ci: release 1.22.0

[canonical-iam]

🤖 I have created a release beep boop

1.22.0 (2024-11-14)

Features

• actual link authentication users to authorization model + tests (8063b73)
• add /auth/me endpoint handler to return json with principal info (9fa92a3)
• add github.com/wneessen/go-mail v0.4.4 dependency (5182270)
• add HTTPClientFromContext + improved OtelHTTPClientFromContext func (fa1b3e8)
• add openfga_workers_total int config with default (b12ac05)
• add payload_validation_enabled config key (419b042)
• add SetTokens method + empty tokens don't get set (f165155)
• add 2 implementations of token verifier + tests (1d1c5f9)
• add 3rd party validator to API structs + setupValidation func + initial noop middleware (1de0006)
• add AuthCookieManager implementation (ed18cf5)
• add authn middleware for disabled authentication (c232cfe)
• add built verification email (5a43aef)
• add constructor for validator + use json tags for validation errors (44d7223)
• add context path spec to correctly handle redirect (71aef28)
• add custom axios instance (722a331)
• add encrypt implementation (1a88aad)
• add entitlements service by Rebac (64b8326)
• add env vars for mail client (3ab1acb)
• add externalized Kube config file env var (9a63fe3)
• add full validation implementation for schemas (45993ed)
• add granular checks method to interface + expose BatchCheck from client (645a9fd)
• add hydra admin url to config + add comment for env var expectation (b36e498)
• add hydra clients to OAuth2Context struct (0072078)
• add interfaces + implement emailservice (b2f0ae9)
• add interfaces for oauth2 integration (684abac)
• add log tailing to skaffold run (a9725da)
• add login screen (1befe87)
• add Logout function and HTTPClientInterface (98e4ec3)
• add logout handler (5ea5742)
• add logout implementation (3c435d4)
• add NextTo cookie handling to cookie manager and interface (5a5cc30)
• add OAuth2 and OIDC related env vars to the Spec struct (b900cc4)
• add OAuth2 authentication middleware + tests (e054552)
• add oauth2 context to manage oauth2/oidc operations + tests (62bff44)
• add OAuth2 login handler + tests (88c29e6)
• add OAuth2Helper implementation (00c5bc1)
• add pagination to clients, schemas and identity lists in ui. Add identity creation form WD-10253 (5f55463)
• add ResourcesService (f5a2008)
• add SendUserCreationEmail method (0cc1d3f)
• add template loading + test + TEMPORARY mail template (6c95a25)
• add the cli command for compensating user invitation email failure (55f557e)
• add the create-identity CLI (464c697)
• add URL param validation for groups handlers (24c8d99)
• add user invite email template (64743cf)
• add user session cookies ttl external config (b4da23d)
• add validation implementation for clients (549d985)
• add validation implementation for groups (700cf04)
• add validation middlewareonly if payload validation is enabled + reorder middleware and endpoints registration (32814e8)
• add validation setup for groups endpoint (06fb9f4)
• add validation setup for identities endpoint (b4178c9)
• add validation setup for schemas endpoint (8c5e173)
• add ValidationRegistry for API validation + instantiate in router (50f0810)
• add worker pool implementation (dbd2f9d)
• adjust identity api to accept page token (beb0d42), closes #256
• adjust pagination for schemas endpoints (e2a2df3), closes #44
• adopt new oauth2 integration (912029c)
• cookie + refresh token support for middleware (cab3f84)
• create-group: allow creator user to view group (efcaeec)
• delete-group: delete all relation for group to delete (883b513)
• dependencies: add coreos/go-oidc v3 dependency (fe20b2f)
• display login on 401 responses (5031b32)
• enable authorization by default (6f61651)
• enhance ValidationRegistry with PayloadValidator and adjust in handlers + enhance Middleware + add func for ApiKey retrieval from endpoint (313617a)
• enhanced ValidationError with specific field errors and common errors (a21462c)
• expand cookie manager interface + implementation for tokens cookies + tests (a026e24)
• expand on Principal attributes + improve PrincipalFromContext (4104b3a)
• groups: add CanAssignRoles and CanAssignIdentities implementation (b5e551a)
• groups: add granular CanAssign{Identities,Roles} checks in handlers (d25b430)
• handle case principal is not found in authorizer middleware + switch to CheckAdmin method (182e469)
• handle optional next parameter for FE use (1f4ca15)
• handler: add state check + improve structure/implementation (2c29251)
• hook up worker pool for groups and roles API (ce83bd6)
• identities service implementation (b840cf4)
• idp: add validation implementation (71ff661)
• implement GroupService based on the rebac lib (709906b)
• implement new Create{Group,Role} interface + adjust handlers (0adce3c)
• implement RolesService for the rebac module (8835e29)
• include roles and groups from ReBAC Admin (5d03914)
• introduce hierarchy for can_relations (596b448)
• introduce IdentityProviders v1 api (7a2719d)
• introduce UserPrincipal and ServicePrincipal + move Principal structs and logic to ad hoc file + tests (69dbeb9)
• invoke setup validation on registered APIs (de16a0b)
• let Create{Group,Role} return newly created object (e1ba968)
• log in via OIDC (9fbf310)
• log out with OIDC (4b268aa)
• parse and expose link header from hydra (7c2d3f6)
• return to URL that initiated login (99da50a)
• roles: add validation implementation (6bf72e5)
• rules: add validation implementation (c42bd45)
• separate authorization client from OpenFGA client (2cc4dab)
• set tokens cookies in callback and redirect to UI url + adjust tests (f6e8277)
• switch to html/template for rendering context path dynamically for index.html (81f8a9c)
• uniform rules handlers to pageToken pagination (7c70cc6)
• upgrade rebac-admin to 0.0.1-alpha.3 (96aca77)
• wire up all the rebac handlers (f23cc1f)

Bug Fixes

• add back URL Param validation from previous commit (ebe07a5)
• add check for mock calls in DeleteRole (e9e3d54)
• add contextual tuples to openfga (03d313d)
• add extra check on list schemas test for navigation (2afec86)
• add filters to listPermissions store method (84b531a)
• add helper function for constructing assignee (cfa1a08)
• add id validation to make sure it's never empty (fc7d560), closes #239
• add json parsing error (8713366)
• add page tokens to the response (5a13e4e)
• add resource creation logic to authz (c8e3588)
• add security headers to UI handler (ea3c6ba)
• add todo comment to catch issue with the user-identities sync (ed66418)
• add uri permissions converters for v1 (9e59915)
• add validation to openfga config (300201c)
• address empty schema id but enforce passing of the field (fa915f2)
• adjust logic for pagination (e852914)
• adjust page offset for oathkeeper apis (7c22e06)
• adopt disabledAuthnMiddleware to not break app when authentication disabled (963f07a)
• allow UI port to be set (3da1b25)
• always add tuples for global read and admins (992f283)
• annotate responses with the full type (1cd4b98)
• api base path (d83e0ab)
• avoid escaping when passing URL to template (0702053)
• bundle up external clients and o11y setup into config structs (a660066)
• change specs.EnvSper name for authorization model id (3eb270b)
• clear cookie functions (3a1b2e4)
• clients: validation and improved tests (129a8a8)
• create openfga store to enhance basic client and offload core application logic (3f0465b)
• deal with empty Data attribute in k8s configmap (56937c8), closes #254
• delete role implementation (4b71734)
• disable validation due to missing implementation of api validators (5c06b9b)
• drop ctx param from NewV1Service creation (972bef4)
• enforce id on idp creation, moving validation to validator object (9633937), closes #391
• enhance registerValidation log message with error (ae95fa8)
• fix authorizer init logic (a8fb9c3)
• fix the kratos admin url (4846fad)
• fix wrong title displayed once logged in (5ef6371)
• get 404 with not found role (with can view) - get 403 (without can_view) (2a22054)
• groups: validation and improved tests (255733e)
• handleDetail to return 404 on missing group for authorized users + typo (b1a1e02)
• identities: validation and improved tests (b4fa762)
• improve validation error messages (c20ff4a)
• initialize idps configmap.Data field if empty (fba4479), closes #392
• introduce uri validation for params (5eecee4)
• listing not working for user that created a role (b54d681)
• local dev env for OIDC provider discovery (03f5499)
• offload idp types to constant (d15ecf2)
• remove assignees tuples on DeleteGroup (1107165)
• remove assignees tuples on DeleteRole (5772334), closes #285
• remove fetch mock definition (2a1889e)
• remove login component from ui (51deb06)
• remove page param (585f713)
• remove page_token field in meta response (3756f0d), closes #271
• removing extra #member on assignIdentities service call (bfde070), closes #283
• removing extra #member on removeIdentities service call (74ab0ff)
• rename admin user (2f01a27)
• rename Urn to URN (603418d)
• return empty slice when no idps found (429591a), closes #388
• role: error out when ID is passed for creation (2a46a5e)
• role: use Name field for creation (e63fdaa)
• schemas: validation and improved tests (ab8652f)
• serve the same file for all ui routes (29ee190)
• serve ui assets under relative path (c3f21a9)
• serve UI files (9007b77)
• serve UI from root path (e5ecf42)
• set cookie path to / (9c95b0b)
• set necessary oauth2 scopes as default (9c36e95)
• set OtelHTTPClient in context correctly (e514b37)
• skip validation config on createFGAmodel cmd (ffd6563)
• standardize on types.Response (02cc8ce), closes #244
• standardize page token in clients api (7bdd3e7)
• sync resource creation/delation with authz (55d02df)
• temporary fix to allow time for new solution on the frontend (6ee0ac3)
• typo in variable name (4558fd0)
• ui redirection with context path (61451f6)
• UI serving handlers (b4070b1)
• ui use react routers base path and add tests for base path calculation (85da4c0)
• ui uses relative base path. in case /ui/ is found in the current page url, all urls and api routes use the found prefix from the path. If /ui/ is not found, fall back to / as the base path. Fixes #317 Fixes IAM-911 Fixes WD-12306 (709399c)
• unauthenticated handlers were called twice (1d7ebb9)
• update email template to fix issues in email clients (3f9726b)
• update rock to go 1.23.2 to deal with CVE-2024-34156 (db82abd), closes #449
• update tracing signature (d22fad9)
• use BASE_URL to add trailing slash (30b7b1b)
• use contextPath to redirect to UI (8a7540d)
• use contextual tuples for admin role (37efc1e)
• use contextual tuples to give admin access to all APIs (0e27337)
• use correct method to invoke backend (64f68a6)
• use idp ID if passed in (023c8e3)
• use worker pool in authorizer (67bf82d)
• wire up new config structs into web application bootstrap (9e5587d), closes #222

---

This PR was generated with Release Please. See documentation.