spirlctl Releases
Latest Assets
Asset | Latest Release Version | Location |
---|---|---|
Linux amd64 | v0.21.0 | https |
Linux arm64 | v0.21.0 | https |
macOS amd64 | v0.21.0 | https |
macOS arm64 | v0.21.0 | https |
Windows amd64 | v0.21.0 | https |
Windows arm64 | v0.21.0 | https |
Homebrew Tap | v0.21.0 | brew tap spirl/tap |
Release Notes
spirlctl v0.21.0
Breaking Changes
- spirlctl login with invitation code (spirlctl login --invitation) is no longer supported. Invited users now need to exclusively access the generated invitation URL for joining an organization (e.g. https://app.spirl.com/invitation/INVITATION_CODE)
- Developer Identity commands now take
--redirect-addr
instead of--redirect-listener-port
flag. It is also possible to store them alongside your developer identity config at $HOME/.spirl/dev-id/config.json at.dev_id.[].redirect_addr
. The default is a random port at http://127.0.0.1/auth/callback
Enhancements
- Support configuring provider attestation in cluster config and node-group config
- Support managing provider attestation configs
spirlctl v0.20.0
Breaking Changes
- Developer identity commands that were previously available at
spirlctl exp unified-access
orspirlctl exp trust-domain unified-access
are now available atspirlctl exp dev-id
andspirlctl exp trust-domain dev-id
respectively. - Changed the default path the developer identity serve command uses to create the unix domain socket to
/tmp/spirl/devid/workload.sock
.
Bug Fixes
- Allows you to ctrl+c when using experimental dev-id.
- Fix clearing of X.509 customization template for a cluster when running
spirlctl cluster config change-x509-template
command with empty string template. - Fixes an issue where some binaries were not getting the correct
version
string at build time.
Enhancements
- spirlctl login will now require the user to perform a code confirmation after authenticating with IDP. This extra step aims to improve the security posture by ensuring the login initiated in the CLI matches the flow completed in the browser.
spirlctl v0.19.0
Bug Fixes
- Disables local DNS name resolution when connecting through a proxy.
Documentation
- Fail with an explicit error if arguments are passed to "spirlctl trust-domain deployment list" by mistake, and suggest filtering using flags.
Enhancements
- Add support for X.509 customization templates for clusters.
- Adds
--agent-endpoint-proxy
flag to experimental unified access commands to route those through an HTTP CONNECT proxy. - Adds
--endpoint-proxy
to route requests to SPIRL through an HTTP CONNECT proxy. - You are now able to update unified access oidc configs via spirlctl.
- You are now able to update unified access policies via spirlctl.
spirlctl v0.18.0
- New command added for accessing audit logs.
- Federated bundles synced on unified access.
- Unified access serve command exists now once the SVID has expired.
- Unified access supports Envoy SDS API.
- Fixed some unified access management command examples.