Bosch IoT Rollouts

Release Notes - Tue, 12 Aug 2025 07:51:54 GMT

Enhanced resource management and user guidance

This update introduces fine-grained resource limits based on service plans, new metrics and quota systems, UI enhancements for monitoring quotas, and improved user guidance by disabling unauthorized actions in the UI.

New features

Quotas and metrics: Fine-grained resource usage monitoring and limits based on service plans

  • ROLEX-2254: Introduce a metrics service for exposing tenant-specific metrics via Spring Boot Actuator endpoints.
  • ROLEX-2238: Introduce a quota system to enforce resource limits to protect against unrestricted resource consumption (OWASP API4:2023) and offer different service plans.
  • ROLEX-2250: Introduce a UI feature Quota, allowing users to monitor software update quotas and their usage.
  • ROLEX-2238: Allow overwriting quotas for tenants using admin-controlled tenant-config.
  • ROLEX-2250: Implement server-side sorting for quotas and update UI to use it.
  • ROLEX-2238: Introduce "maximum number of recipe types" quota.
  • ROLEX-2238: Introduce mocked roles API.

Improvements

Improve user guidance by disabling buttons in ui based on current user authorization

  • ROLEX-2257: Enhance module-type UI to make use of _links.metadataUpdate to disable metadata add/edit/delete buttons if the current user is not authorized.
  • ROLEX-2082: Enhance module-types API and UI to make use of _links.create to disable + button if the current user is not authorized.
  • ROLEX-2082: Enhance recipe-tags API and UI to make use of _links.create to disable + button if the current user is not authorized.
  • ROLEX-2082: Enhance recipe-tags UI to make use of _links.create to disable + button if the current user is not authorized.
  • ROLEX-2082: Enhance system-type details UI to disable assign button if the current user is not authorized.
  • ROLEX-2082: Enhance recipes list API and UI to make use of _links.tagUpdate to disable tag button if the current user is not authorized.
  • ROLEX-2082: Enhance recipes API and UI to make use of _links.create to disable + button if the current user is not authorized.
  • ROLEX-2082: Enhance recipe signatures API and UI to make use of _links.signatureUpload to disable + button if the current user is not authorized or state does not permit.
  • ROLEX-2082: Enhance recipe-types API and UI to make use of _links.create to disable + button if the current user is not authorized.
  • ROLEX-2082: Enhance recipe-type details API and UI to make use of _links.metadataUpdate and _links.validatorUpdate to disable metadata and/or validator buttons if the current user is not authorized.
  • ROLEX-2082: Enhance recipe-type validator UI to make use of _links.edit and _links.delete to disable respective buttons if the current user is not authorized.

Others

  • ROLEX-2231: Fix metadata filtering for recipes on install API not working as expected when providing multiple key-value pairs.
  • ROLEX-2259: Align UPDATE_COORDINATOR role and management_advanced_access scope by granting missing delete permissions to the scope.
  • ROLEX-2294: Introduce delete/reset endpoints for tenant configuration API.