Skip to content

12.4.0

Latest
Latest
Compare
Choose a tag to compare
@rra rra released this 22 Jan 17:59
12.4.0
This tag was signed with the committer’s verified signature. The key has expired.
rra Russ Allbery
GPG key ID: 7D80315C5736DE75
Expired
Learn about vigilant mode.
ce09d41
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

New features

  • API rate limits are now enforced if configured. If a request exceeds the rate limit, Gafaelfawr will return a 429 response with a Retry-After header. Rate limit data is recorded in the new ephemeral Redis pool.
  • Add support for quota overrides. Overrides can be set via a new REST API at /auth/api/v1/quota-overrides and take precedence over the configured quotas if present and applicable.
  • Add a bypass key to the quota configuration containing a group list. Any member of one of those groups ignores all quota restrictions.
  • Add a flag to notebook quotas, defaulting to true, that indicates whether the user is allowed to spawn a new lab. This is not enforced by Gafaelfawr; it will be read and acted on by Nublado.

Bug fixes

  • If the user returns to the login route without login state and no return URL is set (which will be the common case), redirect them to the after logout URL instead of returning a 403 error. Often this means the user previously authenticated via another tab and is now logged on, but we have lost the return URL and do not know where to send them. Returning the error is more confusing and often causes the user to attempt to reload the error page, which then fails.

Other changes

  • OpenID Connect authentication codes are now stored in an ephemeral Redis instance rather than in the same database as data, such as tokens, that should persist.

What's Changed

  • DM-48387: Send users with no login state to after logout by @rra in #1208
  • DM-48390: Separate persistent and ephemeral Redis by @rra in #1209
  • DM-48390: Implement API rate limiting by @rra in #1210
  • DM-48390: Suppress errors in rate limiting by @rra in #1214
  • DM-48390: Add rate limiting headers to ingress responses by @rra in #1215
  • DM-48390: Add support for bypassing quota by @rra in #1216
  • DM-48432: Move quota calculation to QuotaConfig model by @rra in #1217
  • DM-48390: Add support for disallowing notebook spawns by @rra in #1218
  • DM-48432: Add support for quota overrides by @rra in #1219
  • DM-48495: Add rate limiting integration with nginx by @rra in #1220
  • Bump eslint-config-prettier from 9.1.0 to 10.0.1 in /ui by @dependabot in #1222
  • Bump eslint-plugin-prettier from 5.2.1 to 5.2.3 in /ui by @dependabot in #1221
  • Bump eslint-plugin-react from 7.37.3 to 7.37.4 in /ui by @dependabot in #1211
  • DM-48495: Return a list of errors from auth failures by @rra in #1223
  • DM-48495: Tweak Redis connection pool settings by @rra in #1224
  • DM-48495: Prepare 12.4.0 release by @rra in #1225

Full Changelog: 12.3.2...12.4.0

Contributors

rra and dependabot
Assets 2
Loading