- Added
--filter-by-tokentoaws loginto limit shown accounts and roles according to Vault token capabilities - Added
--filter-by-tokentokube configto limit shown service accounts according to Vault token capabilities
- Fixed setting of default values
- changed thottle to 5 times and 2/4/8/16/32 sec
- still fail if throttling happens more then 5 times
- Allow vault to retry getting AWS creditials on throttle message:
vault.retryOnThrottle:bool - Start work to commonize all configs to using more map style config based on stimpack name
stimpack.key, IEvault.addresskube.config.namespace
- Fixed defaulted value for prompt list.
- fixed build/publish for versions
- added filters for cluster and service account
- moved version to only output version nothing else. Removed unneeded else statement
- added semver requirement, and checking. Deploy added global.requiredVersion and global.minimumVersion to the stim.deploy.yaml, so you can enforce versions. Fixed minor issue with logging Fatal, showing as Info
- Adding validation to check for no arg for completion cmd
- hard set to alpine:3.11 since alpine:3.12 does not support py2 anymore
- tab completion functionality for bash and zsh
- Allow all config options to also be envVars using subpaths as _ which then get translated to - in viper config
- Upped version of
kube-vault-deployto fix checksum issue downloading kubectl >= 1.18
- For
stim deploy, theHELM_VERSIONenvironment variable for specifying Helm versions is now deprecated. Please use the.spec.tools.helmconfiguration for specifying the helm version to use. See deploy docs for more details. - For
stim deploy, auto-detection of Helm v2 versions is now deprecated. Please use the.spec.tools.helmconfiguration for specifying the helm version to use. See deploy docs for more details.
- Fixed a bug where running
stim deployvia the default Docker method would not respect thespec.tools.helmversion.
- Fixed bug in deploy config when setting variables in the global section did not propagate into subsections, like environments.
stim deploy- Fixed issue with cascading tool versions not working correctly. Certain instance tool versions would overwrite the tool version for other instances.- Changed displayed username in AWS web console for the STS federated login. The username was 'stim-user' and now matches the LDAP sAMAccountName short name.
- Added new Docker image with the format
premiereglobal/stim:v0.1.4-deploy. This container provides additional features for deployments with stim- Contains additional deploy utilities such as:
bash,curl,zip,jq,less,python,git,yq, andaws - Entrypoint is
bashto make it easier to run with custom commands
- Contains additional deploy utilities such as:
- Updated Docker tagging
- Master builds will now have the Docker tag
masterandmaster-deploy, with thestim versionofstim/master - Tagged releases will continue having the tag scheme
v0.1.4andv0.1.4-deploy, but will also update the latest tagslatestandlatest-deploy. Doingstim versionon anylatestimage will now reveal the actual versionstim/vX.X.X, instead ofstim/master.
- Master builds will now have the Docker tag
- Added
--methodtostim deployallowing optionalshelldeployment. Will auto-select the best options if left empty.shelldeploy will be auto-selected if it detects that it is running in a container
- Added configuration option for cache location. See docs/CONFIG.md
- Fixed Pagerduty request to include all CLI parameters (for example source, component, etc.) as those were not actually being sent to Pagerduty previously
- Added configuration option:
vault-username-skip-prompt. If set totruestim will skip prompting the user for their username if the config optionvault-usernameis set.- Note: As part of this change, stim will no longer default to the system username. First-time users will be required to enter their username.
- Changing the deployment binary cache directory to be within the
~/.stimdir
- Fixed bug where deployments would not utilize the VAULT_TOKEN env variable correctly
- Fixed bug where having an empty stim cache directory (
~/.kube-vault-deploy/cache) would cause a deployment failure
- Fixed and issue that was causing environment-level env vars not to override global env vars in
stim deploy
- Changing release versions to proper notation
- Fixed bug in
stim deploywhere it wasn't correctly resolving the full path for deployment volumes
- Added the
stim deploysubcommand. See docs/DEPLOY.md for details. - Enabled
infologging by default
- Added ttl support for AWS logins. There are two new parameters for the
stim aws logincommand:-t, --ttltells stim to set to AWS credentials ttl to the given value (defaults to8h)-b, --web-ttltells stim to set the AWS web console ttl to the given value (defaults to1h). This value must be between15mand36h
- Added profile support for AWS logins. There are two new parameters for the
stim aws logincommand:-p, --use-profilestells stim to use profiles which will save credentials as a new aws profile in~/.aws/credentials. The profile name will be in the format<account>/<role>to allow the profile to be reused in the future. This option can also be set in the config file withaws.use-profiles=true.-d, --default-profiletells stim to also set the aws default profile to the newly created creds. This option can also be set in the config file withaws.default-profile=true.
- Configurable auth methods. A config entry of
auth.methodor command line parameter--auth-methodcan be used to specify the authentication method (ex: ldap, github, etc.). - Prompt interface would trigger terminal bell when using arrow key to navigate the menu. This has been removed.
- Changed AWS login wait login to be linear vs exponential
- Vault token duration messages improved to show actual TTL vs requested when getting a new token
- Improved build fail detection
- Removed
bashinstaller for now until it can be fixed
- Changing parameter for
stim aws login. Changed -m to -a to be clear about account name.
- Added STS support. This allows
stim aws loginto provision STS credentials with the IAM credentials it received from Vault. This increases the utility as you can now provision web console access that is limited to the user's IAM credential role.
- Updated the logger for more robustness and readability
- AWS login now has -o option to print generated URL and not Launch
- Fixed issue with
kube configwherein the--namespaceargument was not being used correctly