This release includes several breaking changes.
You may have to fix code to upgrade aqua to v2, but it would be easy.
Most important change is that only standard registry is allowed by default.
This breaking change makes aqua secure by default.
Other changes are not so important as the registry restriction, but these changes makes aqua simple.
⚠️ Breaking Changes
#1404 #1413 Only standard registry is allowed by default
#1410 #1413 When AQUA_CONFIG or -c option is set, aqua shouldn't search configuration files
#1409 #1413 Fix the default files[].name
Removed some features.
#1408 #1413 Remove the package type go
#1411 #1413 Remove supported_if
#1412 #1413 Replace sprig to slim-sprig
Only standard registry is allowed by default
If you don't set policies, aqua uses the default policy allowing only standard registries.
If you set policies the default policy is ignored.
Why this change is needed
This change makes aqua secure by default.
Almost users don't need registries other than standard registry.
Other registries are useful but also can be abused.
How to migrate
If you use only standard registry, you don't have to do anything.
Otherwise you have to set policies to allow registries other than standard registry.
About policies, please see the document.
https://aquaproj.github.io/docs/tutorial-extras/policy-as-code/
When AQUA_CONFIG or -c option is set, aqua shouldn't search configuration files
Why this change is needed
When we specify the configuration file path explicitly, we would like to use the configuration file and shouldn't use other configuration files.
The current behaviour is a bit confusing and causes unneeded package installation.
Fix the default files[].name
If the package has a name field, the name is split with / and the last element is used as the default file name.
For example, please see the following example.
name: cert-manager/cert-manager/cmctl
repo_owner: cert-manager
repo_name: cert-managerThen in aqua v1 the default setting of files is the following.
files:
- name: cert-managerOn the other hand, in aqua v2 the default setting of files is the following.
files:
- name: cmctlWhy this change is needed
We think aqua v2's default setting is better than aqua v1 in many cases.
How to migrate
If you maintain registries, you might have to fix them.
And you may have to update standard registry to v4.0.0 or later.
Remove the package type go
Why this change is needed
To make aqua simple.
The package type go is left only for the compatibility.
You should use go_install instead of go package.
Remove supported_if
Why this change is needed
From aqua v1.12.0 or later, we strongly recommend supported_envs instead of supported_if. supported_envs is simpler than supported_if, and better in terms of the performance.
Replace sprig to slim-sprig
Why this change is needed
https://github.com/go-task/slim-sprig
Slim-Sprig is a fork of Sprig, but with all functions that depend on external (non standard library) or crypto packages removed. The reason for this is to make this library more lightweight. Most of these functions (specially crypto ones) are not needed on most apps, but costs a lot in terms of binary size and compilation time.
For aqua these functions are unneeded.