This release adds support for reading externally-supplied JWT tokens from a header, instead of manually clicking on the Log In button.
Download the release on GitHub.
Features
Section titled “Features”Add support for login via externally-supplied JWTs
Section titled “Add support for login via externally-supplied JWTs”You can now configure the Tenzir Platform to accept externally-supplied JWTs, instead of
presenting a Login button and performing the OIDC flow itself. This is done by setting
the PRIVATE_JWT_FROM_HEADER environment variable of the Tenzir UI service to the name
of a header containing the external JWT.
This is useful for situations where access to the Tenzir Platform is already protected by an external authentication proxy that provides identity information to the application. In this case, the provided information can now be used directly instead of going through a second round of logins.
For example, to use this feature in combination with Google Cloud IAP, you would
set PRIVATE_JWT_FROM_HEADER=X-Goog-IAP-JWT-Assertion and set the trusted issuer in the
platform to {"issuer":"https://cloud.google.com/iap","audiences":["<your_iap_audience>"]},
where the audience string depends on your IAP configuration but would typically look
like "/projects/<project_number>/global/backendServices/<oauth_client_id>".
By @lava.
Add support for passing multiple issuer URLs
Section titled “Add support for passing multiple issuer URLs”The Tenzir Platform can now accept JWTs from multiple independent issuers. This is useful in situations where the CLI and UI users are served by two different OIDC providers.
To configure multiple OIDC providers, set the TENZIR_PLATFORM_OIDC_TRUSTED_AUDIENCES environment variable in your .env file to a list of issuer configurations:
TENZIR_PLATFORM_OIDC_TRUSTED_AUDIENCES='[{"issuer": "https://accounts.google.com", "audiences": ["audience1"]}, {"issuer": "https://cloud.google.com/iap", "audiences": ["audience2", "audience3"]}]'Note that the previous way of setting a single JSON object with issuer and audiences keys for this variable is still supported, so no change is required
if you only want to use a single issuer.
By @lava.
Persistent widget time range
Section titled “Persistent widget time range”The selected time range for the widgets now persists across page reloads and navigation, so you don’t have to reselect it each time.
Changes
Section titled “Changes”Dashboard error handling improvements
Section titled “Dashboard error handling improvements”Improve error handling related to loading dashboard data, adding cells to the dashboard, and saving/deleting dashboards.
By @avaq.
Bug Fixes
Section titled “Bug Fixes”Fix nodes not changing/disappearing after editing/deleting them
Section titled “Fix nodes not changing/disappearing after editing/deleting them”Fix an issue where the node wouldn’t disappear from the list of nodes after the node was deleted, or would update itself after being renamed, from the dropdown menu (while the side bar was collapsed).
By @avaq.