LUM - Release Notes

Version 1.4.0, 30 June 2020


  • fixed SQL Error [22023]: ERROR: cannot cast jsonb null to type integer for invalid rightOperand that occurs when data type that is provided on permission constraint does not match the expectation by leftOperand in RTU agreement (ACUMOS-4194)

    • for instance, when count data @type is received as xsd:date

      {"leftOperand": "count", "operator": "lt",
        "rightOperand": {"@value": "2099-01-01", "@type": "xsd:date"}}
    • or date constraint received @type as xsd:integer

      {"leftOperand": "date", "operator": "lt",
        "rightOperand": {"@value": "125", "@type": "xsd:integer"}}
    • added deniedConstraintInvalid to denials to indicate that the constraint is invalid
  • added Specification for denials on asset-usage with the description and examples of denials generated by LUM for asset-usage requests (ACUMOS-4230)

  • upgraded to node:12.18.1-alpine that is LTS now

  • upgraded other dependencies

  • cleanup of installation files

    • removed $BUILD_DEVELOPMENT and nodemon from Dockerfile. Dockerfile is used for building the production image only.
    • docker-compose.yaml now has the explicit external volume for lum-database. This file is not used for installation of lum-server and lum-database and is only provided as an example. See LUM - Installation Guide for more info.
    • docker-compose-dev.yaml has been discarded
  • refactoring to resolve some of sonar smells

  • logging and reporting the password values now shows the first 20 chars of hmac

  • removed the unused scripts from package.json

  • renamed .eslintrc.js to .eslintrc.json

  • added a link to LUM docs into swagger spec

  • openapi-ui

    • now autodetects the server url - no need to select the server path from the dropdown
    • openapi-ui site title now shows that this is LUM with a bunch of info like this License Usage Manager (LUM) API version 1.4.0 at localhost:2088
  • new API GET /admin/recent-errors returns the last 20 exceptions on LUM server

  • fix for properly converting the date fields to contain the datatype of date, rather than datetime, in the snapshot record

  • refactored the unit tests - added new unit tests to cover all possible denials and the provided fixes

Version 1.3.4, 23 April 2020



  • etc/config.json: set logLevel to info and turned off logging to devLog and healthcheck
  • tox.ini: added skipsdist = true that allowed to remove the empty
  • minor refactoring

Version 1.3.3, 21 April 2020


  • fixed replacing the server version in package.json and package-lock.json (ACUMOS-4114)

Version 1.3.2, 17 April 2020

lum-db, lum-server, lum-java-rest-client

  • Refactored versioning to reduce the number of places needing changes when the version number changes. The version number now appears only in lum-java-rest-client/pom.xml (and in these release notes). lum-server and lum-db now derive their version number from the client pom.xml (ACUMOS-4114)
  • Added support for Sonar scanning of lum-server
  • Made the version number configurable in the example helm and docker-compose scripts.

Version 1.3.1, 10 April 2020


  • Enhanced lum-server logging for Acumos logging platform to match logging behavior on other components (ACUMOS-4110)

    • LUM now writes the Acumos log to log-acu/lum-server/lum-server.log and precreates the folder log-acu/lum-server/. The docker-compose should be able to do the volume mount as

        - cognita-logs:/opt/app/lum/log-acu

      The logging platform should be able to find the log file lum-server.log in the subfolder lum-server/ on the cognita-logs volume

    • implemented the file rolling for the log file to prevent it from growing forever. Max file size is 100MiB, maxFiles: 20, zippedArchive: true

  • unit test code coverage stats

    Statements 81.24% 1711/2106
    Branches   60.08%  584/972
    Functions  94.63%  194/205
    Lines      82.85% 1657/2000

Version 1.3.0, 3 April 2020


  • "lum:goodFor" constraint on ODRL permission (ACUMOS-3734)

    • "lum:goodFor" is using formats ISO-8601 formats for duration

    • in addition to ISO-8601 formats for duration, when the value of the rightOperand is a stringified number, LUM assumes that is the duration in days (default)

      For instance, "30" is converted by LUM to "P30D" and is 30 days

      { "leftOperand": "lum:goodFor", "operator": "lteq",
        "rightOperand": "30" }

      is the same as the following

      { "leftOperand": "lum:goodFor", "operator": "lteq",
        "rightOperand": "P30D" }
    • ISO-8601 formats for duration always start with P and put T to separate date from time - at least one number part is required, but any combination is ok: PnYnMnDTnHnMnS, PnW

      "P30D" = 30 days,
      "P3Y6M4DT12H30M5S" = 3 years 6 mons 4 days 12:30:05,
      "P123.5DT23H" = 123 days 35:00:00,
      "P4.7Y" = 4 years 8 mons,
      "P1.3M" = 1 mon 9 days,
      "P1.55W" = 10 days 20:24:00,
      "P0.5Y" = 6 mons,
      "PT36H" = 36:00:00,
      "P1YT5S" = 1 year 00:00:05
  • added denialCode to denial that is a unique code for the reason of denial. UI can use the denialCode value to construct the denial message from other parts of the denial beside the denialReason.

  • upgraded to openapi 3.0.3 on API specification

  • for unit-test runs

    • option to turn off logging to console $LOG_CONSOLE_OFF=yes
    • removed $COUT_LEVEL
  • unit test code coverage stats

    Statements 81.24% 1711/2106
    Branches   60.08%  584/972
    Functions  94.63%  194/205
    Lines      82.85% 1657/2000

Version 1.2.0, 23 March 2020


  • added optional filtering by start and end date-time or date to GET /api/v1/asset-usage-tracking/software-licensor (ACUMOS-3630)

    • softwareLicensorId: <Company A> // required identifier of the entity that issued the licenseProfile
    • startDateTime: <2020-03-10T10:05:02.123Z> // start date-time or date of the asset-usage request to filter the results by. It is optional and the filtering is inclusive (startDateTime<=requested)
    • endDateTime: <2020-03-20T15:26:38.033Z> // end date-time or date of the asset-usage request to filter the results by. It is optional and the filtering is inclusive (requested<=endDateTime). When date is provided in the query, it is converted to the maximal date-time of the same date in GMT time zone. For instance, 2020-03-19 converted to 2020-03-19T23:59:59.999Z
    • added unit test cases for the changed API
  • upgraded to node:12.16.1-alpine that is LTS now

  • made two docker compose configurations

    • docker-compose.yaml for testing and production. This config contains the volume mapping with comments on the usage
    • docker-compose-dev.yaml for development with nodemon
  • added Acumos logging to PUT /swid-tag-creators requests (ACUMOS-3175, ACUMOS-3820)

  • enhanced the unit tests for the Acumos logging of release 1.1.0

  • unit test code coverage stats

    Statements 81.82% 1647/2013
    Branches   59.78%  541/905
    Functions  94.5%   189/200
    Lines      83.28% 1594/1914

Version 1.1.0, 16 March 2020


  • logging PUT /asset-usage requests, PUT /asset-usage-event and PUT + DELETE /swid-tag modifications into file /opt/app/lum/log-acu/lum-server.log for Acumos logging platform to gather from (ACUMOS-3175, ACUMOS-3820)

  • new API endpoint GET-PUT /admin/config to see the LUM-server config and allow the admin to

    • change the logLevel
    • turn on or off the selected file loggers for devLog, healthcheck, acumos
  • hide secrets now uses sha256 has instead of * for passwords

  • http status message on response is now populated with LUM values

  • using X-ACUMOS-RequestID from headers if requestId is not provided in the request

  • logging refactored

  • moved some logging to debug level

  • added unit test cases for the new API

  • unit test code coverage stats

    Statements 81.6%  1601/1962
    Branches   58.98%  509/863
    Functions  94.5%  189/200
    Lines      83.03% 1546/1862

Version 1.0.1, 4 March 2020


  • fixed bug on GET /api/v1/swid-tags/available-entitlement that was returning the false positives - the swidTags that require RTU but not having the agreement (ACUMOS-4051)

  • unit test code coverage stats

    Stmts  81.74 %
    Branch 58.51 %
    Funcs  93.62 %
    Lines  83.2  %

Version 1.0.0, 7 February 2020


  • new API endpoint GET /api/v1/swid-tags/available-entitlement that returns the collection of swidTag records with available-entitlement for the userId to perform the requested action at this moment. (ACUMOS-3735)

    • This API GET /api/v1/swid-tags/available-entitlement does not increment the usage counters since the asset is not used
    • AcuCompose is expected to check on action=aggregate to get the entitlement for the model to be included into composition by the current userId
    • LUM does not expect AcuCompose to call PUT /api/v1/asset-usage API to record the asset-usage since the model in catalog is not treated as the asset. That also implies that there are no count limits on the number of inclusions in composition - only the yes-no restriction
  • new API endpoint GET /api/v1/swid-tags that returns the collection of active swidTag records stored in LUM database.

  • major refactoring of the logic behind PUT /api/v1/asset-usage and PUT /api/v1/asset-usage-event that is related to the new API GET /api/v1/swid-tags/available-entitlement to avoid code duplication. Moved most of denial reason detection into SQL, reduced the number of lum-server to database calls.

  • API spec - cleanup and removed duplicates that are not used by LUM

  • minor code refactoring

  • unit test code coverage stats

    Stmts  81.79 %
    Branch 58.51 %
    Funcs  93.62 %
    Lines  83.2  %
  • docs - added overview.rst and lum-in-acumos.svg to show the high level view on integration of LUM-server with Acumos

Version 0.28.2, 13 January 2020


  • LUM-server unit-tests with code coverage of 80% (ACUMOS-3509)

    • all api endpoints are covered in sunny day scenarios
    • unit tests are a part of Docker build process as a preliminary stage unit-test-stage
  • fixed the broken call to PUT /api/v1/asset-usage-event that was not providing usage count per request

  • fixed the sort of the merged arrays in expansion of prohibition constraint in ODRL grooming

  • healthcheck: added schemaCreated and schemaModified timestamps into databaseInfo

  • changed lum-architecture.svg image from png to svg in developer-guide.rst

  • for unit-test runs - option to reduce logging to console to error level $COUT_LEVEL=error

  • added debug level and the logger level to exclude debug

  • minor code cleanup

  • froze the versions in package.json

  • code coverage stats

    Stmts  81.02 %
    Branch 58.38 %
    Funcs  92.31 %
    Lines  82.5  %

Version 0.28.1, 24 October 2019


  • LUM-server now returns a single denial reason for the expiration when the right-to-use expired instead of two denials - one for non-active RTU (removed) and another one for expired (stays) (ACUMOS-3636)
  • writing a single snapshot per asset-usage-agreement and/or asset-usage-agreement-restriction change instead of two

Version 0.28.0, 23 October 2019


  • changed API and asset-usage-denial data that LUM returns (ACUMOS-3601)
    • assetUsageDenialSummary that is human readable summary for denial of the asset-usage to be shown on UI
    • unique denialReason values that contain all the keys and the constraint condition from the denial in human readable format
    • added assetUsageDenialSummary field to assetUsageHistory table in database

Version 0.27.2, 21 October 2019


  • LUM not to return denialType of the agreementNotFound when LUM returns other denials as an indication of agreements that do not match (ACUMOS-3598)
  • specific indication of permission versus prohibition in denialReason instead of generic rightToUse

Version 0.27.1, 17 October 2019


  • LUM open API spec change (for LUM Java Client) to correctly generate types for AssetUsage (ACUMOS-3082)

Version 0.27.0, 11 October 2019


  • API change - params are now passed in query instead of through path – per discussion in 0.26.4
  • added softwareLicensorId as param in query on /api/v1/asset-usage-agreement and /api/v1/asset-usage-agreement-restriction
  • applying ODRL agreement-restriction provided by the subscriber company over ODRL agreement from supplier-licensor company (ACUMOS-3222)
  • agreement APIs now return groomedAgreement for debugging
  • healthcheck: added databaseInfo with databaseVersion (to compare versus LUM server version) and databaseStarted+databaseUptime. Moved pgVersion under databaseInfo.
  • fixed false positive reporting of denials on swCatalogId/Type mismatch even when there is an intersection between swidTag and rightToUse target (ACUMOS-3506)
  • fixed-added populating the rightToUse and metrics data on assetUsageHistory table
  • using operator from constrain to evaluate the constraint instead of deducting the operator from leftOperand. Not fully flexible, but covers all use cases for Clio (ACUMOS-3507)
  • jsdoc
  • logging healthcheck requests into a separate log file when LOGDIR is provided to uncongest the main log file

Version 0.26.5, 9 October 2019

  • Open api changes to support fixes in LUM Java client - fixed typing of AssetUsageResponse and AssetUsageDenialAssetUsageDenial – Java code gen has a problem with the same property referenced by multiple schemas .. treats it as object

  • Object getAssetUsage() -> AssetUsageDenialOrEntitlement getAssetUsage()

  • List<Object> getAssetUsageDenial() ->  List<AssetUsageDenialAssetUsageDenial> getAssetUsageDenial()

  • Removed wrapper schema for assetUsageDenial #/components/schemas/AssetUsageDenials

  • Removed wrapper schemas for assetUsage property - for AssetUsageResponse schema

    - $ref: '#/components/schemas/AssetUsageResponseBase'

    - $ref: '#/components/schemas/AssetUsageMixedResponse'

    - $ref: '#/components/schemas/IncludedAssetUsageMixedResponse'

    Fix caused some overlap between AssetUsageResponseBase and AssetUsageMixedResponse.

Version 0.26.4, 7 October 2019

  • LUM integration support (ACUMOS-3534) - Added new helm chart for lum + postgresql - New environment variable DATABASE_PASSWORD to help seperate config from secret config - Updated docker-compose - to handle debugging and skipping over production build steps - Support integration with AIO / K8 / Helm chart behind nginx proxy

    • Fixed issue with nginx-proxy decoding url causing issues with encoded url as path params changed /api/v1/asset-usage-agreement/[encodedIRI] to /api/v1/asset-usage-agreement/?assetUsageAgreementId=[encodedIRI]
    • Added support for handling query param vs path param for assetUsageAgreementId
    • Added server back into lum-server-API.yaml to help with serving from different base path after adding nginx proxy
    • Fixed docker-compose debugging and reloading after adding multi-stage build
    • Added support for base url to be under /lum/ and support servers dropdown in swagger ui
    • Bug in swagger lint - disabled rule server-trailing-slash – caused error for server /

Version 0.26.3, 1 October 2019

  • Added support for nodemon support for faster reloads in docker container
  • adding examples to make dredd apiary happy easier to test
  • docker build change to use multi stage builds
  • Include open api spec lint to docker build
  • Clean up API for open api lint errors
  • Update eslint
  • Reserved variable name - package changed to pkg
  • Adding .dockerignore to ensure node_modules are installed in docker not locally

Version 0.26.2, 30 September 2019


  • bringing ODRL (ACUMOS-3219) (ACUMOS-3060)
  • added openAPI spec for ODRL agreement, permission, prohibition, refinement on target, assignee and constraints
  • added a few examples to openAPI spec
  • support for the ODRL variety of structures on the rightOperand and action
  • the new concept of grooming the agreement and merging the constraints keyed by leftOperand on the load of agreement instead of storing all the constraints and applying all of them at the matching and usage constraint evaluation steps
  • LUM-server now finds the rightToUse under agreement for the swidTag on the asset-usage, returns either the entitlement with keys of the assetUsageDenial with the details of denial (ACUMOS-3040) (ACUMOS-3042)
  • LUM is using the “use” action that is equivalent to any action as soon as we bring prohibition to agreement. LUM does not need to know all the possible action values. The count constraint for action: “use” will be the total count for any action value, rather than separate count per each action value. LUM will apply either the constraint on specific action, or the constraint on “use” when the specific action not found.
  • LUM always resolves the conflict between prohibition and permission in favor of prohibition. That is not be controlled by the ODRL conflict clause. No need for RTU editor to convert the prohibition into permission with count = 0 constraint.
  • new and changed values for denialType: swidTagNotFound, swidTagRevoked, licenseProfileNotFound, licenseProfileRevoked, agreementNotFound, rightToUseRevoked, usageProhibited, matchingConstraintOnAssignee, matchingConstraintOnTarget, timingConstraint, usageConstraint
  • added deniedMetrics to denials to report the current stats that caused the denial
  • minimalistic validation of input data on agreement and permission/prohibition to make sure they have the uid values on them. Otherwise, LUM-server returns http status 400. More validation is due later
  • reports show the latest denials based on ODRL agreement (ACUMOS-3229)
  • jsdoc - work in progress


  • including softwareLicensorId as partial PK on assetUsageAgreement, rightToUse, snapshot tables
  • storing groomedAgreement in assetUsageAgreement
  • changed PK on rightToUse to uuid (assetUsageRuleId) - not trusting rightToUseId received from outside LUM to be globally unique
  • rightToUse now contains the groomed targetRefinement, assigneeRefinement, usageConstraints and assigneeMetrics - dicts to easily find the matching right-to-use for the swidTag
  • removed the no longer needed tables swToRtu, matchingConstraint, usageConstraint
    • that was possible due to the new concept of merging the constraints
    • using SQL to find the matching rightToUse on the fly instead
    • using JSON functionality of Postgres
  • renamed table rtuUsage to usageMetrics
  • storing LUM version into database table lumInfo

Version 0.25.2, 13 September 2019


  • added first denials (ACUMOS-3061)
  • return http status 402 for denied assetUsage
  • refactored iteration over the assetUsages
  • refactored SqlParams class
  • node:10.16.3-alpine
  • moved eslintrc into package.json as eslintConfig
  • removed assetUsageDenial table from DDL - denials are stored in assetUsageHistory
  • new denialType for licenseProfileNotFound
  • renamed denialType for swidTagNotFound from swTagIdNotFound
  • new denialType for revoked state of swidTag, licenseProfile
  • new denialType for not active state of assetUsageAgreement
  • unrestricted asset-usage flow for software creators (ACUMOS-3063)
  • added isUsedBySwCreator flag to assetUsage API and assetUsageHistory
  • minor changes to API
  • jsdoc - work in progress

Version 0.23.1, 11 September 2019


  • Fixed allOfWarnings - required changes to swagger
  • bumped version to 0.23.1 for all components
  • Removed user from lum-db setup
  • Add support for development without docker

Version 0.23.0, 09 September 2019

local dev setup fixes

  • Setup NodeJS server to work without docker for quicker debugging
  • adding .gitignore to not include local folders / files that are only for development

first incarnation of the lum-server with basic functionality of API

  • API for lum-server (ACUMOS-3342)
    • improved API definition
    • openapi-ui on lum-server
  • Posgres database initdb and setup (ACUMOS-3006)
    • defined DDL for the database

first iteration of APIs on lum-server

  • basic CRUD on swid-tag combined with license-profile (ACUMOS-3035)
  • basic CRUD on software-creators (ACUMOS-3062)
  • basic CRUD on asset-usage-agreement and asset-usage-agreement-restriction (ACUMOS-3037)
  • entitlement on asset-usage as for FOSS that does not require RTU (ACUMOS-3038)
  • recording the asset-usage-event (ACUMOS-3044)
  • reporting asset-usage-tracking per software-licensor-id (ACUMOS-3230)
  • reporting the healthcheck (ACUMOS-3039)
  • using alpine versions for Postgres and node.js
  • eslint clean with disabled require-atomic-updates
  • run eslint in docker build

What is not done yet

  • asset-usage-agreement and asset-usage-agreement-restriction are just objects
  • no RTUs, no matching, no usage constraints
  • no relation between the asset-usage-agreement and swid-tag
  • no denials - everything is entitled so far

Version 0.20.0, 29 August 2019

defining LUM API in lum_server-API.yaml (ACUMOS-3342.)

  • fix for tracking
  • not using oneOf that breaks the java code gen
  • merged softwareCreators into swid-tag as swCreators [userId]
  • using http code 204 with no body for record not found. Header fields are returned for requestId, requested, status, params
  • using http code 224 for record revoked
  • req body for revoke-delete - should we use header instead ?
  • healthcheck api
  • removed userRole and userInfo
  • asset-usage-agreement - better structure
  • asset-usage-agreement-restriction - improvements
  • asset-usage-event data
  • having revision numbers on responses

back to LUM index