v3.1.0: Data model 3, site curator role

Updates for data model v3, enable site curator role, refactoring for more detailed decision logging

What's Changed

• v2.0.0: Opa uses Vault to store data by @daisieh in #45
• v2.1.0: OPA Service tokens and health check by @OrdiNeu in #50
• v3.0.0: Site roles, program authz, user authz by @daisieh in #57
• Hotfix: need "as" clause by @daisieh in #58
• Usernames aren't secrets by @daisieh in #59
• If vault stores already exist, don't wipe them out by @daisieh in #60
• DIG-1189: Authz user can view datasets by @daisieh in #61
• DIG-1652: Remove use of OPA_SERVICE_TOKEN and OPA_ROOT_TOKEN by @daisieh in #62
• Opa should always renew its IDP information by @daisieh in #63
• Replace 'single quote' in PR titles by @mshadbolt in #64
• Update to model 3 by @SonQBChau in #65
• DIG-1705: implement site-level curator role by @daisieh in #66
• DIG-1506: Make the decision logic in Opa more transparent by @daisieh in #67
• hotfix: authx can always see permissions by @daisieh in #68
• Hotfix: site curator is allowed to curate always by @daisieh in #70
• v3.1.0: Data model 3, site curator role by @daisieh in #69
• hotfix: remove default users by @daisieh in #72

Full Changelog: v3.0.0...v3.1.0

v3.0.0: Site roles, program authz, user authz

Highlights

• Site roles, including site admin, now defined in Opa
• Program authorizations are defined in Opa's vault secret store
• User-specific program authorizations are defined in Opa's vault secret store
• Refactored rego policies and created unit tests

What's Changed

• DIG-1520: Site admin is a role defined in Opa, not in jwt by @daisieh in #51
• DIG-1518: Rego policies now based on ProgramAuthorizations by @daisieh in #52
• Interpolate default usernames from .env file instead of hardcoding by @daisieh in #53
• DIG-1546: Opa unit tests by @daisieh in #54
• DIG-1502: Opa implements user-specific authorizations by @daisieh in #55
• DIG-898: allow service_token to view user_key by @daisieh in #56

Full Changelog: v2.1.0...v2.2.0

v2.1.0: OPA Service tokens and health check

Summary of Changes

• Add a path for Opa to verify service tokens
• Add a health check
• Add HTSGet paths

• What's Changed

• DIG-1382: Add a path for Opa to verify service tokens by @daisieh in #41
• DIG-1409: Fix docker health checks by @lilyyangyi301 in #42
• Revert "DIG-1409: Fix docker health checks" by @OrdiNeu in #43
• DIG-1409: Add healthcheck.py for docker healthcheck fix by @lilyyangyi301 in #44
• Add dispatch github action to opa by @mshadbolt in #46
• add more htsget paths by @daisieh in #48
• DIG-1376 :Update GH Action to improve PR title and description by @mshadbolt in #47
• Update paths.json for htsget samples path by @daisieh in #49

New Contributors

• @lilyyangyi301 made their first contribution in #42
• @mshadbolt made their first contribution in #46

Full Changelog: v2.0.0...v2.1.0

v2.0.0: Use vault to store secrets

What's Changed

• DIG-1318: Opa startup only registers its own token by @daisieh in #38
• DIG-1377: Be consistent in our use of candig user inside containers by @OrdiNeu in #39
• DIG-1169, DIG-1402: Opa uses Vault for secret storage by @daisieh in #40

Full Changelog: v1.3.3...v2.0.0

v1.3.3

What's Changed

• Update paths.json by @SonQBChau in #36
• change license to lgpl-3 by @kcranston in #37

Full Changelog: v1.3.2...v1.3.3

Bug fix: var safety issue

What's Changed

• DIG-1165: fix var safety issue by @daisieh in #35

Full Changelog: v1.3.1...v1.3.2

Multiple IDPs

What's Changed

• DIG-970: Update rego files for multiple IDPs by @daisieh in #34

Full Changelog: v1.3.0...v1.3.1

New paths for MoH, htsget

What's Changed

• clean up fake users, add emails by @daisieh in #26
• DIG-1000: remove valid token access to datasets by @daisieh in #27
• Update paths.json by @SonQBChau in #28
• Need to have consistency between permissions.rego and paths.json by @daisieh in #29
• Update paths.json by @SonQBChau in #30
• add beacon paths by @daisieh in #31
• Add candigv2 label to Dockerfile by @daisieh in #33
• Remove old stuff, coordinate with integration tests by @daisieh in #32

New Contributors

• @SonQBChau made their first contribution in #28

Full Changelog: v1.2.0...v1.3.0

TFRI demo

What's Changed

• Tweaks for htsget by @daisieh in #24
• email address instead of username by @daisieh in #25

Full Changelog: v1.1.1...v1.2.0

auth tweaks

Merge pull request #23 from CanDIG/daisieh/secrets

Handle OPA secrets via docker-secrets