Releases: ubirch/ubirch-client-go
v2.2.0
Added:
-
endpoint for key de- and re-activation
PUT /device/updateActive Header: X-Auth-Token: registerAuth Body: {id: ${device_uuid}, active: Boolean}
- deactivation deletes public key at identity service and disables signing with corresponding private key
- reactivation registers public key at identity service and re-enables
- additional column in db table
active
[bool] - migration script, start with
--migrate
flag to upgrade db version
-
support for updating key derivation parameters of already stored password hashes "on the go":
- if enabled, password hashes will be updated on the first incoming authorized request
- to enable password hash update, set configuration (boolean) to
true
- json:
kdUpdateParams
- envconfig:
KD_UPDATE_PARAMS
- json:
-
enhanced error logging for failed HTTP requests with additional logging of request URL path and response status code
v2.1.0
Added:
-
create password hashes with argon2id key derivation for credentials stored in DB
- optional configuration parameters:
KdMaxTotalMemMiB uint32 `json:"kdMaxTotalMemMiB" envconfig:"KD_MAX_TOTAL_MEM_MIB"` // maximal total memory to use for key derivation at a time in MiB KdParamMemMiB uint32 `json:"kdParamMemMiB" envconfig:"KD_PARAM_MEM_MIB"` // memory parameter for key derivation, specifies the size of the memory in MiB KdParamTime uint32 `json:"kdParamTime" envconfig:"KD_PARAM_TIME"` // time parameter for key derivation, specifies the number of passes over the memory KdParamParallelism uint8 `json:"kdParamParallelism" envconfig:"KD_PARAM_PARALLELISM"` // parallelism (threads) parameter for key derivation, specifies the number of threads and can be adjusted to the number of available CPUs KdParamKeyLen uint32 `json:"kdParamKeyLen" envconfig:"KD_PARAM_KEY_LEN"` // key length parameter for key derivation, specifies the length of the resulting key in bytes KdParamSaltLen uint32 `json:"kdParamSaltLen" envconfig:"KD_PARAM_SALT_LEN"` // salt length parameter for key derivation, specifies the length of the random salt in bytes
- migration script to transfer already existing credentials into password hashes
- optional configuration parameters:
-
set maximum for open and idle database connection through optional configuration parameter:
DbMaxConns int `json:"dbMaxConns" envconfig:"DB_MAX_CONNS"` // maximum number of open and idle connections to the database
default = no limit
-
implement key and auth caches to reduce database access
-
provide endpoint for CSR creation
/<uuid>/csr
, secured with registration auth token -
readiness probe checks database connection, endpoint:
/readyz
-
general clean up and refactoring for better read-ability, test-ability and enhanced design
Changed:
- integrate standard ubirch-protocol-go crypto interface
- endpoint for liveness check changed from
/healtz
to/healthz
- enhanced load test script
- added offset between sending requests for different identities
- measure average response time for successful requests
- added metrics for throughput
Fixed:
- fix prometheus metric HTTP response time observation for requests per path
- fix recursive error handling of recoverable database errors
- fix superfluous response header write in case of timeout
- fix container crashloopbackoff when network yet not available at startup
v2.0.10
Changed:
- configuration for postgres database consists of only the DSN:
PostgresDSN
- deprecated
DSN_InitDb
, client will connect to DB ifPostgresDSN
is set - deprecated
DSN_Host
,DSN_User
,DSN_Password
,DSN_Database
, replaced byPostgresDSN
- deprecated
Added:
- Prometheus metrics
v2.0.9
v2.0.8
v2.0.7
v2.0.6
Changed:
- when a new identity is registered via the registration endpoint, the HTTP response body now contains the DER-encoded x.509 CSR in case the registration was successful
- increased Gateway Timeout as cancellation of request should usually come from client side if request takes too long
Added:
- audit logging for:
- identity creation
- hash operations:
- chain
- anchor
- disable
- enable
- delete
Fixed:
- added prefix to prometheus metrics:
ubirch-client-go
v2.0.5
v2.0.4
v2.0.3
Changed:
- DSN configuration format
- file based
"DSN_InitDb": true, "DSN_Host": "database-host-name", "DSN_User": "database-user-name", "DSN_Password": "database-password", "DSN_Database": "database-name",
- env variables
UBIRCH_DSN_INITDB=true UBIRCH_DSN_HOST=database-host-name UBIRCH_DSN_USER=database-user-name UBIRCH_DSN_PASSWORD=database-password UBIRCH_DSN_DATABASE=database-name