Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump kafka-oauth-client from 0.9.0 to 0.11.0 #129

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump kafka-oauth-client from 0.9.0 to 0.11.0 #129

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 9, 2022
edited
Loading

Bumps kafka-oauth-client from 0.9.0 to 0.11.0.

Release notes

Sourced from kafka-oauth-client's releases.

0.11.0

Main Changes since 0.10.x

Added OAuth metrics support

Added support for OAuth related metrics. It is disabled by default. To enable it set oauth.enable.metrics OAuth configuration option to true. Use metrics.reporters, and other Kafka configuration metrics.* options to configure the behaviour of metrics capture and how they are exported.

Added password grant support

The Resource Owner Password Credentials support was added for interoperability in existing corporate environments where established security policies prevent using client credentials to authenticate the client applications. The reason can also be purely technical in that the existing Identity and Access Management solution (IAM) only supports user accounts, even where the 'user' is actually an application service.

Added oauth.jwks.ignore.key.use config option

Set this option to true in order to use all the keys in the JWKS response for token signature validation, regardless of their use attribute. This makes it possible to use authorization servers that don't specify use attribute in JWKS keys.

Added support for unprotected truststores

Truststores with empty password are now supported

For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.11.0 milestone.

0.11.0-rc5

Main Changes since 0.10.x

Added OAuth metrics support

Added support for OAuth related metrics. It is disabled by default. To enable it set oauth.enable.metrics OAuth configuration option to true. Use metrics.reporters, and other Kafka configuration metrics.* options to configure the behaviour of metrics capture and how they are exported.

Added password grant support

The Resource Owner Password Credentials support was added for interoperability in existing corporate environments where established security policies prevent using client credentials to authenticate the client applications. The reason can also be purely technical in that the existing Identity and Access Management solution (IAM) only supports user accounts, even where the 'user' is actually an application service.

Added oauth.jwks.ignore.key.use config option

Set this option to true in order to use all the keys in the JWKS response for token signature validation, regardless of their use attribute. This makes it possible to use authorization servers that don't specify use attribute in JWKS keys.

Added support for unprotected truststores

Truststores with empty password are now supported

For more details about the new features see the RELEASE_NOTES.md and the README.md. All changes can be found under the 0.11.0 milestone.

Staging repository

To test the release, use the staging repository by including following in your pom.xml:

</tr></table>

... (truncated)

Changelog

Sourced from kafka-oauth-client's changelog.

0.11.0

Added OAuth metrics support

Added support for OAuth related metrics. It is disabled by default. To enable it set oauth.enable.metrics OAuth configuration option to true. Use metrics.reporters, and other Kafka configuration metrics.* options to configure the behaviour of metrics capture and how they are exported.

See README.md for details.

Added password grant support

The Resource Owner Password Credentials support was added for interoperability in existing corporate environments where established security policies prevent using client credentials to authenticate the client applications. The reason can also be purely technical in that the existing Identity and Access Management solution (IAM) only supports user accounts, even where the 'user' is actually an application service.

See README.md for details.

Added oauth.jwks.ignore.key.use config option

Set this option to true in order to use all the keys in the JWKS response for token signature validation, regardless of their use attribute. This makes it possible to use authorization servers that don't specify use attribute in JWKS keys.

Added support for unprotected truststores

Truststores with empty password are now supported

0.10.0

Added connect and read timeouts for communication with authorization server

Before, when Kafka client or broker connected to the authorization server during authentication or token validation, there was no connect timeout and no read timeout applied. As a result, if a reverse proxy was in front of the authorization server or a network component glitch prevented normal connectivity, it could happen that the authentication request would stall for a long time.

In order to address this, the default connect timeout and read timeout are now both set to 60 seconds and they are configurable via oauth.connect.timeout.seconds and oauth.read.timeout.seconds.

Added groups extraction and exposed groups info via OAuthKafkaPrincipal

Added an authentication time mechanism on the broker where a JsonPath query can be configured to extract a set of groups from a JWT token during authentication. A custom authorizer can then retrieve this information through OAuthKafkaPrincipal object available during the authorize() call.

Added access to parsed JWT token

When writing a custom authorizer you may need access to the already parsed JWT token or a map of claims returned by the introspection endpoint. A getJSON() method has been added to BearerTokenWithPayload.

Commits
  • 566b9c4 Bump jackson-databind to 2.13.4.2 (#173)
  • ee8d293 Update library dependencies (#172)
  • 15fe03a Bump jackson version
  • d8505dd Try fix intermittent failures
  • fe8bd55 Fix keycloak example + improve CI build to catch a similar issue next time (#...
  • 6b9d537 Bump jackson libs and snakeyaml libs again
  • 57aeab7 Update Kafka dependency and Strimzi Kafka images to 3.2.3
  • ac81c3a Prepare for 0.11.0 release
  • 10e5a92 Bump snakeyaml dependency version in spring example
  • 946f572 Merge pull request #158 from mstruk/bump-deps
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump kafka-oauth-client from 0.9.0 to 0.11.0
a8a10c4 
Bumps [kafka-oauth-client](https://github.com/strimzi/strimzi-kafka-oauth) from 0.9.0 to 0.11.0.
- [Release notes](https://github.com/strimzi/strimzi-kafka-oauth/releases)
- [Changelog](https://github.com/strimzi/strimzi-kafka-oauth/blob/main/RELEASE_NOTES.md)
- [Commits](strimzi/strimzi-kafka-oauth@0.9.0...0.11.0)

---
updated-dependencies:
- dependency-name: io.strimzi:kafka-oauth-client
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Nov 9, 2022

The following labels could not be found: area/dependencies.

@dependabot dependabot bot mentioned this pull request Nov 9, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants