v1.30.0 — broker-ctl remote read + client parameters file
broker-ctl can now read the live policy from a running signer, and its remote commands no longer need mTLS flags on every call (#33, #34).
Added
GET /v1/policy/hostson the signer: full host-policy read — the current in-memory table (reflects hot-reloads and runtime grants), exactsigner.jsonhostsschema including the fieldsGET /v1/hostswithholds from brokers. Auth:reload_callerstier, like the policy mutation APIs. Every read attempt is audited (policy-read/policy-read-denied).broker-ctl host list --remote: renders the live policy over mTLS with the same columns as the local view — the recommended post-deploy end-to-end check. Non-200 is a hard failure with areload_callershint (no silent fallback to the reduced view).- Client parameters file: all remote commands (
reload,policy add/remove/grant/grants/revoke,approval,host list --remote) resolve--url/--cert/--key/--cawith precedence flag > env > file > default. Search order:--client-config,$BROKER_CTL_CONFIG,./broker-ctl.json,~/.config/broker-ctl/config.json,/etc/ssh-broker/broker-ctl.json(seeded bydeploy/install.sh). Env vars:BROKER_CTL_SIGNER_{URL,CERT,KEY,CA}/BROKER_CTL_CP_{URL,CERT,KEY,CA}. Newbroker-ctl.example.json, CI-validated. Fully backward compatible. - Signer-facing commands accept
--url, so no localsigner.jsonis required anymore.
Install / upgrade
tar xzf ssh-broker-v1.30.0.tar.gz && cd ssh-broker-v1.30.0
sudo ./deploy/install.sh # upgrade-safe; then: broker-ctl host list --remoteWhat's Changed
- docs(deploy): fix end-to-end verification — broker-ctl host list is local by @luisgf in #32
- feat: broker-ctl host list --remote (GET /v1/policy/hosts) + client parameters file by @luisgf in #34
Full Changelog: v1.29.0...v1.30.0