Release Notes
For a step-by-step guide migrating from Grey Matter 1.2 to 1.3, follow the 1.3 Migration Guide.
Grey Matter 1.3 GA artifacts are now available. Artifacts can be found in the staging repositories:
gm-proxy:1.5.1gm-control:1.5.3gm-control-api:1.5.4gm-jwt-security:1.2.0gm-jwt-security-gov:1.2.0greymatter:2.0.1(CLI)
gm-catalog:1.2.2gm-dashboard:4.0.2gm-slo:1.2.0
gm-data:1.1.5gm-apier:2.0.4
​
vscode-greymatter:0.0.1​
CLI
greymatter generatecommand for generating template based configurationsCLI native GitOps workflow support via the
greymatter synccommandCLI supports tab completions​
CLI supports creation of default objects​
gm-control serves a REST interface for the xDS protocol via
GM_CONTROL_XDS_ENABLE_RESTand gm-proxyPROXY_REST_DYNAMICenvironment variablesgm-control-api Redis persister backend​
gm-control-api support for certificate revocation lists​
gm-control-api Experimental UI - control plane visualization and configuration tool
gm-control-api Route object now supports Envoy header manipulation fields​
gm-control-api Listener object supports configuring access loggers​
gm-dashboard pagination of service cards in Fabric view​
gm-dashboard inline documentation displays service API docs, enabled via the
ENABLE_INLINE_DOCSenvironment variablegm-dashboard now allows categorization of services by protocol type in Fabric view
gm-dashboard display new service fields provided by Catalog
gm-catalog service Redis persister backend​
gm-catalog Zone metadata update to expose
externalLinksfieldgm-catalog Cluster object new fields:
protocols (read only)
businessImpact
externalLinks
status (read only)
ownerURL
description
apiEndpoint
apiSpecEndpoint
gm-catalog can optionally connect to Control via TLS​
gm-data now allows for calculated yield statement, to simplify conversion for certain kinds of policies
gm-data feature flags to leave playground and HTML UI off by default
gm-data /playground endpoint in GM Data to figure out policies by allowing for hypothetical JWT, policy, and object values to calculate privileges
gm-data Open Policy Agent support
gm-apier new platform service for exposing spreadsheets as RESTful APIs
new VSCode plugin providing easy creation of mesh configs
gm-proxy now properly parses Base64 encoded certificates
gm-proxy does not segfault when using the oidc-validation filter and the
userInfoblock is not configuredgm-proxy can set more than one header via filters
gm-proxy memory leaks
gm-jwt-security creates path for users.json if it doesn't exist
gm-jwt-security-gov will not assert on blank attributes
gm-control AWS ECS plugin support for different network modes
gm-control continues polling failed namespaces
gm-control trims whitespace when specifying multiple namespaces for k8s service discovery
gm-control re-enables Prometheus stats backend via the
GM_CONTROL_STATS_BACKENDSenvironment variablegm-catalog sends
Allowheader with 405 response codesgm-catalog bug causing main thread to block when updating an existing xDS server configuration
gm-control-api now allows
PUTon the/zoneroutegm-control-api rejects duplicate Proxy objects with the same
namefieldsgm-control-api ensures a Proxy object
nameonly matches one sidecargm-control-api Domain redirects now allow users to perform port rewrites
gm-control-api Route level redirects work
gm-dashboard misc bug fixes and browser support
gm-dashboard moved selected listener to URL state and ensured consistent ordering of listeners in the control panel​
gm-data filehandle leaks
gm-data security hole where users with
updateprivileges but nodeleteorpurgeprivileges on a file could update the file to adddeleteandpurgeprivilegesgm-data bug when misspelling function names in object-policy, creating a nil pointer crash
gm-data bug in plaintext serialization of custom attributes
gm-data bug fix when using literal paths in parentoid. If you had multiple matching home directories, you might get the message 'the update requires jwt field Name to match object field' even though it is misspelled. Now there is the ability to set parentoids literally, e.g.
parentoid:"1/world/joe@gmail.com/documents"forname:"plans.doc". It should create all intermediate directories if they do not already exist.gm-data allows the kv pair to look in a JWT for blobkey permissions to be configurable, so it is possible for bots to read from AWS CLI
gm-proxy JWT Security filter sets better defaults for timeouts and caching
gm-proxy base build updated to Envoy v1.15
gm-control Consul plugin now supports an ACL token
gm-control and gm-control-api output structured error logs, configured via the
GM_CONTROL_CONSOLE_FORMAT(control) andGM_CONTROL_API_LOG_FORMAT(control api) env varsgm-dashboard performance improvements with large number of cards in Fabric view​
gm-dashboard displays filter configuration as JSON in the control panel​
gm-slo-service deprecation warning on /businessImpact endpoint, it is now a field on the Cluster object in gm-catalog​
gm-data returns cluster and zone in all responses
gm-data log format is altered to give timestamps of the event, not start of http call
gm-data
GET/stats now reports the size of Mongo database poolgm-data no longer allows the creation of world-writable files
All Fabric and Sense services now serve OpenAPI documentation in either JSON, YAML, or HTML format
All Go-based Fabric, Sense, and Platform services upgraded to Go v1.14.6
All NodeJS-based Sense services upgraded
gm-apier crashes with the error
[CRITICAL] WORKER TIMEOUTwhen fetching a file if more than one worker process is started. The severity of this issue has been reduced by changing the number of workers in the pool to 1. With this setting, the maximum file size limit during HTTP file fetching is around 20-25mb. gm-apier can still handle files loaded directly from the file system up to at least 500mb.
