New fence configuration

Fence now supports a single YAML file for configuration!

• configuration vars are consolidated, better-described, and have reasonable defaults
• simplification of deployment by having a single cfg file
• backwards-compatible for now, though next major fence release will drop support for local_settings.py
• command line utility to help with creating a new cfg based off the default
• Fence searches configured directories (in settings.py) for the new config.yaml file
• New cfg file has a contextual template-like replacing feature
• Fence now ignores configuration variables it doesn't recognize and loads defaults for cfg not specified
  -It loads in default then overlays the provided configuration over that, discarding any extra config not defined in the default configuration

usersync username case-sensitivity bug fix

Fix/google validation (#495)

* fix(db): pass through db so flask db connection is not attempted outside of flask app context (e.g. fence-create scripts)

* fix(db): whoops. don't pass into function because it doesnt expect the db arg

* fix(db): dont pass it, false alarm

* fix(usersync): case insensitive for User.username

* feat(logging): clarify logs

* tests(users): case insensitive search by username in test

* fix(commits): re-add back partial commits. our application is not setup/configured to automatically commit to db

* fix(usersync): remove partial commits since the driver has a context managed session that autocommits when out of context

* fix(usersync): when creating new users, make sure to user username case as per provided in the whitelist

* fix(storage): dont force lowercase for storage name

* docs(comments): clarify comment about weird case sensitivity logic

Add google service account validation logging

• more logging for the validation process
• patch to capture more reasons why service accounts got removed in email

KF November Release

2.3.1

fix(flask): bump flask to 0.12.4 (#474)

Release for cloud-auto compatibility

• Needed so that previous versions of fence deployed can work with latest version (this) for cronjobs in cloud-automation like user-sync

This came about because a previous version of fence is deployed for DCF but cronjobs are failling because the cloud-automation cronjobs expect a later version of fence but pull the image from whatever's in the manifest

DCF Phase 1 patch - allow google_service_account scope

DCF Phase 1 patch - allow google_service_account scope but the scope is not used

DCF Phase 1 Fixes with Key Unzipping

Includes DCF Phase 1 Fixes from tagged release 2.2.5, and fix for unzipping jwt keys.

DCF Phase 1 Fixes

Includes:

• DCF Phase 1 Fixes
• changes to fence-create script to allow linking to external buckets

This overrides release 2.2.4, which incorrectly included Phase 2/3 changes.

Link to External Buckets - hotfix

Adds functionality for fence to connect to externally owned buckets.

DCF July Release

• Lower level validity checking functionality for DCF ISB-CGC Phase 2

• Skeleton for ISB-CGC Phase 2 endpoints (should return NotImplemented errors at the moment, will be hooking up our lower level functions in the coming sprint)

• OIDC Consent Page Redesign

• Error Handling update: DCF now has a generic error page that will be displayed to the user in the case of any unhandled exceptions on our end
  Originally we had proposed a "redirect all errors" approach, though our security team could not approve of a system that redirected with internal error information. Thus, we've gone and implemented: Display a generic HTML error page to the user instead of a JSON blob.

• Various bug fixes

• 1st version DCF data replication service

• Google Bucket Access Logging set up on DCF Staging and Production

• dbGap synch for DCF production (SBG)