v2.8.0

What's Changed

2.8.0

Minor Changes

• ba8d362: Adds Jira integration for adding tickets to request reasons as context
• ba8d362: Added multistep approval conditions to access workflows. You can now optionally configure 1 or more conditions which must be met for a Grant to be approved. Each approval must be completed by a seperate reviewer, for example require approval from both the engineering and security teams. Where no approval steps are defined, the existing behaviour is preserved, a Grant will be marked as approved when any permitted principal approvs the request.
• ba8d362: Add ability in the request page to request a review from one of the available reviewers by sending them a slack notification
• fcceec3: For BYOC customers: adds a new 'iam_role_permission_boundary' which can be used to apply a permission boundary to all IAM roles provisioned by the Terraform module.
• ba8d362: Added the option to configure workflows with a Request -> Activate expiry and Request -> Approved expiry
• ba8d362: Allow JIRA tickets to be attached to Access Request reason.

Patch Changes

• ba8d362: Adds ListSyncsForIntegration action to the CF::Admin::Action::"Read" action group to fix the integration detail page not showing syncs.
• ba8d362: Simplify the search on the New Request page to use an exact match on id,type and name instead of a fuzzy search.
• ba8d362: Proxy session logs can now only be viewed when a user has a policy allowing Access::Action::"GetSessionLog" or the CF::Admin::Access::"Read" action group
• ba8d362: Fixes an issue which could cause terraform operations to hang when querying selectors.
• ba8d362: Fix close button not working in Slack for access requests.
• ba8d362: Fixes an issue which caused multiple authorization logs for some API actions, one of which may have been denied while the other was allowed.
• 8f955a8: Fixes permissions for creating integration secrets in the UI
• ba8d362: Fixes an issue where the session lost error page would not show the login button correctly.
• e692f4e: For BYOC customers: the unused 'general-purpose' roles submodule has been removed.
• ba8d362: Fix issue causing entra integration role to not be found when using connected identities.
• ba8d362: Fixes duplicate roles showing for a target in the debug entitlement access page.
• ba8d362: AWS Proxy integration now respects the SSO Start URL override if configured on the AWS IDC integration.
• ba8d362: Fixed an issue causing Entra and Okta resources to not show in the resource pages
• ba8d362: Fixes an issue where Entra Group selector and Okta Group selectors would not match any resources when connected identities feature was enabled.
• ba8d362: Performance improvements when matching user identities when syncing integration resources.

Full Changelog: v2.7.3...v2.8.0

v2.7.3

What's Changed

2.7.3

Patch Changes

• f1a0d6b: fix issue causing entra integration role to not be found
• 37e78ec: For BYOC customers: fix an issue with the 'cloudwatch_alarm_topics' output which caused the database alarms to not be correctly available.

Full Changelog: v2.7.2...v2.7.3

v2.7.2

What's Changed

2.7.2

Patch Changes

• 092c4ab: Adds ListSyncsForIntegration action to the CF::Admin::Action::"Read" action group to fix the integration detail page not showing syncs.
• 092c4ab: Fix close button not working in Slack for access requests.
• 2b3dbcb: For BYOC customers: fixes to monitoring variable references.
• 092c4ab: Fixes an issue where Entra Group selector and Okta Group selectors would not match any resources when connected identities feature was enabled.
• 092c4ab: Performance improvements when matching user identities when syncing integration resources.

Full Changelog: v2.7.1...v2.7.2

v2.6.4

What's Changed

2.6.4

Patch Changes

• 6cd2bcd: Adds ListSyncsForIntegration action to the CF::Admin::Action::"Read" action group to fix the integration detail page not showing syncs.
• 6cd2bcd: Fixes an issue where access requests with many entitlements attached would not deprovision.
• 6cd2bcd: Fix default Cedar Policy action for Control Plane for closing access requests.
• 6cd2bcd: Performance improvements when matching user identities when syncing integration resources.

Full Changelog: v2.6.3...v2.6.4

v2.7.1

What's Changed

2.7.1

Patch Changes

• 96a20ef: Fixes an issue which could cause terraform operations to hang when querying selectors.

Full Changelog: v2.7.0...v2.7.1

v2.6.3

What's Changed

2.6.3

Patch Changes

• 9a043ad: Fixes an issue which could cause terraform operations to hang when querying selectors.

Full Changelog: v2.6.2...v2.6.3

v2.5.5

What's Changed

2.5.5

Patch Changes

• 66f6516: Fixes an issue which could cause terraform operations to hang when querying selectors.

Full Changelog: v2.5.4...v2.5.5

v2.7.0

What's Changed

2.7.0

Minor Changes

• 9d76133: Add reason pattern matching to validation in access workflows.
• 9d76133: A reason is now attached to access request grants describing why they were closed

Patch Changes

• 9d76133: Added the ability to specify an override for the rds endpoint per rds user to allow read roles to use a read only replica endpoint.
• 9d76133: Adds additional filters to the requests and my requests page for grant count, manual or auto approvedm, and time range filters for requested at, approved at, closed at.
• 9d76133: Fixes an issue where access requests with many entitlements attached would not deprovision.
• 9d76133: Fix default Cedar Policy action for Control Plane for closing access requests.
• 9d76133: Fixes a performance issue which could cause the Availability Maker background job to fail.
• 381ce7b: remove assign public ip on control plane

Full Changelog: v2.6.2...v2.7.0

v2.5.4

What's Changed

2.5.4

Patch Changes

• 4b2fb27: Fixes the default value for the 'rds_instance_identifier_suffix' variable, to fix an error: 'The expression result is null' when applying the Terraform stack.

Full Changelog: v2.5.3...v2.5.4

v2.5.3

What's Changed

2.5.3

Patch Changes

• e012f6a: Fixes an issue where access requests with many entitlements attached would not deprovision.

Full Changelog: v2.5.2...v2.5.3