Release 7.31.0

August 14, 2020

meshcloud

Release period: 2020-07-28 to 2020-08-14

This release includes the following issues:

  • Fixed potential memory leak in AWS replication
  • Progress indication when adding oneself to customer
  • Improved detection of missing metering information
  • AAD User lookup properties can now be configured
  • Partners can now see roles of customer users & groups
  • Allow multiple Azure Blueprint assignments per subscription
  • Fix for AWS token timeout during metering data collection
  • Improves errors for unsupported GCP project id
  • Azure metering data collection fixes
  • Fixes Azure replicator principal removal for Subscriptions
  • GCP Service Account Hardening
  • Reduced data collection for AWS metering
  • Customer User Groups can be assigned to meshProjects
  • Make regular user attribute sync more robust
  • Fix not applying naming constraints during import
  • Improves search for GCP users by names

Ticket Details

Fixed potential memory leak in AWS replication

Audience: Operator
Component: replicator

Description

In some cases when replication has a proxy for internet access configured, a memory leak was possible. This issue has been fixed now.

Progress indication when adding oneself to customer

Audience: Partner
Component: panel

Description

Added loading spinner on "Add Myself" button in Customer Users & Groups screen in Admin area to indicate progress when adding user to that customer.

Improved detection of missing metering information

Audience: Operator

Description

With this change, a new metric will be collected to support monitoring of the platform data collection which is used to create tenant usage reports and chargeback statements. The reported metric will contain the usage of a plaform for the current month so far, as a percentage of last month's usage. Based on this metric, an alert was set which will help to detect any metering related problems in a more reliable manner.

AAD User lookup properties can now be configured

Audience: Operator
Component: meshfed

Description

When quering the AAD for user lookup, during customer user search in the meshPanel, the property which should be matched against the EUID can now be configured to be either the email or the userPrincipalName. For more information please see the documentation.

Partners can now see roles of customer users & groups

Audience: Partner
Component: meshfed

Description

In the administration area roles of users and groups assigned to a customer are now shown in the Customer "Users/Groups" screen.

Allow multiple Azure Blueprint assignments per subscription

Audience: Partner
Component: azure

Description

Azure Blueprints that are assigned multiple times to a subscription are now supported. This can happen when e.g. the blueprint was assigned manually in Azure Portal or when the blueprint was already assigned when it was imported to meshStack. Previously the duplicate assignments led to an always pending or failed replication. With the change, the additional, manually created assignment will remain untouched.

Fix for AWS token timeout during metering data collection

Audience: Partner

Description

There were AWS metering data collections failing from time to time towards the end of the month when there is more usage data to be collected. This issue which was caused by AWS session token timeouts has now been fixed.

Improves errors for unsupported GCP project id

Audience: User, Operator, Partner
Component: gcp

Description

Unsupported GCP project ID formats now generate a improved error message.

Azure metering data collection fixes

Audience: Partner

Description

This fixes the Azure metering data collection running into timeouts when the Azure API is slow to respond. Also will now connect to a later version of the Azure Cost Management API which prevents an intermittent error which occurred for certain subscriptions.

Fixes Azure replicator principal removal for Subscriptions

Audience: Operator
Component: azure

Description

If the replicator was the only owner left on Subscriptions it failed to remove itself from it. Alternate owners are now added to Subscription before the replicator tries to remove itself. Also the resulting error message was improved to hint for this error.

GCP Service Account Hardening

Audience: Operator
Component: gcp

Description

This release introduces a change to the GCP Service Account configuration that enables improved security hardening. Please consult the details of this release note for upgrade instructions.

How to use

The meshStack replicator now uses the meshfed-service Service Account instead of the impersonated meshfed-service Google Cloud Identity Directory user for all GCP API operations. This requires that operators assign the meshfed-service GCP IAM role to the Service Account before upgrading to this meshStack version. After the upgrade is completed, operators should remove the GCP IAM role assignment from the previous user.

We also recommend that operators familiarize themselves with the updated GCP Integration section of the product documentation to take advantage of improved security hardening measures.

Reduced data collection for AWS metering

Audience: Partner

Description

With this change, we stop collecting AWS metering data for last month, after the reporting period has been finalized.

Customer User Groups can be assigned to meshProjects

Audience: Customer, Partner
Component: meshfed

Description

The assignment of user groups (meshCustomerUserGroup) to a meshProject is now supported. The meshCustomerUserGroups can be selected from the type-ahead dropdown just like users. This feature enables the assignment of predefined groups (e.g. coming from an AD) to a project. All users who are member of the group will be provided access to the meshProject and its meshTenants.

Make regular user attribute sync more robust

Audience: Operator
Component: meshfed

Description

User attributes like name and email address are regulary synced from meshIdB to meshStack. This synchronization is now more robust. In case of an error the synchronization skips the single user and resumes until completion. The failed user is not updated.

Fix not applying naming constraints during import

Audience: Operator
Component: meshfed

Description

Fixes a bug which had allowed constraint violating values during meshObject import. Following changes have been made to constraint violating data:

  • enforce lowercase identifier
  • replace '_' with '-' in identifiers
  • remove whitespaces in e-mails
  • remove whitespaces in username

Improves search for GCP users by names

Audience: User
Component: gcp

Description

Fixes improper handling by GCP Directory API when searching for users by multiple terms like name and family name.

Recent Posts