v0.10.0

What's Changed

• Fix token resolve error by @mxab when token resolve happened while proxying a non admissioning endpoint in #49
• [Snyk] Security upgrade ubuntu from latest to 24.10 by @mxab in #41
• refactor and move a lot of packages into pkg by @mxab in #46
• build(deps): bump SonarSource/sonarqube-scan-action from 5 to 6 in /.github/workflows by @dependabot[bot] in #47

New Contributors

• @dependabot[bot] made their first contribution in #47

Full Changelog: v0.9.0...v0.10.0

v0.9.0

What's Changed

BREAKING CHANGE: Logging reworked and changed configuration

Now supports logging to multiple outputs.

• slog logging with text and json to either stdout or stderr
• otel

telemetry {
    logging {
         slog {
            json = true
            json_out = "stderr" 
            text = false
            json_out = "stdout"
        }
        otel {
            enabled = true
        }
    }
...

Other

• Updated dependencies

Full Changelog: v0.8.0...v0.9.0

v0.8.0

What's Changed

• OpenTelemetry support for logs, metrics and traces

v0.8.0-rc.2

Changelog

• 0e9f430 chore: remove generate in gorelease for now

v0.8.0-rc.1

chore: update release config

v0.8.0-rc.0

What's Changed

• switch to slog
• Initial OpenTelemetry support for logs, metrics and traces

v0.7.0

Great contribution from @ncode

Token Resolution & Context Passing

Hooks can now resolve Nomad tokens (with optional policy extraction) and pass the accessor ID, client IP, and other metadata through mutators and validators.

New configuration flag resolveToken enables token resolution for specific hooks to avoid unnecessary overhead when not required.
Enhanced support for use cases like CIDR-based validation, custom ACL logic, and extended audit logging.

See CHANGELOG.md for more on this breaking change

v0.6.0

What's Changed

Updated dependencies especially Nomad 1.9.0

Full Changelog: v0.5.0...v0.6.0

v0.5.0

What's Changed

This release introduces the first version of the notary projects's image verification via NACP.
It allows either via the notation or OPA validator to verify the signature of the images specified in you job's task config.

Demo

notation-demo.mp4

Opa rule:

errors contains msg if {
	some g, t
	input.TaskGroups[g].Tasks[t].Driver == "docker"
	image := input.TaskGroups[g].Tasks[t].Config.image
	# check
	not notation_verify_image(image)
	msg := sprintf("TaskGroup %d Task %d image is invalid (image %s)", [g, t, image])
}

• feat(notation): Image verifier by @mxab in #5

Full Changelog: v0.4.1...v0.5.0

v0.4.1

Changelog

• a837d40 chore: goreleaser fix