Docker images are now compiling via the go 1.13 toolchain.
Agent Registration can now occur through chained load balancers, with standards-compliant comma-separated X-Forwarded-For headers. Why you would want to do this is beyond me, but ¯_(ツ)_/¯
The metashield plugin now trusts system X.509 Root CAs if no
specific CA is supplied.
Bootstrap restoration is simpler now, and the UI for init / restore is more streamlined. See #680.
The shield status command is twice as pretty and three times
as useful.
Cloud Storage detail pages in the web interface now show a timeline similar to the one shown for Data Systems, so that SHIELD operators have an easier time of troubleshooting failing storage configurations.
The SHIELD CLI now displays task+log data for the last
test-store task of a given store (for shield store X and
shield global-store Y), to assist in troubleshooting failing
storage configurations.
Operators now have a web interface and some CLI commands for inspecting the state of SHIELD Data Fixups, and re-running them (if / when necessary).
The mongo target plugin can now have options applied
individually to just mongodump or mongorestore.
Passwords and RSA private keys are now properly obscured in the web interface detail pages for both systems and cloud storage. People without rights to see such credentials will still see the "REDACTED" string instead; but people with the required privilege will instead see the blurred-out obscured text that they can hover over to reveal.
The shield tasks command can now filter down to only tasks
that involve a particular tenant or global cloud storage system.
Data Fixups will now be properly skipped if they've already been applied. Additionally, names / dates / summaries will be updated every time the SHIELD Core boots up, to catch typos and mispellings there.
The Data System detail page in the web interface no longer has a
race condition between the start of an AJAX call for the plugin
configuration details and a shield:navigate away from the
page. Other such race conditions involving AJAX should now also
be fixed.
Switching between tenants (with differing levels of access) now properly re-renders the sidebar to show your new privileges.
The shield job X command now populates the "Status" and
"Agent" fields, using data in the API responses.
Submit buttons on forms now (a) disable themselves when clicked and (b) change their text to indicate an ongoing operation. This greatly increases the usability of the web UI. See #505
The web UI for rekeying SHIELD Core now correctly identifies when the operator would like to rotate the fixed key. Also, the error messaging for an incorrect current master password is better now, and by default, the "rotate fixed key" checkbox on the rekeying form is off. See #546
The default password for the failsafe account has been changed
from shield to password, for more continuity across various
packaging formats. See #531
The shield tasks command (and the backing API) can now filter
tasks based on their task type (i.e. "backup", or "restore")
See #523
The Encryption column of the system detail page's backup jobs
table now always shows something. For jobs that do not used
the fixed key, the new tag is randomized. See #536
SHIELD now tracks when it last checked each agent separately from when it last "saw" the agent. Last Seen now means the point in time when the agent last connected to the SHIELD core, and Last Checked is when the core last connected to the agent for metadata retrieval.
SHIELD now allows agents to change their IP address; only the agent name is unchangeable. Previously, attempts to change an agents registered IP address (without changing its name) would fail.
Both the SHIELD Agent and the SHIELD CLI now trust the system X.509 CA Certificate Stores. See #555 and #556
The MotD separator no longer displays if the MotD is empty or not specified. See #530
The Ad Hoc Backup and Restore wizards now handle the "empty" state more gracefully, and instead of showing an empty table when there are no data systems, they warn you that you have no systems to backup or restore. See #532 and #533
Stores (global and tenant-specific) can now be properly deleted via the web UI and CLI.
When editing targets and stores on the webui changes are now persisted when editing again without a refresh.
The "Agents of SHIELD" admin page no longer gets stuck in a loading loop whenever websocket events are seen.
Global Storage Configuration details are now properly loaded when accessing a global store detail page from the admin panel. Previously, the details would only load if you visited the global store from the "Storage Systems" (non-admin) top-level, which only works if you actually have a tenant. See #535
shield annotate-archive now works with short uuids
Orphaned archives from a target deletion no longer prevent users from loggin into SHIELD
The mongo plugin now handles hosts with embedded ports,
allowing operators to configure multi-node mongo across
different ports on the same node, without --port getting in
the way.
The mongo plugin now allows you to authenticate against a
database other than "admin" (which remains the default).
The swift plugin now supports the Openstack v3 Identity API
The vault plugin now supports k/v v2 endpoints, which are
now the default in contemporary versions of Vault.
The SHIELD Web UI now allows you to download the SHIELD CLI directly, for both MacOS (Darwin) and Linux. From now on, SHIELD releases will include the paired version of the CLI.
We now support minutely backups, but only from the CLI.
New shield op pry for decrypting and inspecting the contents
of a SHIELD Vault Crypt.
SHIELD now cleans up the Vault when archives are marked as expired (for purgation).
Scheduled jobs no longer "stack" in the queue. If SHIELD goes to schedule a backup and an existing task is in-flight for the same job, an already-cancelled task is stored in the database, as a placeholder to the task that should have run.
Storage Health Check Tasks no longer stack. SHIELD only allows one in-flight task for a given Cloud Storage System, at a time.
The shield CLI now handles API endpoints with any number of
trailing forward slash (/) characters.
Web UI page dispatch logic now properly cancels all outstanding AJAX requests, to avoid a rather annoying lag/delay UX issue where pages would flip "back" to a previous node in the history, because a delayed AJAX request was still working away in the background.
shield import now honors the paused setting on jobs that it
creates on your behalf.