Releases: Azure/azure-workload-identity
v1.4.0
v1.4.0 - 2024-12-04
Changelog
Bug Fixes 🐞
Continuous Integration 💜
- ci: cleanup windows pr gate by @aramase in #1368
- ci: update macos runner to macos-13 by @aramase in #1402
- ci: enable tests with kubernetes v1.30 by @aramase in #1421
- ci: update codeql workflow by @aramase in #1434
- ci: update release workflow to create tag manually by @aramase in #1474
- ci: fix create_release workflow by @aramase in #1513
Features 🌈
Maintenance 🔧
- chore: bump k8s.io/kubernetes from 1.29.4 to 1.29.5 in /test/e2e in the k8s group by @dependabot in #1354
- chore: bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.2.2 to 1.6.0 by @dependabot in #1380
- chore: use azure storage static web serving rather than public access by @aramase in #1359
- chore: update distroless-iptables to v0.6.0 by @aramase in #1401
- chore: update distroless-iptables to v0.6.1 by @aramase in #1420
- chore: bump msgraph to v1.45.0 by @guilhem in #1370
- chore: bump Microsoft.Identity.Client from 4.59.1 to 4.60.4 in /examples/msal-net/akvdotnet by @dependabot in #1422
- chore: bump com.azure:azure-identity from 1.11.1 to 1.12.2 in /examples/msal-java by @dependabot in #1378
- chore: bump github.com/microsoft/kiota-http-go from 1.4.1 to 1.4.3 by @dependabot in #1426
- chore: bump the k8s group across 1 directory with 3 updates by @dependabot in #1413
- chore: bump sigs.k8s.io/controller-runtime from 0.17.5 to 0.17.6 in the k8s group by @dependabot in #1429
- chore: bump the all group across 1 directory with 2 updates by @dependabot in #1391
- chore: bump github.com/microsoft/kiota-http-go from 1.4.3 to 1.4.4 by @dependabot in #1439
- chore: bump the k8s group with 3 updates by @dependabot in #1438
- chore: update to go 1.23 by @aramase in #1446
- chore: bump kubernetes deps to v1.31.1 by @aramase in #1467
- chore: bump github.com/microsoft/kiota-http-go from 1.4.4 to 1.4.5 by @dependabot in #1453
- chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.12.0 to 1.14.0 in /examples/msal-go in the all group across 1 directory by @dependabot in #1435
- chore: bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 in /test/e2e by @dependabot in #1468
- chore: bump actions/upload-artifact from 3.1.2 to 4.4.3 by @dependabot in #1466
- chore: update distroless-iptables to v0.6.5 by @aramase in #1504
- chore: bump the all group across 1 directory with 2 updates by @dependabot in #1500
- chore: bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #1497
- chore: bump github.com/AzureAD/microsoft-authentication-library-for-go from 1.2.2 to 1.2.3 by @dependabot in #1491
- chore: bump the k8s group across 1 directory with 4 updates by @dependabot in #1510
- chore: bump k8s.io/kubernetes from 1.31.1 to 1.31.3 in /test/e2e in the k8s group across 1 directory by @dependabot in #1509
- chore: bump sigs.k8s.io/controller-runtime from 0.19.2 to 0.19.3 in the k8s group by @dependabot in #1511
New Contributors
Full Changelog: v1.3.0...v1.4.0
v1.3.0
v1.3.0 - 2024-06-04
Changelog
Continuous Integration 💜
- 9f96d50 ci: update service account issuer in azwi_e2e (#1366)
- 9fdb109 ci: bump go-version to 1.22 for govulncheck workflow (#1339)
- 96f34d0 ci: remove pinned k8s version for aks clusters (#1334)
Documentation 📘
Maintenance 🔧
- 54b74d1 chore: bump the k8s group across 1 directory with 4 updates (#1355)
- 30acced chore: update distroless-iptables to v0.5.4 (#1351)
- 5ad840f chore: bump Microsoft.Identity.Client from 4.54.0 to 4.59.1 in /examples/msal-net/akvdotnet (#1325)
- fa64c67 chore: bump golang.org/x/net from 0.20.0 to 0.23.0 in /examples/msal-go (#1328)
- 2a3942e chore: bump k8s deps to v1.29.4 and controller-runtime to v0.17.3 (#1292)
- 03fd665 chore: update to go 1.22 (#1315)
v1.2.2
v1.2.2 - 2024-04-17
Changelog
Continuous Integration 💜
- 8885a64 ci: add govulncheck check and fix GO-2024-2687 (#1320)
- 85e8165 ci: bump ossf/scorecard-action to v2.3.1 (#1314)
Maintenance 🔧
- d9fceaa chore: bump codecov/codecov-action from 3.1.4 to 4.2.0 (#1313)
- 808e724 chore: bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1047)
- dbd1bbe chore: bump actions/checkout from 3.5.3 to 4.1.2 (#1291)
- 3874533 chore: bump azure/login from 1.4.7 to 2.0.0 (#1283)
- 7b2e91b chore: bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /test/e2e (#1285)
- 0a38198 chore: bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#1286)
v1.2.1
v1.2.1 - 2024-03-05
Changelog
Continuous Integration 💜
- cc6040e ci: overwrite pool images using demands (#1273)
- 94283c5 ci: enable tests with kubernetes v1.29 (#1230)
- aa3b032 ci: set check-latest flag to true in gh workflows (#1191)
Documentation 📘
Features 🌈
Maintenance 🔧
- 9193347 chore: bump the k8s group with 3 updates (#1265)
- bbe98ca chore: bump the all group in /examples/msal-go with 3 updates (#1266)
- dd587bb chore: bump controller-gen to v0.14.0 (#1268)
- 8312a0c chore: update distroless-iptables to v0.5.1 (#1254)
- 8ba21ae chore: bump the k8s group with 2 updates (#1241)
- 7b29880 chore: bump the all group in /examples/msal-go with 1 update (#1236)
- 9e1631a chore: bump the all group in /examples/msal-go with 1 update (#1227)
- 16be8e9 chore: bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /test/e2e (#1216)
- e63ddd0 chore: bump the all group in /examples/msal-java with 7 updates (#1222)
- d095bb2 chore: fix msal-node docker build env image (#1223)
- 0341361 chore: bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1215)
- cc02729 chore: bump the k8s group with 2 updates (#1217)
- 7579fba chore: bump github/codeql-action from 2.22.8 to 3.22.12 (#1221)
- a86986b chore: use base images from mcr (#1208)
- 2ae61c2 chore: bump the all group in /examples/msal-go with 1 update (#1201)
- 24bc619 chore: bump actions/setup-go from 4.0.1 to 5.0.0 (#1206)
- 6217742 chore: Update .NET sample to use MSAL best practices (#1146)
- 0fb935f chore: bump github/codeql-action from 2.21.4 to 2.22.8 (#1196)
- 045a29e chore: bump the k8s group with 3 updates (#1182)
- c1bc445 chore: bump google.golang.org/grpc from 1.49.0 to 1.56.3 in /test/e2e (#1158)
- e3b48ff chore: bump github.com/gorilla/mux from 1.8.0 to 1.8.1 (#1166)
- 7e86b6a chore: bump the all group in /examples/msal-go with 2 updates (#1175)
- b203135 chore: bump step-security/harden-runner from 2.5.0 to 2.6.1 (#1184)
- 4219466 chore: bump actions/dependency-review-action from 3.0.4 to 3.1.4 (#1190)
- 2bb57bc chore: update to go 1.21 (#1189)
v1.2.0
v1.2.0 - 2023-10-24
Changelog
Bug Fixes 🐞
- 9d068e1 fix: prepend proxy sidecar container to prevent application container restarts (#1108)
- 4a889b7 fix: disallow injecting proxy sidecar in pods with
hostNetwork: true
(#1090)
Code Refactoring 💎
Continuous Integration 💜
- b9d3a95 ci: update kubernetes version to v1.26 for aks (#1078)
- 41f4b88 ci: add dependabot group for
examples/*
dir (part 2) (#1066) - 5b48713 ci: add dependabot group for gomod (part 1) (#1032)
- 879e62f ci: change dependabot schedule interval to weekly (#999)
- a5f2ee3 ci: remove register_feature and aks-preview (#948)
Documentation 📘
- c3d587a docs: Remove duplicate Azure Identity SDK content (#1082)
- 215911a docs: fix aad url (#1024)
- 56d89dd docs: update minimum required and recommended azidentity sdk versions (#998)
- 29dd273 docs: add AADSTS90061 troubleshooting for managed AKS (#955)
- f9a705d docs: update minimum required versions for azure-identity sdk (#956)
- e3100f8 docs: fix markdown syntax in federated identity credentials doc (#950)
Features 🌈
Maintenance 🔧
- ffb15ec chore: bump golang.org/x/net from 0.8.0 to 0.17.0 in /examples/msal-go (#1137)
- 53224dd chore: bump golang.org/x/net from 0.9.0 to 0.17.0 (#1138)
- 6859684 chore: bump golang.org/x/net from 0.10.0 to 0.17.0 in /test/e2e (#1136)
- 00806a7 chore: update distroless-iptables to v0.4.1 (#1139)
- 6ea7815 chore: bump the all group in /examples/msal-go with 1 update (#1104)
- cd6b64e chore: bump the k8s group with 2 updates (#1097)
- 1fa5838 chore: bump the k8s group in /test/e2e with 1 update (#1085)
- d1ea037 chore: bump the all group in /examples/msal-node with 1 update (#1089)
- 761ea0c chore: bump github.com/google/uuid from 1.3.0 to 1.3.1 (#1088)
- eb7cef3 chore: bump github/codeql-action from 2.21.2 to 2.21.4 (#1061)
- c6492f3 chore: cleanup comment in
create-aks-cluster.sh
(#1080) - fc2175e chore: bump the all group in /examples/azure-identity/go with 2 updates (#1081)
- c9097de chore: bump the all group in /examples/msal-go with 2 updates (#1074)
- 59b6a5f chore: bump the all group in /examples/msal-java with 6 updates (#1077)
- 83c34a6 chore: bump the all group in /examples/azure-identity/java with 5 updates (#1076)
- a3111ae chore: bump github/codeql-action from 2.20.0 to 2.21.2 (#1046)
- e628579 chore: bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#1012)
- 4c27e23 chore: bump step-security/harden-runner from 2.4.0 to 2.5.0 (#1040)
- dcb40af chore: bump the k8s group with 2 updates (#1035)
- f70b337 chore: bump github.com/Azure/aad-pod-identity from 1.8.13 to 1.8.17 (#1002)
- 7ed41aa chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.6.0 to 1.7.0 in /examples/msal-go (#1031)
- a5fc57d chore: update msgraph-sdk-go and deps to
v1.x.x
(#1008) - 92ebdea chore: bump actions/checkout from 3.5.2 to 3.5.3 (#988)
- cec76b8 chore: bump github/codeql-action from 2.3.5 to 2.20.0 (#1001)
- 01c966a chore: update distroless-iptables to v0.2.5 (#993)
- 74cea27 chore: bump github/codeql-action from 2.3.3 to 2.3.5 (#974)
- af81d03 chore: bump azure-security-keyvault-secrets from 4.6.1 to 4.6.2 in /examples/azure-identity/java (#971)
- d20b8e5 chore: bump codecov/codecov-action from 3.1.3 to 3.1.4 (#961)
- 6a949d8 chore: bump azure-security-keyvault-secrets from 4.2.3 to 4.6.1 in /examples/msal-java (#914)
- 355ea92 chore: bump msal from 1.14.0 to 1.22.0 in /examples/msal-python (#892)
- 5ccb956 chore: bump azure-keyvault-secrets from 4.3.0 to 4.7.0 in /examples/msal-python (#889)
- 77f71dc chore: bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 in /test/e2e (#959)
- 5abaeea chore: bump dotnet/sdk from 5.0 to 7.0 in /examples/msal-net/akvdotnet (#891)
- 2df4a32 chore: bump @azure/msal-node from 1.14.6 to 1.17.2 in /examples/msal-node (#921)
- 213d1a2 chore: bump @azure/identity from 3.2.1 to 3.2.2 in /examples/azure-identity/node (#960)
- 0d3e81f chore: bump Microsoft.Identity.Client from 4.30.1 to 4.54.0 in /examples/msal-net/akvdotnet (#952)
- c55dbf1 chore: bump Azure.Security.KeyVault.Secrets from 4.1.0 to 4.5.0 in /examples/msal-net/akvdotnet (#883)
- 558b3b6 chore: bump msal4j from 1.11.2 to 1.13.8 in /examples/msal-java (#913)
- 210a14e chore: bump azure-core from 1.38.0 to 1.39.0 in /examples/msal-java (#933)
- 6aac89f chore: bump azure-identity from 1.8.3 to 1.9.0 in /examples/msal-java (#944)
- da52137 chore: bump actions/setup-go from 4.0.0 to 4.0.1 (#958)
- 8d97aa9 chore: use
dl.k8s.io
instead of hardcoded url (#957) - 9fffa02 chore: bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in /test/e2e (#954)
- 7adaa45 chore: use
github.com/Azure/azure-sdk-for-go/sdk/azcore/to
instead ofautorest/to
(#947) - 52723bc chore: update distroless-iptables to v0.2.4 (#946)
- 5d55956 chore: bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4 in /test/e2e (#941)
- 6cbc539 chore: bump github.com/microsoftgraph/msgraph-sdk-go-core from 0.36.1 to 0.36.2 (#940)
- c212bb6 chore: bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#936)
- ffdd2f5 chore: bump step-security/harden-runner from 2.3.1 to 2.4.0 (#939)
- 62ab36e chore: bump actions/checkout from 3.0.2 to 3.5.2 (#937)
- c040a6d chore: bump github/codeql-action from 2.3.2 to 2.3.3 (#938)
Testing 💚
v1.1.0
v1.1.0 - 2023-05-08
Changelog
Code Refactoring 💎
Continuous Integration 💜
- 471822d ci: add
enj
to CODEOWNERS (#927) - ba4a63e ci: exclude examples folder from trigger (part 2) (#917)
- 44fe7bd ci: exclude examples folder from trigger (#910)
- d767af7 ci: make semantic check title only (#871)
- 384ce52 ci: [StepSecurity] Apply security best practices (#870)
- 098e99c ci: switch to using mariner pool (#858)
- 1a08950 ci: enable tests with kubernetes v1.27 (nightly) (#853)
- 2b7fd8f ci: enable codeql for pull_request (#846)
- 28e634a ci: enable tests with kubernetes v1.27 (#836)
- 59b83f2 ci: add release branch for pr pipeline (#819)
- 98e8f02 ci: add local-prefixes goimports linter-settings (#817)
Documentation 📘
- ee30646 docs: add openssf badge (#904)
- 7460246 docs: use mermaid diagram in introduction (#869)
- c8f7c69 docs: add note about many:1 and 1:many in quick start (#867)
- b09a9d3 docs: update labels and annotations requirement (#860)
Features 🌈
- 284fc80 feat: Migrate to
sdk/resourcemanager/**/arm**
fromservices/**/mgmt/**
(#926) - 08a3ef1 feat: use distroless-iptables for proxy-init (#816)
- a04974d feat: make podDisruptionBudget minAvailable/maxUnavailable configurable (#827)
- 2e1d89a feat: set security capabilities for azwi-proxy (#829)
Maintenance 🔧
- c972b6a chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.5.0 to 1.6.0 in /examples/msal-go (#928)
- 1f8e99d chore: bump Azure.Security.KeyVault.Secrets from 4.4.0 to 4.5.0 in /examples/azure-identity/dotnet (#880)
- 513a794 chore: bump azure-identity from 1.8.2 to 1.8.3 in /examples/azure-identity/java (#922)
- 3e74048 chore: bump azure-identity from 1.8.2 to 1.8.3 in /examples/msal-java (#923)
- 9e30d5c chore: bump azure-identity from 1.11.0 to 1.12.0 in /examples/azure-identity/python (#876)
- cc49521 chore: bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 in /examples/msal-go (#912)
- 45187cd chore: bump github.com/Azure/go-autorest/autorest from 0.11.28 to 0.11.29 (#911)
- 63f66cb chore: bump github.com/microsoft/kiota-serialization-json-go from 0.9.2 to 0.9.3 (#900)
- 6455d10 chore: bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 in /examples/azure-identity/go (#915)
- 66144e0 chore: bump dotnet/sdk from 6.0 to 7.0 in /examples/azure-identity/dotnet (#872)
- 87c7560 chore: bump azure-identity from 1.2.0 to 1.8.2 in /examples/msal-java (#898)
- 94f1a50 chore: bump maven-dependency-plugin from 2.6 to 3.5.0 in /examples/msal-java (#899)
- a5aba22 chore: bump slf4j-simple from 1.7.32 to 2.0.7 in /examples/msal-java (#902)
- 8e10244 chore: bump azure-identity from 1.6.0 to 1.8.2 in /examples/azure-identity/java (#901)
- 0a03aad chore: reenable azwi darwin build as part of release (#909)
- 74b2f30 chore: remove unused test/images folder (#908)
- f9f59b8 chore: bump github.com/AzureAD/microsoft-authentication-library-for-go from 0.9.0 to 1.0.0 in /examples/msal-go (#873)
- b5512ce chore: bump ossf/scorecard-action from 2.0.6 to 2.1.3 (#879)
- e047dbb chore: bump github/codeql-action from 2.3.0 to 2.3.2 (#905)
- 474ada3 chore: bump actions/dependency-review-action from 2.5.1 to 3.0.4 (#882)
- e6981cb chore: bump github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets from 0.11.0 to 0.12.0 in /examples/azure-identity/go (#896)
- 00377a7 chore: bump github.com/microsoft/kiota-serialization-json-go (#866)
- de6a278 chore: bump codecov/codecov-action from 3.1.2 to 3.1.3 (#864)
- cee7098 chore: bump github/codeql-action from 2.2.12 to 2.3.0 (#865)
- e3b4322 chore: bump deps and update msal-go example (#857)
- a301b81 chore: bump k8s.io/kubernetes from 1.26.3 to 1.26.4 in /test/e2e (#852)
- 77d1f8c chore: bump github.com/microsoftgraph/msgraph-sdk-go-core (#850)
- d4e5e61 chore: bump k8s.io/client-go from 0.26.3 to 0.26.4 (#851)
- 2f92b47 chore: bump peter-evans/create-pull-request from 4 to 5 (#833)
- d1f89d7 chore: bump github/codeql-action from 2.2.11 to 2.2.12 (#845)
- f76e12c chore: bump codecov/codecov-action from 3.1.1 to 3.1.2 (#844)
- cbc280e chore: remove windows version 1903, 1909 and 2004 (EOL) (#841)
- e3282c3 chore: update to go 1.20 (#840)
- a2bbdcb chore: update debian-iptables to bullseye-v1.5.5 (#839)
- 6cea9db chore: bump xml2js from 0.4.23 to in /examples/msal-node (#835)
- 348c89a chore: update msgraphsdk to
v0.61.0
and k8s deps tov1.26
(#832) - 544b901 chore: bump github/codeql-action from 2.2.9 to 2.2.11 (#834)
- 38b66b2 chore: bump k8s.io/kubernetes from 1.25.7 to 1.25.8 in /test/e2e (#812)
- c570e2c chore: update debian-iptables to bullseye-v1.5.4 (#815)
- ac76c8b chore: use goimports for import grouping (#809)
- 01b89e8 chore: bump github/codeql-action from 2.2.7 to 2.2.9 (#811)
v1.0.0
v1.0.0 - 2023-03-27
This stable release has no other changes from v1.0.0-rc.0.
Breaking Changes ⚠️
As of v1.0.0-alpha.0
release, the azure-workload-identity mutating admission webhook is defaulting to using failurePolicy: Fail
instead of Ignore
. With this change, we have added an object selector in the configuration to only intercept and mutate pods that have the azure.workload.identity/use: "true"
label. This change reduces the latency impact of the webhook and prevents workload pods that require the injected environment variables and projected service account token volume from starting in an unexpected state. Refer to issue for more details.
Changelog
Bug Fixes 🐞
Continuous Integration 💜
Documentation 📘
- becf24c docs: Update AKS OIDC Issuer link (#799)
- 3aa580e docs: fix incorrect default proxy port (#785)
- 278a6b5 docs: remove kubernetes version 1.23 (EOL) (#775)
Features 🌈
- a2c807b feat: set
reinvocationPolicy: IfNeeded
for webhook (#794) - 245f593 feat: make pod annotations configurable in helm charts (#795)
- e5e3b2a feat: add graceful shutdown for proxy server (#776)
Maintenance 🔧
- 251b2b9 chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.22 to 0.9.23 (#806)
- e1c98b9 chore: bump actions/setup-go from 3 to 4 (#800)
- 12ee893 chore: bump k8s.io/client-go from 0.25.7 to 0.25.8 (#805)
- 916000f chore: bump github/codeql-action from 2.2.6 to 2.2.7 (#801)
- 1c2fa32 chore: update debian-iptables to bullseye-v1.5.3 (#796)
- ff5ba60 chore: bump controller-gen to v0.10.0 (#793)
- 9711a20 chore: bump github/codeql-action from 2.2.5 to 2.2.6 (#792)
- f08b7e2 chore: bump k8s.io/client-go from 0.25.6 to 0.25.7 (#780)
v1.0.0-rc.0
v1.0.0-rc.0 - 2023-03-22
Breaking Changes ⚠️
As of v1.0.0-alpha.0
release, the azure-workload-identity mutating admission webhook is defaulting to using failurePolicy: Fail
instead of Ignore
. With this change, we have added an object selector in the configuration to only intercept and mutate pods that have the azure.workload.identity/use: "true"
label. This change reduces the latency impact of the webhook and prevents workload pods that require the injected environment variables and projected service account token volume from starting in an unexpected state. Refer to issue for more details.
Changelog
Bug Fixes 🐞
Continuous Integration 💜
Documentation 📘
- becf24c docs: Update AKS OIDC Issuer link (#799)
- 3aa580e docs: fix incorrect default proxy port (#785)
- 278a6b5 docs: remove kubernetes version 1.23 (EOL) (#775)
Features 🌈
- a2c807b feat: set
reinvocationPolicy: IfNeeded
for webhook (#794) - 245f593 feat: make pod annotations configurable in helm charts (#795)
- e5e3b2a feat: add graceful shutdown for proxy server (#776)
Maintenance 🔧
- 251b2b9 chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.22 to 0.9.23 (#806)
- e1c98b9 chore: bump actions/setup-go from 3 to 4 (#800)
- 12ee893 chore: bump k8s.io/client-go from 0.25.7 to 0.25.8 (#805)
- 916000f chore: bump github/codeql-action from 2.2.6 to 2.2.7 (#801)
- 1c2fa32 chore: update debian-iptables to bullseye-v1.5.3 (#796)
- ff5ba60 chore: bump controller-gen to v0.10.0 (#793)
- 9711a20 chore: bump github/codeql-action from 2.2.5 to 2.2.6 (#792)
- f08b7e2 chore: bump k8s.io/client-go from 0.25.6 to 0.25.7 (#780)
v1.0.0-beta.0
v1.0.0-beta.0 - 2023-03-01
Breaking Changes ⚠️
As of v1.0.0-alpha.0
release, the azure-workload-identity mutating admission webhook is defaulting to using failurePolicy: Fail
instead of Ignore
. With this change, we have added an object selector in the configuration to only intercept and mutate pods that have the azure.workload.identity/use: "true"
label. This change reduces the latency impact of the webhook and prevents workload pods that require the injected environment variables and projected service account token volume from starting in an unexpected state. Refer to issue for more details.
Changelog
Documentation 📘
Maintenance 🔧
- 24280eb chore: bump golang.org/x/net in /examples/azure-identity/go (#762)
- 1ae9e1b chore: bump github/codeql-action from 2.2.4 to 2.2.5 (#768)
- da629ad chore: bump golang.org/x/net in /examples/msal-go (#763)
- 48ea292 chore: bump golang.org/x/net from 0.4.0 to 0.7.0 (#765)
- eca1cad chore: bump golang.org/x/text in /examples/azure-identity/go (#761)
- 96522ab chore: bump golang.org/x/text from 0.3.7 to 0.3.8 in /examples/msal-go (#760)
- f0df5b4 chore: update debian-iptables to bullseye-v1.5.2 (#758)
- d7b7191 chore: bump github/codeql-action from 2.2.3 to 2.2.4 (#753)
- 4b8e2a4 chore: bump github/codeql-action from 2.2.2 to 2.2.3 (#745)
Testing 💚
v1.0.0-alpha.0
v1.0.0-alpha.0 - 2023-02-08
Breaking Changes ⚠️
As of v1.0.0-alpha.0
release, the azure-workload-identity mutating admission webhook is defaulting to using failurePolicy: Fail
instead of Ignore
. With this change, we have added an object selector in the configuration to only intercept and mutate pods that have the azure.workload.identity/use: "true"
label. This change reduces the latency impact of the webhook and prevents workload pods that require the injected environment variables and projected service account token volume from starting in an unexpected state. Refer to issue for more details.
Changelog
Bug Fixes 🐞
- 8372568 fix: use generate name in logs if pod name is empty (#706)
- 03e849e fix: explicitly set runAsNonRoot to false (#697) (#698)
Continuous Integration 💜
- 27e585a ci: add
--only-show-errors
in az upgrade to suppress warnings (#742) - 20e91d3 ci: add
-y
arg for az upgrade (#741) - d39ec1d ci: update tag validation to allow alpha/beta/rc (#738)
- 0ace9ec ci: update kubernetes version to v1.24 for aks (#718)
- 4332f08 ci: changed Azure cli install to an upgrade (#708)
Documentation 📘
- 0f2c75e docs: update docs for v1.0.0-alpha.0 release (#735)
- bb7170f docs: add aad-pod-identity migration to the docs(faq) (#732)
- cba0c38 docs: Update quick start doc for user assigned identity (#692)
- df6362a docs: update go sdk ref link (#684)
Features 🌈
- 8c37dc1 feat: remove pod/service account labeled check in webhook (#720)
- 305d10b feat: use cert ready checker for webhook readiness (#721)
- 653d013 feat: update webhook failure policy to Fail and set objectSelector (#695)
- 0befda9 feat: migrate proxy and webhook to mlog (#707)
- 4d5f063 feat: add azure-identity go example (#683)
Maintenance 🔧
- d2d9dcb chore: bump github/codeql-action from 2.2.1 to 2.2.2 (#739)
- e471d98 chore: use base and test image from
registry.k8s.io
(#737) - 5cc79ca chore: bump github.com/Azure/azure-sdk-for-go/sdk/azcore (#734)
- 48230a8 chore: complete migration to mlog and drop logrus (#729)
- 0035925 chore: bump github/codeql-action from 2.1.39 to 2.2.1 (#726)
- 9ba3fff chore: move to mlog.New and drop klog and logr as direct deps (#722)
- 216db84 chore: remove arc wiring and drop --arc-cluster flag from webhook (#723)
- 317bcc5 chore: bump k8s.io/kubernetes from 1.25.5 to 1.25.6 in /test/e2e (#717)
- e14d9a5 chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.21 to 0.9.22 (#713)
- fd5f060 chore: bump k8s.io/client-go from 0.25.5 to 0.25.6 (#712)
- b593022 chore: bump github/codeql-action from 2.1.38 to 2.1.39 (#711)
- e0bde85 chore: pin buildx version to
0.10.6
(#710) - 52e2382 chore: update golangci-lint to v1.50.0 (#700)
- a915e40 chore: bump github.com/sirupsen/logrus from 1.8.1 to 1.8.2 (#702)
- 50834a5 chore: bump github/codeql-action from 2.1.37 to 2.1.38 (#701)
- f41afae chore: bump jsonwebtoken from 8.5.1 to 9.0.0 in /examples/msal-node (#690)
- 257fd5d chore: bump jsonwebtoken and @azure/msal-node (#694)
- c3f08b3 chore: bump goreleaser/goreleaser-action from 3 to 4 (#679)
- aec2998 chore: bump github/codeql-action from 2.1.36 to 2.1.37 (#678)