Release/1.49.0 (#2938)

* Doc for trusted proxies

* add a note that audit log entries may have had values masked. (#2859)

* add a note that audit log entries may have had values masked.

* Update astro/src/content/docs/apis/audit-logs.mdx

Co-authored-by: Dan Moore <[email protected]>

* Incorporated PR suggestions

---------

Co-authored-by: Andy Pai <[email protected]>
Co-authored-by: Dan Moore <[email protected]>
Co-authored-by: Andy Pai <[email protected]>

* docs for new linkedin idp update (#2714)

* docs for new linkedin idp update

* Shrink images

* describe email_verified behavior for the idps that use it

* Shrink images

* uncompress?

* pr feedback

---------

Co-authored-by: lyleschemmerling <[email protected]>

* docs for nashorn removal (#2711)

* docs for nashorn removal

* Update astro/src/content/docs/extend/code/lambdas/index.mdx

Co-authored-by: Andy Pai <[email protected]>

* pr feedback

---------

Co-authored-by: Andy Pai <[email protected]>

* Added graceful failure when github cli isn't installed.

* doc for new network settings page

* 1. Be consistent with type=Array vs type=List. Using Array as this is a JSON data type.
2. Add since to new fields.
3. Document defaults correct.
4. Correct allowedMethods while in this same API doc. It was missing PATCH and had the allowed values on the response instead of the request.
5. Improve description of new fields with an example since we support various formats for IP addresses.

* Roll back updates to the Audit Log API. This API was not modified in 1.49.0.

* Cleanup Lambda deprecation warnings.

* Try and normalize Available since a bit, there are a lot of different usages.

* Lambda engine deprecation cleanup

* Cleanup

* Shrink images

---------

Co-authored-by: Andy Pai <[email protected]>
Co-authored-by: Lyle Schemmerling <[email protected]>
Co-authored-by: Andy Pai <[email protected]>
Co-authored-by: Dan Moore <[email protected]>
Co-authored-by: lyleschemmerling <[email protected]>
Co-authored-by: robotdan <[email protected]>

astro/src/components/api/AvailableSince.astro

@@ -9,4 +9,4 @@ if (!since) {
   throw new Error("No since field");
 }
 ---
-<span class="px-3 text-green-500 text-sm italic capitalize">available since {since}</span>
+<span class="px-3 text-green-500 text-sm italic">Available since {since}</span>

astro/src/components/api/DeprecatedSince.astro

@@ -5,4 +5,4 @@ interface Props {
 
 const { since }: Props = Astro.props;
 ---
-{ since && <span class="px-3 text-red-500 italic capitalize">Deprecated since {since}</span> }
+{ since && <span class="pl-3 text-red-700 italic">Deprecated since {since}</span> }

astro/src/components/api/RemovedSince.astro

@@ -5,4 +5,4 @@ interface Props {
 
 const { since }: Props = Astro.props;
 ---
-{ since && <span class="px-3 text-red-700 capitalize">Removed in {since}</span> }
+{ since && <span class="pl-3 text-red-700 italic">Removed in {since}</span> }

astro/src/content/docs/_shared/_theme_template_variables.astro

@@ -14,7 +14,7 @@ const makeId = (name) => { return name.toLowerCase().replaceAll(' ', '-') };
 {templates.filter((t) => t.onlyAPI === undefined).map((t) =>
 <APIBlock>
   <h3 id={makeId(t.displayName)}>{t.displayName}</h3>
-  {t.version && <Aside type="version">Available Since Version {t.version}.</Aside>}
+  {t.version && <Aside type="version">Available since {t.version}.</Aside>}
   {t.path && <API method="" uri={t.path}/>}
   <h4>Variables</h4>
   {!t.variables && <p>No template specific variables.</p>}

astro/src/content/docs/apis/_lambda-engine-options.mdx

@@ -0,0 +1,6 @@
+import DeprecatedSince from 'src/components/api/DeprecatedSince.astro';
+import RemovedSince from 'src/components/api/RemovedSince.astro';
+
+The JavaScript execution engine for the lambda. The possible values are:
+  * `GraalJS`
+  * `Nashorn` <DeprecatedSince since="1.35.0"/>, <RemovedSince since="1.49.0"/>

astro/src/content/docs/apis/_lambda-put-request-body.mdx

@@ -1,6 +1,7 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
 import JSON from 'src/components/JSON.astro';
+import LambdaOptions from './_lambda-engine-options.mdx';
 
 ### Request Body
 
@@ -12,15 +13,10 @@ import JSON from 'src/components/JSON.astro';
     Whether or not debug event logging is enabled for this Lambda.
   </APIField>
   <APIField name="lambda.enabled" type="Boolean" optional defaults="true" deprecated>
-    Whether or not this Lambda is enabled.
-
-    Not currently used and may be removed in a future version.
+    This value is not used, and may be removed in a future version.
   </APIField>
   <APIField name="lambda.engineType" type="String" required defaults="GraalJS" since="1.35.0">
-    The JavaScript execution engine for the lambda. The possible values are:
-
-    * `GraalJS`
-    * `Nashorn` 
+    <LambdaOptions />
   </APIField>
   <APIField name="lambda.name" type="String" required>
     The name of the lambda.

astro/src/content/docs/apis/_lambda-request-body.mdx

@@ -1,5 +1,6 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
+import LambdaOptions from './_lambda-engine-options.mdx';
 
 #### Request Body
 
@@ -11,15 +12,10 @@ import APIField from 'src/components/api/APIField.astro';
     Whether or not debug event logging is enabled for this Lambda.
   </APIField>
   <APIField name="lambda.enabled" type="Boolean" optional defaults="true" deprecated>
-    Whether or not this Lambda is enabled.
-
-    Not currently used and may be removed in a future version.
+    This value is not used, and may be removed in a future version.
   </APIField>
   <APIField name="lambda.engineType" type="String" required defaults="GraalJS" since="1.35.0">
-    The JavaScript execution engine for the lambda. The possible values are:
-
-    * `GraalJS`
-    * `Nashorn` 
+    <LambdaOptions/>
   </APIField>
   <APIField name="lambda.name" type="String" required>
     The name of the lambda.

astro/src/content/docs/apis/_lambda-response-body.mdx

@@ -1,5 +1,6 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
+import LambdaOptions from './_lambda-engine-options.mdx';
 
 #### Response Body
 
@@ -11,15 +12,10 @@ import APIField from 'src/components/api/APIField.astro';
     Whether or not debug event logging is enabled for this Lambda.
   </APIField>
   <APIField name="lambda.enabled" type="Boolean" deprecated>
-    Whether or not this Lambda is enabled.
-
-    Not currently used and may be removed in a future version.
+    This value is not used, and may be removed in a future version.
   </APIField>
   <APIField name="lambda.engineType" type="String">
-    The JavaScript execution engine for the lambda. The possible values are:
-
-    * `GraalJS`
-    * `Nashorn` 
+    <LambdaOptions />
   </APIField>
   <APIField name="lambda.id" type="UUID">
     The Id of the Lambda.

astro/src/content/docs/apis/_lambda-responses-body.mdx

@@ -1,5 +1,6 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
+import LambdaOptions from './_lambda-engine-options.mdx';
 
 #### Response Body
 
@@ -14,15 +15,10 @@ import APIField from 'src/components/api/APIField.astro';
     Whether or not debug event logging is enabled for this Lambda.
   </APIField>
   <APIField name="lambdas[x].enabled" type="Boolean" deprecated>
-    Whether or not this Lambda is enabled.
-
-    Not currently used and may be removed in a future version.
+    This value is not used, and may be removed in a future version.
   </APIField>
   <APIField name="lambdas[x].engineType" type="String">
-    The JavaScript execution engine for the lambda. The possible values are:
-
-    * `GraalJS`
-    * `Nashorn` 
+    <LambdaOptions />
   </APIField>
   <APIField name="lambdas[x].id" type="UUID">
     The Id of the Lambda.

astro/src/content/docs/apis/_lambda-search-request-parameters.mdx

@@ -1,6 +1,8 @@
 import APIBlock from 'src/components/api/APIBlock.astro';
 import APIField from 'src/components/api/APIField.astro';
 import InlineField from 'src/components/InlineField.astro';
+import DeprecatedSince from 'src/components/api/DeprecatedSince.astro';
+import RemovedSince from 'src/components/api/RemovedSince.astro';
 
 {/*  parameter_prefix is either blank for parameters or "search." for body */}
 
@@ -24,7 +26,7 @@ import InlineField from 'src/components/InlineField.astro';
      * `name` - the Lambda name
      * `engineType` - the JavaScript execution engine for the Lambda
        * `GraalJS`
-       * `Nashorn`
+       * `Nashorn` <DeprecatedSince since="1.35.0"/>, <RemovedSince since="1.49.0"/>
 
     The order direction is optional. Possible values of the order direction are `ASC` or `DESC`. If omitted, the default sort order is `ASC`.
 

astro/src/content/docs/apis/_lambda-type-api.astro

@@ -2,6 +2,7 @@
 import { getEntry } from 'astro:content';
 import { LambdaDoc } from 'src/tools/docs';
 import APIField from 'src/components/api/APIField.astro';
+import AvailableSince from "../../../components/api/AvailableSince.astro";
 
 const lambdasEntry = await getEntry('json', 'lambdas');
 const lambdas: LambdaDoc[] = (lambdasEntry.data as LambdaDoc[])
@@ -16,8 +17,8 @@ const name = `${prefix || ''}type`;
     { lambdas.map(lambda =>
       <li>
         <code>{ lambda.typeText }</code>
-        { showSince && lambda.version && <span class="text-green-700 uppercase pl-4">available since { lambda.version }</span>}
+        { showSince && lambda.version && <AvailableSince since={ lambda.version }/> }
       </li>
     )}
   </ul>
-</APIField>
+</APIField>

astro/src/content/docs/apis/_system-configuration-request-body.mdx

@@ -21,7 +21,15 @@ import JSON from 'src/components/JSON.astro';
     The `Access-Control-Allow-Headers` response header values as described by [MDN Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers).
   </APIField>
   <APIField name="systemConfiguration.corsConfiguration.allowedMethods" type="Array<String>" optional>
-    The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods).
+    The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). The possible values are:
+
+    * `GET`
+    * `POST`
+    * `PUT`
+    * `DELETE`
+    * `HEAD`
+    * `OPTIONS`
+    * `PATCH`
   </APIField>
   <APIField name="systemConfiguration.corsConfiguration.allowedOrigins" type="Array<String>" optional>
     The `Access-Control-Allow-Origin` response header values as described by [MDN Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin). If the wildcard `*` is specified, no additional domains may be specified.
@@ -59,6 +67,20 @@ import JSON from 'src/components/JSON.astro';
 
     > `America/Denver` or `US/Mountain`
   </APIField>
+
+  <APIField name="systemConfiguration.trustedProxyConfiguration.trustPolicy" type="String" defaults="All" since="1.49.0">
+    This setting is used to resolve the client IP address for use in logging, webhooks, and IP-based access control when an `X-Forwarded-For` header is provided. Because proxies are free to rewrite the `X-Forwarded-For` header, an untrusted proxy could write a value that allowed it to bypass IP-based ACLs, or cause an incorrect IP address to be logged or sent to a webhook.
+
+    Valid values are:
+      * `All`: Consider all proxies in an `X-Forwarded-For` header to be trusted, and use the first address in the `X-Forwarded-For` header as the resolved address. This is less secure, and is provided for backwards compatibility.
+      * `OnlyConfigured`: Only trust proxies named in the `systemConfiguration.trustedProxyConfiguration.trusted` list. In this case, the first untrusted proxy found will be used as the client IP address.
+  </APIField>
+  <APIField name="systemConfiguration.trustedProxyConfiguration.trusted" type="Array<String>" since="1.49.0">
+    An array of IP addresses, representing the set of trusted upstream proxies. This value will be accepted but ignored when <InlineField>systemConfiguration.trustedProxyConfiguration.trustPolicy</InlineField> is set to `All`.
+
+    Values may be specified as IPv4, or IPv6 format, and ranges of addresses are also accepted in CIDR notation.
+  </APIField>
+
   <APIField name="systemConfiguration.uiConfiguration.headerColor" type="String" optional>
     A hexadecimal color to override the default menu color in the user interface.
 

astro/src/content/docs/apis/_system-configuration-response-body.mdx

@@ -19,14 +19,7 @@ import JSON from 'src/components/JSON.astro';
     The `Access-Control-Allow-Headers` response header values as described by [MDN Access-Control-Allow-Headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers).
   </APIField>
   <APIField name="systemConfiguration.corsConfiguration.allowedMethods" type="Array<String>">
-    The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods). The possible values are:
-
-    * `GET`
-    * `POST`
-    * `PUT`
-    * `DELETE`
-    * `HEAD`
-    * `OPTIONS`
+    The `Access-Control-Allow-Methods` response header values as described by [MDN Access-Control-Allow-Methods](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods).
   </APIField>
   <APIField name="systemConfiguration.corsConfiguration.allowedOrigins" type="Array<String>">
     The `Access-Control-Allow-Origin` response header values as described by [MDN Access-Control-Allow-Origin](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin). If the wildcard `*` is specified, no additional domains may be specified.
@@ -62,6 +55,18 @@ import JSON from 'src/components/JSON.astro';
 
     > `America/Denver` or `US/Mountain`
   </APIField>
+
+  <APIField name="systemConfiguration.trustedProxyConfiguration.trustPolicy" type="String" since="1.49.0">
+    This setting is used to resolve the client IP address for use in logging, webhooks, and IP-based access control when an `X-Forwarded-For` header is provided. Because proxies are free to rewrite the `X-Forwarded-For` header, an untrusted proxy could write a value that allowed it to bypass IP-based ACLs, or cause an incorrect IP address to be logged or sent to a webhook.
+
+    Valid values are:
+      * `All`: Consider all proxies in an `X-Forwarded-For` header to be trusted, and use the first address in the `X-Forwarded-For` header as the resolved address. This is less secure, and is provided for backwards compatibility.
+      * `OnlyConfigured`: Only trust proxies named in the `systemConfiguration.trustedProxyConfiguration.trusted` list. In this case, the first untrusted proxy found will be used as the client IP address.
+  </APIField>
+  <APIField name="systemConfiguration.trustedProxyConfiguration.trusted" type="Array<String>" since="1.49.0">
+    An array of IP addresses, representing the set of trusted upstream proxies.
+  </APIField>
+
   <APIField name="systemConfiguration.uiConfiguration.headerColor" type="String">
     A hexadecimal color to override the default menu color in the user interface.
   </APIField>

astro/src/content/docs/apis/audit-logs.mdx

@@ -173,12 +173,16 @@ When calling the API using a `POST` request you will send the search criteria in
   </APIField>
   <APIField name="search.newValue" type="String" optional since="1.30.0">
     The string to search for in the Audit Log field for <InlineField>newValue</InlineField>. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
+
+    In versions >= 1.49.0 sensitive values may be masked.
   </APIField>
   <APIField name="search.numberOfResults" type="Integer" optional defaults="25">
     The number of results to return from the search.
   </APIField>
   <APIField name="search.oldValue" type="String" optional since="1.30.0">
     The string to search for in the Audit Log field for <InlineField>oldValue</InlineField>. Note, that not all audit log entries will contain this field, it is primarily used for Audit Logs for updates to existing objects.
+
+    In versions >= 1.49.0 sensitive values may be masked.
   </APIField>
   <APIField name="search.orderBy" type="String" optional defaults="insertInstant DESC">
     The database column to order the search results on plus the order direction.
@@ -222,9 +226,13 @@ The response for this API contains the Audit Logs matching the search criteria i
   </APIField>
   <APIField name="auditLogs[x].data.newValue" type="String">
     The new value of a changed object.
+
+    In versions >= 1.49.0 sensitive values may be masked.
   </APIField>
   <APIField name="auditLogs[x].data.oldValue" type="String">
     The previous value of a changed object.
+
+    In versions >= 1.49.0 sensitive values may be masked.
   </APIField>
   <APIField name="auditLogs[x].data.reason" type="String">
     The reason why the audit log was created.

astro/src/content/docs/apis/identity-providers/_external-jwt-request-body.mdx

@@ -60,6 +60,7 @@ import IdentityProviderLinkingStrategyRequestParameter from 'src/content/docs/ap
   </APIField>
 
   <IdentityProviderLinkingStrategyRequestParameter idp_display_name={props.idp_display_name}
+                                                   idp_enforce_email_verified_claim={props.idp_enforce_email_verified_claim}
                                                    idp_since={props.idp_since}
                                                    idp_linking_strategy={props.idp_linking_strategy} />
 

astro/src/content/docs/apis/identity-providers/_identity-provider-linking-strategy-request-parameter.mdx

@@ -1,4 +1,5 @@
 import APIField from 'src/components/api/APIField.astro';
+import InlineField from 'src/components/InlineField.astro';
 
 <APIField name="identityProvider.linkingStrategy" type="String" optional defaults={props.idp_linking_strategy} since={ props.idp_since < 12800 ?"1.28.0" : ''}>
   The linking strategy to use when creating the link between the {props.idp_display_name} Identity Provider and the user.
@@ -11,4 +12,8 @@ import APIField from 'src/components/api/APIField.astro';
     * `LinkByEmailForExistingUser` - Only link to an existing user based upon email. A user will not be created if one does not already exist with email returned by the identity provider.
     * `LinkByUsername` - Link to an existing user based upon username. A user will be created with the username returned by the identity provider if one does not already exist.
     * `LinkByUsernameForExistingUser` - Only link to an existing user based upon username. A user will not be created if one does not already exist with username returned by the identity provider.
+
+   {props.idp_enforce_email_verified_claim && <p>
+    When the <InlineField>identityProvider.linkingStrategy</InlineField> is equal to <code>LinkByEmail</code> or <code>LinkByEmailForExistingUser</code> and the <code>email_verified</code> claim is present on the response from the {props.idp_display_name} Identity Provider and the value is <code>false</code> a link will not be established and an error will be returned indicating a link cannot be established using an unverified email address.
+   </p>}
 </APIField>

astro/src/content/docs/apis/identity-providers/_identity-provider-linking-strategy-response-parameter.mdx

@@ -1,4 +1,5 @@
 import APIField from 'src/components/api/APIField.astro';
+import InlineField from 'src/components/InlineField.astro';
 
 <APIField name="identityProvider.linkingStrategy" type="String" optional defaults={props.idp_linking_strategy} since={ props.idp_since < 12800 ? "1.28.0" : '' }>
   The linking strategy to use when creating the link between the {props.idp_display_name} Identity Provider and the user.
@@ -12,5 +13,4 @@ import APIField from 'src/components/api/APIField.astro';
     * `LinkByEmailForExistingUser` - Link on email. Do not create the user if they do not exist.
     * `LinkByUsername` - Link on username. Create the user if they do not exist.
     * `LinkByUsernameForExistingUser` - Link on username. Do not create the user if they do not exist.
-
 </APIField>

astro/src/content/docs/apis/identity-providers/_linkedin-request-body.mdx

@@ -51,7 +51,10 @@ import IdentityProviderTenantConfiguration from 'src/content/docs/apis/identity-
     The specified Lambda Id must be of type `LinkedInReconcile`.
   </APIField>
 
-  <IdentityProviderLinkingStrategyRequestParameter idp_linking_strategy={props.idp_linking_strategy} idp_display_name={props.idp_display_name} idp_since={props.idp_since} />
+  <IdentityProviderLinkingStrategyRequestParameter idp_linking_strategy={props.idp_linking_strategy}
+                                                   idp_enforce_email_verified_claim={props.idp_enforce_email_verified_claim}
+                                                   idp_display_name={props.idp_display_name}
+                                                   idp_since={props.idp_since} />
 
   <APIField name="identityProvider.scope" type="String" optional>
     The top-level scope that you are requesting from LinkedIn.

astro/src/content/docs/apis/identity-providers/_openid-connect-request-body.mdx

@@ -55,8 +55,9 @@ import IdentityProviderTenantConfiguration from 'src/content/docs/apis/identity-
   </APIField>
 
   <IdentityProviderLinkingStrategyRequestParameter idp_since={props.idp_since}
+                                                   idp_enforce_email_verified_claim={props.idp_enforce_email_verified_claim}
                                                    idp_linking_strategy={props.idp_linking_strategy}
-                                                   idp_display_name={props.idp_display_name}/>
+                                                   idp_display_name={props.idp_display_name} />
 
   <APIField name="identityProvider.name" type="String" required>
     The name of this OpenID Connect identity provider. This is only used for display purposes.