- b0a703d: Add Jira ticket attachment support
- b0a703d: Add url and summary to justification attachment type
- bb9bb2c: add user details to session log details
- dac031a: add filters for query audit logs and query session logs
- c329c27: Add Snowflake integration.
- 3937b8e: add role and target to session detail
- 2742cb0: Added default_local_port to AWSRDS output
- 7ea0a0e: Added default_local_port option for AWS RDS Users
- f7c133d: Add Kubernetes protocol support to the Common Fate proxy.
- 34fe6a7: Adds new request review api for requesting an extra review from one or more principals
- 1aacec1: Remove requirement to specify JQL on the JIRA integration.
- 69dba8f: Rename ATTESTATION_TYPES to ATTACHMENT_TYPES.
- e4fa9a6: Add attachments to Justification to allow admins to query access requests matching certain JIRA tickets.
- d70e318: Add attachment service which provides contextual information which can be added to access requests
- 82914f8: add cloud_id and filter to jira integration
- fd56dc4: Add Integration type for Jira
- 629ab5a: added field for slack alerts to disable alerts for auto approved requests
- 831c704: Adds approval steps to access workflows.
- 7c399c1: add expiry options for closing requests onto workflow
- 82f9601: Update AWSProxy integration to store the AWS IDC integration as a reference.
- 945a9a9: Adds EKS access integration.
- 37f6906: Add reason pattern matching to validation.
- b49280d: Use standard filters for authz logs and my access requests.
- b8a17c9: add closing reason to close access request
- e5a8aa3: add optional rds endpoint to rds user
- aac7e5c: Access Request API now uses standardised filters.
- f5b6096: Added a field for breakglass reason to batchEnsure and activate requests and enforce that it is provided when breakglass is used.
- f65aa28: Added RPC for deleting a user.
- ddae8b0: Added a background task api for the integration service
- c0d32eb: Marks ListIntegrations RPC as read only.
- 10dce79: Adds List Selector API and Test Selector API
- 9a63227: Create QueryMyAccessRequests to find access requests where the current user is the requestor.
-
b918ce7: Adds boolean conditions to the existing EntityFilter type for principal resource and actions.
Adds new EntityTypeFilter with boolean condition
- 1f335f7: add apis for registering proxy and rds resource
- 15f432f: Adds API for managing secrets
- bc044db: Add filters for requested_by, closed_by, approved_by and request_status on QueryAccessRequest.
- 98e4102: Add access request id to ProvisionRequest.
- 9cc9766: Add configuration for slack user notifications, allowing opt in and opt out for specific DMs.
- f30b35a: Adds GetDeploymentSecret API and exposes additional deployment configuration
- 94bc67f: Add SDK methods to get and set Terraform Output for deployments
- 56551d7: Add extension_used, extendable_after to Extension.
- 4ef6933: adds healthcheck client for factory service
- 690de7d: Adds new deployment config service
- f48f8a4: Add opsgenie and datastax integration to directory
- 78b781e: Adds CLI Access Instructions to Grants.
- f6a98f1: Adds GetGRantOutput API which can be used to return the strongly typed grant output from provisioning if it exists for the grant.
- 5024170: Adds AWS Resource Scanner configuration service
- ef06a0d: Factory service: allow connect.ClientOptions to be passed to client constructor
- 6de9832: Update the OIDC provider library that we're using to the latest version to fix CVE-2024-28180
- 1816d6c: Add Department attribute to User
- 1816d6c: Directory: adds Okta integration type
- 743ebd1: Add update feature API
- a0cbe20: Package name and constructor fixes
- e2bac27: Detect a possible bad environment configuration when an invalid_scope error is returned when loading the access token.
- 6ad5170: Add force_close to forcibly close an Access Request, ignoring deprovisioning errors.
- 7da63c4: Add Directory API for user and group read access.
- b1e889d: Add UsageService to report deployment usage.
- c72f721: Add RDS integration resources
- c72f721: Adds GetGrant Method to the Grants service
- 2851c82: Fix Display() method that was removed
- 0bcb38a: Fix an issue where Display methods had been removed for accessv1alpha1 types.
- 704784c: Add support for extend access configuration with max extensions and extension duration in access workflows.
- 4ba41f4: Adds validation to rpc messages
- 82a26d0: add duration configuration to batch ensure request
- 1b9f2dc: Move the insight package to be inside the 'control' package
- 12d766f: Add Insights service
- 215cba4: Add support for suggesting a highest priority default role for availability specs
- f3854b7: Add notify_expiry_in_seconds to slack notification so that users can be notified at a preset time before their access expires.
- 5bfbd2f: Add support for breakglass access on BatchEnsure and Activate
- 7d93769: Add filtering for webhooks on specific actions
- 7b91b42: adds pagination fields onto entitlements tree api
- 4156cf4: adds api for querying entitlement tree
- 0a542c6: Add activate_allowed to list of AccessRequestActions.
- 6d4f1cd: Adds additional fields to the Integration resources types
- 61cc1f2: Support disabling all webhook handlers for Slack integration.
- 3857224: Add 'sso_access_portal_url' to allow the AWS SSO Start URL to be customised in the AWS IAM Identity Center integration.
- 1a1eca4: Adds additional methods to the policyset client
- 796f5f3: Add support for configuring deployment DNS nameservers for the default deployment domain
- 910dc31: Simplifies the ProvisionResponse type to return a single optional output entity
- ec19fbd: Add S3 Log Destination integration.
- ac6e044: Create GetAccessRequestActions API to return the list of actions that the current user is allowed to perform on the access request.
- 711849f: Adjust the suffix of the auth token on Windows.
- 6d98951: Add justification requirements configuration
- f0c0a65: Revert "add support for validation with protovalidate" - reverted for now because it is causing build issues.
- bb7b25b: Add support for validation with protovalidate
- ee2d9ee: Adds OpenTelemetry instrumentation to entity client writes.
- 2b39260: Add default duration to grant.
- 15a264e: Add default duration to Access Workflow.
- 83875f0: Adds Auth0 integration configuration.
- 513a673: Add GCP Role Group Configuration API
- f417cc7: add workflow id to request detail
- a41d9b8: add variable to slack notification resource to optionally send direct messages
- e96e5d3: Adds ResourceService and UserService which together replace the functionality of the GraphQL API which was implemented by the Authz service.
- 21585f0: Adds Managed Monitoring APIs.
- 8d985d9: Fix an issue where users were prompted continuously to enter a password when accessing the fallback file keychain in Linux.
- 464a458: Fix an issue where an entity marshalled with an eid.EID field could not be unmarshalled to a regular struct.
- 07124e7: Adds the Granted Profile Registry API specification.
- cc74bbb: Adds APIs for Common Fate in-app product support.
- e0fa93a: adds activation expiry to access workflows
- 4841873: Add new RPC for DebugEntitlementAccess
- df7756e: Add 'allowed' field to Evaluation to simplify audit log events
- df7756e: Add Webhook integration.
- df7756e: Fixes a breaking change made in entity ID JSON marshalling behaviour.
- 381d165: Updates the generated Go SDK to match the protobuf spec.
- c88b7f2: Adds 'target_path' attribute to entitlement.
- 4053841: Fix EID parsing for LinkedIdentity type
- 20a28f1: adds API endpoint for background job summaries.
- 0616f0b: Make tokenstore.Keyring public so that it can be used for listing tokens in the keychain (used for logging out of Common Fate)
- 025eb53: Add support for remote configuration of Common Fate SDK by providing a configuration URL.
- 4b404d6: Makes the EID parser configurable with the option to enforce the ID component to be quoted.
- 025eb53: The keychain now stores credentials with the key <Issuer URL/Client ID>, rather than the config file context key. This mitigates an issue where using the SDK without the file source would cause invalid credential issues, despite the user having valid credentials for a particular OIDC provider.
- 025eb53: Fix an issue where the config OAuth2.0 token was not updated after the login flow is completed.
- 3f34656: Add additional configuration to slack alerts to make the Approval action link to the web console to require SSO authentication.
- e7eae02: Fixes a regression in the Keychain when using file source for configuration, the context name was not set correctly when configuring the keychain access.
- 4becbd9: Adds support for specifying config sources via the CF_CONFIG_SOURCES environment variable.
- a8f9ffb: Allow configuring the SDK using environment variables like CF_API_URL, CF_OIDC_CLIENT_ID, and CF_OIDC_CLIENT_SECRET
- b668ea6: Rename PreviewEntitlements RPC to PreviewUserAccess
- fb6e665: Add new APIs for listing approvers and simulating access
- 4c10a20: Add RelinkEntraUsers RPC
- 06d4160: Adds Go clients for the ValidationService and SchemaService.
- 06d4160: Fixes the namespace for the SchemaService to be 'commonfate.authz.v1alpha1', instead of 'commonfate.control.authz.v1alpha1'.
- 0a2c0eb: Add opentelemetry spans to query methods
- 60fcc88: Add SDK method inputs to opentelemetry span
- f9d63c8: Add Cedar policy validation APIs
- 3d71a71: add simple entitlement type and api for listing target role pairs
- 48b6916: adds api for retrying river background tasks
- 0891480: Adds feature service. Clients can query the feature service to determine which Common Fate features are available to a particular user.
- 0891480: Moves the authorization evaluation query APIs to be under the 'commonfate.control' namespace, to better represent the fact that they are served by the Control Plane
- 0b1f5f8: adds duration field for adjusting duration for grant on batch ensure requests
- 67cb8c8: Add All method to entity client
- 76fe697: Add optional integration ID field to slack notification resource
- 7d1f434: Replaces the 'MetadataAttribute' with a simpler 'Tags' message used for authorization requests.
- 7d1f434: Adds endpoint to query for authorization evaluation metadata.
- 6ae9a07: Add CancelBackgroundJob and ListBackgroundJobs RPCs for managing background jobs.
- 65c8e59: Add evaluation duration on authorization Evaluation message.
- 32a6184: Adds a duration field to the Grant message.
- 19f18a5: Added DataStax integration
- 9a22117: Add provisioning attempt for grants
- 4dfc30d: Adds additional timing information to Grants and adds the Principal to Access Requests
- 2ae046d: Revert a change which incorrectly added the 'request_id' field to the BatchEnsure response
- 9fb6511: Add Okta integration type
- 68abc45: Revert the addition of provisioning status, add request ID to the batch ensure response
- f784061: Add a retry step to the loginflow which will detect errors validating the nonce and retry login 1 time. Retring usually fixes the issue.
- 68f719a: Adds additional fields to the AWS IDC integration resource
- f09745e: Add justifications to requests returned by the API
- 5bef771: Add order field to list entities rpc
- 0eda615: Add services for lease privilage analysis
- d22a3fe: add "provisioning" grant status