You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
0.15.0 (2024/01/30)
Deprecations/Changes
Per the note in Boundary 0.13.0, the previous kms worker method has been
removed. Since 0.13.0, unless the use_deprecated_kms_auth_method value was
set on the worker config, the new kms mechanism was already being used; this
is simply no longer an available option.
Per the notes in Boundary 0.12.0 and 0.14.0, it is now an error if an address
on a host or target contains a port. As of this release, this restriction also
affects existing addresses (not just creation/updating via the API) so any
existing addresses containing a port will not be able to be used as part of a
target's session authorization call.
The grant_scope_id field on roles is now deprecated in favor of the multiple
grant scope support.
Per the note in Boundary 0.13.1, the id field in grants has changed to ids
which allows multiple ids to be included; existing grants submitted to
Boundary will continue to work, but grants using "id" can no longer be added
to or set on a role.
All list endpoints except workers now return the first 1000 items instead
of all items if no parameters are provided. The number of items returned can
be configured through the new controller configuration value max_page_size.
The Admin UI, CLI and api package automatically paginate results.
New and Improved
Multiple grant scopes in roles: Roles now support multiple grant scopes, along
with the special values this, children (global/org only) to apply to all
direct children of a scope, and descendants (global only) to apply to all
descendants of a scope. These use the new actions add-grant-scopes, set-grant-scopes, and remove-grant-scopes on roles. For now the grant_scope_id field on roles will continue to be able to be set, which will
set a single grant scope, but this capability is now deprecated.
Policies (Enterprise and HCP Boundary only): This release introduces Policies, a
Boundary resource that represents a Governance Policy to enforce. The first
implementation targets Storage Policies, which enables administrators to automate
the process of retention and deletion of Session Recordings, ensuring that they're only
retaining data that is explicitly required from a security/compliance perspective.
ui: Add full UI support for Storage Policies managing the lifecycle of Session Recordings.
(PR)
New generic commands read, update, and delete have been added. These
allow operating on resources by directly specifying the ID of the resource as
the next parameter (e.g. boundary update ttcp_1234567890). Subtypes do not
need to be specified (e.g. that command is equivalent to boundary targets update tcp -id ttcp_1234567890), and any flags given after the ID are passed
through to the type-specific subcommand. Once the ID has been entered,
autocomplete is also supported.
(PR)
The key_id parameter within SSH Certificate Credential Libraries now accepts
the use of templated parameters
(PR)
List endpoint pagination: All list endpoints except workers now support pagination.
api: All list endpoints except workers have added support for pagination.
The api package automatically paginates until the end of the results. The new
`WithListToken`` option can be used to request a list of updated and deleted resources
relative to the last result received.
config: add new controller field max_page_size for controlling the default and max size
of pages when paginating through results.
New command search has been added allowing quick searching of targets or
sessions. It utilizes a client side cache also added in this release. The
client side cache starts itself automatically in the background when successfully
executing any command that communicates with a Boundary controller. To disable
the client cache from starting automatically set the BOUNDARY_SKIP_CACHE_DAEMON environment variable or pass the -skip-cache-daemon flag when running a command that may start it.
Commands daemon start, daemon stop, daemon status, and daemon add-token
were added to help manage the cache. The cache does not currently work with
Boundary instances that require the use of client side certs.