v0.8.54 Armory Agent Clouddriver Plugin (2022-03-28)

Changes

  • The clouddriver /credentials endpoint now reads agent accounts directly from the database. Previously, accounts were loaded in memory by a separate process running every 30 seconds, and then /credentials endpoint was reading from the in-memory cache. This change enables agent accounts to be available earlier, which fixes some AccessDenied errors happening when fiat is enabled and is out of sync with the latest list of accounts.

Known Issues

  • The plugin makes a request to fiat /sync/roles endpoint every time an agent connects or accounts are deleted. This can become an issue when having a large number of agents connected to a clouddriver pod that is restarted.
  • Clouddriver /credentials endpoint hits the database twice per account. When having a large number of accounts this can become an issue.
  • Agent accounts are not always visible in /credentials endpoint, preventing deployments to agent managed accounts.

Last modified March 3, 2023: (2d069084)