Maximo Application Suite CLI Ansible CLI
Edit on GitHub
Home Operator Catalog IBM Maximo Operator Catalog IBM Maximo Application Suite v9.2.0 Release Notes Install Modes Service Accounts Cluster Permissions Namespace Permissions

IBM Maximo Application Suite v9.2.0

Release Notes

New Features

  • New graphite version and UI components update (#4076)
  • Add Real Estate & Facilities 9.2 to list of supported applications (#4089)
  • Add optional parameter 'addonIdentifier' to GenericAddon (#4208)
  • Support read-only root filesystem (#4374)
  • Device Token Expiry : Push Notification Service Update (#4519)
  • support path-based routing mode (#4459)
  • Switch authentication to Manage (#4656)
  • Support manualRouteMgmt Suite setting to disable automatic route creation (#5061)
  • Add AI Service Configuration (AiCfg) operator with AssistantAgent deployment support (#4968)
  • Support MAS without ClusterRoles (#5087)

Bug Fixes and Security Updates

  • fix failing "PodLabelsAreUnique" in contentverification (#4010)
  • Limit the concurrent reconciles of addon entity manager to avoid Out Of Memory (#3943)
  • Fix for Labels & update of Graphite to v3.1.556 (9.1) (#4012)
  • fix indentation issue on the adoptionusageapi deployment template. (#4014)
  • Make email optional when creating and updating a user (#4059)
  • Add new environment variable LOG_LEVEL (#4022)
  • updated mobileapi version for upcoming release. (#4069)
    • Update Meta Keywords For Accelerators (#4071)
  • Address Kyverno policy failures (#4051)
  • update coreidp-login latest (#4084)
  • Include users without email in sendmail_bulk payload (#4099)
  • updated coreapi image version (#4108)
  • Kyverno policy compliance fixes (#4110)
  • Fix issue with commonNav ymls in coreapi build (#4111)
  • Given correct templates path for sendmailapi templates (#4122)
  • Use latest sendmailapi build to allow toAdress to be null (#4128)
  • Added changes to send a milestone on a per-instance basis (#4060)
  • Configure TLS for monagent-mas and workspace-coordinator component probes (#4006)
  • Update supported versions for 9.2 (#4133)
  • Change workspace-coordinator startup probe scheme to HTTPS (#4134)
  • internalapi image updated, for updating the swagger validation for UserPayload owner values (#4140)
  • Remove secrets data from logs (#4129)
  • Enabling ACM, ICD and strategize for PowerPC and s390x (#4135)
  • Use latest coreapi build to fix a bug which made forgotpassword function to fail (#4152)
  • Update supported application version for monitor. (#4167)
  • IoT 9.0.x not supported for 9.2.x (#4166)
  • update supported application version for predict (#4168)
  • MASCORE-9246 - Optimizer supported version update (#4161)
  • Updated ansible-operator, coreapi and admindashboard versions to fix power filebeat issue (#4170)
  • Fix users synced in MAS without any emails should not get excluded (#4176)
  • updating version for mas-health (#4169)
  • added release version 9.2 for assist for MAS CORE compatibility (#4182)
  • Fix the issue where the added.timestamp value was being updated for existing users in bulk users upsert API (#4184)
  • update Notice and non ibm license (dev) (#4193)
  • migrate to SPS (dev) (#4224)
  • Fix cache conflict in UiService ping checks for isFullManage and onlyFoundation (#4256)
  • Multiple UI bug fixes (#4257)
  • Make sure the user is resynced in Manage when the forceTokenChange flag is flipped as this flag will be added to the IDP table in Manage (#4219)
  • Enabling HSE for 9.2 release for s390x,ppc64le (#4222)
  • Added support for opt-out flag on the Suite operator and Suite CR (#4237)
  • data-stream file for oscap scanning (#4258)
  • Enabling Health and aviation for 9.2 release for s390x, ppc64le (#4275)
  • Enable Replica for non-prod order also (#4291)
  • Add support for reportAdoptionMetrics flag to control collection of adoption metrics in Suite CR and BAS CFG (#4238)
  • updated userSync flag to false for 9.1 (#4298)
  • Add AWSPCA support for certificate creation (#4247)
  • Update certificate timeout and molecule scenario (#4317)
  • Email is optional in Scim V2 User APIs (#4330)
  • added env vars for rdnproperty of ldap scim (#4215)
  • update catalogapi version - 9.2.x (#4334)
  • Add compatibility to non-readonly mode (#4341)
  • Add read-only mode (#4346)
  • add retry option for internalapi binding status (#4351)
  • Removing not needed apps deprecation (#4355)
  • Fix tmp folder that was not following the new tmp/writeable path. (#4356)
  • Use 2k key size for internal ca certificate (#4368)
  • Add back /tmp/mas folder as part of ansible-operator (#4372)
  • Fixing molecule test issues (#4373)
  • Remove Assist's Watson Discovery dependency (#4120)
  • Update MVI supported application versions (#4376)
  • internalapi 10.3.0 - Add internal versions of put/delete message APIs and update dependencies (#4422)
  • Remove sensitive logs (#4415)
  • Updated mobileapi to avoid permission errors with new read-only flag (#4437)
  • Application configuration 9.2.x version (#4318)
  • Updated internalapi to avoid permission errors with new read-only flag (#4439)
  • Add defaultSenderEmail to the /systeminfo internal API response (#4447)
  • Add defaultRecipientEmail to the /systeminfo internal API response (#4461)
  • Add support to additional infrastructure value metrics on Catalog items and addon operator (#4460)
  • add new valuemetrics and limit for essentials Mascore-10860 (#4454)
  • Prevent application configuration route re-creation every 5 min (#4487)
  • Add application-configuration to generic addon list (#4458)
  • Add support to application configuration when MAS readonly system - MAS 9.2 (#4495)
  • Fix build failure by correcting indentation issues after merge (#4504)
  • Add missing newline at end of YAML files to resolve linting errors (#4505)
  • Add usage metric opt-out flags for SaaS and On-Prem deployments (#4503)
  • Adding support for optional firstname, lastname and site input fields in the self registration form in the login page (9.2.x) (#4510)
  • update coreapi to fix ui login hanging [MASCORE-11479] (#4516)
  • Make sure datamodel-migration job runs correctly from the suite-upgrades role when upgrading to 9.2 (#4509)
  • Update plan cost for additional infrastructure (#4520)
  • add secure flag in ltpatoken2 cookie in coreidp (#4530)
  • update mas util to 7.27.2: dev (#4532)
  • downgrade wlp version - dev (#4542)
  • Add environment variables for new coreidp prior to path based routing [MASCORE-8701] (#4517)
  • Adding support for mobile authorize OIDC endpoint (#4550)
  • include PBR env vars when starting coreapi (#4556)
  • Add new /facilitiesupsert internal API (#4557)
  • Updating components that had mas-utils-py version updated to fix timestamp format (timestamps that used utcnow() cannot become timezone-aware. (#4571)
  • update lic files: dev (#4569)
  • Add smtp ouath2 for outgoing emails [MASCORE-10041] (#4572)
  • User pushnotification APIs forward data to and from Manage's /myusernotif APIs. (#4588)
  • Fix readonly filesystem issue with push notification (#4604)
  • fix the copyright year issue (#4610)
  • Update catalog item to additional-resources (#4570)
  • remove limit from totalusers valuemetric Mascore 11535 (#4606)
  • Enforce mandatory flag for AdoptionMetrics inside MAS Catalogs (#4609)
  • map PNS to 9.2 release branch (#4634)
  • adding support url for push-notification-service (#4638)
  • MAXMOF-1938 Mongo DB to Manage DB for PN (#4647)
  • E-signature for LDAP (EAM Regulated customers require Esig passkey for LDAP) (#4653)
  • update ansible and internal packages (#4670)
  • E-sig for LDAP (Dockerfile revert) (#4673)
  • fix the small bugs for the path based routing (#4681)
  • add Maximo IT valuemetrics (#4693)
  • Reorder the sequence in which we fetch the wheels (#4441)
  • Add environment variable OIDC_ROUTE_URL to coreidp deployment (#4655)
  • fixes for foundation (#4698)
  • Add /v1/mobile/settings internal API and include mobile quick setup config in uiresources API response (#4699)
  • Add default values for the mobile app store URLs (#4701)
  • Overhaul of operator BVT (#4695)
  • Convert ibm-mas-cfg-mongo tests (#4708)
  • Convert ibm-mas-cfg-sls tests (#4714)
  • MAXMOF-3217 : Push Notification design update (#4716)
  • fix icd validation issue (#4718)
  • fix the push notification rewrite target issue (#4722)
  • MAXMOF-3168 : Badge count for push notification (#4719)
  • MAXMOF-862 : Precise Debugging & Restructuring (#4737)
  • Create countrycodes configmap to support PI Compliance (#4635)
  • Add 9.1.x & 9.0.x prev release into rollback supported images list (dev) (#4444)
  • emergency downgrade of kubernetes python MASISMIG-73418 fix dependencies dev (#4787)
  • Remove mongodb dependency for JWT permissions (#4789)
  • Coreidp support for Manage context root change (#4788)
  • Updated coreapi version to handle scimv2 problems with permissions (#4798)
  • Fix invalid config certs being added to the truststore [MASCORE-12381] (#4803)
  • MAXMOF-3446: Forward port parsing logic (#4802)
  • Add secure unauthenticated access to public resources, safeguard IDP configuration updates, expose maintenance mode to UI, and flip default mobile quick setup enable flag to true (#4821)
  • Change IoT/Monitor Dependency for 9.2 (#4715)
  • restart catalogapi pod when truststore changes (#4842)
  • Fix CoreIDP Molecule Test Failure - Type Mismatch in Pod Temp… (#4854)
  • Complete conversion of molecule tests to new unit test framework (#4875)
  • guard against undefined config.oauthAuthentication (#4758)
  • Move mas-mock-py into it's own repository (#4876)
  • admindashboard minor version bump (#4878)
  • Improvements to templating tests (#4879)
  • Update suite image digests for versions: dev (#4872)
  • Updating coreidp-login since a new minor was generated 2 weeks ago and autobuild is no longer updating coreidp-login version. (#4909)
  • timeout increased for coreidp probes (#4916)
  • Adding support for PUT /personalization//focusednavigation API and "personalization" object in the GET /uiresources API response. (#4936)
  • security fix for axios - 9.2 (#4937)
  • Migrate user authentication from MongoDB to AuthService API (#4942)
  • Update licensing-sync (#4943)
  • Update accappoints to v3.11.66 (#4946)
  • re-build dev (#4956)
  • User cleanup & Removal of side effects of e-sig LDAP (#4959)
  • Scimsync-agent uses Manage APIs to sync users and groups from LDAP server (#4924)
  • Remove adoption usage hourly CronJob (#4902)
  • Force the redeploy of scimsync liberty server when LDAP password changes for MASISMIG-73055 issue 92x (#4923)
  • onboard Collaborate as addon for 92x (#4951)
  • Remove entitlement from config/scim and selfreg configurations (#4982)
  • Update admin dashboard for dfltapp redirect (#4981)
  • Add foundationProperties to GET /uiresources API response. (#4991)
  • APIs update to support Mongodb User and Group collection removal (#4993)
  • Fallback to foundation when manage does not work (#4994)
  • MAS Core UI images minor bump update (License report removed from admin) (#4995)
  • Add MAS-Admin-Premium value metric for on-prem (#4987)
  • env var for license usage dashboard crone jobs Mascore 13466 (#4984)
  • Usersync coodinator cleanup (#5002)
  • Updates in config version (#4944)
  • Update main.yml to include latest feature channels (#4903)
  • Add default topologySpreadConstraints or singleton labels (#5003)
  • Update suite-upgrade role to use internalapi (#4966)
  • include AI Service CASE (#4922)
  • downgrade ibm-db (#5022)
  • Remove enum constraint from GenericAddon addonType (#4999)
  • fix: Update exception handling to be more generic (#5027)
  • updated internalapi image with latest user and group cleanup (#5021)
  • Normalize Group members and OSLC user queries for manage flow (#5026)
  • updated accelerators file (#4997)
  • Added new graphite config mount files for read-only system (#5034)
  • Update suite image digests for versions 9.0.24, 9.1.15, 9.1.16 (#5043)
  • Expose SLS API peaks endpoint (#5037)
  • support PBR for manage, optimizer and health in applicationSettings (#5048)
  • redirect to pinned apps (#5065)
  • add feature set metrics value for hse and oilandgas app (#4910)
  • MAXMIS-5372 : Reliability Strategies - Feature Set Metric (#5054)
  • Downgrading coreidp because 14.0.11 is not working. (#5075)
  • Update Capability Names, add/remove Valuemetrics for 9.2 (#5059)
  • Fix Python code smells (#5089)
  • Add build overlay volume for runtime modification in graphite-configuration for path based routing [MASCORE-11284] (#4687)
  • ppcle64 fix for GLIBC_2.35 version not found (#5060)
  • Add rbac exception class and update binding to pass certificates (#5093)
  • MAXVM-438 VegM rollback (#5083)
  • Change in GET /authenticated/users API to use Manage API. (#5107)
  • Fix assets loading correctly for preview in appconfig [MASCORE-13820] (#5104)
  • Remove Data Dictionary handling from Reconcile (#5109)
  • update redirect logic on initial login (#5110)
  • fix manual certificate management issue and pass issuer kind to aicfg (#5112)
  • Add new role for mongocfg to rename deprecated collections and make a backup (#5079)
  • Reverting scimsync because version 3.2.42 was broken by renovate. (#5117)
  • update ansible-operator to 9.3.4 (#5119)
  • Fix to the meaweb Manage APIs for path-based routing in coreapi and scimsync-agent (#5120)
  • Update alm-agent image tag to official v1.0.0 release (#5100)
  • Reduce CPU throttling in entitymgr-mongocfg (#4998)
  • Add issuerKind to Suite CR status (#5128)
  • MASCORE-13426: Remove all groupsync coordinator references (#4945)
  • Usersync coordinator check to avoid calling manage when it is not available (#5132)
  • Rename alm-agent image key to almagent (#5133)
  • add path support for apps (#5130)
  • fix undefined publicCaResourceVersion issue and fix default issuerKind (#5129)
  • Fix missing patch permission in internalapi role MASCORE-14277 (#5138)
  • prevent routing mode changes after installation (#5140)
  • MASCORE-14339 : Added missing valuemetrics for utilities (#5144)
  • MAXUIF-3309: Added PVC AccessMode Config for RWO 9.2 (#4827)
  • Add support for path-based routing in ibm-mas-cfg-scim operator (#5145)
  • Fix monitor capability missing from instance usage by adjusting metering job schedules (#5125)
  • Restructure Suite CR settings to group metric collection flags (#5113)
  • Entity managers are resource-bound (#5150)
  • Forward requests to /meaweb Manage API using the integration service instead of the foundation service. (#5148)
  • Migrate sendmail API to use authservice v1 API (#5147)
  • MAXMOF-3919: No records are downloaded after onboarding (#5153)
  • fix internalapi permission for configmaps (#5151)
  • Get sls version from core api for license usage dashboard (#5154)
  • Update internalapi and config version (#5156)
  • Removing missing user apis not used and fix force token change API (#5157)
  • update Collaborate addon catalog files for 92x (#5135)
  • force routingMode to subdomain and unit tests [MASR-8433] (#5149)
  • Read metric collection flags from Suite CR status and populate spec with defaults (#5160)
  • Add language to preferences object in GET /profile API (#5165)
  • Fix various config files & add schema validation to BVT (#5171)
  • Add IoT 9.2 in supported release (#5131)
  • sendmail pod restarting every few minutes (#5167)
  • admin-dashboard version updated (manage activation page issue fix) (#5163)
  • fix unhandled forbidden exception during get the CR (#5161)
  • Update CoreAPI Version to Fix AICfg URL and Tenant ID Display in UI (#5176)
  • update adoptionusage-metering and api version (#5177)
  • Fix upgrade timing issue when Manage is not available (#5178)
  • update adoptionusageapi version (#5181)
  • Update MAS to 9.2 and refresh license notices (#5185)
  • update alm-agent to 1.0.1 (#5172)
  • Update supported version for 9.2 (#5192)
  • Fix: Initialize lookupAppResult before conditional assignment to prevent stale data in upgrade checks [MASCORE-14760] (#5194)
  • Fix unittest by adding missing markers to work with recently released 9.1.0 pytest version (#5195)

Install Modes

Mode Supported
OwnNamespace True
SingleNamespace True
MultiNamespace False
AllNamespaces False

Service Accounts

  • ibm-mas-assistantagent
  • ibm-mas-config-editor
  • ibm-mas-config-reader
  • ibm-mas-coreapi
  • ibm-mas-coreidp
  • ibm-mas-entitymgr-addons
  • ibm-mas-entitymgr-aicfg
  • ibm-mas-entitymgr-appcfg
  • ibm-mas-entitymgr-bascfg
  • ibm-mas-entitymgr-coreidp
  • ibm-mas-entitymgr-idpcfg
  • ibm-mas-entitymgr-jdbccfg
  • ibm-mas-entitymgr-kafkacfg
  • ibm-mas-entitymgr-mongocfg
  • ibm-mas-entitymgr-objectstoragecfg
  • ibm-mas-entitymgr-pushcfg
  • ibm-mas-entitymgr-scimcfg
  • ibm-mas-entitymgr-slscfg
  • ibm-mas-entitymgr-smtpcfg
  • ibm-mas-entitymgr-watsonstudiocfg
  • ibm-mas-entitymgr-ws
  • ibm-mas-internalapi
  • ibm-mas-licensing-mediator
  • ibm-mas-mobileapi
  • ibm-mas-monagent-mas
  • ibm-mas-nopriv
  • ibm-mas-scim-agent

Cluster Permissions

No cluster permissions

Namespace Permissions

Group Resource Verbs
"" events create, delete, get, list, patch, update, watch
"" secrets create, delete, get, list, patch, update, watch
"" pods create, delete, get, list, patch, update, watch
"" pods/exec create, delete, get, list, patch, update, watch
"" pods/log create, delete, get, list, patch, update, watch
"" configmaps create, delete, get, list, patch, update, watch
"" services create, delete, get, list, patch, update, watch
apps deployments create, delete, get, list, patch, update, watch
apps daemonsets create, delete, get, list, patch, update, watch
apps replicasets create, delete, get, list, patch, update, watch
apps statefulsets create, delete, get, list, patch, update, watch
batch cronjobs create, delete, get, list, patch, update, watch
batch jobs create, delete, get, list, patch, update, watch
route.openshift.io routes create, delete, deletecollection, get, list, patch, update, watch
route.openshift.io routes/custom-host create
route.openshift.io routes/status get, list, update, watch
networking.k8s.io networkpolicies create, delete, deletecollection, get, list, patch, update, watch
cert-manager.io certificates create, delete, get, list, patch, update, watch
cert-manager.io issuers create, delete, get, list, patch, update, watch
truststore-mgr.ibm.com truststores create, delete, get, list, patch, update, watch
truststore-mgr.ibm.com truststores/status get
rbac.authorization.k8s.io roles bind, create, escalate, get, list, patch, update, watch
rbac.authorization.k8s.io rolebindings bind, create, escalate, get, list, patch, update, watch
operator.ibm.com operandrequests create, delete, get, list, patch, update, watch
core.mas.ibm.com suites create, delete, get, list, patch, update, watch
core.mas.ibm.com suites/status create, delete, get, list, patch, update, watch
core.mas.ibm.com workspaces delete, get, list, watch
config.mas.ibm.com appcfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com bascfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com idpcfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com jdbccfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com kafkacfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com mongocfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com objectstoragecfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com pushnotificationcfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com scimcfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com slscfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com smtpcfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com watsonstudiocfgs create, delete, get, list, patch, update, watch
config.mas.ibm.com coreidps create, delete, get, list, patch, update, watch
config.mas.ibm.com aicfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com appcfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com bascfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com idpcfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com jdbccfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com kafkacfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com mongocfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com objectstoragecfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com pushnotificationcfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com scimcfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com slscfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com smtpcfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com watsonstudiocfgs create, delete, get, list, patch, update, watch
internal.mas.ibm.com coreidps create, delete, get, list, patch, update, watch
internal.mas.ibm.com aicfgs create, delete, get, list, patch, update, watch
addons.mas.ibm.com genericaddons delete, get, list, watch
addons.mas.ibm.com mviedges delete, get, list, watch
addons.mas.ibm.com replicadbs delete, get, list, watch