v2024.10.17

What's Changed

• Bump upload-artifact to v4 by @mabashian in #610
• Remove is_superuser from resource API by @fosterseth in #596
• Add authentication backend for renamed user accounts by @newswangerd in #611
• [RR] Send auth backend in auth_code payload by @relrod in #609
• Add option to automatically move users to a new authenticator by @newswangerd in #601
• format string missing f by @kdelee in #608
• Force social-auth-app-django to 5.4.1 by @bhavenst in #615
• Pass requesting user into validate role assignment by @fosterseth in #614
• Only return entries for local service_id by @AlanCoding in #616
• Redis flushdb by @john-westcott-iv in #617
• JWT Auth ignore is_superuser value if False by @fosterseth in #623
• Update LDAP user search test by @bhavenst in #620
• [Alt 1] Flip default of reverse sync to True by @AlanCoding in #618
• They say sometimes I don't give an f. Fix that. by @relrod in #629
• Groundwork for better DRF pages for services by @relrod in #628

Full Changelog: 2024.9.4...2024.10.17

v2024.9.4

What's Changed

• HUB is removing org.users and team.users by @jctanner in #591
• Dont require service path by @fosterseth in #597
• Several bug fixes for reverse sync by @relrod in #589
• Attempt to lock down dependencies by @relrod in #585
• Revert #585 by @relrod in #600
• Update social_auth.py to move log to debug by @kdelee in #604
• Add upload of Junit XML test result files by @tznamena in #599
• Add some nuance to the on-off logic for RESOURCE_SERVER by @AlanCoding in #603

New Contributors

• @tznamena made their first contribution in #599

Full Changelog: 2024.8.28...2024.9.4

v2024.8.28

What's Changed

• Add oidc_alt_key to auth code by @newswangerd in #586
• Add fallback cache by @bhavenst in #572
• Ignore permissions given twice in migrations by @AlanCoding in #584
• Do not run resource registry stuff if migrations are not finished by @AlanCoding in #557
• [AAP-27692] Add middleware that apps can use to handle graceful timeout signal by @kdelee in #581
• Adding additional unit tests by @john-westcott-iv in #590
• [RR] Do not try to redirect to null resource server by @relrod in #592

New Contributors

• @kdelee made their first contribution in #581

Full Changelog: 2024.8.26...2024.8.28

v2024.8.26

What's Changed

• [resource registry] Allow for obtaining an auth code given username/password payload by @relrod in #580
• Revert "Pin versions for all optional dependencies" by @john-westcott-iv in #588

Full Changelog: 2024.8.22...2024.8.26

v2024.8.22

What's Changed

• fix: coerce reading saml request as via https if REDIRECT_IS_HTTPS by @BrennanPaciorek in #570
• RBAC content filter should consider the app_label. by @jctanner in #573
• Give 400 respones when roles violate RBAC validators by @AlanCoding in #563
• Delete resources so reverse migrations will work by @AlanCoding in #576
• Add tests for more than 1 team and org member roles by @AlanCoding in #577
• Add service backed SSO by @newswangerd in #565
• Use updated heuristic for identifying locally managed roles by @AlanCoding in #562

Full Changelog: 2024.8.19...2024.8.22

v2024.8.19

What's Changed

• Allow turning off role view requirement with setting by @AlanCoding in #566
• Switch service auth class to custom header by @newswangerd in #567
• Manage team memberships in hub jwt consumer. by @jctanner in #568
• Reverse-syncing of resources to a resource server by @relrod in #548
• Add method to get status from redis by @john-westcott-iv in #545
• fix: Replace warning with info/debug messages on jwt.common.auth by @rochacbruno in #569
• Removing CODEOWNERS by @john-westcott-iv in #571
• Add SSO and partially migrated flag to Resource API by @newswangerd in #564

Full Changelog: 2024.8.9...2024.8.19

v2024.8.9

What's Changed

• Skip further validation on team parent model if it has no parent model. by @jctanner in #558
• Allow removing permissions even when they are invalid by @AlanCoding in #559
• resource_registry: sync organization and team descriptions across services by @BrennanPaciorek in #447
• Fix bug where is_registered did not consider app_label by @AlanCoding in #560

Full Changelog: 2024.8.8...2024.8.9

v2024.8.8

What's Changed

• Fixing issue when unsetting redis client ssl files by @john-westcott-iv in #539
• Nest the dynamic settings inclusion into a method by @AlanCoding in #531
• Altering Redis client to be able to get access directly to a Redis or RedisCluster object by @john-westcott-iv in #546
• Fix validation bug creating invalid custom system roles by @AlanCoding in #532
• Returning a DABRedis instead of a raw Redis by @john-westcott-iv in #550
• Fix bug with reference to id as opposed to pk by @AlanCoding in #538
• fix: Settings logic rebind installed_apps when adding new items. by @rochacbruno in #552
• Fix auto-creation of CALLBACK_URL for AzureAD by @AparnaKarve in #544
• Fix auto-creation of CALLBACK_URL for Google OAuth2 by @AparnaKarve in #547
• Test concrete inheritance and fix error with nested inheritance by @AlanCoding in #551
• Ensure that LDAP User Search field can be set to null or an empty list by @AparnaKarve in #554
• Make stop-postgres target remove the container as before by @AlanCoding in #549
• Altering redis client - breaking change by @john-westcott-iv in #535
• Send post_migrate signal from DAB RBAC by @AlanCoding in #556

New Contributors

• @AparnaKarve made their first contribution in #544

Full Changelog: 2024.8.1...2024.8.8

v2024.8.1

What's Changed

• Adding setting to prevent modification of settings in AoC environment by @john-westcott-iv in #519
• [Low Prio] Add uwsgi + nginx + ssl to the compose stack by @jctanner in #508
• Error if Delete permission is issued without Change permission by @thedoubl3j in #520
• fix: Skip _system user when syncing resources by @rochacbruno in #521
• Prepare 2 User managers to exclude _system user by default by @slemrmartin in #522
• Adding get_relative_url and get_fully_qualified_url by @john-westcott-iv in #505
• Fix new user getting created at every login by @john-westcott-iv in #523
• Fix SAML authenticator to set ACS url as CALLBACK_URL by @john-westcott-iv in #525
• Re-enable black and blacken files that got missed in later PRs by @relrod in #529
• [get_fully_qualified_url] Fallback to crum request by @relrod in #528
• Handle unsupported media type in django-oauth-toolkit by @cutwater in #537
• Add bits necessary to satiate pulpcore's openapi generator. by @jctanner in #542
• Fix authenticator order by @trucdg in #541

Full Changelog: 2024.7.17...2024.8.1

v2024.7.17

What's Changed

• Fix flaky test failure by @AlanCoding in #504
• Custom permission class for oauth token scope adherence by @relrod in #500
• Handle system user login via external source by @trucdg in #502
• Fix AuthMap groups and attributes rules by @slemrmartin in #480
• jwt_consumer: remove unauthorized permissions by @BrennanPaciorek in #486
• Require superuser permission to revoke global roles by @AlanCoding in #497
• Prevent disabling or deleting the last enabled authenticator by @jctanner in #513
• [oauth2_provider] Disable PKCE by default by @relrod in #514
• Fix keycloak public key help text typo by @mabashian in #516
• Fix incorrect mock object calls by @AlanCoding in #518
• Use single postgres definition in compose file by @AlanCoding in #515
• Optimize SQL queries when creating orgs and teams by @cutwater in #506
• Optimize SQL queries when assigning permissions on teams by @cutwater in #509
• Make ansible_id match the JWT data if creating new user by @AlanCoding in #512
• Making CALLBACK_URLS optional by @john-westcott-iv in #511
• [Low Prio] Add a sqlite3 check by @AlanCoding in #517

Full Changelog: 2024.7.1...2024.7.17