Skip to content

Latest commit

 

History

History
590 lines (433 loc) · 43.4 KB

CHANGELOG.md

File metadata and controls

590 lines (433 loc) · 43.4 KB

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Unreleased

3.4.0 - 2018-12-11

3.4.0-rc2 was considered final and became 3.4.0.

3.4.0-rc2 - 2018-11-16

Fixed

  • Fix bug in the Default credentials policy. It was using the default credentials in some cases where it should not PR #954, THREESCALE-1547

3.4.0-rc1 - 2018-11-13

Fixed

  • Fix "nil" being added to the end of URL Path in some cases when using http_proxy PR #946

3.4.0-beta1 - 2018-10-24

Fixed

  • Fix APICAST_PROXY_HTTPS_PASSWORD_FILE and APICAST_PROXY_HTTPS_SESSION_REUSE parameters for Mutual SSL PR #927
  • The "allow" mode of the caching policy now accepts the request when it's authorization is not cached PR #934, THREESCALE-1396
  • When using SSL certs with path-based routing enabled, now APIcast falls backs to host-based routing instead of crashing PR #938, THREESCALE-1430
  • Fixed error that happened when loading certain configurations that use OIDC PR #940, THREESCALE-1289
  • The port is now included in the Host header when the request is proxied PR #942

Added

Changed

  • The threescale_backend_calls Prometheus metric now includes the response (used to be in backend_response) and also the kind of call (auth, authrep, report) PR #919, THREESCALE-1383
  • Performance improvement: replaced some varargs in hot paths PR #937

3.3.0 - 2018-10-05

3.3.0-cr2 was considered final and became 3.3.0.

  • The configuration schema of the rate-limit policy has changed from 3.2.0 so if you were using it, please adapt your configuration file accordingly.
  • The Native OAuth 2.0 flow is deprecated. Please consider using the OIDC integration instead.
  • The new conditional policy is considered experimental. The way conditions are expressed might change in future releases.

3.3.0-cr2 - 2018-09-25

Fixed

3.3.0-cr1 - 2018-09-14

Fixed

  • Set default errlog level when APICAST_LOG_LEVEL is empty PR #868
  • Correct JWT validation according to RFC 7523 Section 3. Like not required nbf claim. THREESCALE-583
  • Mismatch in OIDC issuer when loading configuration through a configuration file PR #872
  • When the 3scale referrer filters was enabled, cached requests were not handled correctly PR #875
  • Invalid SNI when connecting to 3scale backend over HTTPS THREESCALE-1269
  • Fix handling --pid and --signal on the CLI PR #880
  • Some policies did not have access to the vars exposed when using Liquid (uri, path, etc.) PR #891
  • Fix error when loading certain configurations that use OIDC PR #893
  • Fix error that appeared when combining the liquid context debug policy with policies that contain liquid templates PR #895
  • Thread safety issues when rendering Liquid templates PR #896

Added

  • Expose http_method in Liquid PR #888
  • Print error message when OIDC configuration is missing for a request PR #894
  • Print whole stderr in 4k chunks when executing external commands PR #894

3.3.0-beta2 - 2018-09-03

Fixed

  • Capture permission errors when searching for files on filesystem PR #865

3.3.0-beta1 - 2018-08-31

Added

Changed

  • THREESCALE_PORTAL_ENDPOINT and THREESCALE_CONFIG_FILE are not required anymore PR #702
  • The scope of the Rate Limit policy is service by default PR #704
  • Decoded JWTs are now exposed in the policies context by the APIcast policy PR #718
  • Upgraded OpenResty to 1.13.6.2, uses OpenSSL 1.1 PR #733
  • Use forked resty.limit.count that uses increments instead of decrements PR #758, PR 843
  • Rate Limit policy to take into account changes in the config PR #703
  • The regular expression for mapping rules has been changed, so that special characters are accepted in the wildcard values for path PR #714
  • Call init and init_worker on all available policies regardless they are used or not PR #770
  • Cache loaded policies. Loading one policy several times will use the same instance PR #770
  • Load all policies into cache when starting APIcast master process. PR #770
  • init and init_worker phases are executed on the policy module, not the instance of a policy with a configuration PR #770
  • timer_resolution set only in development environment PR #815
  • The rate-limit policy, when redis_url is empty, now applies per-gateway limits instead of trying to use a localhost Redis PR #842
  • Changed the display name of some policies. This only affects how the name shows in the UI THREESCALE-1232

Fixed

  • Do not crash when initializing unreachable/invalid DNS resolver PR #730
  • Reporting only 50% calls to 3scale backend when using OIDC PR #774, THREESCALE-1080
  • Building container image on OpenShift 3.9 PR #810, THREESCALE-1138
  • Rate Limit policy to define multiple limiters of the same type PR #825
  • Fix exclusiveMinimum field for conn property in the rate-limit JSON schema PR #832
  • Skip invalid policies in the policy chain PR #854

3.2.1 - 2018-06-26

Changed

  • APICAST_BACKEND_CACHE_HANDLER environment variable is now deprecated. Use caching policy instead. APICAST_CUSTOM_CONFIG, APICAST_MODULE environment variables are now deprecated. Use policies instead. PR #746, THREESCALE-1034
  • Path routing feature enabled by the APICAST_PATH_ROUTING environment variable is not considered experimental anymore.

Fixed

  • Reporting only 50% calls to 3scale backend when using OIDC PR #779

3.2.0 - 2018-06-04

3.2.0-rc2 was considered final and became 3.2.0.

3.2.0-rc2 - 2018-05-11

Added

  • Default value for the caching_type attribute of the caching policy config schema #691, THREESCALE-845

Fixed

  • Fixed set of valid values for the exit param of the Echo policy PR #684

Changed

  • The schema of the rate-limit policy has been adapted so it can be rendered by react-jsonschema-form, a library used in the 3scale UI. This is a breaking change. PR #696, THREESCALE-888
  • The upstream policy now performs the rule matching in the rewrite phase. This allows combining it with the URL rewriting policy – upstream policy regex will be matched against the original path if upstream policy is placed before URL rewriting in the policy chain, and against the rewritten path otherwise PR #690, THREESCALE-852

3.2.0-rc1 - 2018-04-24

Added

Fixed

  • export() now works correctly in policies of the local chain PR #673
  • caching policy now works correctly when placed after the apicast policy in the chain PR #674
  • OpenTracing support PR #669

Changed

  • descriptions in oneOfs in policy manifests have been replaced with titles PR #663
  • resty.balancer doesn't fall back to the port 80 by default. If the port is missing, apicast.balancer sets the default port for the scheme of the proxy_pass URL PR #662

3.2.0-beta3 - 2018-03-20

Fixed

  • ljsonschema is only used in testing but was required in production also PR #660

3.2.0-beta2 - 2018-03-19

Added

  • New property summary in the policy manifests PR #633
  • OAuth2.0 Token Introspection policy PR #619
  • New metrics phase that runs when prometheus is collecting metrics PR #629
  • Validation of policy configs both in integration and unit tests PR #646
  • Option to avoid refreshing the config when using the lazy loader with APICAST_CONFIGURATION_CACHE < 0 PR #657

Fixed

  • Error loading policy chain configuration JSON with null value PR #626
  • Splitted resolv.conf in lines,to avoid commented lines PR #618
  • Avoid nameserver repetion from RESOLVER variable and resolv.conf file PR #636
  • Bug in URL rewriting policy that ignored the commands attribute in the policy manifest PR #641
  • Skip comentaries after search values in resolv.conf PR #635
  • Bug that prevented using CONFIGURATION_CACHE_LOADER=boot without specifying APICAST_CONFIGURATION_CACHE in staging PR #651, THREESCALE-756.
  • typ is verified when it's present in keycloak tokens PR #658

Changed

  • summary is now required in policy manifests PR #655

3.2.0-beta1 - 2018-02-20

Added

  • Definition of JSON schemas for policy configurations PR #522, PR #601
  • URL rewriting policy PR #529, THREESCALE-618
  • Liquid template can find files in current folder too PR #533
  • bin/apicast respects APICAST_OPENRESTY_BINARY and TEST_NGINX_BINARY environment PR #540
  • Caching policy PR #546, PR #558, THREESCALE-587, THREESCALE-550
  • New phase: content for generating content or getting the upstream response PR #535
  • Upstream policy PR #562, THREESCALE-296
  • Policy JSON manifest PR #565
  • SOAP policy PR #567, THREESCALE-553
  • Ability to set custom directories to load policies from PR #581
  • CLI is running with proper log level set by APICAST_LOG_LEVEL PR #585
  • 3scale configuration (staging/production) can be passed as -3 or --channel on the CLI PR #590
  • APIcast CLI loads environments defined by APICAST_ENVIRONMENT variable PR #590
  • Endpoint in management API to retrieve all the JSON manifests of the policies PR #592
  • Development environment (--dev) starts with Echo policy unless some configuration is passed PR #593
  • Added support for passing whole configuration as Data URL PR #593
  • More complete global environment when loading environment policies PR #596
  • Support for Client Certificate authentication with upstream servers PR #610, THREESCALE-328

Fixed

  • Detecting local rover installation from the CLI PR #519
  • Use more command instead of which to work in plain shell PR #521
  • Fixed rockspec so APIcast can be installed by luarocks PR #523, PR #538
  • Fix loading renamed APIcast code PR #525
  • Fix apicast command when installed from luarocks PR #527
  • Fix lua docs formatting in the CORS policy PR #530
  • post_action phase not being called in the policy_chain PR #539
  • Failing to execute libexec/boot on some systems PR #544
  • Detect number of CPU cores in containers by using nproc PR #554
  • Running with development config in Docker PR #555
  • Fix setting twice the headers in a pre-flight request in the CORS policy PR #570
  • Fix case where debug headers are returned without enabling the option PR #577
  • Fix errors loading openresty libraries when rover is active PR #598
  • Passthrough "invalid" headers PR #612, THREESCALE-630
  • Fix using relative path for access and error log THREESCALE-1090

Changed

  • Consolidate apicast-0.1-0.rockspec into apicast-scm-1.rockspec PR #526
  • Deprecated Configuration.extract_usage in favor of Service.get_usage PR #531
  • Extract Test::APIcast to own package on CPAN PR #528
  • Load policies by the APIcast loader instead of changing load path PR #532, PR #536
  • Add src directory to the Lua load path when using CLI PR #533
  • Move rejection reason parsing from CacheHandler to Proxy PR #541
  • Propagate full package.path and cpath from the CLI to Nginx PR #538
  • post_action phase now shares ngx.ctx with the main request PR #539
  • Decrease nginx timer resolution to improve performance and enable PCRE JIT PR #543
  • Moved proxy_pass into new internal location @upstream PR #535
  • Split 3scale authorization to rewrite and access phase PR #556
  • Extract mapping_rule module from the configuration module PR #571
  • Renamed apicast/policy/policy.lua to apicast/policy.lua PR #569
  • Sandbox loading policies PR #566
  • Extracted usage and mapping_rules_matcher modules so they can be used from policies PR #580
  • Renamed all apicast/policy/*/policy.lua to apicast/policy/*/init.lua to match Lua naming PR #579
  • Environment configuration can now define the configuration loader or cache PR #590.
  • APIcast starts with "boot" configuration loader by default (because production is the default environment) PR #590.
  • Deprecated APICAST_SERVICES in favor of APICAST_SERVICES_LIST but provides backwards compatibility PR #549
  • Deprecated APICAST_PATH_ROUTING_ENABLED in favor of APICAST_PATH_ROUTING but provides backwards compatibility PR #549

3.2.0-alpha2 - 2017-11-30

Added

  • New policy chains system. This allows users to write custom policies to configure what Apicast can do on each of the Nginx phases PR #450, THREESCALE-553
  • Resolver can resolve nginx upstreams PR #478
  • Add resolver directive in the nginx configuration PR #508
  • Calls 3scale backend with the 'no_body' option enabled. This reduces network traffic in cases where APIcast does not need to parse the response body PR #483
  • Methods to modify policy chains PR #505
  • Ability to load several environment configurations PR #504
  • Ability to configure policy chain from the environment configuration PR #496
  • Load environment variables defined in the configuration PR #507
  • Allow configuration of the echo/management/fake backend ports PR #506
  • Headers policy PR #497, THREESCALE-552
  • CORS policy PR #487, THREESCALE-279
  • Detect number of CPU shares when running on Kubernetes PR #600

Changed

  • Namespace all APIcast code in apicast folder. Possible BREAKING CHANGE for some customizations. PR #486
  • CLI ignores environment variables that are empty strings PR #504

Fixed

  • Loading installed luarocks from outside rover PR #503
  • Support IPv6 addresses in /etc/resolv.conf PR #511
  • Fix possible 100% CPU usage when starting APIcast and manipulating filesystem PR #547

3.2.0-alpha1

Added

  • Experimental option for true out of band reporting (APICAST_REPORTING_WORKERS) PR #290, THREESCALE-365
  • /status/info endpoint to the Management API PR #290
  • /_threescale/healthz endpoint returns a success status code, this is used for health checking in kubernetes environments PR #285
  • Usage limit errors are now configurable to distinguish them from other authorization errors PR #453, THREESCALE-638.
  • Templating nginx configuration with liquid. PR #449

Changed

  • Upgraded to OpenResty 1.11.2.5-1 PR #428
  • /oauth/token endpoint returns an error status code, when the access token couldn't be stored in 3scale backend PR #436]
  • URI params in POST requests are now taken into account when matching mapping rules PR #437
  • Increased number of background timers and connections in the cosocket pool PR #290
  • Make OAuth tokens TTL configurable PR #448
  • Detect when being executed in Test::Nginx and use default backend accordingly PR #458
  • Update the s2i-openresty image to have the same path (/opt/app-root/src) in all images PR #460
  • Launcher scripts are now Perl + Lua instead of Shell PR #449
  • Unify how to connect to 3scale backend PR #456
  • Upgraded OpenResty to 1.13.6.1 PR #480, THREESCALE-362

Fixed

  • Request headers are not passed to the backend, preventing sending invalid Content-Type to the access token store endpoint PR #433, THREESCALE-372
  • Live and ready endpoints now set correct Content-Type header in the responsePR #441, THREESCALE-377

3.1.0 - 2017-10-27

  • 3.1.0-rc2 was considered final and became 3.1.0.

3.1.0-rc2 - 2017-09-29

Fixed

  • Request headers are not passed to the backend, preventing sending invalid Content-Type to the access token store endpoint PR #433

3.1.0-rc1 - 2017-09-14

Added

  • Support for extending APIcast location block with snippets of nginx configuration PR #407

Fixed

  • Crash on empty OIDC Issuer endpoint PR #408
  • Handle partial credentials PR #409
  • Crash when configuration endpoint was missing PR #417
  • Fix double queries to not fully qualified domains PR #419
  • Fix caching DNS queries with scope (like on OpenShift) PR #420

Changed

  • THREESCALE_DEPLOYMENT_ENV defaults to production PR #406
  • OIDC is now used based on settings on the API Manager PR #405
  • No limit on body size from the client sent to the server PR #410
  • Print module loading errors only when it failed to load PR #415
  • bin/busted rewritten to support different working directories PR #418
  • dnsmasq started in docker will not forward queries without domain PR #421

3.1.0-beta2 - 2017-08-21

Added

  • Ability to configure how to cache backend authorizations PR #396

Fixed

3.1.0-beta1 - 2017-07-21

Fixed

Changed

  • APIcast module balancer method now accepts optional balancer PR #362
  • Extracted lua-resty-url PR #384
  • Extracted lua-resty-env PR #386
  • Do not load all services when APICAST_SERVICES is set PR #388

Added

Removed

  • Keycloak / RH SSO integration replaced with OIDC PR #382

3.1.0-alpha1 - 2017-05-05

Changed

Added

  • Experimental caching proxy to the http client PR #357

Changed

  • Print better errors when module loading fails PR #360

3.0.0 - 2017-04-04

Added

  • Support for loading configration from custom URL PR #323
  • Turn on SSL/TLS validation by OPENSSL_VERIFY environment variable PR #332
  • Load trusted CA chain certificates PR #332
  • Support HTTP Basic authentication for client credentials when authorizing with RH-SSO PR #336
  • Show more information about the error when the module load fails PR #348

Changed

  • Use RESOLVER before falling back to resolv.conf PR #324
  • Improve error logging when failing to download configuration PR #335
  • Service hostnames are normalized to lower case PR #336
  • Don't attempt to perform post_action when request was handled without authentication PR #343
  • Store authorization responses with a ttl, if sent PR #341

Fixed

  • Do not return stale service configuration when new one is available PR #333
  • Memory leak in every request PR #339
  • Remove unnecessary code and comments PR #344
  • JWT expiry not taken into account in authorization response cache PR #283 / Issue #309 / Fixed by PR #341
  • Memory leak in round robin balancer PR #345
  • Error when trying to determine status of failed request when downloading configuration PR #350

3.0.0-beta3 - 2017-03-20

Changed

  • Use per request configuration when cache is disabled PR #289
  • Automatically expose all environment variables starting with APICAST_ or THREESCALE_ to nginx PR #292
  • Error log to show why downloading configuration failed PR #306

Added

  • Backend HTTP client that uses cosockets PR #295
  • Ability to customize main section of nginx configuration (and expose more env variables) PR #292
  • Ability to lock service to specific configuration version PR #293
  • Ability to use Redis DB and password via REDIS_URL PR #303
  • Ability to Authenticate against API using RHSSO and OpenID Connect PR #283

Fixed

  • http_ng client supports auth passsed in the url, and default client options if the request options are missing for methods with body (POST, PUT, etc.) PR #310
  • Fixed lazy configuration loader to recover from failures PR #313
  • Fixed undefined variable p in post_action PR #316
  • Fixed caching of negative ttl by dnsmasq PR #318

Removed

  • Removed support for sending Request logs PR #296
  • Support for parallel DNS query PR #311

Known Issues

  • JWT expiry not taken into account in authorization response cache PR #283 / Issue #309

3.0.0-beta2 - 2017-03-08

Fixed

  • Reloading of configuration with every request when cache is disabled PR #287
  • Auth caching is not used when OAuth method is used PR #304

3.0.0-beta1 - 2017-03-03

Changed

  • Lazy load DNS resolver to improve performance PR #251
  • Execute queries to all defined nameservers in parallel PR #260
  • RESOLVER ENV variable overrides all other nameservers detected from /etc/resolv.conf PR #260
  • Use stale DNS cache when there is a query in progress for that record PR #260
  • Bump s2i-openresty to 1.11.2.2-2 PR #260
  • Echo API on port 8081 listens accepts any Host PR #268
  • Always use DNS search scopes PR #271
  • Reduce use of global objects PR #273
  • Configuration is using LRU cache PR #274
  • Management API not opened by default PR #276
  • Management API returns ready status with no services PR #

Added

  • Danger bot to check for consistency in Pull Requests PR #265
  • Start local caching DNS server in the container PR #260
  • Management API to show the DNS cache PR #260
  • Extract correct Host header from the backend endpoint when backend host not provided PR #267
  • APICAST_CONFIGURATION_CACHE environment variable PR #270
  • APICAST_CONFIGURATION_LOADER environment variable PR #270

Removed

  • Support for downloading configuration via curl PR #266
  • AUTO_UPDATE_INTERVAL environment variable PR #270
  • APICAST_RELOAD_CONFIG environment variable PR #270
  • APICAST_MISSING_CONFIGURATION environment variable PR #270

3.0.0-alpha2 - 2017-02-06

Added

  • A way to override backend endpoint PR #248

Changed

  • Cache all calls to os.getenv via custom module PR #231
  • Bump s2i-openresty to 1.11.2.2-1 PR #239
  • Use resty-resolver over nginx resolver for HTTP PR #237
  • Use resty-resolver over nginx resolver for Redis PR #237
  • Internal change to reduce global state PR #233

Fixed

  • [OAuth] Return correct state value back to client

Removed

  • Nginx resolver directive auto detection. Rely on internal DNS resolver PR #237

3.0.0-alpha1 - 2017-01-16

Added

  • A CHANGELOG.md to track important changes
  • User-Agent header with APIcast version and system information PR #214
  • Try to load configuration from V2 API PR #193

Changed

  • Require openresty 1.11.2 PR #194
  • moved development from v2 branch to master PR #209
  • X-3scale-Debug HTTP header now uses Service Token PR #217

2.0.0 - 2016-11-29

Changed

  • Major rewrite using JSON configuration instead of code generation.