SHIELD v8.0.14

New Features

• Compression of archives is now optional, on a per-target basis.
  If you have really big databases and don't want to bother compressing
  them, you can now turn that off and get done with your data protection
  tasks sooner!

• The Tasks API now has new time boundary range parameters, for retrieving
  tasks based on when they started and/or stopped.

Improvements

• The Systems and Storage views now have the ability to toggle between a
  card-based layout (the default), and a table layout.

• Tags in the Systems View Timeline are now only shown for non-backup tasks,
  and only for successfully completed tasks. In practice, this means that
  restore operations get tags and no one else does.

• The Retention Policy API / UI / CLI is better. Namely, the API matches
  the documation (it's a PATCH not a PUT), and we have proper bounds
  checking on expiry days and policy name lengths.

Bug Fixes

• When restoring archives with the CLI, and targeting a different data
  system than the archive originally came from, everything works as
  expected.

SHIELD v8.0.13

Improvements

• Move the vault.crypt file out from under the vault/ data
  directory sub-directory; that sub-directory is dedicated to the
  Vault instance, and we shouldn't be putting other things in there.

• Threshold for storage now indicates the use of units in the form field, to
  prevent the accidental specification of 50 bytes when you meant 50 gigabytes.

• Improved results of the /v2/info and /v2/heath API endpoints to match its
  documented behaviour.

Deprecations

• Removed FQDN from /v2/info as it was populated using DNS reverse lookups
  that were less than useful.

Bug Fixes

• Storage health correctly stated during creation of ad-hoc runs.

• Scheduled jobs in timeline are not longer incorrectly as "Ad-hoc"

• Admin/Sessions page no longer shows all IP Addresses as localhost and
  shows the session creation time in human-readable format.

• Notes for targets are now displayed on the page for a given system.

• Errors encountered when unlocking the vault now notify the user.

• Release version correctly displayed on header instead of (development)

SHIELD v8.0.12

Improvements

• New vault plugin for backing up Safe or Vault installations.
  You can optionally restrict the subtree that gets backed up and
  restored, in case you share the Vault with others.

SHIELD v8.0.11

Improvements

• Check for the existence of the required top-level import
  manifest keys in shield import.

• The s3 plugin can now be configured to use IAM instance
  metadata to assume roles inside of S3, instead of providing
  explicit access and secret key material. Yay security!

• The postgres plugin now allows split read replica / write
  master backup and restore, for highly-available solutions.

SHIELD v8.0.10

Bug Fixes

• Sometimes, code gets lost. This happened on 8.0.9, when we
  merged some PRs that blew away PR's #395, #393, #398, and #399.
  These changes dealt with initialization and SHIELD recovery.

SHIELD v8.0.9

Improvements

• Stop giving out bad advice in the help output of create-job
  and update-job, with respect to propery schedule syntax.

• Better error messaging in filepath walker when the fs plugin
  encounters an error or missing stat info.

• Credentials (as defined by plugins) are now redacted in task
  output, based on the rights of the viewer.

• The xtrabackup plugin now supports the mysql_socket option,
  for specifying the absolute path to the MySQL socket.

Bug Fixes

• Properly set the job name and notes (summary) from the web ui
  wizard, instead of ignoring what the user provided. Fixes #387.

• The webdav plugin no longer panics if you omit the https://
  or http:// URL scheme from your DAV server URL. Instead, it
  assumes HTTPS and keeps on truckin'. Other URL parse errors are
  properly handled now as well.

• Handle people who don't set up their Github profiles properly,
  and are missing display names. The Github API returns these as
  nil string pointers, instead of pointers to the empty string.

SHIELD v8.0.8

Improvements

• Global Storage Systems are available for selection during the
  backup configuration wizard in the web UI.

• Storage systems now properly report their health to all
  front-end views, fixing a few fixmes along the way.

• Agents can now be resynchronized, in an ad hoc fashion, via the
  admin backend on the web UI.

• Jobs will have their 'next run' time re-calculated when their
  schedule is changed. Previously, the existing schedule was in
  force until the first run after a schedule change, at which
  point the new schedule kicked in. This was weird, so we changed
  it.

• New Cloud Storage Solutions (global or tenant-based) are
  considered healthy until proven broken.

• shield-agent now has better logging to help troubleshoot
  registration problems.

Bug Fixes

• Fix an egregious bug in the scheduling logic that was only
  considering jobs scheduled in the future to be "overdue".
  Since all jobs start out with a next_run of 0, this caused NO
  JOBS to ever be scheduled. Thankfully, 8.x is still beta.

• Fix a segfault when dereferencing a nil Task during a broadcast.
  Now, we log that we got a nil task, to assist in tracking down
  why / where its occurring, rather than just crashing on panic.

• The shield restore-archive command now prints out the UUID of
  the task scheduled to run the restore, rather than the cryptic
  (and oh-so-unhelpful) string "%s!:bool=true"

• Neither shield create-job, nor shield update-job will allow
  you to create (or modify) jobs to have invalid, unparseable
  schedules. This will keep the CLI from accidentally creating
  schedules that the web UI can't process.

• When restoring through the new wizard, the web UI only shows
  archives for the selected target system, instead of all of the
  archives every made for the tenant. Turns out this was less
  than useful.

• Fix up some edge cases where we weren't checking for the
  existence of a tenant in tenant-scope API calls, just the rights
  to that tenant -- since system users can affect all tenants, we
  found that we could create child objects on non-existent
  tenants.

Developer Stuff

• bin/testdev now runs a WebDAV service on the nginx reverse
  proxy (on $PORT+1), since we can no longer use the fs plugin
  for storage operations.

  On MacOS, with homebrew, you'll want to reinstall nginx with
  WebDAV support: brew reinstall --with-webdav nginx

SHIELD v8.0.7

Bug Fixes

• shield-agent will now propagate HTTP proxy environment
  variables: http_proxy, https_proxy and no_proxy, which
  some plugins (i.e. s3) can make use of.

• The postgres plugin no longer requires a host address. If not
  specified, a local loopback (usually UNIX domain socket) will be
  attempted.

• The postgres plugin no longer requires a password. If not
  specified, no authentication credentials will be sent. This is
  usually paired with an empty (or missing) pg_host, to gain
  superuser access over loopback (given a 'trust' entry in HBA)

SHIELD v8.0.6

Bug Fixes

• Fix non-deterministic short-circuit bug in Github OAuth role
  assignment logic that lead to different behaviors depending on
  how Github returned org/team memberships.

SHIELD v8.0.5

Improvements

• The Github OAuth provider now properly handles Github Enterprise
  for API work (user lookups, org lookups, etc.)

• The Github OAuth provider can now handle assignment across
  multiple tenants (including SYSTEM) from a single Github Org.

• Shield CLI has been renamed from buckler back to shield similar
  to previous versions.

• Added Cassandra target plugin.

Bug Fixes

• Fix a missing slash in the Github Authentication Provider
  display, in the administrative backend.

• The Web UI now propagates the job name from the configuration
  wizard to the API, replacing 'a random name?' with something
  just a bit less ... random.