Skip to content

Releases: infrahq/infra

v0.21.0

25 Jan 19:30
6756be8
Compare
Choose a tag to compare

Upgrade Notes

cover

Important self-hosted Infra server changes

As of 0.21.0, Infra's server no longer accepts providers or grants as part of the configuration. Users, providers, and grants currently configured through the YAML will remain in the deployment but new users, providers, and grants will not be configurable. Instead, the Terraform provider should be used to configure Infra post-install. For more information on setting Infra with Terraform, see the provider documentation.

For a guide on how to see the self-hosted documentation.

Bug fixes and improvements

  • When removing a destination cluster, any access grants assigned to that cluster are now also removed
  • Fixed an issue where switching between clusters with infra use would not preserve the current namespace
  • Fixed issue where user would get logged out from their current account when failing to log into a separate account
  • Improved validation rules for user passwords
  • Improved error messages when changing a user’s password
  • Fixed broken navigation link in the settings page
  • Fixed issue where the dashboard wouldn’t display more than 100 role assignments
  • Fixed an issue where changing a user’s password would require refreshing the page before it could be changed again
  • Fixed issues with config loading for the Infra connector
  • Fixed an issue where syncing a user’s groups would fail if they were a member of two groups with the same name
  • Fixed an issue where signing up for an organization would result in redirecting to that organization when trying to log in to another one.
  • Fixed minor inconsistencies in Infra's Dashboard
  • Improved error messages when running infra keys remove
  • Multiple users can now be added and removed from a group at a time.
  • Invited users can now be removed
  • Fixed minor flashes of content when logging in with Google or an identity provider
  • Fixed missing newline in some CLI command output
  • Fixed issue where logging out wouldn’t redirect users to the login page

v0.20.0

14 Dec 21:51
6dfa030
Compare
Choose a tag to compare

access key management

Dashboard access keys

Infra now supports managing access keys in the dashboard. Access keys are the credential format used to authenticate with Infra while performing automated tasks such as:

This new update makes it easy to create, list and revoke access keys when they are no longer needed. To manage access keys via the dashboard, log in and click on Settings. When creating an access key, an expiration window must be selected. By default access keys expire in 30 days, and this expiration time can be customized.

Once created, access keys will be available to copy. Note: this access key will not be visible again, and must be stored securely using a secret or password manager.

Bug fixes and improvements

  • Infra CLI will now output more details when logging in
  • Improved the formatting of error messages when logging in
  • Access keys created by admins can now be used to create connector keys. This making it easier to automate connecting Kubernetes clusters to Infra.
  • Destinations can no longer be named infra
  • Fixed an issue where running infra grants list would show an "unknown user" error
  • Fixed an issue where a user being removed from an identity provider would revoke all access keys for that user, even personal access keys used in automation.
  • Fixed an issue where logging in with the browser would require creating an additional access key on behalf of the user
  • Fixed issue where rate limiting errors would show milliseconds when notifying the user how long to wait before retrying their request
  • Fixed an issue where CLI incompatibility errors would show the incorrect version
  • [API] Creating an access grant via POST /api/grants can now be done by providing a username instead of a user ID, making it easier to call this endpoint
  • [API] Updated the created_by field in various endpoints to be createdBy for consistency

Full Changelog: v0.19.0...v0.20.0

v0.19.0

30 Nov 20:19
56f41e8
Compare
Choose a tag to compare

3x

A better infra login

infra login now uses the web browser to authenticate by default. After logging in to the web dashboard, logging in via the CLI requires no new additional information. This also means infra login will work in all environments, including "headless" environments that cannot open a browser on your behalf.

To log in with the browser, simply run infra login as usual:

infra login example.infrahq.com

To log in without opening a browser, log in by specifying a user email and Infra will prompt for a password:

infra login example.infrahq.com --user example@acme.com

Logging in with access keys continues to work, allowing you to log in for automation:

INFRA_ACCESS_KEY=2vrEbqFEUr.jtTlxkgYdvghJNdEa8YoUxN0
infra login example.infrahq.com

CLI compatibility

The infra CLI now requires a server version that is equal or higher than the CLI's version. If using Infra's cloud-hosted service, no action is required. If self-hosting Infra, please upgrade the Infra server.

Important upgrade notes

A new Redirect URI must be added to your identity provider to enable Headless Login: https://<your org>.infrahq.com/login/callback. For more information see the docs

Bugs fixes & improvements

  • infra keys add has improved flag names:
    • The --ttl flag has now been replaced with --expires when running infra keys add
    • The --extension-deadline flag has now been renamed to --inactivity-timeout
  • The Dashboard will now show an error if logging in via OIDC does not work for any reason. Previously it would show a loading spinner
  • Fix connector endpoint query to always return the HTTPS port number which it was previously only returning when the service type was not NodePort.
  • Infra CLI will now provide better error messages for incompatible versions
  • Fixed an issue where the Infra Connector would not report a port number when using the NodePort service type

Full Changelog: v0.18.1...v0.19.0

v0.18.1

23 Nov 21:45
683edda
Compare
Choose a tag to compare

Bug fixes & improvements

  • Fixed bug where the login page would show organization names in the wrong format
  • Access keys created via infra keys add now default to a one year expiry and a 30 day inactivity timeout

v0.18.0

22 Nov 00:07
2b5814e
Compare
Choose a tag to compare

image of a golden key on a hand with crystallized silicon in the background to represent Infra version 0.18

Infra Access Keys

screenshot of infra dashboard
Infra's access keys can now be generated in the dashboard. This unlocks many use cases. Some examples include:

  • Dynamically changing/revoking permissions for users and groups
  • CI/CD infrastructure access (i.e. GitHub Actions)
  • Other actions that can be performed via Infra API

Caveats:

Currently, access keys share the same permissions as the user who created it. This is not very ideal for users who want to have scoped keys that have dedicated use cases. This problem will be addressed in the future.

For now, it is advisable to create another user, assign only limited permissions for that user, and login as that user to generate an access key for usage. Once this is created, the administrator account can be used to scope the permissions of that user (or multiple users).

Improved Kubeconfig support for multiple namespaces

For Kubernetes clusters where a user/group has access to multiple individual namespaces, only one kubeconfig context will be created for a single cluster. Previously, if a user had access to multiple namespaces within a cluster, the user will receive a context for each individual namespace.

CLI quality of life improvements

  • Change access keys to make their names unique to a specific user, instead of for an entire org
  • Make infra keys list default to the current user
  • Add an --all flag to infra keys list for admins which can list all access keys in the org
  • Make infra keys add not require a user name
  • Add a --user= argument to infra keys add to be consistent with infra keys list
  • Add a --connector flag to infra keys add to create the key for a connector
  • Make infra keys remove to be specific to the current user
  • Add a --user= argument similar to infra keys list and infra keys add
  • Changed the API to call DELETE /api/access-keys/:id instead of DELETE /api/access-keys
  • Added LastUsed field to the API and updated infra keys list to show the last time a specific key was used

Full Changelog

  • bump helm chart version to 0.20.6 with app version 0.17.1 by @jmorganca in #3623
  • maintain: update icon library by @hoyyeva in #3619
  • maintain: fix the apimigrator for nested structs by @pdevine in #3616
  • maintain(deps): bump github.com/getkin/kin-openapi from 0.107.0 to 0.108.0 by @dependabot in #3626
  • maintain(deps): bump golang.org/x/crypto from 0.1.0 to 0.2.0 by @dependabot in #3627
  • maintain(deps): bump copy-to-clipboard from 3.3.2 to 3.3.3 in /website by @dependabot in #3640
  • maintain(deps-dev): bump tailwindcss from 3.2.2 to 3.2.4 in /ui by @dependabot in #3636
  • maintain(deps): bump github.com/alicebob/miniredis/v2 from 2.23.0 to 2.23.1 by @dependabot in #3628
  • maintain(deps): bump @segment/analytics-next from 1.45.0 to 1.46.0 in /website by @dependabot in #3638
  • maintain(deps): bump k8s.io/apimachinery from 0.25.3 to 0.25.4 by @dependabot in #3629
  • maintain(deps-dev): bump eslint-config-next from 13.0.0 to 13.0.3 in /ui by @dependabot in #3631
  • maintain(deps): bump @tanstack/react-table from 8.5.22 to 8.5.27 in /ui by @dependabot in #3632
  • maintain(deps): bump @heroicons/react from 2.0.12 to 2.0.13 in /website by @dependabot in #3637
  • maintain(deps): bump k8s.io/api from 0.25.3 to 0.25.4 by @dependabot in #3630
  • maintain(deps-dev): bump concurrently from 7.4.0 to 7.5.0 in /ui by @dependabot in #3634
  • maintain(deps): bump @markdoc/markdoc from 0.1.13 to 0.2.1 in /website by @dependabot in #3635
  • maintain(deps): bump next from 12.3.1 to 13.0.3 in /ui by @dependabot in #3633
  • fix: checkbox check does not show when it is checked by @hoyyeva in #3624
  • maintain: move providers to settings page by @hoyyeva in #3609
  • fix: setting page ui bug on prod by @hoyyeva in #3641
  • improve: destination namespace bulk remove by @hoyyeva in #3642
  • fix: nextjs 13 link errors by @jmorganca in #3644
  • fix: csp issue that lead to checkbox check image cannot load by @hoyyeva in #3646
  • fix(ui): trim leading and trailing whitespace in group names by @mxyng in #3617
  • Update cobra to official version by @dnephin in #3648
  • Populate names in device flow status API response by @dnephin in #3533
  • Fix login with a temporary password by @dnephin in #3653
  • maintain: remove unused get grant endpoint by @BruceMacD in #3650
  • maintain: api doc categories by @BruceMacD in #3651
  • maintain: add instructions for scim on Okta by @technovangelist in #3568
  • feat: access keys ui by @pdevine in #3547
  • fix: generate cli docs with better heading levels by @jmorganca in #3652
  • feat: access keys allow custom expiration date by @hoyyeva in #3649
  • Move connector and use commands into their own files by @dnephin in #3658
  • Do not require uniqueID for a destination by @dnephin in #3621
  • fix: change the add path to be consistent by @hoyyeva in #3660
  • fix: allow for local example to override global by @technovangelist in #3666
  • improve: approx. leap year for connector access keys by @mxyng in #3669
  • fix: the schema pattern for uid for api docs by @technovangelist in #3671
  • Change Access Keys API + CLI by @pdevine in #3654
  • maintain: update make docs to output correct version by @BruceMacD in #3677
  • maintain: return idpauth as struct by @BruceMacD in #3667
  • maintain: remove references to local redirect by @BruceMacD in #3678
  • improve: generate and publish openapi spec in release by @mxyng in #3674
  • feat: add last used column by @hoyyeva in #3676
  • Revert "maintain: remove unused get grant endpoint (#3650)" by @mxyng in #3679
  • maintain(deps): bump github.com/cenkalti/backoff/v4 from 4.1.3 to 4.2.0 by @dependabot in #3686
  • maintain(deps): bump golang.org/x/crypto from 0.2.0 to 0.3.0 by @dependabot in #3687
  • maintain(deps): bump google.golang.org/api from 0.102.0 to 0.103.0 by @dependabot in #3688
  • maintain(deps-dev): bump jest from 29.2.2 to 29.3.1 in /ui by @dependabot in #3691
  • maintain(deps-dev): bump tailwindcss from 3.2.2 to 3.2.4 in /website by @dependabot in #3700
  • maintain(deps): bump sharp from 0.31.1 to 0.31.2 in /website by @dependabot in #3699
  • maintain(deps): bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 by @dependabot in #3690
  • maintain(deps-dev): bump postcss from 8.4.18 to 8.4.19 in /ui by @dependabot in #3692
  • maintain(deps): bump golang.org/x/tools from 0.2.0 to 0.3.0 by @dependabot in #3689
  • maintain(deps): bump @segment/analytics-next from 1.46.0 to 1.46.1 in /website by @dependabot in #3698
  • maintain(deps-dev): bump eslint from 8.25.0 to 8.28.0 in /ui by @dependabot in #3693
  • maintain(deps): bump @headlessui/react from 1.7.3 to 1.7.4 in /ui by @dependabot in #3694
  • maintain(deps): bump copy-to-clipboard from 3.3.2 to 3.3.3 in /ui by @dependabot in #3695
  • maintain(deps-dev): bump next-sitemap from 3.1.30 to 3.1.32 in /website by @dependabot in #3697
  • fix: update ListDestinationsRequest struct descriptions for openapi generator by @technovangelist in #3683
  • fix: Document the Destination struct by @technovangelist in #3668
  • Fix zulu timezone in migrations tests by @jmorganca in #3684
  • fix: document the Grants API so that it is right in the openapi.json doc by @technovangelist in #3685
  • Refuse to dele...
Read more

v0.17.1

11 Nov 16:31
0c6729f
Compare
Choose a tag to compare

Bug fixes

  • Fixed an issue where a loading spinner would continue to render even once loading was done in the Dashboard
  • Fixed a rare issue where the Infra server would fail to start

v0.17.0

10 Nov 20:56
19ada18
Compare
Choose a tag to compare

instant

Instant Sync

🏎️ ​​Syncing between Infra and its connectors now happen near ​instantly. This means as users/groups' roles or permissions change, Infra can update it in near real-time.

Bug fixes & Improvements

Dependency updates

  • maintain(deps-dev): bump tailwindcss from 3.2.1 to 3.2.2 in /website by @dependabot in #3582
  • maintain(deps-dev): bump @types/react from 18.0.24 to 18.0.25 in /ui by @dependabot in #3569
  • maintain(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.13.1 by @dependabot in #3572
  • maintain(deps-dev): bump tailwindcss from 3.2.1 to 3.2.2 in /ui by @dependabot in #3571
  • maintain(deps): bump github.com/shirou/gopsutil/v3 from 3.22.9 to 3.22.10 by @dependabot in #3574
  • maintain(deps): bump google.golang.org/api from 0.101.0 to 0.102.0 by @dependabot in #3576
  • maintain(deps-dev): bump eslint from 8.26.0 to 8.27.0 in /website by @dependabot in #3581
  • maintain(deps): bump react-router-dom from 6.4.2 to 6.4.3 in /ui by @dependabot in #3575
  • maintain(deps): bump @headlessui/react from 1.7.3 to 1.7.4 in /website by @dependabot in #3580
  • maintain(deps-dev): bump jest from 29.2.1 to 29.2.2 in /ui by @dependabot in #3573
  • maintain(deps): bump github.com/aws/aws-sdk-go from 1.44.126 to 1.44.131 by @dependabot in #3578
  • maintain(deps-dev): bump next-sitemap from 3.1.29 to 3.1.30 in /website by @dependabot in #3579
  • maintain: bump Azure/setup-helm to v3 by @mxyng in #3544

v0.16.1

03 Nov 00:55
30461d3
Compare
Choose a tag to compare

What's Changed

  • Infra's Kubernetes connector now updates access permissions immediately, instead of every 30 seconds
  • Fixed an issue where logging in via browser from the CLI would direct a user to an invalid page

v0.16.0

01 Nov 20:25
96fc679
Compare
Choose a tag to compare

🔥 What's new

Read more

v0.15.2

21 Sep 17:04
d7beca9
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.15.1...v0.15.2