Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- This version requires DB update. - This version requires LDAP schema update. - This version deprecates some API, which will be removed in the next version. BIG CHANGES ----------- - In LDAP we moved Facility attributes from Resource to Facility, where they belong. - We push multiple new attributes to LDAP from admin roles of user above other entities to entitlement or resource capabilities (see LDAPc changelog). - LDAPc can run without write access to DB for running or replicas. - We store TaskResults for generating Tasks, so that in GUI we can see if service provisioning is blocked/stuck on Perun side or managed service side. - Old attributes for files/data quotas were removed and replaced by the new logic. - API methods of GeneralServiceManager and PropagationStatsReader were moved to ServicesManager and TasksManager respectivelly. Old API will be removed in release 3.10.0. - We allow registrar to generate new logins for users (using registrar module) and they are editable in registratio form. - Authorization Roles are no longer sourced from DB, but rather perun-roles.yml as we will be heading for dynamic authorization rules in next releases. - We split attribute value checks method on syntax and semantics checks as it is required for having "state of member on resource" feature coming in next releases. - Added OpenAPI definition of Perun API, so that client libraries can be generated from it. Its not yet complete and will be updated in next releases. CHANGELOG --------- CORE - Fixed methods with forgotten usage of attribute cache. - Fixed authorization for group-resource attributes. - Store TaskResult for blocked destinations. - TaskResults stored for cancelled/stuck GEN Tasks are now recognized as error (just like SEND Tasks). - Allow tag replacements in custom template for password reset confirmation. - Store also organizationURL attribute from IdP. - InternalErrorException changed to runtime. - Added audit messages when user/group became admin of other entity. - Create audit messages for removed admins of deleted entities. - Methods for work with registrar notifications throws proper exceptions. - Attribute vo:def:voLogoURL can hadle base64 encoded images. - Added logging to ConsolidatorManager. - Log when somebody was invited to register to VO/Group. - Fixed bug in group structure synchronizations (when ext source is changed). - Keep cookies when synchronizing between Perun instances. - Fixed certificates reading in ExtSource for EGISSO. - Fixed null pointer when storing UserExtSource attributes. - Fixed null pointer in hasRole(). - Fixed getBeanName() in ExtSource object. - Simplified code for deleting group. - Changed entity ID for LifescienceID proxy. - Added module for user:virt:loaFenix attribute. - Fixed group members synchronization. Actual group members are not removed, if found between group members in external source, but their attributes can't be retrieved from the ext source. They are mentioned between skipped members and synchronization is considered as failed. - Normalized unix paths in data/file quota modules now strips endind slash "/", since path to directory musnt end with it in some systems (GPFS) and it works OK with others. - Fixed audit message resolving on user:virt:certDNs attribute, which prevented pusching changes in certificates to the LDAP. - Do not use fixed version of HikariPool, bump it with Spring Boot. - Use voPersonExternalAffiliation instead of forwardedScopedAffiliation. - Fixed login display when adding new members to VO/Group. - Refresh of all attributes in setRequiredAttributes. - Forbid indirect relationships for group unions. - Fixed leap year membership expiration calculation. - Updated Spring and Spring Boot to their latest version. REGISTRAR - Mail verification was separated from auto-approval process so that user can verify own mail even if auto-approval fails. - Removed requirement for POST in get* like methods of Registrar. - Fill LoA in registration form items to support optional mail validation for mails from IdPs. - Prevent concurrent run of approve/reject/delete application. - Fixed some form items UI. API - Added MembersManager.createSponsoredMember() which takes new user name in parts. - Added utility method unblockAllServicesOnDestination(). - Allow to delete multiple attribute definitions at once. - Added API methods to retrieve users UserExtSources as RichUserExtSources, containing specified UES attributes. - Fixed authorization in VosManager API. - Fixed authorization in getFacilitiesByDestination and findCompleteRichMembers. - Allow partial match when searching for Resource by attribute value in Searcher. - Added OpenAPI definition of Perun API. It is not yet complete, but client side can be generated - eg. perun-cli-java or perun-cli-python projects. - Added API method getResourcesWhereUserIsAdmin(Vo,User). - Added new methods for publication management (perun-cabinet) in order to optimize performance. GUI - Working with registrar notifications will let you know about conflicts - existing or removed notifications etc. - Removed sign out button from user profile, since based on authentication method, it can't force re-authentication on next access. - Implemented GDPR agreement for administrator (specific to CESNET instance). - When member status is changed between VALID and EXPIRED, admin is offered to update also membersip expiration value. DISPATCHER/ENGINE - 3 hours timeout for single service provisioning run is now configurable in dispatcher and engine properties. - Removed unused properties from config files. - Renamed default dispatcher auditer_consumer. - Do not chown PID files in init.d script for Engine. LDAPc - Allow to mark LDAP attributes as deleted in LDAPc. LDAPc will clear their values from LDAP and it allows us to remove such attributes from schema in next release. - Added many facility attributes to LDAP, facility attributes are no longer pushed within Resource entry, but rather own Facility entry. - Push VO/Group/Facility admin roles from Perun to the LDAP. - Fixed name of ORCID attribute for LDAP. - LDAPc now can push Map attribute types from Perun to LDAP. - Do not chown PID files in init.d script for LDAPc. - Push also following attributes to LDAP: resource:capabilities, facility:capabilities, user:eduPersonEntitlement, user:eIDASPersonIdentifier a user:europeanStudentID. CLI - Added assignTagToResource. - Added listOfMemberGroups. - Added getFacilitiesByHostName. DOCS - Parse deprecation notice from javadoc to RPC docs. - Fixed docs for getRichAdmins(). - Added javadoc on perun Exceptions. - Updated RPC javadoc.
- Loading branch information
