Skip to content

v0.15.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Sep 12:34
v0.15.0
b18e93d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

0.15.0 (2024-09-16)

This release marks a significant milestone for the project as it is our first version without the alpha suffix in the version. I want to extend a heartfelt thank you to everyone who supported the project and me through ideas, insights, and valuable discussions.

A special thanks goes to @davidspek for the preparation work related to the new matching API for the rules. Many of the new features and improvements in this release are a direct result of that effort.

⚠ BREAKING CHANGES

  • Made the usage of if clauses in authentication & authorization, and error pipelines consistent (#1784)
  • Deprecated OTEL attributes replaced (#1669)
  • Configuration of signer moved into jwt finalizer (#1534)
  • Demo installation removed from the helm chart (#1544)
  • Subject has been made immutable (#1487)
  • Rule matching configuration API redesigned (#1358)
  • Default rule rejects requests with encoded slashes in the path of the URL with 400 Bad Request (#1358)
  • Support for rule_path_match_prefix on endpoint configurations for http_endpoint and cloud_blob providers has been dropped (#1358)

Features

  • Glob expressions are context aware and use . for host related expressions and / for path related ones as separators (#1358) (f2f6867)
  • Multiple rules can be defined for the same path, e.g. to have separate rules for read and write requests (#1358) (f2f6867)
  • New endpoint auth type to create http message signatures for outbound requests according to RFC 9421 (#1507) (672988d)
  • Route based matching of rules (#1766) (8ef379d)
  • Support for backtracking while matching rules (#1358) (f2f6867)
  • Support for free and single (named) wildcards for request path matching and access of the captured values from the pipeline (#1358) (f2f6867)

Code Refactorings

  • Configuration of signer moved into jwt finalizer (#1534) (4475745)
  • Default rule rejects requests with encoded slashes in the path of the URL with 400 Bad Request (#1358) (f2f6867)
  • Demo installation removed from the helm chart (#1544) (f8770b3)
  • Deprecated OTEL attributes replaced (#1669) (e5ed3a5)
  • Made the usage of if clauses in authentication & authorization, and error pipelines consistent (#1784) (2577f56)
  • Rule matching configuration API redesigned (#1358) (f2f6867)
  • Subject has been made immutable (#1487) (6c4957f)
  • Support for rule_path_match_prefix on endpoint configurations for http_endpoint and cloud_blob providers has been dropped (#1358) (f2f6867)

Performance Improvements

  • O(log(n)) time complexity for lookup of rules (#1358) (f2f6867)

Bug Fixes

  • Corrected the placement of namespace selector properties in the Helm chart's admission controller configuration (#1752). (4c059b3)
  • Fixed a nil pointer error in the Helm chart that occurred when a deployment was configured with custom annotations due to an incorrect reference in the deployment template (#1752). (4c059b3)
  • Taking updates of certificates into account while collecting metrics (#1534) (4475745)
  • Updated the admission controller configuration in the Helm chart to align with the redesigned structure done in v0.12.0-alpha release of heimdall (#1752). (4c059b3)

Documentation

  • Guide for First-Party Authentication with OpenID Connect (#1789) (8c6b9c3)
  • New integration guide for Envoy Gateway (#1412) (526f381)
  • NGING Ingress Controller guide updated to cover global integration options (#1469) (a710a64)
  • Traefik guide updated to cover Ingress, IngressRoute and HTTPRoute based integration options (#1420) (303095e)

Dependencies

  • update golang to v1.23.1 (#1793) (54e6cad)
  • update golang.org/x/exp digest to 701f63a (#1793) (54e6cad)
  • update google.golang.org/genproto/googleapis/rpc digest to 8af14fe (#1793) (54e6cad)
  • update module github.com/go-playground/validator/v10 to v10.22.1 (#1793) (54e6cad)
  • update module github.com/jellydator/ttlcache/v3 to v3.3.0 (#1793) (54e6cad)
  • update module github.com/masterminds/sprig/v3 to v3.3.0 (#1793) (54e6cad)
  • update module github.com/prometheus/client_golang to v1.20.3 (#1793) (54e6cad)
  • update module github.com/redis/rueidis to v1.0.45 (#1793) (54e6cad)
  • update module github.com/redis/rueidis/rueidisotel to v1.0.45 (#1793) (54e6cad)
  • update module github.com/rs/cors to v1.11.1 (#1793) (54e6cad)
  • update module go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to v0.55.0 (#1793) (54e6cad)
  • update module go.opentelemetry.io/contrib/instrumentation/host to v0.55.0 (#1793) (54e6cad)
  • update module go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to v0.55.0 (#1793) (54e6cad)
  • update module go.opentelemetry.io/contrib/instrumentation/runtime to v0.55.0 (#1793) (54e6cad)
  • update module go.opentelemetry.io/contrib/propagators/autoprop to v0.55.0 (#1793) (54e6cad)
  • update module gocloud.dev to v0.39.0 (#1774) (4ffa9e4)
  • update module google.golang.org/grpc to v1.66.2 (#1793) (54e6cad)
  • update module k8s.io/client-go to v0.31.1 (#1793) (54e6cad)
  • update opentelemetry-go monorepo to v1.30.0 (#1793) (54e6cad)

Contributors

davidspek
Assets 26
Loading