Announcing Data Artisans Platform 1.2 with major new Enterprise Security features
Today, data Artisans is announcing the availability of data Artisans Platform 1.2, with major new Enterprise Security features. Alongside this new release, data Artisans is also announcing the availability of a new edition of data Artisans Platform, named "River Edition", which includes Streaming Ledger, a new library for streaming ACID transactions.
We will list the new features below:
- Single Sign-on Authentication with OpenID Connect
With support for single sign-on (SSO) systems, data Artisans platform integrates well with existing user and group-based access control systems. Customers can connect the platform with their existing systems, making administration easy, as there is no need to maintain a separate user and group database for dA Platform. In addition, password entry (or other authentication mechanisms) happens on trusted and controlled sites outside of data Artisans Platform. Single sign-on is implemented through OpenID Connect. Common OpenID Connect providers include Google Cloud, Microsoft Azure Active Directory, Okta, Keycloak, or Dex. Through Dex, further identity providers such as LDAP or SAML 2.0 are available for the platform.
- API Tokens for Machine to Machine Authentication
data Artisans Platform now allows customers to create API tokens for services to authenticate. Single Sign-on is mostly useful for human users to authenticate when accessing the user interface. For any script or system (such as a workflow manager, Jenkins, etc.) SSO flows are difficult to implement, or not available at all.
Therefore, dA Platform allows customers to create API tokens for such systems. API tokens are revokable at any time and permissions for API tokens can be restricted similarly to regular users.
- Role-based Access Control
This new feature allows restricting access to API resources by defining roles and binding them to users, groups, or API tokens. Permissions are granted based on API resources (such as deployments or jobs) and verbs (such as post or delete).
- Multi-Tenancy through Namespaces
Namespaces now offer the ability to control visibility and access of API resources. This effectively introduces multi-tenancy into dA Platform, allowing multiple teams to share a dA Platform setup, with strict separation of their resources.
- Secret Values
data Artisans Platform 1.2 introduces a new API object called Secret Value. A secret value allows customers to manage passwords, authentication tokens, or secret configuration parameters. In particular, this allows for separating knowledge of a secret from the usage of a secret. A common use-case for this feature are S3 access keys: Usually, only a small group of people is allowed to see the access keys, however, many people need to use them for configuring their systems. With secret values in data Artisans Platform and support for role-based access control, you can restrict permissions for creating and seeing secret values to a special group, and allow the use of the values to other (bigger) groups.
- User Interface Improvements: Visualization of Flink Streaming Applications with metrics, YAML view of Deployments
We are continuously improving the web-based user interface of data Artisans Platform to give customers visual insights into their deployments. With this release, we've added a new tab to the Deployment view to see the job graph of the Flink application, with input and output metrics. In addition, we've added a view for seeing and editing the YAML representation of a Deployment directly in the user interface. The "Savepoints" tab in the Deployment view now better displays the savepoint that will be used for the next restore operation.
- Miscellaneous: Support for Apache Flink 1.6, greater logging flexibility and bugfixes
We've ironed out a lot of usability and productivity issues, and included support for the latest major Apache Flink release, version 1.6. The jar URL of a deployment now supports https://username:password@example.com as URLs, we are now exporting deployment and job-ids as environment variables to the log4j2.xml file and you can forward environment variables to Kubernetes deployments.
Next steps:
-
You can check out the updated trial VM and Docker images on our download page and play around with the latest version of dA Platform.
-
The updated documentation for this version contains changelog with more details.
-
If you are already using Application Manager and working with the data Artisans repository, you have to simply update the image reference to v1.2/appmanager:1.2.0
We are eager to hear your feedback about this new version and happy to answer any questions you have. You can reach us at platform@ververica.com.