- The access tags compiler and db schema have been upstreamed into Tiled
- API keys can now be restricted to specific access tags
- New unit tests covering the new access policy and access control features
- Remove
SpecialUsersprincipals for single-user and anonymous-access cases - Access control code is now in the
access_controlsubdirectory SimpleAccessPolicyhas been removed- AuthN database can now be in-memory SQLite
- Catalog database can now be shared when using in-memory SQLite
TagBasedAccessPolicynow supports anonymous accessAccessTagsParseris now asynctoy_authenticationexample config now usesTagBasedAccessPolicy- Added helpers for setting up the access tag and catalog databases for
toy_authentication
- Access control on container export was partially broken, now access works as expected.
- Demoted the
Compositestructure family tocompositespec. - Typehint utils collection implementations
- Optimized the calculation of an approximate length of containers.
- The project ships with a pixi manifest (
pixi.toml).
- In the previous release, v0.1.0-b32, a catalog database migration script (for closure tables) ran successfully on some databases but on others it could fail. As designed, the failure mode was a clean rollback, leaving the database correct but unchanged. This release repairs the migration script; it should be re-run on any databases that could not be upgraded with the previous release.
This release requires a database migration of the catalog database.
tiled catalog upgrade-database [postgresql://.. | sqlite:///...]
- Endpoints for (read) data access with zarr v2 and v3 protocols.
data_typeandcoord_data_typeproperties for sparse arrays inCOOAdapterandCOOStructure.
- Refactored internal server function
get_root_tree()to not use FastAPI dependencies injection - The logic of hierarchical organization of the Nodes table in Catalog: use the concept of Closure Table to track ancestors and descendands of the nodes.
- Shorter string representation of chunks in
ArrayClient. - Refactored internal Zarr version detection
- For compatibility with older clients, do not require metadata updates to include
an
access_blobin the body of the request.
- Uniform array columns read from Postgres/DuckDB are now aggregated to an
NDArray (e.g. scanned
waveformPVs) - Support for deleting separate nodes and contents of containers in client API.
- The database migration in v0.1.0-b27 was incomplete, and missed an update to
the
revisionstable necessary to make metadata updates work correctly. This is resolved by an additional database migration. - Correct indentation of authenticator args field in the service config schema and ensure it correctly validates configurations.
This release is identical to the previous one; it was made to fix our continuous deployment processes.
- Pooling of ADBC connections to storage databases.
- An index on the
node_idcolumn of thedata_sourcestable.
- Make devcontainer work out of box to run e.g. tiled serve demo
- Tests were missing assertions to verify expected outcomes
- Combining multiple hdf5 files containing scalar values by HDF5Adapter.
- Make principal type hints consistent in router
- Typehinted database access methods
- Explicit type conversion in SQL adapter when appending to an existing table.
- Refactored internal server function
get_entry()to not use the FastAPI dependencies injection - Updated front-end dependencies, and updated node version used for building front-end.
- Restored authentication check for API key
- Updated usage for change in Zarr 3.x API.
- Improved error message if config location is non-file
- It is now possible to explicitly control the page size used for fetching
batches of metadata, e.g.
client.values().page_size(N). - Writable tabular SQL storage in SimpleTiledServer.
- The
pyproject.tomlnow includes integration with pixi.
- An auth bug that prevented a user to create a table with empty access_tags.
- When accessing a small number of results, the page size is set appropriately to avoid needlessly downloading additional results.
- The
tiled serve config ...CLI command silently ignored--port 0and used the default port (8000).
- Accept (allowed) special characters in SQL column names, e.g. "-".
- The large
TagBasedAccessPolicyclass introduced in the previous release was refactored into separate objects.
This release requires a database migration of the catalog database.
tiled catalog upgrade-database [postgresql://.. | sqlite:///...]
- New access policy
TagBasedAccessPolicywhich introduces more robust authorization based on the concept of tagging. When this policy is used, access to data is controlled by the node'saccess_blob(i.e the tags applied to that node). - Added new
access_blobcolumn to catalog database, in support of the new authorization. This blob typically contains one of: resource owner (creator), or a list of access tags. - Added new filter type
AccessBlobFilterwhich filters nodes based upon theiraccess_blobcontents. In support of the new authorization.
- Tiled now accepts a single
access_controlconfiguraton for the entire server, only. Access policies are now a server-wide singleton used for all access requests. Access control can no longer be specified on individual trees. - Removed
path_partsarg from access policy signatures and related. - Effective scopes for the principal (from authN) are now threaded into access policies and related.
- Removed
access_policyfromMapAdapterandCatalogAdapter; accesss policies are now set server-wide only.
- New query parameter
drop_revisionon endpointsPUT /metadata/{path}andPATCH /metadata/{path}. If set to true, the version replaced by the update is not saved as a revision. This is exposed in the Python client via a new keyword-only argumentdrop_revisioninupdate_metadata,patch_metadata, andreplace_metadata.
- A critical bug in the
mount_nodefeature introduced in the previous release prohibited the server from starting whenmount_nodewas used with a PostgreSQL database. - Accept (allowed) special characters in SQL column names, e.g. "-".
- New optional parameter to catalog configuration,
mount_nodeenables mounting different sub-trees of one catalog database at different prefixes. This is an advanced feature to facilitate migration from many catalogs to one. Seetiled/_tests/test_mount_node.pyfor usage.
- Support for reading numpy's on-disk format,
.npyfiles.
- In server configuration,
writable_storagenow takes a list of URIs, given in order of decreasing priority. - Adapters should implement a
supported_storageattribute, as specified intiled.adapters.protocols.BaseAdapter. This is optional, for backward-compatiblity with existing Adapters, which are assumed to use file-based storage.
- When using SQL-backed storage and file-backed storage, Tiled treated SQLite or DuckDB files as if they were directories of readable files, and included them superfluously in a check on whether assets were situated in a readable area.
- Update data_sources in the client after receiving a response from the server.
Removed the (unused)
data_sourceparameter from thePUT /data_source/endpoint; the id of the updated data source must be included in the structure within the body of the request.
- New query type
Likeenables partial string match using SQLLIKEcondition.
- Exposed
Session.stateinformation from database to enhance custom access control developments.
- Tiled now retries HTTP requests that fail due to server-side (
5XX) or connection-level problems. - Support for
asyncstreaming serializers (exporters)
- Iteration over a
Compositeclient yields its (flattened) keys, not its internal parts. This makes__iter__and__getitem__consistent.
Compositestructure family to enable direct access to table columns in a single namespace.- Added a
parentproperty to BaseClass that returns a client pointing to the parent node - New CLI flag
tiled --versionshows the current version and exits.
- Adjust arguments of
print_admin_api_key_if_generatedand renameprint_server_info - Allow
SQLAdapter.append_partitionto acceptpyarrow.Tableas its argument - Fix streaming serialization of tables keeping the dtypes of individual columns
- Extract API key handling
- Extract scope fetching and checking
- Refactor router construction
- Adjust environment loading
- This is a breaking change if setting
TILED_SERVER_SECRET_KEYSorTILED_ALLOW_ORIGINS.TILED_SERVER_SECRET_KEYSis nowTILED_SECRET_KEYSand these fields now require passing a json list e.g.TILED_SECRET_KEYS='["one", "two"]'
- This is a breaking change if setting
- More type hinting
- Refactor authentication router construction
- Set minimum version of FastAPI required.
tiled.server.SimpleTiledServercan be used for tutorials or development. It launches a tiled server on a background thread with basic security.
- Added an hdf5plugin import to handle reading lzf-compressed data from Dectris Eiger HDF5 files.
- Removed no-op
?include_data_sources=false(which is the default) from some requests issued by the Python client. - Added a try-except statement to gracefully skip over broken external links in HDF5 files.
- Remove a redundant dependency declaration.
- Run authentication tests againts PostgreSQL as well as SQLite.
- Tighten up handling of
time_createdandtime_updatedin authentication database. - New authentication database migration fixes error in migration in previous release.
- Added
SQLAdapterwhich can save and interact with table structured data insqlite,postgresqlandduckdbdatabases usingarrow-adbcAPI calls. - Coverage status shows the missing uncovered lines now.
- Added few more tests to
SQLAdapter.
- Removed pydantic-based definitions of structures, which had duplicated
the dataclass-based defintions in order to work around a pydantic bug
which has since been resolved. All modules named
tiled.server.pydantic_*have been removed. These were used internally by the server and should not affect user code. - Publish Container image and Helm chart only during a tagged release.
- Stop warning when
data_sources()are fetched after the item was already fetched. (Too noisy.) - In Tiled's authentication database, when PostgreSQL is used, all datetimes are stored explicitly localized to UTC. This requires a database migration to update existing rows.
- Refactor and standardize Adapter API: implement from_uris and from_catalog classmethods for instantiation from files and registered Tiled nodes, respectively.
- Refactor CSVAdapter to allow pd.read_csv kwargs
- Removed
tiled.adapters.zarr.read_zarrutility function. - Server declares authentication provider modes are
externalorinternal. The latter was renamed frompassword. Client accepts eitherinternalorpasswordfor backward-compatibility with older servers. - Make context switch to HTTPS URI, if available, upon creation
- Added
.getmethods on TableAdapter and ParquetDatasetAdapter - Ability to read string-valued columns of data frames as arrays
- Do not attempt to use auth tokens if the server declares no authentication providers.
- Prevent "incognito mode" (remember_me=False) from failing after a previous login session has since been logged out (no token files)
- Make dependencies shared by client and server into core dependencies.
- Use schemas for describing server configuration on the client side too.
- Refactored Authentication providers to make use of inheritance, adjusted
mode in the
AboutAuthenticationProviderschema to beinternal|external. Python clients older than v0.1.0b17 will be sentpasswordfor back-compat. - Improved type hinting and efficiency of caching singleton values
- Update GitHub Actions
upload-artifactanddownload-artifact.
- Adjust for backward-incompatible change in dependency Starlette 0.45.0.
- Updated OIDC Authenticator configuration to expect
well_known_uriandaudienceand to no longer expecttoken_uri,authorization_endpointandpublic_keys, which can be fetched at initialization (server startup) time. See examplesexample_configs/orcid_auth.yml,example_configs/google_auth.yml, andexample_configs/simple_oidc.
- Addressed DeprecationWarnings from Python and dependencies
- Update AccessPolicy Docs to match new filter arguments
- Refactored intialization of dask DataFrame to be compatible with dask 2025.1
docker-compose.ymlnow uses the healthcheck endpoint/healthz- In client, support specifying API key expiration time as string with
units, like ``"7d"
or"10m"`. - Fix bug where access policies were not applied to child nodes during request
- Add metadata-based access control to SimpleAccessPolicy
- Add example test of metadata-based allowed_scopes which requires the path to the target node
- Added Helm chart with deployable default configuration
- Bug in Python client resulted in error when accessing data sources on a just-created object.
- Fix bug where access policies were not applied to child nodes during request
- The argument
prompt_for_reauthenticationis now ignored and warns. Tiled will never prompt for reauthentication after the client is constructed; if a session expires or is revoked, it will raiseCannotRefreshAuthentication. - The arguments
usernameandpasswordhave been removed from the client constructor functions. Tiled will always prompt for these interactively. See the Authentication How-to Guide for more information, including on how applications built on Tiled can customize this. - The argument
remember_mehas been added to the client constructor functions and toContext.authenticateand its aliasContext.login. This can be used to clear and avoid storing any tokens related to the session. - Change access policy API to be async for filters and allowed_scopes
- Pinned zarr to
<3because Zarr 3 is still working on adding support for certain features that we rely on from Zarr 2.
- Add HTTP endpoint
PATCH /array/full/{path}to enable updating and optionally extending an existing array. - Add associated Python client method
ArrayClient.patch. - Hook to authentication prompt to make password login available without TTY.
- Fix curl and httpie installation in docker image.
- Minor fix to api key docs to reflect correct CLI usage.
- Fix the construction of urls by passing query parameters as kwargs, adapting to a behavior change in httpx v0.28.0.
- Switch from appdirs to platformdirs.
- Add adapters for reading back assets with the image/jpeg and multipart/related;type=image/jpeg mimetypes.
- Automatic reshaping of tiff data by the adapter to account for extra/missing singleton dimension
- Add a check for the
openpyxclmodule when importing excel serializer.
- Drop support for Python 3.8, which is reached end of life upstream on 7 October 2024.
- Do not require SQL database URIs to specify a "driver" (Python library to be used for connecting).
- A regression in the container broke support for
tiled register ...andtiled serve directory .... When these became client-side operations, the container needed to add the client-side dependencies to support them.
- Add kwarg to client logout to auto-clear default identity.
- Do not automatically enter username if default identity is used.
- Add API route and Python client method enabling admins to reokve API keys belonging to any user or service.
- Added support for explicit units in numpy datetime64 dtypes.
- Follow-up fix to compatibility with Starlette v0.38.0
- Adapt to change in dask public API in dask 2024.9.0.
- Compatibility with a change in Starlette v0.38.0
- Add method to
TableAdapterwhich accepts a Python dictionary. - Added an
Arrowadapter which supports reading/writing arrow tables viaRecordBatchFileReader/RecordBatchFileWriter.
- Make
tiled.clientaccept a Python dictionary when fed towrite_dataframe(). - The
generated_minimalexample no longer requires pandas and instead uses a Python dict. - Remove unused pytest-warning ignores from
test_writing.py. - Rename argument in
hdf5_lookupfunction frompathtodatasetto reflect change inophyd_async
- A
/healthzendpoint, for use by orchestration infrastructure
- A bug in
Context.__getstate__caused picking to fail if applied twice.
- Support partial download of an asset using the
HTTP
RangeHeader.
- When authenticated as a Service Principal, display the SP's uuid in the client Context repr.
- The dependency
json-merge-patch, introduced in v0.1.0b4, was missing from some pip selectors.
- Minor implementation changes were necessary to make Tiled compatible with Numpy 2.0.
- For improved security, the server-side array slicing function has been
refactored to avoid using
eval(). To be clear: there were no known exploitable vulnerabilities in theeval()approach. The input was validated against a regular expression before being passed toeval(). However, avoidingeval()altogether is better practice for defense-in-depth against potential code injection attacks due to current or future bugs in Tiled or its upstream dependencies.
- Added a new HTTP endpoint,
PATCH /api/v1/metadata/{path}supporting modifying existing metadata using aapplication/json-patch+jsonor aapplication/merge-patch+jsonpatch. - Added client-side methods for replacing, updating (similar to
dict.update()), and patching metadata.
- Fixed regression introduced in the previous release (v0.1.0b1) where exceptions raised in the server sent no response instead of properly sending a 500 response. (This presents in the client as, "Server disconnected without sending a response.") A test now protects against this class of regression.
- Customized default logging configuration to include correlation ID and username of authenticated user.
- Added
--log-timestampsCLI flag totiled serve ...to opt in to including timestamp prefix in log messages.
- Support for
FullTextsearch on SQLite-backed catalogs
- Updated
BaseClient.formatsto use thedictstructure for specs. - The
tiled serve directory --watchfunction was not compatible with recentanyio
- A dependency on
fastapiwas introduced intiled.adapters. This has been removed.
- The
tiled serve ...CLI commands now accept a--log-configoption, pointing to a custom uvicorn logging configuration file. An example file was added to the repository root,example_log_config.yml. - Added
tiled.adapters.protocolswhich will provide possibility for user to implement their custom adapters in a way that satisfies mypy. - Added
tiled.client.smokewith a utility for walking a node and ensuring that the data in it can be read. - Added
tiled.client.syncwith a utility for copying nodes between two Tiled instances. - Show authentication state in
Contextrepr.
- SQLite-backed catalogs now employ connection pooling. This results in a significant speed-up and avoids frequently re-opening the SQLite file.
- Metadata returned from the use of the
select_metadatais now a one-item dictionary with 'selected' as the key, to match default type/behavior. - The method
BaseClient.data_sources()returns dataclass objects instead of raw dict objects. tiled.client.synchas conflict handling, with initial options of 'error' (default), 'warn', and 'skip'
- Propagate setting
include_data_sourcesinto child nodes. - Populate attributes in member data variables and coordinates of xarray Datasets.
- Update dependencies.
- Fix behavior of queries
InandNotInwhen passed an empty list of values.
- The
content-encodingbloscwas recently upgraded from Blosc to Blosc2. Thecontent-encodinghas been renamed toblosc2to avoid version confusion between different versions of Tiled servers and clients.
- Metric-reporting had an error when
compresstiming was recorded butcontent-encodingheader was unset.
- Python 3.12 support
- Added
tiled.adapters.resource_cachefor caching file handles between requests.
- Removed object cache from the codebase. If
object_cacheis included in the server configuration file, a warning is raised that this configuration has no effected.
- The configuration setting
tiled_adminsdid not work in practice. If a user in the list was already an admin (such as, after a server restart) an error was raised on startup. - The table creation statements for PostgreSQL were not committed. (This may have been a regression due to a change in SQLAlchemy defaults.)
- Tolerate HTTP responses that are missing a
x-tiled-request-idheader, such as when a proxy server responds with an error. - Use
httpxstatus code sentinels (instead ofstarletteones) for typing client-side status codes.
- Removed upper bound version pin on
dask. - Switched from
blosctoblosc2. - Made client objects dask-serializable
- Added support for registering multiple Assets with a DataSource in an update
- Usage of deprecated Pydantic 2.x APIs was updated.
- Specify a
fallback-version,0.0.0, to be used when the version-detection code cannot run.
- Support for specifying the format that uploaded data will be stored in.
- Support for storing uploaded tabular data in CSV format.
- A new HTTP endpoint,
PATCH /api/v1/table/partition/{path}supporting appending rows to a tabular dataset. - A new method
DataFrameClient.append_partition. - Support for registering Groups and Datasets within an HDF5 file
- Tiled version is logged by server at startup.
- Critical regression that broke
tiled serve directory ...CLI.
- Updated the pydantic version in the pyproject.toml. Now the allowed versions are >2.0.0 - <3.0.0 .
- Changes to prepare for upcoming numpy 2.0 release
- Changes to address deprecations in FastAPI