Note
All datastores have a migration to add new columns for relationship expiration support
Highlights
⌛ Expiring relationships
⚡ Experimental SQL optimization
🔧 Read replica fixes
Features
Introducing first class support for expiring relationships in SpiceDB! Developers can now define a lifespan for relationships in schema, preventing unintended access through lingering permissions. Relationship expiration terms can also be dynamically defined by application end users, providing them with even more granular control over how they choose to share data.
For more details, refer to SpiceDB documentation: https://authzed.com/docs/spicedb/concepts/expiring-relationships
End to end support for experimental first-class relationship expiration feature by @josephschorr in #2152
Enhancements
Various improvements
- Make index creation idempotent by @josephschorr in #2197
- Implement simpler import syntax by @tstirrat15 in #2207
- Change feature detection for CRDB watch to not require waiting by @josephschorr in #2205
- Delete LookupResources v1, ReachableResources and all helper code by @josephschorr in #2203
- add schemaFile to ValidationFile by @kartikaysaxena in #2206
Garbage collection
- GC improvements: GC only on a single node and add a missing index in PG by @josephschorr in #2159
- Move unlock call to a background context in GC by @josephschorr in #2198
- Change GC test to always call GC directly by @josephschorr in #2165
Datastore tests
- Additional datastore tests by @josephschorr in #2180
- Add some additional datastore tests to improve coverage by @josephschorr in #2173
- Switch datastore tests to use a larger runner by @josephschorr in #2182
- Add basic steelthread tests for bulk import and export of relationships by @josephschorr in #2166
- Add steelthread tests to CI and to mage test:all by @josephschorr in #2167
- Add support for bulk check in steelthread test by @josephschorr in #2171
- Deparallelize the steelthread tests to hopefully remove the flakiness by @josephschorr in #2169
- Increase max number of retries on flaky test by @josephschorr in #2204
- Add additional tests to the datastore consistency test suite by @josephschorr in #2168
- Remove parallel running on datastore consistency tests to reduce flakiness by @josephschorr in #2186
- Disable retries on the serialization test for PG by @josephschorr in #2200
- Remove sleep in stats test unless needed by @josephschorr in #2201
- Improve test coverage of memdb datastore with some new rel tests by @josephschorr in #2172
- Switch postgres tests to run in a matrix of versions by @josephschorr in #2195
- Add caveated bulk load test to datastore tests by @josephschorr in #2176
Observability, Debugging
- Add tracing to the LR2 implementation by @josephschorr in #2174
- Ensure source is returned for all check debug traces by @josephschorr in #2196
- Small changes around node IDs and trace IDs by @josephschorr in #2202
- Add support for debug traces in Check Bulk Permission by @josephschorr in #2193
- Add option to enable query parameters to appear in traces by @josephschorr in #2177
- Add slightly more information to the LR2 dispatch traces by @josephschorr in #2183
- Wire Spanner's logging up to zerolog by @josephschorr in #2181
Caveats
- Move caveat loading into a shared runner to reduce overhead in dispatch by @josephschorr in #2179
- Switch postgres to use a set and return an error if a duplicate caveat name is given by @josephschorr in #2199
- Relationships selected in SQL-based datastores now elide columns that have static values by @josephschorr in #2096
Fixes
- Remove now-unused windows workflow by @tstirrat15 in #2158
- Fix bulk export of relationships with caveats by @josephschorr in #2163
- Ensure datastore containers do not auto-restart by @josephschorr in #2187
- Fix the strict read proxy by @josephschorr in #2188
Updated dependencies
- Update Go crypto to v0.31.0 due to a reported vuln in that lib by @josephschorr in #2162
- Update net lib for reported Go library vulnerability by @josephschorr in #2175
- Bump the go_modules group across 2 directories with 1 update by @dependabot in #2161
- Bump golang from 1.23.3-alpine3.20 to 1.23.4-alpine3.20 in the docker group by @dependabot in #2184
- Bump the go-mod group with 23 updates by @dependabot in #2185
New Contributors
- @kartikaysaxena made their first contribution in #2206!
Full Changelog: v1.39.0...v1.40.0
Docker Images
This release is available at authzed/spicedb:v1.40.0, quay.io/authzed/spicedb:v1.40.0, ghcr.io/authzed/spicedb:v1.40.0