17.01 Release Notes

The 17.01 release concentrates on enterprise-grade features such as Role Based Access Control (RBAC) and Multi-Organization (aka Multi-Org), and includes a new Integrations component with turnkey access to Slack, Hipchat, and PagerDuty.

This release also expands BotFactory support and offers numerous UI improvements, improved performance, and bug fixes. Listed below are the release notes.

Important Upgrade Information

The introduction of RBAC and Multi-Org introduce several new concepts. It is strongly encouraged to review the documentation for these features prior to upgrading.

Note that this particular release reworks all permissions from the ground up; permissions for basic users must be recreated using the new RBAC system. Note that this step only pertains to basic user accounts. Domain and organization administrators keep their existing levels of access. To view current user permissions, run the MySQL query below before upgrading, interchanging Teams/Users as desired.

SELECT a.name as subject_name, b.name as resource_name, c.target_resource_id, c.permissions
  FROM Teams a, OrganizationServices b, SubjectPermissions c
    WHERE a.resource_id = c.subject_resource_id
    AND c.target_resource_id = b.resource_id;
SELECT a.name as subject_name, b.name as resource_name, c.target_resource_id, c.permissions
  FROM Users a, OrganizationServices b, SubjectPermissions c
    WHERE a.resource_id = c.subject_resource_id
    AND c.target_resource_id = b.resource_id;

Release Highlights

  • Role Based Access Control via Identity Management
  • Multi-Organization tenant isolation
  • Integrations user interface for quick configuration of extensible plugins
  • Organization-specific settings to better secure customer information such as SMTP and integration settings
  • Separate SMTP configuration sets per organization
  • BotFactory support for private and shared images
  • Provisiong template UI improvements
  • New domain admin user type which can create and manage organization admins and switch between organizations
  • Performance improvements in AWS instance provisioning

New Filters & Actions

  • Private Image: Filter by architecture
  • Private Image: Filter by product code type (e.g.: AWS Marketplace)
  • Private Image: Filter by shared vs. owned
  • Private Image: Filter by root device type
  • Instance: Filter by simple networking (e.g.: AWS EC2 Classic)
  • Instance Reservations: Support for database instance reservations (e.g.: AWS RDS)
  • All Resources: Action to send messages to a Slack channel
  • All Resources: Action to send alerts to PagerDuty
  • All Resources: Action to send messages to a Hipchat channel

General Improvements

  • Improved handling of cloud provider API outages
  • The users view shows the number of groups that a user account is associated with
  • The groups view shows the number of users and roles associated with each group
  • Improved client-side cache invalidation to avoid caching issues
  • Introduction of new API function decorators for easier validation of user access and permissions
  • Provisioning Templates interface now includes the owner of the template
  • Scrolling beneath the fold causes a “scroll to top” button to be displayed for navigating to the top of the view
  • Domain admins and users are created in separate sections. Organization admins can never access the domain admin view; their access is isolated to the organization to which they are assigned.
  • Improved permissions system results in speed improvements when browsing and managing resources
  • Cloud settings can only be viewed by organization admins and domain admins
  • Added support for AWS RDS database instance reservations
  • New user experience no longer locks users from navigating the tool prior to adding their first cloud
  • Product code and type are now stored for AWS Private/Shared Images

Bug Fixes

  • Bot creation wizard scrolling issues resolved
  • Application login infinite loop due to corrupt session data resolved
  • OpenStack “Add All Tenants” has been removed; to add multiple tenants, please leverage the programmatic API
  • VMware vCloud Director displays in the Add Cloud dropdown properly
  • Empty user listing now contains helper text for end-users
  • Security group rules, network interfaces, and other child resources are added to ResourceCommonData upon initial discovery during harvesting
  • Leading and trailing whitespace is trimmed on user login, reset password, and add cloud form submission

Developer/Administrator Notes

  • handle_api_error decorator has officially been removed. This decorator has been marked for deprecation since 16.05 and should no longer be used within plugins/integrations.