Releases: uc-cdis/fence
Releases · uc-cdis/fence
Caching and google endpoint
Release Notes
For: uc-cdis/fence
Notes since tag: 4.29.0
Notes to tag/commit: 4.29.1
Generated: 2021-05-27
New Features
- Added
assume_rolecache for download/upload (#774)
Bug Fixes
- /google/primary_google_service_account was returning the client/user SA,
which is NOT what is used for signed urls. this PR corrects the behavior to
create and return the user's single primary service account (#921)
Improvements
- Replace NGINX_RATE_LIMIT if an override value if found in fence-config.
(#916) - use jsonify for response for correct content headers (#918)
- update docs to include new google endpoint (#918)
- update docs to clarify header for shib (#918)
- Patch the 'get_all_shib_idps' function to handle bad input from the
InCommon discovery endpoint (#917)
4.29.0: Merge pull request #914 from uc-cdis/feat/primary_google_service_account
Release Notes
For: uc-cdis/fence
Notes since tag: 4.28.2
Notes to tag/commit: 041b4e1
Generated: 2021-05-21
New Features
- new
/google/primary_google_service_accountendpoint which will
get_or_create a user's Primary Google Service Account and return the SA
email (only available to authed users/clients with authority to generate
google creds) (#914) - Exporting metrics from Fence so we can observe events in our Grafana
dashboards. (#864) - Add CILogon as an authentication option. CILogon provides a
standards-compliant OpenID Connect (OAuth 2.0) interface to federated
authentication including InCommon, the Australian Access Federation (AAF),
and eduGAIN. CILogon OpenID Connect (OIDC) client registration is available
to researchers and scholars at https://cilogon.org/oauth2/register (#896)
Bug Fixes
- remove assertion that is breaking tests. (#897)
- Fix parsing for redirect url in RAS (#895)
- Fix 'object dict can't be used in 'await' expression' error during usersync
(#894) - Allow permitted users to generate a signed upload url for public records
(i.e. those records withauthz=[“/open”]) (#893)
Improvements
- Introducing new ENABLE_PROMETHEUS_METRICS config to allow operators to
enable/disable metrics (#913) - Documentation about public data (#911)
- Use GITHUB_TOKEN for wool in CI (#907)
- Swagger doc: add fence_idp to /oauth2/authorize endpoint (#898)
Dependency Updates
4.28.2
4.28.1
Audit Service integration
Release Notes
For: uc-cdis/fence
Notes since tag: 4.27.1
Notes to tag/commit: 4.28.0
Generated: 2021-03-24
Improvements
- Add _status and _version endpoints to Swagger doc (#888)
New Features
- Audit Service integration: Fence creates audit logs for data downloads and
user logins (#885)
Deployment Changes
- Audit logs for user logins and data downloads can be enabled by deploying the audit-service and adding
settingENABLE_AUDIT_LOGSto the fence config (see
https://github.com/uc-cdis/fence/blob/1c850d07e54f8527dbde182fdd9dd593d18f660e/fence/config-default.yaml#L586-L588)
(#885)
Bug Fixes
- allow user to authenticate to gen3 successfully even if we fail to retrieve
RAS visa during login. (#834)
upstream_expires_in for RAS refresh token
Release Notes
For: uc-cdis/fence
Notes since tag: 4.27.0
Notes to tag/commit: cc12808
Generated: 2021-03-15
New Features
- Added
upstream_expires_inparameter in the/authorizationendpoint to
manually add refresh token expiration time. (#883)
Bug Fixes
- Fixed Visa Update cronjob not clearing expired refresh tokens. (#883)
- Fix oauth flow to work even when fence idp not in LOGIN_OPTIONS config
(#880)
Improvements
expires_in for refresh tokens and show idp for user
Release Notes
For: uc-cdis/fence
Notes since tag: 4.26.1
Notes to tag/commit: 3994a51
Generated: 2021-03-03
Bug Fixes
- during usersync - update existing roles in Arborist by hitting the new PUT
/role/{roleID} endpoint (#843) - Fix
/userendpoint so that idp field is populated for the user. (#877) - Fix bug caused by an empty url list when attempting to delete a record.
(#870) - checks the value of no_force_sign query parameter on
/user/data/download/<guid> and proceeds to sign urls where this value is
false (#873)
Improvements
- Add a docstring for
login_userfunction (#877)
New Features
- Implemented support for specifying lifetime of refresh token at the
/authorize endpoint via param expires_in (#848) - Sync user's authorization information using visas as a source of
information post login. (#875)
Deployment Changes
- REQUIRES A FENCE DB MIGRATION, since with this update there is now an
additional column in the authorization_code table
"refresh_token_expires_in" (#848)
4.26.1: New optional logic to refresh access token
4.26.0
Release Notes
For: uc-cdis/fence
Notes since tag: 4.25.0
Notes to tag/commit: 6e55fcd
Generated: 2021-02-16
New Features
- Create base class for syncing visas (#860)
- Parse RAS visa to usersync readable format (#860)
- Sync users using visa in usersync. (#860)
- added logic to update all user visas and refresh tokens. (#869)
Bug Fixes
- Fixed usersync not working due to async components of newer version of
gen3authz. (#862) - Fixed some tests not working with newer version of gen3authz. (#862)
- Set
idna 2.10to restore poetry lock. (#858)
Improvements
- make sure to set httponly on all cookies (#872)