What's Changed

• chore(deps): Bump docker/build-push-action from 5.1.0 to 5.3.0 by @dependabot in #306
• chore(deps): Bump docker/login-action from 3.0.0 to 3.1.0 by @dependabot in #305
• chore(deps): Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 by @dependabot in #302
• chore(deps): Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #312
• chore(deps): Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 by @dependabot in #309
• CI: added golangci-lint to the go.yml workflow by @jaydee029 in #311
• linting(fixes): unused func/var/methods removed by @jaydee029 in #315
• chore: add community meeting ics file by @akshay196 in #322
• fix: unable to create/update project when roles specified by @akshay196 in #314
• chore(deps): Bump docker/login-action from 3.1.0 to 3.2.0 by @dependabot in #325
• Update README.md by @t-cool in #324
• adding permissions for cli.config.read and code fix for non admin use… by @niravparikh05 in #313
• chore(deps): Bump golangci/golangci-lint-action from 4 to 6 by @dependabot in #319
• chore(deps): Bump aquasecurity/trivy-action from 0.19.0 to 0.21.0 by @dependabot in #323
• chore(deps): Bump github.com/jackc/pgx/v4 from 4.13.0 to 4.18.2 by @dependabot in #326
• chore(deps): Bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 by @dependabot in #328

Migrations

Prior to v0.2.8 non-admin users will not have necessary permissions to download cli config, apply below migrations if you are upgrading Paralus

-- insert records into authsrv_resourcepermission
INSERT INTO authsrv_resourcepermission (name, scope, base_url, description, created_at, modified_at, trash, resource_urls, resource_action_urls) VALUES ('cli.config.read', 'PROJECT', '/auth/v3', 'Download cli configuration', current_timestamp, current_timestamp, false, '[{"url": "/cli/config", "methods": ["GET"]}]', 'null');

-- insert records into authsrv_resourcerolepermission
WITH resourcerole AS ( SELECT id as rrid FROM authsrv_resourcerole WHERE name IN ('PROJECT_ADMIN', 'PROJECT_READ_ONLY', 'CLUSTER_ADMIN', 'NAMESPACE_ADMIN', 'NAMESPACE_READ_ONLY') ), resourcepermission AS ( SELECT id as rpid FROM authsrv_resourcepermission WHERE name = 'cli.config.read' ) INSERT INTO authsrv_resourcerolepermission (name, description, created_at, modified_at, trash, resource_permission_id, resource_role_id) SELECT 'cli.config.read', 'Download cli configuration', current_timestamp, current_timestamp, false, resourcepermission.rpid, resourcerole.rrid FROM resourcerole, resourcepermission;

-- insert into casbin_rule
WITH resourcerole AS ( SELECT name FROM authsrv_resourcerole WHERE name IN ('PROJECT_ADMIN', 'PROJECT_READ_ONLY', 'CLUSTER_ADMIN', 'NAMESPACE_ADMIN', 'NAMESPACE_READ_ONLY') ) INSERT INTO casbin_rule (ptype, v0, v1, v2) SELECT 'g', '/auth/v3/cli/config', resourcerole.name, 'GET' FROM resourcerole;

New Contributors

• @jaydee029 made their first contribution in #311
• @t-cool made their first contribution in #324

Full Changelog: v0.2.7...v0.2.8

What's Changed

• chore(deps): Bump docker/metadata-action from 5.3.0 to 5.4.0 by @dependabot in #284
• chore(deps): Bump github/codeql-action from 2 to 3 by @dependabot in #285
• chore(deps): Bump docker/metadata-action from 5.4.0 to 5.5.0 by @dependabot in #286
• chore(deps): Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 by @dependabot in #287
• chore: add community meeting in readme by @akshay196 in #288
• chore(deps): Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #292
• chore(deps): Bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #293
• chore(deps): Bump codecov/codecov-action from 3 to 4 by @dependabot in #294
• chore(deps): Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 by @dependabot in #297
• fix: add custom Empty instead of google.protobuf.Empty by @rustiever in #291
• Fixes migration error on Postgresql version below 14 by @akshay196 in #295
• expose cluster status update rpc by @niravparikh05 in #296
• added adopters.md and rectified maintainers reference in readme.md by @niravparikh05 in #262
• chore(docs): updated changelog for v0.2.7 release by @niravparikh05 in #301

Full Changelog: v0.2.6...v0.2.7

What's Changed

• add yaml marshal/unmarshal for enums by @rustiever in #263
• chore(deps): Bump github.com/crewjam/saml from 0.4.13 to 0.4.14 by @dependabot in #265
• chore(deps): Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 by @dependabot in #267
• Fixed broken links in README file by @free6om in #270
• chore(deps): Bump sigstore/cosign-installer from 3.1.2 to 3.3.0 by @dependabot in #282
• chore(deps): Bump docker/metadata-action from 5.0.0 to 5.3.0 by @dependabot in #281
• chore(deps): Bump aquasecurity/trivy-action from 0.13.0 to 0.16.0 by @dependabot in #280
• chore(deps): Bump actions/setup-go from 4 to 5 by @dependabot in #279
• Update yaml.go to fix paralusYAML struct annotation errors by @tyut22316 in #261
• add keycloak mapper by @robkooper in #277
• chore(deps): Bump docker/build-push-action from 5.0.0 to 5.1.0 by @dependabot in #275
• chore(docs): updated changelogs for v0.2.6 release by @niravparikh05 in #283

New Contributors

• @rustiever made their first contribution in #263
• @free6om made their first contribution in #270
• @robkooper made their first contribution in #277

Full Changelog: v0.2.5...v0.2.6

What's Changed

• chore(deps): Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 by @dependabot in #249
• chore(deps): Bump docker/build-push-action from 4.1.1 to 4.2.1 by @dependabot in #251
• chore(deps): Bump actions/checkout from 3 to 4 by @dependabot in #250
• adding cosign support in the release worklow to increase supply chain security by @sbdtu5498 in #237
• chore(deps): Bump docker/setup-buildx-action from 2 to 3 by @dependabot in #258
• chore(deps): Bump docker/build-push-action from 4.2.1 to 5.0.0 by @dependabot in #257
• chore(deps): Bump docker/metadata-action from 4.6.0 to 5.0.0 by @dependabot in #256
• chore(deps): Bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #255
• chore(deps): Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #254
• changes to view auditlogs by project role users by @niravparikh05 in #247
• chore(deps): Bump docker/setup-qemu-action from 2 to 3 by @dependabot in #259
• updated changelog for v0.2.5 release by @niravparikh05 in #260

Breaking Changes

Prior to v0.2.5, users will not have org, partner metadata information in kratos identities which will impact audit logs screens, apply below migrations if you are upgrading paralus

update identities set metadata_public = jsonb_set(coalesce(metadata_public, '{}'), '{Organization}', '"replace-with-your-organization-id"', true);
update identities set metadata_public = jsonb_set(coalesce(metadata_public, '{}'), '{Partner}', '"replace-with-your-partner-id"', true);

NOTE

If you have idp providers configured, ensure to update your jsonnet mappers to update identity metadata public information with paralus' partner and organization ids to ensure a seamless experience with auditlogs. Refer: https://www.ory.sh/docs/kratos/social-signin/data-mapping

New Contributors

• @sbdtu5498 made their first contribution in #237

Full Changelog: v0.2.4...v0.2.5

What's Changed

• Add breaking change for v0.2.2 by @akshay196 in #211
• Add commit message guidelines by @akshay196 in #208
• chore: Remove misleading helm labels by @Joibel in #221
• Add changelog generator Make target by @akshay196 in #209
• Fixed error code and message for non exist projects name in GET cluster API by @hiteshwani29 in #213
• ci: added security vulnerability scanning using trivy and updated rel… by @niravparikh05 in #219
• style: Fixed Misspells by @Kartik-Garg in #223
• chore(deps): Bump docker/metadata-action from 4.4.0 to 4.6.0 by @dependabot in #233
• chore(deps): Bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in #228
• fix: relays annotation value is readonly and cannot be updated by @niravparikh05 in #227
• chore(deps): Bump docker/build-push-action from 4.0.0 to 4.1.1 by @dependabot in #232
• chore(deps): Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 by @dependabot in #231
• generated fixtures for download.yaml by @niravparikh05 in #236
• fix for org admins to view secrets with org restrictions by @niravparikh05 in #242
• chore: updated changelogs for v0.2.4 release by @niravparikh05 in #246

New Contributors

• @Joibel made their first contribution in #221
• @Kartik-Garg made their first contribution in #223

Full Changelog: v0.2.3...v0.2.4

What's Changed

• Fix the number of wg.add bug by @tyut22316 in #203
• chore(deps): Bump docker/metadata-action from 4.3.0 to 4.4.0 by @dependabot in #204
• remove references to admindbuser by @niravparikh05 in #200
• Fixing link issues. by @techmaharaj in #206
• Fix re-running admindb migration failures by @akshay196 in #205
• updated changelog for v0.2.3 by @niravparikh05 in #207

New Contributors

• @tyut22316 made their first contribution in #203

Full Changelog: v0.2.2...v0.2.3

What's Changed

• All dependabot open PRs by @akshay196 in #176
• Added validation for project Name by @hiteshwani29 in #166
• Bump github.com/prometheus/client_golang from 1.11.0 to 1.11.1 by @dependabot in #159
• Bump github.com/crewjam/saml from 0.4.6 to 0.4.13 by @dependabot in #179
• Bump mellium.im/sasl from 0.2.1 to 0.3.1 by @dependabot in #161
• Add CODEOWNERS file by @akshay196 in #186
• Action update by @OmAximani0 in #185
• Add dependabot.yml by @akshay196 in #181
• Fix cluster description ignored bug by @akshay196 in #187
• Fix multiple bootstrap requests by @niravparikh05 in #178
• feat: Support more than one IdP groups mapping by @akshay196 in #172
• added api keys as headers for all grpc messages by @mabhi in #163
• chore(deps): Bump docker/login-action from 1.10.0 to 2.1.0 by @dependabot in #190
• chore(deps): Bump docker/metadata-action from 3.3.0 to 4.3.0 by @dependabot in #192
• chore(deps): Bump docker/build-push-action from 2.5.0 to 4.0.0 by @dependabot in #193
• Update Dockerfile.initialize to new Kratos version by @akshay196 in #194
• chore: updated changelog for v0.2.2 release by @niravparikh05 in #195

BREAKING CHANGE
If you are upgrading from a prior version, you may face issues with connecting to existing clusters

"caller":"agent/agent.go:171","msg":"Relay Agent::relay agent namespace: paralus-system fingerprint: 4d63c263-0e39-4451-aa97-6882e339fc30 "} {"caller":"agent/agent.go:394","msg":"Relay Agent::config: &{TemplateToken:cifi3glc3m5b406jcbc0 TemplateName: Scheme:https Mode: Addr:console.paralusdemo.com:443 ClientID:cisqaj3ppcveb4n2 ClientIP:10.7.228.141 Name:relay-agent-557f56bb69-x2rcc PrivateKey:[] CSR:[] Certificate:[] CACertificate:[] ServerHost: ServerPort:0 Fingerprint:4d63c263-0e39-4451-aa97-6882e339fc30} "} [POST /v2/sentry/bootstrap/{templateToken}/register][500] bootstrapRegisterBootstrapAgentInternalServerError map[code:2 message:fingerprint mismatch for token cisqaj3ppcveb4n2bcrg] {"caller":"agent/agent.go:397","msg":"Relay Agent::failed to register relay agent error: [POST /v2/sentry/bootstrap/{templateToken}/register][500] bootstrapRegisterBootstrapAgentInternalServerError map[code:2 message:fingerprint mismatch for token cisqaj3ppcveb4n2bcrg] ","stacktrace":"github.com/paralus/relay/pkg/agent.registerRelayAgent\n\t/build/pkg/agent/agent.go:397\ngithub.com/paralus/relay/pkg/agent.handleRelayNetworks\n\t/build/pkg/agent/agent.go:606"}

Workaround:

1. To fix this, go to the database and update the fingerprint value in the sentry_bootstrap_agent table for the specific token row with the uid from the paralus-system namespace for that client (also found within the log)
2. Bootstrap the cluster again

New Contributors

• @hiteshwani29 made their first contribution in #166
• @dependabot made their first contribution in #159
• @OmAximani0 made their first contribution in #185

Full Changelog: v0.2.1...v0.2.2

What's Changed

• Fix: namespace limitation by @mabhi in #138
• Add needs-triage label to issue templates by @akshay196 in #155
• Feature: Add the ability to configure the SA account lifetime by @mabhi in #139
• Fix: validate non empty projects for delete by @mabhi in #154
• updates to changelog for v0.2.1 release by @niravparikh05 in #165
• handled no record found during connect cluster with no org setting set by @mabhi in #168

BREAKING CHANGE

If you are upgrading from a prior version, you may face issues with web kubectl with failure logs in prompt as below

debug/handler.go:130","msg":"unable to get kubeconfig using GetForClusterWebSession","error":"rpc error: code = Unknown desc = ERROR: column ks.sa_validity_seconds does not exist (SQLSTATE=42703)

Run below in your paralus database instance and try again
ALTER TABLE sentry_kubeconfig_setting ADD COLUMN IF NOT EXISTS sa_validity_seconds integer not null default 0;

Full Changelog: v0.2.0...v0.2.1

What's Changed

• Auto-generate password and force reset by @akshay196 in #124
• fix project id is recorded as part of cluster related auditlogs by @niravparikh05 in #128
• updated changelog for v0.2.0 release by @niravparikh05 in #129

Full Changelog: v0.1.9...v0.2.0

What's Changed

• Fix modify userinfo service to include scope in response by @mabhi in #108
• added details around dco by @nirav-rafay in #114
• Changes for Sandbox Onboarding by @techmaharaj in #112
• record user.login event by kratos hooks by @mabhi in #111
• Delete relay agent from target cluster while cluster deletion by @niravparikh05 in #120
• updated changelog for v0.1.9 release by @niravparikh05 in #122

New Contributors

• @mabhi made their first contribution in #108

Full Changelog: v0.1.8...v0.1.9