From be612989da06e5338041349456f5293945e15000 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 17 Dec 2025 00:07:06 +0000 Subject: [PATCH 01/19] [CI Pipeline] Released patch version: 5.62.26 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 5cd33af6a..6179d8668 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.24 + 5.62.26 UTF-8 From 6a97c2909e64d1f8237099870822216b4dd66fc3 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Thu, 18 Dec 2025 00:07:02 +0000 Subject: [PATCH 02/19] [CI Pipeline] Released patch version: 5.62.27 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 6179d8668..2df45aa7a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.26 + 5.62.27 UTF-8 From b155359003e1d38e4d95aa8f4f267935c58a01dc Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 19 Dec 2025 00:08:22 +0000 Subject: [PATCH 03/19] [CI Pipeline] Released patch version: 5.62.28 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2df45aa7a..66a2722b8 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.27 + 5.62.28 UTF-8 From 11e49b3e29156a98645f3d2ce14fa56ba83f11f9 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sat, 20 Dec 2025 00:07:54 +0000 Subject: [PATCH 04/19] [CI Pipeline] Released patch version: 5.62.29 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 66a2722b8..fbc0a36b5 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.28 + 5.62.29 UTF-8 From 2e62283c6c0c5cd364ee0b4358ed33d7cde5b484 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sun, 21 Dec 2025 00:08:01 +0000 Subject: [PATCH 05/19] [CI Pipeline] Released patch version: 5.62.30 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index fbc0a36b5..aba9b30fe 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.29 + 5.62.30 UTF-8 From fdad95b4b9aaaae278556e7409fb010cf4f30249 Mon Sep 17 00:00:00 2001 From: way zheng Date: Sat, 20 Dec 2025 18:09:15 -0800 Subject: [PATCH 06/19] update euid CF template and desc --- scripts/aws/EUID_CloudFormation.template.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/aws/EUID_CloudFormation.template.yml b/scripts/aws/EUID_CloudFormation.template.yml index 09fefb18f..22a8f5da0 100644 --- a/scripts/aws/EUID_CloudFormation.template.yml +++ b/scripts/aws/EUID_CloudFormation.template.yml @@ -38,6 +38,8 @@ Parameters: - m6i.4xlarge - r6i.2xlarge - r6i.4xlarge + - r7i.2xlarge + - r7i.4xlarge ConstraintDescription: must be a valid EC2 instance type. RootVolumeSize: Description: Instance root volume size @@ -90,7 +92,7 @@ Metadata: DeployToEnvironment: default: EUID environment to deploy to. Prod - production; Integ - integration test. InstanceType: - default: Instance Type for EC2. Minimum 4 vCPUs needed. M5, M5a, M5n, M6i and R6i Instance types are tested. Choose 2xlarge or 4xlarge. + default: Instance Type for EC2. Minimum 4 vCPUs needed. M5, M5a, M5n, M6i, R6i and R7i Instance types are tested. Choose 2xlarge or 4xlarge. SSHKeyName: default: Key Name for SSH to EC2 (required) RootVolumeSize: From fd7fb416235d6be9fdcd0fe8815a0f1221b4d277 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 22 Dec 2025 00:08:19 +0000 Subject: [PATCH 07/19] [CI Pipeline] Released patch version: 5.62.31 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index aba9b30fe..d23f874e1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.30 + 5.62.31 UTF-8 From 00c502dc2a01ce71c143e26b35058b62a8c4ef07 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 23 Dec 2025 00:08:12 +0000 Subject: [PATCH 08/19] [CI Pipeline] Released patch version: 5.62.32 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d23f874e1..9f9528b9a 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.31 + 5.62.32 UTF-8 From ccef57f0ec2146f4f9cae965e42d65b52fd68a41 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 24 Dec 2025 00:08:36 +0000 Subject: [PATCH 09/19] [CI Pipeline] Released patch version: 5.62.33 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9f9528b9a..14165e0f0 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.32 + 5.62.33 UTF-8 From 045c074d5eead5780a550641b77fd33969ebf4fb Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Thu, 25 Dec 2025 00:08:03 +0000 Subject: [PATCH 10/19] [CI Pipeline] Released patch version: 5.62.34 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 14165e0f0..a1e3ce0f9 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.33 + 5.62.34 UTF-8 From d7ce1421676d2169395be279dbf63ee8068c02c4 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Fri, 26 Dec 2025 00:08:18 +0000 Subject: [PATCH 11/19] [CI Pipeline] Released patch version: 5.62.35 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index a1e3ce0f9..87829057f 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.34 + 5.62.35 UTF-8 From 60903a1f48b731b7fcf0b31ba2829f7569bdd404 Mon Sep 17 00:00:00 2001 From: way zheng Date: Fri, 26 Dec 2025 14:23:38 -0800 Subject: [PATCH 12/19] update the CF to include correct cpu reqirements --- scripts/aws/EUID_CloudFormation.template.yml | 2 +- scripts/aws/UID_CloudFormation.template.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/aws/EUID_CloudFormation.template.yml b/scripts/aws/EUID_CloudFormation.template.yml index 22a8f5da0..30f12aea4 100644 --- a/scripts/aws/EUID_CloudFormation.template.yml +++ b/scripts/aws/EUID_CloudFormation.template.yml @@ -92,7 +92,7 @@ Metadata: DeployToEnvironment: default: EUID environment to deploy to. Prod - production; Integ - integration test. InstanceType: - default: Instance Type for EC2. Minimum 4 vCPUs needed. M5, M5a, M5n, M6i, R6i and R7i Instance types are tested. Choose 2xlarge or 4xlarge. + default: Instance Type for EC2. Minimum 8 vCPUs needed. M5, M5a, M5n, M6i, R6i and R7i Instance types are tested. Choose 2xlarge or 4xlarge. SSHKeyName: default: Key Name for SSH to EC2 (required) RootVolumeSize: diff --git a/scripts/aws/UID_CloudFormation.template.yml b/scripts/aws/UID_CloudFormation.template.yml index 58030f4d2..82ab2c1dc 100644 --- a/scripts/aws/UID_CloudFormation.template.yml +++ b/scripts/aws/UID_CloudFormation.template.yml @@ -92,7 +92,7 @@ Metadata: DeployToEnvironment: default: UID2 environment to deploy to. Prod - production; Integ - integration test. InstanceType: - default: Instance Type for EC2. Minimum 4 vCPUs needed. M5, M5a, M5n, M6i and R6i Instance types are tested. Choose 2xlarge or 4xlarge. + default: Instance Type for EC2. Minimum 8 vCPUs needed. M5, M5a, M5n, M6i, R6i and R7i Instance types are tested. Choose 2xlarge or 4xlarge. SSHKeyName: default: Key Name for SSH to EC2 (required) RootVolumeSize: From 93ad19308b7533b511f72a6125c83ad459450edd Mon Sep 17 00:00:00 2001 From: way zheng Date: Fri, 26 Dec 2025 15:37:12 -0800 Subject: [PATCH 13/19] update aks and azure cpu and memeory requriements to align --- scripts/azure-aks/deployment/operator.yaml | 6 +++++- scripts/azure-cc/deployment/operator.json | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/scripts/azure-aks/deployment/operator.yaml b/scripts/azure-aks/deployment/operator.yaml index 234bd4a23..bc6e752d6 100644 --- a/scripts/azure-aks/deployment/operator.yaml +++ b/scripts/azure-aks/deployment/operator.yaml @@ -39,7 +39,11 @@ spec: image: IMAGE_PLACEHOLDER resources: limits: - memory: "8Gi" + cpu: "6" + memory: "24Gi" + requests: + cpu: "6" + memory: "24Gi" imagePullPolicy: Always securityContext: runAsUser: 1000 diff --git a/scripts/azure-cc/deployment/operator.json b/scripts/azure-cc/deployment/operator.json index 43d395c1b..60cf08d11 100644 --- a/scripts/azure-cc/deployment/operator.json +++ b/scripts/azure-cc/deployment/operator.json @@ -116,8 +116,8 @@ ], "resources": { "requests": { - "cpu": 3.5, - "memoryInGB": 15.5 + "cpu": 6, + "memoryInGB": 24 } }, "environmentVariables": [ From 2901325cc630c17d591478e93179a9ab018bb789 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sat, 27 Dec 2025 00:08:00 +0000 Subject: [PATCH 14/19] [CI Pipeline] Released patch version: 5.62.36 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 87829057f..4e2a70e30 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.35 + 5.62.36 UTF-8 From 1c85285a6618fff246f7ae9e3099840713805782 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Sun, 28 Dec 2025 00:08:14 +0000 Subject: [PATCH 15/19] [CI Pipeline] Released patch version: 5.62.37 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4e2a70e30..d838fadcd 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.36 + 5.62.37 UTF-8 From aaff9955519d3e1fe31ce179b58ac6ae618a5a79 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 29 Dec 2025 00:08:32 +0000 Subject: [PATCH 16/19] [CI Pipeline] Released patch version: 5.62.38 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index d838fadcd..f57a849e1 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.62.37 + 5.62.38 UTF-8 From 2ad8a73ad69da5e7bba30394c6affc54b2c983ef Mon Sep 17 00:00:00 2001 From: Weihe Zheng Date: Mon, 29 Dec 2025 06:22:54 -0800 Subject: [PATCH 17/19] update salt expiration to year 9999 (#2243) --- src/main/resources/com.uid2.core/test/salts/metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/resources/com.uid2.core/test/salts/metadata.json b/src/main/resources/com.uid2.core/test/salts/metadata.json index 06313d890..3470f9a91 100644 --- a/src/main/resources/com.uid2.core/test/salts/metadata.json +++ b/src/main/resources/com.uid2.core/test/salts/metadata.json @@ -7,12 +7,12 @@ "salts" : [ { "effective" : 1670796729291, - "expires" : 1766125493000, + "expires" : 253370793600000, "location" : "/com.uid2.core/test/salts/salts.txt.1670796729291", "size" : 5 },{ "effective" : 1745907348982, - "expires" : 1766720293000, + "expires" : 253402329599000, "location" : "/com.uid2.core/test/salts/salts.txt.1745907348982", "size" : 5 } From 7374759c6328335512488cf51f207ab17b4c4d91 Mon Sep 17 00:00:00 2001 From: way zheng Date: Mon, 29 Dec 2025 07:17:45 -0800 Subject: [PATCH 18/19] pull origin main --- scripts/gcp-oidc/README.md | 6 +++--- scripts/gcp-oidc/terraform/README.md | 2 +- scripts/gcp-oidc/terraform/main.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/gcp-oidc/README.md b/scripts/gcp-oidc/README.md index 1a6e35c0c..7f06d72e3 100644 --- a/scripts/gcp-oidc/README.md +++ b/scripts/gcp-oidc/README.md @@ -197,14 +197,14 @@ You will be provided a new operator API token which should be stored in Secret M `~tee-env-DEPLOYMENT_ENVIRONMENT=prod~`. It is recommended that you also specify the machine type in the gcloud script. Currently, it is recommended to run the -UID2 operator on a machine type of n2d-standard-16. (default to n2d-standard-2) +UID2 operator on a machine type of n2d-standard-8 for production. (default to n2d-standard-2) An example of the script is given below: ``` $ gcloud compute instances create {INSTANCE_NAME} \ --zone {ZONE} \ - --machine-type n2d-standard-16 \ + --machine-type n2d-standard-8 \ --confidential-compute \ --shielded-secure-boot \ --maintenance-policy Terminate \ @@ -215,7 +215,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \ --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME} ``` -Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-16` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production. +Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-8` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production. ## Upgrading diff --git a/scripts/gcp-oidc/terraform/README.md b/scripts/gcp-oidc/terraform/README.md index 8723a5347..f736b3057 100644 --- a/scripts/gcp-oidc/terraform/README.md +++ b/scripts/gcp-oidc/terraform/README.md @@ -68,7 +68,7 @@ terraform destroy | service_account_name | `string` | n/a | yes | The name of the service account that you want to use for your UID2 Operator instance in GCP Confidential Space. | | uid_operator_image | `string` | n/a | yes | The Docker image URL for the UID2 Private Operator for GCP, used in configuration, which you received as part of UID2 Operator Account Setup. For example: `us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator@sha256:{IMAGE_SHA}` | | uid_operator_key | `string` | n/a | yes | The UID2 operator key, which you received as part of UID2 Operator Account Setup.
Note: only required during first time provision. You could leave it as empty string later if you don't want to update secret value. | -| uid_deployment_env | `string` | n/a | yes | Valid values: `integ` for integration environment, `prod` for production environment.
Machine type is determined by the deployment environment: `integ` uses `n2d-standard-2` and prod uses `n2d-standard-16`. | +| uid_deployment_env | `string` | n/a | yes | Valid values: `integ` for integration environment, `prod` for production environment.
Machine type is determined by the deployment environment: `integ` uses `n2d-standard-2` and prod uses `n2d-standard-8`. | | uid_operator_key_secret_name | `string` | `"secret-operator-key"` | no | The name that you specify for your operator key secret. The Terraform template creates a secret in the GCP Secret Manager to hold the `uid_operator_key` value. You can define the name; for example, `uid2-operator-operator-key-secret-integ`. | | region | `string` | `"us-east1"` | no | The region that you want to deploy to. For a list of valid regions, see [Available regions and zones](https://cloud.google.com/compute/docs/regions-zones#available) in the Google Cloud documentation.
NOTE: The UID2 Private Operator implementation for GCP Confidential Space is not supported in these areas: Europe, China. | | network_name | `string` | `"uid-operator"` | no | The VPC resource name (also used for rules/ instance tags). | diff --git a/scripts/gcp-oidc/terraform/main.tf b/scripts/gcp-oidc/terraform/main.tf index 7a0141726..6b6e81b87 100644 --- a/scripts/gcp-oidc/terraform/main.tf +++ b/scripts/gcp-oidc/terraform/main.tf @@ -94,7 +94,7 @@ module "secret-manager" { resource "google_compute_instance_template" "uid_operator" { depends_on = [module.project_services] name_prefix = "uid-operator-cs-template-" - machine_type = var.uid_deployment_env == "prod" ? "n2d-standard-16" : "n2d-standard-2" + machine_type = var.uid_deployment_env == "prod" ? "n2d-standard-8" : "n2d-standard-2" tags = [var.network_name] From ae25495d213d47f568c7d5abc3cb7e3f276de8d8 Mon Sep 17 00:00:00 2001 From: way zheng Date: Mon, 29 Dec 2025 08:01:23 -0800 Subject: [PATCH 19/19] revert gcp related changes as they are not necessary --- scripts/gcp-oidc/README.md | 6 +++--- scripts/gcp-oidc/terraform/README.md | 2 +- scripts/gcp-oidc/terraform/main.tf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/gcp-oidc/README.md b/scripts/gcp-oidc/README.md index 7f06d72e3..1a6e35c0c 100644 --- a/scripts/gcp-oidc/README.md +++ b/scripts/gcp-oidc/README.md @@ -197,14 +197,14 @@ You will be provided a new operator API token which should be stored in Secret M `~tee-env-DEPLOYMENT_ENVIRONMENT=prod~`. It is recommended that you also specify the machine type in the gcloud script. Currently, it is recommended to run the -UID2 operator on a machine type of n2d-standard-8 for production. (default to n2d-standard-2) +UID2 operator on a machine type of n2d-standard-16. (default to n2d-standard-2) An example of the script is given below: ``` $ gcloud compute instances create {INSTANCE_NAME} \ --zone {ZONE} \ - --machine-type n2d-standard-8 \ + --machine-type n2d-standard-16 \ --confidential-compute \ --shielded-secure-boot \ --maintenance-policy Terminate \ @@ -215,7 +215,7 @@ $ gcloud compute instances create {INSTANCE_NAME} \ --metadata ^~^tee-image-reference={OPERATOR_IMAGE}~tee-restart-policy=Never~tee-container-log-redirect=true~tee-env-DEPLOYMENT_ENVIRONMENT=prod~tee-env-API_TOKEN_SECRET_NAME={OPERATOR_KEY_SECRET_FULL_NAME} ``` -Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-8` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production. +Note that compared to the `gcloud` command used in the prior section, parameter `--machine-type n2d-standard-16` is set to ensure production deployment of UID2 Operator runs on the recommended machine type for production. ## Upgrading diff --git a/scripts/gcp-oidc/terraform/README.md b/scripts/gcp-oidc/terraform/README.md index f736b3057..8723a5347 100644 --- a/scripts/gcp-oidc/terraform/README.md +++ b/scripts/gcp-oidc/terraform/README.md @@ -68,7 +68,7 @@ terraform destroy | service_account_name | `string` | n/a | yes | The name of the service account that you want to use for your UID2 Operator instance in GCP Confidential Space. | | uid_operator_image | `string` | n/a | yes | The Docker image URL for the UID2 Private Operator for GCP, used in configuration, which you received as part of UID2 Operator Account Setup. For example: `us-docker.pkg.dev/uid2-prod-project/iabtechlab/uid2-operator@sha256:{IMAGE_SHA}` | | uid_operator_key | `string` | n/a | yes | The UID2 operator key, which you received as part of UID2 Operator Account Setup.
Note: only required during first time provision. You could leave it as empty string later if you don't want to update secret value. | -| uid_deployment_env | `string` | n/a | yes | Valid values: `integ` for integration environment, `prod` for production environment.
Machine type is determined by the deployment environment: `integ` uses `n2d-standard-2` and prod uses `n2d-standard-8`. | +| uid_deployment_env | `string` | n/a | yes | Valid values: `integ` for integration environment, `prod` for production environment.
Machine type is determined by the deployment environment: `integ` uses `n2d-standard-2` and prod uses `n2d-standard-16`. | | uid_operator_key_secret_name | `string` | `"secret-operator-key"` | no | The name that you specify for your operator key secret. The Terraform template creates a secret in the GCP Secret Manager to hold the `uid_operator_key` value. You can define the name; for example, `uid2-operator-operator-key-secret-integ`. | | region | `string` | `"us-east1"` | no | The region that you want to deploy to. For a list of valid regions, see [Available regions and zones](https://cloud.google.com/compute/docs/regions-zones#available) in the Google Cloud documentation.
NOTE: The UID2 Private Operator implementation for GCP Confidential Space is not supported in these areas: Europe, China. | | network_name | `string` | `"uid-operator"` | no | The VPC resource name (also used for rules/ instance tags). | diff --git a/scripts/gcp-oidc/terraform/main.tf b/scripts/gcp-oidc/terraform/main.tf index 6b6e81b87..7a0141726 100644 --- a/scripts/gcp-oidc/terraform/main.tf +++ b/scripts/gcp-oidc/terraform/main.tf @@ -94,7 +94,7 @@ module "secret-manager" { resource "google_compute_instance_template" "uid_operator" { depends_on = [module.project_services] name_prefix = "uid-operator-cs-template-" - machine_type = var.uid_deployment_env == "prod" ? "n2d-standard-8" : "n2d-standard-2" + machine_type = var.uid_deployment_env == "prod" ? "n2d-standard-16" : "n2d-standard-2" tags = [var.network_name]