Blog

Around Easter, we are starting to roll-out the Jira-Jenkins Integration, as shown in our event Mastering DevOps Toolchain Showcase. Furthermore, we have documented for you how to use the Gravatar Support to get the most out of your DevOps toolchain.

Happy Easter!

Released on March 27, 2023

Enhancements

• The Technical Users page can now be used by all Portal users. In general, only these Tech Users will be listed which share a project with the user. In addition, the roles for these Tech Users can be changed, but of course limited to the Projects where the user has an Admin role. Creating, Deleting and Editing of Tech Users is still limited to Portal admins.
• Due to updated PSA statements of compliance, the minimum length for passwords of technical users has been increased to 32.
• Resync roles as found in a Project's more menu has been replaced by Resync. The new Project Resync combines saving a Project and resending the roles. Therefore, the Resync guarantees at any time that all Project details including defined member roles are properly set-up in all the tools. When you've ordered additional tools, like e.g. SonarQube, it's advised to call Resync on the Projects which should get support for the new tool.

• When a role is added to a locker user, the role is added only on the portal, but not inside the tools. If the user is later unlocked, all roles are automatically restored in the tools.

• Additional icons like shown in the example screenshot below now give a fast feed-back if the entered content was ok or not. Since the icons can be clearly distinguished from each other just by their shape, it's also an improvement for color-blind users.

Improvements

• Developed code that will be later used by the portal to allow removal of non-standard roles or individual permissions that have been set by Project admins directly in tools. This will allow in the future to improve the resync feature for projects in the portal.
• Improved display of timestamps and empty strings in pending syncs.
• Improved keyboard control as well as the contrast of the colors for all pages to improve accessability of the Portal.
• Improved support for screen readers.
• Two back-end components have been merged to simplify development.
• Base image and all dependencies used by the back-end have been updated to latest versions.
• Automated tests now run faster and don't unnecessarily block Jenkins agents when waiting for test environments.
• Shifted automated testing to new clusters based on the Rancher-Longhorn architecture.

Bugfixes

• Fixed problems in the LDAP server when handling more than 1000 users.
• Relaxed time-outs between the portal server and the auto-provisioning back-end to avoid pending syncs showing up with error message "I/O error clap-api:5000 failed to respond". This was necessary since some operations of the auto-provisioning can take longer since multiple tools have to be configured.
• Locking and deletion of users were not properly working on Rancher1.6, if the user had a personal default environment.
• In rare cases, e.g. after a timed-out session, the Portal can show its own login dialog instead of the SSO login page. That has been fixed for most cases. If it happens to you, simply reload the page to get to the correct login page.
• Vulnerability fixed which would have allowed an authenticated portal admin to change the userid/email of a user, leading to problems in the tools.
• For users that never logged in to SonarQube, a harmless pending sync could show up when a role was saved.
• A timeout was added to a query all projects call towards Jenkins to avoid hanging requests due to possible Jenkins malfunctions.
• Fixed a problem related to multi-threading in the back-end.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team will automatically repair it for you. Problem is fixed for customers which have Rancher v2.6 in their toolchain as it happens only with Rancher 1.6.

Released on January 12, 2023

Enhancements

• Added full support for Rancher 2 auto-provisioning.
  • If Rancher 2.6 is available in your toolchain, all users which have the RANCHER2 tool assigned receive the global permission User-Base on Rancher. User-Base users have login-access only. But they can be added to clusters and namespaces.
  • All users who have at least one project admin role get the global permission Standard User on Rancher. These users can create new clusters and use them. Standard users can also assign other users access permissions to their clusters.
• The portal now automatically maintains a group on Jira named project-admins which contains all users which have at least one project admin role. This group will be used to manage the access permissions for the Jira Roadmap Feature of the Jira Data Center edition. More about this will be made public in a separate posting.
• The view and edit project pages have been unified. Therefore, the actions View and Edit have been removed from the More menu. Simply click on the project key of a project to view it. If you want to change any data, tick the checkbox Edit Details. This is only available if you have the admin permissions on the project and the project you want to edit is in ACTIVE state at the moment.

• When a new user is created or an existing user is changed and the new portal role or the old portal role is admin, all other admins are informed by mail who did the change and which user was made a portal admin or lost the role.

• All pages have been improved concerning accessibility.
  • Required fields now have an additional * symbol, so you know that you have to enter something in any case.
  • Status and error messages are now correctly marked for screen readers.
  • Error messages related to input fields have been moved to the label to support screen readers.
• Detail dialogs of projects, users, technical users, organizations and usage terms can now be opened using CTRL and left mouse button in a new browser window. This allows for fast processing of multiple entries.
• When multiple browser tabs are used to open the different tools, it was hard to distinguish which tab is for which tools. Therefore, our favicons as known from https://geschaeftskunden.telekom.de/digitale-loesungen/infrastructure-as-a-service/devops-as-a-service#leistungen are now used for Jira, Confluence, Bitbucket and gitlab. Since your browser caches favicons for a longer time, it's possible that you still see the old favicon. If this is the case, try holding the shift key while you press the reload button in the browser. That will force the reload of the favicon. Icons for the remaining tools will be added in the future.

Improvements

• The notification mails that users receive about changes in their licence assignments now contain a list of tools that is sorted like in the portal.

Bugfixes

• Changes in the description field of a project were not set on Bitbucket if the name of the project was not changed, too.
• Small bugfixes concerning auto-provisioning of Rancher 2 and SonarQube.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team will automatically repair it for you. Problem is fixed for customers which have Rancher v2.6 in their toolchain as it happens only with Rancher 1.6.

Released on December 14, 2022

Enhancements

• The previous version was released just for some customers, therefore make sure to also read its release notes. The most important feature that was added is full support for SonarQube. Please follow the link to get a complete overview about our SonarQube offering, how it's integrated into the portal and how to use it.
• Whether 2FA (Two-factor authenthication) is enabled or not for a user can now be directly seen in the status column of the users list. Sorting by status works as expected. You can also use the search box to search for any status like e.g. only "2FA" or "LOCKED 2FA", etc.

Bugfixes

• When a user is locked or saved after editing it can happen that the portal lists a pending synchronization, if the user cannot be found on SonarQube because he or she never got the tool assigned. This warning is harmless and was fixed.
• For customers which have their own support email address configured in the portal footer there is the following issue: permanent pending syncs are sent as a warning email to this address. This was not intended and was fixed. Warnings are processed by the Service Desk DevOps-as-a-Service.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team will automatically repair it for you. Problem is fixed for customers which have Rancher v2.6 in their toolchain as it happens only with Rancher 1.6.

Released on December 01, 2022

Only released to SonarQube pilot customers.

Enhancements

• Now offering SonarQube as an additional optional tool with full integration into DevOps-as-a-Service. The latest version of SonarQube - at the moment of writing - v9.7.1 is offered. Project roles are fully managed by the DevOps portal. Please note that SonarQube projects are different to projects in the DevOps portal and the existing tools. In Bitbucket a project can have multiple git repositories which all have their own build pipelines in Jenkins. SonarQube projects contain the scan results of just one git repository. They are created on-the-fly using the Jenkins Shared Library when a scan is executed but the projects is not yet existing. To activate SonarQube it's required to save every project in the DevOps portal first. After this step SonarQube can be added to individual users just by editing them. More information about SonarQube and its integration into the DevOps toolchain will be published seperately.
• Auto-provisioning for project roles in Rancher 2.6  was added.

Improvements

• Since LDAP cannot properly handle organization names which differ just concerning uppercase and lowercase letters, the check for unique organization names is now case-insensitive.
• Improved testing of auto-provisioning for Confluence, Bitbucket and Keycloak.
• Updated to more recent nodejs and npm versions.
• Improved JavaScript code.
• Moved more internal testing to new Rancher 2 RKE clusters.

Bugfixes

• Improved layout of bubble help pop-ups.

Known Issues

• If a user is locked or saved after editing it can happen that the portal lists a pending synchronization if the user cannot be found on SonarQube because he or she never got the tool assigned. This warning is harmless and will be fixed in the next release.
• For customers which have their own support email address configured in the portal footer there is the following issue: permanent pending syncs are sent as a warning email to this address. This was not intended and will be fixed in the next release.
• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team will automatically repair it for you. Problem is fixed for customers which have Rancher v2.6 in their toolchain as it happens only with Rancher 1.6.

Released on November 02, 2022

Enhancements

• Unified the view and edit dialog for Technical Users like it was already done for Users. Now it's also possible to change the description of a Technical User without changing its password.
• Unified the view and edit dialog for Organizations like it was already done for Users.

Improvements

• On the Organizations page the displayed count for visible and total number of Organizations was added, as well as a bubble help which desribes the purpose of Organizations.

Bugfixes

• When a user record was edited, it could happen that pending syncs complained about different upper and lower cases in email addresses in the Portal versus Jira and Jira Service Management.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team will automatically repair it for you. Problem is fixed for customers which have Rancher v2.6 in their toolchain as it happens only with Rancher 1.6.

Released on October 19, 2022

Enhancements

• Two Factor Authentication (2FA) can now be activated or deactivated for each user directly in the portal. To change it go to the users details page and set or unset the checkbox.
  
  2FA improves the security of your DevOps toolchain since users will be prompted for an additional one-time password (OTP) in addition to their normal credentials during the login. Users with 2FA enabled will need to use an application that implements the Time-Based One-Time Password Algorithm (TOTP) as defined in RFC 6238. Usually a mobile application like e.g. Google Authenticator or  Microsoft Authenticator for Android/Microsoft Authenticator for iOS is used for that. If a user loses it's mobile phone simply disable 2FA, save the user details and afterwards enable 2FA again. This will make sure that the association with the authenticator app is deleted, so that the user can connect a new app. In the Create User dialog 2FA defaults to true.

• SSO Realm Names have been changed from "DevOps as a Service" to the domain name of your instance, e.g. CUSTOMER.devops.t-systems-service.com or CUSTOMER.devops.t-systems-service.net. This will avoid duplicate entries in mobile apps like Google Authenticator and allows you to easily distinguish between multiple instances if necessary.

• A column was added to the list of organizations which shows when the organizations were created.

Improvements

• To improve the support for your users we are now offering the possibility to change the contact link in the portal footer. Please create a service request to have it changed.
• Automated notification emails sent by the DevOps portal will no longer mention the T-Systems DevOps support email address, but instead link to your DevOps portal. This will ensure that users with questions e.g. about role changes will be able to contact the right people.
• To avoid problems in some of the DevOps tools the length of the firstname and lastname for users as well as the length of organization names was limited to 64 characters.
• The description field for technical users was limited to 1024 characters.
• The term Global Role was renamed to Portal Role to more clearly specify to what ADMIN and USER refer to.
• Activated date and unlocked date are now only viewable by portal ADMINs or for the own user to keep this information more private.

Bugfixes

• A bug was fixed which could prevent organization name changes in some cases.
• Work-around for Jira problem: the auto-provision code for Jira can now sucessfully process Jira API replies which in some cases can return already deleted users.
• For locked users the activation timestamp was not shown on the user details page.
• Project counter was not updated immediately for users or technical users when they were assigned or unassigned from a project.
• Fixed a text problem on the metrics page.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team can automatically repair it for you. Will be fixed when the Rancher in customer's toolchain is updated from v1.6 to v2.x.

We would like to introduce a new field which is now visible in Service Management portal for the issue type Service Request. The "Estimated time in hours" field notifies the customer about the agreed and accepted estimated time to fulfill the request.

(In the following screenshot the approved 4 hours can be seen in the Estimated time in hours field.)

This field is handled by the Support Team, and it is visible only when the estimated time is recorded for the field.

Released on August 03, 2022

Bugfixes and Improvements

• The DevOps Portal application was upgraded from JDK 11 to JDK 17.
• The font used in the single-sign-on (SSO) page was enlarged for better readability.
• Timestamps for the activation of an user as well as for the last unlock operation invoked on the user are now recorded. The timestamps are displayed on the users details page.
• On pages with data entry fields the first field is now automatically focused so that you can type immediately without the need to select the field before.
• The Portal will now accept emails up to an length of 64 characters.
• Added more automated test cases to the development process.
• Preparations for developing and operating the portal on Kubernetes only.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team can automatically repair it for you. Will be fixed when the Rancher in customer's toolchain is updated from v1.6 to v2.x.

Released on July 06, 2022

Enhancements

• Bulk Role Management for Technical Users. The role management for technical users is now integrated in the Technical Users page like it was done for users in the previous release. This new feature allows you to assign or unassign project roles to multiple technical users in just one action. It's also perfect to get an overview about already assigned roles in a specific project since it really shows all available information about the affected technical users. Usage is very simple: select the project in the combo box and see the users sorted by project role below. Two dashes ("–") are used as a symbol for no role. Global or project admins can change the role of technical users by selecting them with the check boxes on the left-hand side and then use the Assign button to assign the desired role to these technical users. To remove roles simply select "–" as new role. The selection in the combo boxes project and new role are persisted accross sessions. 

  Information

  Note for global admins

  In the past it was enough to create a new technical user when a project admin without global permission asked for it. Now the security has been increased and all project admins will only see technical users which have a role in one of their projects. Therefore after creating the technical user assign a role like e.g. VIEWER matching the project of the project admin. This will make the technical user visible for the project admin and he can change the role appropriately, add more roles relating to other projects etc.

• The view and edit user pages have been unified. Therefore the actions View and Edit have been removed from the More menu. Simply click on the last name of a user to view him. If you want to change any data tick the checkbox Edit Details. This is only available if you have the global admin role and the user you want to edit should not be LOCKED at the moment. To be able to edit a LOCKED user first UNLOCK him.
• Users now get an email if their account was modified on the above mentioned edit page.
• For ordinary users the amount of used and remaining licences is no longer shown anywhere.
• Users which are not in the default organisation can see only other users in the same organisation or users which are members of a common project. This also works when viewing the details of a user. Confidential information like e.g. tool assignments or creation date are not displayed.
• To save one click, the login form is now immediately shown when navigating to the portal and there's no active session.
• The queue handling, which in the background manages the auto provisioning of the tools, was massively improved to avoid any deadlocks concerning conflicting changes fired at high pace.
• Pending syncs are now more readable.

Bugfixes and Improvements

• The assignment and unassignment of Jira Service Management licences for users and technical users was broken and is now fixed.
• The item count was not displayed for standard users on User page.
• Resync roles has been forbidden for retired projects to prepare for the full implementation of project retirement. To resync roles for a retired project simply reactivate it.
• Some improvements for narrow screens. Improved widget reflow.
• Burger menu is now closed after selecting the User Profile menu item.
• Upgraded version of Keycloak used for single-sign-on.
• Updated version of database server instances.
• Adapted auto-provisioning to changed APIs at Jenkins.
• Improved automated testing for an even better QA concerning UI and end-to-end behavior.

Known Issues

• User update/lock action can be stuck when the user was assigned to another organization after the user's first project role assignment. The ops team can automatically repair it for you. Will be fixed when the Rancher in customer's toolchain is updated from v1.6 to v2.x.