We are delighted to announce the availability of version 20190116225739 of Chef Automate 2.
New Features
- IAM v2 Beta: Open beta for Chef Automate's new identity and access management system! We've improved policies, with policy statements that allow fine-grained control and basic policy management from Chef Automate's user interface. We've also introduced roles, so you now have role-based access control (RBAC). Check out the new IAM v2 beta guide to get started with our new features.
- Why not Both?: Download the Chef client nodes report in CSV and JSON formats from the Client Runs page. Try the search and filter tools to narrow down the list before downloading.
Improvements
- Change your View: Customize your view of Client Runs by selecting the gear icon at the top right corner of the table.
- Now Loading: Added a loading state indicator to the Client Runs page.
- New Design, Same Modal: Revised design displays for the error logs modal on the node detail page.
- Music to Your Ears: We've improved the screen reader friendliness of our Admin page forms to declare each field label.
- Scanner Nodes: Added bulk creation and bulk deletion docs for the scanner nodes.
- Gather Logs: Now there's a snapshot of service metrics in the bundle created with
chef-automate gather-logsto help the support team work even more effectively. - Improved Compliance: The STIG Windows Server 2016 preview compliance profile includes:
- SV-86487r3_rule (Standard Mandatory DoD Notice and Consent Banner)
- SV-88287r1_rule (The built-in administrator account must be renamed.)
- SV-88289r1_rule (The built-in guest account must be renamed.)
- Bam!: The compliance profile for CIS AWS Foundations v1.1.0 has control 2.4 'Ensure CloudTrail trails are integrated with CloudWatch Logs'.
Bug Fixes
- Deleted and Visible: Deleted scan job names and username appear on the Event Feed.
- Copy That: You may now copy a token from Automate UI on Firefox.
- Shhhhh: Use the new 'quiet' option on the resource
ignore_failurefield in Chef client runs. - Final Countdown: Set context timeout on compliance ingestion calls, which rejects reports that can't be ingested because of a heavy load.
- Oops: Fixed the
Chef Automate <build version>link to lead to the right release notes. - Red Alert Repair: Fixed the preview compliance profiles for Windows 2016 STIG so that it stops yammering warnings about "constant already initialized".
- The compliance profile for CIS AWS Foundations v1.1.0 has:
- a fix to control 1.24 - Now it only checks the 'AdministratorAccess' AWS-managed policy.
- a fix to control 2.1 - Removed "name" for AWS Config config and delivery channel.
- Aristotle This!: Corrected the test logic on a number of Windows 2016 and RHEL 7 STIGs preview compliance profiles.
- Can I Quote That?: Added quote marks around supported RHEL releases in CIS RHEL compliance profiles, so the release value won't be interpreted as a number. This fixes profiles not running on, for example, RHEL 7.10.
Backward Incompatibilities
- Can I See Your ID, InSpec?: Report ingestion enforces InSpec 2.0.0 as the minimum supported version and rejects reports from anything underage. This circumvents a bug that could crash the service when processing reports with required, but missing, fields.
How to Upgrade
By default Chef Automate 2 will automatically upgrade to this new version. If you have disabled automatic upgrades you can manually initiate an upgrade by running:
chef-automate upgrade run
As always, we welcome your feedback and invite you to contact us directly or share your feedback online. Thanks for using Chef Automate 2!