TrueCloudLab/distribution
13
0
Fork 3
Code Issues 3 Pull requests Projects Releases 2 Packages Wiki Activity Actions
distribution/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
Flavian Missi 7caf058a65
bump azure sdk 
v1.3.0 of azidentity introduces support to workload identity.

Signed-off-by: Flavian Missi <fmissi@redhat.com>
2023-05-22 09:05:35 +02:00

15 KiB
Raw Blame History

Release History

1.3.0 (2023-05-09)

Breaking Changes

These changes affect only code written against a beta version such as v1.3.0-beta.5

  • Renamed NewOnBehalfOfCredentialFromCertificate to NewOnBehalfOfCredentialWithCertificate
  • Renamed NewOnBehalfOfCredentialFromSecret to NewOnBehalfOfCredentialWithSecret

Other Changes

  • Upgraded to MSAL v1.0.0

1.3.0-beta.5 (2023-04-11)

Breaking Changes

These changes affect only code written against a beta version such as v1.3.0-beta.4

  • Moved NewWorkloadIdentityCredential() parameters into WorkloadIdentityCredentialOptions. The constructor now reads default configuration from environment variables set by the Azure workload identity webhook by default. (#20478)
  • Removed CAE support. It will return in v1.4.0-beta.1 (#20479)

Bugs Fixed

  • Fixed an issue in DefaultAzureCredential that could cause the managed identity endpoint check to fail in rare circumstances.

1.3.0-beta.4 (2023-03-08)

Features Added

  • Added WorkloadIdentityCredentialOptions.AdditionallyAllowedTenants and .DisableInstanceDiscovery

Bugs Fixed

  • Credentials now synchronize within GetToken() so a single instance can be shared among goroutines (#20044)

Other Changes

  • Upgraded dependencies

1.2.2 (2023-03-07)

Other Changes

  • Upgraded dependencies

1.3.0-beta.3 (2023-02-07)

Features Added

  • By default, credentials set client capability "CP1" to enable support for Continuous Access Evaluation (CAE). This indicates to Azure Active Directory that your application can handle CAE claims challenges. You can disable this behavior by setting the environment variable "AZURE_IDENTITY_DISABLE_CP1" to "true".
  • InteractiveBrowserCredentialOptions.LoginHint enables pre-populating the login prompt with a username (#15599)
  • Service principal and user credentials support ADFS authentication on Azure Stack. Specify "adfs" as the credential's tenant.
  • Applications running in private or disconnected clouds can prevent credentials from requesting Azure AD instance metadata by setting the DisableInstanceDiscovery field on credential options.
  • Many credentials can now be configured to authenticate in multiple tenants. The options types for these credentials have an AdditionallyAllowedTenants field that specifies additional tenants in which the credential may authenticate.

1.3.0-beta.2 (2023-01-10)

Features Added

  • Added OnBehalfOfCredential to support the on-behalf-of flow (#16642)

Bugs Fixed

  • AzureCLICredential reports token expiration in local time (should be UTC)

Other Changes

  • AzureCLICredential imposes its default timeout only when the Context passed to GetToken() has no deadline
  • Added NewCredentialUnavailableError(). This function constructs an error indicating a credential can't authenticate and an encompassing ChainedTokenCredential should try its next credential, if any.

1.3.0-beta.1 (2022-12-13)

Features Added

  • WorkloadIdentityCredential and DefaultAzureCredential support Workload Identity Federation on Kubernetes. DefaultAzureCredential support requires environment variable configuration as set by the Workload Identity webhook. (#15615)

1.2.0 (2022-11-08)

Other Changes

  • This version includes all fixes and features from 1.2.0-beta.*

1.2.0-beta.3 (2022-10-11)

Features Added

  • ManagedIdentityCredential caches tokens in memory

Bugs Fixed

  • ClientCertificateCredential sends only the leaf cert for SNI authentication

1.2.0-beta.2 (2022-08-10)

Features Added

  • Added ClientAssertionCredential to enable applications to authenticate with custom client assertions

Other Changes

  • Updated AuthenticationFailedError with links to TROUBLESHOOTING.md for relevant errors
  • Upgraded microsoft-authentication-library-for-go requirement to v0.6.0

1.2.0-beta.1 (2022-06-07)

Features Added

  • EnvironmentCredential reads certificate passwords from AZURE_CLIENT_CERTIFICATE_PASSWORD (#17099)

1.1.0 (2022-06-07)

Features Added

  • ClientCertificateCredential and ClientSecretCredential support ESTS-R. First-party applications can set environment variable AZURE_REGIONAL_AUTHORITY_NAME with a region name. (#15605)

1.0.1 (2022-06-07)

Other Changes

  • Upgrade microsoft-authentication-library-for-go requirement to v0.5.1 (#18176)

1.0.0 (2022-05-12)

Features Added

  • DefaultAzureCredential reads environment variable AZURE_CLIENT_ID for the client ID of a user-assigned managed identity (#17293)

Breaking Changes

  • Removed AuthorizationCodeCredential. Use InteractiveBrowserCredential instead to authenticate a user with the authorization code flow.
  • Instances of AuthenticationFailedError are now returned by pointer.
  • GetToken() returns azcore.AccessToken by value

Bugs Fixed

  • AzureCLICredential panics after receiving an unexpected error type (#17490)

Other Changes

  • GetToken() returns an error when the caller specifies no scope
  • Updated to the latest versions of golang.org/x/crypto, azcore and internal

0.14.0 (2022-04-05)

Breaking Changes

  • This module now requires Go 1.18
  • Removed AuthorityHost. Credentials are now configured for sovereign or private clouds with the API in azcore/cloud, for example: 
    // before
opts := azidentity.ClientSecretCredentialOptions{AuthorityHost: azidentity.AzureGovernment}
cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, secret, &opts)

// after
import "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"

opts := azidentity.ClientSecretCredentialOptions{}
opts.Cloud = cloud.AzureGovernment
cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, secret, &opts)

0.13.2 (2022-03-08)

Bugs Fixed

  • Prevented a data race in DefaultAzureCredential and ChainedTokenCredential (#17144)

Other Changes

  • Upgraded App Service managed identity version from 2017-09-01 to 2019-08-01 (#17086)

0.13.1 (2022-02-08)

Features Added

  • EnvironmentCredential supports certificate SNI authentication when AZURE_CLIENT_SEND_CERTIFICATE_CHAIN is "true". (#16851)

Bugs Fixed

  • ManagedIdentityCredential.GetToken() now returns an error when configured for a user assigned identity in Azure Cloud Shell (which doesn't support such identities) (#16946)

Other Changes

  • NewDefaultAzureCredential() logs non-fatal errors. These errors are also included in the error returned by DefaultAzureCredential.GetToken() when it's unable to acquire a token from any source. (#15923)

0.13.0 (2022-01-11)

Breaking Changes

  • Replaced AuthenticationFailedError.RawResponse() with a field having the same name
  • Unexported CredentialUnavailableError
  • Instances of ChainedTokenCredential will now skip looping through the list of source credentials and re-use the first successful credential on subsequent calls to GetToken.
    • If ChainedTokenCredentialOptions.RetrySources is true, ChainedTokenCredential will continue to try all of the originally provided credentials each time the GetToken method is called.
    • ChainedTokenCredential.successfulCredential will contain a reference to the last successful credential.
    • DefaultAzureCredenial will also re-use the first successful credential on subsequent calls to GetToken.
    • DefaultAzureCredential.chain.successfulCredential will also contain a reference to the last successful credential.

Other Changes

  • ManagedIdentityCredential no longer probes IMDS before requesting a token from it. Also, an error response from IMDS no longer disables a credential instance. Following an error, a credential instance will continue to send requests to IMDS as necessary.
  • Adopted MSAL for user and service principal authentication
  • Updated azcore requirement to 0.21.0

0.12.0 (2021-11-02)

Breaking Changes

  • Raised minimum go version to 1.16
  • Removed NewAuthenticationPolicy() from credentials. Clients should instead use azcore's runtime.NewBearerTokenPolicy() to construct a bearer token authorization policy.
  • The AuthorityHost field in credential options structs is now a custom type, AuthorityHost, with underlying type string
  • NewChainedTokenCredential has a new signature to accommodate a placeholder options struct: 
    // before
cred, err := NewChainedTokenCredential(credA, credB)

// after
cred, err := NewChainedTokenCredential([]azcore.TokenCredential{credA, credB}, nil)
  • Removed ExcludeAzureCLICredential, ExcludeEnvironmentCredential, and ExcludeMSICredential from DefaultAzureCredentialOptions
  • NewClientCertificateCredential requires a []*x509.Certificate and crypto.PrivateKey instead of a path to a certificate file. Added ParseCertificates to simplify getting these in common cases: 
    // before
cred, err := NewClientCertificateCredential("tenant", "client-id", "/cert.pem", nil)

// after
certData, err := os.ReadFile("/cert.pem")
certs, key, err := ParseCertificates(certData, password)
cred, err := NewClientCertificateCredential(tenantID, clientID, certs, key, nil)
  • Removed InteractiveBrowserCredentialOptions.ClientSecret and .Port
  • Removed AADAuthenticationFailedError
  • Removed id parameter of NewManagedIdentityCredential(). User assigned identities are now specified by ManagedIdentityCredentialOptions.ID: 
    // before
cred, err := NewManagedIdentityCredential("client-id", nil)
// or, for a resource ID
opts := &ManagedIdentityCredentialOptions{ID: ResourceID}
cred, err := NewManagedIdentityCredential("/subscriptions/...", opts)

// after
clientID := ClientID("7cf7db0d-...")
opts := &ManagedIdentityCredentialOptions{ID: clientID}
// or, for a resource ID
resID: ResourceID("/subscriptions/...")
opts := &ManagedIdentityCredentialOptions{ID: resID}
cred, err := NewManagedIdentityCredential(opts)
  • DeviceCodeCredentialOptions.UserPrompt has a new type: func(context.Context, DeviceCodeMessage) error
  • Credential options structs now embed azcore.ClientOptions. In addition to changing literal initialization syntax, this change renames HTTPClient fields to Transport.
  • Renamed LogCredential to EventCredential
  • AzureCLICredential no longer reads the environment variable AZURE_CLI_PATH
  • NewManagedIdentityCredential no longer reads environment variables AZURE_CLIENT_ID and AZURE_RESOURCE_ID. Use ManagedIdentityCredentialOptions.ID instead.
  • Unexported AuthenticationFailedError and CredentialUnavailableError structs. In their place are two interfaces having the same names.

Bugs Fixed

  • AzureCLICredential.GetToken no longer mutates its opts.Scopes

Features Added

  • Added connection configuration options to DefaultAzureCredentialOptions
  • AuthenticationFailedError.RawResponse() returns the HTTP response motivating the error, if available

Other Changes

  • NewDefaultAzureCredential() returns *DefaultAzureCredential instead of *ChainedTokenCredential
  • Added TenantID field to DefaultAzureCredentialOptions and AzureCLICredentialOptions

0.11.0 (2021-09-08)

Breaking Changes

  • Unexported AzureCLICredentialOptions.TokenProvider and its type, AzureCLITokenProvider

Bug Fixes

  • ManagedIdentityCredential.GetToken returns CredentialUnavailableError when IMDS has no assigned identity, signaling DefaultAzureCredential to try other credentials

0.10.0 (2021-08-30)

Breaking Changes

  • Update based on azcore refactor #15383

0.9.3 (2021-08-20)

Bugs Fixed

  • ManagedIdentityCredential.GetToken no longer mutates its opts.Scopes

Other Changes

  • Bumps version of azcore to v0.18.1

0.9.2 (2021-07-23)

Features Added

  • Adding support for Service Fabric environment in ManagedIdentityCredential
  • Adding an option for using a resource ID instead of client ID in ManagedIdentityCredential

0.9.1 (2021-05-24)

Features Added

  • Add LICENSE.txt and bump version information

0.9.0 (2021-05-21)

Features Added

  • Add support for authenticating in Azure Stack environments
  • Enable user assigned identities for the IMDS scenario in ManagedIdentityCredential
  • Add scope to resource conversion in GetToken() on ManagedIdentityCredential

0.8.0 (2021-01-20)

Features Added

  • Updating documentation

0.7.1 (2021-01-04)

Features Added

  • Adding port option to InteractiveBrowserCredential

0.7.0 (2020-12-11)

Features Added

  • Add redirectURI parameter back to authentication code flow

0.6.1 (2020-12-09)

Features Added

  • Updating query parameter in ManagedIdentityCredential and updating datetime string for parsing managed identity access tokens.

0.6.0 (2020-11-16)

Features Added

  • Remove RedirectURL parameter from auth code flow to align with the MSAL implementation which relies on the native client redirect URL.

0.5.0 (2020-10-30)

Features Added

  • Flattening credential options

0.4.3 (2020-10-21)

Features Added

  • Adding Azure Arc support in ManagedIdentityCredential

0.4.2 (2020-10-16)

Features Added

  • Typo fixes

0.4.1 (2020-10-16)

Features Added

  • Ensure authority hosts are only HTTPs

0.4.0 (2020-10-16)

Features Added

  • Adding options structs for credentials

0.3.0 (2020-10-09)

Features Added

  • Update DeviceCodeCredential callback

0.2.2 (2020-10-09)

Features Added

  • Add AuthorizationCodeCredential

0.2.1 (2020-10-06)

Features Added

  • Add InteractiveBrowserCredential

0.2.0 (2020-09-11)

Features Added

  • Refactor azidentity on top of azcore refactor
  • Updated policies to conform to policy.Policy interface changes.
  • Updated non-retriable errors to conform to azcore.NonRetriableError.
  • Fixed calls to Request.SetBody() to include content type.
  • Switched endpoints to string types and removed extra parsing code.

0.1.1 (2020-09-02)

Features Added

  • Add AzureCLICredential to DefaultAzureCredential chain

0.1.0 (2020-07-23)

Features Added

  • Initial Release. Azure Identity library that provides Azure Active Directory token authentication support for the SDK.