[release-1.5] RHIDP-4741: RHDH 1.5 Release Notes

modules/release-notes/ref-release-notes-breaking-changes.adoc

@@ -5,5 +5,20 @@
 This section lists breaking changes in {product} {product-version}.
 
 
-None.
+[id="breaking-change-rhidp-5812"]
+== The `scopes` parameter is now required for GitLab project deploy token creation
 
+The `scopes` parameter is now mandatory for the `gitlab:projectDeployToken:create` action. A valid value, such as `['read_repository']`, must be provided.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5812[RHIDP-5812]
+
+[id="breaking-change-rhidp-5568"]
+== The `dynamicPlugins.cache.volumeClaimSpec` field is removed from the Helm Chart, dynamic plugin storage is now ephemeral
+
+The `dynamicPlugins.cache.volumeClaimSpec` field has been removed from `values.yaml`, making all dynamic plugin storage ephemeral by default. Instead of the Helm chart managing persistent volume claim (PVC) creation, you must now manually configure ephemeral volume claims under `extraVolumes`.
+
+This change also resolves issues with running multi-replica {product-very-short} deployments, as using a PVC for the Dynamic Plugins cache previously led to potential write conflicts.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5568[RHIDP-5568]

modules/release-notes/ref-release-notes-deprecated-functionalities.adoc

@@ -4,6 +4,67 @@
 
 This section lists deprecated functionalities in {product} {product-version}.
 
+[id="deprecated-functionality-rhidp-5350"]
+== Deprecation of `podman` and `ImageStreams` approach for Helm chart mirroring on {ocp-short}
 
-None.
+The previous method using `podman` and `ImageStreams` for Helm chart mirroring has been deprecated. You are now required to transition to `oc-mirror` for Helm chart and related container image mirroring on {ocp-short}. This change enables support for fully disconnected and partially disconnected environments, ensuring a {company-name}-supported airgapping process.
 
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5350[RHIDP-5350]
+
+[id="deprecated-functionality-rhidp-5004"]
+== Removal of `useRedisSets` option from Redis backend cache
+The `useRedisSets` option in the Redis backend cache was previously enabled by default. With this update, the option has been removed and is no longer effective. If it remains in the configuration, a warning will appear in the application logs.
+
+Required action::
++
+* To avoid warnings, remove the `useRedisSets` option from the `backend.cache` section in your `app-config.yaml` file.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5004[RHIDP-5004]
+
+[id="deprecated-functionality-rhidp-2028"]
+== Deprecation of ArgoCD front-end plugin from RoadieHQ
+
+The ArgoCD front-end plugin from RoadieHQ has been deprecated and will be removed in a future release. Consider transitioning to the ArgoCD plugin from {company-name} for continued support and enhancements.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-2028[RHIDP-2028]
+
+[id="deprecated-functionality-rhidp-5958"]
+== Change in sign-in resolver configuration location
+
+Previously, configuring the sign-in resolver to bypass user provisioning in the {product-short} software catalog required setting `dangerouslyAllowSignInWithoutUserInCatalog: true` at the root of the `{my-app-config-file}` file.
+
+In this release, this configuration has been deprecated at the root level and moved to the resolver configuration section. It now applies specifically to that resolver. For more details, see link:{authentication-book-url}[{authentication-book-title}].
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5958[RHIDP-5958]
+
+[id="deprecated-functionality-rhidp-6013"]
+== Deprecation of legacy dynamic plugin configurations and export options
+
+Due to ongoing improvements in dynamic plugin functionality, the following features are deprecated and will be removed in a future release:
+
+* `apiFactories` configuration: Dynamic plugins must now define API factories directly within their plugin using the `createPlugin` API for better integration and maintainability.
+
+* `export-dynamic-plugin --embed-as-code` and `--no-embed-as-dependencies`: These options, which inline each dependency as code, have been deprecated because plugins exported this way cannot properly access the database. The `--embed-as-dependencies` option, now the default for package `export-dynamic-plugin`, replaces this behavior.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-6013[RHIDP-6013]
+
+[id="deprecated-functionality-rhidp-5682"]
+== {rhbk-brand-name} `v24` is deprecated as an authentication provider
+
+{rhbk-brand-name} ({rhbk}) `v24` is deprecated as an authentication provider. You can continue to use {rhbk} `v24` until the end of maintenance support. For details, see link:https://access.redhat.com/support/policy/updates/red_hat_build_of_keycloak_notes[{rhbk-brand-name} Life Cycle and Support Policies]. As an alternative, migrate to {rhbk-brand-name} `v26`.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5682[RHIDP-5682]
+
+[id="removed-functionality-rhidp-5218"]
+== Removal of {rhsso-brand-name} `7.6` as an authentication provider
+
+{rhsso-brand-name} `7.6` was deprecated as an authentication provider in {product-very-short} version 1.4 and has been removed in {product} {product-version}.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5218[RHIDP-5218]

modules/release-notes/ref-release-notes-fixed-issues.adoc

@@ -4,6 +4,234 @@
 
 This section lists issues fixed in {product} {product-version}.
 
+== Fixed issues in 1.5.0
+
+[id="bug-fix-rhidp-5803"]
+=== Entity tab reordering now works as expected
+
+You can now reorder entity tabs by specifying a priority value in the configuration. Tabs with higher priority values appear first, while default tabs can be hidden by assigning a negative priority value.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5803[RHIDP-5803]
+
+[id="bug-fix-rhidp-5119"]
+=== Report issue feature and oversized icon in TechDocs
+
+Previously, the *Report a documentation issue* feature in TechDocs was not functional. Additionally, selecting text in a TechDoc displayed an oversized icon instead of the intended tooltip button.
+
+This issue has been fixed, ensuring that users can now select content and report issues correctly using the tooltip button.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5119[RHIDP-5119]
+
+[id="bug-fix-rhidp-5023"]
+=== Keycloak access token lifespan and refresh performance
+
+When using {rhbk} as an OIDC provider, the default access token lifespan was set to five minutes, causing frequent refresh token requests as the token neared expiration. This resulted in performance issues due to the frequent token refreshes.
+
+To resolve this, you can increase the access token lifespan on the Keycloak server by adjusting the *Access Token Lifespan* setting under *Configure -> Realm Settings* to a value greater than five minutes. This adjustment prevents unnecessary refresh token calls and improves performance.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5023[RHIDP-5023]
+
+[id="bug-fix-rhidp-5609"]
+=== Improved OCI artifact handling and prevented unintended deletion
+
+This update introduces a new `pullPolicy` configuration to enhance support for floating tags in OCI artifacts. The `pullPolicy` setting provides more consistent behavior across platforms handling image containers and offers two options:
+
+* `Always`: Compares the image digest in the remote registry and downloads the artifact if it has changed, even if the plugin was previously downloaded.
+* `IfNotPresent`: Downloads the artifact only if it is not already present in the dynamic-plugins-root folder, without checking image digests.
+
+The `pullPolicy` setting is also applied to the NPM downloading method, though `Always` will download the remote artifact without a digest check. While the existing `forceDownload` option remains functional, `pullPolicy` takes precedence, and `forceDownload` might be deprecated in a future release.
+
+Additionally, this update fixes an issue where OCI artifacts were unintentionally deleted during the clean up phase if only the URL was modified.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5609[RHIDP-5609]
+
+[id="bug-fix-rhidp-5594"]
+=== Corrected enabled status display for external plugins
+
+Previously, plugins installed from external sources were incorrectly displayed with a *No* in the *Enabled* column on the *Plugins* page. This update fixes the UI logic to ensure that externally installed plugins now correctly appear with a *Yes* in the *Enabled* column as expected.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5594[RHIDP-5594]
+
+[id="bug-fix-rhidp-5573"]
+=== Dynamic plugins PVC now ephemeral by default to prevent upgrade issues
+In {product-short} Helm Chart version 1.4.2+, it was possible to configure the storage class and access mode for the dynamic plugins persistent volume claim (PVC) using the `dynamicPlugins.cache.volumeClaimSpec` field in the Helm values file.
+
+In version {product-version}, this behavior has been reverted, making the dynamic plugins root PVC ephemeral by default. This change addresses issues encountered when upgrading the Helm Chart or running multiple replicas of {product-short}.
+
+You can still customize the ephemeral volume claim’s storage class and access mode using the `upstream.backstage.extraVolumes` field, as shown in the following example:
+
+.Example configuration
+[source,yaml]
+----
+upstream:
+  backstage:
+    extraVolumes:
+      - name: dynamic-plugins-root
+        ephemeral:
+          volumeClaimTemplate:
+            spec:
+              accessModes:
+                # TODO: Change the access mode below
+                - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 5Gi
+              # TODO: Add your storage class below
+              storageClassName: "<my-custom-storage-class>"
+
+      - name: dynamic-plugins
+        configMap:
+          defaultMode: 420
+          name: '{{ printf "%s-dynamic-plugins" .Release.Name }}'
+          optional: true
+
+      - name: dynamic-plugins-npmrc
+        secret:
+          defaultMode: 420
+          optional: true
+          secretName: '{{ printf "%s-dynamic-plugins-npmrc" .Release.Name }}'
+
+      - name: dynamic-plugins-registry-auth
+        secret:
+          defaultMode: 416
+          optional: true
+          secretName: '{{ printf "%s-dynamic-plugins-registry-auth" .Release.Name }}'
+
+      - name: npmcacache
+        emptyDir: {}
+
+      - name: temp
+        emptyDir: {}
+----
+
+However, ensure that all link:https://github.com/redhat-developer/rhdh-chart/blob/release-1.5/charts/backstage/values.yaml#L145-L181[other volumes] declared in the default Helm Chart are also included.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5573[RHIDP-5573]
+
+[id="bug-fix-rhidp-5342"]
+=== Support for multiple replicas across cluster nodes
+
+Previously, the {product-short} Helm Chart did not support running multiple replicas on different cluster nodes due to the automatic creation of a dynamic plugins root persistent volume claim (PVC). This issue has been resolved by reverting the PVC creation and switching to an ephemeral volume by default, allowing multiple replicas to function properly.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5342[RHIDP-5342]
+
+[id="bug-fix-rhidp-5558"]
+=== Configurable image and disable option for `test-connection` pod
+
+In previous versions of the {product-short} Helm Chart, the image for the `test-connection` pod could not be configured, which posed challenges for air-gapped environments. The `test-connection` pod is created when running helm test to validate a deployed release.
+
+This issue has been resolved by introducing configuration options to specify the image and allowing the `test-connection` pod to be disabled entirely. The following fields are now available in the Helm Chart:
+
+.Example configuration fields in Helm Chart
+[source,yaml]
+----
+# -- Test pod parameters
+test:
+  # -- Whether to enable the test-connection pod used for testing the Release using `helm test`.
+  enabled: true
+
+  image:
+    # -- Test connection pod image registry
+    registry: quay.io
+
+    # -- Test connection pod image repository. Note that the image needs to have both the `sh` and `curl` binaries in it.
+    repository: curl/curl
+
+    # -- Test connection pod image tag. Note that the image needs to have both the `sh` and `curl` binaries in it.
+    tag: latest
+----
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5558[RHIDP-5558]
+
+[id="bug-fix-rhidp-5476"]
+=== `MODULE_NOT_FOUND` error in GitLab org catalog and Notification backend plugin
+
+Previously, the GitLab org catalog backend plugin and Notification backend plugin failed to load when configured, displaying a `MODULE_NOT_FOUND` error. This issue has been fixed by embedding the missing dependencies within the GitLab org catalog backend dynamic plugin, ensuring proper functionality.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5308[RHIDP-5308]
+* link:https://issues.redhat.com/browse/RHIDP-5476[RHIDP-5476]
+
+[id="bug-fix-rhidp-5219"]
+=== Monorepo detection in `package-dynamic-plugins` CLI command
+
+The `janus-idp` CLI command `package-dynamic-plugins` is designed to work with both monorepos and single plugin projects. This update resolves a bug in the tool’s monorepo detection, which previously caused the tool to fail with the error `TypeError: Cannot read properties of undefined (reading 'packages')` when run in a single plugin project.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5219[RHIDP-5219]
+
+[id="bug-fix-rhidp-5014"]
+=== Improved dependency resolution for embedded packages in CLI
+
+Previously, the CLI examined the dependencies of embedded packages during the export process by calling require from the monorepo root. This could lead to incorrect dependency resolution, especially when wrapping an existing plugin.
+
+With this update, the CLI now calls require from the embedded package's parent directory, ensuring that the most relevant dependencies are correctly identified and used.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-5014[RHIDP-5014]
+
+[id="bug-fix-rhidp-4828"]
+=== Improved CLI handling for dynamic plugin export
+
+Previously, the CLI required each dynamic plugin project to define an `export-dynamic` script for the `package-dynamic-plugin` command to successfully export the plugin.
+
+With this update, defining an `export-dynamic` script is no longer necessary. The `package-dynamic-plugin` command now automatically attempts to run the `export-dynamic-plugin` command with default arguments, simplifying the export process.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4828[RHIDP-4828]
+
+[id="bug-fix-rhidp-6180"]
+=== Improved startup performance for RBAC backend plugin
+
+Previously, the startup process would slow down when handling a large number of CSV entries due to roles and permission policies being added individually. In this release, roles and policies are now added in bulk, improving the startup speed of the RBAC backend plugin.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-6180[RHIDP-6180]
+
+[id="bug-fix-rhidp-4697"]
+=== RBAC performance for large user and group counts
+
+Previously, organizations with a large number of users and groups experienced slower response times due to RBAC permission evaluations. This update includes performance improvements to help mitigate those slowdowns.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4697[RHIDP-4697]
+
+[id="bug-fix-rhidp-6088"]
+=== Expanded support for conditional aliases
+
+Previously, conditional aliases were only functional for the catalog conditional rule of `IS_ENTITY_OWNER`. With this update, aliases now apply to all rules, improving flexibility and functionality.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-6088[RHIDP-6088]
+
+[id="bug-fix-rhidp-4696"]
+=== Rolling update issue with PVCs
+
+Previously, upgrading an existing {product-short} Helm release using rolling updates was blocked due to the automatic creation of a dynamic plugins root persistent volume claim (PVC) with a hardcoded `ReadWriteOnce` access mode. This prevented new replicas from being scheduled on different nodes.
+
+This issue is now resolved by reverting the PVC creation and using an ephemeral volume by default, enabling rolling updates and allowing multiple replicas to function as expected.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4696[RHIDP-4696]
+* link:https://issues.redhat.com/browse/RHIDP-5516[RHIDP-5516]
+
+[id="bug-fix-rhidp-4415"]
+=== Air-gapped installation script for ROSA clusters
+
+Previously, the installation script for the Operator failed to run on Red Hat OpenShift Service on AWS (ROSA) clusters in air-gapped environments. This issue has now been resolved, ensuring the script functions correctly on ROSA.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-4415[RHIDP-4415]
+
+
+
 
-None.
 

modules/release-notes/ref-release-notes-fixed-security-issues.adoc

@@ -0,0 +1,5 @@
+:_content-type: REFERENCE
+[id="fixed-security-issues"]
+= Fixed security issues
+
+You can view the security issues fixed in {product} {product-version} at link:https://access.redhat.com/security/security-updates/cve?q=red+hat+developer+hub&p=1&sort=cve_publicDate+desc,allTitle+desc&rows=10&documentKind=Cve[Red Hat Security Updates].

modules/release-notes/ref-release-notes-known-issues.adoc

@@ -4,6 +4,21 @@
 
 This section lists known issues in {product} {product-version}.
 
+[id="known-issue-rhidp-6455"]
+== Add button is misaligned on Bulk Import page
 
-None.
+On the *Bulk Import* page, the *Add* button may occasionally appear in the top-left corner instead of its intended position in the bottom-right corner. Despite the misalignment, the button remains fully functional.
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-6455[RHIDP-6455]
+
+
+[id="known-issue-rhidp-3396"]
+== Topology plugin permission is not displayed in the RBAC front-end UI
+
+Permissions associated only with front-end plugins do not appear in the UI because they require a backend plugin to expose the permission framework's well-known endpoint. As a workaround, you can apply these permissions by using a CSV file or directly calling the REST API of the RBAC backend plugin. Affected plugins include Topology (`topology.view.read`), Tekton (`tekton.view.read`), ArgoCD (`argocd.view.read`), and Quay (`quay.view.read`).
+
+
+.Additional resources
+* link:https://issues.redhat.com/browse/RHIDP-3396[RHIDP-3396]