v0.2.0

What's Changed

• Update dependency go to v1.24.5 by @renovate[bot] in #1
• Update module k8s.io/apimachinery to v0.33.3 by @renovate[bot] in #2
• Update module github.com/alecthomas/kong to v1.12.0 by @renovate[bot] in #4
• Update module github.com/crossplane/crossplane-runtime to v1.20.0 by @renovate[bot] in #5
• Update module github.com/alecthomas/kong to v1.12.1 by @renovate[bot] in #6
• Update actions/download-artifact action to v5 by @renovate[bot] in #7
• Update actions/checkout digest to 08eba0b by @renovate[bot] in #10
• Update module sigs.k8s.io/controller-tools to v0.19.0 by @renovate[bot] in #13
• Update actions/setup-go action to v6 by @renovate[bot] in #14
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #15
• Remove duplicated renovate.json by @ytsarev in #17
• Update module k8s.io/apimachinery to v0.34.1 by @renovate[bot] in #12
• Update xpkg.upbound.io/crossplane-contrib/function-patch-and-transform Docker tag to v0.9.1 by @renovate[bot] in #16
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #20
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #27
• Update module k8s.io/apimachinery to v0.34.2 by @renovate[bot] in #22
• Update xpkg.upbound.io/crossplane-contrib/function-patch-and-transform Docker tag to v0.9.2 by @renovate[bot] in #23
• Update module github.com/alecthomas/kong to v1.13.0 by @renovate[bot] in #24
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #30
• Update module github.com/crossplane/crossplane-runtime to v2 by @renovate[bot] in #9
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #36
• Update xpkg.upbound.io/crossplane-contrib/function-patch-and-transform Docker tag to v0.10.0 by @renovate[bot] in #33
• Update module sigs.k8s.io/controller-tools to v0.20.0 by @renovate[bot] in #35
• 🔄 synced file(s) with upbound/sa-up by @upbound-bot in #38

New Contributors

• @renovate[bot] made their first contribution in #1
• @upbound-bot made their first contribution in #15
• @ytsarev made their first contribution in #17

Full Changelog: v0.1.0...v0.2.0

v0.1.0

🎉 First Stable Release

We're excited to announce the first stable release of function-approve - a Crossplane Composition Function for implementing robust
manual approval workflows in your infrastructure pipelines.

🚀 Key Features

Approval-Based Pipeline Control

• Fatal Result Mechanism: Uses Crossplane's fatal results to completely halt pipeline execution when approval is required
• Hash-Based Change Detection: Automatically detects changes using SHA256 hashing of specified data fields
• Explicit Approval Required: Changes only proceed after manual approval via status.approved: true

Rich Status Feedback

• ApprovalRequired Conditions: Detailed conditions showing what needs approval
• Comprehensive Error Messages: Clear messaging about required approvals with hash comparisons
• Approval History: Tracks approved state via currentHash field

Simple Configuration

• Minimal API: Clean, intuitive configuration options
• Sensible Defaults: Works out-of-the-box with minimal configuration
• Flexible Field Mapping: Configure which fields to monitor and where to store state

📋 Configuration Options

🔧 How It Works

1. Change Detection: Function calculates SHA256 hash of monitored field
2. Approval Check: Compares with previously approved hash in status.currentHash
3. Pipeline Control: Returns fatal result if changes detected and not approved
4. Approval Processing: Updates currentHash and resets approval flag after approval
5. Status Feedback: Provides clear conditions and error messages for operators

💡 Example Usage

  apiVersion: apiextensions.crossplane.io/v1
  kind: Composition
  spec:
    pipeline:
    - step: require-approval
      functionRef:
        name: function-approve
      input:
        apiVersion: approve.fn.crossplane.io/v1alpha1
        kind: Input
        dataField: "spec.resources"
        approvalField: "status.approved"
        currentHashField: "status.currentHash"
        detailedCondition: true
        approvalMessage: "Infrastructure changes require approval"

🎯 Design Principles

• Fail-Safe: Defaults to requiring approval for safety
• Transparent: Clear status reporting and error messages
• Simple: Minimal configuration with sensible defaults
• Reliable: Uses proven fatal result mechanism for pipeline control

📚 Documentation

• Complete Examples: Ready-to-use composition and XRD examples
• Configuration Guide: Detailed documentation for all options
• Best Practices: Security and workflow recommendations
• Troubleshooting: Common issues and solutions

🔄 Approval Workflow

1. Make changes to monitored resource fields
2. Function detects changes and halts pipeline with fatal result
3. Review changes via resource conditions and status
4. Approve changes: kubectl patch --type=merge --subresource=status -p '{"status":{"approved":true}}'
5. Pipeline resumes and applies approved changes
6. Function updates currentHash and resets approval flag

🌟 Benefits

• Infrastructure Safety: Prevent accidental changes to critical resources
• Change Visibility: Clear audit trail of what was approved when
• Compliance: Support regulatory requirements for change approval
• Team Coordination: Enable review processes for infrastructure changes
• Risk Reduction: Catch and review potentially dangerous modifications

📦 Installation

  apiVersion: pkg.crossplane.io/v1beta1
  kind: Function
  metadata:
    name: function-approve
  spec:
    package: xpkg.upbound.io/upbound/function-approve:v0.1.0

🔮 What's Next

This stable release provides a solid foundation for approval workflows. Future enhancements may include:

• Multi-step approval processes
• Integration with external approval systems
• Advanced notification capabilities
• Approval timeout mechanisms

---

Get Started: Check out the ./example/ directory for complete working configurations.

Need Help?: Visit our ./README.md or open an issue for support.

Security: Report security issues privately via GitHub Security Advisories.