Skip to content

v0.12.0
Compare
Choose a tag to compare
@ejholmes ejholmes released this 13 Mar 23:53
· 151 commits to master since this release
v0.12.0
797ff6a

This release of Empire brings more bug fixes, as well as some notable new features and changes:

Expose any process behind a load balancer

Historically, Empire would only expose a process in the Procfile if it was called web. Now (when using the extended Procfile format) you can expose any process, with complete control over what ports are used. For example, if we wanted to expose the api process as port 80 on the load balancer, and port 9000 in the container, we could add the following:

api:
  ports:
    - "80:9000"

In addition, Empire now creates <proc>.<app>.empire (e.g. api.acme-inc.empire) ALIAS records for each exposed process in the Procfile.

For details about web procs, see http://empire.readthedocs.io/en/latest/deploying_an_application/

SAML authentication backend

Many organizations have an idP (identity provider), which they use to provide a centralized place to control employees access to third party applications. Empire now supports a SAML authentication backend, so you can use Empire with your existing idP, like OneLogin.

Removal of the legacy ECS backend

In 0.12 and forward, the legacy ECS backend has been replaced by CloudFormation, which allows us to introduce new features and changes much more quickly.

If you're upgrading from 0.11.x to 0.12, you MUST migrate any applications running on the legacy ECS backend to CloudFormation first. See the Scheduler Migration Guide for details

Features

  • The extended Procfile format now allows you to attach a load balancer to any process in the Procfile. #800
  • An ALIAS record is now created for <process>.<app>.<zone> #1005
  • You can now provide a -p flag to the emp cert-attach command to attach a certificate to a specific process (instead of just web). #1014
  • Empire now supports a SAML authentication backend. #1017

Improvements

  • emp ps now displays the task's host. #983
  • The empire and emp binaries are now built with Go 1.7 #971
  • emp env-load now handles multi-line environment variables. #990
  • In preparation for the 0.12 release, the legacy ECS scheduler has been removed. #1001
  • All application labels are set on the CloudFormation stack, rather than just empire.app.id and empire.app.name. In addition, ALB's will get stack tags applied to them. #1004
  • The lock timeout for CloudFormation stack operations has been increased #1030

Bugs

  • emp deploy will now prompt for a commit message if one is required but not provided. #994
  • Fixed a bug where the GitHub authentication backend would sometimes return unauthenticated errors randomly. #1029

Security

  • It's now possible to set a maximum session duration, to ensure that users have to periodically re-authenticate with credentials and MFA #1024

As always, you can run this version of empire with:

$ docker run remind101/empire:0.12.0

And if you're upgrading from a previous version, please refer to the upgrade guide

Assets 6