Releases: Azure/azure-workload-identity
Releases · Azure/azure-workload-identity
v0.14.0
v0.14.0 - 2022-10-20
Changelog
Bug Fixes 🐞
Continuous Integration 💜
Documentation 📘
- 43a8bf6 docs: update keyvault command for managed identity in quickstart (#583)
- 2e02d54 docs: update docs for managed identity (#577)
- 32b5da0 docs: update to non-beta Azure Identity SDKs (#574)
- c618a64 docs: Use KEYVAULT_URL in quick start guide (#563)
Features 🌈
- 885c9d1 feat: add azure-identity java example (#585)
- 75ae5a2 feat: add azure-identity .NET example (#581)
- 8aadc8f feat: add azure-identity node example (#580)
- d3ea1dc feat: add azure-identity python example (#579)
Maintenance 🔧
- fdb07e0 chore: bump dependencies for k8s v1.25.3 (#600)
- 6c77e40 chore: bump github.com/Azure/aad-pod-identity from 1.8.12 to 1.8.13 (#595)
- 82df24e chore: bump k8s.io/kubernetes from 1.25.2 to 1.25.3 (#597)
- 662a3e4 chore: bump docker/login-action from 2.0.0 to 2.1.0 (#598)
- 529d525 chore: bump github/codeql-action from 2.1.26 to 2.1.27 (#589)
- 708c8dd chore: bump stefanprodan/helm-gh-pages from 1.5.0 to 1.6.0 (#588)
- 14e2d37 chore: bump github/codeql-action from 2.1.25 to 2.1.26 (#578)
- a00ef76 chore: Update KEYVAULT_URL in dotnet and python examples (#573)
- 83fbae3 chore: bump k8s.io/kubernetes from 1.25.1 to 1.25.2 (#570)
- 188a279 chore: bump github/codeql-action from 2.1.24 to 2.1.25 (#571)
- c8527f3 chore: update golangci-lint to v1.49.0 (#565)
- cb6f5bc chore: bump k8s.io/kubernetes from 1.25.0 to 1.25.1 (#567)
- 7e8eae2 chore: bump github/codeql-action from 2.1.22 to 2.1.24 (#568)
- c91eb15 chore: Load keyvault url from environment variable in example (#561)
- 1f67e29 chore: bump github.com/Azure/aad-pod-identity from 1.8.11 to 1.8.12 (#558)
- 0ad2a3b chore: bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 (#559)
- 33d34cb chore: bump azure/login from 1.4.5 to 1.4.6 (#560)
- 9c747e8 chore: run apt update && apt upgrade -y in dockerfile
- 2e1d7d4 chore: support kubernetes v1.25.0 (#552)
Security Fix 🛡️
- 174a043 security: fix multiple CVEs
Testing 💚
v0.13.0
v0.13.0 - 2022-08-31
Changelog
Code Refactoring 💎
Continuous Integration 💜
- cd42c73 ci: remove
upgrade_aks_linux
tests in pr.yaml (#512) - ea054bb ci: debug failure with az and aks-preview (#518)
Documentation 📘
- 229c2b4 docs: add AKS admission enforcer to known issues (#534)
- 2f3ef7c docs: update quick-start to use azure cli for federated credentials (#533)
- 018b019 docs: update docs to use azure cli for federated identity credential (#526)
- f51a30b docs: improve reactive code in Java sample (#511)
Features 🌈
- 2e0b396 feat: add image pull secrets to service account (#541)
- 32ce9f9 feat: add pod disruption budget for webhook (#542)
- f823b98 feat: Add objectselector to mutatingwebhook configuration (#524)
- b5462cf feat: allow setting mwh annotations in helm charts (#537)
- 4956fbf feat: make priority class name configurable in helm charts (#527)
- 39fbdb3 feat: make mwh failurePolicy configurable in helm charts (#528)
- 6fa9c43 feat: add psa (#508)
Maintenance 🔧
- d9db5e7 chore: update debian-iptables to bullseye-v1.5.1 (#538)
- ee993ff chore: bump github.com/AzureAD/microsoft-authentication-library-for-go (#535)
- e8b5155 chore: bump k8s.io/kubernetes from 1.24.3 to 1.24.4 (#536)
- 8b88c06 chore: bump github.com/mattn/go-colorable from 0.1.12 to 0.1.13 (#530)
- d5ffd3f chore: update to go 1.19 (#531)
- 16a14c1 chore: bump github.com/Azure/aad-pod-identity from 1.8.10 to 1.8.11 (#520)
- aa4286f chore: bump github.com/Azure/go-autorest/autorest (#513)
- ec65580 chore: bump github.com/Azure/go-autorest/autorest/azure/cli (#514)
- 9dce908 chore: bump github.com/Azure/go-autorest/autorest/adal (#515)
Security Fix 🛡️
- 82063cc security: fix CVE-2022-37434 (#543)
- 36c7293 security: fix multiple CVEs (#522)
Testing 💚
v0.12.0
v0.12.0 - 2022-07-26
Changelog
Code Refactoring 💎
Continuous Integration 💜
- a31ae79 ci: update SERVICE_ACCOUNT_ISSUER in azwi e2e (#505)
- 8713e4d ci: remove @chewong from CODEOWNERS (#504)
Documentation 📘
- 318274d docs: add documentation for metrics (#503)
- ce01319 docs: add the release schedule throughout the docs (#502)
- ce470b2 docs: add documentation for sidecar injection annotation (#501)
- af2a905 docs: remove kubernetes version 1.21 (EOL) (#500)
Features 🌈
Maintenance 🔧
- 7531c62 chore: bump k8s.io/kubernetes from 1.24.2 to 1.24.3 (#497)
- b67b0c3 chore: bump github.com/Azure/aad-pod-identity from 1.8.9 to 1.8.10 (#492)
- 0f72f3c chore: bump sigs.k8s.io/controller-runtime from 0.12.2 to 0.12.3 (#493)
- 3610a78 chore: update debian-iptables to bullseye-v1.5.0 (#491)
- 060c6ad chore: bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 (#487)
- 41690bb chore: add user agent to start log in proxy (#485)
- 9010714 chore: bump golangci-lint to v1.46.2 (#484)
Security Fix 🛡️
- 47db093 security: fix CVE-2021-4209 (#494)
Testing 💚
v0.11.0
v0.11.0 - 2022-06-29
Changelog
Bug Fixes 🐞
- 1a338d2 fix: --aad-appliction-name arg listed twice (#480)
- d25cbc1 fix: inject proxy image registry via LDFLAGS (#469)
- 639362d fix: use
id
instead ofobjectId
for app object id (#460) - c21b798 fix: add affinity to deployment in helm charts (#459)
Documentation 📘
Features 🌈
- 77d7216 feat: add metrics (#478)
- 0171ac8 feat: allow setting
azure.workload.identity/use
in annotations (#479) - 5311027 feat: optimize azwi serviceaccount delete (#468)
- 5ae082d feat: inject proxy init container and sidecar via mutating webhook (#466)
Maintenance 🔧
- 2a052f8 chore: bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.2 (#475)
- 4f6ad77 chore: bump azure/login from 1.4.4 to 1.4.5 (#476)
- 2704887 chore: bump k8s.io/kubernetes from 1.24.1 to 1.24.2 (#470)
- 5351fbd chore: update debian-iptables to bullseye-v1.4.0 (#465)
- ff32f39 chore: bump gopkg.in/ini.v1 from 1.62.0 to 1.62.1 (#462)
- 0774aee chore: bump k8s.io/kubernetes from 1.24.0 to 1.24.1 (#463)
- 7b28a4d chore: support v1.24.1 kind cluster version (#447)
- 68c02d0 chore: bump k8s.io/kubernetes from 1.22.9 to 1.22.10 (#457)
- f803c4b chore: bump github.com/Azure/azure-sdk-for-go (#455)
- 43fd395 chore: bump github.com/Azure/aad-pod-identity from 1.8.8 to 1.8.9 (#452)
- 414cd86 chore: bump github.com/Azure/go-autorest/autorest/adal (#453)
- 35fce51 chore: bump goreleaser/goreleaser-action from 2 to 3 (#454)
- 29c2595 chore: bump github.com/Azure/azure-sdk-for-go (#450)
Security Fix 🛡️
- 175aa14 security: fix CVE-2022-2068 (#477)
- 70adbd7 security: fix CVE-2022-1664 (#458)
- 491f4bf security: fix CVE-2022-1292 (#451)
v0.10.0
v0.10.0 - 2022-05-11
Changelog
Bug Fixes 🐞
- 854b475 fix: use default service account when service account name is empty (#446)
- 7d83be4 fix: use debian11 in Dockerfile build image (#437)
Continuous Integration 💜
- 55bd681 ci: disable markdown link check for SECURITY.md (#445)
- dc942c4 ci: exclude .github path in tests (#420)
Documentation 📘
Features 🌈
Maintenance 🔧
- 95e05b0 chore: bump github.com/Azure/go-autorest/autorest/adal (#442)
- ff8fd19 chore: bump github.com/Azure/azure-sdk-for-go (#443)
- bd6b478 chore: bump docker/login-action from 1.14.1 to 2 (#444)
- 8dd170f chore: bump azure/login from 1.4.3 to 1.4.4 (#431)
- 067b2ff chore: use go 1.17 for golangci-lint (#430)
- ec953d0 chore: bump github.com/Azure/go-autorest/autorest from 0.11.26 to 0.11.27 (#428)
- 53bad99 chore: bump github.com/Azure/azure-sdk-for-go from 63.3.0+incompatible to 63.4.0+incompatible (#426)
- 1b11baf chore: bump k8s.io/kubernetes from 1.22.8 to 1.22.9 (#427)
- a315186 chore: bump golangci-lint to v1.45.2 (#429)
- 03c7246 chore: bump github.com/Azure/go-autorest/autorest (#423)
- 460dd3b chore: bump github.com/Azure/azure-sdk-for-go (#422)
- fe8cc72 chore: change variable name from pod to workload identity (#421)
- f3d4fe8 chore: bump actions/setup-go from 2 to 3 (#419)
- 01422b2 chore: bump github.com/Azure/azure-sdk-for-go from 63.0.0+incompatible to 63.1.0+incompatible (#418)
- e2c0646 chore: upgrade to debian-iptables:bullseye-v1.3.0 (#415)
- 77bc66c chore: bump sigs.k8s.io/controller-runtime from 0.11.1 to 0.11.2 (#410)
- 3c8e1ca chore: bump github.com/Azure/go-autorest/autorest (#411)
- ff5336e chore: bump github.com/Azure/azure-sdk-for-go (#412)
- fe3c374 chore: bump peter-evans/create-pull-request from 3 to 4 (#406)
Security Fix 🛡️
- be2823f security: fix CVE-2022-1271 (#425)
- bfb448d security: fix CVE-2018-25032 (#409)
Testing 💚
v0.9.0
v0.9.0 - 2022-03-29
Changelog
Bug Fixes 🐞
- 0a2a128 fix: update proxy-init iptables rule to prevent forwarding loop (#402)
- d854e5a fix: do not specify tenant id when creating credential via Azure CLI (#395)
- 96e8756 fix: use sha256 hash as federated identity credential name (#372)
Continuous Integration 💜
- 83320f2 ci: update azwi workflow to run on push to main and remove pull_request (#383)
- b573df1 ci: use chore prefix for dependabot updates (#382)
- 1edb03d ci: use pull_request instead of pull_request_target for Actions (#380)
Documentation 📘
Features 🌈
Maintenance 🔧
- 4f92012 chore: upgrade go version to 1.18 (#403)
- 3e85ce4 chore: switch to upstream acr (#397)
- cae0719 chore: bump github.com/go-logr/logr from 1.2.2 to 1.2.3 (#398)
- 9be4e2f chore: bump github.com/Azure/azure-sdk-for-go (#399)
- 6fc09d4 chore: bump k8s.io/kubernetes from 1.22.6 to 1.22.8 (#400)
- fa2b11a chore: bump github.com/Azure/azure-sdk-for-go (#394)
- ea924e0 chore: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#393)
- 102f4fb chore: bump actions/checkout from 2 to 3 (#389)
- 2689039 chore: bump docker/login-action from 1.14.0 to 1.14.1 (#390)
- 454b874 chore: bump github.com/Azure/azure-sdk-for-go (#388)
- 09ace00 chore: bump github.com/Azure/azure-sdk-for-go from 61.6.0+incompatible to 62.0.0+incompatible (#385)
- 55868ac chore: bump docker/login-action from 1.13.0 to 1.14.0 (#386)
Security Fix 🛡️
- bb19bcd security: fix multiple cves (#404)
- 3f2be3a security: bump github.com/Azure/azure-sdk-for-go (#377)
- 49c7908 security: bump docker/login-action from 1.12.0 to 1.13.0 (#379)
- 6a80831 security: bump sigs.k8s.io/controller-runtime from 0.11.0 to 0.11.1 (#378)
- 6149969 security: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#370)
- 1efbc28 security: bump github.com/Azure/azure-sdk-for-go from 61.4.0+incompatible to 61.5.0+incompatible (#369)
- 149b871 security: bump stefanprodan/helm-gh-pages from 1.4.1 to 1.5.0 (#371)
Testing 💚
v0.8.0
v0.8.0 - 2022-02-07
Changelog
Bug Fixes 🐞
- 3acb94f fix: enable auth with GKE clusters (#363)
- 395b841 fix: change mount path to
/var/run/secrets/azure/tokens
(#360) - ef6bd8a fix: check for graph error from graph library response (#358)
- 038bf3b fix: add tolerations to controller manager deployment (#351)
- 1c0f627 fix: generate federated identity credential name based on service account (#317)
Continuous Integration 💜
- 51534f1 ci: fix dependabot update-types (#343)
- bbd9385 ci: add version-update semver-* prefix (#341)
- 4c86d08 ci: update dependabot freq to weekly and pin to patch for go.mod (#339)
- 7c7bf07 ci: checkout pull request head when running actions (#321)
- 561ad44 ci: remove ignore pattern from markdown link check (#315)
- a8ac863 ci: use goreleaser for release (#309)
Documentation 📘
- e4fe77c fix(docs): webhook install follow redirect (#361)
- 8d0f67f docs: remove
go install
step for azwi (#353) - b5d0cf9 docs: clarify pod identity v2 in faq (#350)
- 47f3007 docs: troubleshooting on incorrect token issuer (#348)
- d126293 docs: add FAQ page and minimum versions for azure-identity sdks (#322)
- ab20588 docs: enable website preview with netlify (#324)
- 6916d94 docs: revert some changes from #306 (#312)
- d370083 docs: add link to aks oidc issuer setup (#310)
- 486a780 docs: add aks feature registration (#308)
- e50e52b docs: minor documentation update (#306)
Maintenance 🔧
- 1ab87ff chore: migrate from
trivy
totrivy image
(#355) - 475b59e chore: use pull_request_target and fix broken doc links (#318)
- bbb5739 chore: upgrade controller-runtime to v0.11.0 (#304)
Security Fix 🛡️
- 36069b6 security: bump github.com/Azure/azure-sdk-for-go (#356)
- 7eed491 security: bump k8s.io/kubernetes from 1.22.3 to 1.22.6 (#345)
- 677d91c security: bump gopkg.in/ini.v1 from 1.51.0 to 1.51.1 (#347)
- 5498eb8 security: fix CVE-2021-3995, CVE-2021-3996 (#349)
- 064bd95 security: bump github.com/Azure/go-autorest/autorest/azure/cli from 0.4.2 to 0.4.5 (#346)
- 84f1806 security: bump github.com/go-logr/logr from 1.2.0 to 1.2.2 (#338)
- 929a304 security: bump github.com/Azure/azure-sdk-for-go from 57.3.0+incompatible to 61.3.0+incompatible (#336)
- 25e0b0e security: bump github.com/Azure/go-autorest/autorest from 0.11.19 to 0.11.24 (#344)
- d16e5cf security: bump github.com/microsoftgraph/msgraph-beta-sdk-go (#333)
- 90ea634 security: bump azure/login from 1.4.0 to 1.4.3 (#329)
- ac53a35 security: bump github.com/mattn/go-colorable from 0.0.9 to 0.1.12 (#334)
- 437d602 security: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity (#330)
- 2f9505b security: bump docker/login-action from 1.10.0 to 1.12.0 (#328)
- 1e75b26 security: update follow-redirects to 1.14.7 (#327)
- 5776af0 security: fix CVE-2021-43618 (#302)
Testing 💚
v0.7.0
v0.7.0 - 2021-12-14
Bug Fixes 🐞
- convert registry to lowercase before building images (#258)
- allow
make deploy
to deploy webhook using deployment YAML (#259) - set default token expiration to 1h (#247)
- replace ; with : in azwi version output (#222)
Code Refactoring 💎
- migrate publishing pipeline to GitHub Actions (#252)
Continuous Integration 💜
- add markdown-link-check workflow (#283)
- use latest azure cli for azwi-e2e workflow (#280)
- migrate e2e test on kind clusters to GitHub Actions (#272)
- create zip for azwi cli for windows (#268)
- allow
content: read
token permission for publish_images workflow (#260) - scope github token for actions (#256)
- add semantic.yml and update release-manfiest make target (#210)
Documentation 📘
- fix issuer url query value for aks (#287)
- create & delete federated identity credentials with azwi-cli (#282)
- update property name (#285)
- reference azwi-cli in quick start and bump Kubernetes versions (#281)
- update helm installation steps (#277)
- document tenant conditional access policy (#276)
- address documentation issues (#265)
- address several documentation issues (#249)
- allow
kubectl apply -f
through a URL (#253) - update quick-start based on testing (#228)
- add language-specific examples (#229)
- add troubleshooting guide (#226)
- add example for kind cluster (#225)
- add required configurations for cluster (#224)
- documentations on
azwi
and service account key generation (#223) - fix link and update configmap name (#219)
- add steps for managed clusters (#218)
Features 🌈
- use graph sdk for azwi (#292)
- add individual commands for phases (#227)
- add role definition id client for azwi (#221)
- introduce phases for azwi serviceaccount delete (#220)
- introduce phases for azwi serviceaccount create (#217)
Maintenance 🔧
- update dependencies (#296)
- support v1.23.0 kind cluster version (#294)
- update debian-iptables to bullseye-v1.1.0 (#291)
- make
azwi serviceaccount create|delete
flags constant (#274) - remove SUPPORT.md (#278)
- replace federated identity with federated identity credential (#266)
- add debug logs for msal-go (#257)
- add makefile for msal-go demo image and update image in docs (#212)
- use TARGETARCH for webhook and proxy image build (#215)
- remove hack/generate-jwks (#211)
Security Fix 🛡️
- fix CVE-2021-43784 (#293)
- bump Kubernetes version to v1.22.3 (#261)
Testing 💚
v0.6.0
v0.6.0 - 2021-10-13
Documentation 📘
- update flow diagram with app registration (#205)
- setup OIDC issuer for self-managed clusters (#202)
- update SUMMARY.md (#201)
- update self-managed-clusters.md (#199)
- simplify quick-start flow and create dedicated sections for managed/self-managed clusters (#197)
Features 🌈
- add --token-expiration flag in azwi serviceaccount create (#204)
- add
azwi jwks
to generate jwks (#203) - add initial framework for azwi-cli (#180)
- add arm64 support to images (#188)
Maintenance 🔧
- release tarball in preparation to support homebrew (#208)
- include azwi as part of GitHub releases (#198)
- use numeric user in Dockerfile & parameterize trivy version (#195)
- re-enable init-containers test for helm chart (#184)
Security Fix 🛡️
- fix CVE-2021-37750 (#200)
v0.5.0
v0.5.0 - 2021-09-28
Bug Fixes 🐞
- make proxy port configurable in init-iptables.sh (#178)
Continuous Integration 💜
- add release artifacts to create-tag gh action (#167)
- add CODEOWNERS file (#164)
- select Kubernetes versions based on region (#159)
Documentation 📘
- key rotation guidelines and best practices (#182)
- add proxy diagram (#173)
- key rotation for self-managed clusters (#169)
- issue with file mode in Kubernetes 1.18 (#160)
Features 🌈
- support console log encoding with klogr (#175)
- add msal-node example (#168)
- add msal-python example (#165)
- add webhook support for init containers (#162)
- set number of replicas to 2 for High Availability (#161)
Maintenance 🔧
- update to debian-iptables:bullseye-v1.0.0 (#181)
- update debian-iptables to buster-v1.6.7 (#176)
- use
go install
instead of depcreatedgo get
(#171) - update to go 1.17 (#170)
Security Fix 🛡️
- bump msal-go to v0.3.1 (#179)