diff --git a/docs/administration.inventory.md b/docs/administration.inventory.md
deleted file mode 100644
index f5b407102..000000000
--- a/docs/administration.inventory.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-id: administration.inventory
-title: Resource Inventory
----
-
-For some cloud platforms, administrators can get an overview in the meshPanel of their active and inactive cloud resources. Through our metering process we collect various cloud resources and display these in a table format in the Administration area. This will make it easier to get an overview of what is currently running, and what has run in the past.
-
-To view the cloud resources inventory, go to the Administration Area and scroll down to "Inventory -> Resources". The page will display a table with all known cloud resources. The table can filter on various criteria such as the name, the type and platform of the cloud resource.
-
-As of now, only [OpenStack virtual machines](./meshstack.openstack.inventory.md) are supported. These are provided additionally with their public IP address and flavor name. Feel free to file a [feature request](https://meshcloud.canny.io/feature-requests) if you there are any other resources for other platforms that would be interesting to see in the meshPanel.
diff --git a/docs/meshstack.azure.inventory.md b/docs/meshstack.azure.inventory.md
deleted file mode 100644
index 326f7fdf9..000000000
--- a/docs/meshstack.azure.inventory.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-id: meshstack.azure.inventory
-title: Cloud Inventory
----
-
-For the purpose of listing resources running on the Azure platform, meshStack fetches Azure virtual machine information from the Azure Resource Graph API.
-
-## Permission Model
-
-In order to retrieve information about the virtual machines, the metering principal should be assigned a role that has the following permissions.
-
-- Microsoft.Network/publicIPAddresses/read
-- Microsoft.Network/networkInterfaces/read
-- Microsoft.Compute/virtualMachines/*/read
diff --git a/docs/meshstack.identity-federation.md b/docs/meshstack.identity-federation.md
index 28373891f..c5f4c0161 100644
--- a/docs/meshstack.identity-federation.md
+++ b/docs/meshstack.identity-federation.md
@@ -269,9 +269,9 @@ Some common cloud IAM architectures require using different user account for tes
+
-
```dhall
let Platform =
let Platform =
@@ -300,7 +300,6 @@ let Platform =
in Platform
```
-
#### Looking up transformed euids
@@ -331,10 +330,8 @@ At the moment only AAD offers a choice of user lookup attributes. Platform Opera
The following configuration options are available at `mesh.replicator`:
-
-
```dhall
let Replicator =
{-
@@ -345,14 +342,13 @@ let Replicator =
-}
{ aadUserLookupStrategy : Platform.Azure.AzureLookupStrategy }
```
-
+
-
```dhall
let AzureLookupStrategy =
{-
@@ -368,7 +364,6 @@ let AzureLookupStrategy =
-}
< UserByMailLookupStrategy | UserByUsernameLookupStrategy >
```
-
## Group Cleanup
diff --git a/docs/meshstack.identity-lookup.md b/docs/meshstack.identity-lookup.md
index 9d2643fb6..638e19a01 100644
--- a/docs/meshstack.identity-lookup.md
+++ b/docs/meshstack.identity-lookup.md
@@ -22,7 +22,7 @@ let IdentityLookup =
Configure the identity provider to use as a source for identity lookup.
deny-assigning-other-users:
- Controls the behavior of self-service user invitations (e.g. meshWorkspace role assignments from meshPanel).
+ Controls the behavior of self-service user invitations (e.g. workspace role assignments from meshPanel).
When true, users can only invite other users listed in the identity provider.
When false, users can create invitations also for users not listed in the identity provider.
-}
@@ -116,7 +116,7 @@ let example
: AzureCreds
= { aad-tenant = "devmeshcloud.onmicrosoft.com"
, client-id = "f112f31-248a-4461-1269-0f13164acb95"
- , client-secret = Secret.fromAnsible "client_secret"
+ , client-secret = Secret.fromTerraform "client_secret"
, guestLookup = None AzureGuestDetection
, euidSchemaExtensionUpdate = None AzureEuidExtensionSchema
, euidUserAttributeUpdate = None AzureEuidUserAttribute
@@ -348,7 +348,7 @@ let example
= { domain = "example.com"
, customer-id = "customer-id"
, service-account-credentials-b64 =
- Secret.fromAnsible "gcp_credentials"
+ Secret.fromTerraform "gcp_credentials"
}
```
diff --git a/docs/meshstack.openstack.inventory.md b/docs/meshstack.openstack.inventory.md
deleted file mode 100644
index 3b4aafdce..000000000
--- a/docs/meshstack.openstack.inventory.md
+++ /dev/null
@@ -1,15 +0,0 @@
----
-id: meshstack.openstack.inventory
-title: Cloud Inventory
----
-
-You can see a list of OpenStack virtual machines in the Resources page under the Inventory section in the Admin Area.
-Here you can filter by VM status and metadata such as flavor and IP Address of the instance.
-
-The meshPanel shows four possible statuses of a VM, and they are mapped to [OpenStack statuses](https://docs.openstack.org/api-guide/compute/server_concepts.html) as follows.
-
-* Active - ACTIVE, BUILD, ERROR, HARD_REBOOT, MIGRATING, PASSWORD, REBOOT, REBUILD, RESCUE, RESIZE, REVERT_RESIZE, UNKNOWN, VERIFY_RESIZE
-* Terminated - DELETED
-* Offline - PAUSED, SHELVED, SHELVED_OFFLOADED, SHUTOFF, SOFT_DELETED, SUSPENDED
-* Unknown - Any other state
-
diff --git a/docs/meshstack.workspace-group-sync.md b/docs/meshstack.workspace-group-sync.md
index 81b6cbd9f..66b92a819 100644
--- a/docs/meshstack.workspace-group-sync.md
+++ b/docs/meshstack.workspace-group-sync.md
@@ -256,7 +256,7 @@ let example =
The following example takes the 'cn' attribute and if the attribute matches the first rule,
will assign whatever follows the "MESHCLOUD-ROLE-" as the value of the meshObject field. If the attribute matches
the second rule, will assign the value "Platform Operator" and if none of the rules match, assigns the
- value "Workspace Manager".
+ value "Workspace Member".
-}
{ attribute = "cn"
, postProcessor = None PostProcessor
@@ -267,7 +267,7 @@ let example =
}
]
, template = None Text
- , otherwise = Some "Workspace Manager"
+ , otherwise = Some "Workspace Member"
}
```
@@ -310,7 +310,7 @@ let GroupAttributesTransformations =
The 'distinguished name' attribute key for a user entity in LDAP. This attribute value should match the users
referred to in the 'members' attribute of the groupAttributesTransformations.
- name, ownedByCustomer, displayName, egid
+ name, ownedByWorkspace, displayName, egid
For each of these meshUser fields, specify which LDAP attribute should be transformed and assigned to the field.
tags:
@@ -319,7 +319,7 @@ let GroupAttributesTransformations =
-}
{ membersAttribute : Text
, name : AttributeTransformation
- , ownedByCustomer : AttributeTransformation
+ , ownedByWorkspace : AttributeTransformation
, displayName : AttributeTransformation
, egid : AttributeTransformation
, tags : List TagMapping
@@ -392,7 +392,7 @@ let example
{ attribute = "cn"
, postProcessor = Some PostProcessor.LOWERCASE
}
- , ownedByCustomer =
+ , ownedByWorkspace =
AttributeTransformation.Regex
{ attribute = "cn"
, postProcessor = None PostProcessor
@@ -439,7 +439,7 @@ let example
}
]
, template = None Text
- , otherwise = Some "Workspace Manager"
+ , otherwise = Some "Workspace Member"
}
}
```
@@ -491,7 +491,7 @@ let example
Secret.Raw "EXTERNAL_IDENTITYCONNECTOR_MESH_API_PASSWORD"
, authorities =
[ Authority.EXTERNAL_MESH_OBJECT_IMPORT
- , Authority.CUSTOMEROWNER_ASSIGN
+ , Authority.WORKSPACEOWNER_ASSIGN
]
}
}
diff --git a/website/blog/2024-11-28-Release-0.md b/website/blog/2024-11-28-Release-0.md
new file mode 100644
index 000000000..8d7209616
--- /dev/null
+++ b/website/blog/2024-11-28-Release-0.md
@@ -0,0 +1,82 @@
+---
+author: meshcloud
+title: Release 2024.51.0
+---
+
+Release period: 2024-11-20 to 2024-11-28
+
+This release includes the following issues:
+* Slow performance when moving tenants
+* Missing Partner Employee Permissions
+* Manage Workspace Users from the Admin Area
+* Deprecation of meshStack resource inventory
+* Workspace Role Recertification Reminders
+* Extend meshObject API with meshWorkspaceGroupBindings
+* meshObject API meshWorkspaceUserBinding status codes changes
+
+
+## Ticket Details
+### Slow performance when moving tenants
+**Audience:** Partner
+
+#### Description
+This improves the performance of the tenant move wizard.
+The tenant move wizard loaded a lot of data in the background. In environments with a lot of
+projects and tenants this could lead to very slow behavior. This is now fixed.
+
+### Missing Partner Employee Permissions
+**Audience:** Partner
+
+#### Description
+Due to a permissions issue, the Partner Employee role was no longer able to see and manage payment
+methods in the Partner area. The permissions have been adjusted and the issue has been resolved.
+
+### Manage Workspace Users from the Admin Area
+**Audience:** Partner
+
+#### Description
+Now you are be able to manage users directly from the admin area. This includes assigning, deleting, and changing roles,
+as well as setting expiration dates, all without needing to assign yourself to this specific workspace. Note that this
+functionality is available only to users with Partner Admin or Partner Employee roles.
+
+### Deprecation of meshStack resource inventory
+**Audience:** User
+
+#### Description
+meshStack previously supported the inventory of Virtual Machines on OpenStack, accessible in the Admin Area
+under Resources > Platforms. This feature has now been fully deprecated and removed from meshStack.
+
+### Workspace Role Recertification Reminders
+**Audience:** User
+
+#### Description
+To help you manage role recertification more easily, we have introduced a pop-up window that appears after logging in,
+if your own or team member roles of any workspace you manage, expire. A banner is also shown on the workspace control plane
+that reminds users about expiring workspace accesses. This helps you manage roles proactively and prevent any loss
+of access.
+
+### Extend meshObject API with meshWorkspaceGroupBindings
+**Audience:** Partner, Operator
+
+#### Description
+The meshObject API was extended to support the creation, deletion and
+retrieval of meshWorkspaceGroupBindings via the imperative meshObject API
+endpoints (as opposed to the declarative meshObject API endpoints).
+
+#### How to use
+The documentation for the new API endpoints is available in our meshObject
+API documentation, below the meshProjectGroupBinding. For now, this
+functionality is only available for API users, and not for API keys. Support
+for API keys will be available in the future.
+
+### meshObject API meshWorkspaceUserBinding status codes changes
+**Audience:** Partner
+
+#### Description
+With this change, we have updated the HTTP response status codes for the
+newly introduced meshObject API meshWorkspaceUserBindings endpoints to align
+them with the behavior of other API endpoints. The POST
+/api/meshobjects/meshworkspacebindings/userbindings endpoint now returns a
+201 status code when creating a new meshWorkspaceUserBinding. If you're
+already using this API endpoint, please update your status code check to 201.
+
diff --git a/website/sidebars.json b/website/sidebars.json
index e29007bee..9cac81482 100644
--- a/website/sidebars.json
+++ b/website/sidebars.json
@@ -51,7 +51,6 @@
"administration.platforms",
"administration.landing-zones",
"administration.building-blocks",
- "administration.inventory",
"administration.service-brokers",
"administration.analytics",
"administration.emergency-users",
@@ -91,8 +90,7 @@
"Microsoft Azure": [
"meshstack.azure.index",
"meshstack.azure.landing-zones",
- "meshstack.azure.metering",
- "meshstack.azure.inventory"
+ "meshstack.azure.metering"
],
"Google Cloud Platform": [
"meshstack.gcp.index",
@@ -119,8 +117,7 @@
],
"OpenStack": [
"meshstack.openstack.index",
- "meshstack.openstack.metering",
- "meshstack.openstack.inventory"
+ "meshstack.openstack.metering"
],
"OSB Services": [
"meshstack.meshmarketplace.index",
diff --git a/website/static/api/api_index.html b/website/static/api/api_index.html
index d0b2a0744..42254a470 100644
--- a/website/static/api/api_index.html
+++ b/website/static/api/api_index.html
@@ -549,12 +549,12 @@ Index
{
"_links" : {
- "metadata" : {
- "href" : "https://mesh-backend-url/api/metadata"
- },
"meshobjects" : {
"href" : "https://mesh-backend-url/api/meshobjects"
},
+ "metadata" : {
+ "href" : "https://mesh-backend-url/api/metadata"
+ },
"self" : {
"href" : "https://mesh-backend-url/api"
}
@@ -566,7 +566,7 @@ Index
diff --git a/website/static/api/api_key_login.html b/website/static/api/api_key_login.html
index 61591a678..372bf74bd 100644
--- a/website/static/api/api_key_login.html
+++ b/website/static/api/api_key_login.html
@@ -591,7 +591,7 @@