[BETA] 2.5.0 beta release thread

Beta release announcements and discussion around them
Post Reply
User avatar
Tomas
Posts: 1231
Joined: Sat Jun 25, 2016 12:33 pm

Thu Apr 18, 2024 5:52 pm

Unimus 2.5.0-Beta2 is being released today! This is a release of the 2.5 code branch intended for testing purposes. More info on what's to come next on the Roadmap.

The major features of 2.5 are an extensive rework of the AAA (Authentication, Authorization, Account) system, already here in Beta1; and Custom Backup Flows, which are coming in Beta3.

First there is the introduction of Object Access Policies, which replace previous Device Access rules. Since Tags can be used on many objects now (not just Devices), Object Access Policies provide more fine-grained access controls to any / all objects in Unimus. You can create as many policies as you like, and you then assign a Policy to a User, specifying their access.

Next up is the possibility to create Unimus accounts automatically for new users authenticated by external AAA systems (Radius and/or LDAP). Up until now, before a user could log in using external AAA, an account in Unimus had to be created manually. This system allows for automatic provisioning of new user accounts when using external AAA. No more manual account creation!

Builds are available for download here:
https://unimus.net/download-dev

Full Changelog:
= Version 2.5.0 =
Features:
Device Tags have been renamed to just Tags, since they can be used on many more objects than just Devices now
Tags can now be edited, allowing for change of Name or Owner (more on Ownership later)
When deleting a Zone, you can now choose to move devices to any other Zone you have access to before deleting the Zone
Added an option to create a new Credential directly in the Credential Binding window
Added a Zone ID column to "Backups > Devices" table
Added a link to open the last failed job details to the "Device > Info" window
Added a notification banner to "Backup Filters" when user doesn't see all filters due to Access Policy restrictions
Added a notification banner when tyring to edit a Backup Filter when you don't have access to all devices covered by that filter
Added a better message when a user with the "None" role attempts to log in
Added additional "Used by..." columns to the Tags table showing usage of Tags across Unimus
Added an option to not show Unmanaged devices in results of Config Search
Added an icon for credentials in High Security Mode to all relevant tables
Added an option to specify your own Pushover API Key in Pushover settings
Added an option to select the color scheme of diffs sent by notifications
Added a help popup to "Notifications > Show FQDN"
Fixed various small UI / UX issues and UI element misalignment and sizing issues
Changed Cisco ASA multi-context driver to only attempt backing up contexts when switching to the "system" context is possible

Added support for NetBox in NMS Sync:
- you can now sync your NetBox inventory into Unimus
- import filtering based on "role", "tag", "location" and "field" (Custom Fields) is available
- the "status" field in NetBox is used to set the Managed flag in Unimus
- more info at: https://wiki.unimus.net/display/UNPUB/NetBox+importer

Prefixes for filters in NMS Sync were replaced by a key-value system
- until this release, entries in Sync Rules needed prefixes, with each prefix meaning something different
- this was inconsistent across different Sync Connectors, and also quite confusing (you had to read docs every time on what prefix does what)
- we replaced prefixes with a Key=Value system (for example "id=123", "group=routers", etc.)
- existing Sync Rule configuration will be automatically migrated to the new system

Device Access was reworked into Object Access Policies:
- you can now create complex Object Access policies which specify where a user should have access to
- Object Access Policies can then be assigned to users to limit object access across Unimus
- existing Device Access rules will be migrated to new Object Access Policies automatically
- more info at: blog article coming soon

Added an option to create user accounts for users successfully authenticated by an external auth system:
- this allows provisioning of users on first successful login to Unimus when using Radius / LDAP auth
- using this system, you no longer need to create user accounts in Unimus for external AAA users before they can log in
- both Role and Object Access Policy for automatically created accounts are configurable
- more info at: blog article coming soon

Object Ownership system has been extended to Tags and Zones:
- Tags and Zones now have an "Owner" attribute, same as Devices
- access to these objects can now be gained by being their Owner, separately from Object Access Policies
- ownership has precedent over Object Access Policies - owners always have access to objects owned by them

You can now see all Objects owned by a User in User Management:
- new "Show object ownership" button was added in User management
- this will show all Objects, as well as their types owned by this User
- you can also remove ownership of Objects from this User in this window

Improvements to APIv2 / APIv3:
- added the zoneId attribute to all Devices and Diff APIv2 endpoints
- added the zoneId attribute to multiple response objects in APIv3 where it was missing

Added support for:
- Cisco IOL (IOS on Linux) switches
- Cisco IOL (IOS on Linux) routers
- CheckPoint Gaia running on bare metal
- CheckPoint TE series
- CheckPoint QLS (Quantum Light Speed)
- iS5 IMX devices
- iS5 iES devices
- Netonix WS3 switches
- SONiC OS

Fixes:
Fixed selection model breaking in the Credentials table after editing a Credential
Fixed issues when changing large amount of objects (2000+) in a single operation when using MSSQL
Fixed multiple other object manipulation failures when using MSSQL (Device Zone change, etc.)
Fixed selected Zone disappearing from the Zone selection dropdown in "Basic import" after a successful import
Fixed issue in API with Zones which had a NetXMS Agent selected as their Connection method
Fixed various minor UI and UX issues and inconsistencies
Fixed wrong / extraneous logging during the database upgrade stage when updating
Fixed OPNSense jobs failing when device presented a menu after switching to root
Fixed Cisco ASA backup failing when logging into a context without the ability to switch into the "system" context
Fixed more cases when jobs could fail on Checkpoint Gaia devices

Security fixes:
Only Administrator-level users can now change Retention settings
Only Administrator-level users can now change Advanced System Settings
Users can no longer Edit Credentials that are used on Devices they don't have access to
Users can no longer Edit CLI Mode Change Passwords used on Devices they don't have access to
Fixed cases where users could see Backup Filters even for devices they did not have access to
Fixed users could still see and modify Targets in Config Push if Object ownership was modified concurrently
Let us know if you have any feedback / questions on this release, or if you run into any issues!
User avatar
Tomas
Posts: 1231
Joined: Sat Jun 25, 2016 12:33 pm

Thu May 16, 2024 9:53 pm

We just pushed out 2.5.0-Beta2. The complete Changelog was updated in the first post. New since 2.5.0-Beta1:
Features:
Tags can now be edited, allowing for change of Name or Owner (more on Ownership later)
Changed Cisco ASA multi-context driver to only attempt backing up contexts when switching to the "system" context is possible

Added support for NetBox in NMS Sync:
- you can now sync your NetBox inventory into Unimus
- import filtering based on "role", "tag", "location" and "field" (Custom Fields) is available
- the "status" field in NetBox is used to set the Managed flag in Unimus
- more info at: https://wiki.unimus.net/display/UNPUB/NetBox+importer

Prefixes for filters in NMS Sync were replaced by a key-value system
- until this release, entries in Sync Rules needed prefixes, with each prefix meaning something different
- this was inconsistent across different Sync Connectors, and also quite confusing (you had to read docs every time on what prefix does what)
- we replaced prefixes with a Key=Value system (for example "id=123", "group=routers", etc.)
- existing Sync Rule configuration will be automatically migrated to the new system

Object Ownership system has been extended to Tags and Zones:
- Tags and Zones now have an "Owner" attribute, same as Devices
- access to these objects can now be gained by being their Owner, separately from Object Access Policies
- ownership has precedent over Object Access Policies - owners always have access to objects owned by them

You can now see all Objects owned by a User in User Management:
- new "Show object ownership" button was added in User management
- this will show all Objects, as well as their types owned by this User
- you can also remove ownership of Objects from this User in this window

Added support for:
- Cisco IOL (IOS on Linux) switches
- Cisco IOL (IOS on Linux) routers
- Netonix WS3 switches
- SONiC OS

Fixes:
Fixed selected Zone disappearing from the Zone selection dropdown in "Basic import" after a successful import
Fixed issue in API with Zones which had a NetXMS Agent selected as their Connection method
Fixed various minor UI and UX issues and inconsistencies
Fixed OPNSense jobs failing when device presented a menu after switching to root
Fixed Cisco ASA backup failing when logging into a context without the ability to switch into the "system" context

Security fixes:
Only Administrator-level users can now change Advanced System Settings
Users can no longer Edit Credentials that are used on Devices they don't have access to
Users can no longer Edit CLI Mode Change Passwords used on Devices they don't have access to
Fixed users could still see and modify Targets in Config Push if Object ownership was modified concurrently
Fixes for issues in Beta1 (none of these apply to current stable builds):
Features:
Improved Device selection UX in Config Search (after changes in Beta1)

Fixes:
Fixed missing live updates in Object Access Policy window
Fixed backup not working on CheckPoint devices for which support was added in 2.5.0-Beta1
Fixed Administrator-level users being unable to manage their own permissions
Post Reply