New Features:

• We have added a toggle to hide the "Reason" field for requests. To enable this, go to a resource's request configuration, and toggle "Include Reason field in request" under the approval flow toggles. This will hide the "Reason" field for requesters when submitting a request for that resource.

Bug fixes:

• Fixed a bug where an error message would not properly display when adding an AWS Orgs app.

New Features:

• Added option for admins to set reason as optional in a request configuration.

Bug Fixes:

• Resolved a bug that was causing some bulk requests requiring MFA to fail.
• Resolved several small quality of life bugs with bulk requesting that caused the default expiration time to not display correctly.
• Fixed an issue where filtering events by event type would sometimes filter out events of the matching type.

New Features:

• Added support for regional STS endpoints in AWS.
• Support the "Restrict logins to SAML" option on Opal's CLI.

Improvements:

• Return a more descriptive error message when Opal cannot find the GCP service account.
• Make Google Groups user removal idempotent for non-existent users.
• Properly switch between resources/groups tabs when selecting new items.

Bug Fixes:

• Fixed a bug that caused the incorrect expiration to be set when requesting a resource requiring MFA.

Improvements:

• Allow setting roles as request configuration conditions in our API.
• Properly update group user source during sync.
• Show search results that also match a resource/group's remote name.
• Handle Slack rate limiting errors with retries and exponential backoff.

Fixed:

• Resolved an error with deleted managers in UAR assignment.
• Clear the selected item in the Slack request modal if the parent resource is changed.

Bug Fixes:

• Resolved an issue causing AWS RDS Instance ARNs to not be populated during sync.

Improvements:

• Reduced the latency of the hourly sync job by fetching details of unmanaged items in the daily sync job instead.
• Expanded the number of AWS regions that Opal supports.

Bug Fixes:

• Added missing event type labels for proper naming UI in dropdowns.

Fixed resources in certain AWS regions not showing up in Opal.

Fixes an issue where syncing AWS RDS instances would sometimes result in an error showing "invalid RDS instance arn".

Previously, Opal would list all available roles in all resource types when users add new custom roles. However, some roles cant be applied to certain resource types, or some can only be applied to certain resource types, etc. We now will properly show only relevant roles which can actually be applied to the resource being viewed.

A bug had caused Opal to ingest more roles than necessary for GCP resources during a certain period of time. To remedy this, we are deleting custom roles ingested during this time period.