Skip to content

Authorization and Sync Update: New Arborist Integration
Compare
Choose a tag to compare
@Avantol13 Avantol13 released this 20 May 17:53
· 2335 commits to master since this release
3.0.0
798dfe3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Release Notes

For: uc-cdis/fence
Notes since tag: 2.8.2
Notes to tag/commit: 798dfe3
Generated: 2019-05-20

New Features

  • Configure new clients with arborist policies using --arborist and
    --policies flags for fence-create (#608)
  • Use arborist for authorization checks on downloading data files from
    indexd, as long as the authz field is present in the index record (#608)
  • swagger document for multipart upload presigned url (#616)
  • Allow setting policies for anonymous and logged-in groups in the
    user.yaml. (#625)
  • Use arborist to check permission for indexd record upload/download on
    records when supported (send "rbac" field from the indexd record to
    arborist) (#606)

Breaking Changes

  • Users' RBAC policies are now owned by arborist, not fence, so the tables
    are removed from fence/userdatamodel. (#608)
  • The usersync is updated to work specifically with the new arborist version.
    (#608)
  • In general, this and following versions of fence should be deployed only
    with
    arborist>=2.0.0
    (#608)
  • Remove (unused) RBAC blueprint (#606)

Bug Fixes

  • Fix typos in exception handler (#626)

Improvements

  • Update user sync for compatibility with changes to arborist. (#613)
  • Policies now owned by arborist (#613)
  • Arborist needs (read-only) copy of users. (#613)
  • User info endpoint will return policy list from arborist for that user, if
    available. (#604)
Assets 2
Loading