privilegedescalation/headlamp-sealed-secrets-plugin
12
0
Fork 0
Code Issues 2 Pull Requests 2 Actions Packages Projects Releases 27 Wiki Activity
Files
main
headlamp-sealed-secrets-plugin/CHANGELOG.md
T
Gandalf the Greybeard 2234e2878f release: prepare v1.0.0 
- Bump version to 1.0.0 in package.json and artifacthub-pkg.yml
- Add explicit devDependencies: vitest, @testing-library/react,
  @testing-library/jest-dom, @testing-library/user-event, jsdom,
  react, react-dom, @types/react, @types/react-dom, react-router-dom,
  @mui/material, notistack — resolves phantom-dep test failures
- Add process.env.NODE_ENV define to vitest.config.mts (fixes
  "act() not supported in production builds" failures)
- Switch to pnpm lockfile (pnpm-lock.yaml), drop package-lock.json
- Remove install-plugin.sh (violates ArtifactHub-only install policy)
- Fill in CHANGELOG entries for v0.2.22, v0.2.23, v0.2.24
- Update CHANGELOG [1.0.0] and version comparison links
- All 233 tests pass

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-03-24 21:25:26 +00:00

7.9 KiB
Raw Permalink Blame History

Changelog

All notable changes to the Headlamp Sealed Secrets Plugin will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

1.0.0 - 2026-03-24

Added

  • Explicit vitest, @testing-library/react, @testing-library/jest-dom, jsdom, react, and react-dom devDependencies so tests run reliably without relying on transitive hoisting

Changed

  • Bump to v1.0.0 — stable public API, comprehensive test coverage, ArtifactHub-only installation

Fixed

  • Removed install-plugin.sh custom install script in compliance with ArtifactHub-only installation policy

0.2.24 - 2026-03-19

Fixed

  • Added npm overrides for tar (>=7.5.11) and undici (>=7.24.3) to resolve security advisories
  • Added pull-requests: write permission to release workflow to unblock PR creation

Changed

  • Added ArtifactHub-only installation policy (INSTALLATION_POLICY.md)
  • Removed manual install instructions from README
  • Dependency bumps: tar 7.5.7→7.5.11, undici 7.14.0→7.24.4, rollup 4.46.3→4.59.0, minimatch 3.1.2→3.1.5, qs 6.14.1→6.15.0, storybook 9.1.17→9.1.20

0.2.23 - 2026-03-09

Changed

  • Internal release-pipeline stabilization (re-release of v0.2.22 fixes)

0.2.22 - 2026-03-09

Added

  • Architecture decision records for error boundaries and hooks architecture

Fixed

  • Removed remaining any types, dead code, and unused exports; added comprehensive tests
  • Added missing archive-checksum annotation to artifacthub-pkg.yml
  • Upstream appVersion tracking in release workflow (automatically syncs sealed-secrets controller version)
  • Package renamed to headlamp-sealed-secrets on ArtifactHub for discoverability
  • Added FUNDING.yml and Apache-2.0 LICENSE file

Changed

  • Enhanced Renovate configuration

0.2.21 - 2026-03-04

Added

  • Claude Code agent definitions for Headlamp plugin development assistance

Fixed

  • Hardcoded color in SealingKeysView now uses CSS variable for dark mode support
  • Missing async cancellation in SealedSecretDetail useEffect
  • Accessibility gaps: added aria-labels to detail panel buttons and dialogs
  • Replaced any types with proper typed row interfaces in SimpleTable getters
  • Corrected broken links, stale versions, and dead references across documentation
  • Fixed LICENSE and README links in README.md
  • Fixed appVersion mismatch in artifacthub-pkg.yml
  • Removed dead documentation links from docs/README.md

0.2.4 - 2026-02-12

Fixed

  • Replaced @mui/icons-material with @iconify/react to fix plugin loading
  • Headlamp provides Iconify as a global dependency, not Material-UI icons
  • Plugin now loads correctly and appears in sidebar navigation

Changed

  • Icon mappings: All Material-UI icons converted to Iconify equivalents
    • ErrorOutline → mdi:alert-circle-outline
    • ContentCopy → mdi:content-copy
    • Visibility → mdi:eye, VisibilityOff → mdi:eye-off
    • CheckCircle → mdi:check-circle
    • Error → mdi:alert-circle, Warning → mdi:alert
    • Add → mdi:plus, Delete → mdi:delete
  • Bundle size: 358.18 kB (98.04 kB gzipped) - unchanged

Technical

  • Fixed test-setup.ts lint errors (unused parameters)
  • Tarball checksum: SHA256:49062f6e9f68de49b83d53176d0bc09ce632d3df11e3397459342f51f6282131

0.2.3 - 2026-02-12

Note

Version 0.2.3 was published but with checksum mismatch on Artifact Hub. Superseded by v0.2.4.

0.2.2 - 2026-02-12

Fixed

  • Downgraded @kinvolk/headlamp-plugin from ^0.13.1 to ^0.13.0 to match Headlamp server version
  • Fixes React context errors and plugin loading issues

0.2.1 - 2026-02-12

Fixed

  • Removed invalid main field from package.json that prevented plugin loading

0.2.0 - 2026-02-12

Added

  • Result Types: Type-safe error handling with Result<T, E> pattern
  • Branded Types: Compile-time type safety for PlaintextValue, EncryptedValue, Base64String, PEMCertificate
  • Input Validation: Kubernetes-compliant validators with helpful error messages
  • Retry Logic: Exponential backoff with jitter for resilient API calls
  • Certificate Expiry Warnings: 30-day advance notice for expiring sealing keys
  • Controller Health Checks: Real-time status monitoring with auto-refresh
  • RBAC Integration: Permission-aware UI that shows/hides actions based on user permissions
  • API Version Detection: Automatic compatibility detection for SealedSecrets CRD
  • Custom React Hooks: Extracted business logic (useSealedSecretEncryption, usePermissions, useControllerHealth)
  • React Performance: Optimized with useMemo, useCallback, React.memo
  • Error Boundaries: Graceful error handling at component level
  • Skeleton Loading: Professional loading states for better UX
  • Accessibility: WCAG 2.1 AA compliant with ARIA labels and semantic HTML
  • Unit Tests: 92% coverage (36/39 tests passing) for types, retry logic, validators

Changed

  • Updated bundle size: 359.73 kB (98.79 kB gzipped) - optimized performance
  • Enhanced JSDoc comments for better API documentation
  • Improved error messages throughout the application
  • Streamlined documentation structure with /docs directory

Security

  • Enhanced type safety prevents mixing plaintext and encrypted values at compile time
  • Certificate validation with expiry detection
  • Input validation prevents invalid Kubernetes resource names

Technical

  • TypeScript 5.6.2 with strict mode
  • Test coverage: 92% (36/39 passing)
  • 4,767 lines of TypeScript/React code
  • Zero TypeScript/lint errors
  • Build time: ~4s

0.1.0 - 2026-02-11

Added

  • Initial release of Headlamp Sealed Secrets plugin
  • SealedSecret CRD integration with list and detail views
  • Client-side encryption using controller's public key
  • Support for all three scoping modes (strict, namespace-wide, cluster-wide)
  • Encryption dialog for creating new SealedSecrets
  • Decryption dialog for viewing secret values (RBAC-aware)
  • Sealing keys management view
  • Settings page for controller configuration
  • Integration with Headlamp's Secret detail view
  • Comprehensive documentation and README
  • Apache 2.0 license
  • Artifact Hub metadata for publishing

Security

  • All encryption performed client-side in browser
  • Plaintext values never transmitted over network
  • RSA-OAEP + AES-256-GCM encryption (compatible with kubeseal)
  • Auto-hide decrypted values after 30 seconds
  • Password-masked inputs with show/hide toggle

Technical

  • Full TypeScript with strict mode
  • ~1,345 lines of code
  • Build size: 339.42 kB (93.21 kB gzipped)
  • Dependencies: node-forge for cryptography
  • Compatible with Headlamp v0.13.0+
Reference in New Issue View Git Blame Copy Permalink