distribution/vendor/github.com/Azure/azure-sdk-for-go/sdk/azidentity/CHANGELOG.md
Kirat Singh ba4a6bbe02 Update Azure SDK and support additional authentication schemes
Microsoft has updated the golang Azure SDK significantly.  Update the
azure storage driver to use the new SDK.  Add support for client
secret and MSI authentication schemes in addition to shared key
authentication.

Implement rootDirectory support for the azure storage driver to mirror
the S3 driver.

Signed-off-by: Kirat Singh <kirat.singh@beacon.io>

Co-authored-by: Cory Snider <corhere@gmail.com>
2023-04-25 17:23:20 +00:00

12 KiB

Release History

1.2.1 (2023-01-26)

Other Changes

  • Upgrade MSAL to v0.8.1

1.3.0-beta.2 (2023-01-10)

Features Added

  • Added OnBehalfOfCredential to support the on-behalf-of flow (#16642)

Bugs Fixed

  • AzureCLICredential reports token expiration in local time (should be UTC)

Other Changes

  • AzureCLICredential imposes its default timeout only when the Context passed to GetToken() has no deadline
  • Added NewCredentialUnavailableError(). This function constructs an error indicating a credential can't authenticate and an encompassing ChainedTokenCredential should try its next credential, if any.

1.3.0-beta.1 (2022-12-13)

Features Added

  • WorkloadIdentityCredential and DefaultAzureCredential support Workload Identity Federation on Kubernetes. DefaultAzureCredential support requires environment variable configuration as set by the Workload Identity webhook. (#15615)

1.2.0 (2022-11-08)

Other Changes

  • This version includes all fixes and features from 1.2.0-beta.*

1.2.0-beta.3 (2022-10-11)

Features Added

  • ManagedIdentityCredential caches tokens in memory

Bugs Fixed

  • ClientCertificateCredential sends only the leaf cert for SNI authentication

1.2.0-beta.2 (2022-08-10)

Features Added

  • Added ClientAssertionCredential to enable applications to authenticate with custom client assertions

Other Changes

  • Updated AuthenticationFailedError with links to TROUBLESHOOTING.md for relevant errors
  • Upgraded microsoft-authentication-library-for-go requirement to v0.6.0

1.2.0-beta.1 (2022-06-07)

Features Added

  • EnvironmentCredential reads certificate passwords from AZURE_CLIENT_CERTIFICATE_PASSWORD (#17099)

1.1.0 (2022-06-07)

Features Added

  • ClientCertificateCredential and ClientSecretCredential support ESTS-R. First-party applications can set environment variable AZURE_REGIONAL_AUTHORITY_NAME with a region name. (#15605)

1.0.1 (2022-06-07)

Other Changes

  • Upgrade microsoft-authentication-library-for-go requirement to v0.5.1 (#18176)

1.0.0 (2022-05-12)

Features Added

  • DefaultAzureCredential reads environment variable AZURE_CLIENT_ID for the client ID of a user-assigned managed identity (#17293)

Breaking Changes

  • Removed AuthorizationCodeCredential. Use InteractiveBrowserCredential instead to authenticate a user with the authorization code flow.
  • Instances of AuthenticationFailedError are now returned by pointer.
  • GetToken() returns azcore.AccessToken by value

Bugs Fixed

  • AzureCLICredential panics after receiving an unexpected error type (#17490)

Other Changes

  • GetToken() returns an error when the caller specifies no scope
  • Updated to the latest versions of golang.org/x/crypto, azcore and internal

0.14.0 (2022-04-05)

Breaking Changes

  • This module now requires Go 1.18
  • Removed AuthorityHost. Credentials are now configured for sovereign or private clouds with the API in azcore/cloud, for example:
    // before
    opts := azidentity.ClientSecretCredentialOptions{AuthorityHost: azidentity.AzureGovernment}
    cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, secret, &opts)
    
    // after
    import "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud"
    
    opts := azidentity.ClientSecretCredentialOptions{}
    opts.Cloud = cloud.AzureGovernment
    cred, err := azidentity.NewClientSecretCredential(tenantID, clientID, secret, &opts)
    

0.13.2 (2022-03-08)

Bugs Fixed

  • Prevented a data race in DefaultAzureCredential and ChainedTokenCredential (#17144)

Other Changes

  • Upgraded App Service managed identity version from 2017-09-01 to 2019-08-01 (#17086)

0.13.1 (2022-02-08)

Features Added

  • EnvironmentCredential supports certificate SNI authentication when AZURE_CLIENT_SEND_CERTIFICATE_CHAIN is "true". (#16851)

Bugs Fixed

  • ManagedIdentityCredential.GetToken() now returns an error when configured for a user assigned identity in Azure Cloud Shell (which doesn't support such identities) (#16946)

Other Changes

  • NewDefaultAzureCredential() logs non-fatal errors. These errors are also included in the error returned by DefaultAzureCredential.GetToken() when it's unable to acquire a token from any source. (#15923)

0.13.0 (2022-01-11)

Breaking Changes

  • Replaced AuthenticationFailedError.RawResponse() with a field having the same name
  • Unexported CredentialUnavailableError
  • Instances of ChainedTokenCredential will now skip looping through the list of source credentials and re-use the first successful credential on subsequent calls to GetToken.
    • If ChainedTokenCredentialOptions.RetrySources is true, ChainedTokenCredential will continue to try all of the originally provided credentials each time the GetToken method is called.
    • ChainedTokenCredential.successfulCredential will contain a reference to the last successful credential.
    • DefaultAzureCredenial will also re-use the first successful credential on subsequent calls to GetToken.
    • DefaultAzureCredential.chain.successfulCredential will also contain a reference to the last successful credential.

Other Changes

  • ManagedIdentityCredential no longer probes IMDS before requesting a token from it. Also, an error response from IMDS no longer disables a credential instance. Following an error, a credential instance will continue to send requests to IMDS as necessary.
  • Adopted MSAL for user and service principal authentication
  • Updated azcore requirement to 0.21.0

0.12.0 (2021-11-02)

Breaking Changes

  • Raised minimum go version to 1.16
  • Removed NewAuthenticationPolicy() from credentials. Clients should instead use azcore's runtime.NewBearerTokenPolicy() to construct a bearer token authorization policy.
  • The AuthorityHost field in credential options structs is now a custom type, AuthorityHost, with underlying type string
  • NewChainedTokenCredential has a new signature to accommodate a placeholder options struct:
    // before
    cred, err := NewChainedTokenCredential(credA, credB)
    
    // after
    cred, err := NewChainedTokenCredential([]azcore.TokenCredential{credA, credB}, nil)
    
  • Removed ExcludeAzureCLICredential, ExcludeEnvironmentCredential, and ExcludeMSICredential from DefaultAzureCredentialOptions
  • NewClientCertificateCredential requires a []*x509.Certificate and crypto.PrivateKey instead of a path to a certificate file. Added ParseCertificates to simplify getting these in common cases:
    // before
    cred, err := NewClientCertificateCredential("tenant", "client-id", "/cert.pem", nil)
    
    // after
    certData, err := os.ReadFile("/cert.pem")
    certs, key, err := ParseCertificates(certData, password)
    cred, err := NewClientCertificateCredential(tenantID, clientID, certs, key, nil)
    
  • Removed InteractiveBrowserCredentialOptions.ClientSecret and .Port
  • Removed AADAuthenticationFailedError
  • Removed id parameter of NewManagedIdentityCredential(). User assigned identities are now specified by ManagedIdentityCredentialOptions.ID:
    // before
    cred, err := NewManagedIdentityCredential("client-id", nil)
    // or, for a resource ID
    opts := &ManagedIdentityCredentialOptions{ID: ResourceID}
    cred, err := NewManagedIdentityCredential("/subscriptions/...", opts)
    
    // after
    clientID := ClientID("7cf7db0d-...")
    opts := &ManagedIdentityCredentialOptions{ID: clientID}
    // or, for a resource ID
    resID: ResourceID("/subscriptions/...")
    opts := &ManagedIdentityCredentialOptions{ID: resID}
    cred, err := NewManagedIdentityCredential(opts)
    
  • DeviceCodeCredentialOptions.UserPrompt has a new type: func(context.Context, DeviceCodeMessage) error
  • Credential options structs now embed azcore.ClientOptions. In addition to changing literal initialization syntax, this change renames HTTPClient fields to Transport.
  • Renamed LogCredential to EventCredential
  • AzureCLICredential no longer reads the environment variable AZURE_CLI_PATH
  • NewManagedIdentityCredential no longer reads environment variables AZURE_CLIENT_ID and AZURE_RESOURCE_ID. Use ManagedIdentityCredentialOptions.ID instead.
  • Unexported AuthenticationFailedError and CredentialUnavailableError structs. In their place are two interfaces having the same names.

Bugs Fixed

  • AzureCLICredential.GetToken no longer mutates its opts.Scopes

Features Added

  • Added connection configuration options to DefaultAzureCredentialOptions
  • AuthenticationFailedError.RawResponse() returns the HTTP response motivating the error, if available

Other Changes

  • NewDefaultAzureCredential() returns *DefaultAzureCredential instead of *ChainedTokenCredential
  • Added TenantID field to DefaultAzureCredentialOptions and AzureCLICredentialOptions

0.11.0 (2021-09-08)

Breaking Changes

  • Unexported AzureCLICredentialOptions.TokenProvider and its type, AzureCLITokenProvider

Bug Fixes

  • ManagedIdentityCredential.GetToken returns CredentialUnavailableError when IMDS has no assigned identity, signaling DefaultAzureCredential to try other credentials

0.10.0 (2021-08-30)

Breaking Changes

  • Update based on azcore refactor #15383

0.9.3 (2021-08-20)

Bugs Fixed

  • ManagedIdentityCredential.GetToken no longer mutates its opts.Scopes

Other Changes

  • Bumps version of azcore to v0.18.1

0.9.2 (2021-07-23)

Features Added

  • Adding support for Service Fabric environment in ManagedIdentityCredential
  • Adding an option for using a resource ID instead of client ID in ManagedIdentityCredential

0.9.1 (2021-05-24)

Features Added

  • Add LICENSE.txt and bump version information

0.9.0 (2021-05-21)

Features Added

  • Add support for authenticating in Azure Stack environments
  • Enable user assigned identities for the IMDS scenario in ManagedIdentityCredential
  • Add scope to resource conversion in GetToken() on ManagedIdentityCredential

0.8.0 (2021-01-20)

Features Added

  • Updating documentation

0.7.1 (2021-01-04)

Features Added

  • Adding port option to InteractiveBrowserCredential

0.7.0 (2020-12-11)

Features Added

  • Add redirectURI parameter back to authentication code flow

0.6.1 (2020-12-09)

Features Added

  • Updating query parameter in ManagedIdentityCredential and updating datetime string for parsing managed identity access tokens.

0.6.0 (2020-11-16)

Features Added

  • Remove RedirectURL parameter from auth code flow to align with the MSAL implementation which relies on the native client redirect URL.

0.5.0 (2020-10-30)

Features Added

  • Flattening credential options

0.4.3 (2020-10-21)

Features Added

  • Adding Azure Arc support in ManagedIdentityCredential

0.4.2 (2020-10-16)

Features Added

  • Typo fixes

0.4.1 (2020-10-16)

Features Added

  • Ensure authority hosts are only HTTPs

0.4.0 (2020-10-16)

Features Added

  • Adding options structs for credentials

0.3.0 (2020-10-09)

Features Added

  • Update DeviceCodeCredential callback

0.2.2 (2020-10-09)

Features Added

  • Add AuthorizationCodeCredential

0.2.1 (2020-10-06)

Features Added

  • Add InteractiveBrowserCredential

0.2.0 (2020-09-11)

Features Added

  • Refactor azidentity on top of azcore refactor
  • Updated policies to conform to policy.Policy interface changes.
  • Updated non-retriable errors to conform to azcore.NonRetriableError.
  • Fixed calls to Request.SetBody() to include content type.
  • Switched endpoints to string types and removed extra parsing code.

0.1.1 (2020-09-02)

Features Added

  • Add AzureCLICredential to DefaultAzureCredential chain

0.1.0 (2020-07-23)

Features Added

  • Initial Release. Azure Identity library that provides Azure Active Directory token authentication support for the SDK.