Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

Releases: Nike-Inc/cerberus

v4.4.0

03 Jun 23:54
ea6154c
Compare
Choose a tag to compare
  • Allow admin to update any SDB configuration
  • Upgrade dependencies

v4.3.3

28 Apr 19:15
e996915
Compare
Choose a tag to compare

Make x-amz-security-token header optional for IAM users

v4.3.2

08 Apr 00:47
65a313d
Compare
Choose a tag to compare

Increase c3p0 checkout timeout to 30 seconds

v4.3.1

17 Mar 01:36
4207d57
Compare
Choose a tag to compare

Redact sensitive header in error message

v4.3.0

13 Mar 01:03
16d766e
Compare
Choose a tag to compare

Provide metrics for data key rotation job

Missed 4.2.0:
Update dashboard dependencies

v4.1.1

02 Mar 17:49
e1eab5d
Compare
Choose a tag to compare

Fix audit log not uploaded to s3

v4.1.0

26 Feb 18:15
8b8ded3
Compare
Choose a tag to compare
  • Corrected file path for database migrations
  • Fixed metadata filtering by SDB name for admin endpoint
  • Upgraded gradlew to release version
  • Updated Travis credentials

v4.0.0

04 Feb 18:33
0b83583
Compare
Choose a tag to compare

TL;DR: We refactored Cerberus from a Guice/Riposte project to a composable multi-project Springboot application.

The major breaking changes are operational breaking changes

Cerberus 4.+ now requires Java 11.

You will also need to create a new config YAML rather than relying on the CLI to generate config and store it for you.

See: https://github.com/Nike-Inc/cerberus#configuration

When upgrading from < 4.x use the view-config command on the Lifecycle Management CLI (Requires Java 8) to get your current config and secrets.

You might need to use SDK Man on your local machine if you dev to switch between JRE's until all our projects use Java 11.

cerberus-lm-cli -e ${envName} view-config --config-path cms/environment.properties

The API changes should be mostly backward compatible

We did technically make a few "Breaking changes" that you shouldn't see on the normal happy path.

  1. When you list secrets on an empty SDB / Path an empty list is now returned instead of a 404.
    Most of our clients already catch the 404 and make it an empty list anyways.
    This was legacy behavior from when we still used Hashicorp Vault, which just confused people, so we fixed it.
  2. Some of the status codes changed from 200 to 201 or 204 and vice versa to be more standardized as Springboot enforces some of this behavior by default.
  3. Some of the status codes changed from 400 to 401 or 403 and vice versa to be more standardized as Springboot enforces some of this behavior by default.
  4. KMS authentication endpoints are deprecated and turned off by default. You can enable them in the config YAML.
  5. We now always return a Backstopper error object, previously on /v1/secret/*** we returned a legacy Vault error object.
    This might break the unhappy path on some of our clients and cause a deserialization issue to bubble up instead of the real underlying cause.
    We hypothesis that this will only affect new uses of Cerberus and should have no impact on projects already established with Cerberus.
    We are working on updating any clients that don't handle this change gracefully.

Additional Notes

This is going to put the create an environment docs and the life cycle management CLI in a bad state while we work on updating those.

v.3.35.0

08 Nov 00:13
1d5ee84
Compare
Choose a tag to compare
  • Add timeout for db connection pool waiting and retry with back off AWS STS Get Caller Identity requests
  • Hystrix tweaks

v3.34.0

07 Oct 21:12
318c1c4
Compare
Choose a tag to compare

Add metric collection for data key caching