Release 5.29
Keycloak authorization configuration now has changed significantly and Keycloak authorization in Designer Web is now enabled by default.
See environment variable changes below.
Note that from 5.30.0 it is possible to disable Keycloak for transition period, but after transition period Keycloak will be mandatory.
Development API calls now doesn't go directly to runtime server, but through Designer Web service itself.
Expressions now use isolated-vm based evaluator @ivm by default.
New expression evaluator is more secure, and it is backwards compatible with previously used @eval evaluator.
@eval evaluator is now deprecated and disabled by default.
Node.js is upgraded to version 18.
Configuration changes
Environment variable changes are described below. Mandatory variables are in bold.
Designer Web
- Added
PUBLIC_API_BASE_URL- browser accessible URL to runtime server (without/aceprefix)DEV_API_BASE_URL- internal URL to runtime server dev endpoint (with/aceprefix)JWT_SECRET- copied from runtime server, need to have same value as for runtime serverJWT_EXPIRE- moved from runtime serverKEYCLOAK_CLIENTID- moved from runtime serverKEYCLOAK_REALM- moved from runtime serverKEYCLOAK_CLIENT_SECRET- moved from runtime serverKEYCLOAK_AUTH_SERVER_URL- moved from runtime serverACE_UI_URL- moved from runtime serverKEYCLOAK_DESIGNER_ACCESS_ROLE- copied from runtime server, need to have same value as for runtime server
- Removed
REACT_APP_DEV_API_BASE_URL- this option is split into 2 variables for public and development API accessREACT_APP_AUTH_STRATEGY- option removed as Keycloak authorization is now mandatory.
Runtime server
- No changes
JWT_SECRETKEYCLOAK_DESIGNER_ACCESS_ROLE
- Added
ACE_DEV_API_AUTH_DISABLE- defaultfalse. Allows to disable development API authentication in case other method, like gateway or sidecar is used to protect APIs.ENABLED_EVAL_EXTENSIONSDEFAULT_EVAL_EXTENSIONIVM_TIMEOUT
- Removed
JWT_EXPIRE- moved to designer web serverACE_UI_AUTH_STRATEGY- moved to designer web server and iskeycloakby default, so no need to add itKEYCLOAK_CLIENTID- moved to designer web serverKEYCLOAK_REALM- moved to designer web serverKEYCLOAK_CLIENT_SECRET- moved to designer web serverKEYCLOAK_AUTH_SERVER_URL- moved to designer web serverACE_UI_URL- moved to designer web serverSELF_EXTERNAL_URL- removed completely
Keycloak
ACE runtime server url can be removed from Keycloak configuration completely. It is sufficient to leave only Designer Web URL.
Release notes
See docker images below.
ACE 5.29.0
October 11, 2023
Features
- DIG2022-19888Mandatory authorization in Designer Web
- DIG2022-13095Upgrade to Node.js 18
- DIG2022-17353Expression evaluator: isolated-vm
- DIG2022-21613Mongo-db step ObjectId support
- DIG2022-13658Upgrade RJSF to 5.x
- DIG2022-16744Scheduler installation command (CLI)
- DIG2022-19891Authorize Designer Web users in application backend
- DIG2022-17323Designer test endpoint git authorization in backend
- DIG2022-17322Designer Web Git authorization in backend
- DIG2022-17319Store Designer settings in Mongo
- DIG2022-17318Call test endpoints through Designer Web backend
ACE 5.29.1
October 14, 2023
Bug Fixes
- DIG2022-22044View API Definition is not loading the swagger UI page of deployed API's
- DIG2022-22047Executing deployed apis in swagger page are having additional attribute 'api-spec' in url
Docker images
Designer Web
docker pull euadigportalcoredev02acr.azurecr.io/ace-designer:5.29.1
Designer runtime server
docker pull euadigportalcoredev02acr.azurecr.io/ace-designer-server:5.29.1
Versioning CLI
docker pull euadigportalcoredev02acr.azurecr.io/ace-versioning:5.29.1
Scheduled job (BullMQ) administration
docker pull euadigportalcoredev02acr.azurecr.io/bull-board:5.29.1
Designer Desktop
ACE Designer Desktop is not available in this release. It will be available in future releases.