General Enhancements¶
Gateway Permission Changes¶
The GatewaySubmitData, GatewaySubmitSystemData, GatewaySystemManagement and GatewayQuerySystemData permissions are now disabled by default to improve security. An IntegrationUsers group is available and can be used to provide the access needed to submit data to the system.
Warning
The changing of these default permissions may affect your current integration and cause data to stop syncing. Please review the permissions before upgrading to ensure the system continues to work as expected. Any integration users that interact with the system may need adding to the IntegrationUsers group.
Health Check Endpoints¶
Health check endpoints are now available for the Workbench and Gateway. These endpoints can be used to determine the health of the system and can be used by monitoring tools to ensure the system is functioning correctly. The endpoints are:
RESTful Gateway:¶
- {GATEWAY_BASE_ADDRESS}/healthz
- {GATEWAY_BASE_ADDRESS}/api/v1/healthz
Workbench:¶
- {WORKBENCH_BASE_ADDRESS}/healthz
- {WORKBENCH_BASE_ADDRESS}/{ORG_ACCOUNT_ID}/healthz
The status code returned by these endpoints will be 200 OK if the system is healthy and 503 Service Unavailable if the system is not healthy.
Minor Enhancements¶
- Kubernetes pods will now be marked as not ready if the connection to the database is lost.
- The resiliency of polling broadcasts has been improved by storing the prepared broadcast data in the database.
- The UserNameClaim parameter used for OpenID Connect authentication now supports multiple claims by separating them with commas (e.g. "preferred_username,sub"). The first claim that is found will be used as the user's ID.