v0.18.0
Infra Access Keys
Infra's access keys can now be generated in the dashboard. This unlocks many use cases. Some examples include:
- Dynamically changing/revoking permissions for users and groups
- CI/CD infrastructure access (i.e. GitHub Actions)
- Other actions that can be performed via Infra API
Caveats:
Currently, access keys share the same permissions as the user who created it. This is not very ideal for users who want to have scoped keys that have dedicated use cases. This problem will be addressed in the future.
For now, it is advisable to create another user, assign only limited permissions for that user, and login as that user to generate an access key for usage. Once this is created, the administrator account can be used to scope the permissions of that user (or multiple users).
Improved Kubeconfig support for multiple namespaces
For Kubernetes clusters where a user/group has access to multiple individual namespaces, only one kubeconfig context will be created for a single cluster. Previously, if a user had access to multiple namespaces within a cluster, the user will receive a context for each individual namespace.
CLI quality of life improvements
- Change access keys to make their names unique to a specific user, instead of for an entire org
- Make
infra keys list
default to the current user - Add an
--all
flag toinfra keys list
for admins which can list all access keys in the org - Make
infra keys add
not require a user name - Add a
--user=
argument toinfra keys add
to be consistent withinfra keys list
- Add a
--connector
flag toinfra keys add
to create the key for a connector - Make
infra keys remove
to be specific to the current user - Add a
--user=
argument similar toinfra keys list
andinfra keys add
- Changed the API to call
DELETE /api/access-keys/:id
instead ofDELETE /api/access-keys
- Added
LastUsed
field to the API and updatedinfra keys list
to show the last time a specific key was used
Full Changelog
- bump helm chart version to 0.20.6 with app version 0.17.1 by @jmorganca in #3623
- maintain: update icon library by @hoyyeva in #3619
- maintain: fix the apimigrator for nested structs by @pdevine in #3616
- maintain(deps): bump github.com/getkin/kin-openapi from 0.107.0 to 0.108.0 by @dependabot in #3626
- maintain(deps): bump golang.org/x/crypto from 0.1.0 to 0.2.0 by @dependabot in #3627
- maintain(deps): bump copy-to-clipboard from 3.3.2 to 3.3.3 in /website by @dependabot in #3640
- maintain(deps-dev): bump tailwindcss from 3.2.2 to 3.2.4 in /ui by @dependabot in #3636
- maintain(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.23.1 by @dependabot in #3628
- maintain(deps): bump @segment/analytics-next from 1.45.0 to 1.46.0 in /website by @dependabot in #3638
- maintain(deps): bump k8s.io/apimachinery from 0.25.3 to 0.25.4 by @dependabot in #3629
- maintain(deps-dev): bump eslint-config-next from 13.0.0 to 13.0.3 in /ui by @dependabot in #3631
- maintain(deps): bump @tanstack/react-table from 8.5.22 to 8.5.27 in /ui by @dependabot in #3632
- maintain(deps): bump @heroicons/react from 2.0.12 to 2.0.13 in /website by @dependabot in #3637
- maintain(deps): bump k8s.io/api from 0.25.3 to 0.25.4 by @dependabot in #3630
- maintain(deps-dev): bump concurrently from 7.4.0 to 7.5.0 in /ui by @dependabot in #3634
- maintain(deps): bump @markdoc/markdoc from 0.1.13 to 0.2.1 in /website by @dependabot in #3635
- maintain(deps): bump next from 12.3.1 to 13.0.3 in /ui by @dependabot in #3633
- fix: checkbox check does not show when it is checked by @hoyyeva in #3624
- maintain: move providers to settings page by @hoyyeva in #3609
- fix: setting page ui bug on prod by @hoyyeva in #3641
- improve: destination namespace bulk remove by @hoyyeva in #3642
- fix: nextjs 13 link errors by @jmorganca in #3644
- fix: csp issue that lead to checkbox check image cannot load by @hoyyeva in #3646
- fix(ui): trim leading and trailing whitespace in group names by @mxyng in #3617
- Update cobra to official version by @dnephin in #3648
- Populate names in device flow status API response by @dnephin in #3533
- Fix login with a temporary password by @dnephin in #3653
- maintain: remove unused get grant endpoint by @BruceMacD in #3650
- maintain: api doc categories by @BruceMacD in #3651
- maintain: add instructions for scim on Okta by @technovangelist in #3568
- feat: access keys ui by @pdevine in #3547
- fix: generate cli docs with better heading levels by @jmorganca in #3652
- feat: access keys allow custom expiration date by @hoyyeva in #3649
- Move
connector
anduse
commands into their own files by @dnephin in #3658 - Do not require uniqueID for a destination by @dnephin in #3621
- fix: change the add path to be consistent by @hoyyeva in #3660
- fix: allow for local example to override global by @technovangelist in #3666
- improve: approx. leap year for connector access keys by @mxyng in #3669
- fix: the schema pattern for uid for api docs by @technovangelist in #3671
- Change Access Keys API + CLI by @pdevine in #3654
- maintain: update make docs to output correct version by @BruceMacD in #3677
- maintain: return idpauth as struct by @BruceMacD in #3667
- maintain: remove references to local redirect by @BruceMacD in #3678
- improve: generate and publish openapi spec in release by @mxyng in #3674
- feat: add last used column by @hoyyeva in #3676
- Revert "maintain: remove unused get grant endpoint (#3650)" by @mxyng in #3679
- maintain(deps): bump github.com/cenkalti/backoff/v4 from 4.1.3 to 4.2.0 by @dependabot in #3686
- maintain(deps): bump golang.org/x/crypto from 0.2.0 to 0.3.0 by @dependabot in #3687
- maintain(deps): bump google.golang.org/api from 0.102.0 to 0.103.0 by @dependabot in #3688
- maintain(deps-dev): bump jest from 29.2.2 to 29.3.1 in /ui by @dependabot in #3691
- maintain(deps-dev): bump tailwindcss from 3.2.2 to 3.2.4 in /website by @dependabot in #3700
- maintain(deps): bump sharp from 0.31.1 to 0.31.2 in /website by @dependabot in #3699
- maintain(deps): bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 by @dependabot in #3690
- maintain(deps-dev): bump postcss from 8.4.18 to 8.4.19 in /ui by @dependabot in #3692
- maintain(deps): bump golang.org/x/tools from 0.2.0 to 0.3.0 by @dependabot in #3689
- maintain(deps): bump @segment/analytics-next from 1.46.0 to 1.46.1 in /website by @dependabot in #3698
- maintain(deps-dev): bump eslint from 8.25.0 to 8.28.0 in /ui by @dependabot in #3693
- maintain(deps): bump @headlessui/react from 1.7.3 to 1.7.4 in /ui by @dependabot in #3694
- maintain(deps): bump copy-to-clipboard from 3.3.2 to 3.3.3 in /ui by @dependabot in #3695
- maintain(deps-dev): bump next-sitemap from 3.1.30 to 3.1.32 in /website by @dependabot in #3697
- fix: update ListDestinationsRequest struct descriptions for openapi generator by @technovangelist in #3683
- fix: Document the Destination struct by @technovangelist in #3668
- Fix zulu timezone in migrations tests by @jmorganca in #3684
- fix: document the Grants API so that it is right in the openapi.json doc by @technovangelist in #3685
- Refuse to delete the access key being used by the API request by @dnephin in #3681
- fix: create one kubeconfig context per destination by @mxyng in #3659