster.peer_discovery.enabled = on
cluster.peer_discovery.initial_delay = 10s
cluster.peer_discovery.polling_interval = 10s
cluster.peer_discovery.timeout = 5s
cluster.peer_discovery.type = dns
cluster.peer_discovery.config.record_type = fqdns
cluster.peer_discovery.config.query = bondy.internal
cluster.peer_discovery.config.node_basename = bondy
- This revision addresses an issue in the Active Anti-Entropy (AAE) implementation of PlumDB and the latest version of Erlang/OTP. In the latest version of Erlang, the binary serialization of terms is not deterministic by default, causing the AAE merkle tree to compute different values for the same object in different nodes. As a result, the AAE sync continuously exchanges terms that are actually the same.
- Pattern matching now supports wildcards
- Pattern-based Registration
- Upgraded to OTP 24
- WAMP Cryptosign authentication
- WAMP Ticket-based authentication
- Same Sign-on and Single Sign-on (SSO Realms)
- Realm Prototypes
- Added libsodium (enacl lib)
- New Bridge Relay connection allows to link an edge router to a core/remote router. This syncs (at the moment) a single realm and forwards procedures and subscriptions to the remote.
- Fixes group ordering issue in processing of security (realm) configuration files.
- bondy_realm topological ordering of groups within each realm according to their group membership relationship. If any cycles are found amongst groups, an error is raised.
- Existing groups referred by name in the group's 'group' property are not fetched, so cycles might still be created once the new groups are stored on the database.
- Fixes a concurrency issue with busy clients, in particular when they end up calling themselves. This was produced by an unnecessary used of internal acknowledgments which have been removed
- Fixes the following issues: #6, #7, #8
- Erlang encoding now enforces WAMP-compatible data structures and tries to convert certain types e.g. pids while it fails with others.
- Realm database representation
- User database representation
- Error types and description improvements
- Logging improvements
- Removed high cardinality labels in promethues metrics (before we would tag each WAMP message stats with realm, session, message type etc. this is not good for stats databases like Promethues).
- Added RBAC context caching to avoid computing the user grants on every request.
- Tickets database location: The location of the tickets changes on beta.64 onwards
- The RBAC context cache is not evicted or refreshed when a user is assigned to new realms or granted new permissions.
bondy.subscription.list
procedure- First verstion of Retained messages
- Added a non-standard WAMP Authentication method
oauth2
based on OAuth2 JWT Tokens- Is equivalent to WAMP-Ticket authentication method but expects the secret to be a JWT produced by Bondy OAuth2
authid
property value needs to be present and needs to match the JWT’ssub
property value
- Added Bondy specific load balancing strategies through the standard
REGISTER.Options.invoke
option:- queue_least_loaded
- quede_least_loaded_sample
- jump_consistent_hash (MUST not be used as this is experimental and the implementation will change with upcoming definitions from WAMP Specification)
- Added support for WS compression
- now supports permessage-deflate websocket extension and enabled by default
- added configuration option
wamp.websocket.compression_enabled
- added configuration option
wamp.websocket.deflate.level
- added configuration option
wamp.websocket.deflate.mem_level
- added configuration option
wamp.websocket.deflate.strategy
- added configuration option
wamp.websocket.deflate.server_context_takeover
- added configuration option
wamp.websocket.deflate.client_max_window_bits
- added configuration option
wamp.websocket.idle_timeout
- added configuration option
bondy.wamp_websocket.max_frame_size
- Not working with Mozilla as it seems to be sending a corrupted PING message
- Minor WAMP protocol fixes
- Several bug fixes during removal of an API Specification
- Removal did not rebuilt the web server dispatch tables and thus the API removed was still active until reboot.
- Cleanup of session data when web server processes crash abnormally
- Upgraded to Erlang 23
- Security data structures
- Security methods (more methods added and a clear distinction between 'anontmous' and 'trust')
- API Gateway
- The API specification body object now supports any external-friendly data type e.g. erlang tuples, pids, references excluded.
- Fixes a bug in the validation of the response body which failed in case the body was not a MOPS expression, a binary or map. Now all external-friendly types are allows e.g. numbers, booleans, strings, binaries, maps, lists and MOPS expressions. This allows to return static content i.e. not a result of evaluating a MOPS expression in any given type of action.
- Upgraded MOPS which has better error reporting and support for a new function
random(N)
which returns N random members from a list. If the value random is applied is static, this will yield the same results on every request.
- API Gateway
- Minor fixes to enhance error handling and logging
- Fixed a case where an invalid API Specification can crash the gateway process during startup
- Configuration
- Fixed an error in which private/default lager configuration would override user configuration (bondy.conf)
- OAuth2
- Fixed a bug on the removal of refresh token indices during refresh token revocation.
- Clustering
- Fixed missing handler for WAMP ERROR(CALL) messages forwarded by a peer node
- Configuration
- The WAMP raw socket serialiser slot assignment is now configurable. Bondy provides Erlang (erl) and BERT serialisers in addition to JSON and Messagepack. This change allows the user to configure to which of the 13 available slots (3..15) are those serialisers mapped to.
- Added a controlled phased startup process
- Bondy now starts in phases allowing to block on several steps using configuration parameters. The main benefit is to avoid starting up the WAMP client socket listeners before several subsystems have finish initialisation and/or some processes have been completed.
startup.wait_for_store_partitions
- controls whether to block further stages until all db partitions have been initialised, this includes loading all data into those entities stored in ram and disk. Default ison
.startup.wait_for_store_hashtrees
- defines whether Bondy will wait for the db hashtrees to be built before continuing with initialisation. Default ison
.startup.wait_for_store_aae_exchange
- Defines whether Bondy will wait for the first active anti-entropy exchange to be finished before continuing with initialisation. These only works if Bondy is part of a cluster i.e. when Peer Discovery and Automatic Cluster join is enabled.
- The Bondy Admin HTTP API listeners are started as soon as the store partitions and other subsystems are initialised. This allows for liveness probes to be able to check on Bondy and/or admin users to inspect and/or operate while the other phases are running.
- Bondy now starts in phases allowing to block on several steps using configuration parameters. The main benefit is to avoid starting up the WAMP client socket listeners before several subsystems have finish initialisation and/or some processes have been completed.
- Several fixes to Security Configuration file format
sources.usernames
now takes a string "any" of a list of usernames, including "anonymous"grants.roles
now takes a string "any" of a list of rolenames, including "anonymous"
- First implementation of Peer Discovery and Automatic Cluster join.
- Implementation of DNS srv based discovery tested to work with Kubernetes DNS
- Finished Bondy Broker schema specification
- Added authorization controls for all WAMP verbs (register, unregister, call, cancel, publish, subscribe and unsubscribe). Authorization is managed by the existing Security subsystem which now can be configured using JSON files defined in the bondy.conf file (in addition to the WAMP and HTTP/REST APIs).
- Fixed WAMPRA (with salted password) authentication method.
- This requires a rehash of the existing passwords. If you are migrating from an existing Bondy installation, the migration occurs lazily on the new user login (as we need the user to provide the password for Bondy to be able to rehash, as Bondy never stores clear text passwords).
- Refactoring of configuration via bondy.conf
- Removed legacy config options,
- Renamed a few a config options and introduced new ones to support static configuration via JSON files and new features like Peer Discovery and Automatic Cluster join.
- Migration to OTP 21.3 or higher.
- Upgraded all dependencies to support OTP 21
This version includes a complete redesign of event management and instrumentation.
The new bondy_event_manager
is now the way for the different subsystems to asynchronously publish events (notifications) and offload all instrumentation to event handlers:
bondy_promethues
is an event handler that implements all promethues instrumentationbondy_wamp_meta_events
is an event handler that selectively re-published bondy events to WAMP Meta events.
-
bondy_event_manager
implements a form of supervised handlers similar to lager (logging library), by spawning a "watcher" processes per handler (module) under a supervision tree and restarting it when it crashes. -
bondy_alarm_handler
replaces sasl’s default alarm_handler.
bondy_stats
containing legacy exometer instrumentation was removed.
This version introduces an incompatibility with previous versions data storage. If you want to upgrade an existing installation you will need to use the bondy_backup module's functions or the Admin Backup API.
- Upgrade to plum_db 0.2.0 which introduces prefix types to determine which storage type to use with the following types supported: ram (ets-based storage), disk (leveledb) and ram_disk(ets and leveldb).
- Registry uses
ram
storage type - All security resources use
ram_disk
storage type - Api Gateway (specs) and OAuth2 tokens use
disk
storage type
- Registry uses
- Handling of migration in bondy_backup. To migrate from v0.7.1 perform a backup on Bondy v0.7.1 and then restore it on Bondy v0.7.2.
- New Trie data structure for bondy_registry
- Bondy now uses Leapsight's
art
library to implement the registry index structure use to match RPC calls and PubSub subscriptions.art
provides a single-writter, multi-reader Radix Trie following the Adaptive Radix Tree algorithm. The implementation uses one gen_server and one ets table per trie and currently supports WAMPexact
andprefix
matching strategies.wildcard
matching support is on its way.
- Bondy now uses Leapsight's
- Internal wamp subscriptions
- We have implemented a first version of an internal WAMP subscription so that Bondy internally can subscribe to WAMP events. This is done through new functions in bondy_broker and the new module bondy_broker_events
- OAuth 2 Security
- Major changes to security subsystem including harmonisation of APIs, deduplication and bug fixes.
- Use new internal wamp subscriptions to avoid coupling Bondy Security with Bondy API Gateway & OAuth.
- Bondy Security modules publishe wamp events on entity actions e.g. user creation, deletion, etc.
- Bondy API Gateway modules and bondy_api_gateway_client subscribe to the user delete events to cleanup OAuth tokens
- Fixed a bug where internal security operations will not trigger token revocation.
- Bondy API Gateway modules, i.e. are now implemented by calling Bondy Security modules e.g. bondy_security_user instead of calling bondy_security (former Basho Riak Core Security) directly. This will help in the refactoring of bondy_security and in addition all event publishing is centralised in bondy_security_user.
- Implemented additional index for tokens to enable deletion of all users’ tokens
- Added two db maintenance functions to (i) remove dangling tokens and (ii) rebuild the indices on an existing db
- Added additional Internal wamp events to subsystems e.g. bondy_realm and bondy_backup
- Clustering
- Completion of clustering implementation using partisan library (at the moment supporting the default peer service only, hyparview to be considered in the future)
- bondy_router can now route WAMP messages across nodes. The internal load balancer prefers local callees by default, only when a local callee is not found for a procedure the invocation is routed to another node. Load balancer state is local and not replicated. Future global load balancing strategies based on ant-colony optimisation to be considered in the future.
bondy-admin
(bondy_cli) implementation of cluster management commands (join, leave, kick-out and members)
- Storage and Replication
- new storage based on plum_db which
- uses lasp-lang/plumtree and lasp-lang/partisan to support data replication
- provides more concurrency than plumtree and removes the capacity limitation imposed by the use of dets
- new storage based on plum_db which
- API Gateway
- API Specs are replicated using plum_db. A single bondy_api_gateway gen_server process rebuilds the Cowboy dispatch table when API Spec updates are received from other nodes in the cluster (using plum_db pubsub capabilities)
- Registry
- The registry entries are replicated using plum_db. This is not ideal as we are using disk for transient data but it is a temporary solution for replication and AAE, as we are planning to change the registry by a new implementation of a trie data structure at which point we might use plumtree and partisan directly avoiding storing to disk.
- A single bondy_registry gen_server process rebuilds the in-memory indices when entry updates are received from other nodes in the cluster (using plum_db pubsub capabilities)
- bondy_backup
- A new module that allows to backup the contents of the database to a file, and restore it.
- Allows to migrate from previous versions that use plumtree (dets) to plum_db
- General
- Removed unused modules
- Minor error description fixes
- Code tidy up
- Dependencies
- cowboy, hackney, jsx, sidejob, promethus, lager and other dependencies upgraded
- Oauth2
- Revoke refresh_token
- Added client_device_id optional parameter for token request which will generate an inde mapping a Username/ClientDeviceId to a refresh_token to enabled revoking token by Username/ClientDeviceId.
- JWT.iat property using unix erlang:system_time/1 instead of erlang:monotonic_time/1 (as users might want to use this property)
- Token expiration is now configured via cuttlefish
- API Gateway
- JSON errors no longer include the status_code property (this was redundant with HTTP Status Code and were sometimes inconsistent)
- Added http_method in forward actions to enable transforming the upstream HTTP request method e.g. a GET can be transformed to a POST
- API Gateway Spec now allows to use a mop expression for WAMP procedure URIs
- New mops functions: min, max and nth on lists (equivalent to the lists module functions)
- Testing
- Fixed mops suite bugs
- Added oauth2 refresh_token CRUD test case, covering creation, refresh and revoke by token and by user/client_device_id
- Upgraded Cowboy dependency to 2.1.0
- Upgraded promethues_cowboy to latest and added cowboy metrics to prometheus endpoint
- Minor changes in function naming for enhanced understanding
- Minor fixes in options and defaults