Skip to content

2.2.0

Compare
Choose a tag to compare
@aricart aricart released this 18 Mar 14:36
42caf0d

NSC 2.2

WARNING: This release of NSC is only compatible with nats-server 2.2 or better. The dramatic version increase is to help map compatible versions of nats-server and nsc.

NGS Compatibility Notice: Please continue to use nsc 0.5.0 to manage your NGS service configurations. An NGS release compatible with nsc 2.2.0 will be available soon.

Upgrading and Downgrading NSC

You can easily move between releases by doing nsc update --version XXX, where XXX is the release version number. This will update or downgrade nsc to the specified version: nsc upgrade --version 2.2.0.

Upgrade Configuration Procedure

The upgrade procedure requires the following steps:

  • Upgrade your nats-server(s) to 2.2.0 or better. The nats-server will work correctly with your previous JWT configurations.

  • Verify all of your servers are on the same version, if using a nats-account-server make sure the version you upgrade to is JWT 2 compliant.

  • Upgrade your NSC configurations. Use the nsc upgrade-jwt command. You will need the Operator's main identity key to perform the upgrade.

  • Redistribute the updated Operator JWT to all of your servers. You can easily export the operator JWT by issuing the command: nsc describe operator --raw > /tmp/operator.jwt If your server is configured to a JWT operator file, make sure the name matches. If the JWT is embedded into the server configuration, make sure to copy the contents of the exported operator JWT.

  • Restart the nats-server(s). You may want to enable LDM on the server(s) to shut down the server(s) in an orderly manner.

Notable Changes

  • [feat] updated pull and push operations to work with nats-based resolvers
  • [feat] added generate --config --nats-resolver to generate nats resolver configurations
  • [feat] added env NATS_CA where a root certificate can be specified which then gets referenced by nsc's nats connections
  • [feat] changed ANSI tables to ASCII to match other tooling
  • [fix] made managed accounts self-save when failing to push to an account server
  • [feat] updated revocation commands to allow for "*" as an argument for an account or user key
  • [feat] added import account/user --file argument to import from a file
  • [feat] added add operator --force argument to overwrite an existing operator
  • [feat] added jwt describe --json to take an argument describing a JSON path in the JWT
  • [feat] added the ability to select a signing key when signing a user
  • [feat] added ability to sign accounts on managed stores for which the user has the operator key
  • [feat] updated to jwt v2
  • [feat] added warnings and upgrade procedure when accessing a store that is JWT v1
  • [feat] added ability to edit system account
  • [feat] added ability to edit JetStream settings
  • [feat] added ability to edit description and info url fields to exports
  • [feat] added ability to specify account default permissions
  • [feat] added support to limit user connections to specific services (connection types)
  • [feat] added generate diagram to generate a diagram describing the store components
  • [feat] added validate commands to validate specified objects, including files
  • [feat] added add export --sampling and add import --share to enable latency tracking
  • [feat] added add export --response-threshold to control the duration a service is allowed to respond
  • [feat] added support for wildcard service imports
  • [feat] deprecated to in favor of local subject
  • [feat] added ability to specify permissions with a queue (subject + ' ' + queue name) note there's a space separating the subject and the queue name
  • [feat] import account/operator --force allows importing accounts signed by a different operator
  • [feat] added reissue operator command which will re-issue the identity of the operator and resign all affected accounts
  • [feat] add operator --generate-signing-key --sys will generate a signing key with the operator and also generate a system account
  • [feat] edit operator --require-signing-keys requires accounts to be issued using a signing key

Changelog

42caf0d Merge pull request #373 from nats-io/bump-go
ee91712 bumped go build to be 1.16
e380607 Merge pull request #371 from nats-io/wording
d2f4126 Merge pull request #372 from nats-io/goreleaser-change
58ead2a Changed version numbers and descriptions for jwt update scenarios
b138b67 Merge pull request #370 from nats-io/fix-cli-output
3eb3e32 updated gorelease config - brew configuration has changed.
cd9baea added new lines to the template so the CLI correctly presents the output.
3349d2e Merge pull request #368 from nats-io/jwt-update
10a71cf Merge pull request #363 from nats-io/fix-362
af5e0b3 Updating jwt library to 2.0.1
99e560e Merge pull request #367 from nats-io/strict-usage
5e28fbb Fixed linter issue and account server url not always being set
65652fd Merge pull request #366 from nats-io/strict-usage
583b3cf Fixed issue where require strict usage was overwritten and push did fail
493bd33 Merge pull request #364 from nats-io/tmp-push-pull-user
204d596 [added] system account user generation when no user is specified
0cd1321 - [feat] added --data and --subs flags to set the data and sub limits on the user - [fix] fixed an issue where payload was not honoring entries like "5M" or "5K" - [chore] added test to the dataparams - [chore] fixed some linter warnings
8d40608 Merge pull request #361 from nats-io/no-local
ad3a9ef Allowing local subject to be empty
dc5b5e4 Merge pull request #360 from nats-io/invalid-ngs
dc45707 Avoid always setting local subject and adding a prefix in interactive
dd6f215 Temporarily changed operator url back to v2
ba04ca2 Merge pull request #359 from nats-io/minor-fixes
c2e5d02 [chore] remove mentioning of import prefix
6e518ab [Added] support for rfc3339 formatted time when revoking
ee34d3d Fix js error when modifying the system account
c1c8af6 Merge pull request #358 from nats-io/locale
1023846 [added] ability to set locale to use for times
eaedf23 Merge pull request #357 from nats-io/v2-known-operator
d9d1e83 [changed] well known synadia operator url to use v2
1db876e Merge pull request #356 from nats-io/chore
1f2f493 [chore] change help text and revisit diagrams
f4662e9 Merge pull request #352 from nats-io/require-sk
bcddc76 [added] operator option require-signing-keys and simplify signing keys
de04c1a [added] operator edit option to require signing keys in operator jwt
1fe1b68 Merge pull request #351 from nats-io/js-fix
b340ab2 Minor fixes to make js work when only js params are provided
15848a4 Merge pull request #350 from nats-io/force-import-opname
3ae3dff [added] force import of operator with different subject
c23ba20 Merge pull request #349 from nats-io/re-issue-operator
3a89bcf [added] command to re-issue operator identity key
5b76e1d Merge pull request #347 from nats-io/import-account
6133992 Merge pull request #348 from nats-io/diagrams
64b77a6 [added] option to import account signed by different operator
8d8b7a4 Improve component diagram: better display of imports without exports
974bdcf Merge pull request #345 from nats-io/queue
e91ce69 [added] ability to set queue subscribe permissions
1c11ca8 For imports with mapping use LocalSubject instead of To
40dcea8 [added] support for wildcard imports (#343)
b5998ae [Added] support for service export response threshold (#342)
4a80e87 Merge pull request #340 from nats-io/add_dependency_doc
1680b7d Merge pull request #341 from nats-io/jwt-update
a894065 Updating jwt library and nats-server (due to jwt lib)
cfe77ce Create dependencies.md [ci skip]
cb8f7b0 Merge pull request #338 from nats-io/fix-signingkey-iter
e8632a3 [chore] moved to new signing keys api
46ea249 Merge pull request #337 from nats-io/share-headers
002b261 [Added] options to enable haders for latency tracking and sharing
b045050 Merge pull request #336 from nats-io/fix-fmt
70d7127 fixed formatting that threw build while PR builds were not triggered by travis
d94c42a Merge pull request #335 from nats-io/jwt-bulk-validation
b40ecaf [Added] command to validate jwt in a file
e473fae Merge pull request #333 from nats-io/fix-update
152d9bc allow nsc update to work when encountering jwt v1 operator
b1c1dfe Merge pull request #314 from nats-io/enable-revocate-all
047b509 Merge branch 'master' into enable-revocate-all
0dbb7a6 review comment
cb3d676 Merge branch 'master' into enable-revocate-all
737800d review comments
db7a5fc Merge pull request #330 from nats-io/diagrams-v2
c74907d Merge pull request #332 from nats-io/upgradejwt-noscreaming
502b8f2 Change upgrade prompts to be lower case
313c2b3 [Added] ability to generate component or object diagrams of the store
1ffd5bf Merge pull request #331 from nats-io/staticcheck
9085f61 runinng staticcheck on test and fixing staticcheck issues
b4b0c65 Merge pull request #329 from nats-io/v2-fields-2
eb3d5a6 [Added] account and export description/link to export selection
6a90bb2 [Added] support for connection types in user jwt
d12f4b7 [Fixed] issue where account/user edit would nor prefer the orig issuer
a1d9c1a [Added] ability to edit account default permissions
5e55969 [Adding] description and info link to account and export
fbe49cf [Added] ability to edit/describe jetstream account settings
ead5075 [Added] Ability to edit system account
570a44e pick up most recent jwt V2 changes
6f6489b Migrate (#327)
01f0175 Merge pull request #326 from nats-io/updatejwt
09dfbd2 Updated jwt library
b0a5624 [added] check to protect against jwtv2 usage and provide instructions (#325)
3d23094 [Fixed] managed stores with op signing key create signed accounts (#318)
1478445 [feat] select from multiple keys when signing user (#322)
be3b530 [fix] added support for JSON/Path/Raw describe options (#320)
f45b527 Fixed issue where an error was raised when no key was present (#317)
2366ef9 staticcheck
3ff84c7 Allow to overwrite an operator by same name and subject using --force (#316)
f1e467e bumped jwt version
f08fb77 [feat] Adding command to import account (#313)
b9ff1c2 - updated revocation commands to allow for "*" as argument to account/user key - enhanced interactive experience where partial was provided - added many tests
e3da25b [changed] managed accounts to save self-signed accounts if failed to push (#312)
36a1f21 Return struct instead of interface to avoid comparing interface with nil (#311)
a642215 fixed status adding nil values that had interface. (#310)
6ff98b3 changed tables to ascii this allows for simpler and more consistent presentation, also matches output from jetstream tools. (#309)
6c5cc94 fixed bogus message (#308)
83b7633 Added env variable NATS_CA to provide root ca option to nats (#307)
55f56f5 [Added] cmds to push/pull/generate to/from/for nats based resolver (#306)