0.29.4

Enhancements

• Support building on Ubuntu Noble
• Parse the metric watcher command name for template strings

New Contributors

• @timdeluxe made their first contribution in #2185

Full Changelog: v0.29.3...v0.29.4

0.29.3

Enhancements

• Support being called as abt
• Pass federation name to external discovery agent
• Adds a new expression watcher that can react to values stored in autonomous agent data
• Allow an individual metric watcher to disable Prometheus integration
• Support storing metric values in autonomous agent data
• Support publishing metrics to Graphite from the metric watcher
• Allow the scout watch command to ignore some autonomous agents
• Create a built-in agent and autonomous agent plugin service to support non CM deployments
• Send alive events every 30 minutes instead of every 1 hour
• Redesign the gossip service discovery for upcoming NATS 2.11 due June 2024
• Adds skip_trigger_on_reenter to the scheduler watcher to avoid some duplicate triggers
• Support for Debian Bookworm
• Adds choria tool sha256 to compute recursive checksums compatible with archive and plugins
• Miscellaneous fixes and UX improvements for the archive watcher
• Support a disown setting in exec that ensures executed commands run after Choria stops
• All concurrent provisioners by maintaining a provisioner-lock on the agent

Bug Fixes

• Use correct private inboxes for scout watch to support protocol v2 deployments
• Ensure the duplicate window aligns with the kv TTL when creating buckets

Full Changelog: v0.28.0...v0.29.3

0.28.0

Enhancements

• Allow clients to view the ACLs applied to their connections in various utilities
• Allow setting SRV domain using the CHORIA_SRV_DOMAIN environment variable
• Adds additional utilities to maintain autonomous agent plugin manifests under choria machine plugins
• Upgrade to NATS Server 2.10.x and updates the embedded nats command line
• Various improvements to audit logging and expose its settings in choria tool config
• Allow audit log ownership to be set using plugin.rpcaudit.logfile.group and plugin.rpcaudit.logfile.mode
• Allow those who embed Choria Server to get notified when it's ready using RegisterReadyCallback()
• Support verifying packed plugin specifications in machine pugins and mms
• Ensure stream users can access KV and Object stores
• Expose the client governor permission on the jwt cli
• Support using in-process connections for adapter communications
• Only validate ed25519 signed provisioner tokens using the Issuer flow, fall back for rsa signed tokens
• Adds a new plugins watcher that can manage auto agents and external rpc agents
• Support booleans, enums and more in the rpc builder command flags parsing
• Use a native sha256 checker rather than rely on OS provided binary in the archive watcher
• Support runtime reloading and relocation of external agents without restarting the server

Bug Fixes

• Improve shutdown reliability by giving Stream brokers more shutdown grace
• Disable appbuilder on Windows
• Retry calls to streams that can fail in early election setup
• Timeout initial connection attempts while preparing embedded nats CLI connection
• Grant access to governor lifecycle events for clients with the governor permission
• Trim spaces in received kv data in order to determine if it's JSON data or not

Full Changelog: v0.27.0...v0.28.0

0.27.0

Enhhancements

• Introduce Choria JWT based security and Protocol version 2
• Choria Message Submit can sign published messages when using Choria Security
• Enhance the request signing protocol to include signatures made using the private key
• Introduce the concept of a Organization Issuer and chain of trust JWT tokens for Server and Client issuers
• Support Hashicorp Vault as storage for the Organization Issuer and the choria jwt command
• Do not terminate servers on authentication error
• New Client JWT permissions to indicate a client can access the provisioning account in the broker
• Allow provisioning over non TLS when holding an Org Issuer signed provisioning JWT
• Support Choria Provisioner using version 1 Protocol
• Support full Choria version upgrades during provisioning
• Add a new RPC Authorization plugin that requires and authorize policies found in client JWTs
• Create a new dedicated backplane docs site https://choria-io.github.io/go-choria
• Allow the machines watcher spec signer public key to be set in config
• Support direct mode for Choria Key-Value Stores to increase scale and throughput
• Support multi-arch binaries for external agents
• Support streaming JSON output on choria req to assist non-golang clients to be built quicker
• Create a tool to monitor JWT token health and contents
• Add the --governor permission to choria jwt server
• Include the number of Lifecycle events published in instance stats, data and rpcutil output
• Record exec watcher events in lifecycle recorder
• Emit new upgraded events when release upgrading a running server via provisioning
• Support leader election for tally and label metrics by leader state
• Support adding headers to Choria Message Submit messages
• Record the builtin type as plugin in nagios watcher events

Deprecations

• Remove numerous deprecated configuration settings

Bug Fixes

• Improve handling defaults in output DDLs for generated clients
• Improve fact filter parsing to handle functions both left and right of the equation
• Ensure provisioning tokens have a default non-zero expiry
• Improve DDL schema validation
• Improve plugin generate ddl UX
• Improve handling of governors on slow nodes and during critical failures
• Fix validation of Autonomous Agents that use timer watchers
• Allow choria machine run to be used without a valid Choria install
• Correctly detect paths to ed25519 public keys that are 64 characters long as paths
• Ensure multiple AAA Login URLs are parsed correctly

Other Changes

• Extract the tokens package into github.com/choria-io/tokens
• Add context.Context to the provisioner target resolve Configure() method
• Export SetBuildBasedOnJWT in default proftarget plugin

New Contributors

• @ploubser made their first contribution in #1954

Full Changelog: v0.26.2...v0.27.0

0.26.2

Enhancements

• Remove the concept of a cache from the security subsystem and other refactors
• Support go 1.18 as minimum version, support go 1.19
• Improve processing of lifecycle events by implementing Stringer for event types
• Work around breaking changes in NATS Server
• Own implementation of the Streams based Governor
• Speed up leader elections
• Restore the ability for provisioners to version update Choria in-place
• Allow direct get to be configured for KV
• Render all tables using UTF-8, remove old table dependency
• Allow RPC clients to supply a goss manifest to execute on the network, from file or KV bucket
• Add the new choria scout validate command that acts as a goss frontend
• Add the delegation property to client JWTs
• Adds an experimental choria tool protocol command that can live view Choria traffic
• Upgrade to a faster and more modern JSON schema validator
• Additional JWT permissions that should be set to allow fleet management access
• Support ed25519 keys for signing JWT tokens
• Allow additional publish and subscribe subjects to be added to client tokens

Bug Fixes

• Improve flag handling for the rpc builder command
• Do not read config or setup security framework for election file check
• Set up the embedded NATS CLI using the correct inbox prefix
• Improve performance of the optional machines watchers
• Fix building packages for armel
• Avoid some blocking writes in autonomous agent startup, internal efficiency only
• Correctly detect empty filters that might have resulted in unexpected replies
• Fix inventory groups in inventory files, they now work with all agents
• Improve the error handling in choria tool status when the status file does not exist

Full Changelog: v0.26.1...v0.26.2

v0.26.1

Compatibility Notes

This will be the last release that supports being built on go 1.17 next release will require go 1.18 as minimum.

Enhancements

• Upgrade appbuilder to 0.3.0 with new template, report and write_file transforms
• Allow in-process connections to nats from the brokers, used to optimise Streams bootup
• Governors can control executions per period
• Adds choria election with various admin tools and tools to run commands and cron jobs under leader election
• Switch to a new more compact help template
• Support signing JWT tokens using ed25519 signatures
• Refactor protocol and security layers to start work on version 2 of the network protocol

Bug Fixes

• Improved handling of ed25519 seed and jwt missmatches during provisioning and startup
• Improved detection of STDIN being JSON data, avoiding unexpected switches to flat file discovery method under cron
• Improve reliability of managed autonomous agent cleanup
• Force gzip compression on Jammy debs to improve compatability with other distros and mirroring tools

Full Changelog: v0.26.0...v0.26.1

0.26.0

Removals

• The Anonymous TLS mode introduced here has been removed in favor for recent JWT enhancements
• Remove the Provisioner agent release_update action that was never used
• Remove obsolete operating system distributions - EL6, Xenial and Stretch

Enhancements

• Debian packages are distro tagged, Ubuntu 22.04 LTS supported but not published due to compatability issues
• El9 is supported, EL6 removed
• KV Watcher will now template parse Keys
• Exec Watcher can now do an initial splayed run before starting schedules
• Provisioner JWT can have extended details added to it for site specific information
• UX improvements to --help
• Cheat Sheet style help via choria cheat
• Client JWT has a new permission that allow access to the system account, system account does not require verified TLS
• Adds the choria kv create and choria kv update commands
• Use fisk for the CLI parsing
• Support Subject Mappings within Choria Broker
• Embed the appbuilder system
• Reply filters have a new semver function
• Expand the inventory registration payload to include version, hash and auto agent information
• Allow slow TTLs for leader elections
• Improve reliability of clean shutdowns
• Reject agents without a name or too small timeout
• Support skipping system stream management
• UX improvements for choria kv
• When using the embedded nats cli allow a custom Choria configuration to be set
• Adds full end to end integration testing
• Improve logging during initial connection establishment
• Switch to go 1.18
• Redact some passwords when logging

Bug Fixes

• Prevent client permissions from being set on servers, only possible by using the broker as a library
• Improve validity checks in JWT token caller id
• Typo fixes in generated clients
• Work around breaking change in nats.go related to KV access
• Use correct credentials when running choria broker server check jetstream
• Use correct credentials when running choria broker server check kv
• Improve hostname validation checks in flatfile discovery

0.25.1

Bug Fixes

• Fix startup on windows systems

0.25.0

Removals

• Remove NATS Streaming Server support

Enhancements

• Add a CLI API for managing KV buckets
• Allow choria scout watch to show only state changes
• Support asserting provisioning state in the health check plugin
• Adds a new archive watcher to manage tgz files, not enabled by default
• Adds a new machines watcher to manage Choria Autonomous Agents, not enabled by default
• Refactor DDL resolution, support querying Choria Registry for unknown DDLs
• Change docker base to AlmaLinux
• Show additional mco choria show_config style information in choria tool config
• Support stdout and stderr as logging destinations in addition to discard and a file name
• Add SPDX License Identifier and Copyright to source files
• Support tallying wildcard components rather than just a single component
• Allow custom loggers to be passed to Choria and avoid changing settings of the default logrus logger
• Support tallying governor events
• Support for latest Cert Manager APIs
• Add --senders to choria req that shows only those replying identities
• Allow successful KV operations that do not change data to transition autonomous agents
• Move to NATS official KV implementation, formalize Leader Election in Choria Broker
• Allow non TLS connections from both servers and clients in combination of AAA and Provisioner using JWTs
• Extract all jwt handling code in all packages into a new tokens package
• Allow JWT clients to have permissions that can restrict access to Choria Streams related features
• Extend provisioning agent to on board ed25519 seeds and process signed JWTs from the provisioner
• Support enabling connection nonce feature allowing per connection private key validation
• Import the nats CLI tool into Choria under choria broker
• Specifically use choria broker run to start the broker
• Unify the kv del and kv rm commands
• Expand the jwt command to create other types of JWT and move to choria jwt
• Allow custom builders to set the server service to auto start after install
• Add 64 bit ARM packages
• Support checking server JWT token validity

Bug Fixes

• Compatibility fix for 32 bit builds
• Improve starting Choria Streams between reboots
• Improve tool provision so debugging custom provisioning targets is more reliable
• Correctly handle missing server configuration files when a custom provisioner is set
• Ensure filters work with async requests in the choria req command
• Improve choria tool governor run when the broker is down
• Relax identity validation in flatfile discovery to avoid rejecting some valid hostnames as identities
• Ignore Autonomous Agents with -temp name suffix and the tmp directory
• Compatibility fix for latest NATS Server code regarding dynamic limits

0.24.1

Bug Fixes

• Incorporate a bug fix from the nats.go package