- Improvement: Fix misleading error messages in authentication setup and credentials parsing.
- Bugfix: Allow setting waiter timeouts via context, that are longer than the default timeout.
- New: Add new
WaiterHelperstruct, which creates anAsyncActionCheckfunction based on the configuration
- Feature: Support Azure DevOps OIDC adapter
- Dependencies: Bump
github.com/golang-jwt/jwt/v5fromv5.3.0tov5.3.1
- Deprecation: KeyFlow
SetTokenandGetTokenwill be removed after 2026-07-01. Use GetAccessToken instead and rely on client refresh. - Feature: Support Workload Identity Federation flow
- Improvement: Improve error message when passing a PEM encoded file to as service account key
- New: Added new
GetTraceIdfunction
- New: Added new
EnumSliceToStringSliceutil func
- New: Added duration utils
- Dependencies: Bump
github.com/golang-jwt/jwt/v5fromv5.2.2tov5.2.3
- Bugfix: Access tokens generated via key flow authentication are refreshed 5 seconds before expiration to prevent timing issues with upstream systems which could lead to unexpected 401 error responses
- Improvement: Improve error message for key flow authentication
- New: Helper functions for generic openapi error codes
- New: If a custom http.Client is provided, the http.Transport is respected. This allows customizing the http.Client with custom timeouts or instrumentation.
- Bugfix: STACKIT_PRIVATE_KEY and STACKIT_SERVICE_ACCOUNT_KEY can be set via environment variable or via credentials file.
- New: Minimal go version is now Go 1.21
- Bugfix:
ConfigureRegiondoes not return an error if a region is set by an enviroment variable.
- Breaking Change::
ConfigureRegionreturns an error if a region is specified for a global URL.
STACKIT will move to a new way of specifying regions, where the region is provided as a function argument instead of being set in the client configuration. Once all services have migrated, the methods to specify the region in the client configuration will be removed.
- Feature:: Added
IntermediateStateReachedtoAsyncActionHandlerthat can be used to check for an intermediate state when executing the wait function of a wait handler.
- Deprecated method
config.WithJWKSEndpointand fieldconfig.Configuration.JWKSCustomUrlhave been removed. Deprecation was done in thecorerelease v0.10.0.
- Feature: Add
Middlewaretype,WithMiddlewareandChainMiddlewaremethods to packageconfig, this allows clients to chain and add Middlewares to the transport layer of the HTTP client.
- Feature: Add method
WithCaptureHTTPRequestto packageruntime, which allows capture of HTTP requests for debugging purposes.
- Improvement: Update
ConfigureRegionmethod to take into account global servers without a region variable
- Feature: Add configuration option that, for the key flow, enables a goroutine to be spawned that will refresh the access token when it's close to expiring
- Deprecation:
- Methods:
config.WithMaxRetriesconfig.WithWaitBetweenCallsconfig.WithRetryTimeoutclients.NewRetryConfig
- Fields:
clients.KeyFlowConfig.ClientRetryclients.TokenFlowConfig.ClientRetryclients.NoAuthFlowConfig.ClientRetryclients.RetryConfig
- Retry options were removed to reduce complexity of the clients. If this functionality is needed, you can provide your own custom HTTP client.
- Methods:
- Breaking Change: Change signature of
auth.NoAuth, which no longer takesclients.RetryConfigas argument. - Breaking Change:
- Methods:
clients.KeyFlow.Cloneclients.TokenFlow.Cloneclients.NoAuthFlow.Cloneclients.Do
- Fields:
clients.DefaultRetryMaxRetriesclients.DefaultRetryWaitBetweenCallsclients.DefaultRetryTimeout
- Constants:
clients.ClientTimeoutErrclients.ClientContextDeadlineErrclients.ClientConnectionRefusedErrclients.ClientEOFErrorclients.Environment
- Removed to reduce complexity of the clients, they were no longer being used.
- Methods:
- Deprecation: Mark method
config.WithCaptureHTTPResponseas deprecated, to avoid confusion due to it not being a configuration option. Useruntime.WithCaptureHTTPResponseinstead. - Deprecation: Mark method
config.WithJWKSEndpointand fieldconfig.Configuration.JWKSCustomUrlas deprecated. Validation using JWKS was removed, for being redundant with token validation done in the APIs. These have no effect. - Breaking Change: Remove method
KeyFlow.Clone, that was no longer being used.
- Feature: Add package
runtime, which implements methods to be used when performing API requests. - Feature: Add method
WithCaptureHTTPResponseto packageruntime, which does the same asconfig.WithCaptureHTTPResponse. Method was moved to avoid confusion due to it not being a configuration option, and will be removed in a later release.
- Bugfix: Use
http.Requestcontext inclients.Do
- Add LICENSE and NOTICE files
- Improvement: When using the key flow, the SDK will extract the private key from the service account key and use it, if no private key is provided in the configuration, through environment variable or in the credentials file. This makes it simpler to use the key flow: if you create a service account key including the private key, you don't need to provide the private key separately anymore
- Replace k8s.io/apimachinery with cenkalti/backoff
auth: setup authentication, specifically using the service account key or token flows. Check our authentication exampleclients: baseline http client implementations to support different use cases, such as the different authentication flowsconfig: configuration for the SDK clients, such as custom endpoints, region and custom http client configuration. Check our configuration exampleoapierror: open api error definition and handlingutils: utilities, such as thePtrmethod to return a pointer to a variable of any type, which can be useful for creating payloadswait: functionality to wait until a specific async operation has finished. Check our waiter example