Release v0.2.0

[srenatus]

This release brings two new features: Auto-mounting matching stacks, and mutual TLS (mTLS) for SQL databases.

Warning

The auto-mounting of stacks is backwards-incompatible, since it changes the default behavior.
See below for how to opt-out of this new behavior if it's a bad fit for your setup.

Auto-mounting Stacks

When a stack's selectors match, it'll now be injected with a prefix of

data.stacks.<stack_name>

You can opt out of this behavior by providing bundle options:

bundles:
  hello-world:
    options:
      no_default_stack_mount: true

Existing prefix settings on the stack's requirements are respected, so

stacks:
  stack1:
    selector: ...
    requirements:
    - source: lib1
      prefix: imported_lib1

Will cause lib1 to be mounted on data.stacks.stack1.imported_lib1.

mTLS for SQL databases

You can now supply a client TLS certificate and private key for the database connection via "secrets". For example:

database:
  sql:
    driver: postgres
    dsn: postgresql://postgres:sesame@db:5432
    credentials: pg-tls
secrets:
  pg-tls:
    type: tls_cert
    tls_cert: ${OCP_TLS_CERT}
    tls_key: ${OCP_TLS_KEY}

...and since secret lookup respects env vars, you can supply the certificates via env vars.

Note

Credentials that are used with the database don't get stored in the database. So they won't be available through the secrets API endpoints after the service has started.

What's Changed

• database: support mTLS for PostgreSQL/MySQL connections by @srenatus in database: support mTLS for PostgreSQL/MySQL connections opa-control-plane#200
• bundle: auto-mount matching stacks (add opt-out option) by @srenatus in bundle: auto-mount matching stacks (add opt-out option) opa-control-plane#187
• build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 opa-control-plane#201
• build(deps): bump the all group with 10 updates by @dependabot[bot] in build(deps): bump the all group with 10 updates opa-control-plane#204

Full Changelog: open-policy-agent/opa-control-plane@v0.1.0...v0.2.0