Releases: zlamalp/perun
Releases · zlamalp/perun
Release v3.9.10
Release 3.9.10 - Fixed searching for users/members by name when search string contains spaces. - Fixed searching for users/members by exact match. - Fixed regex for ExtSourceINET allowed group names. - Removed attribute module for member:virt:loa, it is replaced by user:virt:loa where necessary. - Fixed rescheduling tasks in WAITING state.
Release v3.11.0
Release 3.11.0 - Searching for users and members now correctly handle spaces in search string and also handles name stored in different order: firstName/lastName vs. lastName/firstName. - Member sponsorship can now expire on exact day, we can send notifications for incoming expiration. - Member can expire or stay valid when losing the last sponsorship based on VO configuration. - Membership sponsoring ends with losing the last sponsor, member is switched to standard member with expiration. - Fixed deletion of sponsored members. - Support configurable roles management - eg. we can specify, which role can manage other roles. - Added new default roles GROUPOBSERVER, RESOURCEOBSERVER and FACILITYOBSERVER. - Fixed user matching on registration for VŠUP external workers. - Propagation Tasks stuck in WAITING state are now also handled and resheduled on source data changes or force propagation. - Fixed duplicities in membersManager/getSponsoredMembers(). - Fixed null pointer in membersManager/getSponsoredMembersAndTheirSponsors(). - Fixed exception messages for PrivilegeException. - Added utils scripts for finding group inconsistencies and assigning service to the resource with another specified service. - Updated RPC docs parsing tool.
Release v3.10.0
Release 3.10.0 - This release contains DB changes! - This release requires PostgreSQL >= 9.5 - The biggest change is configurable API methods and roles authorization. Change was done 1:1 with the old authorization, but there might be bugs! Configuration can be modified on each instance in /etc/perun/perun-roles.yml. - We have removed generally unused member status SUSPENDED. It is replaced by VO wide bans, similar to Resource/Facility bans. This logic is available only in API. Related "suspended" and "suspendedTo" params were removed from the (Rich)Member object. - For future use we added UUID to the Group/Resource/User objects and their rich versions. - We are going to replace sponsored users with normal users with sponsored VO memberships. For now its no longer possible create new sponsored users from the GUI. - Added new methods to create and work with sponsored members. - Group synchronization no longer runs in a single transaction, but rather each group member is processed in own transaction. - Removed deprecated API for: - attributesManager/checkAttributeValue - attributesManager/checkAttributesValue - generalServiceManager -> servicesManager - propagationStatsReader -> tasksManager - membersManager/createSponsoredAccount - membersManager/setStatus (with message) - Added EnrichedResource object and some methods in ResourcesManager as an example of new version of Rich objects. We use composition instead of extension of Resource object. - AuditMessages no longer contains message pre-formatted for GUI as we will remove former method of message (de)serialization in the future. - Attribute member:virt:isSuspeneded looks for VO bans instead of member status. - Many API methods were extended to work also with object names instead of only their IDs (if they are unique too). - LDAPc can now resolve changes of virtual attributes on its own and we do not slow down transaction commit in core perun. - Do not allow UCO like mails in attribute module for group/group_resource:def:o365EmailAddresses_o365mu attributes. - Removed subgroups of assigned groups on resource for which we generate provisioning data.
Release v3.9.9
Release 3.9.9 - This version contains DB and configuration changes. - This version contains LDAP schema changes. - Better heuristic to determine displayName on registration form. - Configurable lifescience-persistent-shadow attribtue. - Added new API to generate data for service provisioning. - Searching users/members can be configured to search in any user, member or userExtSource attribute. - Support new WARNING state in service provisioning. Its like DONE, but with non-empty output in STDERR. - Unique attributes can be converted to non-unique. - Removed subgroups of assigned groups from the data structure returned by getDataWithGroups() used for service provisioning. - Store all attribute values in single column. - Fixed members SQL mapper, should increase performance. - Do not return duplicate candidates, which matches to the same user. - Added userIdentities LDAP attribute, for now equals to eduPersonPrincipalNames. - Added schacPersonalUniqueCode LDAP attribute. - Updated Spring and Spring Boot.
Release v3.9.8
Release 3.9.8 - Fixed approval of extension applications. - Optimize memory usage during services provisioning. - Fixed too slow processing of members in the tree of groups. It also prevents possible race conditions and inconsistencies. - Don't remove non-required User-Facility attributes when member is deleted. - Assign all groups at once to resource when synchronizing group structures. - Use SameSite=Strict session cookies. - Each service destination can be blocked/allowed from the GUI and facility manager can see their state. - Speed up members filtering for all get/find members methods. - Store/show also start timestamp of the group synchronization. - Automatically create releases on GitHub when tag is pushed.