StackStorm latest version

« Changelog History

StackStorm v3.7.0 Release Notes

Release Date: 2022-05-05 // 15 days ago

➕ Added


* ➕ Added st2 API get action parameters by ref. #5509

  API endpoint ``/api/v1/actions/views/parameters/{action_id}`` accepts ``ref_or_id``.

  Contributed by @DavidMeu

* 🤡 Enable setting ttl for MockDatastoreService. #5468

  Contributed by @ytjohn

* ➕ Added st2 API and CLI command for actions clone operation.

  API endpoint ``/api/v1/actions/{ref_or_id}/clone`` takes ``ref_or_id`` of source action.
  Request method body takes destination pack and action name. Request method body also takes
  optional parameter ``overwrite``. ``overwrite = true`` in case of destination action already exists and to be
  overwritten.

  CLI command ``st2 action clone <ref_or_id> <dest_pack> <dest_action>`` takes source ``ref_or_id``, destination
  pack name and destination action name as mandatory arguments.
  In case destination already exists then command takes optional argument ``-f`` or ``--force`` to overwrite
  destination action. #5345

  Contributed by @mahesh-orch.

* Implemented RBAC functionality for existing ``KEY_VALUE_VIEW, KEY_VALUE_SET, KEY_VALUE_DELETE`` and new permission types ``KEY_VALUE_LIST, KEY_VALUE_ALL``.
  RBAC is enabled in the ``st2.conf`` file. Access to a key value pair is checked in the KeyValuePair API controller. #5354

  Contributed by @m4dcoder and @ashwini-orchestral

* ➕ Added service deregistration on shutdown of a service. #5396

  Contributed by @khushboobhatia01

* ➕ Added pysocks python package for SOCKS proxy support. #5460

  Contributed by @kingsleyadam

* ➕ Added support for multiple LDAP hosts to st2-auth-ldap. #5535, https://github.com/StackStorm/st2-auth-ldap/pull/100

  Contributed by @ktyogurt

* Implemented graceful shutdown for action runner. Enabled ``graceful_shutdown`` in ``st2.conf`` file. #5428

  Contributed by @khushboobhatia01

* ✨ Enhanced 'search' operator to allow complex criteria matching on payload items. #5482

  Contributed by @erceth

* ➕ Added cancel/pause/resume requester information to execution context. #5554

  Contributed by @khushboobhatia01

* ➕ Added `trigger.headers_lower` to webhook trigger payload. This allows rules to match webhook triggers
  without dealing with the case-sensitive nature of `trigger.headers`, as `triggers.headers_lower` providers
  the same headers, but with the header name lower cased. #5038

  Contributed by @Rand01ph

* ➕ Added support to override enabled parameter of resources. #5506

  Contributed by Amanda McGuinness (@amanda11 Intive)

* Add new ``api.auth_cookie_secure`` and ``api.auth_cookie_same_site`` config options which
  specify values which are set for ``secure`` and ``SameSite`` attribute for the auth cookie
  we set when authenticating via token / api key in query parameter value (e.g. via st2web).

  For security reasons, ``api.auth_cookie_secure`` defaults to ``True``. This should only be
  changed to ``False`` if you have a valid reason to not run StackStorm behind HTTPs proxy.

  Default value for ``api.auth_cookie_same_site`` is ``lax``. If you want to disable this
  functionality so it behaves the same as in the previous releases, you can set that option
  to ``None``.

  #5248

  Contributed by @Kami.

* ➕ Add new ``st2 action-alias test <message string>`` CLI command which allows users to easily
  test action alias matching and result formatting.

  This command will first try to find a matching alias (same as ``st2 action-alias match``
  command) and if a match is found, trigger an execution (same as ``st2 action-alias execute``
  command) and format the execution result.

  This means it uses exactly the same flow as commands on chat, but the interaction avoids
  chat and hubot which should make testing and developing aliases easier and faster. #5143

  #5143

  Contributed by @Kami.

* ➕ Add new ``credentials.basic_auth = username:password`` CLI configuration option.

  This argument allows client to use additional set of basic auth credentials when talking to the
  StackStorm API endpoints (api, auth, stream) - that is, in addition to the token / api key
  native StackStorm auth.

  This allows for simple basic auth based multi factor authentication implementation for
  installations which don't utilize SSO.

  #5152

  Contributed by @Kami.

* ➕ Add new audit message when a user has decrypted a key whether manually in the container (st2 key get [] --decrypt)
  or through a workflow with a defined config. #5594
  Contributed by @dmork123

* ➕ Added garbage collection for rule_enforcement and trace models #5596/5602
  Contributed by Amanda McGuinness (@amanda11 intive)

* ➕ Added garbage collection for workflow execution and task execution objects #4924
  Contributed by @srimandaleeka01 and @amanda11

🔄 Changed

⚡️ Minor updates for RockyLinux. #5552

Contributed by Amanda McGuinness (@amanda11 intive)

⬆️ Bump black to v22.3.0 - This is used internally to reformat our python code. #5606
⚡️ Updated paramiko version to 2.10.3 to add support for more key verification algorithms. #5600

🛠 Fixed


* 🛠 Fix deserialization bug in st2 API for url encoded payloads. #5536

  Contributed by @sravs-dev

* 🛠 Fix issue of WinRM parameter passing fails for larger scripts.#5538

  Contributed by @ashwini-orchestral

* 🛠 Fix Type error for ``time_diff`` critera comparison. convert the timediff value as float to match
  ``timedelta.total_seconds()`` return. #5462

  Contributed by @blackstrip

* 🛠 Fix issue with pack option not working when running policy list cli #5534

  Contributed by @momokuri-3

* 🛠 Fix exception thrown if action parameter contains {{ or {% and no closing jinja characters. #5556

  contributed by @guzzijones12

* 🔗 Link shutdown routine and sigterm handler to main thread #5555

  Contributed by @khushboobhatia01

* 🐎 Change compound index for ActionExecutionDB to improve query performance #5568

  Contributed by @khushboobhatia01

* 🛠 Fix build issue due to MarkUpSafe 2.1.0 removing soft_unicode

  Contributed by Amanda McGuinness (@amanda11 intive) #5581

* 🛠 Fixed regression caused by #5358. Use string lock name instead of object ID. #5484

  Contributed by @khushboobhatia01

* 🛠 Fix ``st2-self-check`` script reporting falsey success when the nested workflows runs failed. #5487

* 🛠 Fix actions from the contrib/linux pack that fail on CentOS-8 but work on other operating systems and distributions. (bug fix) #4999 #5004

  Reported by @blag and @dove-young contributed by @winem.

* 🔒 Use byte type lock name which is supported by all tooz drivers. #5529

  Contributed by @khushboobhatia01

* 🛠 Fixed issue where pack index searches are ignoring no_proxy #5497

  Contributed by @minsis

* 🛠 Fixed trigger references emitted by ``linux.file_watch.line``. #5467

  Prior to this patch multiple files could be watched but the rule reference of last registered file
  would be used for all trigger emissions causing rule enforcement to fail.  References are now tracked
  on a per file basis and used in trigger emissions.

  Contributed by @nzlosh

* ⬇️ Downgrade tenacity as tooz dependency on tenacity has always been < 7.0.0 #5607

  Contributed by @khushboobhatia01

* 📌 Pin ``typing-extensions<4.2`` (used indirectly by st2client) to maintain python 3.6 support. #5638

Previous changes from v3.6.0

➕ Added
```
* ➕ Added possibility to add new values to the KV store via CLI without leaking them to the shell history. #5164

* 🔧 ``st2.conf`` is now the only place to configure ports for ``st2api``, ``st2auth``, and ``st2stream``.

  We replaced the static ``.socket`` sytemd units in deb and rpm packages with a python-based generator for the
  ``st2api``, ``st2auth``, and ``st2stream`` services. The generators will get ``<ip>:<port>`` from ``st2.conf``
  to create the ``.socket`` files dynamically. #5286 and st2-packages#706

  Contributed by @nzlosh

🔄 Changed
```
- Modified action delete API to delete action files from disk along with backward compatibility.
From CLI st2 action delete <pack>.<action> will delete only action database entry. From CLI st2 action delete --remove-files <pack>.<action> or st2 action delete -r <pack>.<action> will delete action database entry along with files from disk.

API action DELETE method with {"remove_files": true} argument in json body will remove database entry of action along with files from disk. API action DELETE method with {"remove_files": false} or no additional argument in json body will remove only action database entry. #5304, #5351, #5360

Contributed by @mahesh-orch.
- ✂ Removed --python3 deprecated flag from st2client. #5305
Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)

Contributed by @blag.
- Fixed __init__.py files to use double quotes to better align with black linting #5299
Contributed by @blag.
- ⬇️ Reduced minimum TTL on garbage collection for action executions and trigger instances from 7 days to 1 day. #5287
Contributed by @ericreeves.
- ⚡️ update db connect mongo connection test - isMaster MongoDB command depreciated, switch to ping #5302, #5341
Contributed by @lukepatrick
- 👷 Actionrunner worker shutdown should stop Kombu consumer thread. #5338
Contributed by @khushboobhatia01
- 🚚 Move to using Jinja sandboxed environment #5359
Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)
- 📌 Pinned python module networkx to versions between 2.5.1(included) and 2.6(excluded) because Python v3.6 support was dropped in v2.6. Also pinned decorator==4.4.2 (dependency of networkx<2.6) to work around missing python 3.8 classifiers on decorator's wheel. #5376
Contributed by @nzlosh
- ➕ Add new --enable-profiler flag to all the servies. This flag enables cProfiler based profiler for the service in question and dumps the profiling data to a file on process exit.
This functionality should never be used in production, but only in development environments or similar when profiling code. #5199

Contributed by @Kami.
- ➕ Add new --enable-eventlet-blocking-detection flag to all the servies. This flag enables eventlet long operation / blocked main loop logic which throws an exception if a particular code blocks longer than a specific duration in seconds.
This functionality should never be used in production, but only in development environments or similar when debugging code. #5199
- Silence pylint about dev/debugging utility (tools/direct_queue_publisher.py) that uses pika because kombu doesn't support what it does. If anyone uses that utility, they have to install pika manually. #5380
- 🛠 Fixed version of cffi as changes in 1.15.0 meant that it attempted to load libffi.so.8. #5390
Contributed by @amanda11, Ammeon Solutions
- ⚡️ Updated Bash installer to install latest RabbitMQ version rather than out-dated version available in OS distributions.
Contributed by @amanda11, Ammeon Solutions

🛠 Fixed
```
* Correct error reported when encrypted key value is reported, and another key value parameter that requires conversion is present. #5328
  Contributed by @amanda11, Ammeon Solutions

* ⚡️ Make ``update_executions()`` atomic by protecting the update with a coordination lock. Actions, like workflows, may have multiple
  concurrent updates to their execution state. This makes those updates safer, which should make the execution status more reliable. #5358

  Contributed by @khushboobhatia01

* 🛠 Fix "not iterable" error for ``output_schema`` handling. If a schema is not well-formed, we ignore it.
  Also, if action output is anything other than a JSON object, we do not try to process it any more.
  ``output_schema`` will change in a future release to support non-object output. #5309

  Contributed by @guzzijones

* 🗄 ``core.inject_trigger``: resolve ``trigger`` payload shadowing by deprecating ``trigger`` param in favor of ``trigger_name``.
  ``trigger`` param is still available for backwards compatibility, but will be removed in a future release. #5335 and #5383

  Contributed by @mjtice
```