0.44.0
(2020-02-06)
0.44.0
Note about upgrading your CDS
You have to install version 0.43.2 if you want to upgrade your CDS Instance from a version < 0.43 to a newer version.
When you upgrade a CDS Instance, always run the database migration before, documentation on https://ovh.github.io/cds/hosting/database/
The release 0.44.0 is a major release with some breaking changes in the configuration file.
Authentication mechanisms have been completely rewritten. If local authentication is enabled, users can now choose their password. Old passwords cannot be used anymore, users must request a password reset.
If you are upgrading an existing instance of CDS, you have to follow some steps to migrate:
- Run engine config new api to generate a new temporary config file, then copy this three generated keys to your existing config (api.auth.rsaPrivateKey, api.database.encryptionRollingKeys, api.database.signatureRollingKeys). Also copy new config part to enable local auth (key: api.auth.local).
- Execute database migration with engine database upgrade cmd.
- Starts only CDS api service, engine start api --config my-config-file.toml. You should see some logs about user migration (prefixed with RefactorAuthenticationUser), to know if the migration was successfully processed.
- Use CDS command line to reset your local password and to login.
- Use CDS command line to create a auth consumer for ui service (cdsctl consumer new --scopes Service --name ui), then paste generated token to your config in ui section to replace old token and starts CDS ui.
- Create also consumers for your others services. Every services needs consumer with Service scope but a Hatchery also need scopes Hatchery,RunExecution and WorkerModel. Hooks service requires scope Service, Hooks, Project and Run. Hatcheries will also requires a new rsa private key in config in addition to the consumer token, you can generate a new one with engine config new hatchery:local for example then copy rsaPrivateKey to your existing config.
Notable Changes in version 0.44.x
Authentication Backends
This release contains a complete refactoring of user authentication. It's now possible to authenticate users with oauth2 GitHub & GitLab.
Ldap authentication was rewritten too with some improvements.
CDS can authenticate a user with many backends activated: GitHub, GitLab, Ldap or local authentication.
See Documentation about User Authentication
Communication between api <-> μservice
and worker <-> api
has also been completely rewritten.
Each μservice use a consumer token
with limited rights represented by scope.
Users can manage their tokens with cdsctl or with the webui:
Users can control their session token:
See Documentation about Token
Edit As Code entity with the Web UI
Before this release, it was not possible to update a Workflow or a Pipeline if it was managed as-code
(= configuration stored on git repostory).
It's now possible to update workflow and pipeline with the web ui, CDS will create a Pull Request on your Git Repository with the yml files updated.
Other Features
- api: add cds.template.version var for current template version (#4927) (0bcfe73)
- contrib: add a step to hello world template (#4928) (f3ef764)
- smtpmock: refact server and add auth, create command line client (#4864) (b3a6fb7)
- ui,api: ascode core mirror help (#4872) (9fb57af)
Bug Fixes
- api: avoid panic if app does not exist (#4963) (1f44f4a)
- api: delete useless unmarshal for outgoing payload (#4866) (0e448fd)
- api: inconsistent git.hash (#4962) (7b7ced5), closes #4952
- use specific struct for ascode conditions (#4959) (b209414)
- ui: navbar hide only for route that starts by /auth (#4958) (99c0d33)
- api: check if workflow data is nil (a423ce2)
- api: deduplicate req from plugin's integration (#4921) (30d544b)
- api: do not duplicate payload in build params for hooks (#4956) (5f9dc7f)
- api: duplication of same node name is now forbidden (#4953) (38727ef)
- api: edit project integration (#4924) (8368e9d)
- api: generation of jsonschema (#4943) (37cfcd0)
- api: get projects from provider with username (#4916) (c08ddfe)
- api: load members on group to import action (#4910) (e96613d)
- api: missing members on group for template perm check (#4904) (3ccb3a1)
- api: outgoing webhook (#4923) (65e91bd)
- api: register service check if already exists based on consumer (#4914) (7fbafaa)
- api: remove only dead job (#4900) (46d6e99)
- api: return not found if project not readable, marathon cpu in conf (#4899) (f561705)
- api: return right error on add workflow group (#4931) (992f827)
- api: sends all events to hatcheries only if wildcard even if maintainer (#4922) (f13ff37)
- api: take care of not executed for migration status (#4905) (d9a2517)
- api: use consumer name instead of username if service or worker (#4909) (c4f892c)
- api: workflow hook reference (#4868) (d39462a)
- api,ui: audit on pipeline with template is now correct (#4930) (1141bd7)
- api,worker: only delete terminated jobs + fix cache with symlinks (bf49500)
- cdsctl: cdsctl version (#4878) (d770987)
- cdsctl: workflow status command (#4954) (6972662)
- cli: add missing query parameter (#4955) (6f1e8ba)
- hatchery: check hostname prerequisiste (#4895) (d3f13a5)
- hatchery:swarm: clean service remove useless condition (b87954a)
- hooks: put the right status for outgoing hook (b5de1c1)
- plugin/marathon: avoid panic on timeout (#4915) (e8e83ef)
- sdk: need basepath instead of file absolute path (#4902) (dab0aa8)
- ui: cannot add a worker model without required info #4816 (#4933) (4932951)
- ui: check if application exist on workflow component (#4951) (edab24a)
- ui: datatable button display correctly (#4897) (28f7ba1)
- ui: display refresh banner on new ui deployed (#4913) (a3bb926)
- ui: edit custom action with key parameter display input correctly (#4936) (54379fd)
- ui: fix displayed data + toggle button (#4920) (3f73e5e)
- ui: get line using builtin function (#4925) (aa1990d)
- ui,api: do not insert an empty workflow if there is no one (#4950) (596cbee)
- api: add auth scope projet to worker (4a2d850)
- api: clean spaces in username migration (7dd9c5f)
- api: fill cds.triggered_by.* correctly (f953862)
- api: filter default group (91d9471)
- api: filter on groups on /worker/enabled (7ec11da)
- api: fix permission for some template routes and add tests (56dc111)
- api: permission for admin and maintainer on project/workflow (8a0b57a)
- api: raise SSO session duration to 24h (378259c)
- api: return models for consumer's groups if hatchery (8fc4bac)
- api: sso payload should not be a string (3b7e55c)
- api: user reset should be allowed in maintenance mode (80eac5c)
- cdsctl: env token usage (#4867) (489f5d6)
- engine: do not expose private key and secrets (4087953)
- hatchery: error on sendSpawnInfos (7a2cad4)
- hatchery: remove model data from worker jwt token (1cccf32)
- hooks: avoid to send same gerrit event twice or more (#4881) (bd70519)
- hooks: delete task handler (#4863) (1eb063f)
- migrate,api: bad interface impl for mig service and fix user mig (#4856) (4e9b04c)
- sql: remove foreign key between consumer and worker (caadf75)
- ui: add more informations for template instances list #4824 (#4861) (2fbfe2c)
- ui: artifact url (bd1e4f9)
- ui: bad link to download artifacts (d4599fa)
- ui: limit pagination count, add filters on add consumer modal (6b76c90)
- ui: overview path (7afe2a8)
- ui: remove extra pointing class from the banner element (#4890) (251a06d)
- ui: run workflow button active when executable (a6ccdbb)
- ui: template and action permission (fc58407)
- ui: use isAdmin func instead of old admin field (39dccfe)
- ui,api: do not load condition names when it's not needed #4846 (#4855) (bb9aa43)
- ui,api: fix url for web worker and events permissions (c596c3a)
- ui,api,cdsctl: create login verify command (#4887) (f6f93fd)
- vcs: status inprogress for building status (9351f0c)
- worker: affero junit (c4335ab)
- worker: artifact upload outside of workspace (d1e0b8b)
- worker: cmd key install with absolute file (#4911) (7778966)
- worker: coverage action (212d5b3)
- worker: debug logs (cc5a873)
- worker: do not concat absolute path that starts (40b5a94)
- worker: download artifact outside of workspace (#4907) (c01a026)
- worker: find key by name (9512ea2)
- worker: fix deploy application path (12ebf32)
- worker: fix path with grpc plugin directory (e747fa2)
- worker: junit and coverage (cc78eac)
- worker: overwrite value each time (#4903) (1bf3c5d)
- worker: path.IsAbs is not working on windows (#4901) (527be9d)
- worker: plugin deploy (65f463b)
- worker: stop the worker (cd10319)
- worker: take action parameter for plugin (dea6e82)
- worker: use exported variables in further step (#4908) (22886fd)
- worker: windows and tests (8ac8fae)
- worker: worker export variable were not accessible from next step (fdcf011)
- worker: worker push absolute path (7e10f48)
- worker: working directory (9489b1b)