mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 19:59:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into switch_to_opencontainer_annotation

Browse Source
This commit is contained in:
Willy Kloucek
2021-02-02 10:57:49 +01:00
parent f6763be9f0 2c793fb1d9
commit 2af8d92b42
327 changed files with 10947 additions and 7056 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.codacy.yml
View File

@@ -8,8 +8,8 @@ exclude_paths:
- 'docs/**'
- '**/docs/**'
- '**/pkg/proto/**'
- 'konnectd/ui_config/**'
- 'konnectd/scripts/**'
- 'idp/ui_config/**'
- 'idp/scripts/**'
- 'settings/rollup.config.js'
- 'accounts/rollup.config.js'
- 'ocis/docker/eos-ocis/Dockerfile'

4
.drone.env
View File

@@ -1,7 +1,7 @@
# The test runner source for API tests
CORE_COMMITID=e7189eab94075c4edac75f3e86f96ae1f6826170
CORE_COMMITID=55a37041b0f4b466656534128ab8ec3624723b4a
CORE_BRANCH=master
# The test runner source for UI tests
WEB_COMMITID=a5f4dfab62aa036d7933f1286485e122e670b3ef
WEB_COMMITID=fb92fed62c2ff2cd6d379a00257f64f1feab1285
WEB_BRANCH=master

143
.drone.star
View File

@@ -2,7 +2,7 @@ config = {
'modules': {
'accounts': 'frontend',
'glauth':'',
'konnectd':'',
'idp':'',
'ocis': '',
'web':'',
'ocis-pkg':'',
@@ -185,8 +185,7 @@ def main(ctx):
build_release_helpers = [
changelog(ctx),
docs(ctx),
refreshDockerBadges(ctx),
updateDeployment(ctx),
refreshDockerBadges(ctx)
]
if ctx.build.event == "cron":
@@ -195,7 +194,7 @@ def main(ctx):
purgeBuildArtifactCache(ctx, 'ocis-binary-amd64'),
testPipelines(ctx)
)
]
] + example_deploys(ctx)
elif \
(ctx.build.event == "pull_request" and '[docs-only]' in ctx.build.title) \
@@ -214,6 +213,14 @@ def main(ctx):
pipelines = test_pipelines + build_release_pipelines + build_release_helpers
pipelines = \
pipelines + \
pipelinesDependsOn(
example_deploys(ctx),
pipelines
)
# always append notification step
pipelines.append(
pipelineDependsOn(
@@ -237,10 +244,10 @@ def testOcisModules(ctx):
def testPipelines(ctx):
pipelines = [
localApiTests(ctx, 'owncloud', 'apiOcisSpecific'),
localApiTests(ctx, 'ocis', 'apiOcisSpecific'),
localApiTests(ctx, 'owncloud', 'apiBasic', 'default'),
localApiTests(ctx, 'ocis', 'apiBasic', 'default')
localApiTests(ctx, 'owncloud', 'apiBugDemonstration'),
localApiTests(ctx, 'ocis', 'apiBugDemonstration'),
localApiTests(ctx, 'owncloud', 'apiAccountsHashDifficulty', 'default'),
localApiTests(ctx, 'ocis', 'apiAccountsHashDifficulty', 'default')
]
for runPart in range(1, config['apiTests']['numberOfParts'] + 1):
@@ -430,7 +437,7 @@ def uploadCoverage(ctx):
},
}
def localApiTests(ctx, storage = 'owncloud', suite = 'apiOcisSpecific', accounts_hash_difficulty = 4):
def localApiTests(ctx, storage = 'owncloud', suite = 'apiBugDemonstration', accounts_hash_difficulty = 4):
return {
'kind': 'pipeline',
'type': 'docker',
@@ -1273,39 +1280,6 @@ def makeGenerate(module):
}
]
def updateDeployment(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'updateDeployment',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'webhook',
'image': 'plugins/webhook:1',
'settings': {
'username': {
'from_secret': 'webhook_username',
},
'password': {
'from_secret': 'webhook_password',
},
'method': 'GET',
'urls': 'https://ocis.owncloud.works/hooks/update-ocis',
}
}
],
'depends_on': getPipelineNames(dockerReleases(ctx) + binaryReleases(ctx)),
'trigger': {
'ref': [
'refs/heads/master',
],
}
}
def notify(ctx):
return {
'kind': 'pipeline',
@@ -1377,8 +1351,8 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes=[]):
'STORAGE_SHARING_USER_JSON_FILE': '/srv/app/tmp/ocis/shares.json',
'PROXY_ENABLE_BASIC_AUTH': True,
'WEB_UI_CONFIG': '/drone/src/tests/config/drone/ocis-config.json',
'KONNECTD_IDENTIFIER_REGISTRATION_CONF': '/drone/src/tests/config/drone/identifier-registration.yml',
'KONNECTD_TLS': 'true',
'IDP_IDENTIFIER_REGISTRATION_CONF': '/drone/src/tests/config/drone/identifier-registration.yml',
'IDP_TLS': 'true',
'OCIS_LOG_LEVEL': 'warn',
}
@@ -1467,6 +1441,87 @@ def build():
},
]
def example_deploys(ctx):
latest_configs = [
'cs3_users_ocis/latest.yml',
'ocis_keycloak/latest.yml',
'ocis_traefik/latest.yml',
]
released_configs = [
'cs3_users_ocis/released.yml',
'ocis_keycloak/released.yml',
'ocis_traefik/released.yml',
]
# if on master branch:
configs = latest_configs
rebuild = "false"
if ctx.build.event == "tag":
configs = released_configs
rebuild = 'false'
if ctx.build.event == "cron":
configs = latest_configs + released_configs
rebuild = 'true'
deploys = []
for config in configs:
deploys.append(deploy(ctx, config, rebuild))
return deploys
def deploy(ctx, config, rebuild):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'deploy_%s' % (config),
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'clone continuous deployment playbook',
'image': 'alpine/git',
'commands': [
'cd deployments/continuous-deployment-config',
'git clone https://github.com/owncloud-devops/continuous-deployment.git',
]
},
{
'name': 'deploy',
'image': 'owncloudci/drone-ansible',
'failure': 'ignore',
'environment': {
'CONTINUOUS_DEPLOY_SERVERS_CONFIG': '../%s' % (config),
"REBUILD": '%s' % (rebuild),
'HCLOUD_API_TOKEN': {
'from_secret': 'hcloud_api_token'
},
'CLOUDFLARE_API_TOKEN': {
'from_secret': 'cloudflare_api_token'
}
},
'settings': {
'playbook': 'deployments/continuous-deployment-config/continuous-deployment/playbook-all.yml',
'galaxy': 'deployments/continuous-deployment-config/continuous-deployment/requirements.yml',
'requirements': 'deployments/continuous-deployment-config/continuous-deployment/py-requirements.txt',
'inventory': 'localhost',
'private_key': {
'from_secret': 'ssh_private_key'
}
}
},
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/v*',
],
},
}
def genericCache(name, action, mounts, cache_key):
rebuild = 'false'
restore = 'false'

32
.github/dependabot.yml vendored Normal file
View File

@@ -0,0 +1,32 @@
version: 2
updates:
- package-ecosystem: "gomod"
directory: "/ocis"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "npm"
directory: "/accounts"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "npm"
directory: "/settings"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "npm"
directory: "/onlyoffice"
schedule:
interval: "weekly"
open-pull-requests-limit: 10
- package-ecosystem: "npm"
directory: "/idp"
schedule:
interval: "weekly"
open-pull-requests-limit: 10

2
.github/pull_request_template.md vendored
View File

@@ -7,7 +7,7 @@ For fixing potential security issues please see https://owncloud.org/security/
To make it possible for us to get your change reviewed and merged please carefully fill out the requested information below.
Please note that any kind of change needs first be submitted to the master branch which holds the next version of OCIS.
Please note that any kind of change needs first be submitted to the master branch which holds the next version of oCIS.
Please set the following labels:

2
.github/settings.yml vendored
View File

@@ -39,7 +39,7 @@ branches:
require_code_owner_reviews: false
dismissal_restrictions: {}
required_status_checks:
strict: true
strict: false
contexts:
- continuous-integration/drone/pr
enforce_admins: false

2
.gitignore vendored
View File

@@ -14,7 +14,7 @@ node_modules/
yarn-error.log
# Konnectd
konnectd/assets/identifier
idp/assets/identifier
# Composer - used for API acceptance tests
composer.lock

155
CHANGELOG.md
View File

@@ -2,7 +2,74 @@
The following sections list the changes for unreleased.
[unreleased]: https://github.com/owncloud/ocis/compare/v1.0.0...master
[unreleased]: https://github.com/owncloud/ocis/compare/v1.1.0...master
## Summary
* Bugfix - Check if roles are present in user object before looking those up: [#1388](https://github.com/owncloud/ocis/pull/1388)
* Bugfix - Fix etcd address configuration: [#1546](https://github.com/owncloud/ocis/pull/1546)
* Change - Move runtime code on refs/pman over to owncloud/ocis/ocis: [#1483](https://github.com/owncloud/ocis/pull/1483)
* Enhancement - Use a default protocol parameter instead of explicitly disabling tus: [#1331](https://github.com/cs3org/reva/pull/1331)
* Enhancement - Functionality to map home directory to different storage providers: [#1186](https://github.com/owncloud/ocis/pull/1186)
* Enhancement - Update reva to v1.5.2-0.20210125114636-0c10b333ee69: [#1482](https://github.com/owncloud/ocis/pull/1482)
## Details
* Bugfix - Check if roles are present in user object before looking those up: [#1388](https://github.com/owncloud/ocis/pull/1388)
https://github.com/owncloud/ocis/pull/1388
* Bugfix - Fix etcd address configuration: [#1546](https://github.com/owncloud/ocis/pull/1546)
The etcd server address in `MICRO_REGISTRY_ADDRESS` was not picked up when etcd was set as
service discovery registry `MICRO_REGISTRY=etcd`. Therefore etcd was only working if
available on localhost / 127.0.0.1.
https://github.com/owncloud/ocis/pull/1546
* Change - Move runtime code on refs/pman over to owncloud/ocis/ocis: [#1483](https://github.com/owncloud/ocis/pull/1483)
Tags: ocis, runtime
Currently, the runtime is under the private account of an oCIS developer. For future-proofing
we don't want oCIS mission critical components to depend on external repositories, so we're
including refs/pman module as an oCIS package instead.
https://github.com/owncloud/ocis/pull/1483
* Enhancement - Use a default protocol parameter instead of explicitly disabling tus: [#1331](https://github.com/cs3org/reva/pull/1331)
https://github.com/cs3org/reva/pull/1331
https://github.com/owncloud/ocis/pull/1374
* Enhancement - Functionality to map home directory to different storage providers: [#1186](https://github.com/owncloud/ocis/pull/1186)
We added a parameter in reva that allows us to redirect /home requests to different storage
providers based on a mapping derived from the user attributes, which was previously not
possible since we hardcode the /home path for all users. For example, having its value as
`/home/{{substr 0 1 .Username}}` can be used to redirect home requests for different users to
different storage providers.
https://github.com/owncloud/ocis/pull/1186
https://github.com/cs3org/reva/pull/1142
* Enhancement - Update reva to v1.5.2-0.20210125114636-0c10b333ee69: [#1482](https://github.com/owncloud/ocis/pull/1482)
* initial checksum support for ocis [cs3org/reva#1400](https://github.com/cs3org/reva/pull/1400)
* Use updated etag of home directory even if it is cached [cs3org/reva#1416](https://github.com/cs3org/reva/pull/#1416)
* Indicate in EOS containers that TUS is not supported [cs3org/reva#1415](https://github.com/cs3org/reva/pull/#1415)
* Get status code from recycle response [cs3org/reva#1408](https://github.com/cs3org/reva/pull/#1408)
https://github.com/owncloud/ocis/pull/1482
https://github.com/cs3org/reva/pull/1400
https://github.com/cs3org/reva/pull/1416
https://github.com/cs3org/reva/pull/1415
https://github.com/cs3org/reva/pull/1408
# Changelog for [1.1.0] (2021-01-22)
The following sections list the changes for 1.1.0.
[1.1.0]: https://github.com/owncloud/ocis/compare/v1.0.0...v1.1.0
## Summary
@@ -16,6 +83,7 @@ The following sections list the changes for unreleased.
* Enhancement - Add OCIS_URL env var: [#1148](https://github.com/owncloud/ocis/pull/1148)
* Enhancement - Use sync.cache for roles cache: [#1367](https://github.com/owncloud/ocis/pull/1367)
* Enhancement - Add named locks and refactor cache: [#1212](https://github.com/owncloud/ocis/pull/1212)
* Enhancement - Update reva to v1.5.1: [#1372](https://github.com/owncloud/ocis/pull/1372)
* Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: [#1194](https://github.com/owncloud/ocis/pull/1194)
## Details
@@ -59,7 +127,7 @@ The following sections list the changes for unreleased.
Tags: performance, testing, k6
The ownCloud performance tests can not only be used to test ocis. This is why we have decided to
The ownCloud performance tests can not only be used to test oCIS. This is why we have decided to
move the k6 tests to https://github.com/owncloud/cdperf
https://github.com/owncloud/ocis/pull/1358
@@ -104,10 +172,10 @@ The following sections list the changes for unreleased.
default `https://localhost:9200` and remote deployment with `OCIS_URL` which is evaluated
as a fallback if `KONNECTD_ISS` is not set.
An OCIS server can now be started on a remote machine as easy as
An oCIS server can now be started on a remote machine as easy as
`OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server`.
Note that the `OCIS_DOMAIN` environment variable is not used by ocis, but by the docker
Note that the `OCIS_DOMAIN` environment variable is not used by oCIS, but by the docker
containers.
https://github.com/owncloud/ocis/pull/1148
@@ -139,6 +207,81 @@ The following sections list the changes for unreleased.
https://github.com/owncloud/ocis/issues/966
https://github.com/owncloud/ocis/pull/1212
* Enhancement - Update reva to v1.5.1: [#1372](https://github.com/owncloud/ocis/pull/1372)
Summary -------
* Fix #1401: Use the user in request for deciding the layout for non-home DAV requests
* Fix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
* Fix #1399: Fix ocis trash-bin purge
* Enh #1397: Bump the Copyright date to 2021
* Enh #1398: Support site authorization status in Mentix
* Enh #1393: Allow setting favorites, mtime and a temporary etag
* Enh #1403: Support remote cloud gathering metrics
Details -------
* Bugfix #1401: Use the user in request for deciding the layout for non-home DAV requests
For the incoming /dav/files/userID requests, we have different namespaces depending on
whether the request is for the logged-in user's namespace or not. Since in the storage drivers,
we specify the layout depending only on the user whose resources are to be accessed, this fails
when a user wants to access another user's namespace when the storage provider depends on the
logged in user's namespace. This PR fixes that.
For example, consider the following case. The owncloud fs uses a layout {{substr 0 1
.Id.OpaqueId}}/{{.Id.OpaqueId}}. The user einstein sends a request to access a resource
shared with him, say /dav/files/marie/abcd, which should be allowed. However, based on the
way we applied the layout, there's no way in which this can be translated to /m/marie/.
Https://github.com/cs3org/reva/pull/1401
* Bugfix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
And git SHA to the release tool.
Https://github.com/cs3org/reva/pull/1413
* Bugfix #1399: Fix ocis trash-bin purge
Fixes the empty trash-bin functionality for ocis-storage
Https://github.com/owncloud/product/issues/254
https://github.com/cs3org/reva/pull/1399
* Enhancement #1397: Bump the Copyright date to 2021
Https://github.com/cs3org/reva/pull/1397
* Enhancement #1398: Support site authorization status in Mentix
This enhancement adds support for a site authorization status to Mentix. This way, sites
registered via a web app can now be excluded until authorized manually by an administrator.
Furthermore, Mentix now sets the scheme for Prometheus targets. This allows us to also support
monitoring of sites that do not support the default HTTPS scheme.
Https://github.com/cs3org/reva/pull/1398
* Enhancement #1393: Allow setting favorites, mtime and a temporary etag
We now let the oCIS driver persist favorites, set temporary etags and the mtime as arbitrary
metadata.
Https://github.com/owncloud/ocis/issues/567
https://github.com/cs3org/reva/issues/1394
https://github.com/cs3org/reva/pull/1393
* Enhancement #1403: Support remote cloud gathering metrics
The current metrics package can only gather metrics either from json files. With this feature,
the metrics can be gathered polling the http endpoints exposed by the owncloud/nextcloud
sciencemesh apps.
Https://github.com/cs3org/reva/pull/1403
https://github.com/owncloud/ocis/pull/1372
* Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: [#1194](https://github.com/owncloud/ocis/pull/1194)
* Enhancement: calculate and expose actual file permission set [cs3org/reva#1368](https://github.com/cs3org/reva/pull/1368)
@@ -2130,7 +2273,7 @@ The following sections list the changes for 1.0.0.
Furthermore, we not only take care of such a thing at the Proxy but also Reva will take care of it.
In addition, we now are able to lock-in a set of User-Agent to specific challenges.
Admins can use this feature by configuring OCIS + Reva following this approach:
Admins can use this feature by configuring oCIS + Reva following this approach:
``` STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT="mirall:basic,
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101
@@ -2144,6 +2287,6 @@ The following sections list the changes for 1.0.0.
`STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT` as well as
`PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT`, The reason they have the same value
is not to rely on the os env on a distributed environment, so in redundancy we trust. They both
configure the same on the backend storage and OCIS Proxy.
configure the same on the backend storage and oCIS Proxy.
https://github.com/owncloud/ocis/pull/1009

2
Makefile
View File

@@ -15,7 +15,7 @@ RESET := $(shell tput -Txterm sgr0)
OCIS_MODULES = \
accounts \
glauth \
konnectd \
idp \
ocis \
ocis-pkg \
ocs \

2
accounts/go.mod
View File

@@ -7,7 +7,7 @@ require (
contrib.go.opencensus.io/exporter/ocagent v0.6.0
contrib.go.opencensus.io/exporter/zipkin v0.1.1
github.com/cs3org/go-cs3apis v0.0.0-20201118090759-87929f5bae21
github.com/cs3org/reva v1.4.1-0.20210111080247-f2b63bfd6825
github.com/cs3org/reva v1.5.2-0.20210125114636-0c10b333ee69
github.com/go-chi/chi v4.1.2+incompatible
github.com/go-chi/render v1.0.1
github.com/gofrs/uuid v3.3.0+incompatible

56
accounts/go.sum
View File

@@ -185,8 +185,8 @@ github.com/cs3org/go-cs3apis v0.0.0-20201118090759-87929f5bae21 h1:mZpylrgnCgSea
github.com/cs3org/go-cs3apis v0.0.0-20201118090759-87929f5bae21/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
github.com/cs3org/reva v1.2.2-0.20200924071957-e6676516e61e h1:khITGSnfDXtByQsLezoXgocUgGHJBBn0BPsUihGvk7w=
github.com/cs3org/reva v1.2.2-0.20200924071957-e6676516e61e/go.mod h1:DOV5SjpOBKN+aWfOHLdA4KiLQkpyC786PQaXEdRAZ0M=
github.com/cs3org/reva v1.4.1-0.20210111080247-f2b63bfd6825 h1:U6pAVGTjesstz+EXd8+YpIG1xwKH1ovOXdWrMCvnopw=
github.com/cs3org/reva v1.4.1-0.20210111080247-f2b63bfd6825/go.mod h1:abC1Lo0ZKwkKloomTPZWunV/lUJvewkty1pI41zn2Ic=
github.com/cs3org/reva v1.5.2-0.20210125114636-0c10b333ee69 h1:HNpnnhoHv/7fUSEuW37clWyPz2x9VqJHuhvWBAHjkEU=
github.com/cs3org/reva v1.5.2-0.20210125114636-0c10b333ee69/go.mod h1:abC1Lo0ZKwkKloomTPZWunV/lUJvewkty1pI41zn2Ic=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -215,9 +215,7 @@ github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg
github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/evanphx/json-patch/v5 v5.0.0 h1:dKTrUeykyQwKb/kx7Z+4ukDs6l+4L41HqG1XHnhX7WE=
github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
github.com/eventials/go-tus v0.0.0-20200718001131-45c7ec8f5d59 h1:t2+zxJPT/jq/YOx/JRsoByAZI/GHOxYJ7MKeillEX4U=
github.com/eventials/go-tus v0.0.0-20200718001131-45c7ec8f5d59/go.mod h1:XYuK1S5+kS6FGhlIUFuZFPvWiSrOIoLk6+ro33Xce3Y=
github.com/exoscale/egoscale v0.18.1/go.mod h1:Z7OOdzzTOz1Q1PjQXumlz9Wn/CddH0zSYdCF3rnBKXE=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
@@ -226,7 +224,6 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
github.com/forestgiant/sliceutil v0.0.0-20160425183142-94783f95db6c/go.mod h1:pFdJbAhRf7rh6YYMUdIQGyzne6zYL1tCUW8QV2B3UfY=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
@@ -237,7 +234,6 @@ github.com/gizak/termui/v3 v3.1.0 h1:ZZmVDgwHl7gR7elfKf1xc4IudXZ5qqfDh4wExk4Iajc
github.com/gizak/termui/v3 v3.1.0/go.mod h1:bXQEBkJpzxUAKf0+xq9MSWAvWZlE7c+aidmyFlkYTrY=
github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0=
github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
github.com/go-acme/lego/v3 v3.4.0 h1:deB9NkelA+TfjGHVw8J7iKl/rMtffcGMWSMmptvMv0A=
github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M=
github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
@@ -261,7 +257,6 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2
github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-ldap/ldap/v3 v3.2.3 h1:FBt+5w3q/vPVPb4eYMQSn+pOiz4zewPamYhlGMmc7yM=
github.com/go-ldap/ldap/v3 v3.2.3/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
github.com/go-ldap/ldap/v3 v3.2.4 h1:PFavAq2xTgzo/loE8qNXcQaofAaqIpI4WgaLdv+1l3E=
github.com/go-ldap/ldap/v3 v3.2.4/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
@@ -278,11 +273,8 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me
github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible/go.mod h1:qf9acutJ8cwBUhm1bqgz6Bei9/C/c93FPDljKWwsOgM=
github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee h1:s+21KNqlpePfkah2I+gwHF8xmJWRjooY+5248k6m4A0=
github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo=
github.com/gobwas/pool v0.2.0 h1:QEmUOlnSjWtnpRGHF3SauEiOsy82Cup83Vf2LcMlnc8=
github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw=
github.com/gobwas/ws v1.0.3 h1:ZOigqf7iBxkA4jdQ3am7ATzdlOFp9YzA6NmuvEEZc9g=
github.com/gobwas/ws v1.0.3/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM=
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
@@ -319,7 +311,6 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU
github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0=
github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
@@ -336,7 +327,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.5.0 h1:/QaMHBdZ26BB3SSst0Iwl10Epc+xhTquomWX0oZEB6w=
github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
@@ -347,7 +337,6 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.2 h1:EVhdT+1Kseyi1/pUmXKaFxYsDNy9RQYkMWRH68J/W7Y=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -359,7 +348,6 @@ github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORR
github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw=
github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
github.com/gorilla/handlers v1.4.2 h1:0QniY0USkHQ1RGCLfKxeNHK9bkDHGRYGNDFBCS+YARg=
github.com/gorilla/handlers v1.4.2/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ=
github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
@@ -408,11 +396,9 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
github.com/haya14busa/goverage v0.0.0-20180129164344-eec3514a20b5 h1:FdBGmSkD2QpQzRWup//SGObvWf2nq89zj9+ta9OvI3A=
github.com/haya14busa/goverage v0.0.0-20180129164344-eec3514a20b5/go.mod h1:0YZ2wQSuwviXXXGUiK6zXzskyBLAbLXhamxzcFHSLoM=
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0=
github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
github.com/huandu/xstrings v1.3.0 h1:gvV6jG9dTgFEncxo+AF7PH6MZXi/vZl25owA/8Dg8Wo=
github.com/huandu/xstrings v1.3.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
@@ -431,7 +417,6 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i
github.com/jedib0t/go-pretty v4.3.0+incompatible/go.mod h1:XemHduiw8R651AF9Pt4FwCTKeG3oo7hrHJAoznj9nag=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc=
github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -458,7 +443,6 @@ github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd h1:Coekwdh0v
github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/cpuid v1.2.3 h1:CCtW0xUnWGVINKvE/WWOYKdsPV6mawAtvQuSl8guwQs=
github.com/klauspost/cpuid v1.2.3/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
github.com/kolo/xmlrpc v0.0.0-20190717152603-07c4ee3fd181/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
@@ -466,7 +450,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3
github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0 h1:s5hAObm+yFO5uHYt5dYjxi2rXrsnmRpJx4OYvIWUaQs=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -490,13 +473,11 @@ github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czP
github.com/marten-seemann/chacha20 v0.2.0/go.mod h1:HSdjFau7GzYRj+ahFNwsO3ouVJr1HFkWoEwNDb4TMtE=
github.com/marten-seemann/qpack v0.1.0/go.mod h1:LFt1NU/Ptjip0C2CPkhimBz5CGE3WGDAUWqna+CNTrI=
github.com/marten-seemann/qtls v0.4.1/go.mod h1:pxVXcHHw1pNIt8Qo0pwSYQEoZ8yYOOPXTCZLQQunvRc=
github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.7 h1:bQGKb3vps/j0E9GfJQ03JyhRuxsvdAanXlT9BTw3mdw=
github.com/mattn/go-colorable v0.1.7/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84=
@@ -507,7 +488,6 @@ github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
github.com/mattn/go-runewidth v0.0.3/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
github.com/mattn/go-runewidth v0.0.6/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54=
github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
@@ -543,14 +523,11 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX
github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
github.com/mitchellh/hashstructure v1.0.0 h1:ZkRJX1CyOoTkar7p/mLS5TZU4nJ1Rn/F8u9dGS02Q3Y=
github.com/mitchellh/hashstructure v1.0.0/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1DutKwClXU/ABz6AQ=
github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.3.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
@@ -601,9 +578,7 @@ github.com/olekukonko/tablewriter v0.0.1/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXW
github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8=
github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
@@ -617,7 +592,6 @@ github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJ
github.com/openzipkin/zipkin-go v0.2.2 h1:nY8Hti+WKaP0cRsSeQ026wU03QsM762XBeCXBb9NAWI=
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/oracle/oci-go-sdk v7.0.0+incompatible/go.mod h1:VQb79nF8Z2cwLkLS35ukwStZIg5F66tcBccjip/j888=
github.com/ory/fosite v0.33.0 h1:tK+3Luazv4vIBJY3uagOBryAQ3IG3cs6kfo8piGBhAY=
github.com/ory/fosite v0.33.0/go.mod h1:h+ize9gk0GvRyGjabriqSEmTkMhny+O95cijb8DVqPE=
github.com/ory/fosite v0.35.1 h1:mGPcwVGwHA7Yy9wr/7LDps6BEXyavL32NxizL9eH53Q=
github.com/ory/fosite v0.35.1/go.mod h1:h+ize9gk0GvRyGjabriqSEmTkMhny+O95cijb8DVqPE=
@@ -640,7 +614,6 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g=
github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pelletier/go-toml v1.8.0 h1:Keo9qb7iRJs2voHvunFtuuYFsbWeOBh8/P9v/kVMFtw=
github.com/pelletier/go-toml v1.8.0/go.mod h1:D6yutnOGMveHEPV7VQOuvI/gXY61bv+9bAOTRnLElKs=
@@ -654,7 +627,6 @@ github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6J
github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI=
github.com/pkg/term v0.0.0-20200520122047-c3ffed290a03/go.mod h1:Z9+Ul5bCbBKnbCvdOWbLqTHhJiYV414CURZJba6L8qA=
github.com/pkg/term v1.1.0/go.mod h1:E25nymQcrSllhX42Ok8MRm1+hyBdHY0dCeiKZ9jpNGw=
github.com/pkg/xattr v0.4.1 h1:dhclzL6EqOXNaPDWqoeb9tIxATfBSmjqL0b4DpSjwRw=
github.com/pkg/xattr v0.4.1/go.mod h1:W2cGD0TBEus7MkUgv0tNZ9JutLtVO3cXu+IBRuHqnFs=
github.com/pkg/xattr v0.4.2 h1:fbVxr9lvkToTGgPljVszvFsOdcbSv5BmGABneyxRgZM=
github.com/pkg/xattr v0.4.2/go.mod h1:sBD3RAqlr8Q+RC3FutZcikpT8nyDrIEEBw2J744gVWs=
@@ -713,7 +685,6 @@ github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
github.com/sacloud/libsacloud v1.26.1/go.mod h1:79ZwATmHLIFZIMd7sxA3LwzVy/B77uj3LDoToVTxDoQ=
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
@@ -735,19 +706,15 @@ github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E=
github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72 h1:qLC7fQah7D6K1B0ujays3HV9gkFtllcxhzImRR7ArPQ=
github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/afero v1.2.2 h1:5jhuqJyZCZf2JRofRvN/nIFgIWNzPa3/Vz8mYylgbWc=
github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
github.com/spf13/afero v1.3.2 h1:GDarE4TJQI52kYSbSAmLiId1Elfj+xgSDqrUZxFhxlU=
github.com/spf13/afero v1.3.2/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4=
github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cast v1.3.1 h1:nFm6S0SMdyzrzcmThSipiEubIDy8WEXKNZ0UOgiRpng=
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v1.0.0 h1:6m/oheQuQ13N9ks4hubMG6BnvwOeaJrqSPLahSnczz8=
github.com/spf13/cobra v1.0.0/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
@@ -773,7 +740,6 @@ github.com/studio-b12/gowebdav v0.0.0-20200303150724-9380631c29a1/go.mod h1:gCcf
github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s=
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
github.com/technoweenie/multipartstreamer v1.0.1/go.mod h1:jNVxdtShOxzAsukZwTSw6MDx5eUJoiEBsSvzDU9uzog=
github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
@@ -786,7 +752,6 @@ github.com/tomasen/realip v0.0.0-20180522021738-f0c99a92ddce/go.mod h1:o8v6yHRoi
github.com/transip/gotransip v0.0.0-20190812104329-6d8d9179b66f/go.mod h1:i0f4R4o2HM0m3DZYQWsj6/MEowD57VzoH0v3d7igeFY=
github.com/tredoe/fileutil v1.0.0/go.mod h1:PBayWPFCURwkmW0u6E8E8C6Jtd9ZzWq/U1iMa6BLRPg=
github.com/tredoe/goutil v0.0.0-20200111155331-68cefb6d3cdc/go.mod h1:dp4VPOLeEFYbsf1ikgd+uytWDnpCdMiTHMg6mh7hHuQ=
github.com/tredoe/osutil v1.0.5 h1:mfXjHBJU46GoJDOUcHyV895fauUuVikR9U8yRbGBrqw=
github.com/tredoe/osutil v1.0.5/go.mod h1:DDO4G4Mwys6NJi5JmEVLnfFbQWIfVVri8L6HuXb/v98=
github.com/tus/tusd v1.1.0/go.mod h1:3DWPOdeCnjBwKtv98y5dSws3itPqfce5TVa0s59LRiA=
github.com/tus/tusd v1.1.1-0.20200416115059-9deabf9d80c2 h1:rcji4q9wMuSrz0tZt3kgIr/3WsB5kUqFja6RrgeCGEo=
@@ -825,7 +790,6 @@ go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4 h1:LYy1Hy3MJdrCdMwwzxA/dRok4ejH+RwNGbuoD9fCjto=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.5 h1:dntmOdLpSpHlVqbW5Eay97DelsZHe+55D+xC6i0dDS0=
go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
@@ -866,7 +830,6 @@ golang.org/x/crypto v0.0.0-20200320181102-891825fb96df/go.mod h1:LzIPMQfyMNhhGPh
golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899 h1:DZhuSZLsGlFL4CmhA8BcRA0mnthyA/nZ00AqCUo7vHg=
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -899,7 +862,6 @@ golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKG
golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
@@ -939,7 +901,6 @@ golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -954,7 +915,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA=
@@ -1010,22 +970,17 @@ golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o=
golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1 h1:ogLJMz+qpzav7lGMh10LMvAkM/fAoGlaiiHYiFYdm80=
golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666 h1:gVCS+QOncANNPlmlO1AhlU3oxs4V9z+gTtPwIk3p2N8=
golang.org/x/sys v0.0.0-20200720211630-cb9d2d5c5666/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200918174421-af09f7315aff h1:1CPUrky56AcgSpxz/KfgzQWzfG09u5YOL8MvPYBlrL8=
golang.org/x/sys v0.0.0-20200918174421-af09f7315aff/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1 h1:a/mKvvZr9Jcc8oKfcmgzyp7OwF73JPWsQLvH1z2Kxck=
golang.org/x/sys v0.0.0-20201101102859-da207088b7d1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1070,10 +1025,8 @@ golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapK
golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4 h1:kDtqNkeBrZb8B+atrj50B5XLHpzXXqcCdZPP/ApQ5NY=
golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
golang.org/x/tools v0.0.0-20200522201501-cb1345f3a375/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200721223218-6123e77877b2 h1:kxDWg8KNMtpGjI/XVKGgOtSljTnVg/PrjhS8+0pxjLE=
golang.org/x/tools v0.0.0-20200721223218-6123e77877b2/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d h1:szSOL78iTCl0LF1AMjhSWJj8tIM0KixlUUnBtYXsmd8=
golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
@@ -1126,7 +1079,6 @@ google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfG
google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece h1:1YM0uhfumvoDu9sx8+RyWwTI63zoCQvI23IYFRlvte0=
google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
google.golang.org/genproto v0.0.0-20200624020401-64a14ca9d1ad h1:uAwc13+y0Y8QZLTYhLCu6lHhnG99ecQU5FYTj8zxAng=
google.golang.org/genproto v0.0.0-20200624020401-64a14ca9d1ad/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
@@ -1159,7 +1111,6 @@ gopkg.in/h2non/gock.v1 v1.0.14/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdOD
gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdODlynE=
gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno=
gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww=
gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
@@ -1178,14 +1129,11 @@ gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bl
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c h1:grhR+C34yXImVGp7EzNk+DTIk+323eIUWOmEevy6bDo=
gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

2
accounts/package.json
View File

@@ -53,8 +53,8 @@
"ldap": "^0.7.1",
"nightwatch": "^1.3.6",
"nightwatch-api": "^3.0.1",
"node-fetch": "^2.6.1",
"nightwatch-vrt": "^0.2.10",
"node-fetch": "^2.6.1",
"qs": "^6.9.1",
"rimraf": "^3.0.0",
"rollup": "^1.28.0",

6
accounts/pkg/assets/embed.go
View File

File diff suppressed because one or more lines are too long

10
accounts/pkg/proto/v0/accounts.pb.go
View File

@@ -480,12 +480,12 @@ type Account struct {
IsResourceAccount bool `protobuf:"varint,3,opt,name=is_resource_account,json=isResourceAccount,proto3" json:"is_resource_account,omitempty"`
// Indicates whether the account was created as
// - a regular school or work account ("" / emptystring),
// - a local account, fully managed by ocis (LocalAccount), includes synced accounts or
// - a local account, fully managed by oCIS (LocalAccount), includes synced accounts or
// - an external account (Invitation),
// - self-service sign-up using email verification (EmailVerified). Read-only.
CreationType string `protobuf:"bytes,4,opt,name=creation_type,json=creationType,proto3" json:"creation_type,omitempty"`
// Represents the identities that can be used to sign in to this account.
// An identity can be provided by OCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.
// An identity can be provided by oCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.
// May contain multiple items with the same signInType value. Supports $filter.
Identities []*Identities `protobuf:"bytes,5,rep,name=identities,proto3" json:"identities,omitempty"`
// The name displayed in the address book for the account.
@@ -527,7 +527,7 @@ type Account struct {
// *false* if this object was originally synced from an on-premises directory but is no longer synced;
// null if this object has never been synced from an on-premises directory (default). Read-only
OnPremisesSyncEnabled bool `protobuf:"varint,20,opt,name=on_premises_sync_enabled,json=onPremisesSyncEnabled,proto3" json:"on_premises_sync_enabled,omitempty"`
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property is used to associate an on-premises LDAP user to the oCIS account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
OnPremisesImmutableId string `protobuf:"bytes,21,opt,name=on_premises_immutable_id,json=onPremisesImmutableId,proto3" json:"on_premises_immutable_id,omitempty"`
@@ -796,7 +796,7 @@ func (x *Account) GetSignInSessionsValidFromDateTime() *timestamp.Timestamp {
}
// Identities Represents an identity used to sign in to a user account.
// An identity can be provided by ocis, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.
// An identity can be provided by oCIS, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.
// This enables the user to sign in to the user account with any of those associated identities.
// They are also used to keep a history of old usernames.
type Identities struct {
@@ -1643,7 +1643,7 @@ type Group struct {
// null if this object has never been synced from an on-premises directory (default).
// Returned by default. Read-only. Supports $filter.
OnPremisesSyncEnabled bool `protobuf:"varint,20,opt,name=on_premises_sync_enabled,json=onPremisesSyncEnabled,proto3" json:"on_premises_sync_enabled,omitempty"`
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property is used to associate an on-premises LDAP user to the oCIS account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
OnPremisesImmutableId string `protobuf:"bytes,21,opt,name=on_premises_immutable_id,json=onPremisesImmutableId,proto3" json:"on_premises_immutable_id,omitempty"`

2
accounts/pkg/proto/v0/accounts.pb.micro_test.go
View File

@@ -126,7 +126,7 @@ func getGroup(group string) *proto.Group {
switch group {
case "sysusers":
return &proto.Group{Id: "34f38767-c937-4eb6-b847-1c175829a2a0", GidNumber: 15000, OnPremisesSamAccountName: "sysusers", DisplayName: "Technical users", Description: "A group for technical users. They should not show up in sharing dialogs.", Members: []*proto.Account{
{Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf"}, // konnectd
{Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf"}, // idp
{Id: "bc596f3c-c955-4328-80a0-60d018b4ad57"}, // reva
}}
case "users":

10
accounts/pkg/proto/v0/accounts.proto
View File

@@ -242,13 +242,13 @@ message Account {
// Indicates whether the account was created as
// - a regular school or work account ("" / emptystring),
// - a local account, fully managed by ocis (LocalAccount), includes synced accounts or
// - a local account, fully managed by oCIS (LocalAccount), includes synced accounts or
// - an external account (Invitation),
// - self-service sign-up using email verification (EmailVerified). Read-only.
string creation_type = 4;
// Represents the identities that can be used to sign in to this account.
// An identity can be provided by OCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.
// An identity can be provided by oCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.
// May contain multiple items with the same signInType value. Supports $filter.
repeated Identities identities = 5;
@@ -321,7 +321,7 @@ message Account {
// null if this object has never been synced from an on-premises directory (default). Read-only
bool on_premises_sync_enabled = 20;
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property is used to associate an on-premises LDAP user to the oCIS account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
string on_premises_immutable_id = 21;
@@ -382,7 +382,7 @@ message Account {
}
// Identities Represents an identity used to sign in to a user account.
// An identity can be provided by ocis, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.
// An identity can be provided by oCIS, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.
// This enables the user to sign in to the user account with any of those associated identities.
// They are also used to keep a history of old usernames.
message Identities {
@@ -627,7 +627,7 @@ message Group {
// Returned by default. Read-only. Supports $filter.
bool on_premises_sync_enabled = 20;
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property is used to associate an on-premises LDAP user to the oCIS account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
string on_premises_immutable_id = 21;

10
accounts/pkg/proto/v0/accounts.swagger.json
View File

@@ -568,14 +568,14 @@
},
"creation_type": {
"type": "string",
"description": "Indicates whether the account was created as\n- a regular school or work account (\"\" / emptystring),\n- a local account, fully managed by ocis (LocalAccount), includes synced accounts or\n- an external account (Invitation),\n- self-service sign-up using email verification (EmailVerified). Read-only."
"description": "Indicates whether the account was created as\n- a regular school or work account (\"\" / emptystring),\n- a local account, fully managed by oCIS (LocalAccount), includes synced accounts or\n- an external account (Invitation),\n- self-service sign-up using email verification (EmailVerified). Read-only."
},
"identities": {
"type": "array",
"items": {
"$ref": "#/definitions/settingsIdentities"
},
"description": "Represents the identities that can be used to sign in to this account.\nAn identity can be provided by OCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.\nMay contain multiple items with the same signInType value. Supports $filter."
"description": "Represents the identities that can be used to sign in to this account.\nAn identity can be provided by oCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.\nMay contain multiple items with the same signInType value. Supports $filter."
},
"display_name": {
"type": "string",
@@ -631,7 +631,7 @@
},
"on_premises_immutable_id": {
"type": "string",
"description": "This property is used to associate an on-premises LDAP user to the ocis account object.\nThis property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.\nImportant: The $ and _ characters cannot be used when specifying this property. Supports $filter."
"description": "This property is used to associate an on-premises LDAP user to the oCIS account object.\nThis property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.\nImportant: The $ and _ characters cannot be used when specifying this property. Supports $filter."
},
"on_premises_security_identifier": {
"type": "string",
@@ -815,7 +815,7 @@
},
"on_premises_immutable_id": {
"type": "string",
"description": "This property is used to associate an on-premises LDAP user to the ocis account object.\nThis property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.\nImportant: The $ and _ characters cannot be used when specifying this property. Supports $filter."
"description": "This property is used to associate an on-premises LDAP user to the oCIS account object.\nThis property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.\nImportant: The $ and _ characters cannot be used when specifying this property. Supports $filter."
},
"on_premises_security_identifier": {
"type": "string",
@@ -866,7 +866,7 @@
"description": "Specifies the unique identifier assigned to the user by the issuer. The combination of *issuer* and *issuerAssignedId* must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).\nWhen *signInType* is set to:\n* `emailAddress`, (or starts with `emailAddress` like `emailAddress1`) *issuerAssignedId* must be a valid email address\n* `userName`, issuer_assigned_id must be a valid local part of an email address\nSupports $filter. 512 character limit."
}
},
"description": "Identities Represents an identity used to sign in to a user account.\nAn identity can be provided by ocis, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.\nThis enables the user to sign in to the user account with any of those associated identities.\nThey are also used to keep a history of old usernames."
"description": "Identities Represents an identity used to sign in to a user account.\nAn identity can be provided by oCIS, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.\nThis enables the user to sign in to the user account with any of those associated identities.\nThey are also used to keep a history of old usernames."
},
"settingsListAccountsRequest": {
"type": "object",

12
accounts/pkg/service/v0/service.go
View File

@@ -236,14 +236,14 @@ func (s Service) createDefaultAccounts() (err error) {
// technical users for kopano and reva
{
Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf",
PreferredName: "konnectd",
OnPremisesSamAccountName: "konnectd",
PreferredName: "idp",
OnPremisesSamAccountName: "idp",
Mail: "idp@example.org",
DisplayName: "Kopano Konnectd",
DisplayName: "Kopano IDP",
UidNumber: 10000,
GidNumber: 15000,
PasswordProfile: &proto.PasswordProfile{
Password: "$2a$11$ntoTP2W/kyQIuoYpH5mRBuNzaEERYWSwn/zCsY5rtffen4d41y9.6",
Password: "$2y$12$ywfGLDPsSlBTVZU0g.2GZOPO8Wap3rVOpm8e3192VlytNdGWH7x72",
},
AccountEnabled: true,
MemberOf: []*proto.Group{
@@ -309,7 +309,7 @@ func (s Service) createDefaultAccounts() (err error) {
for _, accountID := range []string{
"058bff95-6708-4fe5-91e4-9ea3d377588b", //moss
"ddc2004c-0977-11eb-9d3f-a793888cd0f8", //admin
"820ba2a1-3f54-4538-80a4-2d73007e30bf", //konnectd
"820ba2a1-3f54-4538-80a4-2d73007e30bf", //idp
"bc596f3c-c955-4328-80a0-60d018b4ad57", //reva
} {
assignRoleToUser(accountID, settings_svc.BundleUUIDRoleAdmin, s.RoleService, s.log)
@@ -327,7 +327,7 @@ func (s Service) createDefaultAccounts() (err error) {
func (s Service) createDefaultGroups() (err error) {
groups := []proto.Group{
{Id: "34f38767-c937-4eb6-b847-1c175829a2a0", GidNumber: 15000, OnPremisesSamAccountName: "sysusers", DisplayName: "Technical users", Description: "A group for technical users. They should not show up in sharing dialogs.", Members: []*proto.Account{
{Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf"}, // konnectd
{Id: "820ba2a1-3f54-4538-80a4-2d73007e30bf"}, // idp
{Id: "bc596f3c-c955-4328-80a0-60d018b4ad57"}, // reva
}},
{Id: "509a9dcd-bb37-4f4f-a01a-19dca27d9cfa", GidNumber: 30000, OnPremisesSamAccountName: "users", DisplayName: "Users", Description: "A group every normal user belongs to.", Members: []*proto.Account{

2
accounts/templates/CONFIGURATION.tmpl
View File

@@ -35,7 +35,7 @@ $HOME/.ocis
For this configuration to be picked up, have a look at your extension `root` command and look for which default config name it has assigned. *i.e: ocis-accounts reads `accounts.json | yaml | toml ...`*.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/ocis.yml`, `${HOME}/.ocis/ocis.yml` or `$(pwd)/config/ocis.yml`.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/accounts/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/ocis.yml`, `${HOME}/.ocis/ocis.yml` or `$(pwd)/config/ocis.yml`.
### Environment variables

4
accounts/ui/tests/acceptance/features/accounts.feature
View File

@@ -4,7 +4,7 @@ Feature: Accounts
Given user "Moss" has logged in using the webUI
When the user browses to the accounts page
Then user "einstein" should be displayed in the accounts list on the WebUI
And user "konnectd" should be displayed in the accounts list on the WebUI
And user "idp" should be displayed in the accounts list on the WebUI
And user "marie" should be displayed in the accounts list on the WebUI
And user "reva" should be displayed in the accounts list on the WebUI
And user "richard" should be displayed in the accounts list on the WebUI
@@ -72,4 +72,4 @@ Feature: Accounts
Given user "Moss" has logged in using the webUI
And the user browses to the accounts page
When the user deletes user "bob" using the WebUI
Then user "bob" should not be displayed in the accounts list on the WebUI
Then user "bob" should not be displayed in the accounts list on the WebUI

665
accounts/yarn.lock
View File

File diff suppressed because it is too large Load Diff

4
changelog/1.0.0_2020-12-17/user-agent-challenge-lock-in.md
View File

@@ -4,7 +4,7 @@ Tags: reva, proxy
We now comply with HTTP spec by adding Www-Authenticate headers on every `401` request. Furthermore, we not only take care of such a thing at the Proxy but also Reva will take care of it. In addition, we now are able to lock-in a set of User-Agent to specific challenges.
Admins can use this feature by configuring OCIS + Reva following this approach:
Admins can use this feature by configuring oCIS + Reva following this approach:
```
STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT="mirall:basic, Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0:bearer" \
@@ -15,6 +15,6 @@ go run cmd/ocis/main.go server
We introduced two new environment variables:
`STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT` as well as `PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT`, The reason they have the same value is not to rely on the os env on a distributed environment, so in redundancy we trust. They both configure the same on the backend storage and OCIS Proxy.
`STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT` as well as `PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT`, The reason they have the same value is not to rely on the os env on a distributed environment, so in redundancy we trust. They both configure the same on the backend storage and oCIS Proxy.
https://github.com/owncloud/ocis/pull/1009

4
changelog/unreleased/add-ocis-url-env.md → changelog/1.1.0_2021-01-22/add-ocis-url-env.md
View File

@@ -10,8 +10,8 @@ Some environment variables are now built dynamically if they are not set:
Furthermore, the built in konnectd will generate an `identifier-registration.yaml` that uses the `KONNECTD_ISS` in the allowed `redirect_uris` and `origins`. It simplifies the default `https://localhost:9200` and remote deployment with `OCIS_URL` which is evaluated as a fallback if `KONNECTD_ISS` is not set.
An OCIS server can now be started on a remote machine as easy as `OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server`.
An oCIS server can now be started on a remote machine as easy as `OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server`.
Note that the `OCIS_DOMAIN` environment variable is not used by ocis, but by the docker containers.
Note that the `OCIS_DOMAIN` environment variable is not used by oCIS, but by the docker containers.
https://github.com/owncloud/ocis/pull/1148

0
changelog/unreleased/disable-pretty-log.md → changelog/1.1.0_2021-01-22/disable-pretty-log.md
View File

0
changelog/unreleased/docker_image_volume.md → changelog/1.1.0_2021-01-22/docker_image_volume.md
View File

0
changelog/unreleased/expose-docker-image → changelog/1.1.0_2021-01-22/expose-docker-image
View File

0
changelog/unreleased/generate-secure-state.md → changelog/1.1.0_2021-01-22/generate-secure-state.md
View File

2
changelog/unreleased/move-k6.md → changelog/1.1.0_2021-01-22/move-k6.md
View File

@@ -2,7 +2,7 @@ Change: Move k6 to cdperf
Tags: performance, testing, k6
The ownCloud performance tests can not only be used to test ocis.
The ownCloud performance tests can not only be used to test oCIS.
This is why we have decided to move the k6 tests to https://github.com/owncloud/cdperf
https://github.com/owncloud/ocis/pull/1358

0
changelog/unreleased/roles-cache.md → changelog/1.1.0_2021-01-22/roles-cache.md
View File

0
changelog/unreleased/sync-package.md → changelog/1.1.0_2021-01-22/sync-package.md
View File

0
changelog/unreleased/update-go-115.md → changelog/1.1.0_2021-01-22/update-go-115.md
View File

76
changelog/1.1.0_2021-01-22/update-reva-to-1.5.1.md Normal file
View File

@@ -0,0 +1,76 @@
Enhancement: Update reva to v1.5.1
Summary
-------
* Fix #1401: Use the user in request for deciding the layout for non-home DAV requests
* Fix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
* Fix #1399: Fix ocis trash-bin purge
* Enh #1397: Bump the Copyright date to 2021
* Enh #1398: Support site authorization status in Mentix
* Enh #1393: Allow setting favorites, mtime and a temporary etag
* Enh #1403: Support remote cloud gathering metrics
Details
-------
* Bugfix #1401: Use the user in request for deciding the layout for non-home DAV requests
For the incoming /dav/files/userID requests, we have different namespaces depending on
whether the request is for the logged-in user's namespace or not. Since in the storage drivers,
we specify the layout depending only on the user whose resources are to be accessed, this fails
when a user wants to access another user's namespace when the storage provider depends on the
logged in user's namespace. This PR fixes that.
For example, consider the following case. The owncloud fs uses a layout {{substr 0 1
.Id.OpaqueId}}/{{.Id.OpaqueId}}. The user einstein sends a request to access a resource
shared with him, say /dav/files/marie/abcd, which should be allowed. However, based on the
way we applied the layout, there's no way in which this can be translated to /m/marie/.
https://github.com/cs3org/reva/pull/1401
* Bugfix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
And git SHA to the release tool.
https://github.com/cs3org/reva/pull/1413
* Bugfix #1399: Fix ocis trash-bin purge
Fixes the empty trash-bin functionality for ocis-storage
https://github.com/owncloud/product/issues/254
https://github.com/cs3org/reva/pull/1399
* Enhancement #1397: Bump the Copyright date to 2021
https://github.com/cs3org/reva/pull/1397
* Enhancement #1398: Support site authorization status in Mentix
This enhancement adds support for a site authorization status to Mentix. This way, sites
registered via a web app can now be excluded until authorized manually by an administrator.
Furthermore, Mentix now sets the scheme for Prometheus targets. This allows us to also support
monitoring of sites that do not support the default HTTPS scheme.
https://github.com/cs3org/reva/pull/1398
* Enhancement #1393: Allow setting favorites, mtime and a temporary etag
We now let the oCIS driver persist favorites, set temporary etags and the mtime as arbitrary
metadata.
https://github.com/owncloud/ocis/issues/567
https://github.com/cs3org/reva/issues/1394
https://github.com/cs3org/reva/pull/1393
* Enhancement #1403: Support remote cloud gathering metrics
The current metrics package can only gather metrics either from json files. With this feature,
the metrics can be gathered polling the http endpoints exposed by the owncloud/nextcloud
sciencemesh apps.
https://github.com/cs3org/reva/pull/1403
https://github.com/owncloud/ocis/pull/1372

0
changelog/unreleased/update-reva-to-f2b63bfd.md → changelog/1.1.0_2021-01-22/update-reva-to-f2b63bfd.md
View File

0
changelog/unreleased/update-web-1.0.1.md → changelog/1.1.0_2021-01-22/update-web-1.0.1.md
View File

6
changelog/reva-update-2020-11-26.md
View File

@@ -1,6 +0,0 @@
Enhancement: Update reva to v1.4.1-0.20201125172625-a5ab834a565d
Mostly to bring fixes to pressing changes.
https://github.com/cs3org/reva/pull/1320
https://github.com/cs3org/reva/pull/1338

3
changelog/unreleased/account-roles-fix.md Normal file
View File

@@ -0,0 +1,3 @@
Bugfix: Check if roles are present in user object before looking those up
https://github.com/owncloud/ocis/pull/1388

4
changelog/unreleased/default-upload-protocol.md Normal file
View File

@@ -0,0 +1,4 @@
Enhancement: Use a default protocol parameter instead of explicitly disabling tus
https://github.com/cs3org/reva/pull/1331
https://github.com/owncloud/ocis/pull/1374

5
changelog/unreleased/fix-etcd-address-conf.md Normal file
View File

@@ -0,0 +1,5 @@
Bugfix: Fix etcd address configuration
The etcd server address in `MICRO_REGISTRY_ADDRESS` was not picked up when etcd was set as service discovery registry `MICRO_REGISTRY=etcd`. Therefore etcd was only working if available on localhost / 127.0.0.1.
https://github.com/owncloud/ocis/pull/1546

11
changelog/unreleased/home-mapping.md Normal file
View File

@@ -0,0 +1,11 @@
Enhancement: Functionality to map home directory to different storage providers
We added a parameter in reva that allows us to redirect /home requests to
different storage providers based on a mapping derived from the user attributes,
which was previously not possible since we hardcode the /home path for all
users. For example, having its value as `/home/{{substr 0 1 .Username}}` can be
used to redirect home requests for different users to different storage
providers.
https://github.com/owncloud/ocis/pull/1186
https://github.com/cs3org/reva/pull/1142

7
changelog/unreleased/move-pman-to-ocis.md Normal file
View File

@@ -0,0 +1,7 @@
Change: Move runtime code on refs/pman over to owncloud/ocis/ocis
Tags: ocis, runtime
Currently, the runtime is under the private account of an oCIS developer. For future-proofing we don't want oCIS mission critical components to depend on external repositories, so we're including refs/pman module as an oCIS package instead.
https://github.com/owncloud/ocis/pull/1483

12
changelog/unreleased/update-reva-to-0c10b333.md Normal file
View File

@@ -0,0 +1,12 @@
Enhancement: Update reva to v1.5.2-0.20210125114636-0c10b333ee69
* initial checksum support for ocis [cs3org/reva#1400](https://github.com/cs3org/reva/pull/1400)
* Use updated etag of home directory even if it is cached [cs3org/reva#1416](https://github.com/cs3org/reva/pull/#1416)
* Indicate in EOS containers that TUS is not supported [cs3org/reva#1415](https://github.com/cs3org/reva/pull/#1415)
* Get status code from recycle response [cs3org/reva#1408](https://github.com/cs3org/reva/pull/#1408)
https://github.com/owncloud/ocis/pull/1482
https://github.com/cs3org/reva/pull/1400
https://github.com/cs3org/reva/pull/1416
https://github.com/cs3org/reva/pull/1415
https://github.com/cs3org/reva/pull/1408

39
deployments/continuous-deployment-config/cs3_users_ocis/latest.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: continuous-deployment-ocis-cs3-users-latest
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-cs3-users.latest.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/cs3_users_ocis
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-cs3-users.latest.owncloud.works
LDAP_MANAGER_DOMAIN: ldap.ocis-keycloak.released.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-cs3-users.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-cs3-users-latest

39
deployments/continuous-deployment-config/cs3_users_ocis/released.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: continuous-deployment-ocis-cs3-users-released
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-cs3-users.released.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/cs3_users_ocis
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: 1
OCIS_DOMAIN: ocis.ocis-cs3-users.released.owncloud.works
LDAP_MANAGER_DOMAIN: ldap.ocis-keycloak.released.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.released.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-cs3-users.released.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-cs3-users-released

39
deployments/continuous-deployment-config/ocis_keycloak/latest.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: continuous-deployment-ocis-keycloak-latest
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-keycloak.latest.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_keycloak
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-keycloak.latest.owncloud.works
KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.latest.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-keycloak.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-keycloak.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-latest

39
deployments/continuous-deployment-config/ocis_keycloak/released.yml Normal file
View File

@@ -0,0 +1,39 @@
---
- name: continuous-deployment-ocis-keycloak-released
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-keycloak.released.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_keycloak
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: 1
OCIS_DOMAIN: ocis.ocis-keycloak.released.owncloud.works
KEYCLOAK_DOMAIN: keycloak.ocis-keycloak.latest.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-keycloak.released.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-keycloak.released.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-keycloak-released

38
deployments/continuous-deployment-config/ocis_traefik/latest.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- name: continuous-deployment-ocis-traefik-latest
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-traefik.latest.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_traefik
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: latest
OCIS_DOMAIN: ocis.ocis-traefik.latest.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.latest.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-traefik.latest.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-traefik-latest

38
deployments/continuous-deployment-config/ocis_traefik/released.yml Normal file
View File

@@ -0,0 +1,38 @@
---
- name: continuous-deployment-ocis-traefik-released
server:
server_type: cx21
image: ubuntu-20.04
location: nbg1
initial_ssh_key_names:
- owncloud-ocis@drone.owncloud.com
labels:
owner: wkloucek
for: oCIS-continuous-deployment-examples
rebuild: $REBUILD
domains:
- "*.ocis-traefik.released.owncloud.works"
vars:
docker_compose_projects:
- name: ocis
git_url: https://github.com/owncloud/ocis.git
ref: master
docker_compose_path: deployments/examples/ocis_traefik
env:
INSECURE: "false"
TRAEFIK_ACME_MAIL: wkloucek@owncloud.com
OCIS_DOCKER_TAG: 1
OCIS_DOMAIN: ocis.ocis-traefik.released.owncloud.works
COMPOSE_FILE: docker-compose.yml:monitoring_tracing/docker-compose-additions.yml
- name: monitoring
git_url: https://github.com/owncloud-devops/monitoring-tracing-client.git
ref: master
env:
NETWORK_NAME: ocis-net
TELEMETRY_SERVE_DOMAIN: telemetry.ocis-traefik.released.owncloud.works
JAEGER_COLLECTOR: jaeger-collector.infra.owncloud.works:443
TELEGRAF_SPECIFIC_CONFIG: ocis_single_container
OCIS_URL: ocis.ocis-traefik.released.owncloud.works
OCIS_DEPLOYMENT_ID: continuous-deployment-ocis-traefik-released

2
deployments/examples/cs3_users_ocis/.env
View File

@@ -3,6 +3,8 @@
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"

23
deployments/examples/cs3_users_ocis/docker-compose.yaml → deployments/examples/cs3_users_ocis/docker-compose.yml
View File

@@ -5,7 +5,7 @@ services:
traefik:
image: "traefik:v2.3"
networks:
default:
ocis-net:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
command:
@@ -26,7 +26,7 @@ services:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
@@ -38,10 +38,14 @@ services:
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
ocis-net:
depends_on:
- ldap-server
environment:
@@ -66,7 +70,7 @@ services:
STORAGE_LDAP_ATTRIBUTEFILTER: '(&(objectclass=owncloud)({{attr}}={{value}}))'
STORAGE_LDAP_FINDFILTER: '(&(objectclass=owncloud)(|(uid={{query}}*)(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)(description={{query}}*)))'
STORAGE_LDAP_GROUPFILTER: '(&(objectclass=groupOfUniqueNames)(objectclass=owncloud)(ownclouduuid={{.OpaqueId}}*))'
# General ocis config
# General oCIS config
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_OIDC_INSECURE: "${INSECURE:-false}" # needed if Traefik is using self generated certificates
@@ -86,10 +90,14 @@ services:
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.http.services.ocis.loadbalancer.server.scheme=https"
logging:
driver: "local"
restart: always
ldap-server:
image: osixia/openldap:latest
networks:
ocis-net:
command: --copy-service --loglevel debug
environment:
LDAP_TLS_VERIFY_CLIENT: never
@@ -103,10 +111,14 @@ services:
- "127.0.0.1:636:636"
volumes:
- ./config/ldap/ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom
logging:
driver: "local"
restart: always
ldap-manager:
image: osixia/phpldapadmin:0.9.0
networks:
ocis-net:
environment:
PHPLDAPADMIN_LDAP_HOSTS: ldap-server
PHPLDAPADMIN_HTTPS: "false"
@@ -122,8 +134,13 @@ services:
- "traefik.http.routers.ldap-manager-secure.tls.certresolver=http"
- "traefik.http.routers.ldap-manager-secure.service=ldap-manager"
- "traefik.http.services.ldap-manager.loadbalancer.server.port=80"
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-data:
networks:
ocis-net:

4
deployments/examples/ocis_keycloak/.env
View File

@@ -3,6 +3,8 @@
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
@@ -21,7 +23,7 @@ OCIS_OIDC_CLIENT_ID=
### Keycloak ###
# Domain of Keycloak, where you can find the managment and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "master"
# Realm which to be used with oCIS. Defaults to "oCIS"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=

62
deployments/examples/ocis_keycloak/config/keycloak/clients/android_app.json Normal file
View File

@@ -0,0 +1,62 @@
{
"clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD",
"name": "ownCloud Android app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD",
"redirectUris": [
"oc://android.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

62
deployments/examples/ocis_keycloak/config/keycloak/clients/desktop_client.json Normal file
View File

@@ -0,0 +1,62 @@
{
"clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69",
"name": "ownCloud desktop client",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh",
"redirectUris": [
"http://localhost:*"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

63
deployments/examples/ocis_keycloak/config/keycloak/clients/ios_app.json Normal file
View File

@@ -0,0 +1,63 @@
{
"clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1",
"name": "ownCloud iOS app",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"secret" : "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx",
"redirectUris": [
"oc://ios.owncloud.com",
"oc.ios://ios.owncloud.com"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

64
deployments/examples/ocis_keycloak/config/keycloak/clients/web.json Normal file
View File

@@ -0,0 +1,64 @@
{
"clientId": "web",
"rootUrl": "https://ocis.owncloud.test",
"adminUrl": "https://ocis.owncloud.test",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://ocis.owncloud.test/*"
],
"webOrigins": [
"https://ocis.owncloud.test"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": false,
"publicClient": true,
"frontchannelLogout": false,
"protocol": "openid-connect",
"attributes": {
"saml.assertion.signature": "false",
"saml.force.post.binding": "false",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"backchannel.logout.revoke.offline.tokens": "false",
"saml.server.signature": "false",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"backchannel.logout.session.required": "true",
"client_credentials.use_refresh_token": "false",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "false",
"display.on.consent.screen": "false",
"saml.onetimeuse.condition": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

1982
deployments/examples/ocis_keycloak/config/keycloak/ocis-realm.json Normal file
View File

File diff suppressed because it is too large Load Diff

40
deployments/examples/ocis_keycloak/docker-compose.yml
View File

@@ -5,7 +5,7 @@ services:
traefik:
image: "traefik:v2.3"
networks:
default:
ocis-net:
aliases:
- ${OCIS_DOMAIN:-ocis.owncloud.test}
- ${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
@@ -27,7 +27,7 @@ services:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
@@ -39,19 +39,21 @@ services:
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest}
networks:
default:
ocis-net:
environment:
# Keycloak IDP specific configuration
PROXY_AUTOPROVISION_ACCOUNTS: "true"
PROXY_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
WEB_OIDC_AUTHORITY: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}
PROXY_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS}
WEB_OIDC_AUTHORITY: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS}
WEB_OIDC_CLIENT_ID: ${OCIS_OIDC_CLIENT_ID:-web}
WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-master}/.well-known/openid-configuration
WEB_OIDC_METADATA_URL: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}/auth/realms/${KEYCLOAK_REALM:-oCIS}/.well-known/openid-configuration
STORAGE_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
STORAGE_LDAP_IDP: https://${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}
# general config
@@ -73,20 +75,30 @@ services:
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.http.services.ocis.loadbalancer.server.scheme=https"
logging:
driver: "local"
restart: always
postgres:
image: postgres:alpine
networks:
ocis-net:
volumes:
- keycloak_postgres_data:/var/lib/postgresql/data
environment:
POSTGRES_DB: keycloak
POSTGRES_USER: keycloak
POSTGRES_PASSWORD: keycloak
logging:
driver: "local"
restart: always
keycloak:
image: quay.io/keycloak/keycloak:latest
networks:
ocis-net:
volumes:
- ./config/keycloak/ocis-realm.json:/opt/jboss/keycloak/ocis-realm.json
environment:
DB_VENDOR: POSTGRES
DB_ADDR: postgres
@@ -97,6 +109,7 @@ services:
KEYCLOAK_USER: ${KEYCLOAK_ADMIN_USER:-admin}
KEYCLOAK_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
PROXY_ADDRESS_FORWARDING: "true"
KEYCLOAK_IMPORT: /opt/jboss/keycloak/ocis-realm.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.keycloak.entrypoints=http"
@@ -110,11 +123,26 @@ services:
- "traefik.http.routers.keycloak-secure.service=keycloak"
- "traefik.http.services.keycloak.loadbalancer.server.port=8080"
- "traefik.http.services.keycloak.loadbalancer.server.scheme=http"
# let /.well-known/openid-configuration be served by Keycloak
- "traefik.http.routers.idp-wellknown-secure.entrypoints=https"
- "traefik.http.routers.idp-wellknown-secure.tls=true"
- "traefik.http.routers.idp-wellknown-secure.tls.certresolver=http"
- "traefik.http.routers.idp-wellknown-secure.rule=Host(`${OCIS_DOMAIN:-ocis.owncloud.test}`) && Path(`/.well-known/openid-configuration`)"
- "traefik.http.middlewares.idp-headers.headers.customrequestheaders.X-Forwarded-Host=${KEYCLOAK_DOMAIN:-keycloak.owncloud.test}"
- "traefik.http.middlewares.idp-prefix.addprefix.prefix=/auth/realms/${KEYCLOAK_REALM:-oCIS}"
- "traefik.http.middlewares.idp-override.chain.middlewares=idp-headers,idp-prefix"
- "traefik.http.routers.idp-wellknown-secure.middlewares=idp-override"
- "traefik.http.routers.idp-wellknown-secure.service=keycloak"
depends_on:
- postgres
logging:
driver: "local"
restart: always
volumes:
certs:
ocis-data:
keycloak_postgres_data:
networks:
ocis-net:

10
deployments/examples/ocis_keycloak/keycloak-export.sh Normal file
View File

@@ -0,0 +1,10 @@
#! /bin/bash
docker-compose exec keycloak \
sh -c "cd /opt/jboss/keycloak && \
timeout 60 bin/standalone.sh \
-Djboss.httin/standalone.sh \
-Djboss.socket.binding.port-offset=100 \
-Dkeycloak.migration.action=export \
-Dkeycloak.migration.provider=singleFile \
-Dkeycloak.migration.realmName=oCIS \
-Dkeycloak.migration.file=ocis-realm.json"

2
deployments/examples/ocis_traefik/.env
View File

@@ -3,6 +3,8 @@
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"

6
deployments/examples/ocis_traefik/docker-compose.yml
View File

@@ -26,7 +26,7 @@ services:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
@@ -38,6 +38,8 @@ services:
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
@@ -63,6 +65,8 @@ services:
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.http.services.ocis.loadbalancer.server.scheme=https"
logging:
driver: "local"
restart: always
volumes:

2
deployments/examples/owncloud10_with_oc_web/.env
View File

@@ -3,6 +3,8 @@
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"

22
deployments/examples/owncloud10_with_oc_web/docker-compose.yml
View File

@@ -26,7 +26,7 @@ services:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "certs:/certs"
labels:
- "traefik.enable=true"
- "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.owncloud.test}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$apr1$4vqie50r$YQAmQdtmz5n9rEALhxJ4l.}" # defaults to admin:admin
@@ -38,6 +38,8 @@ services:
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=http"
- "traefik.http.routers.traefik-secure.service=api@internal"
logging:
driver: "local"
restart: always
ocis:
@@ -72,11 +74,11 @@ services:
PROXY_CONFIG_FILE: "/config/proxy-config.json"
PROXY_ENABLE_PRESIGNEDURLS: "false"
PROXY_TLS: "false"
# konnectd - binddn must exist as oc10 admin user
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
KONNECTD_INSECURE: "${INSECURE:-false}"
KONNECTD_SIGNING_KID: super
KONNECTD_TLS: 0
# idp - binddn must exist as oc10 admin user
IDP_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yaml"
IDP_INSECURE: "${INSECURE:-false}"
IDP_SIGNING_KID: super
IDP_TLS: 0
LDAP_BASEDN: "dc=example,dc=org"
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
@@ -114,6 +116,8 @@ services:
- "traefik.http.routers.ocis-secure.tls.certresolver=http"
- "traefik.http.routers.ocis-secure.service=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
logging:
driver: "local"
restart: always
oc10:
@@ -156,6 +160,8 @@ services:
- "traefik.http.routers.oc10-secure.tls.certresolver=http"
- "traefik.http.routers.oc10-secure.service=oc10"
- "traefik.http.services.oc10.loadbalancer.server.port=8080"
logging:
driver: "local"
restart: always
db:
@@ -175,6 +181,8 @@ services:
volumes:
- mysql:/var/lib/mysql
- backup:/var/lib/backup
logging:
driver: "local"
restart: always
redis:
@@ -183,6 +191,8 @@ services:
- REDIS_DATABASES=1
volumes:
- redis:/var/lib/redis
logging:
driver: "local"
restart: always

2
docs/Makefile
View File

@@ -3,7 +3,7 @@ SHELL := bash
OCIS_MODULES = \
accounts \
glauth \
konnectd \
idp \
ocis \
ocs \
ocis-pkg \

6
docs/_index.md
View File

@@ -22,14 +22,14 @@ Welcome to our developer documentation. Here you can find developer documentatio
The oCIS server is Apache v2 licensed.
The lower storage layer of oCIS is defined by the CS3 APIs and implemented in the REVA project. Our goal is to develop the CS3 APIs to an open standard and collaborate on the open source REVA reference implementation for CS3 APIs.
You can also find all client sources on github.
You can also find all client sources on GitHub.
## Join us
The oCIS server repository on github is a good entry point for you to join the project. But we also develop clients for iOS, Android, Desktop and Web.
The oCIS server repository on GitHub is a good entry point for you to join the project. But we also develop clients for iOS, Android, Desktop and Web.
For communication on development you can join our public chat [talk.owncloud.com](https://talk.owncloud.com)
If you want to help and improve ownCloud or oCIS, start coding or open issues on github in the related repository.
If you want to help and improve ownCloud or oCIS, start coding or open issues on GitHub in the related repository.
We are very happy to hear your feedback and ideas!

2
docs/extensions/glauth/_index.md
View File

@@ -8,6 +8,6 @@ geekdocFilePath: _index.md
geekdocCollapseSection: true
---
This service provides a [glauth](https://github.com/glauth/glauth) based LDAP proxy for ocis which can be used by clients or other extensions. It allows applications relying on LDAP to access the accounts stored in the ocis accounts service. It can be used to make firewalls or identity providers aware of all users, including guest accounts.
This service provides a [glauth](https://github.com/glauth/glauth) based LDAP proxy for oCIS which can be used by clients or other extensions. It allows applications relying on LDAP to access the accounts stored in the oCIS accounts service. It can be used to make firewalls or identity providers aware of all users, including guest accounts.
We are using it to make eos aware of all accounts so the native ACLs can be used to persist share information in the storage.

0
docs/extensions/konnectd/.gitignore → docs/extensions/idp/.gitignore vendored
View File

4
docs/extensions/konnectd/_index.md → docs/extensions/idp/_index.md
View File

@@ -1,8 +1,8 @@
---
title: Konnectd
title: IDP
weight: 20
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/extensions/konnectd
geekdocEditPath: edit/master/docs/extensions/idp
geekdocFilePath: _index.md
geekdocCollapseSection: true
---

2
docs/extensions/onlyoffice/getting-started.md
View File

@@ -168,7 +168,7 @@ If you prefer to configure the service with commandline flags you can see the av
### Configuration file
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/onlyoffice/tree/master/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/onlyoffice.yml`, `${HOME}/.ocis/onlyoffice.yml` or `$(pwd)/config/onlyoffice.yml`.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/onlyoffice/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/onlyoffice.yml`, `${HOME}/.ocis/onlyoffice.yml` or `$(pwd)/config/onlyoffice.yml`.
## Usage

2
docs/extensions/settings/glossary.md
View File

@@ -39,4 +39,4 @@ In the context of this extension and oCIS in general, we are using the following
- Manifestation of a setting for a specific user
- E.g. used for customization (at runtime) in `ocis-web`
- `ocis-web-settings` extension for modifying settings values is provided by this service
- Can be queried and modified by other ocis extensions
- Can be queried and modified by other oCIS extensions

4
docs/extensions/storage/_index.md
View File

@@ -8,7 +8,7 @@ geekdocFilePath: _index.md
geekdocCollapseSection: true
---
This service provides an ocis extension that wraps [reva](https://github.com/cs3org/reva/) and adds an opinionated configuration to it.
This service provides an oCIS extension that wraps [reva](https://github.com/cs3org/reva/) and adds an opinionated configuration to it.
It uses the port range 9140-9179 to preconfigure several services.
@@ -43,4 +43,4 @@ It uses the port range 9140-9179 to preconfigure several services.
| 9165 | storage oc data debug |
| 9166-9177 | reserved for s3, wnd, custom + data providers |
| 9178 | storage public link |
| 9179 | storage public link data |
| 9179 | storage public link data |

4
docs/extensions/storage/storages.md
View File

@@ -13,11 +13,11 @@ geekdocFilePath: storages.md
## Storage providers
To manage the file tree ocis uses storage *storage providers* that are accessing the underlying storage using a *storage driver*. The driver can be used to change the implementation of a storage aspect to better reflect the actual underlying storage capabilities. As an example a move operation on a POSIX filesystem ([theoretically](https://danluu.com/deconstruct-files/)) is an atomic operation. When trying to implement a file tree on top of S3 there is no native move operation that can be used. A naive implementation might fall back on a COPY and DELETE. Some S3 implementations provide a COPY operation that uses an existing key as the source, so the file at least does not need to be reuploaded. In the worst case scenario, which is renaming a folder with hundreds of thousands of objects, a reupload for every file has to be made. Instead of hiding this complexity a better choice might be to disable renaming of files or at least folders on S3. There are however implementations of filesystems on top of S3 that store the tree metadata in dedicated objects or use a completely different persistence mechanism like a distributed key value store to implement the file tree aspect of a storage.
To manage the file tree oCIS uses *storage providers* that are accessing the underlying storage using a *storage driver*. The driver can be used to change the implementation of a storage aspect to better reflect the actual underlying storage capabilities. As an example a move operation on a POSIX filesystem ([theoretically](https://danluu.com/deconstruct-files/)) is an atomic operation. When trying to implement a file tree on top of S3 there is no native move operation that can be used. A naive implementation might fall back on a COPY and DELETE. Some S3 implementations provide a COPY operation that uses an existing key as the source, so the file at least does not need to be reuploaded. In the worst case scenario, which is renaming a folder with hundreds of thousands of objects, a reupload for every file has to be made. Instead of hiding this complexity a better choice might be to disable renaming of files or at least folders on S3. There are however implementations of filesystems on top of S3 that store the tree metadata in dedicated objects or use a completely different persistence mechanism like a distributed key value store to implement the file tree aspect of a storage.
{{< hint info >}}
While the *storage provider* is responsible for managing the tree, file up and download is delegated to a dedicated *data provider*. See below.
While the *storage provider* is responsible for managing the tree, file up- and downloads are delegated to a dedicated *data provider*. See below.
{{< /hint >}}
## Storage aspects

4
docs/ocis/_index.md
View File

@@ -24,9 +24,9 @@ We run a huge [test suite](https://github.com/owncloud/core/tree/master/tests),
{{< mermaid class="text-center">}}
graph TD
proxy -->
konnectd & web & thumbnails & ocs & webdav & storage & accounts & store & settings
idp & web & thumbnails & ocs & webdav & storage & accounts & store & settings
konnectd --> glauth
idp --> glauth
storage --> REVA

21
docs/ocis/deployment/basic-remote-setup.md
View File

@@ -9,13 +9,13 @@ geekdocFilePath: basic-remote-setup.md
{{< toc >}}
Out of the box the ocis single binary and the `owncloud/ocis` docker image are configured to run on localhost for quick testing and development.
Out of the box the oCIS single binary and the `owncloud/ocis` docker image are configured to run on localhost for quick testing and development.
If you need to access ocis on a VM or a remote machine e.g. when testing a mobile client you need to configure ocis to run on a different host.
If you need to access oCIS on a VM or a remote machine e.g. when testing a mobile client you need to configure oCIS to run on a different host.
## Use the binary
If you start the ocis fullstack for the first time with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder relative to its location. This file is used to configure the clients for the built-in Identity Provider.
If you start the oCIS fullstack for the first time with `./bin/ocis server` it will generate a file `identifier-registration.yml` in the config folder relative to its location. This file is used to configure the clients for the built-in Identity Provider.
{{< hint warning >}}
**Outdated version**\
@@ -52,24 +52,31 @@ clients:
In this example we do not change the default port (`9200`). But this could be changed to another port.
### Start the ocis fullstack server
### Start the oCIS fullstack server
You need to configure `your-host` in some services to provide the needed public resources.
This snippet will start the oCIS server with auto generated self signed certificates:
```bash
PROXY_HTTP_ADDR=0.0.0.0:9200 \
OCIS_URL=https://your-server:9200 \
KONNECTD_TLS=0 \
PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
KONNECTD_TLS=0 \
IDP_TLS=0 \
./bin/ocis server
```
For more configuration options check the configuration section in [ocis](https://owncloud.github.io/ocis/configuration/) and every ocis extension.
For more configuration options check the configuration section in [ocis](https://owncloud.github.io/ocis/configuration/) and every oCIS extension.
{{< hint info >}}
**TLS Certificate**\
In this example, we are replacing the default self-signed cert with a CA signed one to avoid the certificate warning when accessing the login page.
If you have a CA signed certificate for your domain, add the following configurations:
```
PROXY_TRANSPORT_TLS_KEY=./certs/your-host.key \
PROXY_TRANSPORT_TLS_CERT=./certs/your-host.crt \
```
{{< /hint >}}
## Use Docker Compose

26
docs/ocis/deployment/bridge.md
View File

@@ -101,7 +101,7 @@ Groups should work as well:
$ ldapsearch -x -H ldap://localhost:9125 -b dc=example,dc=com -D "cn=admin,dc=example,dc=com" -W '(objectclass=posixgroup)'
```
> Note: This is currently a readonly implementation and minimal to the usecase of authenticating users with konnectd.
> Note: This is currently a readonly implementation and minimal to the usecase of authenticating users with idp.
### Start ocis-web
@@ -124,21 +124,21 @@ $ bin/web server --web-config-server https://cloud.example.com --oidc-authority
`ocis-web` needs to know
- `--web-config-server https://cloud.example.com` is ownCloud url with webdav and ocs endpoints (oc10 or ocis)
- `--oidc-authority https://192.168.1.100:9130` the openid connect issuing authority, in our case `oidc-konnectd`, running on port 9130
- `--oidc-authority https://192.168.1.100:9130` the openid connect issuing authority, in our case `oidc-idp`, running on port 9130
- `--oidc-metadata-url https://192.168.1.100:9130/.well-known/openid-configuration` the openid connect configuration endpoint, typically the issuer host with `.well-known/openid-configuration`, but there are cases when another endpoint is used, eg. ping identity provides multiple endpoints to separate domains
- `--oidc-client-id ocis` the client id we will register later with `ocis-konnectd` in the `identifier-registration.yaml`
- `--oidc-client-id ocis` the client id we will register later with `ocis-idp` in the `identifier-registration.yaml`
### Start ocis-konnectd
### Start ocis-idp
#### Get it!
In an `ocis` folder
```
$ git clone git@github.com:owncloud/ocis-konnectd.git
$ cd ocis-konnectd
$ git clone git@github.com:owncloud/ocis-idp.git
$ cd ocis-idp
$ make
```
This should give you a `bin/ocis-konnectd` binary. Try listing the help with `bin/ocis-konnectd --help`.
This should give you a `bin/ocis-idp` binary. Try listing the help with `bin/ocis-idp --help`.
#### Set environment variables
@@ -183,12 +183,12 @@ Replace `localhost:9100` in the redirect URIs with your `ocis-web` host and port
#### Run it!
You can now bring up `ocis-konnectd` with:
You can now bring up `ocis-idp` with:
```console
$ bin/ocis-konnectd server --iss https://192.168.1.100:9130 --identifier-registration-conf assets/identifier-registration.yaml --signing-kid gen1-2020-02-27
$ bin/ocis-idp server --iss https://192.168.1.100:9130 --identifier-registration-conf assets/identifier-registration.yaml --signing-kid gen1-2020-02-27
```
`ocis-konnectd` needs to know
`ocis-idp` needs to know
- `--iss https://192.168.1.100:9130` the issuer, which must be a reachable https endpoint. For testing an ip works. HTTPS is NOT optional. This url is exposed in the `https://192.168.1.100:9130/.well-known/openid-configuration` endpoint and clients need to be able to connect to it
- `--identifier-registration-conf assets/identifier-registration.yaml` the identifier-registration.yaml you created
- `--signing-kid gen1-2020-02-27` a signature key id, otherwise the jwks key has no name, which might cause problems with clients. a random key is ok, but it should change when the actual signing key changes.
@@ -203,7 +203,7 @@ $ curl https://192.168.1.100:9130/.well-known/openid-configuration
2. Check if the login works at https://192.168.1.100:9130/signin/v1/identifier
> Note: If you later get a `Unable to find a key for (algorithm, kid):PS256, )` Error make sure you did set a `--signing-kid` when starting `ocis-konnectd` by checking it is present in https://192.168.1.100:9130/konnect/v1/jwks.json
> Note: If you later get a `Unable to find a key for (algorithm, kid):PS256, )` Error make sure you did set a `--signing-kid` when starting `ocis-idp` by checking it is present in https://192.168.1.100:9130/konnect/v1/jwks.json
### Patch owncloud
@@ -241,7 +241,7 @@ $CONFIG = [
```
In the above configuration replace
- `provider-url` with the URL to your `ocis-konnectd` issuer
- `provider-url` with the URL to your `ocis-idp` issuer
- `https://cloud.example.com` with the URL to your ownCloud 10 instance
- `http://localhost:9100` with the URL to your ownCloud Web instance
@@ -251,4 +251,4 @@ In the above configuration replace
Aside from the above todos these are the next steps
- tie it all together behind `ocis-proxy`
- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured `ocis-konnectd` `identifier-registration.yaml` file for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.
- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured `ocis-idp` `identifier-registration.yaml` file for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.

23
docs/ocis/deployment/ocis_keycloak.md
View File

@@ -19,7 +19,7 @@ geekdocFilePath: ocis_keycloak.md
The docker stack consists 4 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
Keykloak add two containers: Keycloak itself and a PostgreSQL as database. Keycloak will be configured as oCIS' IDP instead of the internal IDP [Konnectd]({{< ref "../../extensions/konnectd/_index.md" >}})
Keykloak add two containers: Keycloak itself and a PostgreSQL as database. Keycloak will be configured as oCIS' IDP instead of the internal IDP [Konnectd]({{< ref "../../extensions/idp/_index.md" >}})
The other container is oCIS itself running all extensions in one container. In this example oCIS uses [oCIS storage driver]({{< ref "../../extensions/storage/storages.md#storage-drivers" >}})
@@ -54,6 +54,8 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
@@ -72,7 +74,7 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
### Keycloak ###
# Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"
KEYCLOAK_DOMAIN=
# Realm which to be used with oCIS. Defaults to "master"
# Realm which to be used with oCIS. Defaults to "oCIS"
KEYCLOAK_REALM=
# Admin user login name. Defaults to "admin"
KEYCLOAK_ADMIN_USER=
@@ -83,13 +85,13 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
Set your domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).
Traefik will issue certificates with LetsEncrypt and therefore you must set an email address in `TRAEFIK_ACME_MAIL=`.
By default ocis will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
By default oCIS will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OCIS_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, eg. `OCIS_DOMAIN=ocis.owncloud.test`.
@@ -97,7 +99,7 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
Set your domain for the Keycloak administration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` eg. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`.
Changing the used Keycloak realm can be done by setting `KEYCLOAK_REALM=`. This defaults to the master realm `KEYCLOAK_REALM=master`.
Changing the used Keycloak realm can be done by setting `KEYCLOAK_REALM=`. This defaults to the oCIS realm `KEYCLOAK_REALM=oCIS`. The oCIS realm will be automatically imported on startup and includes our demo users.
You probably should secure your Keycloak admin account by setting `KEYCLOAK_ADMIN_USER=` and `KEYCLOAK_ADMIN_PASSWORD=` to values other than `admin`.
@@ -107,11 +109,7 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
`docker-compose up -d`
* Visit the Keycloak administration console on your configured domain. Go to clients settings and add a client. The client id is `ocis-web` or the one you changed it to. The client protocol is openid-connect. The root url for the client is the url you selected for oCIS. Then save the client.
* You may also add users to Keycloak
* You now can visit oCIS and Traefik dashboard on your configured domains
* You now can visit oCIS, Keycloak and Traefik dashboard on your configured domains
## Local setup
For a more simple local ocis setup see [Getting started]({{< ref "../getting-started.md" >}})
@@ -130,8 +128,5 @@ After that you're ready to start the application stack:
`docker-compose up -d`
Open https://keycloak.owncloud.test in your browser and accept the invalid certificate warning.
Go to clients settings and add a client. The client id is `ocis-web` or the one you changed it to. The client protocol is openid-connect. THe root url for the client is `https://ocis.owncloud.test`. Then save the client.
* You may also add users to Keycloak
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the admin user of keycloak and additional users you created.
Open https://ocis.owncloud.test in your browser and accept the invalid certificate warning. You now can login to oCIS with the demo users.

6
docs/ocis/deployment/ocis_traefik.md
View File

@@ -18,7 +18,7 @@ geekdocFilePath: ocis_traefik.md
The docker stack consists of two containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
The other one is oCIS itself running all extensions in one container. In this example oCIS uses its internal IDP [Konnectd]({{< ref "../../extensions/konnectd/_index.md" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storages.md#storage-drivers" >}})
The other one is oCIS itself running all extensions in one container. In this example oCIS uses its internal IDP [Konnectd]({{< ref "../../extensions/idp/_index.md" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storages.md#storage-drivers" >}})
## Server Deployment
@@ -50,6 +50,8 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
@@ -66,7 +68,7 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
Set your domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).

4
docs/ocis/deployment/owncloud10_with_oc_web.md
View File

@@ -59,6 +59,8 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
INSECURE=true
### Traefik settings ###
# Serve Treafik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
# Domain of Traefik, where you can find the dashboard. Defaults to "traefik.owncloud.test"
TRAEFIK_DOMAIN=
# Basic authentication for the dashboard. Defaults to user "admin" and password "admin"
@@ -79,7 +81,7 @@ See also [example server setup]({{< ref "preparing_server.md" >}})
You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`.
Set your domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
If you want to use the Traefik dashboard, set TRAEFIK_DASHBOARD to `true` (default is `false` and therefore not active). If you activate it, you must set a domain for the Traefik dashboard in `TRAEFIK_DOMAIN=` eg. `TRAEFIK_DOMAIN=traefik.owncloud.test`.
The Traefik dashboard is secured by basic auth. Default credentials are the user `admin` with the password `admin`. To set your own credentials, generate a htpasswd (eg. by using [an online tool](https://htpasswdgenerator.de/) or a cli tool).

8
docs/ocis/development/debugging.md
View File

@@ -39,7 +39,7 @@ Run the debug binary with `OCIS_LOG_LEVEL=debug bin/ocis-debug server` and then
12920 pts/1 Sl 0:00 bin/ocis-debug reva-users
12929 pts/1 Sl 0:00 bin/ocis-debug glauth
12940 pts/1 Sl 0:00 bin/ocis-debug reva-storage-home-data
12948 pts/1 Sl 0:00 bin/ocis-debug konnectd
12948 pts/1 Sl 0:00 bin/ocis-debug idp
12952 pts/1 Sl 0:00 bin/ocis-debug proxy
12961 pts/1 Sl 0:00 bin/ocis-debug thumbnails
12971 pts/1 Sl 0:00 bin/ocis-debug reva-storage-oc
@@ -81,7 +81,7 @@ bin/ocis --log-level=$LOG_LEVEL glauth &
bin/ocis --log-level=$LOG_LEVEL graph-explorer &
bin/ocis --log-level=$LOG_LEVEL graph &
#bin/ocis --log-level=$LOG_LEVEL hello &
bin/ocis --log-level=$LOG_LEVEL konnectd &
bin/ocis --log-level=$LOG_LEVEL idp &
#bin/ocis --log-level=$LOG_LEVEL ocs &
bin/ocis --log-level=$LOG_LEVEL web &
bin/ocis --log-level=$LOG_LEVEL reva-auth-basic &
@@ -118,7 +118,7 @@ bin/ocis --log-level=$LOG_LEVEL proxy &
12920 pts/1 Sl 0:00 bin/ocis-debug reva-users
12929 pts/1 Sl 0:00 bin/ocis-debug glauth
12940 pts/1 Sl 0:00 bin/ocis-debug reva-storage-home-data
12948 pts/1 Sl 0:00 bin/ocis-debug konnectd
12948 pts/1 Sl 0:00 bin/ocis-debug idp
12952 pts/1 Sl 0:00 bin/ocis-debug proxy
12961 pts/1 Sl 0:00 bin/ocis-debug thumbnails
12971 pts/1 Sl 0:00 bin/ocis-debug reva-storage-oc
@@ -139,7 +139,7 @@ bin/ocis --log-level=$LOG_LEVEL proxy &
### Gather error messages
We recommend you collect all related information in a single file or in a github issue. Let us start with an error that pops up in the Web UI:
We recommend you collect all related information in a single file or in a GitHub issue. Let us start with an error that pops up in the Web UI:
> Error while sharing.
> error sending a grpc stat request

8
docs/ocis/development/testing.md
View File

@@ -39,7 +39,7 @@ You can invoke two types of test suite runs:
The names of the full test suite make targets have the same naming as in the CI pipeline.
For example `make -C tests/acceptance/docker localApiTests-apiOcisSpecific-ocis` runs the same tests as the `localApiTests-apiOcisSpecific-ocis` CI pipeline, which runs the oCIS test suite "apiOcisSpecific" against an oCIS with oCIS storage.
For example `make -C tests/acceptance/docker localApiTests-apiBugDemonstration-ocis` runs the same tests as the `localApiTests-apiBugDemonstration-ocis` CI pipeline, which runs the oCIS test suite "apiBugDemonstration" against an oCIS with oCIS storage.
For example `make -C tests/acceptance/docker Core-API-Tests-owncloud-storage-3`runs the same tests as the `Core-API-Tests-owncloud-storage-3` CI pipeline, which runs the third (out of ten) ownCloud test suite against an oCIS with owncloud storage.
@@ -48,7 +48,7 @@ For example `make -C tests/acceptance/docker Core-API-Tests-owncloud-storage-3`r
The single feature tests can also be run against the different storage backends. Therefore multiple make targets with the schema test-<test source>-feature-<storage backend> exists. For selecting a single feature test you have to add an additional `BEHAT_FEATURE=...` parameter when invoking the make command:
```
make -C tests/acceptance/docker test-ocis-feature-ocis BEHAT_FEATURE='tests/acceptance/features/apiOcisSpecific/apiAuthOcs-ocsDELETEAuth.feature'
make -C tests/acceptance/docker test-ocis-feature-ocis BEHAT_FEATURE='tests/acceptance/features/apiBugDemonstration/apiAuthOcs-ocsDELETEAuth.feature'
```
This must be pointing to a valid feature definition.
@@ -58,7 +58,7 @@ This must be pointing to a valid feature definition.
By default the tests will be run against docker image built from your current working state of the oCIS repository. For some purposes it might also be handy to use a oCIS image from Docker Hub. Therefore you can provide the optional flag `OCIS_IMAGE_TAG=...` which must contain an available docker tag of the [owncloud/ocis registry on Docker Hub](https://hub.docker.com/r/owncloud/ocis) (eg. 'latest').
```
make -C tests/acceptance/docker localApiTests-apiOcisSpecific-ocis OCIS_IMAGE_TAG=latest
make -C tests/acceptance/docker localApiTests-apiBugDemonstration-ocis OCIS_IMAGE_TAG=latest
```
### Test log output
@@ -138,7 +138,7 @@ Those scenarios are run in the ordinary acceptance test pipeline in CI. The scen
expected failures. If there are any differences then the CI pipeline fails.
Similarly, scenarios that do not work in oCIS with EOS storage are listed in `tests/acceptance/expected-failures-on-EOS-storage.txt`.
Additionally, some issues have scenarios that demonstrate the current buggy behaviour in ocis(reva).
Those scenarios are in this ocis repository in `tests/acceptance/features/apiOcisSpecific`.
Those scenarios are in this ocis repository in `tests/acceptance/features/apiBugDemonstration`.
Have a look into the [documentation](https://doc.owncloud.com/server/developer_manual/testing/acceptance-tests.html#writing-scenarios-for-bugs) to understand why we are writing those tests.
If you want to work on a specific issue

2
docs/ocis/flow-docs/login-flow.md
View File

@@ -44,7 +44,7 @@ sequenceDiagram
Note over client, idp: GET /authorize?<br>response_type=code<br>&scope=openid%20profile%20email<br>&client_id=s6BhdRkqt3<br>&state=af0ifjsldkj<br>&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb HTTP/1.1<br>Host: server.example.com
Note over user, idp: 3. Authorization Server Authenticates the End-User.
Note over idp,ldap: Either an IdP already exists or a new one is introduced. Since we are not yet using oidc discovery we can only use one IdP.
alt all users managed by konnectd/ocis
alt all users managed by idp/ocis
idp->>+glauth: LDAP query/bind
glauth->>+graph: GET user with Basic Auth<br>GraphAPI
graph->>+accounts: internal GRPC

2
docs/ocis/flow-docs/request-flow.md
View File

@@ -28,7 +28,7 @@ sequenceDiagram
Note over client,proxy: What is in a bearer token? <br> The spec recommends opaque tokens. <br> Treat it as random byte noise.
Note over client,proxy: the proxy MUST authenticate users <br> using ocis-accounts because it needs <br> to decide where to send the request
%% Mention introspection endpoint for opaque tokens
%% konnectd uses jwt, so we can save a request
%% idp uses jwt, so we can save a request
%% either way the token can be used to look up the sub and iss of the user
%% or is token check enough?

14
docs/ocis/getting-started.md
View File

@@ -16,16 +16,20 @@ We are distributing oCIS as binaries and Docker images.
You can find more deployments examples in the [deployment section](https://owncloud.github.io/ocis/deployment/)
### Binaries
You can find the latest official release of ocis at [our download mirror](https://download.owncloud.com/ocis/ocis/) or on [GitHub](https://github.com/owncloud/ocis/releases).
The latest build from the master branch can be found at [our download mirrors testing section](https://download.owncloud.com/ocis/ocis/testing/).
The binaries for different platforms are downloadable at [our download mirror](https://download.owncloud.com/ocis/ocis/) or on [GitHub](https://github.com/owncloud/ocis/releases). Latest binaries from the master branch can be found at [our download mirrors testing section](https://download.owncloud.com/ocis/ocis/testing/).
To run oCIS as binary you need to download it first and then run the following commands.
For this example, assuming version 1.1.0 of oCIS running on a Linux AMD64 host:
```console
# for mac
curl https://download.owncloud.com/ocis/ocis/1.0.0/ocis-1.0.0-darwin-amd64 --output ocis
# for linux
curl https://download.owncloud.com/ocis/ocis/1.0.0/ocis-1.0.0-linux-amd64 --output ocis
# download
curl https://download.owncloud.com/ocis/ocis/1.1.0/ocis-1.1.0-linux-amd64 --output ocis
# make binary executable
chmod +x ocis
# run
./ocis server
```

13
docs/ocis/release_notes.md
View File

@@ -7,6 +7,19 @@ geekdocEditPath: edit/master/docs/ocis
geekdocFilePath: release_notes.md
---
## ownCloud Infinite Scale 1.1.0 Technology Preview
Version 1.1.0 is a hardening and patch release. It ships with the latest version of ownCloud Web and brings a couple of minor improvements. The minor version increase is needed due to non-backwards compatible changes in configuration. The documentation has been updated to reflect the changes. Please note that this version is still a Technology Preview and not suited for production use.
The most prominent changes in version 1.1.0 comprise
- Performance and stability improvements for installations with multiple concurrent users
- Simplified configuration by introducing the new environment variable OCIS_URL
- Beta release of [ownCloud performance scripts](https://github.com/owncloud/cdperf)
- Update ownCloud web to [v1.0.1](https://github.com/owncloud/web/releases/tag/v1.0.1)
- Update reva to [v1.5.1](https://github.com/cs3org/reva/releases/tag/v1.5.1)
You can also read the full [ownCloud Infinite Scale changelog](https://github.com/owncloud/ocis/blob/master/CHANGELOG.md) for further details on what has changed.
## ownCloud Infinite Scale 1.0.0 Technology Preview
We are pleased to announce the availability of ownCloud Infinite Scale 1.0.0 Technology Preview which is released as the first public version of the new Infinite Scale platform.

30
docs/ocis/release_roadmap.md Normal file
View File

@@ -0,0 +1,30 @@
---
title: "Release Roadmap"
date: 2020-12-16T20:35:00+01:00
weight: 0
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis
geekdocFilePath: release_roadmap.md
---
# Release Roadmap
You may have asked yourself why there are major version 1 tags in our GitHub repository but the readme still states `ownCloud Infinite Scale is currently in a technical preview state. It will be subject to a lot of changes and is not yet ready for general production deployments.`. How can that be if its a major version 1?
Our initial and also our current plan is to stick to SemVer as versioning scheme. But sometimes there are other factors which cross your plans. Therefore we started releasing oCIS with version `1.0.0 Tech Preview`.
## ownCloud Infinite Scale 1.x technology preview releases
All oCIS releases within major version 1 will be handled as technology previews. There will be no supported releases in terms of us guaranteeing production readiness. We will do releases every 3 weeks. They will sometimes only include bugfixes but also new features or optimizations.
We will be fixing bugs if you report them and truly appreciate every report and contribution. We will then do bugfix releases or add the fix to the next minor release.
We are going to stick to major version 1 until we feel confident about running oCIS in production environments. As a consequence of this we cannot raise the major version, like SemVer requires it, even if we need to introduce breaking changes. We will do our best to avoid breaking changes. If there is no way to circumvent this, we will add an automatic migration or at least point out manual migration steps, since we as oCIS developers are already using oCIS on a personal basis. The best place to see if a breaking change happens is our changelog which is available for every release. If things are not working out for you please contact us immediately. We want to know about this and solve it for you.
It isn't our intention to scare you with our addendum "Tech Preview". We want you to have a clear picture of what you can expect from oCIS. You could take it as a disclaimer or even compare it to running an Linux kernel in alpha stage. It can be very pleasing to be on the latest codebase but you could also find yourself with a lot of problems arising because of that.
You clearly can expect a totally new experience of file-sync and share with oCIS and we want you to use it now - but with understanding and caution.
## ownCloud Infinite Scale 2.x general availability releases
Starting with oCIS 2.0.0 release we will strictly stick to SemVer, just as we do right now for ownCloud Server. The general availability release will also mean that we can recommend oCIS warmly to everyone. Use it to store your precious family pictures or you confidential company data!

2
glauth/go.sum
View File

@@ -224,6 +224,8 @@ github.com/cs3org/reva v1.2.2-0.20200924071957-e6676516e61e h1:khITGSnfDXtByQsLe
github.com/cs3org/reva v1.2.2-0.20200924071957-e6676516e61e/go.mod h1:DOV5SjpOBKN+aWfOHLdA4KiLQkpyC786PQaXEdRAZ0M=
github.com/cs3org/reva v1.4.1-0.20210111080247-f2b63bfd6825 h1:U6pAVGTjesstz+EXd8+YpIG1xwKH1ovOXdWrMCvnopw=
github.com/cs3org/reva v1.4.1-0.20210111080247-f2b63bfd6825/go.mod h1:abC1Lo0ZKwkKloomTPZWunV/lUJvewkty1pI41zn2Ic=
github.com/cs3org/reva v1.5.1 h1:GebunCjhHfA3lFLXjQT+3jOUjEXUubk9sr3otOIDGac=
github.com/cs3org/reva v1.5.1/go.mod h1:abC1Lo0ZKwkKloomTPZWunV/lUJvewkty1pI41zn2Ic=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

2
glauth/templates/CONFIGURATION.tmpl
View File

@@ -35,7 +35,7 @@ $HOME/.ocis
For this configuration to be picked up, have a look at your extension `root` command and look for which default config name it has assigned. *i.e: ocis-glauth reads `glauth.json | yaml | toml ...`*.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/ocis.yml`, `${HOME}/.ocis/ocis.yml` or `$(pwd)/config/ocis.yml`.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/glauth/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/ocis.yml`, `${HOME}/.ocis/ocis.yml` or `$(pwd)/config/ocis.yml`.
### Environment variables

0
konnectd/.dockerignore → idp/.dockerignore
View File

0
konnectd/.env → idp/.env
View File

0
konnectd/.eslintignore → idp/.eslintignore
View File

0
konnectd/.eslintrc.json → idp/.eslintrc.json
View File

0
konnectd/LICENSE → idp/LICENSE
View File

9
konnectd/Makefile → idp/Makefile
View File

@@ -1,5 +1,5 @@
SHELL := bash
NAME := konnectd
NAME := idp
IMPORT := github.com/owncloud/ocis/$(NAME)
BIN := bin
DIST := dist
@@ -92,11 +92,16 @@ generate: assets
# TODO find a docker container with go and yarn so we can properly build assets in ci
#assets: assets/identifier/static assets/identifier/index.html
assets: assets/identifier/static
.PHONY: assets
assets: assets/identifier/static assets/identifier/static/logo.svg assets/identifier/static/favicon.ico
assets/identifier/static:
mkdir -p assets/identifier/static
assets/identifier/static/logo.svg:
curl -o assets/identifier/static/logo.svg ${LOGO_URL}
assets/identifier/static/favicon.ico:
curl -o assets/identifier/static/favicon.ico ${FAVICON_URL}
assets/identifier/index.html: node_modules

39
idp/assets/identifier-registration.yaml Normal file
View File

@@ -0,0 +1,39 @@
---
# OpenID Connect client registry.
clients:
- id: web
name: ownCloud web app
trusted: yes
insecure: yes
redirect_uris:
- {{OCIS_URL}}/
- {{OCIS_URL}}/oidc-callback.html
- {{OCIS_URL}}/oidc-silent-redirect.html
origins:
- {{OCIS_URL}}
- id: ocis-explorer.js
name: oCIS Graph Explorer
trusted: yes
insecure: yes
- id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
name: ownCloud desktop app
application_type: native
insecure: true
- id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
name: ownCloud Android app
application_type: native
redirect_uris:
- oc://android.owncloud.com
- id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
name: ownCloud iOS app
application_type: native
redirect_uris:
- oc://ios.owncloud.com
- oc.ios://ios.owncloud.com

2
konnectd/cmd/konnectd/main.go → idp/cmd/idp/main.go
View File

@@ -3,7 +3,7 @@ package main
import (
"os"
"github.com/owncloud/ocis/konnectd/pkg/command"
"github.com/owncloud/ocis/idp/pkg/command"
)
func main() {

2
konnectd/config/example.json → idp/config/example.json
View File

@@ -15,6 +15,6 @@
"type": "jaeger",
"endpoint": "localhost:6831",
"collector": "http://localhost:14268/api/traces",
"service": "konnectd"
"service": "idp"
}
}

2
konnectd/config/example.yml → idp/config/example.yml
View File

@@ -14,6 +14,6 @@ tracing:
type: jaeger
endpoint: localhost:6831
collector: http://localhost:14268/api/traces
service: konnectd
service: idp
...

0
konnectd/config/identifier-registration.yaml → idp/config/identifier-registration.yaml
View File

4
konnectd/docker/Dockerfile.linux.amd64 → idp/docker/Dockerfile.linux.amd64
View File

@@ -13,7 +13,7 @@ LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
EXPOSE 9130 9134
ENTRYPOINT ["/usr/bin/ocis-konnectd"]
ENTRYPOINT ["/usr/bin/ocis-idp"]
CMD ["server"]
COPY bin/ocis-konnectd /usr/bin/ocis-konnectd
COPY bin/ocis-idp /usr/bin/ocis-idp

4
konnectd/docker/Dockerfile.linux.arm → idp/docker/Dockerfile.linux.arm
View File

@@ -13,7 +13,7 @@ LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
EXPOSE 9130 9134
ENTRYPOINT ["/usr/bin/ocis-konnectd"]
ENTRYPOINT ["/usr/bin/ocis-idp"]
CMD ["server"]
COPY bin/ocis-konnectd /usr/bin/ocis-konnectd
COPY bin/ocis-idp /usr/bin/ocis-idp

4
konnectd/docker/Dockerfile.linux.arm64 → idp/docker/Dockerfile.linux.arm64
View File

@@ -13,7 +13,7 @@ LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
EXPOSE 9130 9134
ENTRYPOINT ["/usr/bin/ocis-konnectd"]
ENTRYPOINT ["/usr/bin/ocis-idp"]
CMD ["server"]
COPY bin/ocis-konnectd /usr/bin/ocis-konnectd
COPY bin/ocis-idp /usr/bin/ocis-idp

22
idp/docker/manifest.tmpl Normal file
View File

@@ -0,0 +1,22 @@
image: owncloud/ocis-idp:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
{{/if}}
manifests:
- image: owncloud/ocis-idp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
platform:
architecture: amd64
os: linux
- image: owncloud/ocis-idp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
platform:
architecture: arm64
variant: v8
os: linux
- image: owncloud/ocis-idp:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
platform:
architecture: arm
variant: v6
os: linux

Some files were not shown because too many files have changed in this diff Show More