Releases: ory/oathkeeper
v0.40.0
This release introduces the new Koanf-based configuration system, resolves several issues, and introduced an experimental gRPC middleware.
Bug Fixes
- Adds tracing to cookie_session and bearer_token authenticators (#995) (6504c0a)
- Do not load from env in middleware (b42261e)
- Make metric name consistent with rest of ory ecosystem (#1010) (c3c5854)
- Move .schema to spec (8ab6f85)
- Remove packr (7f32bc2)
Code Generation
- Pin v0.40.0 release commit (f2cd421)
Code Refactoring
Features
-
Add Oathkeeper gRPC middleware (210aa5e):
This adds a gRPC middleware that encapuslates the
Oathkeeper logic.Matching on gRPC traffic now happens in its own rule.
To match against gRPC traffic, you can useAuthority
andFullMethodinstead ofURLandMethods.
Tests
- Add gRPC matcher tests (dc8c361)
Changelog
- 54c40f2 autogen(docs): generate and bump docs
- 7e52903 autogen(docs): regenerate and update changelog
- b045906 autogen(docs): regenerate and update changelog
- 708ad9d autogen(docs): regenerate and update changelog
- becfc76 autogen(openapi): regenerate swagger spec and internal client
- 0fafa73 autogen(openapi): regenerate swagger spec and internal client
- 6e4ce40 autogen(openapi): regenerate swagger spec and internal client
- 686efbe autogen(openapi): regenerate swagger spec and internal client
- f2cd421 autogen: pin v0.40.0 release commit
- 562cabe chore: format
- 20fbb8e chore: move to go 1.19
- 1738e61 chore: sort package.json (#1002)
- 210aa5e feat: add Oathkeeper gRPC middleware
- 6504c0a fix: adds tracing to cookie_session and bearer_token authenticators (#995)
- b42261e fix: do not load from env in middleware
- c3c5854 fix: make metric name consistent with rest of ory ecosystem (#1010)
- 8ab6f85 fix: move .schema to spec
- 7f32bc2 fix: remove packr
- 6bac536 refactor: use koanf configuration system (#999)
- dc8c361 test: add gRPC matcher tests
Artifacts can be verified with cosign using this public key.
v0.39.4
Introduces a new config option to reducde cardinality in the metrics.
Code Generation
- Pin v0.39.4 release commit (699cf65)
Unclassified
Changelog
- 80a4031 autogen(docs): regenerate and update changelog
- 057fdd6 autogen(docs): regenerate and update changelog
- 916355d autogen(openapi): regenerate swagger spec and internal client
- 43960d2 autogen(openapi): regenerate swagger spec and internal client
- 699cf65 autogen: pin v0.39.4 release commit
- 19b6eaf chore: add tests
- 972f37f chore: fix comment
- ef211e3 chore: hide request paths from metric
- 166c781 chore: update defaults
- 42a986d u
- 8439776 u
- b5f7c4e u
Artifacts can be verified with cosign using this public key.
v0.39.3-pre.0
autogen: pin v0.39.3-pre.0 release commit
Code Generation
- Pin v0.39.3-pre.0 release commit (7569903)
Changelog
- dc4e7f7 autogen(docs): regenerate and update changelog
- 7b41921 autogen(openapi): regenerate swagger spec and internal client
- 7569903 autogen: pin v0.39.3-pre.0 release commit
- 1676024 ci: pin to go 1.18
Artifacts can be verified with cosign using this public key.
v0.39.2
Introduces better prometheus metrics.
Bug Fixes
- Swagger generation issues (259b192)
Code Generation
- Pin v0.39.2 release commit (d6b3014)
Documentation
Features
Changelog
- 628f50e autogen(docs): generate and bump docs
- daa3933 autogen(docs): regenerate and update changelog
- 6ef9a07 autogen(docs): regenerate and update changelog
- f06b06d autogen(docs): regenerate and update changelog
- d6c7c55 autogen(openapi): regenerate swagger spec and internal client
- 4cb5266 autogen(openapi): regenerate swagger spec and internal client
- 258b3d6 autogen(openapi): regenerate swagger spec and internal client
- 3abab71 autogen(openapi): regenerate swagger spec and internal client
- 5705a78 autogen(openapi): regenerate swagger spec and internal client
- c5a6c43 autogen: pin v0.39.1 release commit
- d6b3014 autogen: pin v0.39.2 release commit
- d0cb639 chore: delete semantic.yml (#980)
- da00cc2 chore: update repository templates
- efc93da chore: update repository templates
- 503706f chore: update repository templates
- 7b998a0 chore: update repository templates
- 4eda590 chore: update repository templates
- 25cb969 ci: improve formatting checks (#978)
- 756e465 docs: use GitHub Actions badge (#979)
- 46e09d5 feat: customizable Prometheus metric names (#989)
- 259b192 fix: swagger generation issues
Artifacts can be verified with cosign using this public key.
v0.39.0
This release ships several improvements to cache logic and request detection. Additionally, the bearer_token and cookie_session handlers pass only the needed header (Authorization, Cookie) to the check URL. To pass additional headers, use the forward_http_headers configuration key.
Breaking Changes
From now on, the bearer_token and cookie_session handlers pass only the needed header (Authorization, Cookie) to the check URL. To pass additional headers, use the forward_http_headers configuration key.
Closes #954
Closes ory/network#76
Co-authored-by: hackerman [email protected]
Bug Fixes
-
Cache behavior with TTL (#968) (c4836f5):
This test will fail since everytime Authenticate() succeeds the token
is cached, even if it was already cached. This behavior makes it
possible to keep a token in cache if it is authenticated in a period
less than the TTL. -
Less flaky rule tests (#973) (6ee6a73):
Instead of (flaky) fixed sleeps, we now use assert.Eventually
to wait until the rule changes were propagated.
Code Generation
- Pin v0.39.0 release commit (f96f2be)
Features
- JWT should only respect JWT-formats (#958) (6959524)
- Pass only essential and configured headers to authenticator (#952) (e5e4de4)
Changelog
- 84a0fe0 autogen(docs): generate and bump docs
- 353635e autogen(docs): regenerate and update changelog
- 83097aa autogen(docs): regenerate and update changelog
- 1d5b187 autogen(docs): regenerate and update changelog
- 6243059 autogen(docs): regenerate and update changelog
- 022f7c5 autogen(openapi): regenerate swagger spec and internal client
- 59b0d9b autogen(openapi): regenerate swagger spec and internal client
- 5fa3cbc autogen(openapi): regenerate swagger spec and internal client
- 93cbdd6 autogen(openapi): regenerate swagger spec and internal client
- 7f370a1 autogen(openapi): regenerate swagger spec and internal client
- f714cd3 autogen(openapi): regenerate swagger spec and internal client
- fb938d4 autogen(openapi): regenerate swagger spec and internal client
- 9731100 autogen(openapi): regenerate swagger spec and internal client
- f96f2be autogen: pin v0.39.0 release commit
- 8908ddb chore: apply prettier formatting (#972)
- 988c3b7 chore: format (#971)
- e49c0c5 chore: update repository templates
- a06464b chore: update repository templates
- 58c7fdf chore: update repository templates
- 7618fec chore: update repository templates
- cc5ac32 chore: update repository templates
- ddf20ea chore: update repository templates
- 6721bed chore: update to ory-prettier-styles 1.3.0 (#975)
- 6959524 feat: JWT should only respect JWT-formats (#958)
- e5e4de4 feat: pass only essential and configured headers to authenticator (#952)
- c4836f5 fix: cache behavior with TTL (#968)
- 6ee6a73 fix: less flaky rule tests (#973)
- 17c4214 fix: update format (#970)
Artifacts can be verified with cosign using this public key.
v0.38.25-beta.1
This release provides some minor fixes around headers, see the changelog for more info.
Bug Fixes
- Case insensitive headers (#951) (2d04cfc), closes #950
- Log proxy errors with logrus (#937) (46bfd70)
- Overzealous url validation (#953) (d0c8d64), closes #930
Code Generation
- Pin v0.38.25-beta.1 release commit (87df0d9)
Documentation
- Fix version schema (c5497f3)
Changelog
- f55cfef autogen(docs): generate and bump docs
- d351dbf autogen(docs): regenerate and update changelog
- 94db619 autogen(docs): regenerate and update changelog
- 66c2560 autogen(openapi): regenerate swagger spec and internal client
- 33ae248 autogen(openapi): regenerate swagger spec and internal client
- 034a2ec autogen(openapi): regenerate swagger spec and internal client
- aed568e autogen(openapi): regenerate swagger spec and internal client
- 87df0d9 autogen: pin v0.38.25-beta.1 release commit
- 06f9f68 chore(deps): bump alpine
- 0a52541 chore(deps): bump minimist from 1.2.5 to 1.2.6 (#948)
- c5497f3 docs: fix version schema
- 2d04cfc fix: case insensitive headers (#951)
- 46bfd70 fix: log proxy errors with logrus (#937)
- d0c8d64 fix: overzealous url validation (#953)
Artifacts can be verified with cosign using this public key.
v0.38.24-beta.1
With this release we improve tracing capabilities for Ory Oathkeeper.
Code Generation
- Pin v0.38.24-beta.1 release commit (fb2c246)
Features
Changelog
- 2610d2c autogen(openapi): regenerate swagger spec and internal client
- fb2c246 autogen: pin v0.38.24-beta.1 release commit
- f9440a3 chore(deps): bump alpine version (#941)
- 4357b10 chore: update repository templates
- 21ff340 feat: trace for upstream request (#931)
Artifacts can be verified with cosign using this public key.
v0.38.23-beta.1
Ory Oathkeeper has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/oathkeeper! Additionally, the CI/CD infrastructure was moved to GitHub Actions.
Code Generation
- Pin v0.38.23-beta.1 release commit (69ad28f)
Changelog
- 69ad28f autogen: pin v0.38.23-beta.1 release commit
Artifacts can be verified with cosign using this public key.
v0.38.22-beta.1
Ory Oathkeeper has a new place for documentation at github.com/ory/docs and www.ory.sh/docs/oathkeeper! Additionally, the CI/CD infrastructure was moved to GitHub Actions.
Code Generation
- Pin v0.38.22-beta.1 release commit (0dcb7c1)
Changelog
- 0dcb7c1 autogen: pin v0.38.22-beta.1 release commit
Artifacts can be verified with cosign using this public key.
v0.38.20-beta.1
This release introduces caching capabilities for the OAuth2 Client Credentials authenticator as well as compatibility with Traefik!
Bug Fixes
- Add pre-steps with packr2 (#921) (d53ef01), closes #920
- Bump goreleaser orb (#919) (f8dcda2)
- Use all pre-hooks (09be55f)
Code Generation
- Pin v0.38.20-beta.1 release commit (410d69e)
Code Refactoring
- Move docs to ory/docs (a0c6927)
Documentation
- Recover sidebar (165224f)
Features
-
Add post-release step (e7fd550)
-
Introduce token caching for client credentials authentication (#922) (9a56154), closes #870:
Right now every request via Oathkeeper that uses client credentials
authentication requests a new access token. This can introduce a lot
of latency in the critical path of an application in case of a slow
token endpoint.This change introduces a cache similar to the one that is used in the
introspection authentication. -
Migrate to openapi 3.0 generation (190d1a7)
-
Traefik decision api support (#904) (bfde9df), closes #521 #441 #487 #263:
Closes #899
Changelog
- 8579000 autogen(docs): generate and format documentation
- 71e69ef autogen(docs): regenerate and update changelog
- a3b5b28 autogen(docs): regenerate and update changelog
- 31fe9b7 autogen(docs): regenerate and update changelog
- cb01565 autogen(docs): regenerate and update changelog
- 3fea697 autogen(openapi): Regenerate openapi spec and internal client
- 84c15a6 autogen(openapi): Regenerate openapi spec and internal client
- 83d6728 autogen: add v0.38.19-beta.1 to version.schema.json
- 410d69e autogen: pin v0.38.20-beta.1 release commit
- 33b0c63 autogen: pin v0.38.20-beta.1.pre.0 release commit
- 06bc33f autogen: update release artifacts
- bd1b03a autogen: update release artifacts
- 2cd6282 chore: bump sprig version (#917)
- f8f82c4 chore: update repository templates
- 5d3e1bf chore: update repository templates
- 3c8b49e ci: add next cli docs generator
- 729fadc ci: remove docs/build from cci
- 962f57e ci: update cli location and fix generation script
- 165224f docs: recover sidebar
- bfde9df feat: Traefik decision api support (#904)
- e7fd550 feat: add post-release step
- 9a56154 feat: introduce token caching for client credentials authentication (#922)
- 190d1a7 feat: migrate to openapi 3.0 generation
- d53ef01 fix: add pre-steps with packr2 (#921)
- f8dcda2 fix: bump goreleaser orb (#919)
- 09be55f fix: use all pre-hooks
- a0c6927 refactor: move docs to ory/docs
Artifacts can be verified with cosign using this public key.