Changelog
sso_proxy, so care must be taken while upgrading to this version.
To aid the introduction of these new variables, please reference the description in #279, and particularly, the table included at the bottom of the referenced pull request.
Features & Enhancements 🚀
- sso_*: rename 'options' package to 'validators' - rename the
optionspackage tovalidators, better fitting its responsibility. - sso_*: use ProxyFromEnvironment in http Transport - allow traffic to be passed through a proxy by setting relevant environment variables.
- sso_*change 'master' references to 'main' - after renaming the
masterbranch tomain, change relevant references throughout the repo. - sso-proxy: command line tool to generate request signatures - command line tool to aid with testing request signature validation logic
- sso_*: prevent copying of session between upstream - add a new
AuthorizedUpstreamvalue to the session, allowing us to prevent using the same session with a different upstream. - sso_*: update to Go 1.14 - update
sso_proxyandsso_authto Go 1.14 - sso_auth: make provider_*_okta_server optional - as is stated in the quickstart, allow
provider_*_okta_serverto be optional. - codecov: update to project threshold to explicit % - update codecov configuration as result of
- sso_proxy: update to use go-micro for configuration management - bring
sso_proxyin line withsso_authby using go-micro for configuration management [⚠️ BREAKING CHANGE⚠️ ] - sso_*: remove vendored dependencies - to improve clarity, remove vendored dependencies and rely entirely on go modules.
- sso: update go modules - update dependencies, and make use of
-mod=readonly. - release_drafter: add basic config and template for releases - use release-drafter to automate the updating of draft releases
- auth: amazon cognito provider - adds Amazon Cognito as an additional identity provider.
Bug Fixes 🐛
- sso_proxy: add missing return - add a missing return; resolve a simple bug.
- sso_proxy: allow empty slice of groups - when validating groups, allow an empty slice of groups to be passed in.
- sso_*: proxy path-components with %-escaped characters in tact. - fix proxying to paths with %-encoded URL's included.
- fillcache: remove group from cache if it can't be found by the identity provider - proactively delete groups from the cache if they can no longer be found.
- fillcache pkg: trigger cache update immediately - fill group cache immediately, instead of waiting until first TTL to pass.
- sso_proxy: fix request signer hash panic - create a new
hash.Hashwithin each request signer to prevent a race condition. - sso_proxy: reduce amount of group validations - we started to run group validations too often, so reduce the frequency.
- cmd: ensure http servers shut down gracefully - don't forcefully abort requests on shutdown, handle gracefully instead.
- sso_*: allow group validator to be used standalone - similar to emails and domains, allow groups to be used for validations on their own.
Documentation 📖
- sso_proxy: document provider slug configs - add missing documentation around provider slugs
- docs: update quickstart guide - add some missing points, and improve the clarity of the quickstart documentation.
- sso_proxy: Add comment marking private key as test data - make it extra clear that the test private key is in fact only for testing purposes.
Release Contributors: @Jusshersmith, @benjsto, @jphines, @itwasntandy, @mccutchen, @katzdm, and @kjetijor