Skip to content

Releases: luisgf/infrabroker

v1.38.0

Choose a tag to compare

@github-actions github-actions released this 04 Jul 13:11
76d7bbb

What's Changed

  • fix: audit pass — 5 verified low/medium findings (#96#100) by @luisgf in #102
  • feat: broker-ctl audit repair — explicit recovery for a torn final audit record (#101) by @luisgf in #103
  • chore: v1.38.0 release (changelog + version bump) by @luisgf in #104

Full Changelog: v1.37.0...v1.38.0

v1.37.0

Choose a tag to compare

@github-actions github-actions released this 04 Jul 10:04
45a3ab3

What's Changed

  • Distribution: prebuilt binaries, OCI image and containerized demo by @luisgf in #95

Full Changelog: v1.36.0...v1.37.0

v1.36.0

Choose a tag to compare

@github-actions github-actions released this 04 Jul 08:45

Full Changelog: v1.35.0...v1.36.0

v1.35.0

Choose a tag to compare

@github-actions github-actions released this 03 Jul 22:09

What's Changed

  • fix: k8s signer audit token forgery via unvalidated req.Command (#67) by @luisgf in #70
  • fix: remove dead ResolveKind from internal/k8s (#68) by @luisgf in #71
  • docs: document the Kubernetes API surface in API.md (#69) by @luisgf in #72
  • docs(skill): add the Kubernetes target to the audit high-risk zones by @luisgf in #73
  • docs: regenerate config reference — fix stale config.md / red Docs CI (#74) by @luisgf in #77
  • fix: drop the dead force parameter from k8s Client.Apply (#75) by @luisgf in #78
  • docs: k8s_apply approval gates the target, not the manifest payload (#76) by @luisgf in #79
  • fix: close the untracked-file hole in the docs anti-drift gate, add make verify by @luisgf in #80
  • feat: privilege separation in deploy — one system user per service by @luisgf in #81
  • fix: k8s ActionPolicy deny rules were dead code (deny silently ignored) by @luisgf in #89
  • fix: redact env-assignment no longer masks the bare shell PWD variable by @luisgf in #90
  • fix: audit follow-ups — OPERATIONS drift, install.sh hardening, docgen prune, verify honesty by @luisgf in #91
  • docs: finalize the v1.35.0 changelog for release by @luisgf in #92

Full Changelog: v1.34.0...v1.35.0

v1.34.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 22:45

What's Changed

  • feat: Kubernetes target — credential-broker via bound ServiceAccount tokens (v1.34.0) by @luisgf in #66

Full Changelog: v1.33.0...v1.34.0

v1.33.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 21:46

What's Changed

  • feat: opt-in SQLite state_db — grants and approvals survive restarts (v1.33.0) by @luisgf in #65

Full Changelog: v1.32.0...v1.33.0

v1.32.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 21:41

What's Changed

  • feat: versioned /audit skill with a deterministic issue-formatting helper by @luisgf in #62
  • feat: opt-in secret redaction (threat-model gap #8) — v1.32.0 by @luisgf in #63

Full Changelog: v1.31.1...v1.32.0

v1.31.1

Choose a tag to compare

@github-actions github-actions released this 02 Jul 17:33

What's Changed

  • fix: move the signer config to the service-owned state directory (v1.31.1) by @luisgf in #60

Full Changelog: v1.31.0...v1.31.1

v1.31.0

Choose a tag to compare

@github-actions github-actions released this 02 Jul 17:19

What's Changed

  • chore(skill): deploy skill leans on the new broker-ctl remote read by @luisgf in #35
  • ci(docs): serialize Pages deploys and cover broker-ctl example config by @luisgf in #36
  • fix: reject empty one-shot command at the signer (force-command bypass) by @luisgf in #51
  • fix: allow the signer unit to persist policy changes (ReadWritePaths) by @luisgf in #52
  • fix: gate broker-supplied end_user in the approval flow on trusted_forwarders by @luisgf in #53
  • fix: drop the CWD from broker-ctl's client-config search order by @luisgf in #54
  • fix: build the release from make dist (ships control-plane + deploy/) by @luisgf in #55
  • docs: audit low-severity documentation fixes (#47#50) by @luisgf in #56
  • fix: audit low-severity hardening (#43#46) by @luisgf in #57
  • fix: resolve broker-ctl default cert/key/ca relative to the config file dir (#42) by @luisgf in #58
  • release: v1.31.0 — security & correctness audit pass by @luisgf in #59

Full Changelog: v1.30.0...v1.31.0

v1.30.0 — broker-ctl remote read + client parameters file

Choose a tag to compare

@luisgf luisgf released this 02 Jul 15:50

broker-ctl can now read the live policy from a running signer, and its remote commands no longer need mTLS flags on every call (#33, #34).

Added

  • GET /v1/policy/hosts on the signer: full host-policy read — the current in-memory table (reflects hot-reloads and runtime grants), exact signer.json hosts schema including the fields GET /v1/hosts withholds from brokers. Auth: reload_callers tier, like the policy mutation APIs. Every read attempt is audited (policy-read / policy-read-denied).
  • broker-ctl host list --remote: renders the live policy over mTLS with the same columns as the local view — the recommended post-deploy end-to-end check. Non-200 is a hard failure with a reload_callers hint (no silent fallback to the reduced view).
  • Client parameters file: all remote commands (reload, policy add/remove/grant/grants/revoke, approval, host list --remote) resolve --url/--cert/--key/--ca with precedence flag > env > file > default. Search order: --client-config, $BROKER_CTL_CONFIG, ./broker-ctl.json, ~/.config/broker-ctl/config.json, /etc/ssh-broker/broker-ctl.json (seeded by deploy/install.sh). Env vars: BROKER_CTL_SIGNER_{URL,CERT,KEY,CA} / BROKER_CTL_CP_{URL,CERT,KEY,CA}. New broker-ctl.example.json, CI-validated. Fully backward compatible.
  • Signer-facing commands accept --url, so no local signer.json is required anymore.

Install / upgrade

tar xzf ssh-broker-v1.30.0.tar.gz && cd ssh-broker-v1.30.0
sudo ./deploy/install.sh    # upgrade-safe; then: broker-ctl host list --remote

What's Changed

  • docs(deploy): fix end-to-end verification — broker-ctl host list is local by @luisgf in #32
  • feat: broker-ctl host list --remote (GET /v1/policy/hosts) + client parameters file by @luisgf in #34

Full Changelog: v1.29.0...v1.30.0