Skip to content

v1.30.0 — broker-ctl remote read + client parameters file

Choose a tag to compare

@luisgf luisgf released this 02 Jul 15:50

broker-ctl can now read the live policy from a running signer, and its remote commands no longer need mTLS flags on every call (#33, #34).

Added

  • GET /v1/policy/hosts on the signer: full host-policy read — the current in-memory table (reflects hot-reloads and runtime grants), exact signer.json hosts schema including the fields GET /v1/hosts withholds from brokers. Auth: reload_callers tier, like the policy mutation APIs. Every read attempt is audited (policy-read / policy-read-denied).
  • broker-ctl host list --remote: renders the live policy over mTLS with the same columns as the local view — the recommended post-deploy end-to-end check. Non-200 is a hard failure with a reload_callers hint (no silent fallback to the reduced view).
  • Client parameters file: all remote commands (reload, policy add/remove/grant/grants/revoke, approval, host list --remote) resolve --url/--cert/--key/--ca with precedence flag > env > file > default. Search order: --client-config, $BROKER_CTL_CONFIG, ./broker-ctl.json, ~/.config/broker-ctl/config.json, /etc/ssh-broker/broker-ctl.json (seeded by deploy/install.sh). Env vars: BROKER_CTL_SIGNER_{URL,CERT,KEY,CA} / BROKER_CTL_CP_{URL,CERT,KEY,CA}. New broker-ctl.example.json, CI-validated. Fully backward compatible.
  • Signer-facing commands accept --url, so no local signer.json is required anymore.

Install / upgrade

tar xzf ssh-broker-v1.30.0.tar.gz && cd ssh-broker-v1.30.0
sudo ./deploy/install.sh    # upgrade-safe; then: broker-ctl host list --remote

What's Changed

  • docs(deploy): fix end-to-end verification — broker-ctl host list is local by @luisgf in #32
  • feat: broker-ctl host list --remote (GET /v1/policy/hosts) + client parameters file by @luisgf in #34

Full Changelog: v1.29.0...v1.30.0