Skip to content

v0.2.0-alpha
Compare
Choose a tag to compare
@github-actions github-actions released this 12 Aug 14:49
v0.2.0-alpha
384c27a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

0.2.0-alpha (2022-08-12)

⚠ BREAKING CHANGES

  • strip_prefix in header authentication data strategy renamed to schema to reflect the actual mening and behavior (#129)
  • "serve api" command renamed to "serve decision" (incl. wording in docs and logs) (#125)
  • Make decision endpoint being available directly on the root (/) path of the decision service (#112)
  • New management service introduced, which exposes the health & jwks endpoints (#112)
  • Usage of trusted_proxies is mandatory for Decision API to accept X-Forwarded-* headers (#111)
  • Returning HTTP 404 instead of HTTP 500 if no default rule is configured and no rule matches (#96)

Features

  • Access log support (#139) (8387512)
  • Configurable fallback of authenticators even if the verification of the credentials fails (#134) (1336777)
  • Make decision endpoint being available directly on the root (/) path of the decision service (#112) (fa1ff5b)
  • New upstream property introduced for the rule config to support reference of the upstream service for proxy mode (0436a52)
  • New management service introduced, which exposes the health & jwks endpoints (0436a52)
  • Not setting HTTP Server header anymore (0436a52)
  • Remote authorizer optionally supports verification of responses from the remote system via a script (#117) (1ecabf0)
  • Retrieval of an access token from the request body (#115) (b336ab4)
  • Returning HTTP 404 instead of HTTP 500 if no default rule is configured and no rule matches (#96) (0436a52)
  • Reverse proxy support (#90) (0436a52)
  • Usage of trusted_proxies is mandatory for Decision API to accept X-Forwarded-* headers (#111) (438932b)

Bug Fixes

  • accesslog handler updated to include information about authenticated subject if present (#162) (3e286db)
  • Basic Auth authenticator added to the schema and can now be configured (#133) (1336777)
  • basic_auth authenticator is not responsible for the request any more if the Authorization header does not contain Basic Auth schema (#107) (96136ef)
  • Bearer token based authenticators do not feel responsible for the request anymore if no "Bearer" scheme is present in the "Authorization" header (db5b773)
  • Fixed usage of X-Forwarded-Uri header (0436a52)
  • Handling and usage of the upstream property fixed (before this fix the proxy operation mode could not be used) (#130) (ed61e18)
  • jwt authenticator to not feel responsible if the bearer token is not in the JWT format (#108) (d8945c4)
  • Schema fixed to allow TLS key & cert as well as CORS max_age configuration (#122) (58b6bc3)
  • trusted_proxy support added to the schema file to allow the validation of the corresponding property (#105) (556946e)

Code Refactoring

  • "serve api" command renamed to "serve decision" (incl. wording in docs and logs) (#125) (e6aad0d)
  • strip_prefix in header authentication data strategy renamed to schema to reflect the actual mening and behavior (#129) (f8a38ff)
Assets 14
Loading