StackStorm v2.3.0 Release Notes
Release Date: 2017-06-19 // almost 7 years ago-
➕ Added
* Introduce new ``CAPABILITIES`` constant on auth backend classes. With this constant, auth backends can advertise functionality they support (e.g. authenticate a user, retrieve information about a particular user, retrieve a list of groups a particular user is a member of). (new feature) * ➕ Add support for automatic RBAC role assignment based on the remote auth backend groups user is a member of (e.g. LDAP groups) and mappings defined in ``/opt/stackstorm/rbac/mappings`` directory. Note: This functionality is currently implemented for enterprise LDAP auth backend and only available in enterprise edition. (new feature) * 👍 Allow user to specify a custom list of attribute names which are masked in the log messages by setting ``log.mask_secrets_blacklist`` config option. (improvement) * ➕ Add webhook payload to the Jinja render context when rendering Jinja variable inside rule criteria section. * Implement RBAC for traces API endpoints. (improvement) * Implement RBAC for ``API_KEY_CREATE`` permission type. (improvement) * Implement RBAC for timers API endpoints. (improvement) * Implement RBAC for webhooks get all and get one API endpoint. (improvement) * Implement RBAC for policy types and policies get all and get one API endpoint. (improvement) * ➕ Add new ``/v1/rbac/role_assignments`` API endpoint for retrieving user role assignment information. (new feature) * ➕ Add CLI commands for listing RBAC roles: * ``st2 role list [--system]`` * ``st2 role get <role id or name>`` * ➕ Add CLI commands for listing RBAC user role assignments: * ``st2 role-assignment list [--role=<role name>] [--user=<username>]`` * ``st2 role-assignment get <role assignment id>`` * ➕ Add the following new actions to ``chatops`` pack: * ``chatops.match`` * ``chatops.match_and_execute`` * ``chatops.run`` #3425 [Anthony Shaw] * ➕ Add new ``examples.forloop_chain`` action-chain workflow to the examples pack which demonstrates how to iterate over multiple pages inside a workflow. #3328 [Carles Figuerola] * ➕ Add new ``core.uuid`` action for generating type 1 and type 4 UUIDs. [John Anderson] #3414 🔄 Changed
- 🔨 Refactor the action execution asynchronous callback functionality into the runner plugin architecture. (improvement)
- 🐧 Linux file watch sensor is now disabled by default. To enable it, set
enabled: true
in/opt/stackstorm/packs/linux/sensors/file_watch_sensor.yaml
- ⚡️ Update the code so user can specify arbitrary default TTL for access tokens in
st2.conf
and all the StackStorm services which rely on access tokens still work.
Previously, the lowest TTL user could specify for all the services to still work was 24 hours. This has been fixed and the default TTL specified in the config now only affects user access tokens and services use special service access tokens with no max TTL limit. (bug fix)
Reported by Jiang Wei. #3314 #3315
- ⚡️ Update
/executions/views/filters
API endpoint so it excludes null / None from filter values for fields wherenull
is not a valid field value. (improvement)
Contributed by Cody A. Ray. #3193
- Require
ACTION_VIEW
permission type to be able to access entry_point and parameters actions view controller. (improvement) - Update
/v1/rbac/permission_types
and/v1/rbac/permission_types/<resource type>
API endpoint to return a dictionary which also includes a description for each available permission type. (improvement) - Require
EXECUTION_VIEWS_FILTERS_LIST
RBAC permission type to be able to access/executions/views/filters
API endpoint. (improvement) - ➕ Add webhook payload to the Jinja render context when rendering Jinja variable inside rule criteria section
- Switch file_watch_sensor in Linux pack to use trigger type with parameters. Now you can add a
rule with
file_path
and sensor will pick up thefile_path
from the rule. A sample rule is provided incontrib/examples/rules/sample_rule_file_watch.yaml
. (improvement) - Cancel actions that are Mistral workflow when the parent workflow is cancelled. (improvement)
- ⬆️ Upgrade various internal Python library dependencies to the latest stable versions (pyyaml, requests, appscheduler, gitpython, paramiko, mongoengine, tooz).
- ⚡️ Update
/v1/rbac/roles
API endpoint so it includes corresponding permission grant objects. Previously it only included permission grant ids. (improvement) - ⏱ When RBAC is enabled and action is scheduled (ran) through the API, include
rbac
dictionary withuser
androles
action_context
attribute. (improvement) - 🔧 Make the query interval to third party workflow systems (including mistral) a configurable
value. You can now set
query_interval
in[results_tracker]
section in/etc/st2/st2.conf
. With this, the default query interval is set to 20s as opposed to 0.1s which was rather aggressive and could cause CPU churn when there is a large number of outstanding workflows. (improvement) - 0️⃣ Let
st2 pack install
register all available content in pack by default to be consistent withst2 pack register
. (improvement) #3452 - 🐧 The
dest_server
parameter has been removed from thelinux.scp
action. Going forward simply specify the server as part of thesource
and / ordestination
arguments. (improvement) #3335 #3463 [Nick Maludy] - ➕ Add missing database indexes which should speed up various queries on production deployments with large datasets. (improvement)
- 0️⃣ Use a default value for a config item from config schema even if that config item is not required
(
required: false
). (improvement)
Reported by nmlaudy. #3468 #3469
- 🗄 Removing empty
config.yaml
for packs pack so warning isn't thrown by default now that deprecation warning is in place. (improvement)
✂ Removed
* 📇 Drop support for invalid semver versions strings (e.g. ``2.0``) in pack.yaml pack metadata. Only full semver version strings are supported, e.g. ``2.1.1``. This was originally deprecated in v2.1.0. 🗄 Deprecated
- ⚠ Packs containing
config.yaml
will now generate a WARNING log on pack registration. Support forconfig.yaml
will be removed in StackStorm 2.4. Migrate your pack configurations now.
🛠 Fixed
* ⚡️ Update st2rulesengine to exit non-0 on failure (bug fix) #3394 [Andrew Regan] * 🛠 Fix a bug where trigger parameters and payloads were being validated regardless of the relevant settings in the configuration (``system.validate_trigger_payload``, ``system.validate_trigger_parameters``). (bug fix) * 🛠 Fix ``system=True`` filter in the ``/v1/rbac/roles`` API endpoint so it works correctly. (bug fix) * 🛠 Fix a bug where keyvalue objects weren't properly cast to numeric types. (bug fix) * 👷 When action worker is being shutdown and action executions are being abandoned, invoke post run on the action executions to ensure operations such as callback is performed. (bug fix) * 🛠 Fix action chain runner workflows so variables (vars) and parameter values support non-ascii (unicode) characters. (bug fix) * 🛠 Fix a bug in query base module when outstanding queries to mistral or other workflow engines could cause a tight loop without cooperative yield leading to 100% CPU usage by st2resultstracker process. (bug-fix) * Ignore unicode related encoding errors which could occur in some circumstances when ``packs.setup_virtualenv`` fails due to a missing dependency or similar. (improvement, bug fix) #3337 [Sean Reifschneider] * ⚡️ Update ``st2-apply-rbac-definitions`` so it also removes assignments for users which don't exist in the database. (improvement, bug fix) * 🛠 Fix a bug where action runner throws KeyError on abandoning action executions during process shutdown. (bug fix) * 🛠 Fix URL parsing bug where percent encoded URLs aren't decoded properly (bug fix) * ⚡️ The API endpoint for searching or showing packs has been updated to return an empty list instead of ``None`` when the pack was not found in the index. (bug fix) 🔒 Security
- 👉 Make sure all the role assignments for a particular user are correctly deleted from the database
after deleting an assignment file from
/opt/stackstorm/rbac/assignments
directory and runningst2-apply-rbac-definitions
tool. (bug fix)