Skip to content

Releases: uc-cdis/fence

handle service account key expiration in all cases

06 Feb 18:32
@Avantol13 Avantol13
2.5.10
4c0769f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
handle service account key expiration in all cases 
2.5.10

fix(sa-expiration): actually expire user-issued keys, even if there a…
Loading

fix jwt keys ordering

30 Jan 01:10
@philloooo philloooo
2.5.9
5d0b386
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fix jwt keys ordering 
Merge pull request #551 from uc-cdis/fix/key-order

fix(key-order): use basename
Loading

remove duplicated black list logic

30 Jan 00:19
@philloooo philloooo
2.5.8
16cce7a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
remove duplicated black list logic 
Merge pull request #550 from uc-cdis/fix/key-order

fix(key-order): order of JWT keypairs
Loading

patch to keep same behavior for refresh token

29 Jan 22:17
@philloooo philloooo
2.5.7
5eb0364
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
patch to keep same behavior for refresh token 
Merge pull request #548 from uc-cdis/fix/refresh-tokens

fix(refresh): don't provide new refresh token when hitting token endp…
Loading

Fix bug when refreshing tokens

29 Jan 18:03
@Avantol13 Avantol13
2.5.6
acd7327
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix bug when refreshing tokens

Fix issue that when scope is provided for refreshing access_tokens an exception in raised

Loading

Bug fix for case insensitive handling during usersync

29 Jan 16:18
@Avantol13 Avantol13
2.5.5
e4b58f8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Bug fix for case insensitive handling during usersync

Fixes issue with different case b/t dbgap and user.yaml causing exception

Loading

Bug fixes: Google endpoints/error handling & user syncing

28 Jan 16:26
@Avantol13 Avantol13
2.5.4
b8625e5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Bug fixes: Google endpoints/error handling & user syncing 
2.5.4

fix(bugs): fix cfg handling so google client exists for dcf, fix new …
Loading

fix logging in fence-create

25 Jan 22:08
@rudyardrichter rudyardrichter
2.5.3
c2acc5d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
fix logging in fence-create

by default let fence-create log everything down to INFO

Loading

no Google+ API calls

23 Jan 18:35
@Avantol13 Avantol13
2.5.2
09c0bc7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
no Google+ API calls

We use Google+ API for /login/google and “On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown beginning in late January, with calls to these APIs starting to intermittently fail as early as January 28, 2019.” Therefore, we should update to use google identity instead of Google+.

Loading

data upload

16 Jan 18:14
@rudyardrichter rudyardrichter
2.5.1
63f5421
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
data upload

Support for new data upload flow.

Some major deployment changes:

  • Fence configuration for data upload requires DATA_UPLOAD_BUCKET and S3 creds in fence config
  • user.yaml format for RBAC is changed; old resources block is still supported, but the proper way to organize the yaml file for user privileges is changed, and looks like this:
rbac:
  policies:
    - id: 'data_upload'
      description: 'upload raw data files to S3'
      role_ids: ['file_uploader']
      resource_paths: ['/data_file']
  resources:
    - name: 'data_file'
    - name: 'programs'
      subresources:
      - name: 'test'
        subresources:
        - name: 'projects'
          subresources:
          - name: 'test'
      - name: 'test_program'
  roles:
    - id: 'file_uploader'
      description: 'can upload data files'
      permissions:
        - id: 'file_upload'
          action:
            service: 'fence'
            method: 'file_upload'

To grant users access for uploading data files, they need the corresponding data_upload policy added:

users:
  example_user@domain.com:
    policies: ['data_upload']
Loading