Skip to content

Release 3.9.0
Compare
Choose a tag to compare
@zlamalp zlamalp released this 24 Feb 12:12
v3.9.0
This tag was signed with the committer’s verified signature.
zlamalp Pavel Zlámal
GPG key ID: FE5B5180982CF76A
Learn about vigilant mode.
14be839
This commit was signed with the committer’s verified signature.
zlamalp Pavel Zlámal
GPG key ID: FE5B5180982CF76A
Learn about vigilant mode.
  • This version requires DB update.
  • This version requires LDAP schema update.
  • This version deprecates some API, which
    will be removed in the next version.

BIG CHANGES

  • In LDAP we moved Facility attributes from Resource to Facility,
    where they belong.
  • We push multiple new attributes to LDAP from admin roles of user above other
    entities to entitlement or resource capabilities (see LDAPc changelog).
  • LDAPc can run without write access to DB for running or replicas.
  • We store TaskResults for generating Tasks, so that in GUI we can see if
    service provisioning is blocked/stuck on Perun side or managed service side.
  • Old attributes for files/data quotas were removed and replaced by the new
    logic.
  • API methods of GeneralServiceManager and PropagationStatsReader were
    moved to ServicesManager and TasksManager respectivelly. Old API will be
    removed in release 3.10.0.
  • We allow registrar to generate new logins for users (using registrar module)
    and they are editable in registratio form.
  • Authorization Roles are no longer sourced from DB, but rather perun-roles.yml
    as we will be heading for dynamic authorization rules in next releases.
  • We split attribute value checks method on syntax and semantics checks as it
    is required for having "state of member on resource" feature coming in next
    releases.
  • Added OpenAPI definition of Perun API, so that client libraries can be
    generated from it. Its not yet complete and will be updated in next releases.

CHANGELOG

CORE

  • Fixed methods with forgotten usage of attribute cache.
  • Fixed authorization for group-resource attributes.
  • Store TaskResult for blocked destinations.
  • TaskResults stored for cancelled/stuck GEN Tasks
    are now recognized as error (just like SEND Tasks).
  • Allow tag replacements in custom template for
    password reset confirmation.
  • Store also organizationURL attribute from IdP.
  • InternalErrorException changed to runtime.
  • Added audit messages when user/group became admin of
    other entity.
  • Create audit messages for removed admins of deleted
    entities.
  • Methods for work with registrar notifications throws
    proper exceptions.
  • Attribute vo:def:voLogoURL can hadle base64 encoded images.
  • Added logging to ConsolidatorManager.
  • Log when somebody was invited to register to VO/Group.
  • Fixed bug in group structure synchronizations (when ext source is changed).
  • Keep cookies when synchronizing between Perun instances.
  • Fixed certificates reading in ExtSource for EGISSO.
  • Fixed null pointer when storing UserExtSource attributes.
  • Fixed null pointer in hasRole().
  • Fixed getBeanName() in ExtSource object.
  • Simplified code for deleting group.
  • Changed entity ID for LifescienceID proxy.
  • Added module for user:virt:loaFenix attribute.
  • Fixed group members synchronization. Actual group members
    are not removed, if found between group members in
    external source, but their attributes can't be retrieved
    from the ext source.
    They are mentioned between skipped members and synchronization
    is considered as failed.
  • Normalized unix paths in data/file quota modules now strips
    endind slash "/", since path to directory musnt end with
    it in some systems (GPFS) and it works OK with others.
  • Fixed audit message resolving on user:virt:certDNs attribute, which
    prevented pusching changes in certificates to the LDAP.
  • Do not use fixed version of HikariPool, bump it with Spring Boot.
  • Use voPersonExternalAffiliation instead of forwardedScopedAffiliation.
  • Fixed login display when adding new members to VO/Group.
  • Refresh of all attributes in setRequiredAttributes.
  • Forbid indirect relationships for group unions.
  • Fixed leap year membership expiration calculation.
  • Updated Spring and Spring Boot to their latest version.

REGISTRAR

  • Mail verification was separated from auto-approval process so that
    user can verify own mail even if auto-approval fails.
  • Removed requirement for POST in get* like methods of Registrar.
  • Fill LoA in registration form items to support optional
    mail validation for mails from IdPs.
  • Prevent concurrent run of approve/reject/delete application.
  • Fixed some form items UI.

API

  • Added MembersManager.createSponsoredMember() which takes
    new user name in parts.
  • Added utility method unblockAllServicesOnDestination().
  • Allow to delete multiple attribute definitions at once.
  • Added API methods to retrieve users UserExtSources as
    RichUserExtSources, containing specified UES attributes.
  • Fixed authorization in VosManager API.
  • Fixed authorization in getFacilitiesByDestination and
    findCompleteRichMembers.
  • Allow partial match when searching for Resource
    by attribute value in Searcher.
  • Added OpenAPI definition of Perun API. It is not yet complete,
    but client side can be generated - eg. perun-cli-java
    or perun-cli-python projects.
  • Added API method getResourcesWhereUserIsAdmin(Vo,User).
  • Added new methods for publication management (perun-cabinet)
    in order to optimize performance.

GUI

  • Working with registrar notifications will let you know
    about conflicts - existing or removed notifications etc.
  • Removed sign out button from user profile, since based on
    authentication method, it can't force re-authentication on
    next access.
  • Implemented GDPR agreement for administrator
    (specific to CESNET instance).
  • When member status is changed between VALID and EXPIRED,
    admin is offered to update also membersip expiration value.

DISPATCHER / ENGINE

  • 3 hours timeout for single service provisioning run
    is now configurable in dispatcher and engine properties.
  • Removed unused properties from config files.
  • Renamed default dispatcher auditer_consumer.
  • Do not chown PID files in init.d script for Engine.

LDAPc

  • Allow to mark LDAP attributes as deleted in LDAPc. LDAPc will clear
    their values from LDAP and it allows us to remove such attributes from
    schema in next release.
  • Added many facility attributes to LDAP, facility attributes are
    no longer pushed within Resource entry, but rather own Facility
    entry.
  • Push VO/Group/Facility admin roles from Perun to the LDAP.
  • Fixed name of ORCID attribute for LDAP.
  • LDAPc now can push Map attribute types from Perun to LDAP.
  • Do not chown PID files in init.d script for LDAPc.
  • Push also following attributes to LDAP: resource:capabilities,
    facility:capabilities, user:eduPersonEntitlement,
    user:eIDASPersonIdentifier a user:europeanStudentID.

CLI

  • Added assignTagToResource.
  • Added listOfMemberGroups.
  • Added getFacilitiesByHostName.

DOCS

  • Parse deprecation notice from javadoc to RPC docs.
  • Fixed docs for getRichAdmins().
  • Added javadoc on perun Exceptions.
  • Updated RPC javadoc.
Assets 6
Loading