Release Notes for CyberArk Conjur Service Broker for VMware Tanzu

These are release notes for CyberArk Conjur Service Broker for VMware Tanzu

v1.3.2

Release Date: June 22, 2022

  • CyberArk Conjur Service Broker - v1.2.5
  • CyberArk Conjur Buildpack - v2.2.4

Fixed issues in this release:

  • Unpinned the Ruby Buildpack in the Conjur Service Broker’s manifest.yml and updated the pinned Ruby version in the service broker’s Gemfile to ~> 2.7, to capture the idea that the service broker works for all 2.x Ruby versions from 2.7 and up, since any lesser version has reached end of life. See CHANGELOG between v2.2.1 and v2.2.4
  • Upgraded Golang dependencies in Conjur Buildpack to resolve security vulnerabilities. See CHANGELOG between v2.2.1 and v2.2.4
  • Upgraded Ruby dependencies in Conjur Service Broker to resolve security vulnerabilities. See CHANGELOG between v1.2.1 and v1.2.5

v1.3.0

Release Date: August 10, 2021

  • CyberArk Conjur Service Broker - v1.2.1
  • CyberArk Conjur Buildpack - v2.2.1

Features in this release:

  • Removed support for Conjur Enterprise v4

  • Add organization_name and space_name annotations

    • Service Broker API spec 2.15 and above provide organization_name and space_name. If these are available, they are added as annotations on the organization and space policies that are created in Conjur. cyberark/conjur-service-broker#238
    • Requires Conjur Open Source v1.3.7+ or Conjur Enterprise (formerly Dynamic Access Provider) v11.3.0+
  • Support for using Summon environments in secrets.yml file

  • Fixed error messages with invalid line numbers

Fixed issues in this release:

Known issues in this release:

  • Service broker fails if not installed with ruby buildpack v1.8.37
    • The service broker currently requires Ruby 2.5.8, which was removed in ruby buildpack versions later than v1.8.37. As a result, we have pinned the service broker to use v1.8.37 cyberark/conjur-service-broker#253

v1.2.1

Release Date: January 15, 2021

  • CyberArk Conjur Service Broker - v1.1.4
  • CyberArk Conjur Buildpack - v2.1.6

Features in this release:

  • Buildpack archives releases in branch for more reliable online buildpack usage

    • Previously, we recommended users refer to the project master branch in GitHub when using the online buildpack. With this change, we now archive releases in the “latest” branch, and recommend users either refer to the latest branch or a specific tag when using the online version of this buildpack. cyberark/cloudfoundry-conjur-buildpack#101
  • Service broker sets the default value of CONJUR_VERSION to 5

    • When the value for CONJUR_VERSION is null or empty, we default to 5. If an invalid value is given, we raise an error immediately. cyberark/conjur-service-broker#47
  • Support for using the Conjur Tile with Conjur Enterprise v4 is now deprecated.

Fixed issues in this release:

  • (Security) Buildpack can no longer log secret values given invalid secrets.yml keys
    • See Security Advisory. We recommend all users update their buildpack version to at least v2.1.5; v2.1.6 is included in this tile release.

Known issues in this release:

  • Service Broker fails to install if using older versions of Ruby Buildpack
    • When using Ruby Buildpack version 1.8.15 or older, the service broker will fail to install because the Ruby version will default to 2.4.x. cyberark/conjur-service-broker#229

v1.2.0

Release Date: August 7, 2020

  • CyberArk Conjur Service Broker - v1.1.3
  • CyberArk Conjur Buildpack - v2.1.4

Features in this release:

  • Improved service-broker validation and error handling

    • Service broker returns 404 when the org or space policy branches do not exist as expected with a helpful error message, rather than returning 500.
    • If a value is given to the CONJUR_POLICY environment variable, service-broker verifies that the given policy exists on the server, and provides a helpful error if it does not exist.
  • Expanded buildpack configuration capabilities

    • The runtime location for secrets.yml can now be configured by setting the SECRETS_YAML_PATH environment variable for the Cloud Foundry application.
    • Buildpack supply step now scans build directory for candidate secrets.yml files, and reports them to the buildpack deploy output during the supply phase. If unable to locate any secrets.yml files, it will exit.
  • The buildpack now properly reads only the Conjur credentials from VCAP_SERVICES. Previously, it
    could consume credentials for other services, if their field names exactly matched those used by Conjur (e.g. version is a very common field).

Known issues in this release:

  • Invalid variable name causes secret exposure in logs

v1.1.1

Release Date: June 21, 2019

Features in this release:

  • Addresses a CVE in the version of the CF CLI that is included in the tile.

v1.1.0

Release Date: May 2, 2019

Features in this release:

  • Added space-scoped host identities
    VMware Tanzu operators now have the option to issue a shared Conjur identity for all applications in a space, or an identity for each application individually. Read more about this here.

v1.0.0

Release Date: March 7, 2019

Features in this release:

  • Simplified policy management and deployment:

    • Conjur Service Broker automatically creates policy branches in Conjur to mirror org and space structure in VMware Tanzu during the service instance provisioning.
    • Entitlements can be added to orgs and spaces.
    • Applications are auto-enrolled into org and space layers on bind.
  • Applications use Conjur followers to retrieve secrets for a improved scalability

  • Conjur Buildpack is updated to a supply buildpack to enable use of multi-buildpack functionality

Known issues in this release:

  • Conjur Buildpack does not currently support Java applications using Spring Boot 1.4+

v0.3.3

Release Date: June 26, 2018

Features included in this release:

  • Conjur Service Broker is updated to include vendored gem dependencies

Known issues in this release: No known issues.

v0.3.2

Release Date: May 8, 2018

Features included in this release:

  • Fixed issue with applying buildpack

Known issues in this release: No known issues.

v0.3.1

Release Date: May 1, 2018

Features included in this release:

  • Fixed issue with applying buildpack

Known issues in this release: Health check not running as expected on tile install. Credentials entered in tile config should be validated manually before using the tile.

v0.3.0

Release Date: April 27, 2018

Features included in this release:

  • Added support for host annotations in Conjur Service Broker
  • Improved performance of Conjur Buildpack

Known issues in this release: Buildpack installation does not function as expected. If you have installed this release, please re-upload the CyberArk Conjur Buildpack manually by following the instructions in the buildpack documentation, or upgrade to v0.3.1.

v0.2.1

Release Date: February 14, 2018

Features included in this release:

  • Added support for Conjur Enterprise (v4).
  • Added support for a VMware Tanzu-specific namespace.

Known issues in this release: No known issues.

v0.1.0

Release Date: January 31, 2018

Features included in this release:

  • Service Broker provides an interface between VMware Tanzu applications and an existing Conjur appliance.
  • Buildpack installs Summon tool.
  • Secrets defined to Summon in a secrets.yml file are obtained from Conjur and injected into the VMware Tanzu environment.
  • Initial Private Beta Release.

Known issues in this release: No known issues.