Skip to content

v0.40.0

Choose a tag to compare

View all tags
@pinniped-ci-bot pinniped-ci-bot released this 04 Aug 20:06
v0.40.0
62dd4ab
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Release v0.40.0

Release Image

Image Registry
ghcr.io/vmware/pinniped/pinniped-server:v0.40.0 GitHub Container Registry
docker.io/getpinniped/pinniped-server:v0.40.0 DockerHub

These images can also be referenced by their digest: sha256:fb3c48175998700ecaaa629e05aacc79c7f1ac47f457655668ca8fb984ae5557.

Changes

This release adds new features to JWTAuthenticator and upgrades dependencies.

Major Changes

  • Starting with this release, container images for the release will no longer be pushed to ghcr.io/vmware-tanzu/pinniped/pinniped-server. For this release and for future releases, container images will be pushed to ghcr.io/vmware/pinniped/pinniped-server instead. This is because the Pinniped GitHub repository was recently moved from the vmware-tanzu GitHub organization to the vmware organization. GitHub automatically redirects most things from the old location to the new location, but not the container image repository. (#2526)
  • The Pinniped JWTAuthenticator has several new features which are meant to be similar to features found in Kubernetes AuthenticationConfiguration. (#2491) These are all expert user features and should be used with caution. See the Pinniped API docs for full documentation. The new features are:
    • spec.claimValidationRules: works like jwt[].claimValidationRules
    • spec.userValidationRules: works like jwt[].userValidationRules
    • spec.claims.usernameExpression: works like jwt[].claimMappings.username.expression
    • spec.claims.groupsExpression: works like jwt[].claimMappings.groups.expression
    • spec.claims.extra: works like jwt[].claimMappings.extra
      • Note that while these extras will be added to the client certificate issued by the Pinniped Concierge during end user login, Kubernetes will not respect these extras because Kubernetes has no mechanism for userInfo extras from a client cert. This will probably only be useful if you are using a custom auth proxy in front of Kubernetes.
      • Also note that unlike in Kubernetes structured auth, the keys for these extras in Pinniped are not allowed to contain the = character.

Minor Changes

Diffs

A complete list of changes (45 commits, 199 changed files with 9,549 additions and 1,229 deletions) can be found here.

Assets 13
Loading