Create policies from the ZLI

24 August 2022

zli v. 6.7.15


  • Create a new policy from the zli. Create a policy from the zli using:
    • zli policy create-cluster for a cluster policy
    • zli policy create-proxy for a proxy policy
    • zli policy create-tconnect for a target connect policy
    • zli policy create-recording for a session recording policy
    Run zli policy help or see the policy entry in the zli reference manual for additional guidance


  • Execute all policy-related commands with zli policy. Complete all policy-related commands from zli policy . This change encompasses the previous policy, describe-cluster-policy, user, group, targetUser, and targetGroup commands. Run zli policy help or see the policy entry in the zli reference manual for additional guidance
  • Remove zli generate-bash. The generate-bash command was deprecated in zli v.6.0.8 in favor of zli generate bash. It is now fully removed from the zli
  • Prompt for log in. Identity providers routinely rotate their keys. When this happens, BastionZero will prompt users for new log in


  • Run ZLI Quickstart against an existing target. Modified the error message returned when running Quickstart against a target with the BastionZero agent already installed
  • Include all download options for the ZLI on Github. Updated the Github ZLI repo to include all download options
  • Cancel a zli connect request. Resolved issue where users were unable to cancel a shell session request in between the request and the session being established. This action can now be performed using ctrl+c, ctrl+d, or ctrl+\
  • Connect to target names that contain periods. Resolved issue where users were unable to connect to targets with names that contained periods following zli v.6.7.3. Note that zli connect will work as long as the string following the first period in the target name does not conflict with an environment name

bzero v. 6.5.4


  • Use environment variables to pass arguments from the zli to the bzero daemon. Resolved a potential issue with arguments being visible by processes when passed from zli to the daemon
  • Rare race condition in bzero agent. Resolved a rare race condition that could cause connection requests through zli connect to fail
  • Revoke user connections. Resolved an issue where revoking user connections caused cluster, database, and web connections to hang
  • iperf -R. Resolved an issue where iperf -R would hang prior to output

Web app & backend


  • Webshell and spaces removal. Removed the webshell from the web app as the first step in our plan to create a web app centered around the admin-focused experience


  • Close database connections. Resolved an issue with the daemon poller that was preventing database connections from closing correctly
  • Target type in tables. Fixed naming inconsistency with target types in the web app where "Target Connect" was "TargetConnect" and "Session Recording" was "SessionRecording"
For questions or to give us feedback on how we can make our updates better, please reach out to [email protected].