v0.2.0
·
1179 commits
to main
since this release
What's Changed
- Script and process to generate OIDC config from federation directory. by @dlorenc in #139
- Add missing code of conduct (stock sigstore one) by @lukehinds in #153
- makefile: add rule to download and set swagger and make rule to build the dist by @cpanato in #154
- Bump cloud.google.com/go from 0.88.0 to 0.89.0 by @dependabot in #156
- fulcio: add version command by @cpanato in #155
- Bump cloud.google.com/go from 0.89.0 to 0.90.0 by @dependabot in #158
- Bump golang from 1.16.6 to 1.16.7 by @dependabot in #159
- Bump go.uber.org/zap from 1.18.1 to 1.19.0 by @dependabot in #160
- Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 by @dependabot in #161
- Bump cloud.google.com/go from 0.90.0 to 0.91.1 by @dependabot in #162
- add SCT as HTTP response header by @bobcallaway in #163
- Bump cloud.google.com/go from 0.91.1 to 0.92.3 by @dependabot in #167
- Bump golang from 1.16.7 to 1.17.0 by @dependabot in #166
- Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 by @dependabot in #168
- Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 by @dependabot in #169
- Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 by @dependabot in #171
- Switch to the JSON logger in prod by @dlorenc in #175
- Generate client code with swagger in Makefile by @priyawadhwa in #176
- Fix misspellings. by @msuozzo in #177
- Bump go.uber.org/zap from 1.19.0 to 1.19.1 by @dependabot in #178
- Bump golang from 1.17.0 to 1.17.1 by @dependabot in #179
- Add support for Github OIDC by @mattmoor in #180
- Bump github.com/ThalesIgnite/crypto11 from 1.2.4 to 1.2.5 by @dependabot in #182
- Add Github to
fulciocapath. by @mattmoor in #184 - Changes fulcio-server to fulcio by @jyotsna-penumaka in #186
- Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 by @dependabot in #185
- Add GitHub OIDC to Fulcio by @dlorenc in #181
- Bump github.com/coreos/go-oidc/v3 from 3.0.0 to 3.1.0 by @dependabot in #188
- Bump github.com/spf13/viper from 1.8.1 to 1.9.0 by @dependabot in #189
- add pkcs11-config-path command line parameter by @avoidik in #192
- Bump golang from 1.17.1 to 1.17.2 by @dependabot in #197
- Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 by @dependabot in #199
- Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 by @dependabot in #200
- Implement basic AWS CloudHSM support for root CA creation + rewrite "FulcioCA" to "PKCS11CA" by @mbestavros in #187
- update go.sum by @bobcallaway in #205
- Fix the Github OIDC challenge endpoint by @mattmoor in #206
- Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 by @dependabot in #198
- Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 by @dependabot in #201
- Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 by @dependabot in #202
- Bump actions/checkout from 2.3.4 to 2.3.5 by @dependabot in #207
- use request ID logger where possible by @bobcallaway in #209
- Extract the OIDC issuer URL. by @mattmoor in #211
- Reproducible builds with trimpath by @naveensrinivasan in #210
- bump go-swagger to v0.28.0 by @bobcallaway in #213
- Add issuer information to code signing certificates by @bobcallaway in #204
- Refactor the kind e2e test. by @mattmoor in #215
- use sigstore/sigstore instead of directly calling RSA/ECDSA verify calls by @bobcallaway in #221
- Fulcio e2e testing / K8s OIDC /
ephemeralcaby @mattmoor in #219 - Refactor the way we access
Configby @mattmoor in #222 - Remove the cluster-local block by default. by @mattmoor in #224
- Add support for "meta issuers". by @mattmoor in #223
- Use MetaIssuers to simulate EKS / GKE in e2e test. by @mattmoor in #225
- Various nits trying SoftHSM by @mattmoor in #217
- Bump github.com/hashicorp/golang-lru from 0.5.3 to 0.5.4 by @dependabot in #227
- Bump github.com/go-openapi/strfmt from 0.20.3 to 0.21.0 by @dependabot in #226
- Add support for recoginizing allow.pub as an spiffe issuer by @evanphx in #228
- Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 by @dependabot in #229
- break out CA-specific implementation from common API class by @bobcallaway in #220
- Bump actions/checkout from 2.3.5 to 2.4.0 by @dependabot in #233
- Bump golang from 1.17.2 to 1.17.3 by @dependabot in #234
- Fix nil pointer, update dev docs by @vaikas in #236
- fix cutpaste error, sets cpu correctly by @vaikas in #237
- Add commit sha and trigger to github workflow by @asraa in #232
- Bump github.com/sigstore/sigstore from 1.0.0 to 1.0.1 by @dependabot in #239
- Use
CGO_ENABLED=1via.ko.yaml. by @mattmoor in #242 - Fix street-address and postal-code descriptions to be more descriptive. by @vaikas in #245
- Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 by @dependabot in #247
- fix: go install complain missing version when dir not in module by @tuananh in #248
- Bump cloud.google.com/go/security from 0.1.0 to 1.1.0 by @dependabot in #246
- plumb through !cgo golang tags that removes pkcs11 support by @vaikas in #244
- Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #218
- Thread
FulcioConfigthrough from main viactxby @mattmoor in #249 - [Correction] Upgrade fulcios to use of the google privateca api at v1 by @n3wscott in #252
- Fix the k8s subject parsing. by @dlorenc in #254
- Consolidate
viperusage inpkg/ca/ca.goby @mattmoor in #255 - Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 by @dependabot in #256
- Remove
viperfrompkg/. by @mattmoor in #257 - Drop gratuitous
sync.Oncein google CAs. by @mattmoor in #258 - Drop useless package. by @mattmoor in #259
- The v1 GCP CA requires this field to be set. by @dlorenc in #260
- Move the deployment to the new v1 cert. by @dlorenc in #261
- Consolidate the source-of-truth. by @mattmoor in #263
- add the ability to set the user-agent string on requests from the
Clientby @dekkagaijin in #264 - Bump golang from 1.17.3 to 1.17.4 by @dependabot in #265
- Drop OpenAPI from Fulcio by @mattmoor in #262
- While working on #267 noticed this, but didn't want to bake into it. by @vaikas in #268
- Wrap the server with the Prometheus so we get metrics + add an e2e te… by @vaikas in #267
- Bump github.com/prometheus/common from 0.29.0 to 0.32.1 by @dependabot in #270
- Bump golang from 1.17.4 to 1.17.5 by @dependabot in #269
- Make client request timeout configurable with
WithTimeoutclient option by @nsmith5 in #272 - Localize flags to each subcommand by @nsmith5 in #274
- Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 by @dependabot in #278
- Bump github.com/spf13/viper from 1.10.0 to 1.10.1 by @dependabot in #283
- Do not close the PKCS11 context on startup by @rgerganov in #282
- Fail fast if private key is not found when using PKCS11 CA by @rgerganov in #285
- Update readme for V1 CA Service by @haydentherapper in #286
- Add a Root Cert method to the CA interface, and implement it. by @dlorenc in #287
- add usersnames list to the codeonwers to make it easier to check by @cpanato in #295
- Add back support for building with CGO_ENABLED=0 by @vaikas in #293
- Add RootCert method to client + tests by @vaikas in #290
- Fix the SCT header return value from the API to base64 encode it. by @dlorenc in #288
- Add documentation for testing with
ephemeralca. Document RootCert method by @vaikas in #296 - Handle error when there are no roots returned by CA Service by @haydentherapper in #298
- Change ports for docker compose to avoid conflict with Rekor by @haydentherapper in #297
- Bump github.com/sigstore/sigstore from 1.0.1 to 1.1.0 by @dependabot in #299
- Add file backed certificate authority by @nsmith5 in #280
- add oid documentation by @bobcallaway in #307
- Bump go.uber.org/zap from 1.19.1 to 1.20.0 by @dependabot in #313
- Bump cloud.google.com/go/security from 1.1.0 to 1.1.1 by @dependabot in #312
- Remove hack/tools by @nsmith5 in #308
- Enable server settings via config file and env vars by @jdolitsky in #315
- Extract additional claims from github-workflow token by @ckotzbauer in #306
- Add Locust load test and README by @haydentherapper in #311
- Bump google.golang.org/api from 0.63.0 to 0.64.0 by @dependabot in #318
- Switch to use fileca in e2e tests by @jdolitsky in #309
- Bump golang from 1.17.5 to 1.17.6 by @dependabot in #317
- Bump go.step.sm/crypto from 0.13.0 to 0.14.0 by @dependabot in #319
- Fix docker-compose dexidp startup by @haydentherapper in #316
- release: add cloudbuild to run the release for fulcio by @cpanato in #322
- pin github actions by digest instead of tag by @bobcallaway in #323
- Bump golang from
8c0269dto0fa6504by @dependabot in #326 - add OSSF scorecard action by @bobcallaway in #328
- Bump google.golang.org/api from 0.64.0 to 0.65.0 by @dependabot in #321
- pin one additional set of actions by @bobcallaway in #329
- Bump ossf/scorecard-action from 0fe1afdc40f536c78e3dc69147b91b3ecec2cc8a to 1.0.1 by @dependabot in #331
- Remove root CA whitespaces on README.md by @ereslibre in #325
- Update github/codeql-action requirement to 8a4b243fbf9a03a93e93a71c1ec257347041f9c4 by @dependabot in #332
- Bump github.com/google/go-cmp from 0.5.6 to 0.5.7 by @dependabot in #334
- Bump github.com/prometheus/client_golang from 1.11.0 to 1.12.0 by @dependabot in #333
- Set max request size to 4MiB by @nsmith5 in #338
- Support intermediate CA with
filecabackend by @nsmith5 in #320 - Add some reasonable timeouts to API server by @nsmith5 in #337
- Add chain in response for all CAs, fix newlines in response by @haydentherapper in #341
- fix link for SECURITY.md by @k4leung4 in #340
- Generate subject key ID correctly for non-GCP certs by @haydentherapper in #345
- update to v1.0.29 of codeql-action (including comments) by @bobcallaway in #344
- Bump ossf/scorecard-action from 1.0.1 to 1.0.2 by @dependabot in #347
- Remove Google CA v1beta1 API and associated config by @znewman01 in #349
- Bump github/codeql-action from 1.0.28 to 1.0.30 by @dependabot in #346
- createca: Address panic when no private key pair matches by @tstromberg in #351
- Bump golang from
0fa6504tod7f2f6fby @dependabot in #352 - Initialize CT log client once by @nsmith5 in #350
- Make the the invalid CA error message actionable by @tstromberg in #356
- Bump go.step.sm/crypto from 0.14.0 to 0.15.0 by @dependabot in #359
- Bump golang from
d7f2f6fto301609eby @dependabot in #358 - Update README for V1 Fulcio cert by @haydentherapper in #355
- Improve error message when an invalid OIDC issuer is provided by @tstromberg in #357
- Make CA explicit dependency of API handler by @nsmith5 in #354
- Include instructions to download verify the fulcio root certificate with TUF by @asraa in #361
- Bump github.com/prometheus/client_golang from 1.12.0 to 1.12.1 by @dependabot in #362
- Bump google.golang.org/api from 0.65.0 to 0.66.0 by @dependabot in #363
- Bump go.step.sm/crypto from 0.15.0 to 0.15.1 by @dependabot in #377
- Address signingCert panic with the last-byte calculation of finalChainPEM by @tstromberg in #370
- Upgrade miekg/pkcs11 library from v1.0.3 to v1.1.1 by @tstromberg in #376
- Move OID information to docs directory and reformat by @nsmith5 in #378
- Bump ossf/scorecard-action from 1.0.2 to 1.0.3 by @dependabot in #367
- Move sec model out of readme by @nsmith5 in #382
- Bump github/codeql-action from 1.0.30 to 1.0.31 by @dependabot in #366
- Add Logo to README by @nsmith5 in #381
- Bump google.golang.org/api from 0.66.0 to 0.67.0 by @dependabot in #385
- Move CTL logging logic over to CTL package by @nsmith5 in #353
- Document the certificate issuing process by @nsmith5 in #383
- Add AKS as a meta issuer by @tcnghia in #384
- Allow parameterized application/json content types by @loosebazooka in #386
- Improve error messages returned by SigningCert by @tstromberg in #388
- Update warning text. by @dlorenc in #389
- Remove organization from subject for GCP CAS issuer by @haydentherapper in #391
- Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #392
- Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #393
- Count HTTP request error codes with prometheus by @priyawadhwa in #396
- Bump google.golang.org/api from 0.67.0 to 0.68.0 by @dependabot in #399
- Add feature stability and deprecation docs by @priyawadhwa in #400
- Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #402
- Bump golang from
301609etofff998dby @dependabot in #401 - Bump golang from 1.17.6 to 1.17.7 by @dependabot in #403
- update cross-build to use go 1.17.7 by @cpanato in #404
- Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #406
- Bump cloud.google.com/go/security from 1.1.1 to 1.2.0 by @dependabot in #408
- Fixing link to external resources by @endorama in #411
- Bump google.golang.org/api from 0.68.0 to 0.69.0 by @dependabot in #412
- add securityContext to deployment by @k4leung4 in #420
- Extract CA/KMS support from README by @endorama in #409
- Add unit tests for oidc-EmailFromIDToken method by @elizabetht in #413
- Return an error if we fail get get the Root cert. by @vaikas in #416
- drop -dev suffix for namespace and service account. by @k4leung4 in #418
- Extract development documentation from README by @endorama in #410
- Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #424
- Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #425
- Bump golang from
1a35cc2to2c92978by @dependabot in #423 - create namespace as part of config yaml by @k4leung4 in #422
- Bump golang from
2c92978toe06c834by @dependabot in #426 - Take advantage of Chainguard maintained versions of various actions. by @mattmoor in #427
- Automate release by @k4leung4 in #407
- Add missing testing dependency by @nsmith5 in #429
- Bump google.golang.org/api from 0.69.0 to 0.70.0 by @dependabot in #432
- explicitly set permissions for github workflows by @k4leung4 in #433
- Bump cloud.google.com/go/security from 1.2.0 to 1.2.1 by @dependabot in #431
- add indent to fix yaml error by @bobcallaway in #434
- Bump github.com/magiconair/properties from 1.8.5 to 1.8.6 by @dependabot in #436
- Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #435
- Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #438
- Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #439
- Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #440
- Bump golang from
e06c834toc2ca472by @dependabot in #442 - Bump actions/checkout from 2 to 3 by @dependabot in #443
- Mirror signed release images from GCR to GHCR as part of release with Cloud Build. by @k4leung4 in #441
- Move CI private-ca YAML to subdir by @k4leung4 in #446
- Bump golang from
c2ca472tob983574by @dependabot in #447 - Bump cloud.google.com/go/security from 1.2.1 to 1.3.0 by @dependabot in #448
- add missing target name for cosign copy by @k4leung4 in #450
- Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #453
- Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #452
- Add codecov as github action. by @k4leung4 in #449
- add changelog for release 0.2.0 by @cpanato in #454
- Generate release yaml for non-CI builds. by @k4leung4 in #445
- update action to use git hash by @cpanato in #456
- release: dont upload local directory by @cpanato in #459
- Bump go.step.sm/crypto from 0.15.1 to 0.15.2 by @dependabot in #458
- Bump golang from
0168c35toca70980by @dependabot in #457 - grant cloud build permissions to github action sa by @k4leung4 in #460
- Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #461
- update dir name after endpoint update. by @k4leung4 in #462
- Bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 by @dependabot in #464
- Bump google.golang.org/api from 0.70.0 to 0.71.0 by @dependabot in #465
- release: fix sed to update the manifests by @cpanato in #466
- Bump golang from
ca70980toc7c9458by @dependabot in #468 - Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #469
- Add documentation for OIDC configuration and tokens by @haydentherapper in #467
- Add URI OIDC type to support URI subjects by @haydentherapper in #455
- fix sed and update job by @cpanato in #470
- Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #471
New Contributors
- @msuozzo made their first contribution in #177
- @mattmoor made their first contribution in #180
- @jyotsna-penumaka made their first contribution in #186
- @avoidik made their first contribution in #192
- @mbestavros made their first contribution in #187
- @naveensrinivasan made their first contribution in #210
- @evanphx made their first contribution in #228
- @vaikas made their first contribution in #236
- @asraa made their first contribution in #232
- @tuananh made their first contribution in #248
- @n3wscott made their first contribution in #218
- @nsmith5 made their first contribution in #272
- @rgerganov made their first contribution in #282
- @haydentherapper made their first contribution in #286
- @jdolitsky made their first contribution in #315
- @ckotzbauer made their first contribution in #306
- @ereslibre made their first contribution in #325
- @k4leung4 made their first contribution in #340
- @znewman01 made their first contribution in #349
- @tstromberg made their first contribution in #351
- @tcnghia made their first contribution in #384
- @elizabetht made their first contribution in #413
Full Changelog: v0.1.1...v0.2.0
Thanks for all contributors!
Contributors
evanphx, ereslibre, and 29 other contributors