4.19.0

Release Notes

For: uc-cdis/fence

Notes since tag: 4.18.0

Notes to tag/commit: c4e3114

Generated: 2020-07-08

New Features

• Implemented RAS as identity provider. (#787)
• Handle storing backups of dbGap telemetry files in S3 (#745)
• Separated "fence-create dbgap-download-access-files" from "fence-create
  sync" (#745)
• In usersync, populate user email iff email is provided in useryaml OR
  username is an email addr (#788)
• Enabled fence-create client-create to accept space-separated
  allowed-scopes arguments (#780)

Breaking Changes

• Usersync will no longer populate user's email field in Fence db with the
  user's username, UNLESS the username is an email address, in which case
  previous behavior applies (email field is populated with the username). In
  other words, nothing should change except in cases where usersync was
  putting invalid emails into user email fields anyway. (#788)

Bug Fixes

• Enable a user who has access to a large number of projects to be able to
  login successfully when loading the Gen3 authorization page. Previously,
  for users with access to too many projects, attempting to login and load
  the authorization page resulted in 502 and 400 errors. (#785)
• fix deps so pip parses correctly (#783)
• Do not fetch the region at startup for public S3 buckets (#778)

Improvements

• Add program/project info to user.yaml guide (#782)
• Fix "assert 60 <= 59" error in flaky unit tests (#782)
• Added tests for fence.scripting.fence_create.create_client_action (#780)
• Add user.yaml guide (#781)
• Use logger instead of print statements in fence-create (#777)

Dependency Updates

• Fix dependencies so pip parses correctly (#790)
• storage-client to 1.0.1 (#790)
• Added dependency email_validator v1.1.1 (#788)

4.18.0

Release Notes

For: uc-cdis/fence

Notes since tag: 4.17.0

Notes to tag/commit: 12583a2

Generated: 2020-05-12

New Features

• Add Cognito as Fence IdP (#767)

Bug Fixes

• when AWS_CREDENTIALS cfg is gone, was trying to use boto when it wasn't
  setup causing an exception (#766)
• Fence :2020.04 images are failing to produce OIDC client credentials. [...]
  Pinning cryptography 2.8 as this bug only seem to manifest itself with
  2.9. (#768)
• Fix docs (#772)
• Recreate built-in groups before granting policies, so that if you remove
  policies from the built-in groups and run usersync, the groups will get
  updated accordingly in arborist (#773)

Improvements

• improve usersync log message so that it is clear that the "does not match
  pattern" warning also means that the file will not get processed by
  usersync (#775)
• add descriptive usersync error when file cannot be decrypted--previously
  just a stack trace (#775)
• Updated documentation to reflect Fence API behavior (#772)

Dependency updates

• pin cryptography 2.8 b/c of known bug with 2.9 (#769)
• Bump userdatamodel to 2.3.2 (#767)

Deployment changes

• To use the new Cognito integration, apply in fence config the changes made
  to config-default.yaml. Otherwise no action required. (#767)

Cleversafe support

Release Notes

For: uc-cdis/fence

Notes since tag: 4.16

Notes to tag/commit: 4.17.0

Generated: 2020-03-14

Dependency Updates

• httplib2 to 0.17.0 (#763)

New Features

• New config to specify an endpoint url for an s3 bucket (to support
  cleversafe) (#744)

(Cleversafe support)

Do not use this release - the build is broken. Use the fixed 4.17.0 release instead

support syncing from ftp for dbgap

Release Notes

For: uc-cdis/fence
Notes since tag: 4.15.2
Notes to tag/commit: d3ce3bc
Generated: 2020-03-05

Improvements

• Support dbgap syncing from an ftp site instead of sftp (#762)

4.15.2

Release Notes

For: uc-cdis/fence

Notes since tag: 4.15.1

Notes to tag/commit: 4.15.2

Generated: 2020-03-05

Bug Fixes

• Handle the "fence_idp" query parameter for OIDC clients logging users in
  through the "/authorize" endpoint (#761)

Improvements

• default config no longer gives fake buckets and creds for s3 (avoids an s3
  call to get missing bucket region and reduces confusion) (#759)

dependency updates

Release Notes

For: uc-cdis/fence
Notes since tag: 4.15.0
Notes to tag/commit: 4.15.1
Generated: 2020-02-27

Improvements

• improve some log messages: fix package name, clarify error about whitelist
  filename pattern match (#748)

Dependency Updates

• gen3authz updated to at least 0.4.0 for security updates (#757)

Support for multiple dbGaP sources in user sync

Release Notes

For: uc-cdis/fence

Notes since tag: 4.14.0

Notes to tag/commit: 4.15.0

Generated: 2020-02-21

New Features

Supports including a list of dbGaP server configurations in user-sync. When telemetry files are pulled from multiple dbGaP sources, user permission is merged (#755).

4.14.0

Release Notes

For: uc-cdis/fence

Notes since tag: 4.13.4

Notes to tag/commit: 4.14.0

Generated: 2020-01-29

Improvements

• Added optional config SYNAPSE_JWKS_URI to adpot Synapse JWKS document
  changes and avoid downtime (#754)

New Features

• added google_primary_service_account email to userinfo endpoint (to
  support Google requester pays buckets, need to know email of service
  account that signed the url) (#751)

Usersync overriding fix

Release Notes

For: uc-cdis/fence

Notes since tag: 4.13.3

Notes to tag/commit: 4.13.4

Generated: 2020-01-09

Bug Fixes

• Fix user.yaml authz information overriding other authz information (#750)