This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | k8s.io/client-go | require | major | v0.25.4 -> v11.0.0+incompatible |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/johannesboyne/gofakes3 | require | digest | 1065b17 -> df26ca4 |

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Related issue(s)

none

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have updated the documentation.

Description

This PR updates the Kubernetes quick start readme: some of the documented cmd commands were not complete. So, would not lead to the expected result.

Related issue(s)

relates to #274

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have referenced an issue describing the bug/feature request.
• [x] I have added tests that prove the correctness of my implementation.
• [x] I have updated the documentation.

Description

This PR introduces a dedicated configuration type for Key Stores:

key_store: 
  path: /path/to/keystore.pem
  password: SomePassword

On one hand, that would be required anyway, when #274 will be addressed (in sense of the configuration new type property will be introduced). On the other hand, it makes the documentation less repetitive and allows better handling of key stores in code by having same structures for all available key stores, without the need to know, for which purpose it was configured.

However, this PR does also introduce a breaking change. Here an overview, how key stores were configured before this PR, and how they have to be configured after this PR is merged:

Old tls configuration:

tls:
  key_store: /path/to/keystore.pem
  password: SomePassword
  # other tls specific properties

New tls configuration:

tls:
  key_store: 
    path: /path/to/keystore.pem
    password: SomePassword
  # other tls specific properties

Old signer configuration:

signer:
  key_store:  /path/to/keystore.pem
  password: SomePassword
  # other signer specific properties

New signer configuration:

signer:
  key_store: 
    path: /path/to/keystore.pem
    password: SomePassword
  # other signer specific properties

Changelist

Hopefully this PR does also fix a flacky cloudblob implementation related test, which sometimes fails (a DNS error is expected, but does not happen)

Related issue(s)

Does not relate to any issue

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.

Description

Adds a badge about the released Helm Chart to the README.md file

Related issue(s)

closes #397

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have referenced an issue describing the bug/feature request.
• [x] I have added tests that prove the correctness of my implementation.
• [x] I have updated the documentation.

Description

Implements new gauge metrics for all certificates configured in all key stores.

Related issue(s)

relates to #422 and #420

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have referenced an issue describing the bug/feature request.

Description

Releases new chart version (0.2.0), with the fix implemented in #420. This way, there is no need to wait until the new heimdall release (#423) is done. In addition, this PR updates the documentation and the README of the chart with information about monitoring as possible chart post installation steps.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | go.uber.org/fx | require | minor | v1.18.2 -> v1.19.0 |

Release Notes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | github.com/johannesboyne/gofakes3 | require | digest | c2f5cc6 -> 1065b17 |

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Related issue(s)

Not related to any documented issue

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.

Description

After moving the Version type into its own module, the build recipe in Justfile has not been updated. That rendered local builds useless regarding the embedded version information - it was just not set until this PR.

Related issue(s)

closes #407 closes #408

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have referenced an issue describing the bug/feature request.
• [x] I have updated the documentation.

Description

This PR adds fully working examples for quickstarts and guides described in the documentation. These can also be used to verify the Helm Chart is working (even if not a demo set is done - see #422)

Related issue(s)

closes #398

Checklist

• [x] I agree to follow this project's Code of Conduct.
• [x] I have read, and I am following this repository's Contributing Guidelines.
• [x] I have read the Security Policy.
• [x] I have referenced an issue describing the bug/feature request.
• [ ] I have added tests that prove the correctness of my implementation.
• [ ] I have updated the documentation.

Description

Implements a version schema for rule sets, which are not loaded from Kubernetes resources (the corresponding CRD has its own schema). This will make heimdall deployments better manageable and allow migration of rule sets to new versions if a new version of heimdall does not support an older version anymore. Future releases might implement a command to enable automatic migrations.

This PR introduces a breaking change as the rule set structure has been changed.

Here are the changes introduced by this PR:

Old rule set definition:

- id: rule1
  match:
    url: http://foo.bar/<**>
    strategy: glob
  upstream: http://bar.foo
  methods:
    - GET
    - POST
  execute:
    # rule specific pipeline
    - ....
  on_error:
    # rule specific error pipeline
    - ....
- id: rule2
  # etc

New rule set definition

version: v1alpha1  # <-- new property. Same version values as for the rule sets deployed in Kubernetes
name: some name  # <-- new property. Optional name for the rule set.
rules:  # <-- new property. All rules of a rule set must be defined here.
- id: rule1
  match:
    url: http://foo.bar/<**>
    strategy: glob
  upstream: http://bar.foo
  methods:
    - GET
    - POST
  execute:
    # rule specific pipeline
    - ....
  on_error:
    # rule specific error pipeline
    - ....
- id: rule2
  # etc

This way rule sets deployed as resources in Kubernetes, as well as rule sets loaded from other providers have comparable structure and same versioning.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | golang.org/x/exp | require | digest | 738e83a -> 4b8118a |

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

:robot: I have created a release beep boop

0.6.0-alpha (2023-01-09)

⚠ BREAKING CHANGES

• New type for key store configuration introduced (#434)

Features

• Remaining validity of configured certificates exposed as metric (#432) (95b24f0)

Bug Fixes

• Helm Chart fixed and does neither expect a heimdall config file, nor check for not existing property anymore (#420) (8a0c299)

Code Refactoring

• New type for key store configuration introduced (#434) (b2a9e58)

This PR was generated with Release Please. See documentation.

... including the support for argon2, scrypt, bcrypt and pbkdf2 to increase security. Thus way this authenticator will not only be resistant against side channel attacks (implemented today), but also against brute force, dictionary, etc attacks.