February 25, 2021

This release of the Management Console service introduces the following new features and behavioral changes:

New features

  • User delete: CDP administrators now have the ability to delete users in CDP through both the user interface and the CLI. Deleting a user removes all access keys and SSH keys associated with the user, and unassigns all roles and resource roles assigned to the user. The user is also removed from all groups that they belong to. For more information, refer to Deleting users and machine users.
  • FreeIPA HA: CDP administrators can configure your CDP environment to run FreeIPA in high-availability mode. By default, creating an environment configures a single instance of FreeIPA on its own host, but you can explicitly enable FreeIPA HA during environment registration via CPD web UI or CLI. For more information, refer to Managing FreeIPA.
  • Interactive login for CDP CLI and CDP SDK: If you would prefer that user access to the CLI/SDK is shorter-lived, you can use the "interactive" method of logging into the CDP CLI/SDK. By default, this login method grants a 12-hour access key to the CLI/SDK. The access key will time out after one hour of inactivity. The interactive method integrates with any SAML-compliant external identity provider. For more information, refer to Logging into the CDP CLI/SDK.
  • Anonymization rules: CDP includes a set of default anonymization rules and allows CDP administrators to define custom anonymization rules in order to remove sensitive information from CDP logs. For more information, refer to Defining anonymization rules for CDP logs.

Behavioral changes

  • Changes to delete machine user behavior: Deleting a machine user removes all access keys and SSH keys associated with the machine user, and unassigns all roles and resource roles assigned to the machine user. The machine user is also removed from all groups that they belong to. Previously, these steps had to be performed manually prior to machine user deletion. It takes around 2 minutes to fully delete a machine user in CDP. During that time you will not be able to recreate the machine user (that is, for 2 minutes you will not be able to create a machine user with the same machine user name).
  • Group name length limit: CDP user management framework supports group names of up to 64 characters. Previously up to 32 characters were supported.
  • Identity provider configuration improvements: The user interface and the overall flow of the identity provider configuration in CDP was improved for better usability.
  • New CDP SAML Service Provider certificate: The current CDP SAML Service Provider certificate is expiring on March 8, 2021 at 18:05:49 GMT. A replacement certificate is available for any customer whose identity provider will verify the CDP SAML service provider certificate. You can obtain the certificate from this document or by logging it to CDP web interface, navigating to > User Management > Identity Providers, clicking on your identity provider, and the last field "CDP SAML Service Provider Metadata" now contains 2 certificates: the one that expires on March 8, 2021 and the new one. Please consult your identity provider's documentation for how to update service provider certificates. CDP will start using the new certificate for SAML starting March 8, 2021.

    Here is the new CDP SAML Service Provider certificate:

    -----BEGIN CERTIFICATE-----
    MIIEKTCCAxGgAwIBAgIUF7LjOby+L8dcCVzWN4ChnTtybiowDQYJKoZIhvcNAQEL
    BQAwgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy
    YW5jaXNjbzEVMBMGA1UECgwMQ2xvdWRlcmEgSW5jMRAwDgYDVQQLDAdDRFAgSUFN
    MSEwHwYDVQQDDBhjb25zb2xlLmNkcC5jbG91ZGVyYS5jb20xIzAhBgkqhkiG9w0B
    CQEWFHN1cHBvcnRAY2xvdWRlcmEuY29tMB4XDTIxMDIyMzE5NDgxMVoXDTI0MDIy
    ODE5NDgxMVowgaMxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwN
    U2FuIEZyYW5jaXNjbzEVMBMGA1UECgwMQ2xvdWRlcmEgSW5jMRAwDgYDVQQLDAdD
    RFAgSUFNMSEwHwYDVQQDDBhjb25zb2xlLmNkcC5jbG91ZGVyYS5jb20xIzAhBgkq
    hkiG9w0BCQEWFHN1cHBvcnRAY2xvdWRlcmEuY29tMIIBIjANBgkqhkiG9w0BAQEF
    AAOCAQ8AMIIBCgKCAQEAszIxvwxxsAE4PqNLfZ2+4zfYI9UpiiePEOKJuL1Q8Mbh
    ArA53EmZradpYNIQ54a3vGQNeEoi782gcp/JbzLTY0AESnKXzpPXOhX8qMWytrcL
    QKmSW/eVbZsVEYnyf1wFxtpOcLbHfYB12W1ScD3FKr5BUns6bRCclfiFW1Ei5XLQ
    yzgSGdKXSvB/8izRr4yyyDT2IX8PelHbONiIKb6OTuuHPwo259RMjZZd2pwMurif
    JUGBckwYPh7Dkmiw9mTXVSD5fdSP1HvP2RTuPqmkTSgJRwdJD4G6wF1NFOQwItIr
    7vf6OzPZJM6A2JCN8RQApMnYyNgT75wWtCNOF8F2cQIDAQABo1MwUTAdBgNVHQ4E
    FgQUGfVSdXrVb3JsJy5nf4OYp2sJn8IwHwYDVR0jBBgwFoAUGfVSdXrVb3JsJy5n
    f4OYp2sJn8IwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAkNxk
    +X2sCbXAIhSUNKUYQEM++ZDSnWzMgdavNeVUzWgTfGdwvDolFzvqU66wiQ8kedK0
    qLW6gRZkG+GJUq5vY93pfNSQ5C4P9hhFqpd6tfHme7uHlZCtZh/wjOeYoOpgr0eI
    qtXxg6U6+6qLqzBi/9Zdc0sLZFNbjQLEFkNHoU7rFODcnLNHemngw+ui2rofsBhK
    F9Zcqiy91mmCto6OrQMAkXyfrU40S8+Yr9s+wnJEmNIkVN9mfH0TfRJNEvHcuvZ+
    WHc4HD/Vu0sL/APPADfLh158MYb9gUNXtE12PxjGYCj4RsFt0/Fbju9mGl+W/n69
    qaRFxZmubutaQ1WCzw==
    -----END CERTIFICATE-----

New documentation