Feat/impl v0.10#49
Open
BRAVO68WEB wants to merge 18 commits into
Open
Conversation
Support GitHub Actions, GitLab CI, and Kubernetes service account OIDC tokens for authentication without static API keys. - Add oidc_providers table with org_id, issuer_url, audience - Add OIDC token verification using jose library - Add CRUD API for OIDC providers - Update auth middleware to detect and verify OIDC tokens - Register OIDC routes on management API
Add service tokens with app/env scope constraints for CI/CD and automation use cases. - Add service_tokens table with SHA-256 hashed tokens - Support app_id and env_type_id scope constraints - Add CRUD API for service tokens - Update auth middleware to validate X-Service-Token header - Token format: esv_<uuid>
Expand integration ecosystem from 5 to 19 providers. CI/CD: CircleCI, Jenkins, Azure DevOps, Bitbucket, Travis CI PaaS: Netlify, Railway, Fly.io, Render, Supabase, DigitalOcean Cloud: Azure Key Vault, AWS Secrets Manager, Cloudflare Workers Each provider includes: - Connection auth fields - Connection metadata fields - Binding fields - Mapping fields - Sync implementation
…ding Add four major enterprise features: SAML SSO (8 providers): - Okta, OneLogin, Azure AD, Google Workspace, Duo, Rippling, Oracle, Ping Identity - SP-initiated and IdP-initiated SSO flows - SAML metadata endpoint - Real signature verification via Web Crypto API - Automatic user provisioning with Keycloak identity Secret Rotation (15 engines): - PostgreSQL, MySQL, AWS IAM, Azure SP, GCP SQL/MySQL/Postgres, MongoDB - Cloudflare Pages, SendGrid, Twilio - Dual-credential window for zero-downtime rotation - Real pg.Client connections for Postgres engine Dynamic Secrets (4 engines): - PostgreSQL, MySQL, AWS IAM, Azure SP - Short-lived credentials with TTL - Lease management and auto-revocation - Real pg.Client connections for Postgres engine Log Forwarding (3 targets): - Datadog, Splunk, Sumo Logic - Automatic forwarding of audit logs
Add CI/CD webhook triggers and enterprise runtime guards. Webhook Triggers (8 targets): - GitHub Actions, GitLab Pipeline, AWS CodePipeline - GCP Cloud Build, CircleCI, Travis CI, Jenkins, Custom Runtime Guards: - Add assertEnterprise() helper for edition checks - Add guards to all enterprise controllers - Returns HTTP 403 with ENTERPRISE_FEATURE_REQUIRED
Redesign dashboard pages with clean, minimal Cloudflare-inspired UI. Dashboard: - 3-column grid: Projects, Security, Recent Activity - Quick action buttons at top - Stats overview at bottom Projects: - Convert card grid to list rows - Clean hover states Integrations: - Tabbed layout: Connections, Syncs, Org Secrets - Modal-based create flows - Clean list tables Manage Environments: - Simplified list layout - Removed verbose cards and sidebar Landing Page: - New hero with code snippet - Unique features section (PiT rollback) - Clean feature cards
- Rewrite README.md with badges, architecture diagram - Fix Go version in CONTRIBUTING.md (1.21+ → 1.24+) - Update AGENTS.md with new enterprise packages - Bump all packages to 0.10.0 - Regenerate all 4 SDKs (TS + Go, core + management) - Fix management API URL (localhost → manage-api.lvh.me) - Fix cookie domain for cross-origin auth - Remove console.log statements - Fix E2E test assertions - Add 5 new E2E test files for enterprise features
- Remove console.log from dashboard hooks (useInvitations, useUserSettings, useUsers) - Add enterprise middleware for route-level guards - Register service_token route in core modules - Add SAML_SESSION_SECRET, SAML_SP_CERT, SAML_SP_KEY to env schema - Fix landing page: remove framer-motion, add theme toggle, use React Router Link - Fix landing vite.config: dedupe react/react-dom - Bump management API package to 0.10.0
CLI Commands Added: - service-token (create, list, get, delete) - oidc (create, list, get, update, delete) - saml (create, list, get, update, delete, metadata, sso) - rotation (create, list, get, update, delete, trigger, states, revoke-expired) - dynamic-secret (engine CRUD, lease CRUD, cleanup) - log-forwarding (create, list, get, delete) TUI Fixes: - Replace bubbletea/huh TUI with simple stdin prompts - init: numbered list selection instead of TUI form - app list: table output instead of TUI list - app delete: stdin confirmation instead of TUI select - env switch: numbered list instead of TUI select Management SDK: - Regenerate Go SDK from v0.10.0 OpenAPI spec - Add OIDC, SAML, Rotation, Dynamic Secrets, Log Forwarding clients Unit Tests (315 tests): - service_token: 25 tests (create, list, get, delete + errors) - oidc: 45 tests (CRUD + validation) - saml: 43 tests (CRUD + metadata + sso + validation) - rotation: 35 tests (CRUD + trigger + states + revoke) - dynamic_secret: 49 tests (engine CRUD + lease CRUD + cleanup) - log_forwarding: 30 tests (CRUD + validation) - formatters: 88 tests (all 6 formatters + base) Coverage: 89-92% on new usecases (business logic)
- Update heading selectors to match new 'Environments' heading - Update button/dialog selectors to use regex patterns for backward compatibility - Add data-testid to environment type rows for E2E test selectors - Fix smoke test to expect new dashboard sections instead of 'Quick Actions' - Fix routes test to use regex for Manage Environments heading
- Add dynamic_secret_db service to docker-compose.yaml (port 5433) - Update e2e-setup.ts to start dynamic_secret_db and write env vars - Update dynamic-secret.e2e.test.ts to use real Postgres connection - Update .env.example with DYNAMIC_SECRET_PG_* env vars - Verified Postgres container starts and accepts connections
- Add data-testid='env-type-edit-{id}' to edit button in ManageEnvironment
- Fix project card selector to match actual class order (cursor-pointer group)
The edit sheet uses a Switch component instead of a checkbox. Added data-testid='env-type-protected-checkbox' to match E2E test selector.
Contributor
Author
|
@b68-pilot approve |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.