Notable changes to 3scale Istio Mixer Adapter will be tracked in this document.
- Added CI tests for the ppc64le architecture. (#185)
- No longer require for OIDC flows to provide the application's
client_secretas theapp_keyparameter. (#188) - Go 1.16 compilation. (#187)
- Fixed a few minor warnings in the code. (#186)
- Support for specifying a set of root CAs via a PEM file (in addition to system CAs)
using the
ROOT_CAenvironment variable. (#181) - Support for specifying a client certificate and key via PEM files using the
CLIENT_CERTandCLIENT_KEYenvironment variables. (#181)
- The sample custom resources for JWT authentication in the README have been updated from Policy to RequestAuthentication. (#177)
- Examples for 3scale-config-gen in documentation where incorrectly spelled as 3scale-gen-config. (#178)
- The configuration for the failure policy (
BACKEND_CACHE_POLICY_FAIL_CLOSED) was not being taken into account and its default value was false rather than true. (#175) - Added missing documentation in the gRPC server for the flush intervals and
the failure policy, and removed the unused
THREESCALE_prefix. (#175)
- Updated dependencies on golang.org/x/text and golang.org/x/crypto to fix CVE-2020-14040 and CVE-2020-9283. (#171)
- An authorization cache which maintains local counters for rate limits and periodically flushes metrics to 3scale to increase performance. (#167)
- A ConfigMap to provide configuration to the gRPC adapter
(#164)
- A configuration option to the gRPC server (
USE_CACHED_BACKEND) to enable the authorization cache. - A configuration option to the gRPC server (
BACKEND_CACHE_FLUSH_INTERVAL_SECONDS) to set the interval at which metrics get reported from the cache to 3scale. - A configuration option to the gRPC server (
BACKEND_CACHE_POLICY_FAIL_CLOSED) to determine the fate of a request if 3scale Apisonator is unreachable.
- A configuration option to the gRPC server (
- Prometheus metrics for authorization cache (#162)
- Support for
lastand priority of mapping rules as defined in 3scale Porta (#150)
- Removal of
THREESCALE_prefix from existing environment variables (#164) - Metrics have been converged to include both Porta and Apisonator requests, differentiated by labels. (#162)
- Updated response codes to match HTTP equivalent, as returned by APIcast (#144) (#138) (#136)
- Issue with
helpcommand for CLI tool returning excess information from imported dependency. (#151)
- Updated dependencies on golang.org/x/text and golang.org/x/crypto to fix CVE-2020-14040 and CVE-2020-9283. (#171)
- A field to the handler params (
backend_url) to allow overriding the 3scale backend the adapter should reach out to. (#111)
- The CLI tool no longer panics when provided with a name that fails Kubernetes validation. (#113)
- A configuration option to the gRPC server (
THREESCALE_LOG_GRPC) to allow suppression of gRPC logging. A configuration option to the gRPC server (THREESCALE_GRPC_CONN_MAX_SECONDS) to allow setting specific keepalive parameters. (#104)
- The Kubernetes service is now headless to support client side load balancing.
The CLI tool now generates the connection address prefixed with
dns:///. (#104) - The dependency on Istio's
apiandistiopackages is now based on version1.1.8(#108)
- Support for reading a services 3scale service ID from the pod's label providing a service discovery mechanism.
This in turn requires a
nameflag to be added to the CLI tool. (#93) - A
namesapceflag has been added to the CLI tool to support multi-tenancy in Maistra. (#103)
- The CLI tool now generates different output:
The
destination.labels["service-mesh.3scale.net"]anddestination.labels["service-mesh.3scale.net/uid"]labels have been changed solely todestination.labels["service-mesh.3scale.net/credentials"]in order to support service discovery and thecontext.reporter.kind == "inbound"label has been added to match for ingress only traffic. (#93) - The Docker image is now built from RHEL 8's UBI minimal base image in place of Alpine image. The VERSION argument is derived at build time unless specified. (#98)
- In support of multi-tenancy in Maistra, the
namespacefield has been removed from the provided sample templates. (#103) - The removal of non-required labels and the reformatting of some existing labels has been made to Prometheus metrics reporting latency. (#105)
- The dependency on Istio's
apiandistiopackages is now based on version1.1.7(#107)
- Latency reports between the adapter and 3scale system are now reported correctly. (#105)
- The
github.com/3scale/3scale-istio-adapter/pkg/templatingpackage has been removed. In turn theservice,uidandfixupflags have been removed from the CLI. (#93)
- The OpenID Connect authentication pattern is now supported via Istio's end user authn and the CLI tool to generate templates can now generate an instance template supporting this pattern. The hybrid pattern has been updated to include OIDC as well. (#89)
- The CLI tool enables the so-called "fixup" mode when no explicit unique id is specified, so that automatic generation of identifierss from URLs are modified to comply with k8s format and rules. Now calling the tool without the --uid option will autoenable the --fixup one. (#91)
- The templates generated by the CLI tool now reference the right instance (#84)
- The templates generated by the CLI tool use lower case to match headers (#83)
- A segmentation fault caused by freeing a null pointer has been fixed by updating the 3scale backend client library to a newer release. (#81, #82)