consul v1.7.0-beta3 Release Notes

Release Date: 2020-01-24 // 5 months ago
  • 💥 BREAKING CHANGES:

    • agent: The ACL requirement for the agent/force-leave endpoint is now operator:write rather than agent:write. [GH-7033]
    • intentions: Change the ACL requirement and enforcement for wildcard rules. Previously this would look for an ACL rule that would grant access to the service/intention *. Now, in order to write a wildcard intention requires write access to all intentions and reading a wildcard intention requires read access to any intention that would match. Additionally intention listing and reading allow access if the requester can read either side of the intention whereas before it only allowed it for permissions on the destination side. [GH-7028]

    🔋 FEATURES:

    • acl: (Consul Enterprise only) auth methods defined in the default namespace gained the ability to create tokens in alternate namespaces. This capability was implemented for all existing auth methods.
    • connect: (Consul Enterprise only) Namespaces are now fully functional with Connect and Configuration Entries.

    👌 IMPROVEMENTS:

    • 🔧 agent: default the primary_datacenter to the datacenter if not configured [GH-7111]
    • 🔧 agent: configurable MaxQueryTime and DefaultQueryTime [GH-3777]
    • agent: do not deregister service checks twice [GH-6168]
    • 🚚 agent: remove service sidecars in cleanupRegistration [GH-7022]
    • agent: setup grpc server with auto_encrypt certs and add -https-port [GH-7086
    • api: A new /v1/catalog/node-services/:node endpoint was added that mirrors the existing /v1/catalog/node/:node endpoint but has a response structure that contains a slice of services instead of a map of service ids to services. This new endpoint allow retrieving all services in all namespaces for a node. [GH-7115]
    • 🔧 auto_encrypt: set dns and ip san for k8s and provide configuration [GH-6944]
    • connect: check if intermediate cert needs to be renewed. [GH-6835]
    • dns: Improvement to enable dual stack IPv4/IPv6 addressing of services and lookup via DNS [GH-6531]
    • 🔒 lock: consul lock will now receive shutdown signals during the lock-acquisition process. [GH-5909]
    • raft: increase raft notify buffer [GH-6863]
    • ⚡️ raft: update raft to v1.1.2 [GH-7079]
    • 🌲 rpc: log method when a server/server RPC call fails [GH-4548]
    • 💻 ui: Use more consistent icons with other HashiCorp products in the UI [GH-6851]
    • 💻 ui: Improvements to the Discovery Chain visualisation in respect to redirects [GH-7036]
    • 💻 ui: Improvement keyboard navigation of the main menu [GH-7090]
    • 🔊 ui: New row confirmation dialogs [GH-7007]

    🛠 BUGFIXES:

    • connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index [GH-7011]
    • ⚡️ connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison [GH-7012]
    • connect: use correct subject key id for leaf certificates. [GH-7091]