Proto commits in wireapp/wire-server

These 39 commits are when the Protocol Buffers files have changed:

2021-09-09

Document federation errors (#1674) * Document federation errors Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com> * Remove `InvalidCertificate` federation error It is currently not so easy to distinguish this particular error from a generic TLS error (see #1662 for more context). Since `InvalidCertificate` is never thrown, this PR simply removes it. Note that this is a breaking change in the federation protobuf. * Remove labels from protobuf errors * Improve federation error descriptions Also suggest client behaviour in some cases. Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com>

The documentation is generated from this commit.

2021-08-18

Server-to-server authentication (#1687) This is the final bit of logic implementing server-to-server authentication, namely validation of the domain name provided as part of the request against the certificate checked at the point of SSL termination. Interesting deatils/other changes: * Pass X-SSL-Subject header to GRPC handler * Implement domain verification from certificate * Make local integration tests work with coredns * Add originDomain configuration option for tests This is used to set the originDomain field in federated requests within federator integration tests. It cannot be set to a fixed canned value like "example.com", because federators make SRV requests to perform server-to-server authentication, so the domain must be something whose DNS server contains an appropriate SRV record, and so it needs to be set differently according to whether the test is running in the local "demo" environment (where we have a tiny DNS server for "example.com"), or in the CI integration setup, where we can rely on kubernetes DNS server for the federation ingress host. * Rename IInvalidDomain to IAuthenticationFailed * Federator/Makefile: Provide pattern to integration tests correctly Co-authored-by: Akshay Mankar <akshay@wire.com> Co-authored-by: jschaul <jschaul@users.noreply.github.com>

2021-07-29

types-common-journal: Remove expoded-modules ... by factoring out the proto files into own lib types-common-journal-proto which we can exclude from the merge

2021-07-07

Federation: Types for InwardErrors and federator refactoring (#1637) * Introduce a few error types in `InwardResponse` * Improve readability of ExternalServer in Federator by use of Polysemy.Error also in callLocal * This also solves an existing TODO whereby federator integration tests didn't work due to InwardResponses, whether an error or an expected return value, were parsed always as InwardResponseBody. This may have been an issue with mu-haskell when parsing (only needed in tests), since the behaviour when using `grpccurl` was correct. This is now sidestepped by using more than a simple string on errors. This PR is in preparation to sanitize request paths against path traversal attacks (separate PR https://github.com/wireapp/wire-server/pull/1646)

2021-05-31

Add Galley component to federator API (#1555)

2021-04-26

Add originDomain to federation API (#1447) To eventually support server-to-server authentication, the first step implemented in this PR is to add an originating domain to federated requests. At the moment this domain could be arbitrarily set (i.e. server2server authentication is not yet implemented here). But in this PR, some validation logic compares this domain to the allowList for incoming requests at federator level, if configured. That domain can then in the future be used for: * authenticating the domain with DNS/SRV or other means to validate that the request indeed comes from the claimed sender * independent of authentication/authorization concerns, the domain may be useful for RPC calls that need to write data (e.g. to create a conversation). In this PR, a field `originDomain` is added to the Request object in the protobuf definition, which is then turned into a `Wire-Origin-Domain` header when sending the call to a local component via plain http, in case that other component wants to make use of that header.

2021-04-22

Use servant-client to make federated calls (#1445) Co-authored-by: Paolo Capriotti <paolo@capriotti.io> Co-authored-by: Stefan Matting <stefan@wire.com>

2021-03-22

Handle errors which could happen while talking to remote federator (#1408) Co-authored-by: jschaul <jschaul@users.noreply.github.com>

2021-02-22

Use mu-haskell to implement one initial federation request across backends (#1319) See https://github.com/wireapp/wire-server/blob/db4c2351476c713f0367cee635faaaea10f9adf5/docs/reference/federation/pull-requests/1319_initial_federation_request_across_backends.md Co-authored-by: Akshay Mankar <akshay@wire.com>

2021-02-11

rename FUTUREWORK to FUTUREWORK(federation) for easier grepping

Add comments

2021-02-08

delete some files WIP

2021-01-28

Remove workarounds for handling enums in protobuf Fix in mu-haskell: https://github.com/higherkindness/mu-haskell/pull/285

2021-01-27

Implement a federation endpoint in brig Also refine federation protocol so success isn't determined by HTTP status, the status and body are forwarded to the called as is.

2021-01-25

Move router types to wire-api-federation

grpc client call from brig to federator

move (dummy) proto files to wire-api-federation and compile

better error accumulation on validateLocalCall

Workaround bug in mu-protobuf https://github.com/higherkindness/mu-haskell/issues/282

Add comments

Federator: Refine LocalCall and interpret Brig effect as AppIO

[WIP] Federator: Implement basic structure of routing

delete files again moved to a mu-haskell PR

minimal-ish example for errors

add a (still failing) integration test

add another method. WIP

...

force recompilation on changes to proto file; reorganize service; add FUTUREWORKs

WIP

attempt to include quickstart into federator: doesn't yet compile

mu-haskell dependencies as per tutorial

2018-06-20

Richer user events (#381)

2018-05-30

Merged with develop

2018-05-15

Journal user events (#322)

2018-01-03

Added galley support and fixed JSON instances

2017-10-17

Journal suspended accounts and rename CREATE event

2017-08-04

Journal team events to SQS Introduces journaling via AWS SQS for team events (create, update, delete). * Team deletions become soft deletes (to allow for eventual consistency on the journal consumer side: a cassandra table scan allows for re-creating create/delete events) * types-common-journal depends on `protoc` at compile time for protobuf code generation. * Journaling in galley is optional at run time (via optional `---team-events-queue-name` and `--aws-region` params) and at integration test time (via an optional `GALLEY_SQS_TEAM_EVENTS` environment variable) to allow galley to function without SQS. * integration tests consume SQS events, making them slower (from ~90s to ~110s) (to be improved)

2017-04-06

Remove obsolete types-common-journal

This commit does not contain any .proto files.

2017-04-04

Add `types-common` library.