These 33 commits are when the Protocol Buffers files have changed:
| Commit: | 9a6de26 | |
|---|---|---|
| Author: | Andrew Martinez | |
remove RDM capability, it is router/controller only
| Commit: | 7d74bda | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 receive service and posture state pushed by edge routers - adds ServiceChangeSet and PostureStateChange protobuf messages plus the Subscribe/Unsubscribe/ResyncPostureState controls: indexed atomic structural envelopes (services, policies, posture check definitions, identity-resolved config bodies) with a separate unindexed per-connection posture pass/fail stream - adds a subscription coordinator holding independent per-router state with index gap detection, duplicate drops, posture seq resync, and state-overlay pruning; the app-facing service cache materializes from the highest-index subscribed router and merges pushed fields into polled details - follows traffic with subscriptions: capable routers are selected via the router capability list, each router a dial or bind uses gets subscribed, idle subscriptions are swept with a floor of one retained, and controller polling pauses only while a confirmed push connection exists, remaining the backwards-compatibility fallback - submits posture data per router: each posture-capable connection receives only the responses its own pushed checks require, diffed against a per-connection baseline; pushed posture queries carry the MFA timeout for TOTP scheduling - exposes the per-router view publicly: RouterView (router id, name, address, push capability, subscription state, structural index) with services -> policies -> posture checks all carrying ids and the router's pushed pass/fail, via Context.GetRouterViews and the EventRouterViewChanged listener - returns typed ConnErrors from dial and bind (service and router ids, cause, failing posture check ids), supporting both errors.Is sentinels and errors.As extraction, mapped from the routers' structured denials - promotes SetErrorEventHandler and SetConnectionChangeHandler into edge.Listener; SessionListener shrinks to the legacy GetCurrentSession add-on - adds RouterConn.GetRouterId (the router's certificate identity) and moves the service-subscriptions capability onto the router capability bitmask - stops serializing the structured error's Cause, which broke unmarshaling on receipt and silently discarded denials
| Commit: | f4a6d5e | |
|---|---|---|
| Author: | Andrew Martinez | |
for openziti/ziti#3990 harden the SDK side of the push subscription lifecycle - makes the poll-to-push handoff seamless and lossless: the snapshot diffs against the polled service cache, pushed fields merge into the cached detail (polled-only metadata preserved), lost services emit removal events with session/intercept teardown, and known services no longer re-emit added or spurious changed events - moves the controller list, router dials, and subscribe sends outside subscriptionLock, with an in-flight reservation so concurrent paths never double-subscribe one router - drops pushes from untracked routers and stale incremental envelopes (duplicates are not gaps); full snapshots still always apply - recovers from a posture seq gap by requesting a full posture re-send (new RouterConn.ResyncPostureState) and accepting it at whatever seq it carries - commits posture data when any per-router delta was sent, so router-only wake/unlock one-shots and TOTP fetches are not repeated every pass - builds per-router posture requirements without parsing pushed config bodies, and emits pushed permissions in canonical dial-then-bind order - logs per-router subscribe/unsubscribe and push/poll mode transitions at info and self-recovered abnormalities at debug, including the structural index - documents the ServiceSubscriptionIndex header and Subscribe index field as reserved, and PostureStateChange.structuralIndex as correlation-only, not a delivery gate
| Commit: | 95d1fe2 | |
|---|---|---|
| Author: | Andrew Martinez | |
for openziti/ziti#3990 harden the SDK side of the push subscription lifecycle - makes the poll-to-push handoff seamless: the snapshot diffs against the polled service cache instead of clearing it, so lost services emit removal events and tear down sessions and intercepts, and known services no longer re-emit added events - moves the controller list, router dials, and subscribe sends outside subscriptionLock, with an in-flight reservation so concurrent paths never double-subscribe one router - drops pushes from routers the coordinator no longer tracks instead of recreating their state and resubscribing against an explicit unsubscribe or idle sweep - drops incremental envelopes at or below the committed structural index (duplicates are not gaps); full snapshots still always apply - recovers from a posture seq gap by requesting a full posture re-send (new RouterConn.ResyncPostureState) and accepting it at whatever seq it carries; stale seqs drop - commits posture data when any per-router delta was sent, so wake/unlock one-shots and TOTP fetches relevant only to one router's pass - builds per-router posture requirements without parsing pushed config bodies - logs per-router subscribe/unsubscribe and pinfo and self-recovered abnormalities (stale drops, gaps) at debug, including the structural index - marks the ServiceSubscriptionIndex header aeserved for the deferred fast-forward
| Commit: | 82fcfeb | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 per-router service subscriptions with traffic-following lifecycle and per-router posture - adds subscriptionCoordinator: one handler demuxing per-router structural and posture stream state; materializes the sdk consumer view from the highest-index router; per-router structural/seq gap detection resubscribes only the affected router - materializes the sdk consumer view on a worker goroutine so service events never fire under coordinator or subscription locks (synchronous listeners that dial re-enter the SDK) - subscribes the router each dial/bind uses, keeps a floor of one subscribed router via reconcile, and unsubscribes routers idle for five minutes, never the last one - submits posture per-router: each posture-capable connection receives only the responses its own checks require, diffed against a per-connection baseline; new connections get their full relevant state; keeps the controller fallback and legacy-session behavior - stores the coordinator in an atomic pointer; posture evaluation reads it on paths that already hold the subscription lock - adds PostureCheckDef.timeoutSeconds and carries the MFA timeout on pushed posture queries so TOTP refresh scheduling works without controller polling
| Commit: | b3fb6e0 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 move service subscriptions to the router capability bitmask - adds a ServiceSubscriptions bit to the RouterCapability enum and drops the standalone SupportsServiceSubscriptions header - adds RouterConn.IsCapable for hello-header bit checks; refactors SupportsConnectV2 to delegate to it - negotiates push support via the bitmask instead of the bool header, matching ConnectV2
| Commit: | 3ffce85 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 subscribe to router-pushed service and posture changes - adds SubscribeToServiceUpdatesFromRouter/UnsubscribeFromServiceUpdatesFromRouter and a handler that turns ServiceChangeSet messages into service add/change/remove events - applies ServiceChangeSet envelopes atomically by structural index, resubscribing at -1 on a detected gap - tracks router-pushed posture state (PostureStateChange) as a full-state replacement - reconciles push subscriptions across edge routers: pre-selects capable routers from the edge router list, confirms capability on the live connection, and falls back to controller polling when no capable router is connected - disables controller service polling while a confirmed push subscription is active - adds the ServiceSubscriptionHandler interface, content types, and hello headers - adds a ConfigData message and a configData field to ServiceDef in edge_client.proto, regenerated - fills ServiceDetail.Config from the pushed config bodies so the SDK no longer fetches config content from the controller while a push subscription is active
| Commit: | 317dc7c | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | GitHub | |
for openziti/ziti#4071 unify router capabilities into one shared name… (#972) * for openziti/ziti#4071 unify router capabilities into one shared namespace - makes RouterCapability a single bit namespace shared by the control and edge channels - adds MultiChannel at bit 1; moves ConnectV2 to bit 2 - adds the RouterCapabilityMultiChannel alias alongside RouterCapabilityConnectV2 - nests the RouterCapability enum in a message (RouterCapability.Kind) so its value names are scoped and cannot collide with other package enum values such as the BindSuccess content type; generated Go value names are unchanged - adds PostureChecks (5) and BindSuccess (6) capability bits, mirroring the legacy SupportsPostureChecks/SupportsBindSuccess edge headers; leaves bits 3 and 4 for RouterDataModel and ServiceSubscriptions - adds IsRouterCapable to the RouterConn interface and reuses it for SupportsConnectV2 - reads posture-check and bind-success support from the capability bitmask, falling back to the legacy boolean headers for older routers - documents the SupportsPostureChecks/SupportsBindSuccess headers as superseded by the capability bits, kept for backwards compatibility - adds RouterCapabilityPostureChecks/BindSuccess constants
| Commit: | c980617 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#4071 unify router capabilities into one shared namespace - makes RouterCapability a single bit namespace shared by the control and edge channels - adds MultiChannel at bit 1; moves ConnectV2 to bit 2 - adds the RouterCapabilityMultiChannel alias alongside RouterCapabilityConnectV2 - regenerates edge_client.pb.go
| Commit: | 09aae4b | |
|---|---|---|
| Author: | Andrew Martinez | |
for openziti/ziti#3990 move service subscriptions to the router capability bitmask - adds a ServiceSubscriptions bit to the RouterCapability enum and drops the standalone SupportsServiceSubscriptions header - adds RouterConn.IsCapable for hello-header bit checks; refactors SupportsConnectV2 to delegate to it - negotiates push support via the bitmask instead of the bool header, matching ConnectV2
| Commit: | ffc7f3f | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 subscribe to router-pushed service and posture changes - adds SubscribeToServiceUpdatesFromRouter/UnsubscribeFromServiceUpdatesFromRouter and a handler that turns ServiceChangeSet messages into service add/change/remove events - applies ServiceChangeSet envelopes atomically by structural index, resubscribing at -1 on a detected gap - tracks router-pushed posture state (PostureStateChange) as a full-state replacement - reconciles push subscriptions across edge routers: pre-selects capable routers from the edge router list, confirms capability on the live connection, and falls back to controller polling when no capable router is connected - disables controller service polling while a confirmed push subscription is active - adds the ServiceSubscriptionHandler interface, content types, and hello headers - adds a ConfigData message and a configData field to ServiceDef in edge_client.proto, regenerated - fills ServiceDetail.Config from the pushed config bodies so the SDK no longer fetches config content from the controller while a push subscription is active
| Commit: | d1dfbec | |
|---|---|---|
| Author: | Paul Lorenz | |
Move RouterCapabilityConnectV2 into edge_client.proto. Fixes #967 - adds a RouterCapability enum to edge_client.proto so router capability bit positions are part of the protocol definition and accessible to other language SDKs - regenerates edge_client.pb.go - derives the RouterCapabilityConnectV2 Go constant from the generated enum
| Commit: | 043a533 | |
|---|---|---|
| Author: | Andrew Martinez | |
for openziti/ziti#3990 push identity-resolved config bodies on service defs - adds a ConfigData message and a configData field to ServiceDef in edge_client.proto, regenerated - fills ServiceDetail.Config from the pushed config bodies so the SDK no longer fetches config content from the controller while a push subscription is active
| Commit: | 74b9476 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
for openziti/ziti#3990 subscribe to router-pushed service and posture changes - adds SubscribeToServiceUpdatesFromRouter/UnsubscribeFromServiceUpdatesFromRouter and a handler that turns ServiceChangeSet messages into service add/change/remove events - applies ServiceChangeSet envelopes atomically by structural index, resubscribing at -1 on a detected gap - tracks router-pushed posture state (PostureStateChange) as a full-state replacement - reconciles push subscriptions across edge routers: pre-selects capable routers from the edge router list, confirms capability on the live connection, and falls back to controller polling when no capable router is connected - disables controller service polling while a confirmed push subscription is active - adds the ServiceSubscriptionHandler interface, content types, and hello headers
| Commit: | b80fc4f | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Migrate module to github.com/openziti/sdk-golang/v2 for the 2.0 release - changes the module path to github.com/openziti/sdk-golang/v2 and rewrites all import paths accordingly, per Go semantic import versioning - repoints the acceptance and example modules' SDK require/replace and the acceptance co-development build to the /v2 path - regenerates edge_client.pb.go for the updated go_package option - bumps the version file to 2.0 - records the /v2 path change as a breaking change and lists the connect-v2, acceptance-framework (#951), and half-close (#952) issues in the changelog
| Commit: | 144f081 | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Implement Connect-V2. Fixes #936 Implements the Connect-V2 sessionless SDK dial protocol — dials are authorized at the router via RDM instead of requiring a controller-issued service session token. - Adds `CtrlClient.GetServiceEdgeRouters` wrapping the existing `GET /edge/client/v1/services/{id}/edge-routers` endpoint for sessionless edge-router discovery. - Adds a per-service ER cache on `ContextImpl.serviceEdgeRouters`, refreshed on the `sessionRefreshTimer` cadence and warming router connections the same way the session cache does. Invalidates on service removal and on dial failure. - Refactors `dialSession` to skip service-session creation on the V2 path; V1 fallback now creates the service session lazily, only when the V1 wire is actually taken. - Forces `UseXgressToSdkHeader=true` on Connect-V2 dials (the go-SDK V2 path is always `edgeConnXgress`); the router continues to support both flow-control modes for other SDKs. - Adds `DialOptions.ForceConnectV1` escape hatch to route through the V1 path even when the router advertises V2. - Removes `route_circuit` / `pending_dials`. The xgress `CircuitStart` handshake already serializes data flow, so the race window the module was guarding against does not exist. Reads the circuit ID from `state_connected`'s `CircuitIdHeader` instead. - Registers a buffering sink with the mux before each dial request goes out (all three dial paths), then atomically swaps in the built conn via the new `ConnMux.Replace`, replaying anything buffered in order. The hosting side sends its e2e crypto header the moment it accepts, and that data could arrive before the dialing goroutine resumed from `SendForReply` and registered the conn — the mux dropped it, killing the read side with "failed to receive crypto header bytes". - Uses the sessionless ER-list endpoint on controllers 1.0.0 and newer (`0.0.0` dev builds included), gated by `CtrlClient.supportsServiceEdgeRouterList`. Older controllers don't expose the endpoint on the client API; for those the SDK falls back to creating a dial session and using its attached edge routers, with the session cache as the source of truth. While the controller version is unknown, dials take the V1 path and the version load is retried on the next capability check. If the sessionless endpoint errors despite the version saying it should exist, the dial falls back to the V1 session path at runtime and drops the cached ER list. Documents the supported controller set (the 1.6.x and 2.0.0 LTS releases) in CHANGELOG and bumps the version from 1.7 to 2.0. - Creates fallback sessions on the dial path via `createSessionWithBackoff`, so foreground dials get ctx cancellation, retry with backoff, re-auth on 401 and service-recreation handling; the background refresh loop uses a plain cached lookup. - Restructures `createSessionWithBackoff` to run the retry before returning the session, removing a dead pre-retry cache call and a return statement that relied on operand evaluation order. - Adds `EventDial` / `AddDialListener`: one event per dial attempt, successful or not, emitted from the dial path where the V1/V2 decision is made — so the negotiated protocol, target router, forced-V1 flag, timing, circuit id, and failure cause are observable without tracking any state on connections. - Removes `GetRouterId()` from `edge.Conn` and `edge.MsgChannel`; documents the removal as a breaking change in CHANGELOG. - Bounds-checks `splitMultipart` length prefixes; returns descriptive errors instead of panicking on truncated input. - Fixes `handlePayloadWithNoSink` to send the constructed ack instead of the original message. - Removes the `conn.Close()` calls from `setupXgressFlowControl`'s header-validation error paths so the conn no longer NPEs before `xg` / `writeAdapter` are populated. For openziti/ziti#3884.
| Commit: | a7bc4b5 | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Implement Connect-V2. Fixes #936 Implements the Connect-V2 sessionless SDK dial protocol — dials are authorized at the router via RDM instead of requiring a controller-issued service session token. - Adds `CtrlClient.GetServiceEdgeRouters` wrapping the existing `GET /edge/client/v1/services/{id}/edge-routers` endpoint for sessionless edge-router discovery. - Adds a per-service ER cache on `ContextImpl.serviceEdgeRouters`, refreshed on the `sessionRefreshTimer` cadence and warming router connections the same way the session cache does. Invalidates on service removal and on dial failure. - Refactors `dialSession` to skip service-session creation on the V2 path; V1 fallback now creates the service session lazily, only when the V1 wire is actually taken. - Forces `UseXgressToSdkHeader=true` on Connect-V2 dials (the go-SDK V2 path is always `edgeConnXgress`); the router continues to support both flow-control modes for other SDKs. - Adds `DialOptions.ForceConnectV1` escape hatch to route through the V1 path even when the router advertises V2. - Removes `route_circuit` / `pending_dials`. The xgress `CircuitStart` handshake already serializes data flow, so the race window the module was guarding against does not exist. Reads the circuit ID from `state_connected`'s `CircuitIdHeader` instead. - Uses the sessionless ER-list endpoint on controllers 1.0.0 and newer (`0.0.0` dev builds included), gated by `CtrlClient.supportsServiceEdgeRouterList`. Older controllers don't expose the endpoint on the client API; for those the SDK falls back to creating a dial session and using its attached edge routers, with the session cache as the source of truth. While the controller version is unknown, dials take the V1 path and the version load is retried on the next capability check. If the sessionless endpoint errors despite the version saying it should exist, the dial falls back to the V1 session path at runtime and drops the cached ER list. Documents the supported controller set (the 1.6.x and 2.0.0 LTS releases) in CHANGELOG and bumps the version from 1.7 to 2.0. - Creates fallback sessions on the dial path via `createSessionWithBackoff`, so foreground dials get ctx cancellation, retry with backoff, re-auth on 401 and service-recreation handling; the background refresh loop uses a plain cached lookup. - Restructures `createSessionWithBackoff` to run the retry before returning the session, removing a dead pre-retry cache call and a return statement that relied on operand evaluation order. - Removes `GetRouterId()` from `edge.Conn` and `edge.MsgChannel`; documents the removal as a breaking change in CHANGELOG. - Bounds-checks `splitMultipart` length prefixes; returns descriptive errors instead of panicking on truncated input. - Fixes `handlePayloadWithNoSink` to send the constructed ack instead of the original message. - Removes the `conn.Close()` calls from `setupXgressFlowControl`'s header-validation error paths so the conn no longer NPEs before `xg` / `writeAdapter` are populated. For openziti/ziti#3884.
| Commit: | 831161f | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Make the dialing identity's id and name available on dialed connections. Fixes #860
| Commit: | ffe7abf | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Use new error code and retry hints to correctly react to terminator errors. Fixes #857 Clean up hosting connection type.
| Commit: | ae220f2 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | GitHub | |
for openziti/ziti#3437 adds edge client structured errors (#844) * for openziti/ziti#3437 adds edge client structured errors - adds a header specifically for structured errors - used in ziti/router code
| Commit: | 38d051b | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | GitHub | |
adds router posture responses (ha support) (#816) * adds router posture responses (ha support) - adds ability to submit posture to controller or router based on router capabilities - adds new ToTP MFA JWT token type for MFA posture checks post-login - simply and remove caches - streamline posture processing - adds doc to new funcs, types, etc.
The documentation is generated from this commit.
| Commit: | 4a8d531 | |
|---|---|---|
| Author: | Andrew Martinez | |
addresses PR comments - pointer on receivers for totp stand in type - bulk response type usage instead of single for posture responses - link clean up
| Commit: | 6ee1d35 | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
adds router posture responses (ha support) - adds ability to submit posture to controller or router based on router capabilities - adds new ToTP MFA JWT token type for MFA posture checks post-login
| Commit: | d59c480 | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Support xgress flow control from SDK. Move xgress impl to SDK. Fixes #702
| Commit: | dad9de2 | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Support xgress flow control from SDK. Move xgress impl to SDK. Fixes #702
| Commit: | a5a5311 | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Fixes for close logic
| Commit: | 1aabb8b | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Implement inspections to support validation and debugging
| Commit: | 99c74be | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Support xgress flow control from SDK. Move xgress impl to SDK. Fixes #702
| Commit: | ef762c1 | |
|---|---|---|
| Author: | Paul Lorenz | |
Implement inspections to support validation and debugging
| Commit: | bab607c | |
|---|---|---|
| Author: | Paul Lorenz | |
| Committer: | Paul Lorenz | |
Support xgress flow control from SDK. Move xgress impl to SDK. Fixes #702
| Commit: | 87b42b9 | |
|---|---|---|
| Author: | ekoby | |
add protobuf definitions for headers/errors/flags/etc
| Commit: | accb212 | |
|---|---|---|
| Author: | ekoby | |
add java_package option
| Commit: | 7b22cda | |
|---|---|---|
| Author: | Andrew Martinez | |
| Committer: | Andrew Martinez | |
adds HA auth to the golang SDK - adds message types for HA - adds oidc auth, token refresh support - adds oidc auth flows - adds config support for multiple controllers