StackStorm is a platform for integration and automation across services and tools, taking actions in response to events.

Overview

StackStorm

StackStorm is a platform for integration and automation across services and tools, taking actions in response to events. Learn more at www.stackstorm.com.

Build Status Travis Integration Tests Status Packages Build Status Codecov CII Best Practices Python 3.6 Apache Licensed Join our community Slack Forum


TL;DR

StackStorm Overview

StackStorm 5 min Intro Video

About

StackStorm is a platform for integration and automation across services and tools. It ties together your existing infrastructure and application environment so you can more easily automate that environment -- with a particular focus on taking actions in response to events.

StackStorm helps automate common operational patterns. Some examples are:

  • Facilitated Troubleshooting - triggering on system failures captured by Nagios, Sensu, New Relic and other monitoring, running a series of diagnostic checks on physical nodes, OpenStack or Amazon instances, and application components, and posting results to a shared communication context, like Slack or JIRA.
  • Automated remediation - identifying and verifying hardware failure on OpenStack compute node, properly evacuating instances and emailing VM about potential downtime, but if anything goes wrong - freezing the workflow and calling PagerDuty to wake up a human.
  • Continuous deployment - build and test with Jenkins, provision a new AWS cluster, turn on some traffic with the load balancer, and roll-forth or roll-back based on NewRelic app performance data.

StackStorm helps you compose these and other operational patterns as rules and workflows or actions; and these rules and workflows - the content within the StackStorm platform - are stored as code which means they support the same approach to collaboration that you use today for code development and can be shared with the broader open source community via StackStorm Exchange.

Who is using StackStorm?

See the list of known StackStorm ADOPTERS.md and Thought Leaders.

How it works

StackStorm architecture

StackStorm architecture diagram

StackStorm plugs into the environment via an extensible set of adapters: sensors and actions.

  • Sensors are Python plugins for inbound integration that watch for events from external systems and fire a StackStorm trigger when an event happens.

  • Triggers are StackStorm representations of external events. There are generic triggers (e.g., timers, webhooks) and integration triggers (e.g., Sensu alert, JIRA issue updated). A new trigger type can be defined by writing a sensor plugin.

  • Actions are StackStorm outbound integrations. There are generic actions (SSH, HTTP request), integrations (OpenStack, Docker, Puppet), or custom actions. Actions are either Python plugins, or any scripts, consumed into StackStorm by adding a few lines of metadata. Actions can be invoked directly by user via CLI, API, or the web UI, or used and called as part of automations - rules and workflows.

  • Rules map triggers to actions (or to workflows), applying matching criterias and map trigger payload data to action inputs.

  • Workflows stitch actions together into "uber-actions", defining the order, transition conditions, and passing context data from one action to the next. Most automations are multi-step (eg: more than one action). Workflows, just like "atomic" actions, are available in the action library, and can be invoked manually or triggered by rules.

  • Packs are the units of content deployment. They simplify the management and sharing of StackStorm pluggable content by grouping integrations (triggers and actions) and automations (rules and workflows). A growing number of packs is available on the StackStorm Exchange. Users can create their own packs, share them on GitHub, or submit them to the StackStorm Exchange organization.

  • Audit trail is the historical list of action executions, manual or automated, and is recorded and stored with full details of triggering context and execution results. It is is also captured in audit logs for integrating with external logging and analytical tools: LogStash, Splunk, statsd, or syslog.

StackStorm is a service with modular architecture. It is comprised of loosely coupled microservice components that communicate over a message bus, and scales horizontally to deliver automation at scale. StackStorm has a full REST API, CLI client, and web UI for admins and users to operate it locally or remotely, as well as Python client bindings for developer convenience.

StackStorm is an established project and remains actively developed by a broad community.

Documentation

Additional documentation, including installation proceduces, action/rule/workflow authoring, and how to setup and use triggers/sensors can be found at https://docs.stackstorm.com.

Hacking / Contributing

To set up a development environment and run StackStorm from sources, follow these instructions.

For information on how to contribute, our style guide, coding conventions and more, please visit the Development section in our documentation.

Security

If you believe you found a security issue or a vulnerability, please send a description of it to our private mailing list at info [at] stackstorm [dot] com.

Once you've submitted an issue, you should receive an acknowledgment from one our of team members in 48 hours or less. If further action is necessary, you may receive additional follow-up emails.

For more information, please refer to https://docs.stackstorm.com/latest/security.html

Copyright, License, and Contributor Agreement

Copyright 2020 The StackStorm Authors. Copyright 2019 Extreme Networks, Inc. Copyright 2014-2018 StackStorm, Inc.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this work except in compliance with the License. You may obtain a copy of the License in the LICENSE file, or at:

http://www.apache.org/licenses/LICENSE-2.0

By contributing you agree that these contributions are your own (or approved by your employer) and you grant a full, complete, irrevocable copyright license to all users and developers of the project, present and future, pursuant to the license of the project.

Issues
  • Optimize storage (serialization and de-serilization) of very large dictionaries inside MongoDB

    Optimize storage (serialization and de-serilization) of very large dictionaries inside MongoDB

    This pull request builds on top of various research I did in other PRs and issues in the past (#4837, #4838, etc).

    The goal is to speed up serialization and de-serialization of very large dictionaries (e.g.large results produced by various actions) inside MongoDB.

    Right now we store those dictionaries as native MongoDB dictionaries, but this means we need to escape the keys, since they can't contain $ and . which are special characters.

    This escaping is inefficient and wasteful with large (and nested) dictionaries.

    Proposed Implementation / Improvement

    This pull request tries to optimize that by serializing those dictionaries as JSON instead.

    Keep in mind that this is fine, since we always treat those values as opaque strings anyway.

    In fact, a future improvement would be to have a result database object per runner, this way we could utilize a simple "string" type for the actual result, but that's a much more involved change.

    Some actual numbers with synthetic dataset are available in other issues mentioned above. Actual numbers with production real-life data are to follow once we deploy this to CI/CD server.

    The change is fully backward compatible, but it's behind a feature flag (opt-in) until we are really sure after running it in production for a while with diverse datasets it doesn't make some corner / edge case worse or similar.

    Related optimization I talked about to @m4dcoder is getting rid of using EscapedDict DB field type in scenarios where keys can't contain special characters (e.g. potentially various workflow related models).

    TODO

    • [x] Update all the affected models to use this field type
    • [x] Tests
    • [x] Deploy it on CI/CD for a month, observe performance, memory usage, etc
    • [x] Add optional migration script for affected models - future
    • [x] Document change in upgrade notes and point users to the optional migration script - future
    • [x] Add some docs for developers on the new DB format
    • [x] Update execution list / get command to display execution run duration which includes database write time not just action run time
    • [x] Document the change
    mongodb performance service: action runner service: api service: workflow engine size/XXL workflows: orquesta 
    opened by Kami 48
  • Add migration script for migrating old execution field data to the new format

    Add migration script for migrating old execution field data to the new format

    This pull request adds a simple migration script which migrations data for executions which utilize old and slow + inefficient fielld type to the new type.

    I tested it locally and it works fine (it's also a bit of a PITA to manually test, easiest is to just create MongoDB snapshot with old version of st2 and re-use that with st2 master).

    Implementation Details

    #4846 introduced a new field types which is up to 10-30x faster when saving and retrieving objects with larger values.

    In that PR I wasn't a massive fan of a migration script - yes I could add it, but I already spent many, many days on those performance optimization changes and I think migration script adds little value yet the effort is not totally trivial - yes the code changes mostly is, but things are not just a code change - it includes test cases, documentation, upgrade notes, etc and that takes quite some effort.

    The migration script doesn't provide tons of value because it only works in old executions and most users only care about new and recent executions so if when viewing data for some old execution it takes longer to load it's not the end of the world.

    I would be all of migration if that would actually provide more value - e.g. reduce maintenance burden / amount of code we need to maintain, but that is not the case and it likely won't change any time soon. We still utilize those two field types in many other places and migration script step is optional and manual and we can't really force users to run them and assume by the next release everyone has done it so we can just remove that code.

    For now, I only implemented it for execution related objects. Technically we could also do it for workflow, trigger instance and rule related objects, but that would require even more work and some more "work around" to determine if specific object in database utilizes all type or now - it's possible to detect that, but it's not totally trivial and just re-writing all objects sames wasteful.

    Complete contributions (with tests) for other models are also welcome (especially in this case where the change itself will likely save many 10's of thousands and likely even much more $ per month in terms of CPU utilization across all the large StackStorm installations so contributing such a small change seems worth trade off for such a big improvement :)).

    TODO

    • [x] Unite tests (will be a bit of a PITA, but it's manageable)
    • [x] Upgrade notes entry - https://github.com/StackStorm/st2/pull/5255
    external dependency migrations mongodb performance size/L 
    opened by Kami 40
  • Python3.8 on Ubuntu 20.04 (requiring MongoDB 4.4)

    Python3.8 on Ubuntu 20.04 (requiring MongoDB 4.4)

    Work in Progress

    Add support for Python3.8 on Ubuntu 20.04. To support this configuration, it implicitly includes MongoDB 4.4 unless we consider standalone instances of StackStorm can no longer host the mongodb instance locally for Ubuntu 20.04.

    • Bump eventlet/greenlet to latest to benefit from threading fix for python3.7+
    • Bump pymongo/mongoengine to support Mongo4.4 which is the only version packaged for Ubuntu 20.04.
    • Added Python3.8 into tox tests.

    https://github.com/StackStorm/discussions/issues/68

    OS support deployment eventlet monkey patching feature mongodb size/XL 
    opened by nzlosh 32
  • Add a new standalone st2-pack-install CLI command for installing a pack

    Add a new standalone st2-pack-install CLI command for installing a pack

    This pull request adds a new independent and standalone st2-pack-install CLI command for installing a pack and setting up pack virtual environment.

    End result is the same as running st2 pack install <foo> minus the content registration step.

    This command is fully standalone and only requires Python, pip, st2common PyPi package and git binary to be installed on the system where it's used. It doesn't need / require database (MongoDB) and message bus access (RabbitMQ).

    This command is designed to be used in environments where all the resources (packs) are baked into the base VM / container image which is then deployed.

    Keep in mind that the actual content still needs to be registered with StackStorm at some later point when a cluster is deployed and when MongoDB and RabbitMQ are up (st2ctl reload --register-all which is also an idempotent operation).

    NOTE: This change required some long needed refactoring - moved a bunch of code outside of the action which makes it re-usable elsewhere and also easier to test.

    Usage:

    ./st2common/bin/st2-pack-install libcloud
    ./st2common/bin/st2-pack-install doesnt-exist
    ./st2common/bin/st2-pack-install libcloud==9.9.9
    ./st2common/bin/st2-pack-install libcloud --debug
    ./st2common/bin/st2-pack-install libcloud --debug
    ./st2common/bin/st2-pack-install libcloud xml=9.9.9 csv
    ./st2common/bin/st2-pack-install libcloud doesntexist csv xml=9.9.9
    

    Resolves #3912.

    Docker K8s RFR 
    opened by Kami 29
  • Execution stuck in

    Execution stuck in "Running" state

    I recently ran into a problem which caused the state of the execution to incorrectly report "Running". Looking at the logs, the actions clearly fails. There is no way to cancel it or remove it via the UI or the CLI. The action never seems to time out.

    It happened when the result of the action contained some non-utf8 characters. I posted the action runner log at here.

    Some background info: running stackstorm 0.11.6 on CentOS 7 with the latest python available on the OS.

    I was able to reproduce this multiple times. The action should fail with the error message seen in the logs.

    WIP bug 
    opened by felin-arch 27
  • [WIP] [RFC] Sensor and Python runner action sandboxing and isolation

    [WIP] [RFC] Sensor and Python runner action sandboxing and isolation

    This pull request introduces sensor sandboxing and isolation. Sensors are sandboxed by running them in a separate process. The sensor process uses Python binary from the virtual environment which is specific to the pack to which the sensor belongs.

    Related pull request which includes "packs" command changes is #778.

    (Note: Currently this is just a prototype and not everything is hooked up and working yet).

    Benefits

    In addition to the "common" sandboxing / isolation benefits, this approach also has some other benefits:

    1. It's easier to scale and run sensors on multiple servers.

    Sensor wrapper is mostly self-sustaining and doesn't depend on the whole reactor process running.

    This means only the pack content and sensor wrapper needs to be located on the remote host where we want to run the sensors.

    1. Looser coupling.

    Sensors are less coupled to the container process and other st2 components.

    They only communicate with st2 using the API endpoint which is used to dispatch the triggers. Previously, they were coupled to the container process.

    1. Easier to debug and test the sensors.

    User can run and test the sensors directly using the sensor wrapper script.

    Downsides

    One of the main downsides of this approach is increased resource consumption (memory and CPU).

    I personally view this more as a trade off than a downside (we trade security and isolation for some additional resource consumption).

    This should also be a less of an issue when we better support "scale-out" deployments (running components on multiple servers).

    TODO

    • [x] Use system python binary and virtual environment for actions and sensors which belong to system packs
    • [x] Implement bi-direction communication using message in the sensor wrapper (uses for create, update, delete handler methods)
    • [x] Implement trigger event dispatcher in the sensor wrapper via a message bus using a new queue - Kami
    • [x] Hook up TriggerDispatcher to listen for events on the new queue and handle them - Manas
    • [x] Add support for sensor meta data files (similar to action meta data file). Those files should define trigger_types so we avoid chicken and the egg problem. This also means updating sensor registration process, etc. - Kami
    • [ ] Update all the core sensors so they still work (notably web hook one needs to be updated to use new queue dispatch approach) - lakshmi
    • [x] Move scheduling and poll functionality from sensor classes to the sensor wrapper. This way we narrow sensor class responsibilities to fetching data and dispatching triggers. And we also need to do that since we need to use eventlet.sleep inside the schedule loop to prevent blocking and prevent other code from running. Poll interval should be defined in the sensor metadata file. - Kami
    • [ ] Documentation updates for the sensor metadata changes
    • [x] Hook up container manager to use the new MultiProcessSensorContainer
    • [x] Capture stdout and stderr of the child process in the process sensor container
    • [x] Sandboxing for Python runner actions
    • [x] Update affected unit tests - Kami
    • [x] Update code to use "packs_pase_path` configuration value once #780 has been merged - Kami
    • [ ] End to end testing - everyone
    • [x] Decide on the name for "Dispatcher" class and update affected code - Kami

    Open questions / To discuss

    Here are some things which still need to be discussed. Some of them are just things I have observed while working on this change and don't need to be addressed immediately.

    1. Sensor communication with the container process (aka dispatching triggers)

    Lakshmi and I have discussed this on Slack. We both agreed that having sensors dispatch trigger events by sending a request to the API is a good approach.

    Using this approach means we don't need a bi-directional communication between the container and sensor and the sensor wrapper process is more or less self-sustaining.

    For this to work, we need to add special API endpoint which takes a trigger and dispatches a payload. We can't use the existing webhook sensor anymore. The existing webhook sensor assumes it has direct access to the container service which is not true anymore.

    1. API authentication

    This is something we probably don't need and want to tackle right now since all the sensor processes will run on the same server as the other st2 components.

    Eventually though (when we scale out and support running components on multiple servers), we should figure out how sensors should authenticate to the API when they dispatch a trigger. One approach which I think is reasonable is generating a temporary and limited access API key for each sensor process.

    This key would have limited access (only allow to post triggers to a special endpoint) and be revoked when the sensor process exits.

    1. Running multiple instances of the same sensor

    Currently, you can only run one instance of a particular sensor class.

    This works fine for now, but I do see a use case where you would want to run multiple instances of the same sensor with different configuration options (e.g. you want to monitor multiple JIRA instances, etc.).

    This is a bigger task and would require quite a bit of refactoring so it's not something we probably want to do right now, but it's just something to keep in mind and think about.

    To support this use case, we would need to (among other things) allow user to use different config files and the sensor class would need to expose a method for returning it's ID (e.g. for JIRA sensor this would probably just be .).

    Other

    When we are all on the same page and agree that is the right approach, I fill finish this PR and work on a new PR which introduces the same changes for the Python runner actions.

    Comments and feedback welcome.

    opened by Kami 26
  • Immutable/default action parameters for aliases (ChatOps)

    Immutable/default action parameters for aliases (ChatOps)

    There is already mechanism to set optional parameter in alias:

    formats:
      - "google {{query=StackStorm}}"
    

    Problem

    But what if we want to add simple hardcoded chatops command and hide unneeded logic behind the default/immutable action parameters? I think that good ChatOps commands could be simple and easy to remember, without MANY optional parameters. Example case: deploy chatops

    To do that, we need to create additional action with default parameters, which will trigger another action. I do this way almost everywhere (bad way): https://github.com/armab/st2-chatops-aliases/tree/master/actions

    Proposal

    The proposal is to allow setting from alias default/immutable action parameters.

    Here is an example how it could look:

    
    ---
    name: chatops.deploy
    action_ref: packs.install
    description: Deploy ChatOps pack from `armab/st2-ansible-chatops` GitHub repo
    formats:
      - "deploy chatops"
    # these lines were added
    # naming/structure is doubtful, but you got the idea
    action_parameters:
      packs: "st2-ansible-chatops"
      repo_url: "armab/st2-ansible-chatops"
    

    Here you can see that behind simple and immutable/hardcoded ChatOps command:

    !deploy chatops
    

    stands:

    st2 run packs.install packs=st2-ansible-chatops repo_url=armab/st2-ansible-chatops
    

    This simplifies things a lot, making existing actions more reusable by aliases.

    chatops feature proposal status:under discussion 
    opened by armab 25
  • Mistral Deprecation Game Plan

    Mistral Deprecation Game Plan

    Mistral deprecation in favor of new workflow engine Orquesta was communicated for quite a long time. StackStorm v3.2 will be latest version to ship Mistral with full removal in st2 v3.3 per Roadmap.

    There is a helper Mistral -> Orquesta conversion tool available: https://github.com/EncoreTechnologies/orquestaconvert Special thanks @nmaludy an EncoreTechnologies for the tool

    The Plan: https://github.com/orgs/StackStorm/projects/16

    • [x] Identify & Migrate any missing mistral workflows in StackStorm Exchange
    • [x] Remove from st2ci testing and st2cd release automation
      • [x] st2ci https://github.com/StackStorm/st2ci/pull/189 (@amanda11)
      • [x] st2cd https://github.com/StackStorm/st2cd/pull/440 (@amanda11)
    • [x] st2 code cleanup to remove the mistral integration https://github.com/StackStorm/st2/pull/5011 (@amanda11)
    • [x] st2-packages
      • [x] Remove deb/rpm rules from st2-packages https://github.com/StackStorm/st2-packages/pull/656 (@amanda11)
      • [x] Remove mistral from scripted curl-bash installer https://github.com/StackStorm/st2-packages/pull/657 (@amanda11)
      • [ ] Later step: move st2-packages rpm/deb scriptlets into st2 https://github.com/StackStorm/st2-packages/issues/662 (@armab)
    • [x] Remove Mistral from st2tests https://github.com/StackStorm/st2tests/pull/190 (@amanda11)
    • [x] Close all Mistral issues
    • [x] Remove mistral from Deployments
      • [x] ~st2-docker~
      • [x] ~Chef~ (deprecated)
      • [x] Ansible https://github.com/StackStorm/ansible-st2/issues/270 (@amanda11)
      • [x] Puppet https://github.com/StackStorm/puppet-st2/pull/313 (@nmaludy)
    • [x] Remove mistral from the launch_dev.sh script (https://github.com/StackStorm/st2/issues/5012)
    • [x] Update docs
      • [x] https://github.com/StackStorm/st2docs/pull/1009 (@amanda11)
      • [x] https://github.com/StackStorm/st2docs/pull/1010 (@winem)
      • [x] Update any missing diagrams/pictures
      • [x] +Sync-up Roadmap
    • [x] Archive mistral forks/repos https://github.com/StackStorm/mistral_dev https://github.com/StackStorm/mistral https://github.com/StackStorm/st2mistral (@armab)
    • [ ] Blog post about Orquestaconvert project (@nmaludy)
    • [ ] Mention deprecation in v3.3.0 release announcement (@nmaludy as a release manager)

    @m4dcoder feel free to adjust the task list to make sure we don't forget any other places with mistral occurrences.

    help wanted workflows: mistral 
    opened by armab 24
  • Add support to action run command to inherit all the environment variables

    Add support to action run command to inherit all the environment variables

    This pull request allows user to easily send all the environment variables which are accessible to the CLI as env parameter to the action being executed.

    Keep in mind that some common environment variables which are set in a login shell such as PWD, PATH and others are ignored. The feature is there to make it easier for user to send user-defined environment variables (e.g. different credentials, path to credential files, etc.) and not the ones which are defined by login script / shell. On top of that, sending some of those variables (e.g. PATH, PYTHONPATH, etc.) could interfere and break the action itself.

    See #1034 for more information.

    opened by Kami 24
  • Implement runner, API, and client code for Inquiries

    Implement runner, API, and client code for Inquiries

    This PR introduces a new runner, inquirer, as well as API endpoints and st2client changes necessary for working with Inquiries.

    Usage

    Please review the corresponding st2docs PR for full usage documentation and examples.

    asciicast

    New "Inquiry" Runner

    This PR creates the inquirer runner, which forms the basis for "asking a question" in the middle of a Workflow.

    Based on previous and current (see below) design discussions, this runner is fairly simple:

    • Dispatch trigger indicating a new inquiry
    • Request that the parent execution (workflow) is paused (for nested workflows, this is done on the root workflow)
    • Return a pending status

    The entire act of handling a response (including validation) and resuming the workflow is handled by the API, and is outside the scope of this runner. This runner's sole purpose is to pause the workflow and provide enough context for a 3rd party to make a proper response.

    The inquirer runner supports a number of parameters with sensible defaults. These defaults can of course be overridden by passing them into the action upon invocation. The parameters used for an Inquiry will be placed in the action result.

    Currently the ttl parameter does nothing, and will be used in a future PR where st2garbagecollector will use it to clean up old Inquiries

    API

    For the time being, Inquiries are effectively treated as ActionExecutions, with a bit of additional logic, meaning we haven't built a full data model for Inquiries yet. This actually works pretty well, but there are a few "weird" things in this PR, especially around RBAC, because of this decision.

    For the time being, the API is (hopefully) designed under the assumption that Inquiries may be their own data model in the future, and acts like it is today.

    This API will provide:

    • GET /api/v1/inquiries: Retrieve all Inquiries
    • GET /api/v1/inquiries/{id}: Retrieve a specific inquiry by ID
    • PUT /api/v1/inquiries/{id}: Provide response data to an Inquiry

    st2client Updates

    There are three new commands, one for each new API function:

    • st2 inquiry list
    • st2 inquiry get <id>
    • st2 inquiry respond <id> <response json>

    I opted to keep command-line options to a minimum, as most of the options for the similar st2 executions list command are focused mainly on filtering, and Inquiries shouldn't be that long-lived. Inquiries (for now) are basically just executions with a certain status, and they shouldn't be in that status for long. So I added the limit option, but not much else. Let me know if you feel other filters, like datetime filters are required, but I'm thinking they shouldn't be necessary.

    Testing Instructions

    NOTE that this is not a complete picture of everything we want to do with Inquiries. This PR focused on an end-to-end implementation of the core functionality. There are a few other misc. things that need to be done to really round this feature out, like adding garbage collection and ensuring things work well with chatops. For this round of testing I want to focus on the core functionality, like the way the API and CLI work, and the invocation of the action

    This is a large and significant feature so manual testing before the merge is a good idea. Here are some things to test

    Please first review the corresponding st2docs PR containing formal descriptions of what Inquiries are and how to use them (and please leave comments on that PR as needed too)

    The following commands will check this branch out, and spin up a development instance of st2, with mistral, and install the client:

    git clone -branch api-ask-response [email protected]:StackStorm/st2.git
    cd st2
    make requirements
    source virtualenv/bin/activate
    tools/launchdev.sh stop && tools/launchdev.sh startclean -m -x && python st2client/setup.py install > /dev/null
    

    From there, you can create and execute workflows and rules that test Inquiries. Note the existing Mistral and ActionChain workflows in this branch that may serve as a good place to start.

    There are a number of things that I feel would be useful to test, but by all means, go beyond this list:

    • Basic testing. Run a simple workflow with an Inquiry (core.ask action), and respond to it. Confirm that the workflow initially pauses, then respond to the inquiry. Then confirm the workflow resumes. Also confirm that the response fails with invalid data (and workflow does not resume)
    • Test with various parameters. Each parameter has an assumed default, override these and confirm that the behavior is as expected. For instance, override the schema parameter with your own, and supply data that would only validate against that
    • Nested workflows. Confirm that pauses and resumes cascade up the chain to the root workflow
    • Standalone Inquiries (not in a workflow). Not a common use case, but in previous discussions, we decided to support this. Confirm you can run core.ask on its own, and that it supports the same response behavior.
    • Send slack notifications using a rule that consumes the core.st2.generic.inquiry trigger. Note that this is just a PoC - a future PR will introduce proper chatops integration once this core functionality is vetted
    • Test all client commands and flags (st2 inquiry get/list/respond). Ensure the output is as you would expect
    • RBAC (This is my first time doing anything with RBAC so I would appreciate some eyes on this) - Ensure you can lock down Inquiry resources the way you'd expect from other resources. I played around with this a bit myself, feel free to use my example as a starting point (slightly out of date - no longer necessary to use inquiry:ask; just use inquiry). This was one area where not having a dedicated model for Inquiries made things difficult (though not impossible).
    • Response permissions using users or roles runner parameters. This goes beyond RBAC and actually permits/denies a per-Inquiry response

    Again, please review the corresponding st2docs PR for full usage documentation and examples.

    TODOs

    • [x] Test RBAC manually to ensure things still work
    • [ ] (winson) Are there integration tests for the st2cd.st2_e2e_tests? Please include one for action chain and one for mistral. Also provide PR to st2cd (and st2ci?) to run this just like the mistral itests are being run
    • [ ] Finish docs
    • [ ] Check coverage
    • [ ] Ensure example chain and mistral workflow is solid
    RFR 
    opened by Mierdin 24
  • Update nginx config to support TLS v1.3 in addition to TLS v1.2

    Update nginx config to support TLS v1.3 in addition to TLS v1.2

    This pull request updates production + sample nginx configs to also support TLS v1.3 in addition to TLS v1.2.

    Keep in mind that TLS v1.3 will only be used if the server and client support it. On the server side, this means it will work out of the box on more recent distros where nginx version is >= v1.13 and nginx is compiled against OpenSSL v 1.1.1 which supports TLS v1.3.

    Resolves #5216.

    nginx security size/S 
    opened by Kami 2
  • Username/password length

    Username/password length

    With the introduction of https://github.com/StackStorm/st2web/pull/887 there is a username and password limit set, but there is no equivalent check in the CLI.

    Some feedback from @m4dcoder "There's going to be some challenges there because the st2auth backends are not managed by st2 (i.e. htpasswd, LDAP, etc.). If those auth providers allow longer usernames and passwords, there's not much we can do other than throw an error that says username/passwords is beyond supported length when user login via the CLI."

    opened by amanda11 1
  • Feature request: Bulk keys api

    Feature request: Bulk keys api

    There is a current put api for a single key value pair. Will any plans to implement bulk key value insertion/updates?

    API feature 
    opened by zhangxin511 1
  • from lib import action   File

    from lib import action File "/opt/stackstorm/packs/aws/actions/lib/action.py", line 107 except Exception, e: ^ SyntaxError: invalid syntax

    SUMMARY

    st2 run command throwing syntax errors .

    Provide a quick summary of your bug report.

    STACKSTORM VERSION

    Paste the output of st2 --version:

    st2 --version st2 3.4.1, on Python 3.6.13

    OS, environment, install method

    vagrant box StackStorm v3.4.1 (Ubuntu 16.04 LTS GNU/Linux x86_64) st2vagrant

    Steps to reproduce the problem

    Show how to reproduce the problem, using a minimal test-case. Make sure to include any content (pack content - workflows, actions, etc.) which are needed to reproduce the problem.

    st2 pack install aws updated aws.yml file with keys from IAM role

    excuted st2 run aws.ec2_get_all_tags

    Expected Results

    get list of ec2 tags

    Actual Results

    st2 run aws.ec2_get_all_tags . id: 60b4be16a161a571fbd73de6 action.ref: aws.ec2_get_all_tags context.user: st2admin parameters: None status: failed start_timestamp: Mon, 31 May 2021 10:44:38 UTC end_timestamp: Mon, 31 May 2021 10:44:39 UTC result: exit_code: 1 result: None stderr: "Traceback (most recent call last): File "/opt/stackstorm/st2/lib/python3.6/site-packages/python_runner/python_action_wrapper.py", line 238, in _get_action_instance actions_cls = action_loader.register_plugin(Action, self._file_path) File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2common/util/loader.py", line 166, in register_plugin module = imp.load_source(module_name, plugin_abs_file_path) File "/opt/stackstorm/virtualenvs/aws/lib/python3.6/imp.py", line 172, in load_source module = _load(spec) File "", line 684, in _load File "", line 665, in _load_unlocked File "", line 678, in exec_module File "", line 219, in _call_with_frames_removed File "/opt/stackstorm/packs/aws/actions/run.py", line 1, in from lib import action File "/opt/stackstorm/packs/aws/actions/lib/action.py", line 107 except Exception, e: ^ SyntaxError: invalid syntax

    Thanks!

    opened by raghavendraDBA 2
  • Orquesta sub-workflow always get stuck

    Orquesta sub-workflow always get stuck

    One of orquesta sub-workflow alaways get stuck after scheduled.

    Version is v3.4.1 running on RHEL 7

    image

    In the chart, orqusta sub-flow is scheduled at 03:35:12UTC with running status, but the first action running at 03:43:12UTC, there are more than 8 minutes pending here. Seems there is no other oquesta flows like this on my st2 , only this one has such issue.

    I checked st2scheduler.log, st2actionrunner.log and st2workflowengine.log, there is no excetion and error during this subflow execution.

    Do you have any suggestion how to identify problem? and what need I pay more attention when developing orquesta workflow?

    Thanks!

    opened by hgjsj 0
  • two equals == is being interpreted as a key/value pair by the StackStorm API.

    two equals == is being interpreted as a key/value pair by the StackStorm API.

    SUMMARY

    Provide a quick summary of your bug report.

    Reference: https://github.com/nzlosh/err-stackstorm/issues/37

    STACKSTORM VERSION

    latest using docker tag

    OS, environment, install method

    docker

    Steps to reproduce the problem

    Show how to reproduce the problem, using a minimal test-case. Make sure to include any content (pack content - workflows, actions, etc.) which are needed to reproduce the problem.

    Expected Results

    input string two or more equals not to be parsed as key/value, just string

    Actual Results

    It seems the == is being interpreted as a key/value pair by the StackStorm API.

    12:38 PM !st2 licensing request json data 111==

    12:38 PM storm-trooper-bot-devAPP Additional properties are not allowed ('111' was unexpected) Failed validating 'additionalProperties' in schema: {'additionalProperties': False, 'description': 'Execute Composer Licensing actions chained flow', 'properties': {'display_published': {'default': True, 'description': 'Intermediate ' 'published ' 'variables will ' 'be stored and ' 'displayed.', 'type': 'boolean'}, 'request': {'description': 'Composer Licensing request', 'required': True, 'type': 'string'}, 'skip_notify': {'default': ['get_user', 'failure_get_user_msg', 'composer_licensing_failure_msg', 'composer_licensing_action_process'], 'description': 'List of tasks to skip ' 'notifications for.', 'type': 'array'}}, 'title': 'composer_licensing', 'type': 'object'} On instance: {'111': '=', 'display_published': True, 'request': 'request json data', 'skip_notify': ['get_user', 'failure_get_user_msg', 'composer_licensing_failure_msg', 'composer_licensing_action_process']}

    Making sure to follow these steps will guarantee the quickest resolution possible.

    Thanks!

    opened by minifygb 0
  • with item is taking more time in stackstorm and workflow is getting failed if the size is more than 500

    with item is taking more time in stackstorm and workflow is getting failed if the size is more than 500

    SUMMARY

    When we use with items in stackstorm its taking more time. And the workflow is getting failed if the list contains more than 500 elements.

    STACKSTORM VERSION

    Paste the output of st2 3.4dev:

    OS, environment, install method

    Deployed st2 in HA in amazon Kubernetes

    Steps to reproduce the problem

    1. Create a workflow with two actions. a. one read data from database b. iterate the values and print
    2. for list size 100 it took 3 mins, for 200 it took 15 mins. For 500 the workflow got failed This is the error message coming { ""type"": ""error"", ""message"": ""Execution failed. See result for details."", ""task_id"": ""task2"" }, { ""type"": ""error"", ""message"": ""ToozConnectionError: Timeout reading from socket"", ""task_id"": ""task2"", ""route"": 0 } ]

    Thanks! Mano Prakadeesh

    opened by itsmano 2
  • login fail  ERROR: Expecting value: line 1 column 1 (char 0)

    login fail ERROR: Expecting value: line 1 column 1 (char 0)

    #st2 --debug login st2admin -p '[email protected]'

    -------- begin 140218091069512 request ----------

    curl -X POST -H 'User-Agent: python-requests/2.23.0' -H 'Accept-Encoding: gzip, deflate' -H 'Accept: /' -H 'Connection: keep-alive' -H 'content-type: application/json' -H 'Content-Length: 2' -H 'Authorization: Basic c3QyYWRtaW46Q2hAbmdlTWU=' --data-binary '{}' http://127.0.0.1:9100/tokens

    -------- begin 140218091069512 response ----------

    Node Exporter

    Node Exporter

    Metrics

    # -------- end 140218091069512 response ------------

    ERROR: Expecting value: line 1 column 1 (char 0)

    CLI settings:

    Config file path: /root/.st2/config Client settings:

    ST2_BASE_URL: http://127.0.0.1 ST2_AUTH_URL: http://127.0.0.1:9100 ST2_API_URL: http://127.0.0.1:9101/v1 ST2_STREAM_URL: http://127.0.0.1:9102/v1 ST2_AUTH_TOKEN: None

    Proxy settings:

    HTTP_PROXY: HTTPS_PROXY:

    Traceback (most recent call last): File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2client/shell.py", line 408, in run func(args) File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2client/commands/auth.py", line 154, in run_and_print self.run(args, **kwargs) File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2client/commands/auth.py", line 125, in run manager = self.manager.create(instance, auth=(args.username, args.password), **kwargs) File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py", line 42, in decorate return func(*args, **kwargs) File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py", line 309, in create instance = self.resource.deserialize(response.json()) File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/models.py", line 898, in json return complexjson.loads(self.text, **kwargs) File "/opt/stackstorm/st2/lib/python3.6/site-packages/simplejson/init.py", line 525, in loads return _default_decoder.decode(s) File "/opt/stackstorm/st2/lib/python3.6/site-packages/simplejson/decoder.py", line 370, in decode obj, end = self.raw_decode(s) File "/opt/stackstorm/st2/lib/python3.6/site-packages/simplejson/decoder.py", line 400, in raw_decode return self.scan_once(s, idx=_w(s, idx).end()) simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

    opened by heruosong 1
  • st2-run-pack-tests not setting environment variables for ST2 API

    st2-run-pack-tests not setting environment variables for ST2 API

    I'm trying to write some tests for the msexchange pack and hitting some issues with the BaseActionTestCase because the pack uses the st2 client to read and write cache entries...

    from collections import namedtuple
    import os
    
    from st2common.runners.base_action import Action
    from st2client.client import Client
    from st2client.models import KeyValuePair
    from exchangelib import Account, Credentials, Configuration, DELEGATE, EWSTimeZone
    
    CacheEntry = namedtuple('CacheEntry', 'ews_url ews_auth_type primary_smtp_address')
    
    
    class BaseExchangeAction(Action):
        def __init__(self, config):
            super(BaseExchangeAction, self).__init__(config)
            api_url = os.environ.get('ST2_ACTION_API_URL', None)
            token = os.environ.get('ST2_ACTION_AUTH_TOKEN', None)
            self.client = Client(api_url=api_url, token=token)
    

    On both CircleCI for the pack and when I test using the Vagrant image, because the ST2_ACTION_AUTH_TOKEN is not set on the runner. What is the correct way to get around this?

    ======================================================================
    5) ERROR: test_run_get_test_folder (search_items_test_case.SearchItemsActionTestCase)
    ----------------------------------------------------------------------
       Traceback (most recent call last):
        tests/search_items_test_case.py line 9 in test_run_get_test_folder
          result = self.get_action_instance(config=self._test_config).run(
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2tests/actions.py line 48 in get_action_instance
          action_service=self.action_service)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2common/runners/utils.py line 143 in get_action_class_instance
          action_instance = action_cls(**kwargs)
        actions/base/action.py line 27 in __init__
          cache = self._get_cache()
        actions/base/action.py line 70 in _get_cache
          name='exchange_ews_url')
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 42 in decorate
          return func(*args, **kwargs)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 294 in get_by_name
          instances = self.query(name=name, **kwargs)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 42 in decorate
          return func(*args, **kwargs)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 281 in query
          instances, _ = self._query_details(**kwargs)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 274 in _query_details
          self.handle_error(response)
        /opt/stackstorm/st2/lib/python3.6/site-packages/st2client/models/core.py line 168 in handle_error
          response.raise_for_status()
        /opt/stackstorm/st2/lib/python3.6/site-packages/requests/models.py line 941 in raise_for_status
          raise HTTPError(http_error_msg, response=self)
       HTTPError: 401 Client Error: Unauthorized
       MESSAGE: Unauthorized - One of Token or API key required. for url: http://127.0.0.1:9101/v1/keys/?name=exchange_ews_url
       -------------------- >> begin captured logging << --------------------
       st2.st2common.runners.utils: DEBUG: Action class (ABCMeta) constructor doesn't take "action_service" argument, falling back to late assignment...
       urllib3.connectionpool: DEBUG: Starting new HTTP connection (1): 127.0.0.1:9101
       urllib3.connectionpool: DEBUG: http://127.0.0.1:9101 "GET /v1/keys/?name=exchange_ews_url HTTP/1.1" 401 73
       --------------------- >> end captured logging << ---------------------
    
    opened by tonybaloney 3
  • E: Unable to locate package st2 St2 installation Ubuntu 16.04-

    E: Unable to locate package st2 St2 installation Ubuntu 16.04-

    SUMMARY

    E: Unable to locate package st2 St2 installation Ubuntu 16.04- . I get this error when I follow the instructions from

    https://docs.stackstorm.com/install/u16.html# . All the dependencies are successful until the step to start installing ST2. Thats where its fails. I see that ST2 packages are not available at https://packagecloud.io/StackStorm/stable/ubuntu/ .

    The default script as the below path to set as repository https://packagecloud.io/StackStorm/stable/ubuntu/ but in this location I could not find anything that is why we are getting error however the packages are found at https://packagecloud.io/StackStorm/stable a level down.

    Below is the output I get when I run app-get install st2

    Reading package lists... Done Building dependency tree Reading state information... Done N: Ignoring file 'script.deb.sh' in directory '/etc/apt/sources.list.d/' as it has an invalid filename extension E: Unable to locate package st2

    STACKSTORM VERSION

    Paste the output of st2 --version:

    OS, environment, install method

    Ubuntu 16.04. , Manual install method. Distributor ID: Ubuntu Description: Ubuntu 16.04.7 LTS Release: 16.04 Codename: xenial

    Steps to reproduce the problem

    Pick this os version and start intsalling St2 through one-install or manual install

    opened by Sudhigalagali 4
Releases(v3.4.1)
  • v3.4.1(Mar 16, 2021)

    https://stackstorm.com/2021/03/10/stackstorm-v3-4-1-security-fix/

    Added

    • Update the service start up code to warn if the service locale encoding is not set to utf-8 #5184 Contributed by @Kami

    Changed

    • Use sudo -E to fix GitHub Actions tests #5187 Contributed by @cognifloyd
    • Properly handle unicode strings in logs #5184 Contributed by @Kami
    Source code(tar.gz)
    Source code(zip)
  • v3.4.0(Mar 4, 2021)

    https://stackstorm.com/2021/03/04/v3-4-0-released/

    Added

    • Added support for GitLab SSH URLs on pack install and download actions. (improvement) #5050 Contributed by @asthLucas

    • Added st2-rbac-backend pip requirements for RBAC integration. (new feature) #5086 Contributed by @hnanchahal

    • Added notification support for err-stackstorm. (new feature) #5051

    • Added st2-auth-ldap pip requirements for LDAP auth integartion. (new feature) #5082 Contributed by @hnanchahal

    • Added --register-recreate-virtualenvs flag to st2ctl reload to recreate virtualenvs from scratch. (part of upgrade instructions) [#5167] Contributed by @winem and @blag

    Changed

    • Updated deprecation warning for python 2 pack installs, following python 2 support removal. #5099 Contributed by @amanda11

    • Improve the st2-self-check script to echo to stderr and exit if it isn't run with a ST2_AUTH_TOKEN or ST2_API_KEY environment variable. (improvement) #5068

    • Added timeout parameter for packs.install action to help with long running installs that exceed the default timeout of 600 sec which is defined by the python_script action runner (improvement) #5084

      Contributed by @hnanchahal

    • Upgraded cryptography version to 3.2 to avoid CVE-2020-25659 (security) #5095

    • Converted most CI jobs from Travis to GitHub Actions (all except Integration tests).

      Contributed by @nmaludy, @winem, and @blag

    • Updated cryptography dependency to version 3.3.2 to avoid CVE-2020-36242 (security) #5151

    Fixed

    • Pin chardet version as newest version was incompatible with pinned requests version #5101 Contributed by @amanda11

    • Fixed issue were st2tests was not getting installed using pip because no version was specified. Contributed by @anirudhbagri

    • Added monkey patch fix to st2stream to enable it to work with mongodb via SSL. (bug fix) #5078 #5091

    • Fix nginx buffering long polling stream to client. Instead of waiting for closed connection wait for final event to be sent to client. (bug fix) #4842 #5042

      Contributed by @guzzijones

    • StackStorm now explicitly decodes pack files as utf-8 instead of implicitly as ascii (bug fix) #5106, #5107

    • Fix incorrect array parameter value casting when executing action via chatops or using POST /aliasexecution/match_and_execute API endpoint. The code would incorrectly assume the value is always a string, but that may not be the cast - they value could already be a list and in this case we don't want any casting to be performed. (bug fix) #5141

      Contributed by @Kami.

    • Fix @parameter_name=/path/to/file/foo.json notation in the st2 run command which didn't work correctly because it didn't convert read bytes to string / unicode type. (bug fix) #5140

      Contributed by @Kami.

    • Fix broken st2 action-alias execute command and make sure it works correctly. (bug fix) #5138

      Contributed by @Kami.

    Removed

    • Removed --python3 pack install option #5100 Contributed by @amanda11

    • Removed submit-debug-info tool and the st2debug component #5103

    • Removed check-licence script (cleanup) #5092

      Contributed by @kroustou

    • Updated Makefile and CI to use Python 3 only, removing Python 2 (cleanup) #5090

      Contributed by @blag

    • Remove st2resultstracker from st2ctl, the development environment and the st2actions setup.py (cleanup) #5108

      Contributed by @winem

    Source code(tar.gz)
    Source code(zip)
  • v3.3.0(Oct 22, 2020)

    https://stackstorm.com/2020/10/22/stackstorm-v3-3-0-released/

    Added

    • Add make command to autogen JSON schema from the models of action, rule, etc. Add check to ensure update to the models require schema to be regenerated. (new feature)

    • Improved st2sensor service logging message when a sensor will not be loaded when assigned to a different partition (@punkrokk) #4991

    • Add support for a configurable connect timeout for SSH connections as requested in #4715 by adding the new configuration parameter ssh_connect_timeout to the ssh_runner group in st2.conf. (new feature) #4914

      This option was requested by Harry Lee (@tclh123) and contributed by Marcel Weinberg (@winem).

    • Added a FAQ for the default user/pass for the tools/launch_dev.sh script and print out the default pass to screen when the script completes. (improvement) #5013

      Contributed by @punkrokk

    • Added deprecation warning if attempt to install or download a pack that only supports Python 2. (new feature) #5037

      Contributed by @amanda11

    • Added deprecation warning to each StackStorm service log, if service is running with Python 2. (new feature) #5043

      Contributed by @amanda11

    • Added deprecation warning to st2ctl, if st2 python version is Python 2. (new feature) #5044

      Contributed by @amanda11

    Changed

    • Switch to MongoDB 4.0 as the default version starting with all supported OS's in st2 v3.3.0 (improvement) #4972

      Contributed by @punkrokk

    • Added an enhancement where ST2api.log no longer reports the entire traceback when trying to get a datastore value that does not exist. It now reports a simplified log for cleaner reading. Addresses and Fixes #4979. (improvement) #4981

      Contributed by Justin Sostre (@saucetray)

    • The built-in st2.action.file_writen trigger has been renamed to st2.action.file_written to fix the typo (bug fix) #4992

    • Renamed reference to the RBAC backend/plugin from enterprise to default. Updated st2api validation to use the new value when checking RBAC configuration. Removed other references to enterprise for RBAC related contents. (improvement)

    • Remove authentication headers St2-Api-Key, X-Auth-Token and Cookie from webhook payloads to prevent them from being stored in the database. (security bug fix) #4983

      Contributed by @potato and @knagy

    • Updated orquesta to version v1.2.0.

    Fixed

    • Fixed a bug where type attribute was missing for netstat action in linux pack. Fixes #4946

      Reported by @scguoi and contributed by Sheshagiri (@sheshagiri)

    • Fixed a bug where persisting Orquesta to the MongoDB database returned an error message: key 'myvar.with.period' must not contain '.'. This happened anytime an input, output, publish or context var contained a key with a . within the name (such as with hostnames and IP addresses). This was a regression introduced by trying to improve performance. Fixing this bug means we are sacrificing performance of serialization/deserialization in favor of correctness for persisting workflows and their state to the MongoDB database. (bug fix) #4932

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    • Fix a bug where passing an empty list to a with items task in a subworkflow causes the parent workflow to be stuck in running status. (bug fix) #4954

    • Fixed a bug in the example nginx HA template declared headers twice (bug fix) #4966 Contributed by @punkrokk

    • Fixed a bug in the paramiko_ssh runner where SSH sockets were not getting cleaned up correctly, specifically when specifying a bastion host / jump box. (bug fix) #4973

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    • Fixed a bytes/string encoding bug in the linux.dig action so it should work on Python 3 (bug fix) #4993

    • Fixed a bug where a python3 sensor using ssl needs to be monkey patched earlier. See also #4832, #4975 and gevent/gevent#1016 (bug fix) #4976

      Contributed by @punkrokk

    • Fixed bug where action information in RuleDB object was not being parsed properly because mongoengine EmbeddedDocument objects were added to JSON_UNFRIENDLY_TYPES and skipped. Removed this and added if to use to_json method so that mongoengine EmbeddedDocument are parsed properly.

      Contributed by Bradley Bishop (@bishopbm1 Encore Technologies)

    • Fix a regression when updated dnspython pip dependency resulted in st2 services unable to connect to mongodb remote host (bug fix) #4997

    • Fixed a regression in the linux.dig action on Python 3. (bug fix) #4993

      Contributed by @blag

    • Fixed a bug in pack installation logging code where unicode strings were not being interpolated properly. (bug fix)

      Contributed by @misterpah

    • Fixed a compatibility issue with the latest version of the logging library API where the find_caller() function introduced some new variables. (bug fix) #4923

      Contributed by @Dahfizz9897

    • Fixed another logging compatibility issue with the logging API in Python 3. The return from the logging.findCaller() implementation now expects a 4-element tuple. Also, in Python 3 there are new arguments that are passed in and needs to be acted upon, specificall stack_info that determines the new 4th element in the returned tuple. (bug fix) #5057

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    Removed

    • Removed Mistral workflow engine (deprecation) #5011

      Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)

    • Removed CentOS 6/RHEL 6 support #4984

      Contributed by Amanda McGuinness (@amanda11 Ammeon Solutions)

    • Removed our fork of codecov-python for CI and have switched back to the upstream version (improvement) #5002

    Source code(tar.gz)
    Source code(zip)
  • v3.2.0(Apr 29, 2020)

    https://stackstorm.com/2020/04/30/stackstorm-v3-2-0-released/

    Added

    • Add support for blacklisting / whitelisting hosts to the HTTP runner by adding new url_hosts_blacklist and url_hosts_whitelist runner attribute. (new feature) stackstorm/st2#4757
    • Add user parameter to re_run method of st2client. stackstorm/st2#4785
    • Install pack dependencies automatically. stackstorm/st2#4769
    • Add support for immutable_parameters on Action Aliases. This feature allows default parameters to be supplied to the action on every execution of the alias. stackstorm/st2#4786
    • Add get_entrypoint() method to ActionResourceManager attribute of st2client. stackstorm/st2#4791
    • Add support for orquesta task retry. (new feature)
    • Add config option scheduler.execution_scheduling_timeout_threshold_min to better control the cleanup of scheduled actions that were orphaned. stackstorm/st2#4886

    Changed

    • Install pack with the latest tag version if it exists when branch is not specialized. (improvement) stackstorm/st2#4743

    • Implement "continue" engine command to orquesta workflow. (improvement) stackstorm/st2#4740

    • Update various internal dependencies to latest stable versions (apscheduler, eventlet, kombu, amqp, pyyaml, mongoengine, python-gnupg, paramiko, tooz, webob, bcrypt).

      Latest version of mongoengine should show some performance improvements (5-20%) when writing very large executions (executions with large results) to the database. stackstorm/st2#4767

    • Improved development instructions in requirements.txt and dist_utils.py comment headers (improvement) stackstorm/st2#4774

    • Add new actionrunner.stream_output_buffer_size config option and default it to -1 (previously default value was 0). This should result in a better performance and smaller CPU utilization for Python runner actions which produce a lot of output. (improvement)

      Reported and contributed by Joshua Meyer (@jdmeyer3) stackstorm/st2#4803

    • Add new action_runner.pip_opts st2.conf config option which allows user to specify a list of command line option which are passed to pip install command when installing pack dependencies into a pack specific virtual environment. stackstorm/st2#4792

    • Refactor how orquesta handles individual item result for with items task. Before the fix, when there are a lot of items and/or result size for each item is huge, there is a negative performance impact on write to the database when recording the conductor state. (improvement)

    • Remove automatic rendering of workflow output when updating task state for orquesta workflows. This caused workflow output to render incorrectly in certain use case. The render_workflow_output function must be called separately. (improvement)

    • Update various internal dependencies to latest stable versions (cryptography, jinja2, requests, apscheduler, eventlet, amqp, kombu, semver, six) stackstorm/st2#4819 (improvement)

    • Improve MongoDB connection timeout related code. Connection and server selection timeout is now set to 3 seconds. Previously a default value of 30 seconds was used which means that for many connection related errors, our code would first wait for this timeout to be reached (30 seconds) before returning error to the end user. stackstorm/st2#4834

    • Upgrade pymongo to the latest stable version (3.10.0.). stackstorm/st2#4835 (improvement)

    • Updated Paramiko to v2.7.1 to support new PEM ECDSA key formats stackstorm/st2#4901 (improvement)

    • Remove .scrutinizer.yml config file. No longer used.

    • Convert escaped dict and dynamic fields in workflow db models to normal dict and dynamic fields. (performnce improvement)

    • Add support for PEP 508 <https://www.python.org/dev/peps/pep-0508/stackstorm/st2#environment-markers>_ environment markers in generated requirements.txt files. (improvement) stackstorm/st2#4895

    • Use pip-compile from pip-tools instead of pip-conflict-checker (improvement) stackstorm/st2#4896

    • Refactor how inbound criteria for join task in orquesta workflow is evaluated to count by task completion instead of task transition. (improvement)

    • The workflow engine orquesta is updated to v1.1.0 for the st2 v3.2 release. The version upgrade contains various new features and bug fixes. Please review the release notes for the full list of changes at https://github.com/StackStorm/orquesta/releases/tag/v1.1.0 and the st2 upgrade notes for potential impact. (improvement)

    Fixed

    • Fix the action query when filtering tags. The old implementation returned actions which have the provided name as action name and not as tag name. (bug fix) stackstorm/st2#4828

      Reported by @AngryDeveloper and contributed by Marcel Weinberg (@winem)

    • Fix the passing of arrays to shell scripts where the arrays where not detected as such by the st2 action_db utility. This caused arrays to be passed as Python lists serialized into a string.

      Reported by @kingsleyadam stackstorm/st2#4804 and contributed by Marcel Weinberg (@winem) stackstorm/st2#4861

    • Fix ssh zombies when using ProxyCommand from ssh config stackstorm/st2#4881 [Eric Edgar]

    • Fix rbac with execution view where the rbac is unable to verify the pack or uid of the execution because it was not returned from the action execution db. This would result in an internal server error when trying to view the results of a single execution. Contributed by Joshua Meyer (@jdmeyer3) stackstorm/st2#4758

    • Fixed logging middleware to output a content_length of 0 instead of Infinity when the type of data being returned is not supported. Previously, when the value was set to Infinity this would result in invalid JSON being output into structured logs. (bug fix) stackstorm/st2#4722

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    • Fix the workflow execution cancelation to proceed even if the workflow execution is not found or completed. (bug fix) stackstorm/st2#4735

    • Added better error handling to contrib/linux/actions/dig.py to inform if dig is not installed. Contributed by JP Bourget (@punkrokk Syncurity) stackstorm/st2#4732

    • Update dist_utils module which is bundled with st2client and other Python packages so it doesn't depend on internal pip API and so it works with latest pip version. (bug fix) stackstorm/st2#4750

    • Fix dependency conflicts in pack CI runs: downgrade requests dependency back to 0.21.0, update internal dependencies and test expectations (amqp, pyyaml, prance, six) (bugfix) stackstorm/st2#4774

    • Fix secrets masking in action parameters section defined inside the rule when using GET /v1/rules and GET /v1/rules/<ref> API endpoint. (bug fix) stackstorm/st2#4788 stackstorm/st2#4807

      Contributed by @Nicodemos305 and @jeansfelix

    • Fix a bug with authentication API endpoint (POST /auth/v1/tokens) returning internal server error when running under gunicorn and whenauth.api_url config option was not set. (bug fix) stackstorm/st2#4809

      Reported by @guzzijones

    • Fixed st2 execution get and st2 run not printing the action.ref for non-workflow actions. (bug fix) stackstorm/st2#4739

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    • Update st2 execution get command to always include context.user, start_timestamp and end_timestamp attributes. (improvement) stackstorm/st2#4739

    • Fixed core.sendmail base64 encoding of longer subject lines (bug fix) stackstorm/st2#4795

      Contributed by @stevemuskiewicz and @guzzijones

    • Update all the various rule criteria comparison operators which also work with strings (equals, icontains, nequals, etc.) to work correctly on Python 3 deployments if one of the operators is of a type bytes and the other is of a type unicode / string. (bug fix) stackstorm/st2#4831

    • Fix SSL connection support for MongoDB and RabbitMQ which wouldn't work under Python 3 and would result in cryptic "maximum recursion depth exceeded while calling a Python object" error on connection failure.

      NOTE: This issue only affected installations using Python 3. (bug fix) stackstorm/st2#4832 stackstorm/st2#4834

      Reported by @alexku7.

    • Fix the amqp connection setup for WorkflowExecutionHandler to pass SSL params. (bug fix) stackstorm/st2#4845

      Contributed by Tatsuma Matsuki (@mtatsuma)

    • Fix dependency conflicts by updating requests (2.23.0) and gitpython (2.1.15). stackstorm/st2#4869

    • Fix orquesta syntax error for with items task where action is misindented or missing. (bug fix) PR StackStorm/orquesta#195.

    • Fix orquesta yaql/jinja vars extraction to ignore methods of base ctx() dict. (bug fix) PR StackStorm/orquesta#196. Fixes stackstorm/st2#4866.

    • Fix parsing of array of dicts in YAQL functions. Fix regression in YAQL/Jinja conversion functions as a result of the change. (bug fix) PR StackStorm/orquesta#191.

      Contributed by Hiroyasu Ohyama (@userlocalhost)

    Removed

    • Removed Ubuntu 14.04 from test matrix stackstorm/st2#4897
    Source code(tar.gz)
    Source code(zip)
  • v3.1.0(Jul 1, 2019)

    Changed

    • Allow the orquesta st2kv function to return default for nonexistent key. (improvement) #4678
    • Update requests library to latest version (2.22.0) in requirements. (improvement) #4680
    • Disallow "decrypt_kv" filter to be specified in the config for values that are marked as "secret: True" in the schema. (improvement) #4709
    • Upgrade tooz library to latest stable version (1.65.0) so it uses latest version of grpcio library. (improvement) #4713
    • Update st2-pack-install and st2-pack-download CLI command so it supports installing packs from local directories which are not git repositories. (improvement) #4713

    Fixed

    • Fix orquesta st2kv to return empty string and null values. (bug fix) #4678
    • Allow tasks defined in the same task transition with fail to run for orquesta. (bug fix)
    • Fix workflow service to handle unexpected coordinator and database errors. (bug fix) #4704 #4705
    • Fix filter to_yaml_string to handle mongoengine base types for dict and list. (bug fix) #4700
    • Fix timeout handling in the Python runner. In some scenarios where action would time out before producing any output (stdout, stder), timeout was not correctly propagated to the user. (bug fix) #4713
    • Update st2common/setup.py file so it correctly declares all the dependencies and script files it provides. This way st2-pack-* commands can be used in a standalone fashion just by installing st2common Python package and nothing else. (bug fix) #4713
    • Fix st2-pack-download command so it works in the environments where sudo binary is not available (e.g. Docker). (bug fix) #4713
    Source code(tar.gz)
    Source code(zip)
  • v3.0.1(May 29, 2019)

    Fixed

    • Fix a bug in the remote command and script runner so it correctly uses SSH port from a SSH config file if ssh_runner.use_ssh_config parameter is set to True and if a custom (non-default) value for SSH port is specified in the configured SSH config file (ssh_runner.ssh_config_file_path). (bug fix) #4660 #4661

    • Update pack install action so it works correctly when python_versions pack.yaml metadata attribute is used in combination with --python3 pack install flag. (bug fix) #4654 #4662

    • Add source_channel back to the context used by Mistral workflows for executions which are triggered via ChatOps (using action alias).

      In StackStorm v3.0.0, this variable was inadvertently removed from the context used by Mistral workflows. (bug fix) #4650 #4656

    • Fix a bug with timestamp attribute in the execution.log attribute being incorrect when server time where st2api is running was not set to UTC. (bug fix) #4668

      Contributed by Igor Cherkaev. (@emptywee)

    • Fix a bug with some packs which use --python3 flag (running Python 3 actions on installation where StackStorm components run under Python 2) which rely on modules from Python 3 standard library which are also available in Python 2 site-packages (e.g. concurrent) not working correctly.

      In such scenario, package / module was incorrectly loaded from Python 2 site-packages instead of Python 3 standard library which broke such packs. (bug fix) #4658 #4674

    • Remove policy-delayed status to avoid bouncing between delayed statuses. (bug fix) #4655

    • Fix a possible shell injection in the linux.service action. User who had access to run this action could cause a shell command injection by passing a compromised value for either the service or action parameter. (bug fix) #4675

      Reported by James Robinson (Netskope and Veracode).

    • Replace sseclient library on which CLI depends on with sseclient-py. sseclient has various issue which cause client to sometimes hang and keep the connection open which also causes st2 execution tail command to sometimes hang for a long time. (improvement)

    • Truncate some database index names so they are less than 65 characters long in total. This way it also works with AWS DocumentDB which doesn't support longer index name at the moment.

      NOTE: AWS DocumentDB is not officially supported. Use at your own risk. (improvement) #4688 #4690

      Reported by Guillaume Truchot (@GuiTeK)

    Source code(tar.gz)
    Source code(zip)
  • v3.0.0(Apr 26, 2019)

    Added

    • Allow access to user-scoped datastore items using {{ st2kv.user.<key name> }} Jinja template notation inside the action parameter default values. (improvement) #4463

      Contributed by Hiroyasu OHYAMA (@userlocalhost).

    • Add support for new python_versions (list of string) attribute to pack metadata file (pack.yaml). With this attribute pack declares which major Python versions it supports and works with (e.g. 2 and 3).

      For backward compatibility reasons, if pack metadata file doesn't contain that attribute, it's assumed it only works with Python 2. (new feature) #4474

    • Update service bootstrap code and make sure all the services register in a service registry once they come online and become available.

      This functionality is only used internally and will only work if configuration backend is correctly configured in st2.conf (new feature) #4548

    • Add new GET /v1/service_registry/groups and GET /v1/service_registry/groups/<group_id>/members API endpoint for listing available service registry groups and members.

      Also add corresponding CLI commands - st2 service-registry group list, st2 service registry member list [--group-id=<group id>]

      NOTE: This API endpoint is behind an RBAC wall and can only be viewed by the admins. (new feature) #4548

    • Add support for ?include_attributes and ?exclude_attributes query param filter to the GET /api/v1/executions/{id} API endpoint. Also update st2 execution get CLI command so it only retrieves attributes which are displayed. (new feature) #4497

      Contributed by Nick Maludy (@nmaludy Encore Technologies)

    • Add new --encrypted flag to st2 key set CLI command that allows users to pass in values which are already encrypted.

      This attribute signals the API that the value is already encrypted and should be used as-is.

      st2 key load CLI command has also been updated so it knows how to work with values which are already encrypted. This means that st2 key list -n 100 -j < data.json ; st2 key load data.json will now also work out of the box for encrypted datastore values (values which have encrypted: True and secret: True attribute will be treated as already encrypted and used as-is).

      The most common use case for this feature is migrating / restoring datastore values from one StackStorm instance to another which uses the same crypto key.

      Contributed by Nick Maludy (Encore Technologies) #4547

    • Add source_channel to Orquesta st2() context for workflows called via ChatOps. #4600

    Changed

    • Changed the inquiries API path from /exp to /api/v1. #4495

    • Refactored workflow state in orquesta workflow engine. Previously, state in the workflow engine is not status to be consistent with st2. Other terminologies used in the engine are also revised to make it easier for developers to understand. (improvement)

    • Update Python runner code so it prioritizes libraries from pack virtual environment over StackStorm system dependencies.

      For example, if pack depends on six==1.11.0 in pack requirements.txt, but StackStorm depends on six==1.10.0, six==1.11.0 will be used when running Python actions from that pack.

      Keep in mind that will not work correctly if pack depends on a library which brakes functionality used by Python action wrapper code.

      Contributed by Hiroyasu OHYAMA (@userlocalhost). #4571

    • Improved the way that the winrm-ps-script runner sends scripts to the target Windows host. Previously the script was read from the local filesystem and serialized as one long command executed on the command line. This failed when the script was longer than either 2047 or 8191 bytes (depending on Windows version) as the Windows command line uses this as its maximum length. To overcome this, the winrm-ps-script runner now uploads the script into a temporary directory on the target host, then executes the script. (improvement) #4514

      Contributed by Nick Maludy (Encore Technologies)

    • Update various internal dependencies to latest stable versions (apscheduler, pyyaml, kombu, mongoengine, pytz, stevedore, python-editor, jinja2). #4637

    • Update logging code so we exclude log messages with log level AUDIT from a default service log file (e.g. st2api.log). Log messages with level AUDIT are already logged in a dedicated service audit log file (e.g. st2api.audit.log) so there is no need for them to also be duplicated and included in regular service log file.

      NOTE: To aid with debugging, audit log messages are also included in a regular log file when log level is set to DEBUG or system.debug config option is set to True.

      Reported by Nick Maludy. (improvement) #4538 #4502 #4621

    • Add missing --user argument to st2 execution list CLI command. (improvement) #4632

      Contributed by Tristan Struthers (@trstruth).

    • Update decrypt_kv Jinja template filter so it to throws a more user-friendly error message when decryption fails because the variable references a datastore value which doesn't exist. (improvement) #4634

    • Updated orquesta to v0.5. (improvement)

    Fixed

    • Refactored orquesta execution graph to fix performance issue for workflows with many references to non-join tasks. st2workflowengine and DB models are refactored accordingly. (improvement) StackStorm/orquesta#122.

    • Fix orquesta workflow stuck in running status when one or more items failed execution for a with items task. (bug fix) #4523

    • Fix orquesta workflow bug where context variables are being overwritten on task join. (bug fix) StackStorm/orquesta#112

    • Fix orquesta with items task performance issue. Workflow runtime increase significantly when a with items task has many items and result in many retries on write conflicts. A distributed lock is acquired before write operations to avoid write conflicts. (bug fix) Stackstorm/orquesta#125

    • Fix a bug with some API endpoints returning 500 internal server error when an exception contained unicode data. (bug fix) #4598

    • Fix the st2 workflow inspect command so it correctly passes authentication token. (bug fix) #4615

    • Fix an issue with new line characters (\n) being converted to \r\n in remote shell command and script actions which use sudo. (bug fix) #4623

    • Update service bootstrap and st2-register-content script code so non-fatal errors are suppressed by default and only logged under DEBUG log level. (bug fix) #3933 #4626 #4630

    • Fix a bug with not being able to decrypt user-scoped datastore values inside Jinja expressions using decrypt_kv Jinja filter. (bug fix) #4634

      Contributed by Hiroyasu OHYAMA (@userlocalhost).

    • Fix a bug with user-scoped datastore values not working inside action-chain workflows. (bug fix) #4634

    • Added missing parameter types to linux.wait_for_ssh action metadata. (bug fix) #4611

    • Fix HTTP runner (http-request) so it works correctly with unicode (non-ascii) body payloads. (bug fix) #4601 #4599

      Reported by Carlos Santana (@kknyxkk) and Rafael Martins (@rsmartins78).

    • Fix st2-self-check so it sets correct permissions on pack directories which it copies over to /opt/stackstorm/packs. (bug fix) #4645

    • Fix POST /v1/actions API endpoint to throw a more user-friendly error when writing data file to disk fails because of incorrect permissions. (bug fix) #4645

    Source code(tar.gz)
    Source code(zip)
  • v2.10.4(Mar 15, 2019)

    Fixed

    • Fix inadvertent regression in notifier service which would cause generic action trigger to only be dispatched for completed states even if custom states were specified using action_sensor.emit_when config option. (bug fix) Reported by Shu Sugimoto (@shusugmt). #4591

    • Make sure we don't log auth token and api key inside st2api log file if those values are provided via query parameter and not header (?x-auth-token=foo, ?st2-api-key=bar). (bug fix) #4592 #4589

    • Fix rendering of {{ config_context. }} in orquesta task that references action from a different pack (bug fix) #4570 #4567

    • Add missing default config location (/etc/st2/st2.conf) to the following services: st2actionrunner, st2scheduler, st2workflowengine. (bug fix) #4596

    • Update statsd metrics driver so any exception thrown by statsd library is treated as non fatal.

      Previously there was an edge case if user used a hostname instead of an IP address for metrics backend server address. In such scenario, if hostname DNS resolution failed, statsd driver would throw the exception which would propagate all the way up and break the application. (bug fix) #4597

      Reported by Chris McKenzie.

    Source code(tar.gz)
    Source code(zip)
  • v2.10.3(Mar 7, 2019)

    Fixed

    • Fix improper CORS where request from an origin not listed in allowed_origins will be responded with null for the Access-Control-Allow-Origin header. The fix returns the first of our allowed origins if the requesting origin is not a supported origin. Reported by Barak Tawily. (bug fix)
    Source code(tar.gz)
    Source code(zip)
  • v2.9.3(Mar 7, 2019)

    Fixed

    • Fix improper CORS where request from an origin not listed in allowed_origins will be responded with null for the Access-Control-Allow-Origin header. The fix returns the first of our allowed origins if the requesting origin is not a supported origin. Reported by Barak Tawily. (bug fix)
    Source code(tar.gz)
    Source code(zip)
  • v2.10.2(Feb 27, 2019)

    Added

    • Add support for various new SSL / TLS related config options (ssl_keyfile, ssl_certfile, ssl_ca_certs, ssl_certfile, authentication_mechanism) to the messaging section in st2.conf config file.

      With those config options, user can configure things such as client based certificate authentication, client side verification of a server certificate against a specific CA bundle, etc.

      NOTE: Those options are only supported when using a default and officially supported AMQP backend with RabbitMQ server. (new feature) #4541

    • Add metrics instrumentation to the st2notifier service. For the available / exposed metrics, please refer to https://docs.stackstorm.com/reference/metrics.html. (improvement) #4536

    Changed

    • Update logging code so we exclude log messages with log level AUDIT from a default service log file (e.g. st2api.log). Log messages with level AUDIT are already logged in a dedicated service audit log file (e.g. st2api.audit.log) so there is no need for them to also be duplicated and included in regular service log file.

      NOTE: To aid with debugging, audit log messages are also included in a regular log file when log level is set to DEBUG or system.debug config option is set to True.

      Reported by Nick Maludy. (improvement) #4538 #4502

    • Update pyyaml dependency to the latest version. This latest version fixes an issue which could result in a code execution vulnerability if code uses yaml.load in an unsafe manner on untrusted input.

      NOTE: StackStorm platform itself is not affected, because we already used yaml.safe_load everywhere.

      Only custom packs which use yaml.load with non trusted user input could potentially be affected. (improvement) #4510 #4552 #4554

    • Update Orquesta to v0.4. #4551

    Fixed

    • Fixed the packs.pack_install / !pack install {{ packs }} action-alias to not have redundant patterns. Previously this prevented it from being executed via st2 action-alias execute 'pack install xxx'. #4511

      Contributed by Nick Maludy (Encore Technologies)

    • Fix datastore value encryption and make sure it also works correctly for unicode (non-ascii) values.

      Reported by @dswebbthg, @nickbaum. (bug fix) #4513 #4527 #4528

    • Fix a bug with action positional parameter serialization used in local and remote script runner not working correctly with non-ascii (unicode) values.

      This would prevent actions such as core.sendmail which utilize positional parameters from working correctly when a unicode value was provided.

      Reported by @johandahlberg (bug fix) #4533

    • Fix core.sendmail action so it specifies charset=UTF-8 in the Content-Type email header. This way it works correctly when an email subject and / or body contains unicode data.

      Reported by @johandahlberg (bug fix) #4533 4534

    • Fix CLI st2 apikey load not being idempotent and API endpoint /api/v1/apikeys not honoring desired ID for the new record creation. #4542

    • Moved the lock from concurrency policies into the scheduler to fix a race condition when there are multiple scheduler instances scheduling execution for action with concurrency policies. #4481 (bug fix)

    • Add retries to scheduler to handle temporary hiccup in DB connection. Refactor scheduler service to return proper exit code when there is a failure. #4539 (bug fix)

    • Update service setup code so we always ignore kombu library heartbeat_tick debug log messages.

      Previously if DEBUG log level was set in service logging config file, but --debug service CLI flag / system.debug = True config option was not used, those messages were still logged which caused a lot of noise which made actual useful log messages hard to find. (improvement) #4557

    Source code(tar.gz)
    Source code(zip)
  • v2.10.1(Dec 20, 2018)

    Fixed

    • Fix an issue with GET /v1/keys API endpoint not correctly handling ?scope=all and ?user=<username> query filter parameter inside the open-source edition. This would allow user A to retrieve datastore values from user B and similar.

      NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is in place which only allows users with an admin role to use ?scope=all and retrieve / view datastore values for arbitrary system users. (security issue bug fix)

    Source code(tar.gz)
    Source code(zip)
  • v2.10.0(Dec 19, 2018)

    Added

    • Added notify runner parameter to Orquesta that allows user to specify which task(s) to get notified on completion.

    • Add support for task delay in Orquesta workflows. #4459 (new feature)

    • Add support for task with items in Orquesta workflows. #4400 (new feature)

    • Add support for workflow output on error in Orquesta workflows. #4436 (new feature)

    • Added -o and -m CLI options to st2-self-check script, to skip Orquesta and/or Mistral tests. #4347

    • Allow user to specify new database.authentication_mechanism config option in /etc/st2/st2.conf.

      By default, SCRAM-SHA-1 is used with MongoDB 3.0 and later and MONGODB-CR (MongoDB Challenge Response protocol) for older servers.

      Contributed by @aduca85 #4373

    • Add new metadata_file attribute to the following models: Action, Action Alias, Rule, Sensor, TriggerType. Value of this attribute points to a metadata file for a specific resource (YAML file which contains actual resource definition). Path is relative to the pack directory (e.g. actions/my_action1.meta.yaml, aliases/my_alias.yaml, sensors/my_sensor.yaml, rules/my_rule.yaml, triggers/my_trigger.yaml etc.).

      Keep in mind that triggers can be registered in two ways - either via sensor definition file in sensors/ directory or via trigger definition file in triggers/ directory. If metadata_file attribute on TriggerTypeDB model points to sensors/ directory it means that trigger is registered via sensor definition. (new feature) #4445

    • Add new st2client.executions.get_children method for returning children execution objects for a specific (parent) execution. (new feature) #4444

      Contributed by Tristan Struthers (@trstruth).

    • Allow user to run a subset of pack tests by utilizing the new -f command line option in the st2-run-pack-tests script.

      For example:

      1. Run all tests in a test file (module):

        st2-run-pack-tests -j -x -p contrib/packs/ -f test_action_download

      2. Run a single test class

        st2-run-pack-tests -j -x -p contrib/packs/ -f test_action_download:DownloadGitRepoActionTestCase

      3. Run a single test class method

        st2-run-pack-tests -j -x -p contrib/packs/ -f test_action_download:DownloadGitRepoActionTestCase.test_run_pack_download

      (new feature) #4464

    Changed

    • Redesigned and rewritten the action execution scheduler. Requested executions are put in a persistent queue for scheduler to process. Architecture is put into place for more complex execution scheduling. Action execution can be delayed on request. (improvement)

    • core.http action now supports additional HTTP methods: OPTIONS, TRACE, PATCH, PURGE.

      Contributed by @emptywee (improvement) #4379

    • Runner loading code has been updated so it utilizes new "runner as Python package" functionality which has been introduced in a previous release. This means that the runner loading is now fully automatic and dynamic.

      All the available / installed runners are automatically loaded and registering on each StackStorm service startup.

      This means that st2ctl reload --register-runners flag is now obsolete because runners are automatically registered on service start up. In addition to that, content.system_runners_base_path and content.runners_base_paths config options are now also deprecated and unused.

      For users who wish to develop and user custom action runners, they simply need to ensure they are packaged as Python packages and available / installed in StackStorm virtual environment (/opt/stackstorm/st2). (improvement) #4217

    • Old runner names which have been deprecated in StackStorm v0.9.0 have been removed (run-local, run-local-script, run-remote, run-remote-script, run-python, http-runner). If you are still using actions which reference runners using old names, you need to update them to keep it working. #4217

    • Update various CLI commands to only retrieve attributes which are displayed in the CLI from the API (st2 execution list, st2 execution get, st2 action list, st2 rule list, st2 sensor list). This speeds up run-time and means now those commands now finish faster.

      If user wants to retrieve and view all the attributes, they can use --attr all CLI command argument (same as before). (improvement) #4396

    • Update various internal dependencies to latest stable versions (greenlet, pymongo, pytz, stevedore, tooz). #4410

    • Improve st2.conf migration for the new services by using prod-friendly logging settings by default #4415

    • Refactor Orquesta workflow to output on error. Depends on PR https://github.com/StackStorm/orquesta/pull/101 and https://github.com/StackStorm/orquesta/pull/102 (improvement)

    • Rename st2client.liveactions to st2client.executions. st2client.liveactions already represented operations on execution objects, but it was incorrectly named.

      For backward compatibility reasons, st2client.liveactions will stay as an alias for st2client.executions and continue to work until it's fully removed in a future release.

    Fixed

    • st2 login CLI commands now exits with non zero exit code when login fails due to invalid credentials. (improvement) #4338

    • Fix st2 key load that errors when importing an empty file #43

    • Fixed warning in st2-run-pack-tests about invalid format for pip list. (bug fix)

      Contributed by Nick Maludy (Encore Technologies). #4380

    • Fix a bug with st2 execution get / st2 run CLI command throwing an exception if the result field contained a double backslash string which looked like an unicode escape sequence. CLI incorrectly tried to parse that string as unicode escape sequence.

      Reported by James E. King III @jeking3 (bug fix) #4407

    • Fix a bug so timersengine config section in st2.conf has precedence over timer section if explicitly specified in the config file.

      Also fix a bug with default config values for timer section being used if user only specified timersengine section in the config. Previously user options were incorrectly ignored in favor of the default values. (bug fix) #4424

    • st2 pack install -j now only spits JSON output. Similarly, st2 pack install -y only spits YAML output. This change would enable the output to be parsed by tools. The behavior of st2 pack install hasn't changed and is human friendly. If you want to get meta information about the pack as JSON (count of actions, sensors etc), you should rely on already existing st2 pack show -j.

      Reported by Nick Maludy (improvement) #4260

    • Fix string operations on unicode data in Orquesta workflows, associated with PR https://github.com/StackStorm/orquesta/pull/98. (bug fix)

    • Fix access to st2 and action context in Orquesta workflows, associated with PR https://github.com/StackStorm/orquesta/pull/104. (bug fix)

    • st2ctl reload --register-aliases and st2ctl reload --register-all now spits a warning when trying to register aliases with no corresponding action registered in the db.

      Reported by nzlosh (improvement) #4372.

    Source code(tar.gz)
    Source code(zip)
  • v2.9.2(Dec 19, 2018)

    Fixed

    • Fix an issue with GET /v1/keys API endpoint not correctly handling ?scope=all and ?user=<username> query filter parameter inside the open-source edition. This would allow user A to retrieve datastore values from user B and similar.

      NOTE: Enterprise edition with RBAC was not affected, because in RBAC version, correct check is in place which only allows users with an admin role to use ?scope=all and retrieve / view datastore values for arbitrary system users. (security issue bug fix)

    Source code(tar.gz)
    Source code(zip)
  • v2.9.1(Oct 15, 2018)

    Changed

    • Speed up pack registration through the /v1/packs/register API endpoint. (improvement) #4342
    • Triggertypes API now sorts by trigger ref by default. st2 trigger list will now show a sorted list. (#4348)
    • Update st2-self-check script to include per-test timing information. (improvement) #4359

    Fixed

    • Update st2sensorcontainer service to throw if user wants to run a sensor from a pack which is using Python 3 virtual environment. We only support running Python runner actions from packs which use mixed Python environments (StackStorm components are running under Python 2 and particular a pack virtual environment is using Python 3). #4354
    • Update st2-pack-install and st2 pack install command so it works with local git repos (file://) which are in a detached head state (e.g. specific revision is checked out). (improvement) #4366
    • Fix a race which occurs when there are multiple concurrent requests to resume a workflow. #4369
    Source code(tar.gz)
    Source code(zip)
  • v2.9.0(Sep 21, 2018)

    Added

    • Add new runners: winrm-cmd, winrm-ps-cmd and winrm-ps-script. The winrm-cmd runner executes Command Prompt commands remotely on Windows hosts using the WinRM protocol. The winrm-ps-cmd and winrm-ps-script runners execute PowerShell commands and scripts on remote Windows hosts using the WinRM protocol.

      To accompany these new runners, there are two new actions core.winrm_cmd that executes remote Command Prompt commands along with core.winrm_ps_cmd that executes remote PowerShell commands. (new feature) #1636

      Contributed by Nick Maludy (Encore Technologies).

    • Add new ?tags, query param filter to the /v1/actions API endpoint. This query parameter allows users to filter out actions based on the tag name . By default, when no filter values are provided, all actions are returned. (new feature) #4219

    • Add a new standalone standalone st2-pack-install CLI command. This command installs a pack (and sets up the pack virtual environment) on the server where it runs. It doesn't register the content. It only depends on the Python, git and pip binary and st2common Python package to be installed on the system where it runs. It doesn't depend on the database (MongoDB) and message bus (RabbitMQ).

      It's primary meant to be used in scenarios where the content (packs) are baked into the base container / VM image which is deployed to the cluster.

      Keep in mind that the content itself still needs to be registered with StackStorm at some later point when access to RabbitMQ and MongoDB is available by running st2ctl reload --register-all. (new feature) #3912 #4256

    • Add new /v1/stream/executions/<id>/output[?output_type=all|stdout|stderr] stream API endpoint.

      This API endpoint returns event source compatible response format.

      For running executions it returns any output produced so far and any new output as it's produced. Once the execution finishes, the connection is automatically closed.

      For completed executions it returns all the output produced by the execution. (new feature)

    • Add new core.inject_trigger action for injecting a trigger instance into the system.

      Keep in mind that the trigger which is to be injected must be registered and exist in the system. (new feature) #4231 #4259

    • Add support for ?include_attributes query param filter to all the content pack resource get all (list) API endpoints (actions, rules, trigger, executions, etc.). With this query parameter user can control which API model attributes (fields) to receive in the response. In situations where user is only interested in a subset of the model attributes, this allows for a significantly reduced response size and for a better performance. (new feature) (improvement) #4300

    • Add new action_sensor.emit_when config option which allows user to specify action status for which actiontrigger is emitted. For backward compatibility reasons it defaults to all the action completed states. (improvement) #4312 #4315

      Contributed by Shu Sugimoto.

    • Improve performance of schedule action execution (POST /v1/executions) API endpoint.

      Performance was improved by reducing the number of duplicated database queries, using atomic partial document updates instead of full document updates and by improving database document serialization and de-serialization performance. (improvement) #4030 #4331

    • Ported existing YAQL and Jinja functions from st2common to Orquesta. (new feature)

    • Add error entry in Orquesta workflow result on action execution failure. (improvement)

    Changed

    • st2 key list command now defaults to --scope=all aka displaying all the datastore values (system and current user scoped) . If you only want to display system scoped values (old behavior) you can do that by passing --scope=system argument to the st2 key list command (st2 key list --scope=system). (improvement) #4221

    • The orquesta conductor implemented event based state machines to manage state transition of workflow execution. Interfaces to set workflow state and update task on action execution completion have changed and calls to those interfaces are changed accordingly. (improvement)

    • Change GET /v1/executions/<id>/output API endpoint so it never blocks and returns data produced so far for running executions. Behavior for completed executions is the same and didn't change - all data produced by the execution is returned in the raw format.

      The streaming (block until execution has finished for running executions) behavior has been moved to the new /stream/v1/executions/<id>/output API endpoint.

      This way we are not mixing non-streaming (short lived) and streaming (long lived) connections inside a single service (st2api). (improvement)

    • Upgrade mongoengine (0.15.3) and pymongo (3.7.1) to the latest stable version. Those changes will allow us to support MongoDB 3.6 in the near future.

      New version of mongoengine should also offer better performance when inserting and updating larger database objects (e.g. executions). (improvement) #4292

    • Trigger parameters and payload schema validation is now enabled by default (system.validate_trigger_parameters and system.validate_trigger_payload config options now default to True).

      This means that trigger parameters are now validated against the parameters_schema defined on the trigger type when creating a rule and trigger payload is validated against payload_schema when dispatching a trigger via the sensor or via the webhooks API endpoint.

      This provides a much safer and user-friendly default value. Previously we didn't validate trigger payload for custom (non-system) triggers when dispatching a trigger via webhook which meant that webhooks API endpoint would silently accept an invalid trigger (e.g. referenced trigger doesn't exist in the database or the payload doesn't validate against the payload_schema), but TriggerInstanceDB object would never be created because creation failed inside the st2rulesengine service. This would make such issues very hard to troubleshoot because only way to find out about this failure would be to inspect the st2rulesengine service logs. (improvement) #4231

    • Improve code metric instrumentation and instrument code and various services with more metrics. Also document various exposed metrics. Documentation can be found at https://docs.stackstorm.com/latest/reference/metrics.html (improvement) #4310

    • Add new metrics.prefix config option. With this option user can specify an optional prefix which is prepended to each metric key (name). This comes handy in scenarios where user wants to submit metrics from multiple environments / deployments (e.g. testing, staging, dev) to the same backend instance. (improvement) #4310

    • Improve st2 execution tail CLI command so it also supports Orquesta workflows and arbitrarily nested workflows. Also fix the command so it doesn't include data from other unrelated running executions. (improvement) #4328

    • Change default NGINX configuration to use HTTP 308 redirect, rather than 301, for plaintext requests. #4335

    • Improve performance of the GET /v1/actions/views/overview API endpoint. (improvement) #4337

    Fixed

    • Fix an issue with AttributeError: module 'enum' has no attribute 'IntFlag' error which would appear when using Python 3 for a particular pack virtual environment and running on RHEL / CentOS. (bug fix) #4297

    • Fix a bug with action runner throwing an exception and failing to run an action if there was an empty pack config inside /opt/stackstorm/configs/. (bug fix) #4325

    • Fix action_sensor.enable config option so it works correctly if user sets this option to a non-default value of True. (bug fix) #4312 #4315

      Contributed by Shu Sugimoto.

    • Update GET /v1/actions/views/entry_point/<action ref> to return correct Content-Type response header based on the entry point type / file extension. Previously it would always incorrectly return application/json. (improvement) #4327

    Deprecated

    • The CloudSlang runner is now deprecated. In StackStorm 3.1 it will be removed from the core StackStorm codebase. The runner code will be moved to a separate repository, and no longer maintained by the core StackStorm team. Users will still be able to install and use this runner, but it will require additional steps to install.
    • The winexe-based Windows runners are now deprecated. They will be removed in StackStorm 3.1. They have been replaced by pywinrm-based Windows runners. See https://docs.stackstorm.com/latest/reference/runners.html#winrm-command-runner-winrm-cmd for more on using these new runners.
    Source code(tar.gz)
    Source code(zip)
  • v2.8.1(Jul 17, 2018)

    Added

    • Update st2 CLI to inspect COLUMNS environment variable first when determining the terminal size. Previously this environment variable was checked second last (after trying to retrieve terminal size using various OS specific methods and before falling back to the default value).

      This approach is more performant and allows user to easily overwrite the default value or value returned by the operating system checks - e.g. by running COLUMNS=200 st2 action list. (improvement) #4242

    Changed

    • Update st2client/setup.py file to dynamically load requirements from st2client/requirements.txt file. The code works with pip >= 6.0.0, although using pip 9.0.0 or higher is strongly recommended. (improvement) #4209

    • Update st2 CLI to use a more sensible default terminal size for table formatting purposes if we are unable to retrieve terminal size using various system-specific approaches.

      Previously we would fall back to a very unfriendly default of 20 columns for a total terminal width. This would cause every table column to wrap and make output impossible / hard to read. (improvement) #4242

    Fixed

    • Fixed a bug where secret: true was not applying to full object and array trees. (bugfix) #4234 Reported by @jjm

      Contributed by Nick Maludy (Encore Technologies).

    • Mark password http-runner parameter as a secret. (bug fix) #4245

      Reported by @daniel-mckenna

    Source code(tar.gz)
    Source code(zip)
  • v2.8.0(Jul 10, 2018)

    Added

    • Orchestra - new StackStorm-native workflow engine. This is currently in beta. (new feature)

    • Added metrics for collecting performance and health information about the various ST2 services and functions. (new feature) #4004 #2974

    • When running a dev (unstable) release include git revision hash in the output when using st2 --version CLI command. (new feature) #4117

    • Update rules engine to also create rule enforcement object when trigger instances fails to match a rule during the rule matching / filtering phase due to an exception in the rule criteria (e.g. invalid Jinja expression, etc.).

    • This change increases visibility into rules which didn't match due to an exception. Previously this was only visible / reflected in the rules engine log file. (improvement) #4134

    • Add new GET /v1/ruleenforcements/views[/] API endpoints which allow user to retrieve RuleEnforcement objects with the corresponding TriggerInstance and Execution objects. (new feature) #4134

    • Add new status field to the RuleEnforcement model. This field can contain the following values - succeeded (trigger instance matched a rule and action execution was triggered successfully), failed (trigger instance matched a rule, but it didn't result in an action execution due to Jinja rendering failure or other exception). (improvement) #4134 #4152

    • Add trigger type reference based filtering to the /v1/triggerinstances API endpoint - e.g. /v1/triggerinstances?trigger_type=core.st2.webhook. (new feature) #4151

    • Add new --python3 flag to st2 pack install CLI command and python3 parameter to packs.{install,setup_virtualenv} actions. When the value of this parameter is True, it uses python3 binary when creating virtual environment for that pack (based on the value of actionrunner.python3_binary config option).

      Note 1: For this feature to work, Python 3 needs to be installed on the system, virtualenv package installed on the system needs to support Python 3 (it needs to be a recent version) and pack in question needs to support Python 3.

      Note 2: This feature is experimental and opt-in. (new feature) #4016 #3922 #4149

    • Add two new Jinja filters - basename (os.path.basename) and dirname (os.path.dirname). #4184

      Contributed by Florian Reisinger (@reisingerf).

    Changed

    • Update st2 CLI to create the configuration directory and file, and authentication tokens with secure permissions (eg: readable only to owner) #4173

    • Refactor the callback module for the post run in runner to be more generic. (improvement)

    • Update various Python dependencies to the latest stable versions (gunicorn, gitpython, python-gnupg, tooz, flex). #4110

    • Update all the service and script entry points to use /etc/st2/st2.conf as a default value for the config file location.

    • This way users don't need to explicitly provide --config-file CLI argument when running various scripts (e.g. st2-track-result, st2-apply-rbac-definitions, etc.) and when they just want to use a default config file. (improvement) #4111

    • Update st2 CLI to print a warning if a non-unicode system locale which would prevent StackStorm to function correctly in some scenarios is used. (improvement) #4127 #4120

    • Upgrade various internal Python library dependencies to the latest stable versions (kombu, amqp, gitpython, pytz, semver, oslo.utils). (improvement) #4162

    • Move from keyczar library to cryptography library for handling symmetric encryption and decryption (secret datastore values).

      Note: This change is fully backward compatible since it just changes the underlying backend and implementation details. The same underlying encryption algorithm is used (AES256 in CBC mode with HMAC signature). (improvement) #4165

    Fixed

    • Fixed a bug where secrets in pack configs weren't being masked.

      Recently we introduced support for nested objects and arrays. Secret parameters within these nested objects and arrays were not being masked. The fix involves us fully traversing deeply nested objects and arrays and masking out any variables marked as secret. This means we now support pack config JSON schemas with type: object and its corresponding parameters: {} stanza, along with type: array and its corresponding items: {} stanza. We still do NOT support JSON schema combinations that includes the anyOf, allOf, oneOf, and not keywords. (bug fix) #4139

      Contributed by Nick Maludy (Encore Technologies).

    • Style clean up to transport queues module and various config modules. (improvement)

    • Fixed CLI help for st2 action-alias match and execute. (#4174).

    • Fix regression in ?include_attributes query param filter in the /v1/executions API endpoint. (bug fix) #4226

    Source code(tar.gz)
    Source code(zip)
  • v2.7.2(May 16, 2018)

    Changed

    • Reduce load on LDAP server and cache user groups response in an in-memory cache when RBAC remote LDAP group to local RBAC role synchronization feature is enabled.

      Previously on authentication the code would hit LDAP server multiple times to retrieve user groups. With this change, user LDAP groups are only retrieved once upon authentication and cached and re-used in-memory by default for 120 seconds.

      This reduces load on LDAP server and improves performance upon regular and concurrent user authentication.

      This functionality can be disabled by setting cache_user_groups_response LDAP authentication backend kwarg to false.

      Note: This change only affects users which utilize RBAC with remote LDAP groups to local RBAC roles synchronization feature enabled. (enterprise) (bug fix) #4103 #4105

    Fixed

    • Fix an issue (race condition) which would result in not all the remote LDAP groups being synchronized with local RBAC roles if a user tried to authenticate with the same auth token concurrently in a short time frame.

      Note: This issue only affects users which utilize RBAC with remote LDAP groups to local RBAC roles synchronization feature enabled. (enterprise) (bug fix) #4103 #4105

    • Fix an issue with some sensors which rely on select.poll() (FileWatch, GithubSensor, etc.) stopped working with StackStorm >= 2.7.0.

      StackStorm v2.7.0 inadvertently introduced a change which broke a small set of sensors which rely on select.poll() functionality. (bug fix) #4118

    • Throw if id CLI argument is not passed to the st2-track-result script. (bug fix) #4115

    • Fixed pack config's not properly rendering Jinja expressions within lists. (bugfix) #4121

      Contributed by Nick Maludy (Encore Technologies).

    • Fixed pack config rendering error throw meaningful message when a Jinja syntax error is encountered. (bugfix) #4123

      Contributed by Nick Maludy (Encore Technologies).

    Source code(tar.gz)
    Source code(zip)
  • v2.7.1(Apr 24, 2018)

    Changed

    • When creating a pack environment during the pack installation, we now pass --no-download flag to the virtualenv binary. This way version of pip, wheel and distutils which is enforced by virtualenv is used instead of downloading the latest stable versions from PyPi.

      This results in more reproducible pack virtual environments and we also ensure pip 9.0 is used ( there are some known issues with pip 10.0).

      If for some reason you want to revert to the old behavior, you can do that by passing no_download=False parameter to the packs.setup_virtualenv action. #4085

    Fixed

    • Fix st2 pack search and POST /api/v1/packs/index/search API endpoint so it doesn't return internal server error when a single pack search term is provided. (bug fix) #4083
    Source code(tar.gz)
    Source code(zip)
  • v2.7.0(Apr 12, 2018)

    Added

    • Update st2 execution tail command so it supports double nested workflows (workflow -> workflow -> execution). Previously, only top-level executions and single nested workflows (workflow -> execution) were supported. (improvement) #3962 #3960

    • Add support for utf-8 / unicode characters in the pack config files. (improvement) #3980 #3989

      Contributed by @sumkire.

    • Added the ability of st2ctl to utilize environment variables from /etc/default/st2ctl (for Ubuntu/Debian) and /etc/sysconfig/st2ctl (RHEL/CentOS). This allows deployments to override COMPONENTS and ST2_CONF in a global location so st2ctl can start/stop/restart selected components and utilize a non-default location for st2.conf. (new feature) #4027

      Contributed by Nick Maludy (Encore Technologies).

    • Add support for new optional content_version runner parameter to the Python and Local Shell Script runner. This parameter can contain a git commit hash / tag / branch from a pack git repository and runner will ensure this revision of the pack content (Python action / local shell script action) is used for a particular action execution.

      Keep in mind that providing this parameter only ensures a particular revision of the pack content is used. Python runner virtual environment and dependencies are outside of this scope.

      Note: To be able to utilize this functionality, git version >= 2.5.0 must be installed on the system. (new feature) #3997

    • Update windows runner to correctly handle and use timeout action execution status. (improvement) #4047

    • Add missing scope, decrypt and encrypt arguments to the datastore management related methods on the SensorService class. (improvement) #3895 #4057 #4058

      Reported by @djh2020, @mxmader.

    Changed

    • Modified RabbitMQ connection error message to make clear that it is an MQ connection issue. #3992

    • Additional refactor which makes action runners fully standalone and re-distributable Python packages. Also add support for multiple runners (runner modules) inside a single Python package and consolidate Python packages from two to one for the following runners: local runners, remote runners, windows runners. (improvement) #3999

    • Upgrade eventlet library to the latest stable version (0.22.1) (improvement) #4007 #3968

    • Increase maximum retry delay for action.retry policy from 5 seconds to 120 seconds. Because of the way retries are currently implemented (they are not st2notifier service restart safe), long retry delays are not recommended. For more information on this limitation please refer to the documentation - https://docs.stackstorm.com/reference/policies.html#retry. #3630 #3637

    • Update Python runner so it throws a more user-friendly exception in case Python script tries to access a key in self.config dictionary which doesn't exist. (improvement) #4014

    • Update various Python dependencies to the latest stable versions (apscheduler, gitpython, pymongo, stevedore, paramiko, tooz, flex, webob, prance).

    • Refactored mistral runner to support callback from mistral instead of relying on st2resultstracker. This reduces the unnecessary traffic and CPU time by querying the mistral API. Included a command to manually add a state entry for Mistral workflow execution to recover from any callback failures. (improvement)

    • Throw a more user-friendly error when writing pack data files to disk and when an invalid file path is provided (e.g. path is outside the pack directory, etc.). (improvement) #4039 #4046

    • Change the output object returned by Windows runners so it matches the format from the local and remote runner.

      Note: This change is backward incompatible - result attribute has been removed (same information is available in stdout attribute), exit_code renamed to return_code and two new attributes added - succeeded and failed.

      For more information, please refer to the upgrade notes. #4044 #4047

    Fixed

    • Fix Python runner actions and Argument list too long error when very large parameters are passed into the action. The fix utilizes stdin to pass parameters to the Python action wrapper process instead of CLI argument list. (bug fix) #1598 #3976

    • Fix a regression in POST /v1/webhooks/<webhook name> API endpoint introduced in v2.4.0 and add back support for arrays. In 2.4.0 support for arrays was inadvertently removed and only objects were supported. Keep in mind that this only applies to custom user-defined webhooks and system st2 webhook still requires input to be an object (dictionary). (bug fix) #3956 #3955

    • Fix a bug in the CLI causing st2 execution pause and st2 execution resume to not work. (bugfix) #4001

      Contributed by Nick Maludy (Encore Technologies).

    • Fixed missing "paused" status option from "st2 execution list" help output. (bugfix) #4037

      Contributed by Ben Hohnke (NTT Communications ICT Solutions)

    • Fix "st2 pack install" command so it doesn't require access to pack index (index.stackstorm.org) when installing a local pack (pack name starting with "file://"). (bug fix) #3771 #3772

    • Fix rules engine so it correctly handles and renders action parameters which contain Jinja expressions and default values. (bug fix) #4050 #4050

      Reported by @rakeshrm.

    • Make sure observer system role also grants pack_search permission. (bug fix) #4063 #4064

      Reported by @SURAJTHEGREAT.

    • Fix st2 webhook get -h which was asking for a name or id as opposed to the URL of the webhook. Also, fix st2 webhook list to explicitly add a webhook column. (bugfix) #4048

    Source code(tar.gz)
    Source code(zip)
  • v2.6.0(Jan 29, 2018)

    https://stackstorm.com/2018/01/25/new-year-new-stackstorm-v2-6-released/

    Added

    • Add new get_user_info method to action and sensor service. With this method, user can retrieve information about the user account which is used to perform datastore operations inside the action and sensor service. (new feature) #3831

    • Add new /api/v1/user API endpoint. This API endpoint is only available to the authenticated users and returns various metadata on the authenticated user (which method did the user use to authenticate, under which username the user is authenticated, which RBAC roles are assignment to this user in case RBAC is enabled, etc.) (new feature) #3831

    • The /api/v1/match_and_execute API endpoint matches a single alias and executes multiple times if the alias format has a match_multiple key set to true. Please refer to the documentation for usage. #3884

      Contributed by @ahubl-mz.

    • Add ability to share common code between python sensors and python actions. You can now place common code inside a lib directory inside a pack (with an __init__.py inside lib directory to declare it a python package). You can then import the common code in sensors and actions. Please refer to documentation for samples and guidelines. #3490

    • Add support for password protected sudo to the local and remote runner. Password can be provided via the new sudo_password runner parameter. (new feature) #3867

    • Add new --tail flag to the st2 run / st2 action execute and st2 execution re-run CLI command. When this flag is provided, new execution will automatically be followed and tailed after it has been scheduled. (new feature) #3867

    • Added flag --auto-dict to st2 run and st2 execution re-run commands. This flag must now be specified in order to automatically convert list items to dicts based on presence of colon (:) in all of the list items (new feature) #3909

    • Allow user to set default log level used by all the Python runner actions by setting actionrunner.pythonrunner```` option inst2.conf`` (new feature) #3929

    • Update st2client package which is also utilized by the CLI so it also works under Python 3.

      Note: Python 2.7 is only officially supported and tested Python version. Using Python 3 is at your own risk - they are likely still many bugs related to Python 3 compatibility. You have been warned. (new feature) #3929 #3932

      Contributed by Anthony Shaw.

    • Add ?limit=-1 support for the API to fetch full result set (CLI equivalent flag --last/-n). Post error message for limit=0 and fix corner case where negative values for limit query param were not handled correctly. #3761 #3708 #3735

    • Only allow RBAC admins to retrieve all the results at once using ?limit=-1 query param, upate the code so api.max_page_size config option only applies to non-admin users, meaning users with admin permission can specify arbitrary value for ?limit query param which can also be larger than api.max_page_size. (improvement) #3939

    • Add new ?include_attributes query param filter to /v1/executions/ API endpoint With this filter user can select which fields to include in the response (whitelist approach, opposite of the existing ?exclude_attributes filter).

      For example, if you only want to retrieve id and status field, the URL would look like this - /v1/executions?include_attributes=id,status. (new feature) #3953 #3858 #3856

    Changed

    • st2actions.runners.pythonrunner.Action class path for base Python runner actions has been deprecated since StackStorm v1.6.0 and will be fully removed in StackStorm v2.7.0. If you have any actions still using this path you are encouraged to update them to use st2common.runners.base_action.Action path. #3803
    • Refactor st2common Python package so it's fully self sustaining and can be used in a standalone manner. (improvement) #3803
    • Refactor Python action runner so it only depends on st2common Python package (previously it also depended on st2actions) and can be used in a standalone mode. Previously pack config and and some other parameters were retrieved inside the Python process wrapper, but now they are retrieved inside the runner container and passed to the runner. This also makes it easier to add support for pack configs to other runners in the future. (improvement) #3803
    • Update various Python dependencies to the latest stable versions (kombu, amqp, apscheduler, gitpython, pymongo, stevedore, paramiko, prompt-toolkit, flex). #3830
    • Mask values in an Inquiry response displayed to the user that were marked as "secret" in the inquiry's response schema. #3825
    • Real-time action output streaming is now enabled by default. For more information on this feature, please refer to the documentation - https://docs.stackstorm.com/latest/reference/action_output_streaming.html. You can disable this functionality by setting actionrunner.stream_output config option in st2.conf to False and restart the services (sudo st2ctl restart).

    Fixed

    • Fully fix performance regressions for short Python runner actions introduced in the past and partially fixed in #3809. (bug fix) #3803

    • Fix 'NameError: name 'cmd' is not defined' error when using linux.service with CentOS systems. #3843. Contributed by @shkadov

    • Fix bugs with newlines in execution formatter (client) (bug fix) #3872

    • Fixed st2ctl status to use better match when checking running process status. #3920

    • Removed invalid st2ctl option to re-open Mistral log files. #3920

    • Update garbage collection service and st2-purge-executions CLI tool and make deletion more efficient. Previously we incorrectly loaded all the execution fields in memory, but there was no need for that and now we only retrieve and load id which is the only field we need. #3936

      Reported by @kevin-vh.

    Source code(tar.gz)
    Source code(zip)
  • v2.5.1(Dec 15, 2017)

    https://stackstorm.com/2017/12/19/early-christmas-stackstorm-patch-release-2-5-1/

    Added

    • Add new log_level runner parameter to Python runner. With this parameter, user can control which log messages generated by Python runner actions are output to action stderr. For backward compatibility reasons it defaults to debug. This functionality comes handy in situations when an action depends on an external library which logs a lot of information under debug, but you only want to see messages with log level error or higher (or similar). (new feature) #3824

    • Add stevedore related metadata to Python package setup.py files for runner packages. This way runners can be installed using pip and dynamically enumerated and loaded using stevedore and corresponding helper functions.

      All runners are now also fully fledged Python packages (previously they were single module Python packages which caused various install and distribution related issues when installing them via pip) (new feature)

    • Add new search rule criteria comparison operator. Please refer to the documentation for usage. (new feature) #3833

      Contributed by @ahubl-mz.

    • Added flag --auto-dict to st2 run and st2 execution re-run commands. This flag must now be specified in order to automatically convert list items to dicts based on presence of colon (:) in all of the list items (new feature) #3909

    Changed

    • Update the output of st2 execution {run,get} CLI command to colorize the value of the status attribute (green for succeeded, red for failed, etc. aka the same as for the output of st2 execution list command). (improvement) #3810

      Contributed by Nick Maludy (Encore Technologies).

    • Update log messages in the datastore service to correctly use DEBUG log level instead of AUDIT. #3845

    Fixed

    • Fix log messages generated by Python runner actions to include the correct action class name. Previously they always incorrectly used "ABCMeta" instead of the actual action class name. (bug fix) #3824
    • Fix st2 execution tail [last] CLI command so it doesn't throw an exception if there are no executions in the database. (bug fix) #3760 #3802
    • Fix a bug with datastore service used inside the Python runner actions not correctly scoping the auth token to the user who triggered the action. Token was incorrectly scoped to api_service user without any permissions. (bug fix) #3823 #3535
    • Fix edge case for workflows stuck in running state. When Mistral receives a connection error from the st2 API on requesting action execution, there's a duplicate action execution stuck in requested state. This leads to the st2resultstracker assuming the workflow is still running.
    • Fix a regression and a bug with no API validation being performed and API returning 500 instead of 400 status code if user didn't include any request payload (body) when hitting POST and PUT API endpoints where body is mandatory. (bug fix) #3864
    • Fix a bug in Python runner which would cause action log messages to be duplicated in action stderr output when utilizing action service / datastore service inside actions. (bug fix) #3893
    Source code(tar.gz)
    Source code(zip)
  • v2.5.0(Oct 27, 2017)

    https://stackstorm.com/2017/10/26/stackstorm-2-5-hit-streets/

    Added

    • Add new feature which allows runner action output (stdout and stderr) to be streamed and consumed in real-time by using one of the following approaches:

      • /v1/executions/<execution id>/output[?type=stdout/stderr] API endpoint.
      • /v1/stream/ stream endpoint and listening for st2.execution.stdout__create and st2.execution.output__create /v1/stream stream API endpoint events.
      • st2 execution tail <execution id> [--type=stdout/stderr] CLI command (underneath it uses stream API endpoint).

      Right now this functionality is available for the following runners:

      • local command runner
      • local script runner
      • remote command runner
      • remote script runner
      • python runner

      Note: This feature is still experimental and it's disabled by default (opt-in). To enable it, set actionrunner.stream_output config option to True.

      (new feature) #2175 #3657 #3729

    • Update st2 role-assignment list RBAC CLI command to include information about where a particular assignment comes from (from which local assignment or mapping file). (improvement) #3763

    • Add support for overlapping RBAC role assignments for assignments via remote LDAP group to StackStorm role mappings. This means that the same role can now be granted via multiple RBAC mapping files. #3763

    • Add new Jinja filters from_json_string, from_yaml_string, and jsonpath_query. #3763

    • Add new "Inquiry" capability, which adds ability to "ask a question", usually in a workflow. Create a new runner type: "inquirer" to support this, as well as new API endpoints and client commands for interacting with Inquiries

      Contributed by mierdin. #3653

    • Added two new rule operators, inside and ninside which allow for the reverse intent of the contains and ncontains operators. #3781

      Contributed by @lampwins.

    • Allow user to use more expressive regular expressions inside action alias format string by allowing them to specify start (^) and end ($) anchors. Previously, those anchors were automatically added at the beginning and end of the alias format string. Now they are only added if a format string doesn't already contain them. #3789

      Contributed by @ahubl-mz.

    • Add new POST /v1/aliasexecution/match_and_execute API endpoint which allows user to schedule an execution based on a command string if a matching alias is found in the database.

      This API endpoint is meant to be used with chat bot plugins. It allows them to be simple thin wrappers around this API endpoint which send each chat line to this API endpoint and handle the response. #3773

    • Add several improvements to the installation scripts: They support using proxy servers. ~stanley no longer has to be /home/stanley. In addition to the on-screen display, the output from the installation script is now logged to a file beginning with st2-install under /var/log/st2/. Furthermore, the script handles re-runs better, although it's not fully idempotent yet. More improvements are expected in the near future. st2-packages: #505, #506, #507, #508, #509, #510, #512, #517.

    Fixed

    • Fix a bug where sensor watch queues were not deleted after sensor container process was shut down. This resulted in spurious queues left behind. This should not have caused performance impact but just messes with rabbitmqadmin output and maybe tedious for operators. (bug fix) #3628

      Reported by Igor.

    • Make sure all the temporary RabbitMQ queues used by the stream service are deleted once the connection to RabbitMQ is closed. Those queues are temporary and unique in nature and new ones are created on each service start-up so we need to make sure to correctly clean up old queues. #3746

    • Fix cancellation of subworkflow and subchain. Cancel of Mistral workflow or Action Chain is cascaded down to subworkflows appropriately. Cancel from tasks in the workflow or chain is cascaded up to the parent. (bug fix)

    • Fix delays in st2resultstracker on querying workflow status from Mistral. Make sleep time for empty queue and no workers configurable. Reduce the default sleep times to 5 seconds. StackStorm instances that handle more workflows should consider increasing the query interval for better CPU utilization.

    • Fix missing type for the parameters with enum in the core st2 packs.(bug fix) #3737

      Reported by Nick Maludy.

    • Add missing -h / --help CLI flag to the following execution CLI commands: cancel, pause, resume. (bug fix) #3750

    • Fix execution cancel and pause CLI commands and make id a required argument. (bug fix) #3750

    • Fix st2 role-assignment list CLI command and allow --user, --remote and --role arguments to be used together. Previously they were mutually exclusive so it wasn't possible to use them together. (bug fix) #3763

    • Update default event name whitelist for /v1/stream API endpoint and make sure st2.announcement__errbot and other event names starting with st2.announcement__* prefix are not filtered out. #3769 (bug fix)

      Reported by Carlos.

    • Fix action-alias execute response to show execution id and matching action-alias #3231 (bug fix) Reported by Carlos.

    • Fix st2 apikey load command to update an existing entry if items in input file contain id attribute and item already exists on the server. This way the behavior is consistent with st2 key load command and the command is idempotent if each item contains id attribute. #3748 #3786

      Reported by Christopher Baklid.

    • Don't log MongoDB database password if user specifies URI for database.db_host config parameter and that URI also includes a password. Default and a common scenario is specifying password as a separate database.password config parameter. #3797

      Reported by Igor Cherkaev.

    • Fix POST /v1/actionalias/match API endpoint to correctly return a dictionary instead of an array. We had a correct OpenAPI definition for the response, but the code incorrectly returned an array instead of a dictionary.

      Note: This is a breaking change so if your code utilizes this API endpoint you need to update to treat response as a dictionary and not as an array with a single item. #377

    • Partially fix performance overhead and regression for short and simple Python runner actions. Full / complete fix will be included in v2.6.0. #3809

    Changed

    • Minor language and style tidy up of help strings and error messages #3782
    Source code(tar.gz)
    Source code(zip)
  • v2.4.1(Sep 13, 2017)

    https://stackstorm.com/2017/09/18/quick-one-st2-2-4-1-released/

    Fixed

    • Fix a bug with /v1/packs/install and /v1/packs/uninstall API endpoints incorrectly using system user for scheduled pack install and pack uninstall executions instead of the user which performed the API operation.(bug fix) #3693 #3696

      Reported by theuiz.

    • Fix mistral callback failure when result contains unicode. (bug fix)

    • Fix cancellation of delayed action execution for tasks in workflow. (bug fix)

    • Fix timeout of mistral shutdown in systemd service. The fix is done upstream. https://review.openstack.org/#/c/499853/ (bug fix)

    Source code(tar.gz)
    Source code(zip)
  • v2.4.0(Aug 24, 2017)

    https://stackstorm.com/2017/08/24/whats-stackstorm-2-4-already/

    Added

    • Add sample passive sensor at contrib/examples/sensors/echo_flask_app. (improvement) #3667

    • Add pack config into action context. This is made available under the config_context key. #3183

    • Add limit/"-n" flag and pagination note(stderr) in the CLI for st2 key list. Default limit is 50. #3641

    • Implement pause and resume for Mistral workflow and Action Chain. Pause and resume will cascade down to subworkflows and/or subchains. Pause from a subworkflow or subchain will cascade up to the parent workflow. (new feature)

    • Add pack index endpoint. It will made a request for every index defined in st2.conf and return the combined list of available packs.

    • Added a new field timestamp_f to the GELF logging formatter that represents the time of the logging even in fractional time (resolution is dependent on your system). This allows adjacent logging events to be distinguished more accurately by the time they occurred. Contributed by Nick Maludy (Encore Technologies) #3362

    • Require new STREAM_VIEW RBAC permission type to be able to view /v1/stream stream API endpoint. (improvement) #3676

    • Add new ?events, ?action_refs and ?execution_ids query params to /v1/stream/ API endpoint. Those query parameters allow user to filter out which events to receive based on the event type, action ref and execution id. By default, when no filters are provided, all events are returned. (new feature) #3677

    • Show count of pack content (actions, sensors, triggers, rules and aliases) to be registered before the st2 pack install so that the delay in install is not mistaken as no response or hanging command. (improvement) #3586 #3675

    • Allow user to specify value for "array of objects" parameter type using a simple notation when using st2 run CLI command. (improvement) #3646 #3670

      Contributed by Hiroyasu OHYAMA.

    Changed

    • Rename ST2 action runner cancel queue from st2.actionrunner.canel to st2.actionrunner.cancel. (improvement) #3247
    • Install scripts and documentation has been updated to install MongoDB 3.4 by default (previously 3.2 was installed by default). If you want to upgrade an existing installation, please follow official instructions at https://docs.mongodb.com/v3.4/release-notes/3.4-upgrade-standalone/. (improvement)

    Removed

    • The feature to use local config.yaml in packs is removed.

    Fixed

    • Fix retrying in message bus exchange registration. (bug fix) #3635 #3638

      Reported by John Arnold.

    • Fix message bus related race condition which could, under some rare scenarios, cause first published message to be ignored because there were no consumers for that particular queue yet. This could happen in a scenario when API service came online and served a request before action runner service came online.

      This also fixes an issue with Redis kombu backend not working. (bug fix) #3635 #3639 #3648

    • Fix logrotate configuration to delete stale compressed st2actionrunner logs #3647

    • Fix trace list API endpoint sorting by start_timestamp, using ?sort_desc=True|False query parameters and by passing --sort=asc|desc parameter to the st2 trace list CLI command. Descending order by default.(bug fix) #3237 #3665

    • Fix pack index health endpoint. It now points to the right controller. #3672

    • Fix 'pack register content' failures appearing on some slower systems by lifting action timeout #3685

    Source code(tar.gz)
    Source code(zip)
  • v2.3.2(Jul 28, 2017)

    https://stackstorm.com/2017/07/28/stackstorm-2-3-2-summer-bugfixes-continues/

    Added

    • Add regex_substring Jinja filter for searching for a pattern in a provided string and returning the result. (improvement)

      Contributed by mierdin. #3482

    • Add test coverage and test timing capabilities to st2-run-pack-tests. The -c option enables test coverage and the -t option enables test timings. These capabilities have also been enabled in the ci pipeline for packs in the exchange.

      Contributed by Nick Maludy. #3508

    • Update st2 CLI so it also displays "there are more results" note when -n flag is used and there are more items available. (improvement) #3552

    • Add ability to explicitly set stream_url in st2client. (improvement) #3432

    • Add support for handling arrays of dictionaries to st2 config CLI command. (improvement) #3594

      Contributed by Hiroyasu OHYAMA.

    Fixed

    • Fix st2client to display unicode characters in pack content description. (bug-fix)

    • Don't automatically append .git suffix to repo URIs passed to packs.download action. This fixes a bug and now action also works with repo urls which don't contain .git suffix. (bug fix)

      Contributed by carbineneutral. #3534 #3544

    • st2 pack commands now work when StackStorm servers are behind a HTTP/HTTPS proxy. You can set http_proxy or https_proxy environment variables for st2api and st2actionrunner processes and pack commands will work with proxy. Refer to documentation for details on proxy configuration. (bug-fix) #3137

    • Fix API validation regression so all input data sent to some POST and PUT API endpoints is correctly validated. (bug fix) #3580

    • Fix an API bug and allow users to create rules which reference actions which don't yet exist in the system when RBAC is enabled and user doesn't have system admin permission. (bug fix) #3572 #3573

      Reported by sibirajal.

    • Add a check to make sure action exists in the POST of the action execution API. (bug fix)

    • Fix api key generation, to use system user, when auth is disabled. (bug fix) #3578 #3593

    • Fix invocation of Mistral workflow from Action Chain with jinja in params. (bug fix) #3440

    • Fix st2client API bug, a backward incompatible change in query() method, introduced in note implementation (#3514) in 2.3.1. The query() method is now backward compatible (pre 2.3) and query_with_count() method is used for results pagination and note. #3616

    Source code(tar.gz)
    Source code(zip)
  • v2.3.1(Jul 6, 2017)

    https://stackstorm.com/2017/07/06/stackstorm-2-3-1-bug-smashing/

    Added

    • Add support for passphrase parameter to remote-shell-script runner and as such, support for password protected SSH key files. (improvement)

      Reported by Sibiraja L, Nick Maludy.

    • Add json_escape Jinja filter for escaping JSON strings. (improvement)

      Contributed by mierdin. #3480

    • Print a note to stderr if there are more entries / results on the server side which are displayed to the user for the following list CLI commands: rule, execution, rule-enforcment, trace and trigger-instance. Default limit is 50. (improvement)

      Reported by Eugen C. #3488

    Changed

    • Update st2 run / st2 execution run command to display result of workflow actions when they finish. In the workflow case, result of the last task (action) of the workflow is used. (improvement) #3481

    • Update Python runner so it mimics behavior from StackStorm pre 1.6 and returns action result as is (serialized as string) in case we are unable to serialize action result because it contains non-simple types (e.g. class instances) which can't be serialized.

      In v1.6 we introduced a change when in such instances, we simply returned None as result and didn't log anything which was confusing. (improvement) #3489

      Reported by Anthony Shaw.

    • Add missing pagination support to /v1/apikeys API endpoint. (improvement) #3486

    • Update action-chain runner so a default value for display_published runner parameter is True. This way it's consistent with Mistral runner behavior and intermediate variables published inside action-chain workflow are stored and displayed by default. #3518 #3519

      Reported by Jacob Floyd.

    • Reduce API service (st2api) log clutter and log whole API response (API controller method return value / response body) under DEBUG log level instead of INFO. (improvement) #3539

      Reported by Sibiraja L.

    • Enforce validation on position parameter for action parameters. If position values are not sequential or not unique, action registration will now fail. (bug-fix) (improvement) #3317 #3474

    Fixed

    • Fix ?name query param filter in /v1/actionalias API endpoint. (bug fix) #3503

    • Notifier now consumes ActionExecution queue as opposed to LiveAction queue. With this change, the Jinja templates used in notify messages that refer to keys in ActionExecution resolve reliably. Previously, there was a race condition in which a LiveAction would have been updated but ActionExecution was not and therefore, the jinja templates weren't reliably resolved. (bug-fix) #3487 #3496

      Reported by Chris Katzmann, Nick Maludy.

    • Deprecate results_tracker config group and move configuration variables to resultstracker group instead. If you have results_tracker config group in the config, it is recommended to switch to resultstracker instead. (bug-fix) #3500

    • Update config loader so it correctly handles config schema default values which are falsey (False, None, 0, etc.) (bug-fix) #3504 #3531

      Reported by Simas Čepaitis.

    • Fix st2ctl register failure to register rules in some race conditions. st2-register-content will now register internal trigger types by default. (bug-fix) #3542

    • Correctly use service token TTL when generating temporary token for datastore service. This fixes a bug and allows user to set TTL value for non service tokens to less than 24 hours. (bug fix) #3523 #3524

      Reported by theuiz.

    Source code(tar.gz)
    Source code(zip)
  • v2.3.0(Jun 19, 2017)

    https://stackstorm.com/2017/06/19/stackstorm-2-3-something-everyone/

    • Refactor the action execution asynchronous callback functionality into the runner plugin architecture. (improvement)
    • Introduce new CAPABILITIES constant on auth backend classes. With this constant, auth backends can advertise functionality they support (e.g. authenticate a user, retrieve information about a particular user, retrieve a list of groups a particular user is a member of). (new feature)
    • Linux file watch sensor is now disabled by default. To enable it, set enabled: true in /opt/stackstorm/packs/linux/sensors/file_watch_sensor.yaml
    • Add support for automatic RBAC role assignment based on the remote auth backend groups user is a member of (e.g. LDAP groups) and mappings defined in /opt/stackstorm/rbac/mappings directory. Note: This functionality is currently implemented for enterprise LDAP auth backend and only available in enterprise edition. (new feature)
    • Update the code so user can specify arbitrary default TTL for access tokens in st2.conf and all the StackStorm services which rely on access tokens still work. Previously, the lowest TTL user could specify for all the services to still work was 24 hours. This has been fixed and the default TTL specified in the config now only affects user access tokens and services use special service access tokens with no max TTL limit. (bug fix) Reported by Jiang Wei. #3314 #3315
    • Allow user to specify a custom list of attribute names which are masked in the log messages by setting log.mask_secrets_blacklist config option. (improvement)
    • Update /executions/views/filters API endpoint so it excludes null / None from filter values for fields where null is not a valid field value. (improvement) Contributed by Cody A. Ray. #3193
    • Make sure all the role assignments for a particular user are correctly deleted from the database after deleting an assignment file from /opt/stackstorm/rbac/assignments directory and running st2-apply-rbac-definitions tool. (bug fix)
    • Add webhook payload to the Jinja render context when rendering Jinja variable inside rule criteria section.
    • Implement RBAC for traces API endpoints. (improvement)
    • Implement RBAC for API_KEY_CREATE permission type. (improvement)
    • Implement RBAC for timers API endpoints. (improvement)
    • Implement RBAC for webhooks get all and get one API endpoint. (improvement)
    • Implement RBAC for policy types and policies get all and get one API endpoint. (improvement)
    • Require ACTION_VIEW permission type to be able to access entry_point and parameters actions view controller. (improvement)
    • Update /v1/rbac/permission_types and /v1/rbac/permission_types/<resource type> API endpoint to return a dictionary which also includes a description for each available permission type. (improvement)
    • Require EXECUTION_VIEWS_FILTERS_LIST RBAC permission type to be able to access /executions/views/filters API endpoint. (improvement)
    • Add webhook payload to the Jinja render context when rendering Jinja variable inside rule criteria section
    • Switch file_watch_sensor in Linux pack to use trigger type with parameters. Now you can add a rule with file_path and sensor will pick up the file_path from the rule. A sample rule is provided in contrib/examples/rules/sample_rule_file_watch.yaml. (improvement)
    • Cancel actions that are Mistral workflow when the parent workflow is cancelled. (improvement)
    • Update st2rulesengine to exit non-0 on failure (bug fix) #3394 [Andrew Regan]
    • Upgrade various internal Python library dependencies to the latest stable versions (pyyaml, requests, appscheduler, gitpython, paramiko, mongoengine, tooz).
    • Fix a bug where trigger parameters and payloads were being validated regardless of the relevant settings in the configuration (system.validate_trigger_payload, system.validate_trigger_parameters). (bug fix)
    • Fix system=True filter in the /v1/rbac/roles API endpoint so it works correctly. (bug fix)
    • Add new /v1/rbac/role_assignments API endpoint for retrieving user role assignment information. (new feature)
    • Add CLI commands for listing RBAC roles:
      • st2 role list [--system]
      • st2 role get <role id or name>
    • Add CLI commands for listing RBAC user role assignments:
      • st2 role-assignment list [--role=<role name>] [--user=<username>]
      • st2 role-assignment get <role assignment id>
    • Update /v1/rbac/roles API endpoint so it includes corresponding permission grant objects. Previously it only included permission grant ids. (improvement)
    • Fix a bug where keyvalue objects weren't properly cast to numeric types. (bug fix)
    • When action worker is being shutdown and action executions are being abandoned, invoke post run on the action executions to ensure operations such as callback is performed. (bug fix)
    • Fix action chain runner workflows so variables (vars) and parameter values support non-ascii (unicode) characters. (bug fix)
    • When RBAC is enabled and action is scheduled (ran) through the API, include rbac dictionary with user and roles action_context attribute. (improvement)
    • Fix a bug in query base module when outstanding queries to mistral or other workflow engines could cause a tight loop without cooperative yield leading to 100% CPU usage by st2resultstracker process. (bug-fix)
    • Make the query interval to third party workflow systems (including mistral) a configurable value. You can now set query_interval in [results_tracker] section in /etc/st2/st2.conf. With this, the default query interval is set to 20s as opposed to 0.1s which was rather aggressive and could cause CPU churn when there is a large number of outstanding workflows. (improvement)
    • Ignore unicode related encoding errors which could occur in some circumstances when packs.setup_virtualenv fails due to a missing dependency or similar. (improvement, bug fix) #3337 [Sean Reifschneider]
    • Update st2-apply-rbac-definitions so it also removes assignments for users which don't exist in the database. (improvement, bug fix)
    • Add the following new actions to chatops pack:
      • chatops.match
      • chatops.match_and_execute
      • chatops.run #3425 [Anthony Shaw]
    • Add new examples.forloop_chain action-chain workflow to the examples pack which demonstrates how to iterate over multiple pages inside a workflow. #3328 [Carles Figuerola]
    • Fix a bug where action runner throws KeyError on abandoning action executions during process shutdown. (bug fix)
    • Fix URL parsing bug where percent encoded URLs aren't decoded properly (bug fix)
    • Add new core.uuid action for generating type 1 and type 4 UUIDs. [John Anderson] #3414
    • Drop support for invalid semver versions strings (e.g. 2.0) in pack.yaml pack metadata. Only full semver version strings are supported, e.g. 2.1.1. This was originally deprecated in v2.1.0.
    • Let st2 pack install register all available content in pack by default to be consistent with st2 pack register. (improvement) #3452
    • The API endpoint for searching or showing packs has been updated to return an empty list instead of None when the pack was not found in the index. (bug fix)
    • The dest_server parameter has been removed from the linux.scp action. Going forward simply specify the server as part of the source and / or destination arguments. (improvement) #3335 #3463 [Nick Maludy]
    • Add missing database indexes which should speed up various queries on production deployments with large datasets. (improvement)
    • Use a default value for a config item from config schema even if that config item is not required (required: false). (improvement) Reported by Nick Maludy #3468 #3469
    • Removing empty config.yaml for packs pack so warning isn't thrown by default now that deprecation warning is in place. (improvement)
    Source code(tar.gz)
    Source code(zip)
  • v2.2.1(Apr 4, 2017)

    https://stackstorm.com/2017/04/05/bugs-fixes-security-updates-st2-2-2-1/

    • Fix st2ctl reload command so it preserves exit code from st2-register-content script and correctly fails on failure by default.

    • Removed support for medium-strength ciphers from default nginx configuration (#3244)

    • Fix base action alias test class (BaseActionAliasTestCase) so it also works if the local pack directory name doesn't match the pack name (this might be the case with new pack management during development where local git repository directory name doesn't match pack name) (bug fix)

    • Fix a bug with default values from pack config schema not being passed via config to Python runner actions and sensors if pack didn't contain a config file in /opt/stackstorm/configs directory. (bug fix)

      Reported by Jon Middleton.

    • Make various improvements and changes to st2-run-pack-tests script so it works out of the box on servers where StackStorm has been installed using packages. (improvement)

    • Removed support for medium-strength ciphers from default nginx configuration (#3244)

    • Allow user to specify which branch of st2tests repository to use by passing -b option to st2-self-check script. (improvement)

    • Fix a bug with authentication middleware not working correctly when supplying credentials in an Authorization header using basic auth format when password contained a colon (:).

      Note: Usernames with colon are still not supported. (bug fix)

      Contributed by Carlos.

    • Update st2-run-pack-tests script so it doesn't try to install global pack test dependencies (mock, unittest2, nose) when running in an environment where those dependencies are already available.

    • Make sure remote command and script runner correctly close SSH connections after the action execution has completed. (bug fix)

      Reported by Nagy Krisztián.

    • Fix a bug with pack configs API endpoint (PUT /v1/configs/) not working when RBAC was enabled. (bug fix)

      Reported by efenian.

    • Fix concurrency related unit tests to support upgrade of the tooz library. (bug fix)

    • Update tooz library to the latest version (v1.15.0). Using the latest version means StackStorm now also supports using consul, etcd and other new backends supported by tooz for coordination. (improvement)

    • Various security related improvements in the enterprise LDAP auth backend. (improvement, bug fix)

    • Fix a bug with config schema validation not being performed upon registration which could cause bad or empty config schema to end up in the system. (bug fix)

    Source code(tar.gz)
    Source code(zip)
Owner
StackStorm
Event-driven automation. Used by Netflix & many more....
StackStorm
The free Zapier/IFTTT alternative for developers to automate your workflows based on Github actions

Actionsflow If you like Actionsflow, please vote for us on Product Hunt The free IFTTT/Zapier alternative for developers to automate their workflows b

Actionsflow 1.9k Jun 7, 2021
µTask is an automation engine that models and executes business processes declared in yaml. ✏️📋

µTask, the Lightweight Automation Engine µTask is an automation engine built for the cloud. It is: simple to operate: only a postgres DB is required s

OVHcloud 435 Jun 6, 2021
Free and open fair-code licensed node based Workflow Automation Tool. Easily automate tasks across different services.

n8n - Workflow Automation Tool n8n is an extendable workflow automation tool. With a fair-code distribution model, n8n will always have visible source

n8n - Workflow Automation 14.2k Jun 7, 2021
Build pipelines for automation, deployment, testing...

Pipelines Pipelines is a simple tool with a web UI to manage running tasks. It supports running tasks manually through a Web UI or automatically via w

Wiredcraft 106 Jun 3, 2021
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform

PatrOwl PatrOwl is a scalable, free and open-source solution for orchestrating Security Operations. PatrowlManager is the Front-end application for ma

Patrowl 393 Jun 3, 2021
A cron monitoring tool written in Python & Django

Healthchecks Healthchecks is a cron job monitoring service. It listens for HTTP requests and email messages ("pings") from your cron jobs and schedule

Healthchecks 3.8k Jun 6, 2021
The bip.io API Server

NOTICE: This repository has been DEPRECATED. Do not use. Welcome to the bip.io API Server (Snow 0.4) bip.io is Billion Instructions Per I/O - For Peop

bip.io - For People and Robots 874 May 5, 2021
Create agents that monitor and act on your behalf. Your agents are standing by!

What is Huginn? Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take

Huginn 31.6k Jun 6, 2021
A flexible event/agent & automation system with lots of bees 🐝

Beehive Beehive is an event and agent system, which allows you to create your own agents that perform automated tasks triggered by events and filters.

Christian Muehlhaeuser 5.1k Jun 7, 2021
Adaptable, fast automation for all

Gradle is a build tool with a focus on build automation and support for multi-language development. If you are building, testing, publishing, and depl

Gradle 11.9k Jun 5, 2021
Software for home automation

Jeedom - La domotique innovante | Innovative Home Automation Site - Blog - Community - Market - Doc Introduction Jeedom est un logiciel Open-Source gr

Jeedom 342 Jun 4, 2021
Home Assistant is an open-source home automation platform running on Python 3

Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control.

Home Assistant 43.4k Jun 4, 2021
A tool for automating the installation of the Microsoft Windows operating system on various device platforms.

Glazier Support Python Tests Go Tests Contributing Open Issues License Gla·zier /ˈɡlāZHər/ noun: a person who installs windows. Glazier is a tool deve

Google 1.1k Jun 4, 2021
🧠 Leon is your open-source personal assistant.

Leon Your open-source personal assistant. Website :: Documentation :: Roadmap :: Contributing :: Story ?? Introduction Leon is an open-source personal

Leon AI 7.6k Jun 7, 2021