Release Notes

For: uc-cdis/requestor

Notes since tag: 1.8.0

Notes to tag/commit: 1.9.0

Generated: 2022-12-16

New Features

• Ability to add DB connection string via environment variable (#50)

Bug Fixes

• Use conditional await in arborist create_policy method (#46)

Improvements

• Use a limit clause in alembic database migration (#46)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.7.1

Notes to tag/commit: 1.8.0

Generated: 2022-10-18

New Features

• Support "client credentials" tokens that are not linked to a user in all
  endpoints, except those that specifically query users' requests (#42, #48)

Bug Fixes

• Consolidate the get_auto_policy_id methods (#43)
• Consolidate the create_arborist_policy_for_role_ids and
  create_arborist_policy methods (#43)
• Consolidate the tests for unallowed parameters (#43)
• Cleanup of parameter checks (#43)

Improvements

• Removing Veracode scanning pipeline (#47, #49)
• Add documentation about authorization (#44)
• Improved error logging when external calls fail (#44)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.7.0

Notes to tag/commit: d35cee0

Generated: 2022-08-03

Bug Fixes

• Update param in call to create_arborist_policy in migrations to match new
  signature of method. (#41)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.6.0

Notes to tag/commit: 1.7.0

Generated: 2022-07-21

New Features

• Create request using role_ids and resource_paths (#39)

Dependency Updates

• Update gen3authz to 2.0.0 (#39)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.5.1

Notes to tag/commit: 1.6.0

Generated: 2022-06-30

New Features

• Ability to make authenticated custom API calls as part of the access
  request process (#34, #35)
• /request endpoint now supports filtering through query parameters similar
  to the /request/user endpoint. (#30)

Improvements

• Rename auto-generated policies from _reader to _accessor to avoid
  conflicts with user.yaml-defined policies that often use _reader (#35)
• Remove auto-labeling so that all integration test suites are run instead of
  only the study viewer suite (#35)
• Do not grant read/read-storage access for all services (#37)
• Use jsonschema to validate the configuration file (#34)
• Upgrade to Python 3.9. (#31)
• Use central github workflow actions for image build and push (#31)
• Improve logs for access request creation (#28)

Dependency Updates

• Add jsonschema and mock dependencies (#34)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.5.0

Notes to tag/commit: 1.5.1

Generated: 2022-04-22

New Features

• Allow requestor to support granting/revoking access directly during request creation with an appropriate status value.

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.4.0

Notes to tag/commit: 1.5.0

Generated: 2022-01-07

New Features

• Allow requesting access to any existing policy, in addition to allowing
  requesting "read + read_storage" access to a resource path (#24)
• Allow revoking access to a policy if this access was granted via Requestor
  (#24)
• The GET /requests/user endpoint accepts filter query parameters, for
  example ?policy_id=foo&status=APPROVED (#24)
• The GET /requests/user endpoint accepts an active query parameter, to
  only return access requests that are not in a final or draft status (#24)
• The POST /request/user_resource_paths endpoint accepts a list of
  permissions in the request body in addition to a list of resource paths
  (#24)

Improvements

• Reorganize documentation (#24)
• Rename "maintain" module to "manage" in code and documentation (#24)
• Allow specifying a custom ARBORIST_URL in the configuration if it is not
  set as an environment variable (#24)
• Add Requestor example flow diagram to Readme (#16)

Dependency Updates

• gen3authz to 1.4.1 (#24)

Deployment Changes

• This Requestor update requires Arborist 3.2.0/2021.12 or more recent (#24)
• Requestor database migration to version 42cbae986650 (should happen
  automatically in cloud-automation deployments) (#24)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.3.0

Notes to tag/commit: 1.4.0

Generated: 2021-07-27

Improvements

• When updating the status of an access request, 'reader' and 'storage-reader' roles are automatically created in Arborist if missing (#14)

Release Notes

For: uc-cdis/requestor

Notes since tag: 1.2.0

Notes to tag/commit: 1.3.0

Generated: 2021-03-31

Improvements

• Refactor auth module (#7)
• Only allow 1 update request at a time on the same request_id (#7)
• The deletion endpoint makes a single query instead of 2 (#7)