[Hawkular-dev] Hawkular Inventory 0.16.0.Final Released

[Lukas Krejci]

Hi all,

I'm happy to announce the release of Hawkular Inventory 0.16.0.Final.

The most important change in this release is the alignment of authorization 
and tenant selection with the rest of the Hawkular components.

>From now on, Inventory no longer depends on Keycloak for authentication and 
instead is using JAAS. Any authenticated user is allowed to do anything by 
default.

The tenant is no longer deduced from the authenticated user but is selected 
using the Hawkular-Tenant header (which is therefore required in every request 
to inventory).

This moves inventory more into a role of a "backend service" which delegates 
more granular authentication and authorization to the application layer above 
inventory.

That said, the authorization logic has been factored out and made pluggable 
and a mechanism to check per-entity CRUD privileges is still in place. We just 
swapped the default implementation for a "permissive" one and changed the way 
we figure out the tenant.

Apart from this big change, the following enhancements and fixes have been 
included in the release:

* all internal properties, stored as "__foo" in the backend, are now available 
for filtering as "foo".
* SwitchElementType filter has been "promoted" to the API so that it is usable 
by the API clients.
* Hawkular Commons dependency has been updated to 0.7.2.Final

In 0.17.0.Final we will introduce a new REST API and will deprecate the 
current one (most probably by moving it to /hawkular/inventory/deprecated). 
This work is well underway but unfortunately didn't make it for 0.16.0.Final.

Huge thanks go out to Peter Palaga who did all the security related changes in 
this release and Jirka Kremser who provided the generic mapping of internal 
properties.

-- 
Lukas Krejci