Releases: uc-cdis/requestor
Releases · uc-cdis/requestor
Release list
1.10.0
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.9.0
Notes to tag/commit: 1.10.0
Generated: 2026-05-26
Improvements
- Add authorization check when a request's status is set to one of the
UPDATE_ACCESS_STATUSES at creation (#85) - Fix and re-enable database migrations unit tests (#82)
- Update to use new Amazon Linux base image and use the same structure as our
other python services. (#59) - Utilizing "gen3" user instead of "root" for more secure containers (#59)
- Moving to Poetry to manage our virtual environments (#59)
- Multi-stage Docker builds for smaller images (#59)
- Move to Gunicorn (#59)
- Add a description of how to remove access in the
authorizationdocument.
(#63) - Create resources and policies after the authorization check instead of
before (#58) - Log detailed authentication errors from authutils (#56)
Dependency Updates
- Update Python from 3.9 to 3.13 (#82)
- Remove Gino, use sqlalchemy (#82)
- starlette to 0.41.2, and other dependency updates (#75)
- Bumps the pip group with 5 updates: (#73)
- Bumps authlib from 1.3.0 to 1.3.1.
(#70) - Bumps requests from 2.31.0 to 2.32.0.
(#69) - Bumps jinja2 from 3.1.3 to 3.1.4. (#67)
- Bumps gunicorn from 20.1.0 to
22.0.0. (#66) - Bumps urllib3 from 2.0.2 to 2.0.7.
Bumps jinja2 from 3.1.2 to 3.1.3. (#64) - Bumps idna from 3.4 to 3.7. (#62)
1.9.0
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.8.0
Notes to tag/commit: 1.9.0
Generated: 2022-12-16
New Features
- Ability to add DB connection string via environment variable (#50)
Bug Fixes
- Use conditional
awaitin arboristcreate_policymethod (#46)
Improvements
- Use a limit clause in alembic database migration (#46)
1.8.0
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.7.1
Notes to tag/commit: 1.8.0
Generated: 2022-10-18
New Features
- Support "client credentials" tokens that are not linked to a user in all
endpoints, except those that specifically query users' requests (#42, #48)
Bug Fixes
- Consolidate the
get_auto_policy_idmethods (#43) - Consolidate the
create_arborist_policy_for_role_idsand
create_arborist_policymethods (#43) - Consolidate the tests for unallowed parameters (#43)
- Cleanup of parameter checks (#43)
Improvements
1.7.1: bug fix in call to `create_arborist_policy` in migrations
1.7.0: role_ids and resource_paths support
Custom API calls
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.5.1
Notes to tag/commit: 1.6.0
Generated: 2022-06-30
New Features
- Ability to make authenticated custom API calls as part of the access
request process (#34, #35) /requestendpoint now supports filtering through query parameters similar
to the/request/userendpoint. (#30)
Improvements
- Rename auto-generated policies from
_readerto_accessorto avoid
conflicts with user.yaml-defined policies that often use_reader(#35) - Remove auto-labeling so that all integration test suites are run instead of
only the study viewer suite (#35) - Do not grant read/read-storage access for all services (#37)
- Use
jsonschemato validate the configuration file (#34) - Upgrade to Python 3.9. (#31)
- Use central github workflow actions for image build and push (#31)
- Improve logs for access request creation (#28)
Dependency Updates
- Add
jsonschemaandmockdependencies (#34)
1.5.1
Grant and revoke access to policies
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.4.0
Notes to tag/commit: 1.5.0
Generated: 2022-01-07
New Features
- Allow requesting access to any existing policy, in addition to allowing
requesting "read + read_storage" access to a resource path (#24) - Allow revoking access to a policy if this access was granted via Requestor
(#24) - The
GET /requests/userendpoint accepts filter query parameters, for
example?policy_id=foo&status=APPROVED(#24) - The
GET /requests/userendpoint accepts anactivequery parameter, to
only return access requests that are not in a final or draft status (#24) - The
POST /request/user_resource_pathsendpoint accepts a list of
permissions in the request body in addition to a list of resource paths
(#24)
Improvements
- Reorganize documentation (#24)
- Rename "maintain" module to "manage" in code and documentation (#24)
- Allow specifying a custom
ARBORIST_URLin the configuration if it is not
set as an environment variable (#24) - Add Requestor example flow diagram to Readme (#16)
Dependency Updates
gen3authzto 1.4.1 (#24)
Deployment Changes
2021.09
Add Requestor example flow diagram to Readme (#16)
Auto-create Missing Roles on Status Update
Release Notes
For: uc-cdis/requestor
Notes since tag: 1.3.0
Notes to tag/commit: 1.4.0
Generated: 2021-07-27
Improvements
- When updating the status of an access request, 'reader' and 'storage-reader' roles are automatically created in Arborist if missing (#14)