Skip to content
Snippets Groups Projects
Commit 8e38cf79 authored by Marc Burnie [AWS]'s avatar Marc Burnie [AWS]
Browse files

updating release notes and documentation

parent 7fe553ab
No related branches found
No related tags found
1 merge request!486Adding x-user-id header to default dataauth policies
Pipeline #257765 failed
Stage: build
Stage: containerize
Stage: scan
Stage: deploy
Stage: bootstrap
Stage: integration
Stage: publish
Hide whitespace changes
Inline Side-by-side
docs/docs/auth.md
+ 2
0
View file @ 8e38cf79
......@@ -6,6 +6,8 @@ OSDU data platform has two additional service that are used together with policy
[Legal](https://community.opengroup.org/osdu/platform/security-and-compliance/legal/-/blob/master/docs/tutorial/ComplianceService.md) service that provides additional attributes that can be used to conform to legal and organizational regulations.
The data authorization policies define the requests to OSDU services and assertions required by OPA to evaluate user authorization. Entitlements service requires the `x-user-id` header and `data-partition-id` header for all calls to evaluate that a user belongs to a service group within a partition to be authorized to access a record or make a request, which is why these headers must be included in the policies api calls to OSDU services.
Policy Service APIs are consistent with other OSDU APIs in a way that they require Bearer token as authorization header and data partition as `data-partition-id` header for all the calls. Similarly, user making the call needs to be in a necessary service group to be authorized to make the call.
For policy service, the relevant service groups are `service.policy.user` and `service.policy.admin` (configurable in
......
docs/docs/releasenotes.md
+ 1
0
View file @ 8e38cf79
......@@ -18,6 +18,7 @@ Policy Service v0.26.0 2024/04
- Upgraded FastAPI to 0.109.2 for security fixes [CVE-2024-24762](https://nvd.nist.gov/vuln/detail/CVE-2024-24762)
- Upgraded usage of SHA1 to SHA256. This includes detection of changes to policies, response headers and response json if SHA-1 was previously included. [124](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/124) and [125](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/125). This SHA-256 will also show up in pod audit logs and external audit logs when relevant.
- Updated OPA recommended versions for [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783), [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246), and [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779).
- Added x-user-id header to default data authorization rego policies to fix issue where OPA's requests to entitlements and legal service were not authorized. Issue [129](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/129).
### M23 Features
- Separate Audit Log [113](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/113). See [logging](logging.md) for more details.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment