Skip to content

v2.0.0

Compare
Choose a tag to compare
@Jusshersmith Jusshersmith released this 26 Jul 17:20
a89b8f7

Changelog

Note: this release contains multiple breaking or potentially breaking changes. Please read the release notes carefully if you are upgrading from a previous version.

Providers

CI

Auth

Proxy

Bugs and Fixes

Documentation

Added Dependencies

There have been a number of dependencies added and/or updated. Please take the time to look through the dependencies in use by scanning through https://github.com/buzzfeed/sso/blob/master/go.mod.

Further details

To help with the introduction of configuration variable changes in sso: support multiple identity providers, below is a list of old_var -> new_var pairs for sso_auth only. (these variables changes do not yet apply to sso_proxy)

* in PROVIDER_*_TYPE and others represents a unique identifier grouping together a set of provider configs.

### SESSION
(NEW)                -> SESSION_COOKIE_NAME
COOKIE_SECRET        -> SESSION_COOKIE_SECRET
COOKIE_EXPIRE        -> SESSION_COOKIE_EXPIRE
COOKIE_DOMAIN        -> SESSION_COOKIE_DOMAIN
COOKIE_REFRESH       -> SESSION_COOKIE_REFRESH
COOKIE_SECURE        -> SESSION_COOKIE_SECURE
COOKIE_HTTP_ONLY     -> SESSION_COOKIE_HTTPONLY
SESSION_LIFETIME_TTL -> SESSION_LIFETIME
AUTH_CODE_SECRET     -> SESSION_KEY


### CLIENT
PROXY_CLIENT_ID     -> CLIENT_PROXY_ID
PROXY_CLIENT_SECRET -> CLIENT_PROXY_SECRET


### PROVIDER CONFIG FOR GOOGLE
(NEW)         -> PROVIDER_*_TYPE
(NEW)         -> PROVIDER_*_SLUG
CLIENT_ID     -> PROVIDER_*_CLIENT_ID
CLIENT_SECRET -> PROVIDER_*_CLIENT_SECRET
SCOPE         -> PROVIDER_*_SCOPE

### GOOGLE SPECIFIC 
GOOGLE_SERVICE_ACCOUNT_JSON -> PROVIDER_*_GOOGLE_CREDENTIALS
GOOGLE_ADMIN_EMAIL          -> PROVIDER_*_GOOGLE_IMPERSONATE

### OKTA SPECIFIC
OKTA_ORG_URL       -> PROVIDER_*_OKTA_URL
PROVIDER_SERVER_ID -> PROVIDER_*_OKTA_SERVER

### GROUP REFRESH
GROUPS_CACHE_REFRESH_TTL  -> PROVIDER_*_GROUPCACHE_INTERVAL_REFRESH
GROUPS_CACHE_PROVIDER_TTL -> PROVIDER_*_GROUPCACHE_INTERVAL_PROVIDER


# SERVER CONFIG
(NEW)             -> SERVER_SCHEME
HOST              -> SERVER_HOST
PORT              -> SERVER_PORT
REQUEST_TIMEOUT   -> SERVER_TIMEOUT_REQUEST
TCP_WRITE_TIMEOUT -> SERVER_TIMEOUT_WRITE
TCP_READ_TIMEOUT  -> SERVER_TIMEOUT_READ


# AUTHORIZE CONFIG
PROXY_ROOT_DOMAIN   -> AUTHORIZE_PROXY_DOMAINS
SSO_EMAIL_DOMAIN    -> AUTHORIZE_EMAIL_DOMAINS
SSO_EMAIL_ADDRESSES -> AUTHORIZE_EMAIL_ADDRESSES


# METRICS CONFIG 
STATSD_PORT -> METRICS_STATSD_PORT
STATSD_HOST -> METRICS_STATSD_HOST


# LOGGING CONFIG
REQUSEST_LOGGING -> LOGGING_ENABLE
(NEW)            -> LOGGING_LEVEL