Skip to content

12.2.0
Compare
Choose a tag to compare
@rra rra released this 27 Nov 00:48
· 91 commits to main since this release
12.2.0
This tag was signed with the committer’s verified signature. The key has expired.
rra Russ Allbery
GPG key ID: 7D80315C5736DE75
Expired
Verified
Learn about vigilant mode.
f4bcbea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

New features

  • Allow a client to present an internal token to the /auth/openid/userinfo endpoint. CADC's authenticator finds the userinfo endpoint via OpenID Connect configuration and presents whatever token it has to that endpoint, so this allows it to use the regular userinfo endpoint.
  • Add optional Sentry support. If enabled and configured with the Sentry DSN secret, telemetry information will be sent to Sentry. Every trace is sampled and no effort has been made to exclude sensitive information, so this is currently only intended to be temporarily enabled in a non-production environment while debugging a specific problem.

Bug fixes

  • Avoid opening a database session in the ingress authentication path unless it is necessary to create a new delegated token.
  • Avoid creating a Google Firestore client for every request, since it does authentication setup on creation. Instead, create a single client that will be used for all requests.
  • Always omit the data_rights claim in OpenID Connect server tokens if the user has no data rights, rather than sometimes omitting it and sometimes setting it to the empty string.

Other changes

  • Update the Gafaelfawr secrets documentation with a link to the current Phalanx secrets management documentation and mark the secrets that are autogenerated by Phalanx tooling.

What's Changed

  • DM-47716: Adjust types for new Pydantic HttpUrl handling by @rra in #1159
  • DM-47716: Avoid creating Firestore clients on every request by @rra in #1160
  • DM-47716: Move token cache transaction management by @rra in #1157
  • DM-47716: Add optional support for Sentry by @rra in #1158
  • DM-47716: Move all session management to service layer by @rra in #1161
  • DM-47760: Uniformly handle claim for no data rights by @rra in #1162
  • DM-47716: Move auth metrics reporting to a background task by @rra in #1163
  • DM-47760: Allow internal tokens on the OIDC userinfo route by @rra in #1164
  • DM-47716: Update for Ruff 0.8.0 by @rra in #1166
  • DM-47716: Revert "Move auth metrics reporting to a background task" by @rra in #1167
  • DM-47789: Convert to the Safir pagination support by @rra in #1168
  • DM-47789: Use Safir timedelta validation types by @rra in #1169
  • DM-47789: Convert datetime and timedelta to Safir types by @rra in #1170
  • DM-47789: Use drop_database from Safir by @rra in #1171
  • DM-47789: Move IP address normalization into a type by @rra in #1172
  • DM-47789: Move scopes validation into a Pydantic type by @rra in #1173
  • DM-47789: Prepare 12.2.0 release by @rra in #1174

Full Changelog: 12.1.1...12.2.0

Contributors

rra
Assets 2
Loading