1.22.0

Upgrade Instructions

This feature release requires a database schema upgrade. Please consult the documentation about upgrading your database schema.

The following changes are necessary and are covered by the alembic upgrade head command:

1. OAuth2.0 and JWT feature support (Alembic revision d1189a09c6e0)

• Update IDENTITIES_TYPE_CHK constraint in identities table
• Update ACCOUNT_MAP_ID_TYPE_CHK constraint in account_map table
• Add oidc_scope column to tokens table
• Add audience column to tokens table
• Add refresh_token column to tokens table
• Add refresh column to tokens table
• Add TOKENS_REFRESH_CHK constraint to tokens table
• Add refresh_start column to tokens table
• Add refresh_expired_at column to tokens table
• Add refresh_lifetime column to tokens table
• Add oauth_requests table
• Change size of token column in tokens table

2. Changes for Multi-VO functionality (Alembic revision a118956323f8)

• Added vos table
• Insert default row to vos table
• Add vo column to rses table
• Add RSES_VOS_FK foreign key constraint to rses table
• Update RSES_RSE_UQ unique contraint in rses table

General

Features

• Authentication & Authorisation: Rucio user authentication via OIDC protocol (XDC IAM), getting user info and JWT tokens #2612
• Core & Internals: Need VO table and VO column in RSE table #2727
• Deletion: Reaper 2.0 #2412
• Monitoring & Logging: Add support for prometheus in core.monitor #3124
• Release management: Add oidc auth templates to setup.py #3348
• Release management: Dependency upgrade for 1.22 #3360
• Release management: Better way to deal with configuration / permissions / policy #533

Enhancements

• Deletion: Protection of sources too strict in the reaper #1637

Bugs

• Authentication & Authorisation: Fixes to OIDC AuthN/Z after first deployment on a testbed #3337
• Deletion: only_delete_obsolete is not working properly #3399