Release period: 2020-10-07 to 2020-10-14
This release includes the following issues:
- Improves logging on conflicting Azure Blueprint assignments
- meshUser creation for external meshCustomer registration
- Required tags are marked as required in the meshPanel
- Fixes GCP replication for certain empty groups
- OpenShift platforms with pre-provisioned users
- Removal of GCP service user impersonation
- New screen showing policies
- Fixes identityconnector not starting
- GCP project labels based on meshProject tags
Improves logging on conflicting Azure Blueprint assignments
Adds better error messages and log statements when Azure Blueprint role assignments fail.
meshUser creation for external meshCustomer registration
The external meshCustomer registration now works as well for new meshUsers, that have not logged in before. To utilize this feature, the userDetails field has to be set.
Required tags are marked as required in the meshPanel
Audience: User, Customer, Partner
Before it was not clearly visible when a required tag was not filled in and the user could not save his or her data because of validation errors in the tags. These tags are now marked as required so it is more clear. Additionally a multiselect widget is introduced for the tag-schema for a more visually appealing way of selecting multiple tag values.
Fixes GCP replication for certain empty groups
Fixes occasional replication errors on newly created projects with empty user groups.
OpenShift platforms with pre-provisioned users
OpenShift clusters using an Identity Provider for example an Active Directory for user authentication are now supported by meshStack. Users will be looked up via their external user id as it is done in public cloud platforms like Azure already. The support for using meshIdB as an IdP in OpenShift has been removed with this change.
Removal of GCP service user impersonation
Previous versions of meshStack GCP project replication required Google Admin SDK permissions which were only available by impersonating a dedicated service user. Google recently made these permissions available to GCP Service Accounts. meshStack now integrates with Admin SDK using this new facility and all configuration options for service user impersonation were removed.
How to use
You need to adapt the Service Account setup in order to not break GCP replication for existing meshStack installations. Please follow this procedure:
- Attach the "Group Admin" Role to the existing Service Account.
- Upgrade meshStack installation.
- Remove the the Service User in Google Cloud Identity Directory which was impersonated before.
- Remove the Automated OAuth consent in the G Admin Console for the meshstack Service Account.
- Disable the “G Suite Domain-wide Delegation” on the existing GCP Service Account in Google Cloud Console.
For more information please see: https://docs.meshcloud.io/docs/meshstack.gcp.index.html#authorizing-the-service-account
New screen showing policies
Audience: Customer, Partner
The new screen 'Policies' is available to visualize all meshPolicies in the application and you can find the information in the Administrator area with a new section called 'Compliance' and Account area with the existing section 'Customer'.
Fixes identityconnector not starting
Fixes a configuration error which prevented the identityconnector from starting.
GCP project labels based on meshProject tags
Audience: Partner, Operator
During meshProject replication, labels can be automatically added to a GCP project. The tag keys and values can be configured and are extracted from the meshProject tags.