github hashicorp/boundary v0.11.1
on GitHub

latest releases: v0.16.3, v0.17.1, v0.17.0...
22 months ago

0.11.1 (2022/11/30)

New and Improved

  • Vault Parameter Templating: In vault credential libraries, the paths and any
    POST bodies can contain templated parameters using Go template syntax (similar
    to Consul-Template). The following template parameters are supported (note
    that account values are tied to the account associated with the token making
    the call):

    • {{ .User.Id }}: the user's ID
    • {{ .User.Name }}: the user's name (from the user resource)
    • {{ .User.FullName }}: the user's name (from the account corresponding to
      the primary auth method in the user's scope; this may not be populated or
      maybe different than the account name in the template)
    • {{ .User.Email }}: the user's email address (same caveat as FullName)
    • {{ .Account.Id }}: the account's ID
    • {{ .Account.Name }}: the account's name (from the account resource)
    • {{ .Account.LoginName }}: the account's login name (if used by that type
      of account)
    • {{ .Account.Subject }}: the account's subject (if used by that type
      of account)
    • {{ .Account.Email }}: the account's email (if used by that type
      of account)

    Additionally, there is currently a single function that strips the rest of a
    string after a specified substring; this is useful for pulling an user/account name from an email address. In the following example it uses the account email can be any other parameter:

    • {{ truncateFrom .Account.Email "@" }}: this would turn foo@example.com into foo

  • Per-scope key lifecycle management: You can now manage the lifecycles of both Key
    Encryption Keys (KEKs) and Data Encryption Keys (DEKs) using the new key rotation
    and key version destruction functionality. To learn more about this new feature,
    refer to the
    documentation.

    Upgrade notice: If the Database purpose DEK for a scope is destroyed, you must use
    the API to cancel any sessions that predate the upgrade.
    (PR)

  • workers: PKI Worker daemons now get disconnected from upstreams when their
    corresponding resource is deleted (PR)

Bug Fixes

  • sessions: Fix workers not being in random order when returned to clients at
    authorize-session time, which could allow one worker to bear the majority of
    sessions (PR)
  • workers: In some error conditions when sending status to controllers, errors
    could be written to stdout along with a message that they could not
    successfully be evented instead of being written to the event log
    (PR)
  • workers: Fixed a panic that can happen in certain situations
    (PR)
  • sessions: Fixed a panic in a controller when a worker is deleted while
    sessions are ongoing (PR)
  • sessions: Fixed a panic in a worker when a user with an active
    session is deleted (PR)
  • sessions: Fixed a bug where reading a session after its associated project
    had been deleted would result in an error
    (PR)
  • config: Fixed a bug where supplying multiple KMS blocks with the same purpose
    would silently ignore all but the last block
    (PR)

Deprecations/Changes

  • In order to standardize on the templating format, templates in
    grants
    now are documented to use the new capitalization and format; however, the
    previous style will continue to work.
Check out latest releases or
releases around hashicorp/boundary v0.11.1

Don't miss a new boundary release

NewReleases is sending notifications on new releases.

Get notifications