2021-12-07 release

What's Changed

• Bump all environments 0.6.17 -> 0.6.18. by @branlwyd in #1060
• Avoid a common race, fix gosec G601 errors by @jmhodges in #1061
• run gofmt -s on the codebase by @jmhodges in #1062
• correct a typo in Enqueuer comment by @jmhodges in #1063
• use not-deprecated zap APIs by @jmhodges in #1064
• GH actions: work around grcov build break by @tgeoghegan in #1078
• facilitator: add rust-toolchain.toml by @tgeoghegan in #1079
• key rotator: implement basic Key data type & rotation logic. by @branlwyd in #1067
• key-rotator: add key.Raw type, serialize/deserialize key.Key including a key.Raw. by @branlwyd in #1081
• correct error usage in manifest-tests by @jmhodges in #1086
• terraform: deploy prod-intl/mx-{coa,jal,yuc,pue} by @tgeoghegan in #1087
• prod-intl: force node group to 6 nodes by @tgeoghegan in #1092
• add Go linters using golangci-lint by @jmhodges in #1066
• Move manifest data definitions from manifest-updater to key-rotator, add UpdateKeys functionality. by @branlwyd in #1082
• Make key.Key immutable, rename key.Raw to key.Material. by @branlwyd in #1096
• Key rotator: introduce storage.Manifest, stolen & adapted from manifest-updater's storage. by @branlwyd in #1084
• Implement storage.Key, based on Kubernetes secret store. by @branlwyd in #1098
• Delete manifest updater. by @branlwyd in #1090
• build(deps): bump elliptic-curve from 0.10.5 to 0.10.6 in /facilitator by @dependabot in #1004
• build(deps): bump serde from 1.0.126 to 1.0.130 in /facilitator by @dependabot in #1018
• build(deps): bump bytes from 1.0.1 to 1.1.0 in /facilitator by @dependabot in #1019
• build(deps): bump google.golang.org/api from 0.51.0 to 0.60.0 in /deploy-tool by @dependabot in #1076
• build(deps): bump rust from 1.55.0-alpine to 1.56.1-alpine in /facilitator by @dependabot in #1100
• build(deps): bump golang from 1.17.2 to 1.17.3 in /workflow-manager by @dependabot in #1099
• build(deps): update hashicorp/aws requirement from ~> 3.62.0 to ~> 3.64.2 in /terraform by @dependabot in #1102
• build(deps): bump thiserror from 1.0.26 to 1.0.30 in /facilitator by @dependabot in #1117
• build(deps): bump anyhow from 1.0.44 to 1.0.45 in /facilitator by @dependabot in #1118
• build(deps): bump pem from 0.8.3 to 1.0.1 in /facilitator by @dependabot in #1070
• build(deps): bump hyper from 0.14.11 to 0.14.14 in /facilitator by @dependabot in #1120
• build(deps): bump serde_json from 1.0.68 to 1.0.69 in /facilitator by @dependabot in #1121
• build(deps): bump sha2 from 0.9.5 to 0.9.8 in /facilitator by @dependabot in #1122
• build(deps): bump serde_test from 1.0.126 to 1.0.130 in /facilitator by @dependabot in #1123
• build(deps): bump tokio from 1.9.0 to 1.13.0 in /facilitator by @dependabot in #1124
• build(deps): bump ureq from 2.1.1 to 2.3.0 in /facilitator by @dependabot in #1125
• build(deps): bump prometheus from 0.12.0 to 0.13.0 in /facilitator by @dependabot in #1126
• Key rotator binary by @branlwyd in #1114
• Remove deploy-operator. by @branlwyd in #1115
• build(deps): update hashicorp/aws requirement from ~> 3.64.2 to ~> 3.65.0 in /terraform by @dependabot in #1130
• build(deps): bump serde_json from 1.0.69 to 1.0.70 in /facilitator by @dependabot in #1131
• build(deps): bump ureq from 2.3.0 to 2.3.1 in /facilitator by @dependabot in #1132
• build(deps): update hashicorp/helm requirement from ~> 2.3.0 to ~> 2.4.1 in /terraform by @dependabot in #1129
• Add validations to key.Key type. by @branlwyd in #1128
• prod-intl: bump Kubernetes cluster from 6 -> 9 nodes. by @branlwyd in #1137
• Key rotator: fix bug with packet encryption key deserialization. by @branlwyd in #1148
• Workflow manager: bounds-check date components. by @branlwyd in #1149
• Terraform: add key-rotator cron job by @branlwyd in #1138
• build(deps): bump serde_json from 1.0.70 to 1.0.72 in /facilitator by @dependabot in #1157
• build(deps): update hashicorp/aws requirement from ~> 3.65.0 to ~> 3.67.0 in /terraform by @dependabot in #1156
• build(deps): bump alpine from 3.14 to 3.15.0 in /facilitator by @dependabot in #1155
• build(deps): bump google.golang.org/grpc from 1.40.0 to 1.42.0 in /deploy-tool by @dependabot in #1146
• build(deps): bump k8s.io/apimachinery from 0.22.3 to 0.22.4 in /deploy-tool by @dependabot in #1144
• build(deps): bump hyper from 0.14.14 to 0.14.15 in /facilitator by @dependabot in #1142
• build(deps): bump tokio from 1.13.0 to 1.14.0 in /facilitator by @dependabot in #1141
• build(deps): update hashicorp/kubernetes requirement from ~> 2.5.0 to ~> 2.6.1 in /terraform by @dependabot in #1048
• Docker CI fixes by @tgeoghegan in #1158
• build(deps): bump k8s.io/api from 0.22.3 to 0.22.4 in /deploy-tool by @dependabot in #1145
• Fix Clippy complaint about mismatched format args. by @branlwyd in #1160
• GH actions: push key-rotator from build step by @tgeoghegan in #1164
• Remove task-replayer. by @branlwyd in #1166
• build(deps): bump anyhow from 1.0.45 to 1.0.51 in /facilitator by @dependabot in #1159
• build(deps): bump github.com/rs/zerolog from 1.23.0 to 1.26.0 in /workflow-manager by @dependabot in #1093
• build(deps): bump k8s.io/client-go from 0.22.3 to 0.22.4 in /deploy-tool by @dependabot in #1163
• build(deps): bump github.com/aws/aws-sdk-go from 1.40.2 to 1.42.15 in /workflow-manager by @dependabot in #1167
• build(deps): bump google.golang.org/api from 0.51.0 to 0.60.0 in /workflow-manager by @dependabot in #1071
• build(deps): bump cloud.google.com/go/pubsub from 1.12.2 to 1.17.1 in /workflow-manager by @dependabot in #1074
• build(deps): bump cloud.google.com/go/storage from 1.16.0 to 1.18.2 in /workflow-manager by @dependabot in #1095
• Key rotator: add sanity checks to parsed keys. by @branlwyd in #1150
• Add (bogus) expiry date to manifests' batch signing public key. by @branlwyd in #1151
• Key rotator: add Key.Diff, use it to describe why we are writing keys. by @branlwyd in #1152
• Facilitator: allow workers to self-terminate after working too long. by @branlwyd in #1168
• Key rotator: describe diffs that cause manifest writes. by @branlwyd in #1153
• Key rotator: add basic metrics. by @branlwyd in #1154
• prod-intl: replace mn-mn with mn by @tgeoghegan in #1172
• Use correct key ID for batch signing private key. by @branlwyd in #1173
• Key storage: add implementations writing to AWS & GCP. by @branlwyd in #1174
• Key rotator: add flags to force writing keys back to storage. by @branlwyd in #1185
• Enable key rotator in staging-facil environment. by @branlwyd in #1187
• Update handling of serialized private key values. by @branlwyd in #1186
• build(deps): update requirement from ~> 2.6.1 to ~> 2.7.0 in /terraform by @dependabot in #1180
• build(deps): bump clap from 2.33.3 to 2.34.0 in /facilitator by @dependabot in #1182
• build(deps): update requirement from ~> 3.67.0 to ~> 3.68.0 in /terraform by @dependabot in #1176
• build(deps): bump golang from 1.17.3 to 1.17.4 in /workflow-manager by @dependabot in #1175
• build(deps): bump rust from 1.56.1-alpine to 1.57.0-alpine in /facilitator by @dependabot in #1177
• build(deps): bump github.com/aws/aws-sdk-go from 1.42.15 to 1.42.19 in /workflow-manager by @dependabot in #1183
• build(deps): bump google.golang.org/api from 0.60.0 to 0.61.0 in /workflow-manager by @dependabot in #1184
• facilitator: new metrics by @tgeoghegan in #1054
• facilitator: cache credentials by @tgeoghegan in #870
• Key rotator: disable rotation of Batch Signing Keys. by @branlwyd in #1188
• workflow-manager: log cloud storage reads at DEBUG by @tgeoghegan in #1189

New Contributors

• @jmhodges made their first contribution in #1061

Full Changelog: 0.6.18...0.6.19