Hi all,
I'm happy to announce the release of Hawkular Inventory 0.16.0.Final.
The most important change in this release is the alignment of authorization
and tenant selection with the rest of the Hawkular components.
From now on, Inventory no longer depends on Keycloak for
authentication and
instead is using JAAS. Any authenticated user is allowed to do
anything by
default.
The tenant is no longer deduced from the authenticated user but is selected
using the Hawkular-Tenant header (which is therefore required in every request
to inventory).
This moves inventory more into a role of a "backend service" which delegates
more granular authentication and authorization to the application layer above
inventory.
That said, the authorization logic has been factored out and made pluggable
and a mechanism to check per-entity CRUD privileges is still in place. We just
swapped the default implementation for a "permissive" one and changed the way
we figure out the tenant.
Apart from this big change, the following enhancements and fixes have been
included in the release:
* all internal properties, stored as "__foo" in the backend, are now available
for filtering as "foo".
* SwitchElementType filter has been "promoted" to the API so that it is usable
by the API clients.
* Hawkular Commons dependency has been updated to 0.7.2.Final
In 0.17.0.Final we will introduce a new REST API and will deprecate the
current one (most probably by moving it to /hawkular/inventory/deprecated).
This work is well underway but unfortunately didn't make it for 0.16.0.Final.
Huge thanks go out to Peter Palaga who did all the security related changes in
this release and Jirka Kremser who provided the generic mapping of internal
properties.
--
Lukas Krejci