1.19.0 (2024-09-20)
1.18.0 (2024-09-16)
- add
github.com/wneessen/go-mail v0.4.4dependency (5182270) - add entitlements service by Rebac (64b8326)
- add env vars for mail client (3ab1acb)
- add interfaces + implement emailservice (b2f0ae9)
- add ResourcesService (f5a2008)
- add SendUserCreationEmail method (0cc1d3f)
- add template loading + test + TEMPORARY mail template (6c95a25)
- add the create-identity CLI (464c697)
1.17.0 (2024-09-06)
- implement GroupService based on the rebac lib (709906b)
- introduce IdentityProviders v1 api (7a2719d)
- offload idp types to constant (d15ecf2)
- use correct method to invoke backend (64f68a6)
- use idp ID if passed in (023c8e3)
1.16.2 (2024-08-30)
- address empty schema id but enforce passing of the field (fa915f2)
- enforce id on idp creation, moving validation to validator object (9633937), closes #391
- initialize idps configmap.Data field if empty (fba4479), closes #392
1.16.1 (2024-08-29)
1.16.0 (2024-08-28)
- display login on 401 responses (5031b32)
- identities service implementation (b840cf4)
- log out with OIDC (4b268aa)
- return to URL that initiated login (99da50a)
- create openfga store to enhance basic client and offload core application logic (3f0465b)
- fix wrong title displayed once logged in (5ef6371)
- update tracing signature (d22fad9)
1.15.0 (2024-08-08)
- add check for mock calls in DeleteRole (e9e3d54)
- adjust logic for pagination (e852914)
- annotate responses with the full type (1cd4b98)
- use contextual tuples for admin role (37efc1e)
- use contextual tuples to give admin access to all APIs (0e27337)
1.14.1 (2024-07-30)
1.14.0 (2024-07-19)
- actual link authentication users to authorization model + tests (8063b73)
- handle case principal is not found in authorizer middleware + switch to
CheckAdminmethod (182e469) - introduce UserPrincipal and ServicePrincipal + move Principal structs and logic to ad hoc file + tests (69dbeb9)
- set necessary oauth2 scopes as default (9c36e95)
- set OtelHTTPClient in context correctly (e514b37)
- ui redirection with context path (61451f6)
- use contextPath to redirect to UI (8a7540d)
1.13.1 (2024-07-16)
- add helper function for constructing assignee (cfa1a08)
- add resource creation logic to authz (c8e3588)
- fix authorizer init logic (a8fb9c3)
- remove page param (585f713)
- set cookie path to / (9c95b0b)
- sync resource creation/delation with authz (55d02df)
- use worker pool in authorizer (67bf82d)
1.13.0 (2024-07-11)
- add
HTTPClientFromContext+ improved OtelHTTPClientFromContext func (fa1b3e8) - add context path spec to correctly handle redirect (71aef28)
- add hydra admin url to config + add comment for env var expectation (b36e498)
- add hydra clients to OAuth2Context struct (0072078)
- add Logout function and HTTPClientInterface (98e4ec3)
- add logout handler (5ea5742)
- add logout implementation (3c435d4)
- add NextTo cookie handling to cookie manager and interface (5a5cc30)
- handle optional
nextparameter for FE use (1f4ca15)
- add json parsing error (8713366)
- clear cookie functions (3a1b2e4)
- improve validation error messages (c20ff4a)
- temporary fix to allow time for new solution on the frontend (6ee0ac3)
- UI serving handlers (b4070b1)
1.12.0 (2024-07-02)
- add
/auth/meendpoint handler to return json with principal info (9fa92a3) - add user session cookies ttl external config (b4da23d)
- cookie + refresh token support for middleware (cab3f84)
- expand cookie manager interface + implementation for tokens cookies + tests (a026e24)
- expand on Principal attributes + improve PrincipalFromContext (4104b3a)
- set tokens cookies in callback and redirect to UI url + adjust tests (f6e8277)
- add contextual tuples to openfga (03d313d)
- always add tuples for global read and admins (992f283)
- rename admin user (2f01a27)
1.11.0 (2024-06-21)
- add encrypt implementation (1a88aad)
- typo in variable name (4558fd0)
- ui use react routers base path and add tests for base path calculation (85da4c0)
- ui uses relative base path. in case /ui/ is found in the current page url, all urls and api routes use the found prefix from the path. If /ui/ is not found, fall back to / as the base path. Fixes #317 Fixes IAM-911 Fixes WD-12306 (709399c)
- unauthenticated handlers were called twice (1d7ebb9)
1.10.0 (2024-06-17)
- add 2 implementations of token verifier + tests (1d1c5f9)
- add AuthCookieManager implementation (ed18cf5)
- add interfaces for oauth2 integration (684abac)
- add OAuth2 and OIDC related env vars to the Spec struct (b900cc4)
- add OAuth2 authentication middleware + tests (e054552)
- add oauth2 context to manage oauth2/oidc operations + tests (62bff44)
- add OAuth2 login handler + tests (88c29e6)
- add OAuth2Helper implementation (00c5bc1)
- adopt new oauth2 integration (912029c)
- dependencies: add coreos/go-oidc v3 dependency (fe20b2f)
- handler: add state check + improve structure/implementation (2c29251)
- add security headers to UI handler (ea3c6ba)
- rename Urn to URN (603418d)
- serve the same file for all ui routes (29ee190)
- serve ui assets under relative path (c3f21a9)
- serve UI files (9007b77)
- serve UI from root path (e5ecf42)
- use BASE_URL to add trailing slash (30b7b1b)
1.10.0 (2024-06-17)
- add 2 implementations of token verifier + tests (1d1c5f9)
- add AuthCookieManager implementation (7ff91d8)
- add interfaces for oauth2 integration (684abac)
- add OAuth2 and OIDC related env vars to the Spec struct (b900cc4)
- add OAuth2 authentication middleware + tests (e054552)
- add oauth2 context to manage oauth2/oidc operations + tests (62bff44)
- add OAuth2 login handler + tests (88c29e6)
- add OAuth2Helper implementation (67430f8)
- adopt new oauth2 integration (912029c)
- dependencies: add coreos/go-oidc v3 dependency (fe20b2f)
- handler: add state check + improve structure/implementation (25f4c04)
- add security headers to UI handler (ea3c6ba)
- rename Urn to URN (603418d)
- serve the same file for all ui routes (29ee190)
- serve ui assets under relative path (c3f21a9)
- serve UI files (9007b77)
- serve UI from root path (e5ecf42)
- use BASE_URL to add trailing slash (30b7b1b)
1.9.0 (2024-05-24)
- uniform rules handlers to pageToken pagination (7c70cc6)
1.8.0 (2024-05-09)
- upgrade rebac-admin to 0.0.1-alpha.3 (96aca77)
1.7.0 (2024-05-06)
- implement new Create{Group,Role} interface + adjust handlers (0adce3c)
- let Create{Group,Role} return newly created object (e1ba968)
1.6.1 (2024-05-06)
- role: error out when ID is passed for creation (2a46a5e)
- role: use
Namefield for creation (e63fdaa)
1.6.0 (2024-04-30)
- add
openfga_workers_totalint config with default (b12ac05) - add
payload_validation_enabledconfig key (419b042) - add
SetTokensmethod + empty tokens don't get set (f165155) - add 3rd party validator to API structs + setupValidation func + initial noop middleware (1de0006)
- add constructor for validator + use json tags for validation errors (44d7223)
- add externalized Kube config file env var (9a63fe3)
- add full validation implementation for schemas (45993ed)
- add identity provider management, add logo (48f47ec)
- add log tailing to skaffold run (a9725da)
- add login screen (1befe87)
- add pagination to clients, schemas and identity lists in ui. Add identity creation form WD-10253 (5f55463)
- add URL param validation for groups handlers (24c8d99)
- add Urn type (f7d33e2)
- add validation implementation for
clients(549d985) - add validation implementation for
groups(700cf04) - add validation middlewareonly if payload validation is enabled + reorder middleware and endpoints registration (32814e8)
- add validation setup for
groupsendpoint (06fb9f4) - add validation setup for
identitiesendpoint (b4178c9) - add validation setup for
schemasendpoint (8c5e173) - add ValidationRegistry for API validation + instantiate in router (50f0810)
- add worker pool implementation (dbd2f9d)
- adjust identity api to accept page token (beb0d42), closes #256
- adjust pagination for schemas endpoints (e2a2df3), closes #44
- allow create-fga-model cli command to save on a k8s coonfigmap (56463bb)
- authorization middleware based on openFGA (8f2cb3e)
- create groups service (3d8d648)
- create roles service (c796135)
- create token pagination extractor (215b6cb)
- create-group: allow creator user to view group (efcaeec)
- delete-group: delete all relation for group to delete (883b513)
- enable authorization by default (6f61651)
- enhance identity provider form to cover all providers and relevant fields, hide advanced fields by default (ef62667)
- enhance ValidationRegistry with PayloadValidator and adjust in handlers + enhance Middleware + add func for ApiKey retrieval from endpoint (313617a)
- enhanced ValidationError with specific field errors and common errors (a21462c)
- handlers for groups API (63d5dc4)
- handlers for roles API (114b284)
- hook up worker pool for groups and roles API (ce83bd6)
- idp: add validation implementation (71ff661)
- implement converters for each type of API (09852b0)
- include roles and groups from ReBAC Admin (5d03914)
- introduce BatchCheck, WriteTuples, DeleteTuples and ReadTuples in openfga client (39eb195)
- introduce groups API converter to deal with authorization in the middleware (5f8875a)
- invoke setup validation on registered APIs (de16a0b)
- parse and expose link header from hydra (7c2d3f6)
- passing openfga store and model id to admin service (51f4fab)
- roles: add validation implementation (6bf72e5)
- rules: add validation implementation (c42bd45)
- separate authorization client from OpenFGA client (2cc4dab)
- upgrade openfga model (c49abd5)
- use interface instead of client pointer (3e1ac0f)
- use side panels for client and idp creation (ef798c4)
- wire up groups API (352bc45)
- wire up roles API in web application (16ba352)
- adapt serve command to changes on k8s client (e6701e2)
- add back URL Param validation from previous commit (ebe07a5)
- add command for creating an admin user (50449a9)
- add command for removing an admin user (2db3a08)
- add extra check on list schemas test for navigation (2afec86)
- add id validation to make sure it's never empty (fc7d560), closes #239
- add page tokens to the response (5a13e4e)
- add todo comment to catch issue with the user-identities sync (ed66418)
- add validation to openfga config (300201c)
- address empty IDs on schema and idp creation (e6dbf32), closes #227
- address segfault when using noop client (5265512)
- adjust openfga NoopClient setup (f253400)
- adjust page offset for oathkeeper apis (7c22e06)
- allow for k8s client to be configured using kubeconfig (136e957)
- bundle up external clients and o11y setup into config structs (a660066)
- change specs.EnvSper name for authorization model id (3eb270b)
- clients: validation and improved tests (129a8a8)
- deal with empty Data attribute in k8s configmap (56937c8), closes #254
- delete role implementation (4b71734)
- disable validation due to missing implementation of api validators (5c06b9b)
- drop non can_ relations from group entitlements (5b225ae), closes #243
- enhance cli model creation to bootstrap a store (e97fb0a)
- enhance openfga client with CreateStore and helpers to set modelID and storeID on the fly (5d62fbf)
- enhance registerValidation log message with error (ae95fa8)
- get 404 with not found role (with can view) - get 403 (without can_view) (2a22054)
- groups: validation and improved tests (255733e)
- handleDetail to return 404 on missing group for authorized users + typo (b1a1e02)
- identities: validation and improved tests (b4fa762)
- introduce uri validation for params (5eecee4)
- listing not working for user that created a role (b54d681)
- pass interface to roles API to allow for openfga noop client (6d04a3d)
- remove assignees tuples on DeleteGroup (1107165)
- remove assignees tuples on DeleteRole (5772334), closes #285
- remove page_token field in meta response (3756f0d), closes #271
- removing extra #member on assignIdentities service call (bfde070), closes #283
- removing extra #member on removeIdentities service call (74ab0ff)
- schemas: validation and improved tests (ab8652f)
- skip validation config on createFGAmodel cmd (ffd6563)
- standardize on types.Response (02cc8ce), closes #244
- standardize page token in clients api (7bdd3e7)
- switch to use WriteTuples instead of WriteTuple (ba8a624)
- update noop openfga client with newer methods (251a8a1)
- use sync.Map for race conditions (603a7e1)
- use the microk8s-hostpath storageclass to dynamically provision the persistent volume (29d8f39)
- wire up new config structs into web application bootstrap (9e5587d), closes #222
1.5.0 (2024-01-26)
- use cobra-cli (8f061d3)
- add config for openfga integration (bc751e2)
- add logic for create-fga-model (7fc9a6c)
- add noop tracer (f97484c)
- add openfga module (d7d3418)
- implement version command (fe5fc83)
- introduce authorization module (28df12b)
- introduce noop logging and monitoring (09b529d)
1.4.0 (2024-01-04)
- added unit tests for pkg/rules package (e36bbd3)
- implemented interface for manipulating Oathkeeper rules (e36bbd3)
- fixed issue with make dev (0d81544)
- fixed issues with make dev (0d81544)
- make rules cm file name configurable (3f05b59)
1.3.0 (2023-11-03)
- add schemas endpoints (c9be3dc)
- add schemas service layer and interfaces (83917cf)
- add unit tests for default schema feature (777259a)
- added ca-certificates package to stage-packages (16f6683)
- wire up schemas pkg (513ce61)
- add default schema changes (82ba9d6)
- deps: update dependency @canonical/react-components to v0.47.0 (#94) (a2c7e03)
- deps: update dependency @canonical/react-components to v0.47.1 (7b6cec0)
- deps: update dependency sass-embedded to v1.67.0 (#106) (4a5922c)
- deps: update dependency sass-embedded to v1.69.1 (#137) (3bc1132)
- deps: update dependency sass-embedded to v1.69.2 (#141) (1533b21)
- deps: update dependency sass-embedded to v1.69.4 (d695e33)
- deps: update dependency vanilla-framework to v4 (#95) (35c21ae)
- deps: update dependency vanilla-framework to v4.3.0 (#99) (049629c)
- deps: update dependency vanilla-framework to v4.4.0 (dde2c11)
- deps: update dependency vanilla-framework to v4.5.0 (b700785)
- deps: update go deps (minor) (#101) (2f1e289)
- deps: update go deps (minor) (#127) (903ee82)
- deps: update go deps (minor) (#75) (54f9421)
- deps: update go deps to v0.28.2 (patch) (#105) (5888133)
- deps: update go deps to v0.28.3 (10422e3)
- deps: update go deps to v1.17.0 (minor) (#71) (472dc50)
- deps: update go deps to v1.18.0 (minor) (#100) (129c7ee)
- deps: update go deps to v1.19.0 (minor) (#125) (1d870ba)
- deps: update module github.com/google/uuid to v1.3.1 (#53) (840b068)
- deps: update module github.com/google/uuid to v1.4.0 (2ce70cf)
- deps: update module github.com/ory/kratos-client-go to v1 (4fefc13)
- deps: update module github.com/prometheus/client_golang to v1.17.0 (#124) (e0904d9)
- deps: update module go.opentelemetry.io/otel/exporters/stdout/stdouttrace to v1.17.0 (#72) (9fd027b)
- deps: update module go.uber.org/zap to v1.26.0 (#111) (f836ac3)
- fix renovate config (700cc51)
- fixed struct inconsistencies with the new release of kratos-client-go (3808420)
- introduce version flag to facilitate charm code (4a1b6e1)
- use version from release-please worflow (450c0bd)
- use version in /api/v0/version endpoint (cdc9297)
1.2.0 (2023-08-10)
- add idp handlers (405bad3)
- add idp service (4f04546)
- wire up main and router with new dependencies (7c218d3)
- add otel tracing to hydra client (64871cd)
- create k8s coreV1 package (ff260f9)
- drop unused const (bb3bd28)
- use io pkg instead of ioutil (909459c)
- use new instead of & syntax (9908ddc)
1.1.0 (2023-07-27)
- add hydra service (17a3c86)
- add identities service layer (d619daf)
- create apis for identities kratos REST endpoints (6da5dae)
- create kratos client (d009507)
- add jaeger propagator as ory components support only these spans for now (5a90f83)
- fail if HYDRA_ADMIN_URL is not provided (c9e1844)
- IAM-339 - add generic response pkg (b98a505)
- introduce otelHTTP and otelGRPC exporter for tempo (9156892)
- only print hydra debug logs on debug (15dc2b4)
- wire up new kratos endpoints (1d881a7)