Skip to content

v0.5.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@thomastaylor312 thomastaylor312 released this 07 Sep 20:01
· 178 commits to main since this release
v0.5.0
This tag was signed with the committer’s verified signature.
thomastaylor312 Taylor Thomas
GPG key ID: F6E69B434180BC4A
Learn about vigilant mode.
719f578
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is the 0.5 feature release for Bindle. The main feature in this release is alpha level authentication support and a more efficient default storage option.

Installing

You can download the prebuilt binaries for the Bindle CLI client and the Bindle server from the following links:

Once downloaded, you can follow the installation and getting started instructions

Using as a crate

Besides the pre-compiled binaries, we also publish a fully featured crate (that the binaries also use). You can find docs here.

Caveats

Please note that this is NOT production-ready software, but it is in a usable/consumable state. Because this is pre-1.0 software, we make no guarantees about spec, Rust API, or CLI compatibility. However, we will do our best to call out every breaking change in future release notes. Once we hit 1.0, backwards compatibility guarantees will be in effect.

Major Features

  • Bindle server now supports authentication using HTTP Basic auth and OIDC token auth. Please note that the authentication behavior and /login endpoint is still very much in beta and could change in the future

Binary specific

  • bindle-server now has an optional embedded database option that provides better performance than the old filesystem method. This can be turned on by using the --use-embedded-db option. In the future, the filesystem storage for bindle server will be removed and replaced with the embedded DB option
  • If authentication is enabled, the default authorization scheme will allow anonymous GET requests. All other create or modify operations will require an authenticated user. More complex authorization schemes will be enabled in the future

Crate specific

  • The Client now has support for various authentication strategies, as well as support for refresh tokens

Bug Fixes

  • The http2_prior_knowledge config option on the client now defaults to false. Having it set to true as a default was leading to various configuration issues with downstream consumers of a bindle server

Known Issues/Missing Features

  • The standalone bindle implementation does not currently handle tarballs. This will be added in a future release
  • Signing and verification is not automatically done in the Client or the bindle CLI

Breaking Changes

  • The Client struct now requires a TokenManager in order to construct. There are various token authentication methods provided that are available at bindle::client::tokens:
pub struct Client<T> {
    ...
}

impl<T: tokens::TokenManager> Client<T> {
    pub fn new(base_url: &str, token_manager: T) -> Result<Self> {
        ...
    }
...
}

What's next?

Our next anticipated version is 0.6.0 (although we will cut a 0.5.1 if necessary). Our main focus for 0.6 will be finishing signing and verification on the Client, adding support for multiple concurrent authentication methods, and adding more authorization. Please give things a try and feel free to open PRs or issues with your feedback. In fact, your feedback is crucial as we continue to solidify the spec and features desired in Bindle!

Assets 2
Loading