Skip to content
This repository has been archived by the owner on Jan 12, 2024. It is now read-only.

v4.0.0
Compare
Choose a tag to compare
@fieldju fieldju released this 04 Feb 18:33
v4.0.0
0b83583
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

TL;DR: We refactored Cerberus from a Guice/Riposte project to a composable multi-project Springboot application.

The major breaking changes are operational breaking changes

Cerberus 4.+ now requires Java 11.

You will also need to create a new config YAML rather than relying on the CLI to generate config and store it for you.

See: https://github.com/Nike-Inc/cerberus#configuration

When upgrading from < 4.x use the view-config command on the Lifecycle Management CLI (Requires Java 8) to get your current config and secrets.

You might need to use SDK Man on your local machine if you dev to switch between JRE's until all our projects use Java 11.

cerberus-lm-cli -e ${envName} view-config --config-path cms/environment.properties

The API changes should be mostly backward compatible

We did technically make a few "Breaking changes" that you shouldn't see on the normal happy path.

  1. When you list secrets on an empty SDB / Path an empty list is now returned instead of a 404.
    Most of our clients already catch the 404 and make it an empty list anyways.
    This was legacy behavior from when we still used Hashicorp Vault, which just confused people, so we fixed it.
  2. Some of the status codes changed from 200 to 201 or 204 and vice versa to be more standardized as Springboot enforces some of this behavior by default.
  3. Some of the status codes changed from 400 to 401 or 403 and vice versa to be more standardized as Springboot enforces some of this behavior by default.
  4. KMS authentication endpoints are deprecated and turned off by default. You can enable them in the config YAML.
  5. We now always return a Backstopper error object, previously on /v1/secret/*** we returned a legacy Vault error object.
    This might break the unhappy path on some of our clients and cause a deserialization issue to bubble up instead of the real underlying cause.
    We hypothesis that this will only affect new uses of Cerberus and should have no impact on projects already established with Cerberus.
    We are working on updating any clients that don't handle this change gracefully.

Additional Notes

This is going to put the create an environment docs and the life cycle management CLI in a bad state while we work on updating those.

Assets 4
Loading