Releases: uc-cdis/fence
Bug fixes: Google endpoints/error handling & user syncing
2.5.4 fix(bugs): fix cfg handling so google client exists for dcf, fix new …
fix logging in fence-create
by default let fence-create log everything down to INFO
no Google+ API calls
We use Google+ API for /login/google and “On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown beginning in late January, with calls to these APIs starting to intermittently fail as early as January 28, 2019.” Therefore, we should update to use google identity instead of Google+.
data upload
Support for new data upload flow.
Some major deployment changes:
- Fence configuration for data upload requires
DATA_UPLOAD_BUCKETand S3 creds in fence config user.yamlformat for RBAC is changed; oldresourcesblock is still supported, but the proper way to organize the yaml file for user privileges is changed, and looks like this:
rbac:
policies:
- id: 'data_upload'
description: 'upload raw data files to S3'
role_ids: ['file_uploader']
resource_paths: ['/data_file']
resources:
- name: 'data_file'
- name: 'programs'
subresources:
- name: 'test'
subresources:
- name: 'projects'
subresources:
- name: 'test'
- name: 'test_program'
roles:
- id: 'file_uploader'
description: 'can upload data files'
permissions:
- id: 'file_upload'
action:
service: 'fence'
method: 'file_upload'
To grant users access for uploading data files, they need the corresponding data_upload policy added:
users:
[email protected]:
policies: ['data_upload']
New fence configuration
Fence now supports a single YAML file for configuration!
- configuration vars are consolidated, better-described, and have reasonable defaults
- simplification of deployment by having a single cfg file
- backwards-compatible for now, though next major fence release will drop support for local_settings.py
- command line utility to help with creating a new cfg based off the default
- Fence searches configured directories (in
settings.py) for the new config.yaml file - New cfg file has a contextual template-like replacing feature
- Fence now ignores configuration variables it doesn't recognize and loads defaults for cfg not specified
-It loads in default then overlays the provided configuration over that, discarding any extra config not defined in the default configuration
usersync username case-sensitivity bug fix
Fix/google validation (#495) * fix(db): pass through db so flask db connection is not attempted outside of flask app context (e.g. fence-create scripts) * fix(db): whoops. don't pass into function because it doesnt expect the db arg * fix(db): dont pass it, false alarm * fix(usersync): case insensitive for User.username * feat(logging): clarify logs * tests(users): case insensitive search by username in test * fix(commits): re-add back partial commits. our application is not setup/configured to automatically commit to db * fix(usersync): remove partial commits since the driver has a context managed session that autocommits when out of context * fix(usersync): when creating new users, make sure to user username case as per provided in the whitelist * fix(storage): dont force lowercase for storage name * docs(comments): clarify comment about weird case sensitivity logic
Add google service account validation logging
- more logging for the validation process
- patch to capture more reasons why service accounts got removed in email
KF November Release
2.3.1 fix(flask): bump flask to 0.12.4 (#474)
Release for cloud-auto compatibility
- Needed so that previous versions of fence deployed can work with latest version (this) for cronjobs in cloud-automation like user-sync
This came about because a previous version of fence is deployed for DCF but cronjobs are failling because the cloud-automation cronjobs expect a later version of fence but pull the image from whatever's in the manifest
DCF Phase 1 patch - allow google_service_account scope
DCF Phase 1 patch - allow google_service_account scope but the scope is not used