Version 1.4.0+
These are the release notes for the v1.4.0 release of witboost.
Please refer to the official documentation for a more in-depth overview of the released features.
Features
Access Control Overview
We introduced a new tab for Data Product owners in the marketplace where the owner can see all the consumers that have access to their output ports.
The panel displays all the output ports of all the users that have access to them, as well as:
- pending requests that users have requested for the output ports (grouped in case there are multiple requests)
- revoked accesses on the out ports
- ongoing access granting operations
From this panel, the platform team can also enable the owners to revoke accesses granted to the output ports.
Access Request improvements
An Access Control List (ACL) is a set of rules that determines which users/groups can access a specific resource (output port).
In Witboost, the ACL flow is a process that allows users to request access to some resources. The owners can then grant/revoke access to such resources securely and efficiently. The ACL flow is ruled by communication between three actors: the requester, the resource owner, and the subjects (users/groups for which the access is requested). The communications between these actors are defined by the notification system, which sends messages to inform them of the status and actions of the ACL flow.
The new flow enables also to set up integrations with third-party platforms (like ticketing systems) to handle the interactions between the actors and the approval flow.
With this new access request management, the platform team can decide how the access flow is configured:
- the approval requests and responses can be handled inside witboost (leveraging notifications) or sent to a third-party service using a webhook
- once accepted, the request can trigger the tech adapters to perform the ACL update on the target instances; alternatively, if a third-party service is configured, it could take care of granting the accesses directly once approved
- at deploy time the tech adapters can automatically assign some default ACLs based on the descriptors received, which will be displayed as locked in the overview
We added also the possibility to revoke accesses given to the resources. The owner can decide to select a non-locked access and revoke it for the target user or group.
Additionally, we made the access request modal configurable: leveraging specific templates, it is now possible to customize the parameters asked to the requester. The request can now include also the upload of files and custom attributes extracted from the input descriptor. The same mechanism works also for revoke operations, leveraging another specific template.
Documents
With this release, we are introducing the possibility for the platform team to display documents to the users.
The Documents plugin exposes all the features for document management, allowing the platform to track when the user reads, accepts, and tracks important documents. The platform team can configure some documents to be displayed whenever a user logs in to the platform (like EULAs and GDPR documents). The documents can require explicit approval from the logged users, or just be there to be consulted.
All users can check all the available and accepted documents in their settings and profile page.
The platform team can use the Documents plugin to add both mandatory and optional documents for the viewer to accept. As introduced, the platform team can configure document acceptance: if enabled the user is required to accept the documents, and a popup will appear if the user has any unaccepted documents.
If you want to enable the functionality, just set the config
mesh:
documents:
requireDocumentAcceptance: true
Data Product deletion validation
It was possible to delete a Data Product defined in the Builder (one that developers were using), even if it was already deployed in some environments. This was a problem because then it was not possible to handle that deployment in the marketplace (updating or removing it). Now there is a validation step that checks if there are deployments for a data product when it is set for deletion.
The platform team can now block the unregister process if the location you are unregistering contains data products that are in the marketplace. To do so, use the configuration:
catalog:
disableDeployedDataProductUnregister: true
Configure mapping for tags
In the descriptor, tags are based on the OpenMetadata structure, which can be used in different ways. The UI used the "tagFQN" field for displaying their values, but this could be a limit for some installations.
By changing the mesh.mapping.tag
configuration, you can decide how tags will be displayed (both generic tags and schema tags).
The configuration acts at the display, tooltip, and search level, and for the first two, you can define nunjucks templates to render the content dynamically.
Revamp of the UI style
We are continuing with the revamp of the different witboost pages.
By leveraging our design system (which we are continuously improving) we are adding more and more components to improve the overall user experience.
With this release, we are releasing a revamp of the tables and of the Blueprints and Templates pages. We introduced also the new filters that we started adopting throughout all the witboost's pages.
It is also possible to define custom colors and a custom logo for the installation by adding some suctom style files.
Issues Fixed
- Avoid getting a token if the user is not identified by a valid token in LdapAuth
- Removed references to class names that are risky when used in combination with a code minifier
- Added a missing operation in the domain processor to enforce the domain update
- Don't ask approval for access/revoke when the user is both the requester and the owner of the target resource
- Fixed wrong message "An access request has been sent" for revoke requests
- UI does not break anymore on collapsing the graph
- Removed the possibility of completely collapsing the navigation panel
- The identity picker now requires putting at least one identity in the identities parameter, to prevent cases in which the template field validation is skipped
- Fixed the behavior of the green check icon in the marketplace
- Fixed a small issue front end side about calling an API before waiting for the username to be fetched
- Replaced a wrong label on the template modal component
- Fixed the wrong prefilled values on grant/revoke modals
- Updated the AuthMiddleware by making the cookie token extraction follow the same rules as the bearer token, which prevented cookie validation
- Removed duplicated notification for the owner in case of access control requests
- Added authorization to all the scaffolder endpoints (task retrieval, integration list, action list, task details, template parameter schema, dry run, scaffold, and stream logs)
- Fixed a bug that returned empty access control details even if the request was filled with the requested identifier
- Added a new icon for locked ACL and fixed the tooltip on the button
- Improved error handling in the callback function of the access requests
- Replace the checkbox with radio buttons for output port tables. In this way is not possible anymore to do bulk operations
- Updated Hasura version to v2.36.1
- After users interact with notifications (access request notifications and question notifications) these are automatically marked as read
- Fix behavior of SelectWidget when enumNames property was specified that was not matching the related value with the allowed ones
- Updated the behavior of the regex picker showing a placeholder with the given config
- Fixed the bug on the Undeploy button which made it non-clickable
- Fixed the bug on the control panel refresh button which made it non-clickable
- Updated the filters component, to avoid when a user clicks outside the menu of table filters after selecting one, it remained selected even if it is not applied
- Fixed a bug on disabled policies and metrics visibility
- The micro-frontends don't load properly when the page is on the marketplace menu. The bug seems related to multiple wrong scripts appending on the DOM head
- GitLab errors for the function that extracts the project identifier are more meaningful now
- Fixed the project slug function of GitLab, and added related tests
- Fixed an error on the search filter of the "My Data Products" page related to missing tags
- Changed how the Stepper works when selecting a step by removing the default animation and scrolling automatically to the selected step component
- Added "content-type" in the header of the retrieval and validation API of the Custom URL Picker
- Fixed a bug where the ReservedFieldsProcessor would crash if trying to remove a duplicate with no previous annotations
- WbTags now shows the description on mouse hover, instead of the tagFQN again
- Priority in the marketplace updated: fixed the sorting function that evaluated incorrectly the priority if it was 0, and changed the condition for which to set the new environment
- Fixed a bug on missing clear search filter
- Fixed a bug on the table filters arrow when the menu is opened
- Fixed a bug that prevented URNs of domains from containing hyphens
- Reduced the db transactions time in the implementation of the
/v1/resolve
endpoint for the coordinator - Deploy and undeploy operations on a deployment unit can no longer be started if there's already a running provisioning plan
- Fixed Custom URL Picker bug that does not render long texts with ellipses
- Fixed pagination issues in Custom URL Picker
- Fixed an issue with the PATCH endpoint of action handler that prevented hookInfo to be updated properly
- The date filter no longer persists in CGP Search Results table when clicking reset filters
- Governance entities evaluations are now assigned to the dedicated evaluation thread pool
- Fixed a bug where the control panel would not refresh after creating a new snapshot/release
- IdentitiesPicker now correctly closes the popup after selecting an option when setting
maxIdentities
to 1 - Fixed a bug that displays an error if you change environment while searching for a data product in the data product graph
- Fixed a bug that allowed notifications of access request/response to have a list of objects in the body
- Resolved an error that was thrown when the domain was not found in the marketplace
- Fixed a bug where
/provisioningPlan
took too long to return if called with a large descriptor