Product Version 2021 Autumn
Find our docker images and Helm Charts linked here:
>> Version Tags Services
Table of Contents
Change in Testing Infrastructure Helm Chart
The infrastructure Helm Chart providing third-party software to build a first testing environment for a new yuuvis® Momentum installation contains Gitea 1.14.3 now as git server instead of Gogs.
>> Installing Helm Chart for Testing Infrastructure
Features
Here you will find some of the new release's highlights. Check out the Change Log for further information on all changes.
Please also pay attention to the Breaking Changes and some Update Instructions.
Core
Batch PATCH for Metadata
The metadata of multiple objects can be updated with one request of the new endpoint.
>> PATCH /api/dms/objects
Tenant Schema Management
System integrators are now able to manage the individual tenant schema for any tenant in the system via the following new endpoints:
- GET /api/system/tenants/{tenant}/schema - Retrieves the tenant schema that is stored for the tenant matching the
{tenant}path parameter. - POST /api/system/tenants/{tenant}/schema - Updates the tenant schema stored for the tenant specified by the
{tenant}path parameter. - POST /api/system/tenants/{tenant}/schema/validate - Validates an XML schema file to be used as tenant schema for the tenant specified by the
{tenant}path parameter.
Cross-Tenant Requests (KDDA)
Within your yuuvis® Momentum cluster, you might want to operate a service for asynchronous background processing that is working on all the data in your system independently of the tenant they belong to. Such services need to access the data of all tenants. In order to enhance their performance, they can use an internal service account that allows for cross-tenant requests and thus avoid high numbers of requests to individual tenants. To configure internal service accounts, read this article carefully and make sure you do not skip any of the described configuration steps in order to ensure and secure the tenant separation.
>> Cross-Tenant Service Accounts
In order to allow for the configuration and usage of service accounts, an ancillary Kubernetes Service has to be created.
>> Update Instructions for AUTHENTICATION Service
Object Creation Permissions
In role sets, permissions can now be set for the creation of objects by introducing the action create.
>> Access Authorization and Permissions
So far, the object creation was enabled together with the edit permission via the action write. Hence, your role sets have to be updated as described in the Breaking Changes.
>> Breaking Change due to new Object Creation Permissions
Fuzzy and Proximity Search in Full-Text Queries
In full-text search queries, partially matching objects can be provided as results. Thus, it is possible to search for similar terms or variant spellings.
>> Fuzzy Search
Furthermore, it is possible to allow for reversed ordering of words in a phrase or to allow for additional words between the words of a phrase.
>> Proximity
Boosting for Full-Text Search
Boosting can be applied to the list of matches of full-text search queries. The boost operator influences the relevance of individual terms within a CONTAINS statement. Thus, the sorting of the objects in the hit list is directly influenced.
>> Boosting
Signature of Internal JSON Web Tokens
Each call of a yuuvis® Momentum endpoint is routed through the AUTHENTICATION service. After successful authentication, an internal JSON Web Token (JWT) is created and assigned to the call containing user-specific information. This JWT authorizes the call in every service within the data processing chain. In order to prevent unauthorized access from outside by faking the JWT, it has a signature that can be used for an additional validation of the caller's authorization. The additional section in the JWT might lead to a Breaking Change in your system.
>> AUTHENTICATION Service
AUTHENTICATION Service Information Endpoints
The /manage/** endpoints provided by the AUTHENTICATION Service are now available via a separate port that is protected from external access. Even if they are exposed for access without a specific authorization, they are accessible only for services inside the Kubernetes cluster. In order to call the /manage/** endpoints of the AUTHENTICATION service, its configuration has to be adjusted and an ancillary Kubernetes Service has to be created to manage the port as described in the update instructions.
>> Configuration Changes for the AUTHENTICATION Service
New Webhook for Import and Update
The new webhook type POST dms.request.objects.upsert.dadabase-before can be triggered by an object import, an update of the content, an update of the metadata or a tag update. It receives the completed objects just before they are indexed. That means the objects are already enriched with system properties and default values (wherever necessary), normalized and validated.
>> POST dms.request.objects.upsert.database-before
Service Monitoring
This monitoring solution allows the observation of your yuuvis® Momentum Kubernetes Cluster. The integrated Grafana Web UI serves for visualization of resource consumption and network traffic for yuuvis® services or their individual pods.
>> Service Monitoring
Retrieval of Configuration Files during Git Downtimes
The CONFIGSERVICE can retrieve the cached version of configuration files even if git is temporarily not accessible. Thus, during a downtime of the git server, GET requests to the CONFIGSERVICE will be successful whereas requests for storing resources will not be successful.
>> CONFIGSERVICE
Tenant Management API
Role Assignment via Groups (KDDA)
If users are assigned to a group, the same configuration of roles is assigned to all members. Therefore, the response body of the user information endpoints is extended. If a group is deleted, the roles referenced in that group will be removed from all group members. Groups and roles can both be individually created, modified, and deleted via the corresponding endpoints. The endpoints are not yet used by yuuvis® architect and yuuvis® management console.
In the tenant creation profile, the creation of groups and assignments of roles to users can be configured. It will be applied to each tenant creation process. Therefore, the corresponding endpoints expect/return the section groups in the body now:
- POST /tenant-management/api/system/profile - Update the tenant creation profile.
- GET /tenant-management/api/system/profile - Retrieve the tenant creation profile.
Assignment of the System Integrator Role (KDDA)
The endpoint POST /tenant-management/api/admin/users that is accessible with the role YUUVIS_TENANT_ADMIN does not allow for the assignment of the role YUUVIS_SYSTEM_INTEGRATOR anymore. Only the endpoint POST /tenant-management/api/system/tenants/{tenant}/users that is accessible with the role YUUVIS_SYSTEM_INTEGRATOR allows for the assignment of the role YUUVIS_SYSTEM_INTEGRATOR to other users.
>> Breaking Changes
Searching for Users (KDDA)
The requested list of users of a tenant can be filtered using a parameter. The following endoints are extended:
- GET /tenant-management/api/system/tenants/{tenant}/users for system integrators
- GET /tenant-management/api/admin/users for tenant administrators
Creating a Technical User
If a service should be authorized to call the endpoints of the Tenant Management API, a technical user account is required. It is now possible to create such accounts directly with a non-temporary password that will be stored encrypted in the tenant creation profile.
>> Tenant Creation Profile
User Invitation
If no SMTP parameters are set for a new user, no invitation e-mail can be sent. The currently logged-in user will be informed.
- POST /tenant-management/api/system/tenants/{tenant}/users for system integrators
- POST /tenant-management/api/admin/users for tenant administrators
Activating and Deactivating Tenants (KDDA)
Tenants created via Tenant Management API are activated per default. However, in customers' contractual agreements, it might be required to deactivate tenants. The endpoint for updating a tenant allows for deactivation and activation of tenants now.
>> PATCH /tenant-management/api/system/tenants/{tenant}
yuuvis® management console
Activating and Deactivating Tenants
In the tenant creation dialog, it is possible to activate or deactivate tenants according to customers' contractual agreements.
>> Organization View
yuuvis® client as reference implementation
Defining Object Types (KDDA)
The classification systemsot for System Floating Secondary Object Types (SFSOT) suppresses the listing of the corresponding Secondary Object Type for users of your client that do not have any administrative roles. The SFSOTs are not displayed in the Characteristics field in your client, but are listed in the classification[systemsot] field in the Administrative information section of the Summary aspect area.
>> Classification of Secondary Object Types
Switching Between Different Tenants
If you have user accounts in multiple tenants, you can now easily switch between the tenants after logging out of the currently active account.
Typification Suggestions during Object Creation
While creating a document object with a content file, the user can be supported by a prediction for the suitable typification of the object. Each suggestion consists of a rough typification by means of an object type (e.g., contract) and a suitable sub-typification (e.g., employment contract) defined as a value in the typification catalog field of that object type.
Note: This feature requires an installed beta version of the new Auto ML Platform which is not yet included in yuuvis® Momentum installations.
>> Defining Object Types for yuuvis® client
Support of Business Process Management (BPM)
The new public API of the BPM Engine is now used by yuuvis® client as reference implementation. The Inbox view allows for the handling of standard processes and follow-ups, whereas the My processes view provides an overview of all active processes started by the logged-in user. Moreover, the object actions can be extended with a plugin action that can be offered in the MORE ACTIONS action group.
>> Connection of BPM Engine
yuuvis® architect
Switching between Tenants
Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. The new role YUUVIS_MULTI_TENANT is required.
>> yuuvis® architect
Client Development Libraries
Client Authentication via OpenID Connect
The Core Library is supporting the build of clients that can authenticate via OpenID Connect by means of bearer tokens. Thus, they can be operated outside the yuuvis® Momentum cluster.
>> Running clients outside the yuuvis® Momentum cluster
VIEWER Service
It is now possible to authenticate via bearer token to the VIEWER service. Especially, a preview for binary content files can be retrieved.
>> VIEWER Service
BPM Engine
Public API
The essential workflow functions needed for client development have been published as a public API. The API focuses on user perspective (get tasks of authorized user, start a process as authorized user, etc.) and allows for the development of fully custom clients on a stable API. Functions and endpoints needed for administrative purposes (such as "show tasks of all users in a tenant") are available only within the Kubernetes cluster and are not public.
>> BPM Engine Endpoints
Flowable Update
BPM Engine has been updated to Flowable 6.6.
BPM Model Scripting
Groovy is supported as scripting language in BPM models.
Health Check Endpoints
Each service offers the https://<host>/<service>/manage/health endpoint to retrieve information on its current status. DevOps engineers can thus monitor the liveness and readiness of individual services.
Note: As already described in the section for the core system above, the health check endpoint for the AUTHENTICATION service is only available for internal services.
>> Health Check for Services
Release Candidates
The Release Candidates (Alpha) provide the preliminary results expected to be ready at the corresponding date.
>> Version Tags Services - Release Candidates
Alpha1 - 01 JUN 2021
Core
Batch PATCH for Metadata
- A PATCH update of the value for a specified property can be applied to multiple objects. (internal: OKTO-4764)
Tenant Management API
Role Assignment via Groups
- Extensions of the tenant creation profile: (internal: COOL-14292)
- A new parameter section
groupsis introduced that lists all groups to be created containing roles to be assigned. - The section
useris extended to assig groups to a user.
- A new parameter section
- Users with the YUUVIS_SYSTEM_INTEGRATOR or YUUVIS_TENANT_ADMIN roles can create, update, get, and remove groups via Tenant Management API. These administrators can assign roles and users to a group as well as remove them. The members of groups are listed. (internal: COOL-14292)
- Users with the YUUVIS_SYSTEM_INTEGRATOR or YUUVIS_TENANT_ADMIN roles can create, and remove roles via Tenant Management API. (internal: COOL-14966)
Alpha2 - 15 JUN 2021
Core
Fuzzy Search of Full Text
- In full-text search queries, also partially matching objects can be provided as results. (internal: OKTO-4760)
Boosting for Full-Text Search
- Boosting can be applied to the list of matches of full-text search queries. (internal: OKTO-4761)
yuuvis® client as reference implementation
Defining Object Types
- A new classification value for secondary object types allows to hide the corresponding technical names in the Characteristics field of the Summary aspect area and display them in the Administrative information section instead. (internal: COOL-14997)
Alpha3 - 29 JUN 2021
The two weeks from 16 to 29 JUN 2021 will be our innovation sprint that allows us to try out new ideas and explore new ways for the future. We do not plan to deliver new features in this sprint, but we will fix the appearing bugs if possible.
Core
Signature of Internal JSON Web Tokens
- The internal JSON Web Token (JWT) has an additional section with a signature that can be used for additional validation of the caller's authorization. (internal: OKTO-4752)
Alpha4 - 13 JUL 2021
Core
New Webhook for Import and Update
- A webhook is provided that is triggered after storing the binary data and before writing the data to the database. (internal: OKTO-4819)
Retrieval of Configuration Files during Git Downtimes
- The CONFIGSERVICE can retrieve the cached version of configuration files even if the git is temporarily not accessible. (internal: OKTO-4894)
Tenant Management API
Searching for Users
- Users with the YUUVIS_TENANT_ADMIN role can search for users within their tenant. Users with the YUUVIS_SYSTEM_INTEGRATOR role can search for users within a specified tenant. (internal: COOL-13966)
Creating a Technical User
- It is possible to create a technical user with a non-temporary password. (internal: COOL-14976)
yuuvis® client as reference implementation
Switching Between Different Tenants
- After logging out, the user can change the tenant before logging in again. (internal COOL-14939)
Typification Suggestions during Object Creation
- While creating a document object with a content file, the user can be supported by a prediction for an object type and a suitable sub-typification defined as a value in the typification catalog field of that object type. (internal: COOL-15049)
This feature needs an installed beta version of the new AI Service.
Client Development Libraries
Client Authentication via OpenID Connect
- The Core Library is supporting the build of clients that can run outside the yuuvis® Momentum cluster by authentication in via OpenID Connect. (internal: COOL-15159)
Note: A preview of binary content files is not yet supported.
BPM Engine
Public API
- Users can get the list of available process definitions (internal: ERA-7869) and details of a process definition. (internal: ERA-7870)
- Users can start a process (i.e., instantiate a process definition). (internal: ERA-7871)
- Users can get processes started by themselves (internal: ERA-7872) and details of a process. (internal: ERA-7874)
- Users can delete a process started by themselves. (internal: ERA-7875)
- Users can get all tasks assigned to themselves or where they are mentioned in the list of potential users for the task. (internal: ERA-7876)
- Users can get details of a task that is visible to themselves. (internal: ERA-7877)
- Users can claim ta ask, unclaim a task, or assign a task to another user. (internal: ERA-7878)
- Users can save variables of a task, without completing it. (internal ERA-7879)
- Users can complete a task. (internal: ERA-7880)
Flowable Update
- BPM Engine has been updated to Flowable 6.6.
Other stories
- Groovy is supported as scripting language in BPM models (internal: ERA-7568)
Alpha5 - 27 JUL 2021
Core
Tenant Schema Management
- System integrators can manage tenant schemata for other tenants than their own. (internal: OKTO-4670)
yuuvis® client as reference implementation
BPM support:
- The new public BPM-API is supported (internal: COOL-15190)
- The 'Inbox' view supports standard processes in addition to follow-ups. (internal: COOL-15167)
- The new 'My processes' view is listing all active processes the user has started. (internal: COOL-15197)
- A plugin action can be imported that allows for specific processing of a selected object. (internal: COOL-15286)
Tenant Management API
Searching for Users
- Users with the YUUVIS_TENANT_ADMIN role can search for users within their tenant. Users with the YUUVIS_SYSTEM_INTEGRATOR role can search for users within a specified tenant.
The corresponding endpoint is extended with the optional parameterssearch,firstandmax. (internal: COOL-13966)
Note: This feature was planned for Alpha4 but had to be postponed.
Creating a Technical User
- The user passwords in the tenant creation profile will be stored encrypted. (internal: COOL-15202)
User Invitation and Deletion
- While creating a tenant with an initial user, you are informed that an invitation e-mail could not be sent if no SMTP parameters have been set. (internal: COOL-14401)
- The e-mail settings of a tenant can be changed. (internal: COOL-15214)
- Removing users removes their user settings as well (internal: COOL-14694)
Note: This feature had to be postponed and is now planned for version 2021 Winter.
Activating and Deactivating Tenants
- The endpoint for updating a tenant allows for deactivation and activation of tenants. (internal: COOL-15220)
Keycloak Configuration during Tenant Creation
- Keycloak default roles: While creating a tenant, the Keycloak standard roles are set to empty per default or to custom values per profile. (internal: COOL-15188)
Note: This feature was discarded. Alternatively, remove the Keycloak standard roles manually from your Master Realm. In the future, the Keycloak standard roles will no longer be offered in the user management of the Tenant Management API.
Final - 20 AUG 2021
Core
Cross-Tenant Service Accounts
- Business services can be enabled to perform cross-tenant operations. (internal: OKTO-4762)
Object Creation Permissions
- Permissions can be set for the creation of objects. (internal: OKTO-4807)
VIEWER Service
- It is now possible to authenticate via bearer token to the VIEWER service. Especially, a preview for binary content files can be retrieved. (internal: COOL-15168)
yuuvis® management console
Activating and Deactivating Tenants
- In the tenant creation dialog, it is possible to activate or deactivate tenants according to customers' contractual agreements. (internal: COOL-15230)
yuuvis® architect
Switching between Tenants
- Users with accounts in multiple tenants can easily switch between their tenants via Switch tenant instead of a conventional logout. The new role YUUVIS_MULTI_TENANT is required. (internal: COOL-15316)
Postponed Features
These initially planned features could not be realized. Some of them are planned for the next version 2021 Winter.
Core
Batch DELETE of Objects
Multiple objects can be deleted with one request.
CATALOG Service
A new CATALOG service will be offered that allows for the integration of catalogs in yuuvis® Momentum.
Rendition Repository
A repository manages the renditions assigned to objects. Renditions can be added, updated, and deleted via specific endpoints.
Tenant Management API
Technical User Role in Keycloak (KDDA)
Technical users can be created together with a new tenant. The technical users have the YUUVIS_SERVICE role which is added to Keycloak, but not to yuuvis® Momentum. Users with this role are excluded from the user lists returned by the endpoints GET /tenant-management/api/admin/users and GET /tenant-management/api/system/tenants/{tenant}/users. Thus, in yuuvis® architect, they are not displayed in the user list of their tenant and cannot be edited.
Note: The concept of this feature is under development until further notice.
User Deletion (KDDA)
During the deletion of users, all their stored settings will be deleted as well.
Changelog
Bugfixes
Hotfixes
Below you will find information about the provided hotfixes. The latest status about the atrefacts can be bound here: "Version Tags Services".