🚀 Enhancements
Update Alpine, Debian, and Python, and helm plugins @Nuru (#759)
what
- Update Debian 10.11 -> 11.2
- Update Python3 on Debian 3.8.12 -> 3.9.10
- Update Alpine 3.13.7 -> 3.15.0 (Updates Python3 3.8.10 -> 3.9.7, dictated by Alpine package repo)
- Update
helm-diff3.1.3 -> 3.32 - Update
helm-git0.8.1 -> 0.11.1 - Update
helm-2to30.8.1 -> 0.9.0
why
- Update to newer versions while considering risks of updating to latest versions
refererences
- Alpine: https://alpinelinux.org/posts/Alpine-3.15.0-released.html
- Debian: https://www.debian.org/releases/bullseye/
- Python: https://www.python.org/doc/versions/
helm-diff: https://github.com/databus23/helm-diff/releaseshelm-git: https://github.com/aslafy-z/helm-git/releaseshelm-2to3: https://github.com/helm/helm-2to3/releases
Support Docker rootless mode & fix file ownership in root mode @Nuru (#771)
what && why
- Install wrapper script in
$HOME/.local/bin(per XDG recommendation) if/usr/local/binis not writable. Supports preferred solution for #594, which is to have users run Docker in "rootless" mode. - Provide option to use BindFS to map file owners on the host. Fixes #594 for users running
dockerdaemon as root. - Resolves #766
- Resolves #767
- Downgrade the warning for Apple M1 Emulating Intel from seriously unsupported to a notice that there may be issues. Progress on #719 in that it appears the emulator is getting better, but still insufficient progress on native M1 support.
- Minor cleanups.
notes
This release introduces a new customization:
export GEODESIC_HOST_BINDFS_ENABLED=true
When Geodesic is launched by a shell where $GEODESIC_HOST_BINDFS_ENABLED == true it will configure /localhost so that files created by root inside Geodesic will have their ownership mapped to the same user ID and group ID as on the host. This a solution for people experiencing #594 and ONLY them. If your present solution is not creating files on the host owned by root then option will likely cause new problems.
Note further that this is a workaround and not the desired solution. Our recommendation is that you resolve the underlying issue by running Docker in "rootless" mode. This is much more secure and avoids the issue causing problems in the first place.
🐛 Bug Fixes
Support Docker rootless mode & fix file ownership in root mode @Nuru (#771)
what && why
- Install wrapper script in
$HOME/.local/bin(per XDG recommendation) if/usr/local/binis not writable. Supports preferred solution for #594, which is to have users run Docker in "rootless" mode. - Provide option to use BindFS to map file owners on the host. Fixes #594 for users running
dockerdaemon as root. - Resolves #766
- Resolves #767
- Downgrade the warning for Apple M1 Emulating Intel from seriously unsupported to a notice that there may be issues. Progress on #719 in that it appears the emulator is getting better, but still insufficient progress on native M1 support.
- Minor cleanups.
notes
This release introduces a new customization:
export GEODESIC_HOST_BINDFS_ENABLED=true
When Geodesic is launched by a shell where $GEODESIC_HOST_BINDFS_ENABLED == true it will configure /localhost so that files created by root inside Geodesic will have their ownership mapped to the same user ID and group ID as on the host. This a solution for people experiencing #594 and ONLY them. If your present solution is not creating files on the host owned by root then option will likely cause new problems.
Note further that this is a workaround and not the desired solution. Our recommendation is that you resolve the underlying issue by running Docker in "rootless" mode. This is much more secure and avoids the issue causing problems in the first place.
🧰 Included Tools
Update AWS CLI packages @renovate (#770)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| awscli (source, changelog) | ==1.22.46 -> ==1.22.56
| ||||
| boto3 | ==1.20.46 -> ==1.21.1
|
Release Notes
aws/aws-cli
v1.22.56
=======
- api-change:
glue: Support for optimistic locking in UpdateTable - api-change:
ec2: Documentation updates for EC2. - api-change:
budgets: Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast. - api-change:
ssm: Assorted ticket fixes and updates for AWS Systems Manager. - api-change:
ce: AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers.
v1.22.55
=======
- api-change:
rds: Adds support for determining which Aurora PostgreSQL versions support Babelfish. - api-change:
appflow: Launching Amazon AppFlow SAP as a destination connector SDK. - api-change:
athena: This release adds a subfield, ErrorType, to the AthenaError response object in the GetQueryExecution API when a query fails.
v1.22.54
=======
- api-change:
ssm: Documentation updates for AWS Systems Manager.
v1.22.53
=======
- api-change:
cloudformation: This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes - api-change:
lookoutvision: This release makes CompilerOptions in Lookout for Vision's StartModelPackagingJob's Configuration object optional. - api-change:
pinpoint: This SDK release adds a new paramater creation date for GetApp and GetApps Api call - api-change:
sns: Customer requested typo fix in API documentation. - api-change:
wafv2: Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
v1.22.52
=======
- api-change:
cloudformation: This SDK release is for the feature launch of AWS CloudFormation Hooks.
v1.22.51
=======
- api-change:
s3control: This release adds support for S3 Batch Replication. Batch Replication lets you replicate existing objects, already replicated objects to new destinations, and objects that previously failed to replicate. Customers will receive object-level visibility of progress and a detailed completion report. - api-change:
kendra: Amazon Kendra now provides a data source connector for Amazon FSx. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html - api-change:
sagemaker: Autopilot now generates an additional report with information on the performance of the best model, such as a Confusion matrix and Area under the receiver operating characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations. - api-change:
apprunner: This release adds support for App Runner to route outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and UpdateService.
v1.22.50
=======
- api-change:
auditmanager: This release updates 3 API parameters. UpdateAssessmentFrameworkControlSet now requires the controls attribute, and CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework now has a minimum length constraint for the controlSets attribute. - api-change:
events: Update events command to latest version - api-change:
ssm-incidents: Update RelatedItem enum to support SSM Automation - api-change:
synthetics: Adding names parameters to the Describe APIs.
v1.22.49
=======
- api-change:
lakeformation: Add support for calling Update Table Objects without a TransactionId. - api-change:
athena: You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error. - api-change:
rds: updates for RDS Custom for Oracle 12.1 support
v1.22.48
=======
- api-change:
rbin: Add EC2 Image recycle bin support. - api-change:
meteringmarketplace: Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500. - api-change:
ec2: adds support for AMIs in Recycle Bin - api-change:
robomaker: The release deprecates the use various APIs of RoboMaker Deployment Service in favor of AWS IoT GreenGrass v2.0.
v1.22.47
=======
- api-change:
emr: Update emr command to latest version - api-change:
elasticache: Documentation update for AWS ElastiCache - enhancement:datapipeline: Deprecated support for the datapipeline create-default-roles command
- api-change:
es: Allows customers to get progress updates for blue/green deployments - api-change:
fis: Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These actions return additional details about resource types and parameters that can be targeted by FIS actions. Added a parameters field for the targets that can be specified in experiment templates. - api-change:
comprehend: Amazon Comprehend now supports sharing and importing custom trained models from one AWS account to another within the same region. - api-change:
dynamodb: Documentation update for DynamoDB Java SDK. - api-change:
iot: This release adds support for configuring AWS IoT logging level per client ID, source IP, or principal ID. - api-change:
ce: Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions - api-change:
appflow: Launching Amazon AppFlow Custom Connector SDK. - api-change:
glue: Launch Protobuf support for AWS Glue Schema Registry - api-change:
personalize: Adding minRecommendationRequestsPerSecond attribute to recommender APIs.
boto/boto3
v1.21.1
======
- api-change:
ec2: [botocore] Documentation updates for EC2. - api-change:
budgets: [botocore] Adds support for auto-adjusting budgets, a new budget method alongside fixed and planned. Auto-adjusting budgets introduces new metadata to configure a budget limit baseline using a historical lookback average or current period forecast. - api-change:
ce: [botocore] AWS Cost Anomaly Detection now supports SNS FIFO topic subscribers. - api-change:
glue: [botocore] Support for optimistic locking in UpdateTable - api-change:
ssm: [botocore] Assorted ticket fixes and updates for AWS Systems Manager.
v1.21.0
======
- api-change:
appflow: [botocore] Launching Amazon AppFlow SAP as a destination connector SDK. - feature:Parser: [
botocore] Adding support for parsing int/long types in rest-json response headers. - api-change:
rds: [botocore] Adds support for determining which Aurora PostgreSQL versions support Babelfish. - api-change:
athena: [botocore] This release adds a subfield, ErrorType, to the AthenaError response object in the GetQueryExecution API when a query fails.
v1.20.54
=======
- api-change:
ssm: [botocore] Documentation updates for AWS Systems Manager.
v1.20.53
=======
- api-change:
cloudformation: [botocore] This SDK release adds AWS CloudFormation Hooks HandlerErrorCodes - api-change:
lookoutvision: [botocore] This release makes CompilerOptions in Lookout for Vision's StartModelPackagingJob's Configuration object optional. - api-change:
pinpoint: [botocore] This SDK release adds a new paramater creation date for GetApp and GetApps Api call - api-change:
sns: [botocore] Customer requested typo fix in API documentation. - api-change:
wafv2: [botocore] Adds support for AWS WAF Fraud Control account takeover prevention (ATP), with configuration options for the new managed rule group AWSManagedRulesATPRuleSet and support for application integration SDKs for Android and iOS mobile apps.
v1.20.52
=======
- api-change:
cloudformation: [botocore] This SDK release is for the feature launch of AWS CloudFormation Hooks.
v1.20.51
=======
- api-change:
kendra: [botocore] Amazon Kendra now provides a data source connector for Amazon FSx. For more information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-fsx.html - api-change:
apprunner: [botocore] This release adds support for App Runner to route outbound network traffic of a service through an Amazon VPC. New API: CreateVpcConnector, DescribeVpcConnector, ListVpcConnectors, and DeleteVpcConnector. Updated API: CreateService, DescribeService, and UpdateService. - api-change:
s3control: [botocore] This release adds support for S3 Batch Replication. Batch Replication lets you replicate existing objects, already replicated objects to new destinations, and objects that previously failed to replicate. Customers will receive object-level visibility of progress and a detailed completion report. - api-change:
sagemaker: [botocore] Autopilot now generates an additional report with information on the performance of the best model, such as a Confusion matrix and Area under the receiver operating characteristic (AUC-ROC). The path to the report can be found in CandidateArtifactLocations.
v1.20.50
=======
- api-change:
auditmanager: [botocore] This release updates 3 API parameters. UpdateAssessmentFrameworkControlSet now requires the controls attribute, and CreateAssessmentFrameworkControl requires the id attribute. Additionally, UpdateAssessmentFramework now has a minimum length constraint for the controlSets attribute. - api-change:
synthetics: [botocore] Adding names parameters to the Describe APIs. - api-change:
ssm-incidents: [botocore] Update RelatedItem enum to support SSM Automation - api-change:
events: [botocore] Update events client to latest version - enhancement:Lambda Request Header: [
botocore] Adding request header for Lambda recursion detection.
v1.20.49
=======
- api-change:
athena: [botocore] You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error. - api-change:
rds: [botocore] updates for RDS Custom for Oracle 12.1 support - api-change:
lakeformation: [botocore] Add support for calling Update Table Objects without a TransactionId.
v1.20.48
=======
- api-change:
ec2: [botocore] adds support for AMIs in Recycle Bin - api-change:
robomaker: [botocore] The release deprecates the use various APIs of RoboMaker Deployment Service in favor of AWS IoT GreenGrass v2.0. - api-change:
meteringmarketplace: [botocore] Add CustomerAWSAccountId to ResolveCustomer API response and increase UsageAllocation limit to 2500. - api-change:
rbin: [botocore] Add EC2 Image recycle bin support.
v1.20.47
=======
- api-change:
emr: [botocore] Update emr client to latest version - api-change:
personalize: [botocore] Adding minRecommendationRequestsPerSecond attribute to recommender APIs. - enhancement:Request headers: [
botocore] Adding request headers with retry information. - api-change:
appflow: [botocore] Launching Amazon AppFlow Custom Connector SDK. - api-change:
dynamodb: [botocore] Documentation update for DynamoDB Java SDK. - api-change:
iot: [botocore] This release adds support for configuring AWS IoT logging level per client ID, source IP, or principal ID. - api-change:
comprehend: [botocore] Amazon Comprehend now supports sharing and importing custom trained models from one AWS account to another within the same region. - api-change:
ce: [botocore] Doc-only update for Cost Explorer API that adds INVOICING_ENTITY dimensions - api-change:
fis: [botocore] Added GetTargetResourceType and ListTargetResourceTypesAPI actions. These actions return additional details about resource types and parameters that can be targeted by FIS actions. Added a parameters field for the targets that can be specified in experiment templates. - api-change:
es: [botocore] Allows customers to get progress updates for blue/green deployments - api-change:
glue: [botocore] Launch Protobuf support for AWS Glue Schema Registry - api-change:
elasticache: [botocore] Documentation update for AWS ElastiCache