Single Sign-on Authentication with OpenID Connect
Single sign-on is implemented through OpenID Connect. Common OpenID connect providers are Google Cloud, Microsoft Azure Active Directory, Keycloak or Dex. Through Dex, further identity providers such as LDAP or SAML 2.0 are available.
API Tokens for Machine to Machine Authentication
Application Manager now allows to create API tokens for services to authenticate. API tokens are revocable at any time. Access to the system can be restricted similarly to regular users singing on via SSO.
Role-based Access Control
This new feature allows to restrict access to API resources by defining roles and binding them to users or groups. The access control is based on API resources such as deployments, jobs, savepoints, or events and the HTTP method, such as GET, POST, PATCH.
Namespaces now offer the ability to control visibility and access of API resources. This effectively introduces multi-tenancy into Ververica Platform, so that multiple teams can share a Ververica Platform setup, with strict separation of their resources.
This release introduces a new API object called “Secret Value”. A secret allows to manage passwords, authentication tokens or secret configuration parameters. In particular, this allows for separating knowledge of a secret from usage of a secret.
Support for Apache Flink 1.6
Credentials in the jar URL
User Interface Improvements
- Visualization of Flink Streaming Applications with metrics
- YAML view of Deployments
- Improved “Savepoints” tab