Skip to content

v0.4.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@guicassolato guicassolato released this 31 Aug 11:55
· 765 commits to main since this release
v0.4.0
ab99d75
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

New features and Enhancements

  • Auth Pipeline Phase 4: Dynamic responses (#141)

    • Adds spec.response: [{ name: string, wrapper: httpHeader | envoyDynamicMetadata, wrapperKey: string, wristband: object | json: object }] to the API, an array of dynamic response configs (custom JSON objects or wristband tokens), triggered by Authorino after a successful "Phase 3: Authorization"
    • Introduces the new type Dynamic JSON response: spec.response[].json: { properties: [{ name: string, value: string | valueFrom: { authJSON: string } }] }, to build custom JSON objects that will be returned to the client after a successful auth pipeline. This is an alternative to the Festival Wristband if all you want is to return data of the authorization process to the client instead of a signed JWT.
    • Festival Wristband configs are now defined as a type of dynamic response, in the response array
    • Multiple wristband tokens can now be issued per authorized request
    • Wristband issuer endpoints now include the name of the config in the path – the new format is http(s)://<oidc-service>:8083/<namespace>/<resource-name>/<response-config-name>
    • The name of the wristband-related HTTP response header Ext-Auth-Wristband is now configurable by the user, through the response[].wrapperKey option – default to the name of the config
    • Dynamic responses (wristband tokens or dynamic JSON objects) can be passed along wrapped as added HTTP headers (default) or as Envoy External Authorization Dynamic Metadata
    • The authorization JSON is now extended with the objects resolved in the authorization phase as well (for future use)

  • Generic HTTP metadata without authentication (#146)

    • No need to associate a secret in the configuration for Authorino to authenticate before external sources of metadata (if this is the case)

  • Extended (custom) properties for resolved identity objects (#145)

    • Adds a new config option spec.identity[].extendedProperties: [{ name: string, value: string | valueFrom: { authJSON: string } }] that modifies the resolved identity object extending it with the defined JSON properties, whose values can be static or fetched from the authorization JSON – useful for token normalization
    • Makes the custom JSON properties to respect the original type of the source value – works with identity[].extendedProperties and other structures based on custom JSON properties such as wristband custom claims and dynamic JSON responses

  • [Breaking change!] Service CRD renamed to AuthConfig (#147)

    • This is a big one! services.configs.authorino.3scale.net/v1beta1 is now authconfigs.authorino.3scale.net/v1beta1

Dependency upgrades

  • Upgraded sigs.k8s.io/controller-runtime/tools/setup-envtest to latest (#140)
  • Set to use latest version of Kind always (#142)
  • Upgraded sigs.k8s.io/controller-tools/cmd/controller-gen to v0.6.1 (#143)

Bug fixes

  • Exported a few types of service config (required by clients of the package) (#143)

Doc fixes/updates

  • Removed AUTHORINO_IMAGE parameter from the OpenShift tutorial – now static in the version of the manifests pointed in the tutorial (#148)
Assets 2
Loading