Red Hat SummitChapter 2. New features and enhancements
A list of all major enhancements, and new features introduced in this release of Red Hat Trusted Artifact Signer (RHTAS).
The features and enhancements added by this release are:
- Ability to add OIDC providers for Ansible deployments of RHTAS
-
With this release, you can configure OpenID Connect (OIDC) providers under the
tas_single_node_fulcio.fulcio_configsection of the RHTAS Ansible Playbook. Update the playbook by adding your OIDC provider URL to theoidc_issuersvariable, save your changes, and then re-run the playbook. You can have many OIDC providers defined in theoidc_issuersvariable.
- Monitoring for RHTAS containers
- With this release, you can monitor and manage the RHTAS containers with the Cockpit web interface. This gives users a web-based user interface to simplify container management, and improves maintainability.
- Expose passphrase variables for RHTAS components
When the Ansible collection creates a passphrase, they are easily guessable, and therefore a security risk. With this release, we expose the passphrase variables for each RHTAS component. This allows users to configure the passphrase as they see fit in the RHTAS Ansible Playbook.
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Replace each TODO with your passphrase, and run the playbook.
- Producing a warning or violation dynamically for policy checks
- With this release of Enterprise Contract (EC), a single policy check can be either a warning or a violation based on logic defined in the policy check. You can select the warning or violation based on dynamic criteria, such as an effective date, or other runtime logic.
- Improvements to the validation output
-
With this release, we added more details to the output of the
ec validate imagecommand for better auditing. The output shows the Git SHA or image digest when resolving a non-permanent reference, such as a tag or Git branch, if defined in the policy source for Enterprise Contract (EC). With this additional information you can see exactly which policies and policy data used during the validation.
- Support for running Enterprise Contract commands without a timeout
-
With this release, you can specify the
--timeout 0on Enterprise Contract (EC) commands to override the default timeout of 5 minutes. This is helpful in Continuous Integration and Continuous Deployment (CI/CD) environments where they manage their own task timeouts.
- Support for policy exceptions for specific components
- In earlier versions of Enterprise Contract (EC), any policy exception was applied to all components being evaluated. With this release, you can specify which component a particular policy exception applies to. This gives you more fine-grained control when applying policy exceptions.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}