Warning
This release contains an issue with the LookupResources implementation. Please wait for a patch release unless you are confident you will not be using LookupResources.
Highlights
🚀 Experimental Bulk Load/Export APIs are now available
⚡ Cursors and Limits now available on LookupResources and ReadRelationships APIs
🪳 Cockroach driver now balances load over CockroachDB nodes and accepts per-request overlap keys
🎊 Schema API now returns ZedTokens
🎉 SpiceDB will now write exit codes and a termination log on exit
⛓️ Spanner datastore now uses native changestreams for the Watch API
🥇 Datastores now use upsert semantics for TOUCH write operations where possible
Upgrade Notes
Warning
This is release includes changes for dispatching, which can result in an increased error rate during rollout. To avoid, deploy as a distinct cluster and switch over your load balancer(s)
Spanner
Warning
This is release includes migrations for the Spanner datastore to support native change streams.
To learn more about migrations, see the migration documentation.
To automate migrations, Kubernetes users can run the SpiceDB Operator.
If not using the operator, Spanner users have two options: zero downtime or not.
Downtime
- Ensure SpiceDB v1.21.0 was running
- Shut off SpiceDB in all clusters
- Run
spicedb migrate headusing SpiceDB v1.22.0 - Rollout v1.22.0 to your cluster(s)
Zero-downtime
- Ensure SpiceDB v1.21.0 is currently running
- Run
spicedb migrate register-tuple-change-streamusing SpiceDB v1.22.0 - Rollout v1.22.0 to your cluster(s) with the following flag:
--datastore-migration-phase=write-changelog-read-changelog - Rollout v1.22.0 to your cluster(s) with the following flag:
--datastore-migration-phase=write-changelog-read-stream - Once the rollout is fully complete, run
spicedb migrate drop-changelog-tableusing SpiceDB v1.22.0 - Rollout v1.22.0 to your cluster(s) with the
--datastore-migration-phaseflag removed
What's Changed
- prepares for merge-queue enablement by @vroldanbet in #1314
- Add better logging of config by @josephschorr in #1308
- reduces flakiness of servetesting integration test by @vroldanbet in #1315
- Bulk load experimental API by @jakedt in #1281
- Fix comment by @jakedt in #1319
- Skip logging of serialization errors in pgx by @josephschorr in #1325
- add magefiles for running project commands by @ecordell in #1318
- balancer: rewrite the consistent hashring balancer to avoid recomputations by @ecordell in #1310
- Add require.Eventually to remove flakiness on image tests by @josephschorr in #1328
- only run image tests in cmd/spicedb by @ecordell in #1329
- Add retries around spawning images in servetesting by @josephschorr in #1330
- Preloaded task runner for check dispatch by @josephschorr in #1267
- Add additional eventually to integrate test to try to reduce flakiness by @josephschorr in #1332
- Add support for limited deletion of relationships by @josephschorr in #1306
- README: add Netflix <> Caveats shoutout by @jzelinskie in #1334
- Fix reachable resource TTU over subject relations by @josephschorr in #1324
- Change namespace+relation validation to use a single DB lookup by @josephschorr in #1336
- TOUCH datastore improvements by @josephschorr in #1312
- Add unit tests for all type system operations by @josephschorr in #1335
- crdb: add a connection-balancing retry-aware connection pool by @ecordell in #1294
- Add support for cursors and limits on LookupResources API calls by @josephschorr in #1296
- Remove parallel and log to see why test is flaky by @josephschorr in #1341
- Force custom plans in Postgres by @josephschorr in #1331
- increase timeout for health check tests by @ecordell in #1342
- Add support for cursors on read relationships by @josephschorr in #1340
- MySQL: nullable information_schema.tables columns and add test-suite for MySQL8 by @vroldanbet in #1337
- healthcheck test: don't share testing.T with subtests and speed up test by @ecordell in #1343
- Fix closeafterusage linter for underscores in assign statements by @josephschorr in #1344
- internal/services/v1: add bulk export to the experimental service by @jakedt in #1326
- Update CONTRIBUTING with info on mage by @ecordell in #1346
- Add ability to query relationships, sorted by subject by @josephschorr in #1309
- fix typo in StreamReadTimeout option by @vroldanbet in #1349
- Avoid reallocation of slice in preloaded task runner by @josephschorr in #1350
- Additional SQL tests for order BySubject by @josephschorr in #1351
- Remove the panic on combineCursor by @josephschorr in #1352
- Don't emit a warning for gRPC cancelation by @josephschorr in #1361
- Add a test to ensure LookupResource cursors are stable across calls by @josephschorr in #1360
- Fix CRDB pool readiness startup log by @ecordell in #1353
- allow connpool flags to be written as conn-pool by @ecordell in #1354
- Schema ZedTokens by @jakedt in #1362
- Use correct error type for duplicate relationships by @reify-tanner-stirrat in #1367
- add support for termination log and custom exit codes by @vroldanbet in #1364
- introduces a flag to define the maximum relationship context size by @vroldanbet in #1356
- Parallelize the entrypoint computation in ReachableResources by @josephschorr in #1365
- more robust server defaults using optgen defaults by @vroldanbet in #1370
- Bump github.com/lib/pq from 1.10.7 to 1.10.9 by @dependabot in #1377
- Bump github.com/Masterminds/squirrel from 1.5.3 to 1.5.4 by @dependabot in #1374
- Bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.36.1 to 0.42.0 by @dependabot in #1373
- Re-parallelize the checking of resources in LookupResources by @josephschorr in #1380
- Switch ReachableResources to use BySubject ordering by @josephschorr in #1382
- correctly chunks large bootstrap files by @vroldanbet in #1383
- Fix a deadlock in preloaded task runner by @josephschorr in #1385
- Deduplicate LookupResources results when limits are unspecified by @josephschorr in #1386
- crdb: report readiness as soon as min connections are available by @ecordell in #1387
- add request-scoped overlap key option for crdb by @ecordell in #1197
- document request overlap in crdb/README.md by @ecordell in #1390
- Move to go 1.20.5 to fix a reported vuln in Go libs by @josephschorr in #1392
- Properly handle context cancelation in LookupResources processing by @josephschorr in #1389
- default termination-log to disabled to make sure SpiceDB does not fail to start by @vroldanbet in #1393
- Change CREATE error into a well-typed error with details by @josephschorr in #1394
New Contributors
- @reify-tanner-stirrat made their first contribution in #1367
Full Changelog: v1.21.0...v1.22.0
Docker Images
This release is available at authzed/spicedb:v1.22.0, quay.io/authzed/spicedb:v1.22.0, ghcr.io/authzed/spicedb:v1.22.0