Overview
This release represents a major architectural shift for Credentials Fetcher, migrating from the previous implementation to a pure Golang solution. This change brings significant improvements in performance,
maintainability, and open-source compatibility.
Breaking Changes
- The service has been completely rewritten in Golang
- .NET runtime is no longer required
What's New
Core Architecture
Golang Migration
- Complete rewrite using Golang for improved performance and reliability
- Native UTF-16 decoding eliminates .NET dependency
- Automatic memory management removes explicit garbage collection overhead
- Object-oriented API design for better code organization
- grpc-go library handles job queuing, scheduling, and graceful shutdown
AWS SDK Integration
- Migrated from AWS CLI to aws-sdk-go-v2 for all AWS operations
- More efficient and reliable AWS service interactions
Features
Enhanced Configuration
- New configuration file at /etc/credentials-fetcher.conf with support for:
- Configurable LDAP search timeout (default: 5 seconds)
- Customizable renewal cron schedule
- Secret name parameter for standalone mode
Improved Reliability
- LDAP search timeout protection against unresponsive Active Directory servers
- Lease ID validation in Delete API operations
Better Observability
- Enhanced logging throughout the service for easier debugging and failure diagnosis
Build & Distribution
Open Source Compatibility
- RPM now buildable without AWS internal dependencies
- Amazon Linux 2 (AL2) build support added
Documentation
- Updated code repository documentation reflecting new architecture and features
Upgrade Notes
Ensure you review the new configuration file format at /etc/credentials-fetcher.conf and adjust settings as needed for your environment.