0.3.0 (2021/06/08)
Deprecations/Changes
password
account IDs: When theoidc
auth method came out, accounts were
given the prefixacctoidc
. Unfortunately, accounts in thepassword
method
were usingapw
...oops. We're standardizing onacct
and have updated the
password
method to generate new IDs withacctpw
prefixes.
Previously-generated prefixes will continue to work.
New and Improved
- oidc: The new Managed Groups feature allows groups of accounts to be created
based on an authenticating user's JWT or User Info data. This data uses the
same filtering syntax found elsewhere in Boundary to provide a rich way to
specify the criteria for group membership. Once defined, authenticated users
are added to or removed from these groups as appropriateds each time they
authenticate. These groups are treated like other role principals and can be
added to roles to provide grants to users. - dev: Predictable IDs in
boundary dev
mode now extend to the accounts created
in the defaultpassword
andoidc
auth methods. - mlock: Add a Docker entrypoint script and modify Dockerfiles to handle mlock
in a fashion similar to Vault
(PR)