Releases: luisgf/infrabroker
Releases · luisgf/infrabroker
Release list
v1.38.0
What's Changed
- fix: audit pass — 5 verified low/medium findings (#96–#100) by @luisgf in #102
- feat: broker-ctl audit repair — explicit recovery for a torn final audit record (#101) by @luisgf in #103
- chore: v1.38.0 release (changelog + version bump) by @luisgf in #104
Full Changelog: v1.37.0...v1.38.0
v1.37.0
What's Changed
Full Changelog: v1.36.0...v1.37.0
v1.36.0
v1.35.0
What's Changed
- fix: k8s signer audit token forgery via unvalidated req.Command (#67) by @luisgf in #70
- fix: remove dead ResolveKind from internal/k8s (#68) by @luisgf in #71
- docs: document the Kubernetes API surface in API.md (#69) by @luisgf in #72
- docs(skill): add the Kubernetes target to the audit high-risk zones by @luisgf in #73
- docs: regenerate config reference — fix stale config.md / red Docs CI (#74) by @luisgf in #77
- fix: drop the dead force parameter from k8s Client.Apply (#75) by @luisgf in #78
- docs: k8s_apply approval gates the target, not the manifest payload (#76) by @luisgf in #79
- fix: close the untracked-file hole in the docs anti-drift gate, add make verify by @luisgf in #80
- feat: privilege separation in deploy — one system user per service by @luisgf in #81
- fix: k8s ActionPolicy deny rules were dead code (deny silently ignored) by @luisgf in #89
- fix: redact env-assignment no longer masks the bare shell PWD variable by @luisgf in #90
- fix: audit follow-ups — OPERATIONS drift, install.sh hardening, docgen prune, verify honesty by @luisgf in #91
- docs: finalize the v1.35.0 changelog for release by @luisgf in #92
Full Changelog: v1.34.0...v1.35.0
v1.34.0
What's Changed
- feat: Kubernetes target — credential-broker via bound ServiceAccount tokens (v1.34.0) by @luisgf in #66
Full Changelog: v1.33.0...v1.34.0
v1.33.0
What's Changed
Full Changelog: v1.32.0...v1.33.0
v1.32.0
v1.31.1
What's Changed
Full Changelog: v1.31.0...v1.31.1
v1.31.0
What's Changed
- chore(skill): deploy skill leans on the new broker-ctl remote read by @luisgf in #35
- ci(docs): serialize Pages deploys and cover broker-ctl example config by @luisgf in #36
- fix: reject empty one-shot command at the signer (force-command bypass) by @luisgf in #51
- fix: allow the signer unit to persist policy changes (ReadWritePaths) by @luisgf in #52
- fix: gate broker-supplied end_user in the approval flow on trusted_forwarders by @luisgf in #53
- fix: drop the CWD from broker-ctl's client-config search order by @luisgf in #54
- fix: build the release from make dist (ships control-plane + deploy/) by @luisgf in #55
- docs: audit low-severity documentation fixes (#47–#50) by @luisgf in #56
- fix: audit low-severity hardening (#43–#46) by @luisgf in #57
- fix: resolve broker-ctl default cert/key/ca relative to the config file dir (#42) by @luisgf in #58
- release: v1.31.0 — security & correctness audit pass by @luisgf in #59
Full Changelog: v1.30.0...v1.31.0
v1.30.0 — broker-ctl remote read + client parameters file
broker-ctl can now read the live policy from a running signer, and its remote commands no longer need mTLS flags on every call (#33, #34).
Added
GET /v1/policy/hostson the signer: full host-policy read — the current in-memory table (reflects hot-reloads and runtime grants), exactsigner.jsonhostsschema including the fieldsGET /v1/hostswithholds from brokers. Auth:reload_callerstier, like the policy mutation APIs. Every read attempt is audited (policy-read/policy-read-denied).broker-ctl host list --remote: renders the live policy over mTLS with the same columns as the local view — the recommended post-deploy end-to-end check. Non-200 is a hard failure with areload_callershint (no silent fallback to the reduced view).- Client parameters file: all remote commands (
reload,policy add/remove/grant/grants/revoke,approval,host list --remote) resolve--url/--cert/--key/--cawith precedence flag > env > file > default. Search order:--client-config,$BROKER_CTL_CONFIG,./broker-ctl.json,~/.config/broker-ctl/config.json,/etc/ssh-broker/broker-ctl.json(seeded bydeploy/install.sh). Env vars:BROKER_CTL_SIGNER_{URL,CERT,KEY,CA}/BROKER_CTL_CP_{URL,CERT,KEY,CA}. Newbroker-ctl.example.json, CI-validated. Fully backward compatible. - Signer-facing commands accept
--url, so no localsigner.jsonis required anymore.
Install / upgrade
tar xzf ssh-broker-v1.30.0.tar.gz && cd ssh-broker-v1.30.0
sudo ./deploy/install.sh # upgrade-safe; then: broker-ctl host list --remoteWhat's Changed
- docs(deploy): fix end-to-end verification — broker-ctl host list is local by @luisgf in #32
- feat: broker-ctl host list --remote (GET /v1/policy/hosts) + client parameters file by @luisgf in #34
Full Changelog: v1.29.0...v1.30.0