consul v1.7.0-beta3 Release Notes
Release Date: 2020-01-24 // over 4 years ago-
๐ฅ BREAKING CHANGES:
- agent: The ACL requirement for the agent/force-leave endpoint is now
operator:write
rather thanagent:write
. [GH-7033] - intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention
*
. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]
๐ FEATURES:
- acl: (Consul Enterprise only) auth methods defined in the
default
namespace gained the ability to create tokens in alternate namespaces. This capability was implemented for all existing auth methods. - connect: (Consul Enterprise only) Namespaces are now fully functional with Connect and Configuration Entries.
๐ IMPROVEMENTS:
- ๐ง agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
- ๐ง agent: configurable
MaxQueryTime
andDefaultQueryTime
[GH-3777] - agent: do not deregister service checks twice [GH-6168]
- ๐ agent: remove service sidecars in
cleanupRegistration
[GH-7022] - agent: setup grpc server with auto_encrypt certs and add
-https-port
[GH-7086 - api: A new
/v1/catalog/node-services/:node
endpoint was added that mirrors the existing/v1/catalog/node/:node
endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allow retrieving all services in all namespaces for a node. [GH-7115] - ๐ง auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
- connect: check if intermediate cert needs to be renewed. [GH-6835]
- dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
- ๐ lock:
consul lock
will now receive shutdown signals during the lock-acquisition process. [GH-5909] - raft: increase raft notify buffer [GH-6863]
- โก๏ธ raft: update raft to v1.1.2 [GH-7079]
- ๐ฒ rpc: log method when a server/server RPC call fails [GH-4548]
- ๐ป ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
- ๐ป ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
- ๐ป ui: Improvement keyboard navigation of the main menu [GH-7090]
- ๐ ui: New row confirmation dialogs [GH-7007]
๐ BUGFIXES:
- connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
- โก๏ธ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
- connect: use correct subject key id for leaf certificates. [GH-7091]
- agent: The ACL requirement for the agent/force-leave endpoint is now