Breaking changes in v24.1.1 - Adaptive Applications - BlueCat Gateway - 24.1.1

Cloud Discovery & Visibility Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
24.1.1

The following changes in Cloud Discovery & Visibility v24.1.1 (CDV) might affect the behavior of automated tasks and customized processes.

(AWS) Removal of MFA support for Discovery jobs

As of CDV v24.1.1, MFA authentication can no longer be used with Discovery jobs. This includes both newly-created jobs and jobs created in earlier versions of CDV.

(AWS) Shared authentication credentials between Discovery and Visibility jobs

As of CDV v24.1.1, you can no longer configure separate authorization credentials between AWS Discovery jobs and Visibility jobs. Visibility jobs now use the same authorization credentials that are configured for AWS Discovery jobs

Since both types of jobs now use the same credentials, the user account associated with those credentials must now grant the necessary permissions for both Discovery and Visibility operations. For more details, see Amazon Web Services (AWS) environments.

Warning: After the upgrade, credentials of existing visibility jobs are automatically removed. If the Discovery jobs do not yet have permissions required for Visibility operations, this can cause the associated Visibility jobs to fail.

(AWS) Breaking API endpoint changes

The following API endpoints are significantly changed in v24.1.1. They might require changes to customized or automated processes that use them.

Tip: For more details on the updated REST API endpoints, see the CDV REST API Swagger documentation (Click in the top right of the Cloud Discovery & Visibility UI and select Go to API document.
Endpoint Changes
POST cloud-discovery/api/v1/provider/aws/discovery
  • (AWS) The following fields are deprecated from the API payload:
    • (Deprecated from the visibility section) aws_access_key:: AWS IAM access key
    • (Deprecated from the visibility section) aws_secret_key: AWS IAM secret key
    • (Deprecated from the visibility section) aws_role_arn: AWS Role ARN
    • aws_mfa_arn: AWS MFA ARN
    • aws_mfa_code: AWS MFA code
  • (AWS) The following new parameters are added:
    • region_before_account
    • ignore_default_private_networks
    • create_standalone_ptr_records
    • tag_filter
    • additional_user_defined_tags
  • (AWS) The tags parameter is replaced with the include_tags and exclude_tags parameters.

POST cloud-discovery/api/v1/provider/aws/authentication

(AWS) The following fields are deprecated from the API payload:

  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

  • is_discovery_organization: Option to specify whether CDV should run Discovery for the Organization.

  • aws_role_name: AWS Role ARN when discovering Organizations

POST cloud-discovery/api/v1/provider/aws/visibility/system

(AWS) The following fields are deprecated from the API payload:

  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

POST cloud-discovery/api/v1/provider/aws/visibility/purge-visibility-system

(AWS) The following fields are deprecated from the API payload:

  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

POST cloud-discovery/api/v1/provider/aws/visibility/default-queue-names-generator

(AWS) The following fields are deprecated from the API payload:

  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

POST cloud-discovery/api/v1/provider/aws/detection

(AWS) The following fields are deprecated from the API payload:

  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

  • is_discovery_organization: Option to specify whether CDV should run Discovery for the Organization.

  • aws_role_name: AWS Role ARN when discovering Organizations

POST cloud-discovery/api/v1/provider/aws/list-organizational-units

(AWS) The following fields are deprecated from the API payload:
  • aws_mfa_arn: AWS MFA ARN

  • aws_mfa_code: AWS MFA code

PUT cloud-discovery/api/v1/provider/aws/schedule/{schedule_id}/options (AWS) The following new parameters are added:
  • region_before_account
  • ignore_default_private_networks
  • create_standalone_ptr_records
PUT cloud-discovery/api/v1/provider/aws/visibility-manager (AWS) The following new parameters are added:
  • region_before_account
  • ignore_default_private_networks
  • create_standalone_ptr_records
PUT cloud-discovery/api/v1/provider/aws/schedule/account-filter/{schedule_id} (AWS) The tags parameter is replaced with the include_tags and exclude_tags parameters.
PUT cloud-discovery/api/v1/provider/aws/visibility-manager/account-filter/{visibility_manager_id} (AWS) The tags parameter is replaced with the include_tags and exclude_tags parameters.

The following new API endpoints are added in v24.1.1.

  • PUT cloud-discovery/api/v1/provider/aws/schedule/{schedule_id}/tag-filter
  • PUT cloud-discovery/api/v1/provider/aws/visibility-manager/{visibility_manager_id}/tag-filter
  • PUT cloud-discovery/api/v1/provider/aws/schedule/additional-user-defined-tags/{schedule_id}