0.10.4 (2022/09/13)
New and Improved
- Controller-led worker authorization: This is a second authorization option for
the workers using PKI-based authentication that was introduced in Boundary
0.10.0. In 0.10.0, the only mode available was "worker-led", in which a worker
generates an authorization request which can be submitted to a controller to
authorize the worker. With this new controller-led flow, a worker can be
created via the controller API first and return a one-time-use authorization
token. This token can then be made available to the worker at startup time via
its configuration file, env var, or a file with the value. If the worker is
not authorized and this token is provided, it will use the token to authorize
itself to the controller and set up PKI-based authentication.
(PR) - Initial upstreams reloading on
SIGHUP
: Workers will now re-read the
initial_upstreams
value from the configuration file when given a SIGHUP.
This allows a worker to reconnect to controllers if the full set of
controllers has been changed over at the same time, without having to restart
the worker. (PR)
Bug Fixes
- vault: Correctly handle Vault credential stores and libraries that are linked to an
expired Vault token. (Issue,
PR). - aws host catalog: Fix an issue where the request to list hosts could timeout
on a large number of hosts
(Issue,
PR) - aws host catalog: Fix an issue where filters could become unreadable in the UI
if only one filter was created and was set by the CLI or directly via the API
(PR1,
PR2) - aws host catalog: Use provided region for IAM calls in addition to EC2
(Issue,
PR) - azure host catalog: Fix hosts not being found depending on the exact filter
used because different filters return values with different casing
(PR) - sessions: Fix an issue where sessions could not have more than one connection
(Issue,
PR) - workers: Fix repeating error in logs when connected to HCP Boundary about an
unimplemented HcpbWorkers call
(PR) - workers: Fix a panic that could occur when
workers:create:worker-led
(e.g.
viaboundary workers create worker-led
) was given an invalid token
(PR) - workers: Add the ability to set API-based worker tags via the CLI
(PR)