Skip to content

Releases: silinternational/idp-in-a-box

Add intermediate CNAMEs for id-sync, ssp, pw-api

07 Aug 19:30
@forevermatt forevermatt
11.0.0-alpha.2
b9cce72
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add intermediate CNAMEs for id-sync, ssp, pw-api

Added

  • Add intermediate CNAME for pw-api module
  • Add intermediate CNAME for simplesamlphp module
  • Add intermediate CNAME for id-sync module
Assets 2
Loading

Multi-region Capability

07 Aug 17:42
@briskt briskt
11.0.0-alpha
1be7af1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Multi-region Capability

Added

  • Added support for operation in more than one AWS region for failover during AWS outages.
  • Added GitHub Actions workflow for basic Terraform tests.
  • In 000-core module, added optional create_cd_user variable so a secondary region can share the same IAM resources.
  • In 010-cluster module, added optional create_nat_gateway variable so a secondary region can defer creation of the NAT Gateway to save money.
  • In 020-database module, added optional replicate_source_db to create a read replica in a secondary region.
  • In 020-database module, added optional create_passwords variable since a secondary region does not need new database passwords.
  • In 030-phymyadmin module, added optional upload_limit variable, with a higher default value ("20M") as compared to the underlying module's default value.
  • In 031-email-service module, added optional enable_cron variable to disable the cron service in a secondary region during normal operation.
  • In 031-email-service, 040-id-broker, 050-pw-manager, 060-simplesamlphp, and 070-id-sync modules, added optional create_dns_record variable
  • In 032-db-backup module, added optional backup_user_name variable to avoid a naming conflict when creating a user for a secondary region
  • In 060-simplesamlphp module, added optional secret_salt variable and corresponding output to avoid invalidating users when migrating configurations
  • In 070-id-sync module, added optional enable_sync variable to disable the sync service in a secondary region during normal operation.

Changed

  • In 000-core module, replaced app_name and app_env variables with cluster_name to provide greater flexibility in naming the ECS cluster.
  • In 020-database module, marked the mysql_pass output as sensitive
  • In 040-id-broker module, changed ECS event IAM role name, adding the region as a suffix, to avoid a naming conflict.
  • In 050-pw-manager module, changed IAM user policy name, adding the region as a suffix, to avoid a naming conflict.

Removed

  • In 000-core and 010-cluster modules, removed aws_region variable

Fixed

  • In 041-id-broker-search-lambda module, fixed a problem with the IAM role names being too long in an IdP with a long name.
Assets 2
Loading

Multiregion capability

09 Aug 19:18
@briskt briskt
11.0.0
b9cce72
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Multiregion capability

This release enables the module consumer to use multiple instances of applicable modules in order to run in two regions: one as primary, and one as a standby secondary.

Assets 2
Loading

Output configurable secret_salt

13 Jul 18:44
@Baggerone Baggerone
10.4.0
cd7c3bc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Output configurable secret_salt

Added

  • secret_salt optional variable that is also output as a sensitive value
Assets 2
Loading

Help S3 bucket policy creation succeed for pw-manager ui

12 Jul 13:43
@forevermatt forevermatt
10.3.2
f21901d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Help S3 bucket policy creation succeed for pw-manager ui

Fixed

  • Wait to add the pw-manager ui S3 bucket policy until public policies are allowed on the bucket
Assets 2
Loading

Use the new syntax for specifying permissions on a new S3 bucket

11 Jul 18:23
@Baggerone Baggerone
10.3.1
b265511
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Use the new syntax for specifying permissions on a new S3 bucket

Changed (non-breaking)

  • Used the new way of specifying private and public permissions for new S3 buckets in 032-db-backup and 050-pw-manager, respectively. (AWS stopped supporting the old syntax.)
Assets 2
Loading

SQL session storage

17 May 13:46
@briskt briskt
10.3.0
cc7850f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
SQL session storage 
Merge pull request #156 from silinternational/develop

Release 10.3.0 - SQL session storage
Assets 2
Loading

Add ECR lifecycle policies

04 May 12:46
@briskt briskt
10.2.0
1ca5649
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add ECR lifecycle policies

Added

  • Create ECR lifecycle policies to clear out all but the latest 10 images.
Assets 2
Loading

Add tags to autoscaling group

04 May 05:52
@briskt briskt
10.1.0
a8c592b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Add tags to autoscaling group

Added

  • Specify tags to be added to the autoscaling group and sub-resources

Changed (non-breaking)

  • Use simpler functions in place of regex replace
  • Use arn_without_revision in place of regex replace
  • Remove the asg launch configuration and replace it with a launch template
Assets 2
Loading

Switch to call Google Analytics 4

20 Mar 14:29
@Baggerone Baggerone
10.0.0
07f0f42
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Switch to call Google Analytics 4

Removed from 000-core main.tf

The AWS IAM user policy giving permissions to the CE serverless user, since the serverless mfa code
has moved to a different repo.
A separate user was added as Terraform configuration in silinternational/serverless-mfa-api as of version 2.3.

Removed from 040-id-broker/vars.tf

ga_tracking_id (not used by Google Analytics 4)

Added to 040-id-broker/vars.tf

ga_api_secret - The Google Analytics 4 API secret for the data stream (e.g. aB-abcdef7890123456789)
ga_measurement_id - The Google Analytics data stream id (e.g. G-ABCDE67890)

Assets 2
Loading