Release Notes for CyberArk Conjur Service Broker for VMware Tanzu
These are release notes for CyberArk Conjur Service Broker for VMware Tanzu
v1.3.2
Release Date: June 22, 2022
Fixed issues in this release:
- Unpinned the Ruby Buildpack in the Conjur Service Broker’s manifest.yml and updated the pinned Ruby version in the service broker’s Gemfile to ~> 2.7, to capture the idea that the service broker works for all 2.x Ruby versions from 2.7 and up, since any lesser version has reached end of life. See CHANGELOG between v2.2.1 and v2.2.4
- Upgraded Golang dependencies in Conjur Buildpack to resolve security vulnerabilities. See CHANGELOG between v2.2.1 and v2.2.4
- Upgraded Ruby dependencies in Conjur Service Broker to resolve security vulnerabilities. See CHANGELOG between v1.2.1 and v1.2.5
v1.3.0
Release Date: August 10, 2021
Features in this release:
Removed support for Conjur Enterprise v4
- We recommend migrating to Conjur Enterprise v11+ or Conjur OSS v1+.
- cyberark/conjur-service-broker#203
Add organization_name and space_name annotations
- Service Broker API spec 2.15 and above provide
organization_name
andspace_name
. If these are available, they are added as annotations on the organization and space policies that are created in Conjur. cyberark/conjur-service-broker#238 - Requires Conjur Open Source v1.3.7+ or Conjur Enterprise (formerly Dynamic Access Provider) v11.3.0+
- Service Broker API spec 2.15 and above provide
Support for using Summon environments in secrets.yml file
- secrets.yml files can be split into sections by environment and secrets to load at runtime can be specified using new SECRETS_YAML_ENVIRONMENT variable. cyberark/cloudfoundry-conjur-buildpack#44
Fixed error messages with invalid line numbers
- Caused by Cloudfoundry Buildpack encountering errors while parsing environment variable settings after retrieving secrets from Conjur. cyberark/cloudfoundry-conjur-buildpack#120
Fixed issues in this release:
- Upgraded Ruby dependencies to resolve security vulnerabilities
Known issues in this release:
- Service broker fails if not installed with ruby buildpack v1.8.37
- The service broker currently requires Ruby 2.5.8, which was removed in ruby buildpack versions later than v1.8.37. As a result, we have pinned the service broker to use v1.8.37 cyberark/conjur-service-broker#253
v1.2.1
Release Date: January 15, 2021
Features in this release:
Buildpack archives releases in branch for more reliable online buildpack usage
- Previously, we recommended users refer to the project master branch in GitHub when using the online buildpack. With this change, we now archive releases in the “latest” branch, and recommend users either refer to the latest branch or a specific tag when using the online version of this buildpack. cyberark/cloudfoundry-conjur-buildpack#101
Service broker sets the default value of CONJUR_VERSION to 5
- When the value for CONJUR_VERSION is null or empty, we default to
5
. If an invalid value is given, we raise an error immediately. cyberark/conjur-service-broker#47
- When the value for CONJUR_VERSION is null or empty, we default to
Support for using the Conjur Tile with Conjur Enterprise v4 is now deprecated.
- Support will be removed in the next release. cyberark/cloudfoundry-conjur-buildpack#73, cyberark/conjur-service-broker#191
Fixed issues in this release:
- (Security) Buildpack can no longer log secret values given invalid secrets.yml keys
- See Security Advisory. We recommend all users update their buildpack version to at least v2.1.5; v2.1.6 is included in this tile release.
Known issues in this release:
- Service Broker fails to install if using older versions of Ruby Buildpack
- When using Ruby Buildpack version 1.8.15 or older, the service broker will fail to install because the Ruby version will default to 2.4.x. cyberark/conjur-service-broker#229
v1.2.0
Release Date: August 7, 2020
Features in this release:
Improved service-broker validation and error handling
- Service broker returns 404 when the org or space policy branches do not exist as expected with a helpful error message, rather than returning 500.
- If a value is given to the
CONJUR_POLICY
environment variable, service-broker verifies that the given policy exists on the server, and provides a helpful error if it does not exist.
Expanded buildpack configuration capabilities
- The runtime location for
secrets.yml
can now be configured by setting theSECRETS_YAML_PATH
environment variable for the Cloud Foundry application. - Buildpack supply step now scans build directory for candidate
secrets.yml
files, and reports them to the buildpack deploy output during the supply phase. If unable to locate anysecrets.yml
files, it will exit.
- The runtime location for
The buildpack now properly reads only the Conjur credentials from VCAP_SERVICES. Previously, it
could consume credentials for other services, if their field names exactly matched those used by Conjur (e.g. version is a very common field).
Known issues in this release:
- Invalid variable name causes secret exposure in logs
- See Security Advisory. This is fixed in the buildpack v2.1.5.
v1.1.1
Release Date: June 21, 2019
Features in this release:
- Addresses a CVE in the version of the CF CLI that is included in the tile.
v1.1.0
Release Date: May 2, 2019
Features in this release:
- Added space-scoped host identities
VMware Tanzu operators now have the option to issue a shared Conjur identity for all applications in a space, or an identity for each application individually. Read more about this here.
v1.0.0
Release Date: March 7, 2019
Features in this release:
Simplified policy management and deployment:
- Conjur Service Broker automatically creates policy branches in Conjur to mirror org and space structure in VMware Tanzu during the service instance provisioning.
- Entitlements can be added to orgs and spaces.
- Applications are auto-enrolled into org and space layers on bind.
Applications use Conjur followers to retrieve secrets for a improved scalability
Conjur Buildpack is updated to a supply buildpack to enable use of multi-buildpack functionality
Known issues in this release:
- Conjur Buildpack does not currently support Java applications using Spring Boot 1.4+
v0.3.3
Release Date: June 26, 2018
Features included in this release:
- Conjur Service Broker is updated to include vendored gem dependencies
Known issues in this release: No known issues.
v0.3.2
Release Date: May 8, 2018
Features included in this release:
- Fixed issue with applying buildpack
Known issues in this release: No known issues.
v0.3.1
Release Date: May 1, 2018
Features included in this release:
- Fixed issue with applying buildpack
Known issues in this release: Health check not running as expected on tile install. Credentials entered in tile config should be validated manually before using the tile.
v0.3.0
Release Date: April 27, 2018
Features included in this release:
- Added support for host annotations in Conjur Service Broker
- Improved performance of Conjur Buildpack
Known issues in this release: Buildpack installation does not function as expected. If you have installed this release, please re-upload the CyberArk Conjur Buildpack manually by following the instructions in the buildpack documentation, or upgrade to v0.3.1.
v0.2.1
Release Date: February 14, 2018
Features included in this release:
- Added support for Conjur Enterprise (v4).
- Added support for a VMware Tanzu-specific namespace.
Known issues in this release: No known issues.
v0.1.0
Release Date: January 31, 2018
Features included in this release:
- Service Broker provides an interface between VMware Tanzu applications and an existing Conjur appliance.
- Buildpack installs Summon tool.
- Secrets defined to Summon in a secrets.yml file are obtained from Conjur and injected into the VMware Tanzu environment.
- Initial Private Beta Release.
Known issues in this release: No known issues.