mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-05 11:51:16 -06:00
Code Issues Packages Projects Releases Wiki Activity

delete accounts

Browse Source
This commit is contained in:
A.Unger
2020-09-22 14:49:48 +02:00
parent b816caeba0
commit fd66380082
138 changed files with 0 additions and 26542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
accounts/.codacy.yml
View File

@@ -1,10 +0,0 @@
---
exclude_paths:
- CHANGELOG.md
- changelog/**
- docs/**
- pkg/proto/**
- package.json
- rollup.config.js
...

2
accounts/.dockerignore
View File

@@ -1,2 +0,0 @@
*
!bin/

904
accounts/.drone.star
View File

@@ -1,904 +0,0 @@
def main(ctx):
before = [
testing(ctx),
UITests(ctx, 'master', '1840e805bd1bef2e8ee2935de47076a3f2ca3788', 'master', 'e0746d8d3a5879d2c0cd4aaf30c07ee98ab2b945')
]
stages = [
docker(ctx, 'amd64'),
docker(ctx, 'arm64'),
docker(ctx, 'arm'),
binary(ctx, 'linux'),
binary(ctx, 'darwin'),
binary(ctx, 'windows'),
]
after = [
manifest(ctx),
changelog(ctx),
readme(ctx),
badges(ctx),
website(ctx),
]
return before + stages + after
def testing(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'testing',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'frontend',
'image': 'webhippie/nodejs:latest',
'pull': 'always',
'commands': [
'yarn install --frozen-lockfile',
'yarn lint',
'yarn test',
'yarn build',
],
},
{
'name': 'generate',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make generate',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'vet',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make vet',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'staticcheck',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make staticcheck',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'lint',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make lint',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'build',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make protobuf build',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'test',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make test',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'codacy',
'image': 'plugins/codacy:1',
'pull': 'always',
'settings': {
'token': {
'from_secret': 'codacy_token',
},
},
},
{
'name': 'sonarcloud',
'image': 'sonarsource/sonar-scanner-cli',
'pull': 'always',
'environment': {
'SONAR_TOKEN': {
'from_secret': 'sonar_token',
},
'SONAR_PULL_REQUEST_BASE': 'master' if ctx.build.event == 'pull_request' else None,
'SONAR_PULL_REQUEST_BRANCH': ctx.build.source if ctx.build.event == 'pull_request' else None,
'SONAR_PULL_REQUEST_KEY': ctx.build.ref.replace("refs/pull/", "").split("/")[0] if ctx.build.event == 'pull_request' else None,
},
},
],
'volumes': [
{
'name': 'gopath',
'temp': {},
},
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
'refs/pull/**',
],
},
}
def docker(ctx, arch):
return {
'kind': 'pipeline',
'type': 'docker',
'name': arch,
'platform': {
'os': 'linux',
'arch': arch,
},
'steps': [
{
'name': 'frontend',
'image': 'webhippie/nodejs:latest',
'pull': 'always',
'commands': [
'yarn install --frozen-lockfile',
'yarn build',
],
},
{
'name': 'generate',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make generate',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'build',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make protobuf build',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'dryrun',
'image': 'plugins/docker:18.09',
'pull': 'always',
'settings': {
'dry_run': True,
'tags': 'linux-%s' % (arch),
'dockerfile': 'docker/Dockerfile.linux.%s' % (arch),
'repo': ctx.repo.slug,
},
'when': {
'ref': {
'include': [
'refs/pull/**',
],
},
},
},
{
'name': 'docker',
'image': 'plugins/docker:18.09',
'pull': 'always',
'settings': {
'username': {
'from_secret': 'docker_username',
},
'password': {
'from_secret': 'docker_password',
},
'auto_tag': True,
'auto_tag_suffix': 'linux-%s' % (arch),
'dockerfile': 'docker/Dockerfile.linux.%s' % (arch),
'repo': ctx.repo.slug,
},
'when': {
'ref': {
'exclude': [
'refs/pull/**',
],
},
},
},
],
'volumes': [
{
'name': 'gopath',
'temp': {},
},
],
'depends_on': [
'testing',
'UiTests',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
'refs/pull/**',
],
},
}
def UITests(ctx, ocisBranch, ocisCommitId, phoenixBranch, phoenixCommitId):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'UiTests',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'build',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make protobuf build',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'build-ocis',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'git clone -b %s --single-branch --no-tags https://github.com/owncloud/ocis /srv/app/ocis' % (ocisBranch),
'cd /srv/app/ocis',
'git checkout %s' % (ocisCommitId),
'make build',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app'
},
]
},
{
'name': 'ocis-server',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'detach': True,
'environment' : {
'REVA_STORAGE_HOME_DATA_TEMP_FOLDER': '/srv/app/tmp/',
'REVA_STORAGE_LOCAL_ROOT': '/srv/app/tmp/reva/root',
'REVA_STORAGE_OWNCLOUD_DATADIR': '/srv/app/tmp/reva/data',
'REVA_STORAGE_OC_DATA_TEMP_FOLDER': '/srv/app/tmp/',
'REVA_STORAGE_OWNCLOUD_REDIS_ADDR': 'redis:6379',
'REVA_OIDC_ISSUER': 'https://ocis-server:9200',
'PROXY_OIDC_ISSUER': 'https://ocis-server:9200',
'REVA_STORAGE_OC_DATA_SERVER_URL': 'http://ocis-server:9164/data',
'REVA_DATAGATEWAY_URL': 'https://ocis-server:9200/data',
'REVA_FRONTEND_URL': 'https://ocis-server:9200',
'REVA_LDAP_IDP': 'https://ocis-server:9200',
'PHOENIX_WEB_CONFIG': '/drone/src/ui/tests/config/drone/ocis-config.json',
'KONNECTD_IDENTIFIER_REGISTRATION_CONF': '/drone/src/ui/tests/config/drone/identifier-registration.yml',
'KONNECTD_ISS': 'https://ocis-server:9200',
},
'commands': [
'mkdir -p /srv/app/tmp/reva',
# First run settings service because accounts need it to register the settings bundles
'/srv/app/ocis/bin/ocis settings &',
# Wait for the settings service to start
"while [[ \"$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9190)\" != \"404\" ]]; do sleep 2; done",
# Now start the accounts service
'bin/ocis-accounts server &',
# Wait for the accounts service to start
"while [[ \"$(curl -s -o /dev/null -w ''%{http_code}'' localhost:9181)\" != \"404\" ]]; do sleep 2; done",
# Now run all the ocis services except the accounts and settings because they are already running
'/srv/app/ocis/bin/ocis server',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app'
},
]
},
{
'name': 'WebUIAcceptanceTests',
'image': 'owncloudci/nodejs:10',
'pull': 'always',
'environment': {
'SERVER_HOST': 'https://ocis-server:9200',
'BACKEND_HOST': 'https://ocis-server:9200',
'RUN_ON_OCIS': 'true',
'OCIS_REVA_DATA_ROOT': '/srv/app/tmp/reva',
'OCIS_SKELETON_DIR': '/srv/app/testing/data/webUISkeleton',
'PHOENIX_CONFIG': '/drone/src/ui/tests/config/drone/ocis-config.json',
'TEST_TAGS': 'not @skipOnOCIS and not @skip',
'LOCAL_UPLOAD_DIR': '/uploads',
'PHOENIX_PATH': '/srv/app/phoenix',
'FEATURE_PATH': 'ui/tests/acceptance/features',
'NODE_TLS_REJECT_UNAUTHORIZED': '0'
},
'commands': [
'git clone --depth=1 https://github.com/owncloud/testing.git /srv/app/testing',
'git clone -b %s --single-branch https://github.com/owncloud/phoenix /srv/app/phoenix' % (phoenixBranch),
'cd /srv/app/phoenix',
'git checkout %s' % (phoenixCommitId),
'cp -r /srv/app/phoenix/tests/acceptance/filesForUpload/* /uploads',
'yarn install-all',
'cd /drone/src',
'yarn install --all',
'make test-acceptance-webui'
],
'volumes': [{
'name': 'gopath',
'path': '/srv/app',
},
{
'name': 'uploads',
'path': '/uploads'
}]
},
],
'services': [
{
'name': 'redis',
'image': 'webhippie/redis',
'pull': 'always',
'environment': {
'REDIS_DATABASES': 1
},
},
{
'name': 'selenium',
'image': 'selenium/standalone-chrome-debug:3.141.59-20200326',
'pull': 'always',
'volumes': [{
'name': 'uploads',
'path': '/uploads'
}],
},
],
'volumes': [
{
'name': 'gopath',
'temp': {},
},
{
'name': 'uploads',
'temp': {}
}
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
'refs/pull/**',
],
},
}
def binary(ctx, name):
if ctx.build.event == "tag":
settings = {
'endpoint': {
'from_secret': 's3_endpoint',
},
'access_key': {
'from_secret': 'aws_access_key_id',
},
'secret_key': {
'from_secret': 'aws_secret_access_key',
},
'bucket': {
'from_secret': 's3_bucket',
},
'path_style': True,
'strip_prefix': 'dist/release/',
'source': 'dist/release/*',
'target': '/ocis/%s/%s' % (ctx.repo.name.replace("ocis-", ""), ctx.build.ref.replace("refs/tags/v", "")),
}
else:
settings = {
'endpoint': {
'from_secret': 's3_endpoint',
},
'access_key': {
'from_secret': 'aws_access_key_id',
},
'secret_key': {
'from_secret': 'aws_secret_access_key',
},
'bucket': {
'from_secret': 's3_bucket',
},
'path_style': True,
'strip_prefix': 'dist/release/',
'source': 'dist/release/*',
'target': '/ocis/%s/testing' % (ctx.repo.name.replace("ocis-", "")),
}
return {
'kind': 'pipeline',
'type': 'docker',
'name': name,
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'frontend',
'image': 'webhippie/nodejs:latest',
'pull': 'always',
'commands': [
'yarn install --frozen-lockfile',
'yarn build',
],
},
{
'name': 'generate',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make generate',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'build',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make release-%s' % (name),
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'finish',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make release-finish',
],
'volumes': [
{
'name': 'gopath',
'path': '/srv/app',
},
],
},
{
'name': 'upload',
'image': 'plugins/s3:1',
'pull': 'always',
'settings': settings,
'when': {
'ref': [
'refs/heads/master',
'refs/tags/**',
],
},
},
{
'name': 'changelog',
'image': 'toolhippie/calens:latest',
'pull': 'always',
'commands': [
'calens --version %s -o dist/CHANGELOG.md' % ctx.build.ref.replace("refs/tags/v", "").split("-")[0],
],
'when': {
'ref': [
'refs/tags/**',
],
},
},
{
'name': 'release',
'image': 'plugins/github-release:1',
'pull': 'always',
'settings': {
'api_key': {
'from_secret': 'github_token',
},
'files': [
'dist/release/*',
],
'title': ctx.build.ref.replace("refs/tags/v", ""),
'note': 'dist/CHANGELOG.md',
'overwrite': True,
'prerelease': len(ctx.build.ref.split("-")) > 1,
},
'when': {
'ref': [
'refs/tags/**',
],
},
},
],
'volumes': [
{
'name': 'gopath',
'temp': {},
},
],
'depends_on': [
'testing',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
'refs/pull/**',
],
},
}
def manifest(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'manifest',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'execute',
'image': 'plugins/manifest:1',
'pull': 'always',
'settings': {
'username': {
'from_secret': 'docker_username',
},
'password': {
'from_secret': 'docker_password',
},
'spec': 'docker/manifest.tmpl',
'auto_tag': True,
'ignore_missing': True,
},
},
],
'depends_on': [
'amd64',
'arm64',
'arm',
'linux',
'darwin',
'windows',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
],
},
}
def changelog(ctx):
repo_slug = ctx.build.source_repo if ctx.build.source_repo else ctx.repo.slug
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'changelog',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'clone': {
'disable': True,
},
'steps': [
{
'name': 'clone',
'image': 'plugins/git-action:1',
'pull': 'always',
'settings': {
'actions': [
'clone',
],
'remote': 'https://github.com/%s' % (repo_slug),
'branch': ctx.build.source if ctx.build.event == 'pull_request' else 'master',
'path': '/drone/src',
'netrc_machine': 'github.com',
'netrc_username': {
'from_secret': 'github_username',
},
'netrc_password': {
'from_secret': 'github_token',
},
},
},
{
'name': 'generate',
'image': 'webhippie/golang:1.13',
'pull': 'always',
'commands': [
'make changelog',
],
},
{
'name': 'diff',
'image': 'owncloud/alpine:latest',
'pull': 'always',
'commands': [
'git diff',
],
},
{
'name': 'output',
'image': 'owncloud/alpine:latest',
'pull': 'always',
'commands': [
'cat CHANGELOG.md',
],
},
{
'name': 'publish',
'image': 'plugins/git-action:1',
'pull': 'always',
'settings': {
'actions': [
'commit',
'push',
],
'message': 'Automated changelog update [skip ci]',
'branch': 'master',
'author_email': 'devops@owncloud.com',
'author_name': 'ownClouders',
'netrc_machine': 'github.com',
'netrc_username': {
'from_secret': 'github_username',
},
'netrc_password': {
'from_secret': 'github_token',
},
},
'when': {
'ref': {
'exclude': [
'refs/pull/**',
],
},
},
},
],
'depends_on': [
'manifest',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/pull/**',
],
},
}
def readme(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'readme',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'execute',
'image': 'sheogorath/readme-to-dockerhub:latest',
'pull': 'always',
'environment': {
'DOCKERHUB_USERNAME': {
'from_secret': 'docker_username',
},
'DOCKERHUB_PASSWORD': {
'from_secret': 'docker_password',
},
'DOCKERHUB_REPO_PREFIX': ctx.repo.namespace,
'DOCKERHUB_REPO_NAME': ctx.repo.name,
'SHORT_DESCRIPTION': 'Docker images for %s' % (ctx.repo.name),
'README_PATH': 'README.md',
},
},
],
'depends_on': [
'changelog',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
],
},
}
def badges(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'badges',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'execute',
'image': 'plugins/webhook:1',
'pull': 'always',
'settings': {
'urls': {
'from_secret': 'microbadger_url',
},
},
},
],
'depends_on': [
'readme',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/**',
],
},
}
def website(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'website',
'platform': {
'os': 'linux',
'arch': 'amd64',
},
'steps': [
{
'name': 'prepare',
'image': 'owncloudci/alpine:latest',
'commands': [
'make docs-copy'
],
},
{
'name': 'test',
'image': 'webhippie/hugo:latest',
'commands': [
'cd hugo',
'hugo',
],
},
{
'name': 'list',
'image': 'owncloudci/alpine:latest',
'commands': [
'tree hugo/public',
],
},
{
'name': 'publish',
'image': 'plugins/gh-pages:1',
'pull': 'always',
'settings': {
'username': {
'from_secret': 'github_username',
},
'password': {
'from_secret': 'github_token',
},
'pages_directory': 'docs/',
'target_branch': 'docs',
},
'when': {
'ref': {
'exclude': [
'refs/pull/**',
],
},
},
},
{
'name': 'downstream',
'image': 'plugins/downstream',
'settings': {
'server': 'https://cloud.drone.io/',
'token': {
'from_secret': 'drone_token',
},
'repositories': [
'owncloud/owncloud.github.io@source',
],
},
'when': {
'ref': {
'exclude': [
'refs/pull/**',
],
},
},
},
],
'depends_on': [
'badges',
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/pull/**',
],
},
}

35
accounts/.editorconfig
View File

@@ -1,35 +0,0 @@
# http://editorconfig.org
root = true
[*]
charset = utf-8
insert_final_newline = true
trim_trailing_whitespace = true
[Makefile]
indent_style = tab
indent_size = 4
[*.go]
indent_style = tab
indent_size = 4
[*.starlark]
indent_style = space
indent_size = 2
[*.{yml,json}]
indent_style = space
indent_size = 2
[*.{js,vue}]
indent_style = space
indent_size = 2
[*.{css,less}]
indent_style = space
indent_size = 2
[*.md]
trim_trailing_whitespace = true

17
accounts/.eslintrc.json
View File

@@ -1,17 +0,0 @@
{
"env": {
"browser": true,
"es6": true,
"amd": true
},
"extends": [
"standard",
"plugin:vue/essential"
],
"parserOptions": {
"sourceType": "module"
},
"rules": {
}
}

12
accounts/.github/config.yml vendored
View File

@@ -1,12 +0,0 @@
# Configuration for update-docs - https://github.com/behaviorbot/update-docs
# Comment to be posted to on PRs that don't update documentation
updateDocsComment: >
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a [changelog](https://github.com/owncloud/ocis/accounts/blob/master/changelog/README.md) item based on your changes.
updateDocsWhiteList:
- Tests-only
- tests-only
- Tests-Only
updateDocsTargetFiles:
- changelog/unreleased/

0
accounts/.github/issue_template.md vendored
View File

0
accounts/.github/pull_request_template.md vendored
View File

98
accounts/.github/settings.yml vendored
View File

@@ -1,98 +0,0 @@
---
repository:
name: ocis-accounts
description: ':busts_in_silhouette: Serve Accounts for oCIS'
homepage: https://owncloud.github.io/extensions/ocis_accounts/
topics: reva, ocis
private: false
has_issues: true
has_projects: false
has_wiki: false
has_downloads: false
default_branch: master
allow_squash_merge: true
allow_merge_commit: true
allow_rebase_merge: true
labels:
- name: bug
color: d73a4a
description: Something isn't working
- name: documentation
color: 0075ca
description: Improvements or additions to documentation
- name: duplicate
color: cfd3d7
description: This issue or pull request already exists
- name: enhancement
color: a2eeef
description: New feature or request
- name: good first issue
color: 7057ff
description: Good for newcomers
- name: help wanted
color: 008672
description: Extra attention is needed
- name: invalid
color: e4e669
description: This doesn't seem right
- name: question
color: d876e3
description: Further information is requested
- name: wontfix
color: ffffff
description: This will not be worked on
- name: effort/trivial
color: c2e0c6
description: Required effort to finish task
- name: effort/0.25d
color: c2e0c6
description: Required effort to finish task
- name: effort/0.5d
color: c2e0c6
description: Required effort to finish task
- name: effort/1d
color: c2e0c6
description: Required effort to finish task
- name: effort/2d
color: c2e0c6
description: Required effort to finish task
- name: effort/4d
color: c2e0c6
description: Required effort to finish task
- name: effort/5d
color: c2e0c6
description: Required effort to finish task
- name: effort/10d
color: c2e0c6
description: Required effort to finish task
teams:
- name: ci
permission: admin
- name: employees
permission: push
branches:
- name: master
protection:
required_pull_request_reviews:
required_approving_review_count: 1
dismiss_stale_reviews: false
require_code_owner_reviews: false
dismissal_restrictions: {}
required_status_checks:
strict: true
contexts:
- continuous-integration/drone/pr
enforce_admins: false
restrictions:
users: []
teams:
- ci
- employees
...

11
accounts/.gitignore vendored
View File

@@ -1,11 +0,0 @@
coverage.out
.idea
/bin
/dist
/hugo
/pkg/proto/v0/accounts-store/
/node_modules
/assets

444
accounts/CHANGELOG.md
View File

@@ -1,444 +0,0 @@
# Changelog for [unreleased] (UNRELEASED)
The following sections list the changes in ocis-accounts unreleased.
[unreleased]: https://github.com/owncloud/ocis/accounts/compare/v0.4.1...master
## Summary
* Bugfix - Initialize roleService client in GRPC server: [#114](https://github.com/owncloud/ocis/accounts/pull/114)
* Bugfix - Cleanup separated indices in memory: [#224](https://github.com/owncloud/product/issues/224)
* Bugfix - Don't create account if id/mail/username already taken: [#123](https://github.com/owncloud/ocis/accounts/pull/123)
* Change - Set user role on builtin users: [#102](https://github.com/owncloud/ocis/accounts/pull/102)
* Change - Add new builtin admin user: [#102](https://github.com/owncloud/ocis/accounts/pull/102)
* Change - We make use of the roles cache to enforce permission checks: [#100](https://github.com/owncloud/ocis/accounts/pull/100)
* Change - We make use of the roles manager to enforce permission checks: [#108](https://github.com/owncloud/ocis/accounts/pull/108)
* Enhancement - Add create account form: [#148](https://github.com/owncloud/product/issues/148)
* Enhancement - Add delete accounts action: [#148](https://github.com/owncloud/product/issues/148)
* Enhancement - Add enable/disable capabilities to the WebUI: [#118](https://github.com/owncloud/product/issues/118)
* Enhancement - Improve visual appearance of accounts UI: [#222](https://github.com/owncloud/product/issues/222)
## Details
* Bugfix - Initialize roleService client in GRPC server: [#114](https://github.com/owncloud/ocis/accounts/pull/114)
We fixed the initialization of the GRPC server by also providing a roleService client and a
roleManager instance.
https://github.com/owncloud/ocis/accounts/pull/114
* Bugfix - Cleanup separated indices in memory: [#224](https://github.com/owncloud/product/issues/224)
The accounts service was creating a bleve index instance in the service handler, thus creating
separate in memory indices for the http and grpc servers. We moved the service handler creation
out of the server creation so that the service handler, thus also the bleve index, is a shared
instance of the servers.
This fixes a bug that accounts created through the web ui were not able to sign in until a service
restart.
https://github.com/owncloud/product/issues/224
https://github.com/owncloud/ocis/accounts/pull/117
https://github.com/owncloud/ocis/accounts/pull/118
* Bugfix - Don't create account if id/mail/username already taken: [#123](https://github.com/owncloud/ocis/accounts/pull/123)
We don't allow anymore to create a new account if the provided id/mail/username is already
taken.
https://github.com/owncloud/ocis/accounts/pull/123
* Change - Set user role on builtin users: [#102](https://github.com/owncloud/ocis/accounts/pull/102)
We now set the default `user` role on our builtin users.
https://github.com/owncloud/ocis/accounts/pull/102
* Change - Add new builtin admin user: [#102](https://github.com/owncloud/ocis/accounts/pull/102)
We added a new builtin user `moss` and assigned the admin role.
https://github.com/owncloud/ocis/accounts/pull/102
* Change - We make use of the roles cache to enforce permission checks: [#100](https://github.com/owncloud/ocis/accounts/pull/100)
The roles cache and its cache update middleware are used to make permission checks possible.
The permission checks take place in the accounts handler.
https://github.com/owncloud/ocis/accounts/pull/100
* Change - We make use of the roles manager to enforce permission checks: [#108](https://github.com/owncloud/ocis/accounts/pull/108)
The roles cache and its cache update middleware have been replaced with a roles manager in
ocis-pkg/v2. We've switched over to the new roles manager implementation, to prepare for
permission checks on grpc requests as well.
https://github.com/owncloud/ocis/accounts/pull/108
https://github.com/owncloud/ocis-pkg/pull/60
* Enhancement - Add create account form: [#148](https://github.com/owncloud/product/issues/148)
We've added a form to create new users above the accounts list.
https://github.com/owncloud/product/issues/148
https://github.com/owncloud/ocis/accounts/pull/115
* Enhancement - Add delete accounts action: [#148](https://github.com/owncloud/product/issues/148)
We've added an action into the actions dropdown to enable admins to delete users.
https://github.com/owncloud/product/issues/148
https://github.com/owncloud/ocis/accounts/pull/115
* Enhancement - Add enable/disable capabilities to the WebUI: [#118](https://github.com/owncloud/product/issues/118)
We've added batch actions into the accounts listing to provide options to enable and disable
accounts.
https://github.com/owncloud/product/issues/118
https://github.com/owncloud/ocis/accounts/pull/109
* Enhancement - Improve visual appearance of accounts UI: [#222](https://github.com/owncloud/product/issues/222)
We aligned the visual appearance of the accounts UI with default ocis-web apps (full width,
style of batch actions), added icons to buttons, extracted the buttons from the batch actions
dropdown into individual buttons, improved the wording added a confirmation widget for the
user deletion and removed the uid and gid columns.
https://github.com/owncloud/product/issues/222
https://github.com/owncloud/ocis/accounts/pull/116
# Changelog for [0.4.1] (2020-08-27)
The following sections list the changes in ocis-accounts 0.4.1.
[0.4.1]: https://github.com/owncloud/ocis/accounts/compare/v0.3.0...v0.4.1
## Summary
* Bugfix - Adapting to new settings API for fetching roles: [#96](https://github.com/owncloud/ocis/accounts/pull/96)
* Change - Create account api-call implicitly adds "default-user" role: [#173](https://github.com/owncloud/product/issues/173)
## Details
* Bugfix - Adapting to new settings API for fetching roles: [#96](https://github.com/owncloud/ocis/accounts/pull/96)
We fixed the usage of the ocis-settings endpoint for fetching roles.
https://github.com/owncloud/ocis/accounts/pull/96
* Change - Create account api-call implicitly adds "default-user" role: [#173](https://github.com/owncloud/product/issues/173)
When calling CreateAccount default-user-role is implicitly added.
https://github.com/owncloud/product/issues/173
# Changelog for [0.3.0] (2020-08-20)
The following sections list the changes in ocis-accounts 0.3.0.
[0.3.0]: https://github.com/owncloud/ocis/accounts/compare/v0.4.0...v0.3.0
## Summary
* Bugfix - Atomic Requests: [#82](https://github.com/owncloud/ocis/accounts/pull/82)
* Bugfix - Unescape value for prefix query: [#76](https://github.com/owncloud/ocis/accounts/pull/76)
* Change - Adapt to new ocis-settings data model: [#87](https://github.com/owncloud/ocis/accounts/pull/87)
* Change - Add permissions for language to default roles: [#88](https://github.com/owncloud/ocis/accounts/pull/88)
## Details
* Bugfix - Atomic Requests: [#82](https://github.com/owncloud/ocis/accounts/pull/82)
Operations on the file system level are now atomic. This happens only on the provisioning API.
https://github.com/owncloud/ocis/accounts/pull/82
* Bugfix - Unescape value for prefix query: [#76](https://github.com/owncloud/ocis/accounts/pull/76)
Prefix queries also need to unescape token values like `'some ''ol string'` to `some 'ol
string` before using it in a prefix query
https://github.com/owncloud/ocis/accounts/pull/76
* Change - Adapt to new ocis-settings data model: [#87](https://github.com/owncloud/ocis/accounts/pull/87)
Ocis-settings introduced UUIDs and less verbose endpoint and message type names. This PR
adjusts ocis-accounts accordingly.
https://github.com/owncloud/ocis/accounts/pull/87
https://github.com/owncloud/ocis/settings/pull/46
* Change - Add permissions for language to default roles: [#88](https://github.com/owncloud/ocis/accounts/pull/88)
Ocis-settings has default roles and exposes the respective bundle uuids. We now added
permissions for reading/writing the preferred language to the default roles.
https://github.com/owncloud/ocis/accounts/pull/88
# Changelog for [0.4.0] (2020-08-20)
The following sections list the changes in ocis-accounts 0.4.0.
[0.4.0]: https://github.com/owncloud/ocis/accounts/compare/v0.2.0...v0.4.0
## Summary
* Change - Add role selection to accounts UI: [#103](https://github.com/owncloud/product/issues/103)
## Details
* Change - Add role selection to accounts UI: [#103](https://github.com/owncloud/product/issues/103)
We added a role selection dropdown for each account in the accounts UI. As a first iteration,
this doesn't require account management permissions.
https://github.com/owncloud/product/issues/103
https://github.com/owncloud/ocis/accounts/pull/89
# Changelog for [0.2.0] (2020-08-19)
The following sections list the changes in ocis-accounts 0.2.0.
[0.2.0]: https://github.com/owncloud/ocis/accounts/compare/v0.1.1...v0.2.0
## Summary
* Bugfix - Add write mutexes: [#71](https://github.com/owncloud/ocis/accounts/pull/71)
* Bugfix - Fix the accountId and groupId mismatch in DeleteGroup Method: [#60](https://github.com/owncloud/ocis/accounts/pull/60)
* Bugfix - Fix index mapping: [#73](https://github.com/owncloud/ocis/accounts/issues/73)
* Bugfix - Use NewNumericRangeInclusiveQuery for numeric literals: [#28](https://github.com/owncloud/ocis-glauth/issues/28)
* Bugfix - Prevent segfault when no password is set: [#65](https://github.com/owncloud/ocis/accounts/pull/65)
* Bugfix - Update account return value not used: [#70](https://github.com/owncloud/ocis/accounts/pull/70)
* Bugfix - Build docker images with alpine:latest instead of alpine:edge: [#64](https://github.com/owncloud/ocis/accounts/pull/64)
* Change - Align structure of this extension with other extensions: [#51](https://github.com/owncloud/ocis/accounts/pull/51)
* Change - Change api errors: [#11](https://github.com/owncloud/ocis/accounts/issues/11)
* Change - Enable accounts on creation: [#43](https://github.com/owncloud/ocis/accounts/issues/43)
* Change - Fix index update on create/update: [#57](https://github.com/owncloud/ocis/accounts/issues/57)
* Change - Pass around the correct logger throughout the code: [#41](https://github.com/owncloud/ocis/accounts/issues/41)
* Change - Remove timezone setting: [#33](https://github.com/owncloud/ocis/accounts/pull/33)
* Change - Tighten screws on usernames and email addresses: [#65](https://github.com/owncloud/ocis/accounts/pull/65)
* Enhancement - Add early version of cli tools for user-management: [#69](https://github.com/owncloud/ocis/accounts/pull/69)
* Enhancement - Update accounts API: [#30](https://github.com/owncloud/ocis/accounts/pull/30)
* Enhancement - Add simple user listing UI: [#51](https://github.com/owncloud/ocis/accounts/pull/51)
## Details
* Bugfix - Add write mutexes: [#71](https://github.com/owncloud/ocis/accounts/pull/71)
Concurrent account or groups writes would corrupt the json file on disk, because the different
goroutines would be treated as a single thread from the os. We introduce a mutex for account and
group file writes each. This locks the update frequency for all accounts/groups and could be
further improved by using a concurrent map of mutexes with a mutex per account / group. PR
welcome.
https://github.com/owncloud/ocis/accounts/pull/71
* Bugfix - Fix the accountId and groupId mismatch in DeleteGroup Method: [#60](https://github.com/owncloud/ocis/accounts/pull/60)
We've fixed a bug in deleting the groups.
The accountId and GroupId were swapped when removing the member from a group after deleting the
group.
https://github.com/owncloud/ocis/accounts/pull/60
* Bugfix - Fix index mapping: [#73](https://github.com/owncloud/ocis/accounts/issues/73)
The index mapping was not being used because we were not using the right blevesearch TypeField,
leading to username like properties like `preferred_name` and
`on_premises_sam_account_name` to be case sensitive.
https://github.com/owncloud/ocis/accounts/issues/73
* Bugfix - Use NewNumericRangeInclusiveQuery for numeric literals: [#28](https://github.com/owncloud/ocis-glauth/issues/28)
Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a
user it will not only try to lookup the user by username, but also by the `uidnumber`:
`(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was
sending that as a string query `uid_number eq '20000'` and has been changed to send it as
`uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the
numeric literal and use the NewNumericRangeInclusiveQuery instead of a TermQuery.
https://github.com/owncloud/ocis-glauth/issues/28
https://github.com/owncloud/ocis/accounts/pull/68
https://github.com/owncloud/ocis-glauth/pull/29
* Bugfix - Prevent segfault when no password is set: [#65](https://github.com/owncloud/ocis/accounts/pull/65)
Passwords are stored in a dedicated child struct of an account. We fixed several segfault
conditions where the methods would try to unset a password when that child struct was not
existing.
https://github.com/owncloud/ocis/accounts/pull/65
* Bugfix - Update account return value not used: [#70](https://github.com/owncloud/ocis/accounts/pull/70)
In order to return a value using the micro go code we need to override the `out` value.
https://github.com/owncloud/ocis/accounts/pull/70
* Bugfix - Build docker images with alpine:latest instead of alpine:edge: [#64](https://github.com/owncloud/ocis/accounts/pull/64)
ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.
https://github.com/owncloud/ocis/accounts/pull/64
* Change - Align structure of this extension with other extensions: [#51](https://github.com/owncloud/ocis/accounts/pull/51)
We aim to have a similar project structure for all our ocis extensions. This extension was
different with regard to the structure of the server command and naming of some flag names.
https://github.com/owncloud/ocis/accounts/pull/51
* Change - Change api errors: [#11](https://github.com/owncloud/ocis/accounts/issues/11)
Replaced the plain golang errors with the error model from the micro framework.
https://github.com/owncloud/ocis/accounts/issues/11
* Change - Enable accounts on creation: [#43](https://github.com/owncloud/ocis/accounts/issues/43)
Accounts have been created with the account_enabled flag set to false. Now when they are
created accounts will be enabled per default.
https://github.com/owncloud/ocis/accounts/issues/43
* Change - Fix index update on create/update: [#57](https://github.com/owncloud/ocis/accounts/issues/57)
We fixed a bug in creating/updating accounts and groups, that caused new entities not to show up
in list queries.
https://github.com/owncloud/ocis/accounts/issues/57
https://github.com/owncloud/ocis/accounts/pull/59
* Change - Pass around the correct logger throughout the code: [#41](https://github.com/owncloud/ocis/accounts/issues/41)
Pass around the logger to have consistent log formatting, log level, etc.
https://github.com/owncloud/ocis/accounts/issues/41
https://github.com/owncloud/ocis/accounts/pull/48
* Change - Remove timezone setting: [#33](https://github.com/owncloud/ocis/accounts/pull/33)
We had a timezone setting in our profile settings bundle. As we're not dealing with a timezone
yet it would be confusing for the user to have a timezone setting available. We removed it, until
we have a timezone implementation available in ocis-web.
https://github.com/owncloud/ocis/accounts/pull/33
* Change - Tighten screws on usernames and email addresses: [#65](https://github.com/owncloud/ocis/accounts/pull/65)
In order to match accounts to the OIDC claims we currently rely on the email address or username
to be present. We force both to match the [W3C recommended
regex](https://www.w3.org/TR/2016/REC-html51-20161101/sec-forms.html#valid-e-mail-address)
with usernames having to start with a character or `_`. This allows the username to be presented
and used in ACLs when integrating the os with the glauth LDAP service of ocis.
https://github.com/owncloud/ocis/accounts/pull/65
* Enhancement - Add early version of cli tools for user-management: [#69](https://github.com/owncloud/ocis/accounts/pull/69)
Following commands are available:
List, ls List existing accounts add, create, Create a new account update Make changes to an
existing account remove, rm Removes an existing account inspect Show detailed data on an
existing account
See --help for details.
Note that not all account-attributes have an effect yet. This is due to ocis being in an early
development stage.
https://github.com/owncloud/product/issues/115
https://github.com/owncloud/ocis/accounts/pull/69
* Enhancement - Update accounts API: [#30](https://github.com/owncloud/ocis/accounts/pull/30)
We updated the api to allow fetching users not onyl by UUID, but also by identity (OpenID issuer
and subject) email, username and optionally a password.
https://github.com/owncloud/ocis/accounts/pull/30
* Enhancement - Add simple user listing UI: [#51](https://github.com/owncloud/ocis/accounts/pull/51)
We added an extension for ocis-web that shows a simple list of all existing users.
https://github.com/owncloud/ocis/accounts/pull/51
# Changelog for [0.1.1] (2020-04-29)
The following sections list the changes in ocis-accounts 0.1.1.
[0.1.1]: https://github.com/owncloud/ocis/accounts/compare/v0.1.0...v0.1.1
## Summary
* Enhancement - Logging is configurable: [#24](https://github.com/owncloud/ocis/accounts/pull/24)
## Details
* Enhancement - Logging is configurable: [#24](https://github.com/owncloud/ocis/accounts/pull/24)
ACCOUNTS_LOG_* env-vars or cli-flags can be used for logging configuration. See --help for
more details.
https://github.com/owncloud/ocis/accounts/pull/24
# Changelog for [0.1.0] (2020-03-18)
The following sections list the changes in ocis-accounts 0.1.0.
[0.1.0]: https://github.com/owncloud/ocis/accounts/compare/500e303cb544ed93d84153f01219d77eeee44929...v0.1.0
## Summary
* Change - Initial release of basic version: [#1](https://github.com/owncloud/ocis/accounts/issues/1)
* Enhancement - Configuration: [#15](https://github.com/owncloud/ocis/accounts/pull/15)
## Details
* Change - Initial release of basic version: [#1](https://github.com/owncloud/ocis/accounts/issues/1)
Just prepared an initial basic version.
https://github.com/owncloud/ocis/accounts/issues/1
* Enhancement - Configuration: [#15](https://github.com/owncloud/ocis/accounts/pull/15)
Extensions should be responsible of configuring themselves. We use Viper for config loading
from default paths. Environment variables **WILL** take precedence over config files.
https://github.com/owncloud/ocis/accounts/pull/15

202
accounts/LICENSE
View File

@@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

205
accounts/Makefile
View File

@@ -1,205 +0,0 @@
SHELL := bash
NAME := ocis-accounts
IMPORT := github.com/owncloud/$(NAME)
BIN := bin
DIST := dist
HUGO := hugo
PROTO_VERSION := v0
PROTO_SRC := pkg/proto/$(PROTO_VERSION)
ifeq ($(OS), Windows_NT)
EXECUTABLE := $(NAME).exe
UNAME := Windows
else
EXECUTABLE := $(NAME)
UNAME := $(shell uname -s)
endif
ifeq ($(UNAME), Darwin)
GOBUILD ?= go build -i
else
GOBUILD ?= go build
endif
PACKAGES ?= $(shell go list ./...)
SOURCES ?= $(shell find . -name "*.go" -type f -not -path "./node_modules/*")
GENERATE ?= $(IMPORT)/pkg/assets
FEATURE_PATH ?= "ui/tests/acceptance/features"
TAGS ?=
ifndef OUTPUT
ifneq ($(DRONE_TAG),)
OUTPUT ?= $(subst v,,$(DRONE_TAG))
else
OUTPUT ?= testing
endif
endif
ifndef VERSION
ifneq ($(DRONE_TAG),)
VERSION ?= $(subst v,,$(DRONE_TAG))
else
VERSION ?= $(shell git rev-parse --short HEAD)
endif
endif
ifndef DATE
DATE := $(shell date -u '+%Y%m%d')
endif
LDFLAGS += -s -w -X "$(IMPORT)/pkg/version.String=$(VERSION)" -X "$(IMPORT)/pkg/version.Date=$(DATE)"
GCFLAGS += all=-N -l
.PHONY: all
all: build
.PHONY: sync
sync:
go mod download
.PHONY: clean
clean:
go clean -i ./...
rm -rf $(BIN) $(DIST) $(HUGO)
.PHONY: fmt
fmt:
gofmt -s -w $(SOURCES)
.PHONY: vet
vet:
go vet $(PACKAGES)
.PHONY: staticcheck
staticcheck:
go run honnef.co/go/tools/cmd/staticcheck -tags '$(TAGS)' $(PACKAGES)
.PHONY: lint
lint:
for PKG in $(PACKAGES); do go run golang.org/x/lint/golint -set_exit_status $$PKG || exit 1; done;
.PHONY: generate
generate: protobuf
go generate $(GENERATE)
.PHONY: changelog
changelog:
go run github.com/restic/calens >| CHANGELOG.md
.PHONY: test
test:
go run github.com/haya14busa/goverage -v -coverprofile coverage.out $(PACKAGES)
.PHONY: install
install: $(SOURCES)
go install -v -tags '$(TAGS)' -ldflags '$(LDFLAGS)' ./cmd/$(NAME)
.PHONY: build
build: $(BIN)/$(EXECUTABLE) $(BIN)/$(EXECUTABLE)-debug
$(BIN)/$(EXECUTABLE): $(SOURCES)
$(GOBUILD) -v -tags '$(TAGS)' -ldflags '$(LDFLAGS)' -o $@ ./cmd/$(NAME)
$(BIN)/$(EXECUTABLE)-debug: $(SOURCES)
$(GOBUILD) -v -tags '$(TAGS)' -ldflags '$(LDFLAGS)' -gcflags '$(GCFLAGS)' -o $@ ./cmd/$(NAME)
.PHONY: release
release: release-dirs release-linux release-windows release-darwin release-copy release-check
.PHONY: release-dirs
release-dirs:
mkdir -p $(DIST)/binaries $(DIST)/release
.PHONY: release-linux
release-linux: release-dirs
go run github.com/mitchellh/gox -tags 'netgo $(TAGS)' -ldflags '-extldflags "-static" $(LDFLAGS)' -os 'linux' -arch 'amd64 386 arm64 arm' -output '$(DIST)/binaries/$(EXECUTABLE)-$(OUTPUT)-{{.OS}}-{{.Arch}}' ./cmd/$(NAME)
.PHONY: release-windows
release-windows: release-dirs
go run github.com/mitchellh/gox -tags 'netgo $(TAGS)' -ldflags '-extldflags "-static" $(LDFLAGS)' -os 'windows' -arch 'amd64' -output '$(DIST)/binaries/$(EXECUTABLE)-$(OUTPUT)-{{.OS}}-{{.Arch}}' ./cmd/$(NAME)
.PHONY: release-darwin
release-darwin: release-dirs
go run github.com/mitchellh/gox -tags 'netgo $(TAGS)' -ldflags '$(LDFLAGS)' -os 'darwin' -arch 'amd64' -output '$(DIST)/binaries/$(EXECUTABLE)-$(OUTPUT)-{{.OS}}-{{.Arch}}' ./cmd/$(NAME)
.PHONY: release-copy
release-copy:
$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
.PHONY: release-check
release-check:
cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
.PHONY: release-finish
release-finish: release-copy release-check
.PHONY: docs-copy
docs-copy:
mkdir -p $(HUGO); \
mkdir -p $(HUGO)/content/extensions; \
cd $(HUGO); \
git init; \
git remote rm origin; \
git remote add origin https://github.com/owncloud/owncloud.github.io; \
git fetch; \
git checkout origin/source -f; \
rsync --delete -ax ../docs/ content/extensions/$(NAME)
.PHONY: docs-build
docs-build:
cd $(HUGO); hugo
.PHONY: docs
docs: docs-copy docs-build
.PHONY: test-acceptance-webui
test-acceptance-webui:
./ui/tests/run-acceptance-test.sh $(FEATURE_PATH)
.PHONY: watch
watch:
go run github.com/cespare/reflex -c reflex.conf
$(GOPATH)/bin/protoc-gen-go:
GO111MODULE=off go get -v google.golang.org/protobuf/cmd/protoc-gen-go
$(GOPATH)/bin/protoc-gen-micro:
GO111MODULE=on go get -v github.com/micro/protoc-gen-micro/v2
$(GOPATH)/bin/protoc-gen-microweb:
GO111MODULE=off go get -v github.com/owncloud/protoc-gen-microweb
$(GOPATH)/bin/protoc-gen-swagger:
GO111MODULE=off go get -v github.com/grpc-ecosystem/grpc-gateway/protoc-gen-swagger
$(PROTO_SRC)/accounts.pb.go: $(PROTO_SRC)/accounts.proto
protoc \
-I=third_party/ \
-I=$(PROTO_SRC)/ \
--go_out=. accounts.proto
$(PROTO_SRC)/accounts.pb.micro.go: $(PROTO_SRC)/accounts.proto
protoc \
-I=third_party/ \
-I=$(PROTO_SRC)/ \
--micro_out=. accounts.proto
$(PROTO_SRC)/accounts.pb.web.go: $(PROTO_SRC)/accounts.proto
protoc \
-I=third_party/ \
-I=$(PROTO_SRC)/ \
--microweb_out=. accounts.proto
$(PROTO_SRC)/accounts.swagger.json: $(PROTO_SRC)/accounts.proto
# the other commands above respect the declared package in the .proto file for placement of the resulting file.
# `swagger_out` doesn't, so we have to specify the output path as `$(PROTO_SRC)` instead of `.`
protoc \
-I=third_party/ \
-I=$(PROTO_SRC)/ \
--swagger_out=$(PROTO_SRC) accounts.proto
.PHONY: protobuf
protobuf: $(GOPATH)/bin/protoc-gen-go $(GOPATH)/bin/protoc-gen-micro $(GOPATH)/bin/protoc-gen-microweb $(GOPATH)/bin/protoc-gen-swagger \
$(PROTO_SRC)/accounts.pb.go $(PROTO_SRC)/accounts.pb.micro.go $(PROTO_SRC)/accounts.pb.web.go $(PROTO_SRC)/accounts.swagger.json

45
accounts/README.md
View File

@@ -1,45 +0,0 @@
# ownCloud Infinite Scale: Accounts
[![Build Status](https://cloud.drone.io/api/badges/owncloud/ocis-accounts/status.svg)](https://cloud.drone.io/owncloud/ocis-accounts)
[![Gitter chat](https://badges.gitter.im/cs3org/reva.svg)](https://gitter.im/cs3org/reva)
[![Codacy Badge](https://api.codacy.com/project/badge/Grade/d005a4722c1b463b9b95060479018e99)](https://www.codacy.com/gh/owncloud/ocis-accounts?utm_source=github.com&utm_medium=referral&utm_content=owncloud/ocis-accounts&utm_campaign=Badge_Grade)
[![Go Doc](https://godoc.org/github.com/owncloud/ocis-accounts?status.svg)](http://godoc.org/github.com/owncloud/ocis-accounts)
[![Go Report](http://goreportcard.com/badge/github.com/owncloud/ocis-accounts)](http://goreportcard.com/report/github.com/owncloud/ocis-accounts)
[![](https://images.microbadger.com/badges/image/owncloud/ocis-accounts.svg)](http://microbadger.com/images/owncloud/ocis-accounts "Get your own image badge on microbadger.com")
**This project is under heavy development, it's not in a working state yet!**
## Install
You can download prebuilt binaries from the GitHub releases or from our [download mirrors](http://download.owncloud.com/ocis/accounts/). For instructions how to install this on your platform you should take a look at our [documentation](https://owncloud.github.io/extensions/ocis_accounts/)
****
## Development
Make sure you have a working Go environment, for further reference or a guide take a look at the [install instructions](http://golang.org/doc/install.html). This project requires Go >= v1.13.
```console
git clone https://github.com/owncloud/ocis-accounts.git
cd ocis-accounts
make generate build
./bin/ocis-accounts -h
```
## Security
If you find a security issue please contact security@owncloud.com first.
## Contributing
Fork -> Patch -> Push -> Pull Request
## License
Apache-2.0
## Copyright
```console
Copyright (c) 2019 ownCloud GmbH <https://owncloud.com>
```

25
accounts/babel.config.js
View File

@@ -1,25 +0,0 @@
module.exports = function (api) {
api.cache(true)
const presets = [
[
'@babel/preset-env',
{
useBuiltIns: 'usage',
corejs: '3'
}
]
]
const plugins = [
'@babel/plugin-syntax-dynamic-import',
'@babel/plugin-proposal-class-properties',
'@babel/plugin-proposal-object-rest-spread',
'@babel/plugin-transform-runtime',
'@babel/plugin-proposal-export-default-from'
]
return {
presets,
plugins
}
}

5
accounts/changelog/0.1.0_2020-03-18/inital-release
View File

@@ -1,5 +0,0 @@
Change: Initial release of basic version
Just prepared an initial basic version.
https://github.com/owncloud/ocis/accounts/issues/1

5
accounts/changelog/0.1.0_2020-03-18/self-config.md
View File

@@ -1,5 +0,0 @@
Enhancement: Configuration
Extensions should be responsible of configuring themselves. We use Viper for config loading from default paths. Environment variables **WILL** take precedence over config files.
https://github.com/owncloud/ocis/accounts/pull/15

5
accounts/changelog/0.1.1_2020-04-29/configurable-log.md
View File

@@ -1,5 +0,0 @@
Enhancement: Logging is configurable
ACCOUNTS_LOG_* env-vars or cli-flags can be used for logging configuration. See --help for more details.
https://github.com/owncloud/ocis/accounts/pull/24

17
accounts/changelog/0.2.0_2020-08-19/add-cli-user-management.md
View File

@@ -1,17 +0,0 @@
Enhancement: Add early version of cli tools for user-management
Following commands are available:
list, ls List existing accounts
add, create, Create a new account
update Make changes to an existing account
remove, rm Removes an existing account
inspect Show detailed data on an existing account
See --help for details.
Note that not all account-attributes have an effect yet. This is due to ocis
being in an early development stage.
https://github.com/owncloud/ocis/accounts/pull/69
https://github.com/owncloud/product/issues/115

5
accounts/changelog/0.2.0_2020-08-19/add-write-mutexes.md
View File

@@ -1,5 +0,0 @@
Bugfix: Add write mutexes
Concurrent account or groups writes would corrupt the json file on disk, because the different goroutines would be treated as a single thread from the os. We introduce a mutex for account and group file writes each. This locks the update frequency for all accounts/groups and could be further improved by using a concurrent map of mutexes with a mutex per account / group. PR welcome.
https://github.com/owncloud/ocis/accounts/pull/71

5
accounts/changelog/0.2.0_2020-08-19/align-project-structure.md
View File

@@ -1,5 +0,0 @@
Change: Align structure of this extension with other extensions
We aim to have a similar project structure for all our ocis extensions. This extension was different with regard to the structure of the server command and naming of some flag names.
https://github.com/owncloud/ocis/accounts/pull/51

6
accounts/changelog/0.2.0_2020-08-19/change-grpc-error-messages.md
View File

@@ -1,6 +0,0 @@
Change: change api errors
Replaced the plain golang errors with the error model from the micro framework.
https://github.com/owncloud/ocis/accounts/issues/11

6
accounts/changelog/0.2.0_2020-08-19/enable_accounts.md
View File

@@ -1,6 +0,0 @@
Change: Enable accounts on creation
Accounts have been created with the account_enabled flag set to false.
Now when they are created accounts will be enabled per default.
https://github.com/owncloud/ocis/accounts/issues/43

8
accounts/changelog/0.2.0_2020-08-19/fix-account-group-id.md
View File

@@ -1,8 +0,0 @@
Bugfix: Fix the accountId and groupId mismatch in DeleteGroup Method
We've fixed a bug in deleting the groups.
The accountId and GroupId were swapped when removing the member from a group after deleting
the group.
https://github.com/owncloud/ocis/accounts/pull/60

5
accounts/changelog/0.2.0_2020-08-19/fix-index-mapping.md
View File

@@ -1,5 +0,0 @@
Bugfix: Fix index mapping
The index mapping was not being used because we were not using the right blevesearch TypeField, leading to username like properties like `preferred_name` and `on_premises_sam_account_name` to be case sensitive.
https://github.com/owncloud/ocis/accounts/issues/73

6
accounts/changelog/0.2.0_2020-08-19/fix-indexing.md
View File

@@ -1,6 +0,0 @@
Change: Fix index update on create/update
We fixed a bug in creating/updating accounts and groups, that caused new entities not to show up in list queries.
https://github.com/owncloud/ocis/accounts/issues/57
https://github.com/owncloud/ocis/accounts/pull/59

7
accounts/changelog/0.2.0_2020-08-19/fix-int-queries.md
View File

@@ -1,7 +0,0 @@
Bugfix: use NewNumericRangeInclusiveQuery for numeric literals
Some LDAP properties like `uidnumber` and `gidnumber` are numeric. When an OS tries to look up a user it will not only try to lookup the user by username, but also by the `uidnumber`: `(&(objectclass=posixAccount)(uidnumber=20000))`. The accounts backend for glauth was sending that as a string query `uid_number eq '20000'` and has been changed to send it as `uid_number eq 20000`. The removed quotes allow the parser in ocis-accounts to identify the numeric literal and use the NewNumericRangeInclusiveQuery instead of a TermQuery.
https://github.com/owncloud/ocis-glauth/issues/28
https://github.com/owncloud/ocis/accounts/pull/68
https://github.com/owncloud/ocis-glauth/pull/29

5
accounts/changelog/0.2.0_2020-08-19/fix-segfault.md
View File

@@ -1,5 +0,0 @@
Bugfix: Prevent segfault when no password is set
Passwords are stored in a dedicated child struct of an account. We fixed several segfault conditions where the methods would try to unset a password when that child struct was not existing.
https://github.com/owncloud/ocis/accounts/pull/65

5
accounts/changelog/0.2.0_2020-08-19/fix-update.md
View File

@@ -1,5 +0,0 @@
Bugfix: Update account return value not used
In order to return a value using the micro go code we need to override the `out` value.
https://github.com/owncloud/ocis/accounts/pull/70

6
accounts/changelog/0.2.0_2020-08-19/pass-correct-logger.md
View File

@@ -1,6 +0,0 @@
Change: pass around the correct logger throughout the code
Pass around the logger to have consistent log formatting, log level, etc.
https://github.com/owncloud/ocis/accounts/issues/41
https://github.com/owncloud/ocis/accounts/pull/48

7
accounts/changelog/0.2.0_2020-08-19/remove-timezone-setting.md
View File

@@ -1,7 +0,0 @@
Change: Remove timezone setting
We had a timezone setting in our profile settings bundle. As we're not dealing with a timezone yet
it would be confusing for the user to have a timezone setting available. We removed it, until we
have a timezone implementation available in ocis-web.
https://github.com/owncloud/ocis/accounts/pull/33

5
accounts/changelog/0.2.0_2020-08-19/tighten-screws.md
View File

@@ -1,5 +0,0 @@
Change: Tighten screws on usernames and email addresses
In order to match accounts to the OIDC claims we currently rely on the email address or username to be present. We force both to match the [W3C recommended regex](https://www.w3.org/TR/2016/REC-html51-20161101/sec-forms.html#valid-e-mail-address) with usernames having to start with a character or `_`. This allows the username to be presented and used in ACLs when integrating the os with the glauth LDAP service of ocis.
https://github.com/owncloud/ocis/accounts/pull/65

5
accounts/changelog/0.2.0_2020-08-19/update-accounts-api.md
View File

@@ -1,5 +0,0 @@
Enhancement: Update accounts API
We updated the api to allow fetching users not onyl by UUID, but also by identity (OpenID issuer and subject) email, username and optionally a password.
https://github.com/owncloud/ocis/accounts/pull/30

5
accounts/changelog/0.2.0_2020-08-19/use-alpine-latest.md
View File

@@ -1,5 +0,0 @@
Bugfix: build docker images with alpine:latest instead of alpine:edge
ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.
https://github.com/owncloud/ocis/accounts/pull/64

5
accounts/changelog/0.2.0_2020-08-19/user-listing-ui.md
View File

@@ -1,5 +0,0 @@
Enhancement: Add simple user listing UI
We added an extension for ocis-web that shows a simple list of all existing users.
https://github.com/owncloud/ocis/accounts/pull/51

6
accounts/changelog/0.3.0_2020-08-20/adapt-to-settings-data-model.md
View File

@@ -1,6 +0,0 @@
Change: Adapt to new ocis-settings data model
ocis-settings introduced UUIDs and less verbose endpoint and message type names. This PR adjusts ocis-accounts accordingly.
https://github.com/owncloud/ocis/accounts/pull/87
https://github.com/owncloud/ocis/settings/pull/46

6
accounts/changelog/0.3.0_2020-08-20/add-language-permissions-to-default-roles.md
View File

@@ -1,6 +0,0 @@
Change: Add permissions for language to default roles
ocis-settings has default roles and exposes the respective bundle uuids. We now added
permissions for reading/writing the preferred language to the default roles.
https://github.com/owncloud/ocis/accounts/pull/88

5
accounts/changelog/0.3.0_2020-08-20/atomic-requests.md
View File

@@ -1,5 +0,0 @@
Bugfix: Atomic Requests
Operations on the file system level are now atomic. This happens only on the provisioning API.
https://github.com/owncloud/ocis/accounts/pull/82

5
accounts/changelog/0.3.0_2020-08-20/fix-prefix-query.md
View File

@@ -1,5 +0,0 @@
Bugfix: Unescape value for prefix query
Prefix queries also need to unescape token values like `'some ''ol string'` to `some 'ol string` before using it in a prefix query
https://github.com/owncloud/ocis/accounts/pull/76

7
accounts/changelog/0.4.0_2020-08-20/select-role-in-ui.md
View File

@@ -1,7 +0,0 @@
Change: Add role selection to accounts UI
We added a role selection dropdown for each account in the accounts UI. As a first iteration, this doesn't
require account management permissions.
https://github.com/owncloud/product/issues/103
https://github.com/owncloud/ocis/accounts/pull/89

5
accounts/changelog/0.4.1_2020-08-27/assign_role.md
View File

@@ -1,5 +0,0 @@
Change: Create account api-call implicitly adds "default-user" role
When calling CreateAccount default-user-role is implicitly added.
https://github.com/owncloud/product/issues/173

5
accounts/changelog/0.4.1_2020-08-27/new-settings-api
View File

@@ -1,5 +0,0 @@
Bugfix: Adapting to new settings API for fetching roles
We fixed the usage of the ocis-settings endpoint for fetching roles.
https://github.com/owncloud/ocis/accounts/pull/96

53
accounts/changelog/CHANGELOG.tmpl
View File

@@ -1,53 +0,0 @@
{{ $allVersions := . }}
{{- range $index, $changes := . }}{{ with $changes -}}
{{ if gt (len $allVersions) 1 -}}
# Changelog for [{{ .Version }}] ({{ .Date }})
The following sections list the changes in ocis-accounts {{ .Version }}.
{{/* creating version compare links */ -}}
{{ $next := add1 $index -}}
{{ if ne (len $allVersions) $next -}}
{{ $previousVersion := (index $allVersions $next).Version -}}
{{ if eq .Version "unreleased" -}}
[{{ .Version }}]: https://github.com/owncloud/ocis/accounts/compare/v{{ $previousVersion }}...master
{{ else -}}
[{{ .Version }}]: https://github.com/owncloud/ocis/accounts/compare/v{{ $previousVersion }}...v{{ .Version }}
{{ end -}}
{{ end -}}
{{- /* last version managed by calens, end of the loop */ -}}
{{ if eq .Version "0.1.0" -}}
[{{ .Version }}]: https://github.com/owncloud/ocis/accounts/compare/500e303cb544ed93d84153f01219d77eeee44929...v{{ .Version }}
{{ end -}}
{{ else -}}
# Changes in {{ .Version }}
{{ end -}}
## Summary
{{ range $entry := .Entries }}{{ with $entry }}
* {{ .Type }} - {{ .Title }}: [#{{ .PrimaryID }}]({{ .PrimaryURL }})
{{- end }}{{ end }}
## Details
{{ range $entry := .Entries }}{{ with $entry }}
* {{ .Type }} - {{ .Title }}: [#{{ .PrimaryID }}]({{ .PrimaryURL }})
{{ range $par := .Paragraphs }}
{{ wrapIndent $par 80 3 }}
{{ end -}}
{{ range $url := .IssueURLs }}
{{ $url -}}
{{ end -}}
{{ range $url := .PRURLs }}
{{ $url -}}
{{ end -}}
{{ range $url := .OtherURLs }}
{{ $url -}}
{{ end }}
{{ end }}{{ end -}}
{{ end }}{{ end -}}

6
accounts/changelog/README.md
View File

@@ -1,6 +0,0 @@
# Changelog
We are using [calens](https://github.com/restic/calens) to properly generate a
changelog before we are tagging a new release. To get an idea how this could
look like <https://github.com/restic/restic/tree/master/changelog> would be the
best reference.

11
accounts/changelog/TEMPLATE
View File

@@ -1,11 +0,0 @@
Bugfix: Fix behavior for foobar (in present tense)
We've fixed the behavior for foobar, a long-standing annoyance for users. The
text should be wrapped at 80 characters length.
The text in the paragraphs is written in past tense. The last section is a list
of issue URLs, PR URLs and other URLs. The first issue ID (or the first PR ID,
in case there aren't any issue links) is used as the primary ID.
https://github.com/owncloud/ocis/accounts/issues/1234
https://github.com/owncloud/ocis/accounts/pull/55555

0
accounts/changelog/unreleased/.keep
View File

6
accounts/changelog/unreleased/add-create-form.md
View File

@@ -1,6 +0,0 @@
Enhancement: Add create account form
We've added a form to create new users above the accounts list.
https://github.com/owncloud/product/issues/148
https://github.com/owncloud/ocis/accounts/pull/115

6
accounts/changelog/unreleased/add-delete-action.md
View File

@@ -1,6 +0,0 @@
Enhancement: Add delete accounts action
We've added an action into the actions dropdown to enable admins to delete users.
https://github.com/owncloud/product/issues/148
https://github.com/owncloud/ocis/accounts/pull/115

6
accounts/changelog/unreleased/add-enable-disable-ui.md
View File

@@ -1,6 +0,0 @@
Enhancement: Add enable/disable capabilities to the WebUI
We've added batch actions into the accounts listing to provide options to enable and disable accounts.
https://github.com/owncloud/product/issues/118
https://github.com/owncloud/ocis/accounts/pull/109

5
accounts/changelog/unreleased/builtin-regular-users.md
View File

@@ -1,5 +0,0 @@
Change: Set user role on builtin users
We now set the default `user` role on our builtin users.
https://github.com/owncloud/ocis/accounts/pull/102

7
accounts/changelog/unreleased/change-hashing-algorithm.md
View File

@@ -1,7 +0,0 @@
Change: Use bcrypt to hash the user passwords
Change the hashing algorithm from SHA-512 to bcrypt since the latter is better suitable for password hashing.
This is a breaking change. Existing deployments need to regenerate the accounts folder.
https://github.com/owncloud/ocis/issues/510

6
accounts/changelog/unreleased/fix-role-service-grpc.md
View File

@@ -1,6 +0,0 @@
Bugfix: initialize roleService client in GRPC server
We fixed the initialization of the GRPC server by also providing a roleService client and a roleManager instance.
https://github.com/owncloud/ocis/accounts/pull/114

6
accounts/changelog/unreleased/improve-accounts-ui.md
View File

@@ -1,6 +0,0 @@
Enhancement: Improve visual appearance of accounts UI
We aligned the visual appearance of the accounts UI with default ocis-web apps (full width, style of batch actions), added icons to buttons, extracted the buttons from the batch actions dropdown into individual buttons, improved the wording added a confirmation widget for the user deletion and removed the uid and gid columns.
https://github.com/owncloud/product/issues/222
https://github.com/owncloud/ocis/accounts/pull/116

5
accounts/changelog/unreleased/new-admin-user.md
View File

@@ -1,5 +0,0 @@
Change: Add new builtin admin user
We added a new builtin user `moss` and assigned the admin role.
https://github.com/owncloud/ocis/accounts/pull/102

10
accounts/changelog/unreleased/single-service-handler.md
View File

@@ -1,10 +0,0 @@
Bugfix: Cleanup separated indices in memory
The accounts service was creating a bleve index instance in the service handler, thus creating separate in memory indices for the http and grpc servers. We moved the service handler creation out of the server creation so that the service handler, thus also the bleve index, is a shared instance of the servers.
This fixes a bug that accounts created through the web ui were not able to sign in until a service restart.
https://github.com/owncloud/product/issues/224
https://github.com/owncloud/ocis/accounts/pull/117
https://github.com/owncloud/ocis/accounts/pull/118

5
accounts/changelog/unreleased/unique-account-fields
View File

@@ -1,5 +0,0 @@
Bugfix: Don't create account if id/mail/username already taken
We don't allow anymore to create a new account if the provided id/mail/username is already taken.
https://github.com/owncloud/ocis/accounts/pull/123

5
accounts/changelog/unreleased/use-roles-cache.md
View File

@@ -1,5 +0,0 @@
Change: We make use of the roles cache to enforce permission checks
The roles cache and its cache update middleware are used to make permission checks possible. The permission checks take place in the accounts handler.
https://github.com/owncloud/ocis/accounts/pull/100

7
accounts/changelog/unreleased/use-roles-manager.md
View File

@@ -1,7 +0,0 @@
Change: We make use of the roles manager to enforce permission checks
The roles cache and its cache update middleware have been replaced with a roles manager in ocis-pkg/v2. We've switched
over to the new roles manager implementation, to prepare for permission checks on grpc requests as well.
https://github.com/owncloud/ocis/accounts/pull/108
https://github.com/owncloud/ocis-pkg/pull/60

13
accounts/cmd/ocis-accounts/main.go
View File

@@ -1,13 +0,0 @@
package main
import (
"os"
"github.com/owncloud/ocis/accounts/pkg/command"
)
func main() {
if err := command.Execute(); err != nil {
os.Exit(1)
}
}

19
accounts/docker/Dockerfile.linux.amd64
View File

@@ -1,19 +0,0 @@
FROM amd64/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS Accounts" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9180
ENTRYPOINT ["/usr/bin/ocis-accounts"]
CMD ["server"]
COPY bin/ocis-accounts /usr/bin/ocis-accounts

19
accounts/docker/Dockerfile.linux.arm
View File

@@ -1,19 +0,0 @@
FROM arm32v6/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS Accounts" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9180
ENTRYPOINT ["/usr/bin/ocis-accounts"]
CMD ["server"]
COPY bin/ocis-accounts /usr/bin/ocis-accounts

19
accounts/docker/Dockerfile.linux.arm64
View File

@@ -1,19 +0,0 @@
FROM arm64v8/alpine:latest
RUN apk update && \
apk upgrade && \
apk add ca-certificates mailcap && \
rm -rf /var/cache/apk/* && \
echo 'hosts: files dns' >| /etc/nsswitch.conf
LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
org.label-schema.name="oCIS Accounts" \
org.label-schema.vendor="ownCloud GmbH" \
org.label-schema.schema-version="1.0"
EXPOSE 9180
ENTRYPOINT ["/usr/bin/ocis-accounts"]
CMD ["server"]
COPY bin/ocis-accounts /usr/bin/ocis-accounts

22
accounts/docker/manifest.tmpl
View File

@@ -1,22 +0,0 @@
image: owncloud/ocis-accounts:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
{{#if build.tags}}
tags:
{{#each build.tags}}
- {{this}}
{{/each}}
{{/if}}
manifests:
- image: owncloud/ocis-accounts:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
platform:
architecture: amd64
os: linux
- image: owncloud/ocis-accounts:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
platform:
architecture: arm64
variant: v8
os: linux
- image: owncloud/ocis-accounts:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm
platform:
architecture: arm
variant: v6
os: linux

21
accounts/docs/_index.md
View File

@@ -1,21 +0,0 @@
---
title: Accounts
date: 2018-05-02T00:00:00+00:00
weight: 10
geekdocRepo: https://github.com/owncloud/ocis-accounts
geekdocEditPath: edit/master/docs
geekdocFilePath: _index.md
---
[![GitHub](https://img.shields.io/github/license/owncloud/ocis-hello)](https://github.com/owncloud/ocis-hello/blob/master/LICENSE)
## Abstract
OCIS needs to be able to identify users. Whithout a non reassignable and persistend account ID share metadata cannot be reliably persisted. `ocis-accounts` allows exchanging oidc claims for a uuid. Using a uuid allows users to change the login, mail or even openid connect provider without breaking any persisted metadata that might have been attached to it.
- persists accounts
- uses graph api properties
-ldap can be synced using the onpremise* attributes
## Table of Contents
{{< toc-tree >}}

28
accounts/docs/building.md
View File

@@ -1,28 +0,0 @@
---
title: "Building"
date: 2018-05-02T00:00:00+00:00
weight: 30
geekdocRepo: https://github.com/owncloud/ocis-accounts
geekdocEditPath: edit/master/docs
geekdocFilePath: building.md
---
{{< toc >}}
As this project is built with Go, so you need to install that first. The installation of Go is out of the scope of this document, please follow the official documentation for [Go](https://golang.org/doc/install), to build this project you have to install Go >= v1.13. After the installation of the required tools you need to get the sources:
{{< highlight txt >}}
git clone https://github.com/owncloud/ocis-accounts.git
cd ocis-accounts
{{< / highlight >}}
All required tool besides Go itself and make are bundled or getting automatically installed within the `GOPATH`. All commands to build this project are part of our `Makefile`.
## Backend
{{< highlight txt >}}
make generate
make build
{{< / highlight >}}
Finally you should have the binary within the `bin/` folder now, give it a try with `./bin/ocis-accounts -h` to see all available options and subcommands.

84
accounts/docs/configuration.md
View File

@@ -1,84 +0,0 @@
---
title: "Configuration"
date: "2020-07-01T11:10:52+0200"
weight: 20
geekdocRepo: https://github.com/owncloud/ocis-reva
geekdocEditPath: edit/master/docs
geekdocFilePath: configuration.md
---
{{< toc >}}
## Configuration
oCIS Single Binary is not responsible for configuring extensions. Instead, each extension could either be configured by environment variables, cli flags or config files.
Each extension has its dedicated documentation page (e.g. https://owncloud.github.io/extensions/ocis_proxy/configuration) which lists all possible configurations. Config files and environment variables are picked up if you use the `./bin/ocis server` command within the oCIS single binary. Command line flags must be set explicitly on the extensions subcommands.
### Configuration using config files
Out of the box extensions will attempt to read configuration details from:
```console
/etc/ocis
$HOME/.ocis
./config
```
For this configuration to be picked up, have a look at your extension `root` command and look for which default config name it has assigned. *i.e: ocis-proxy reads `proxy.json | yaml | toml ...`*.
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/tree/master/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/ocis.yml`, `${HOME}/.ocis/ocis.yml` or `$(pwd)/config/ocis.yml`.
### Envrionment variables
If you prefer to configure the service with environment variables you can see the available variables below.
### Commandline flags
If you prefer to configure the service with commandline flags you can see the available variables below. Command line flags are only working when calling the subcommand directly.
### ocis-reva server
Start ocis accounts service
Usage: `ocis-reva server [command options] [arguments...]`
--http-namespace | $ACCOUNTS_HTTP_NAMESPACE
: Set the base namespace for the http namespace. Default: `com.owncloud.web`.
--http-addr | $ACCOUNTS_HTTP_ADDR
: Address to bind http server. Default: `localhost:9181`.
--http-root | $ACCOUNTS_HTTP_ROOT
: Root path of http server. Default: `/`.
--grpc-namespace | $ACCOUNTS_GRPC_NAMESPACE
: Set the base namespace for the grpc namespace. Default: `com.owncloud.api`.
--grpc-addr | $ACCOUNTS_GRPC_ADDR
: Address to bind grpc server. Default: `localhost:9180`.
--name | $ACCOUNTS_NAME
: service name. Default: `accounts`.
--accounts-data-path | $ACCOUNTS_DATA_PATH
: accounts folder. Default: `/var/tmp/ocis-accounts`.
--asset-path | $HELLO_ASSET_PATH
: Path to custom assets.
### ocis-reva ocis-accounts
Provide accounts and groups for oCIS
Usage: `ocis-reva ocis-accounts [command options] [arguments...]`
--log-level | $ACCOUNTS_LOG_LEVEL
: Set logging level. Default: `info`.
--log-pretty | $ACCOUNTS_LOG_PRETTY
: Enable pretty logging. Default: `true`.
--log-color | $ACCOUNTS_LOG_COLOR
: Enable colored logging. Default: `true`.

61
accounts/docs/getting-started.md
View File

@@ -1,61 +0,0 @@
---
title: "Getting Started"
date: 2018-05-02T00:00:00+00:00
weight: 20
geekdocRepo: https://github.com/owncloud/ocis-accounts
geekdocEditPath: edit/master/docs
geekdocFilePath: getting-started.md
---
{{< toc >}}
## Installation
So far we are offering two different variants for the installation. You can choose between [Docker](https://www.docker.com/) or pre-built binaries which are stored on our download mirrors and GitHub releases. Maybe we will also provide system packages for the major distributions later if we see the need for it.
### Docker
TBD
### Binaries
TBD
## Configuration
We provide overall three different variants of configuration. The variant based on environment variables and commandline flags are split up into global values and command-specific values.
### Envrionment variables
If you prefer to configure the service with environment variables you can see the available variables below.
#### Server
OCIS_ACCOUNTS_NAME
: Name of the accounts service. It will be part of the namespace.
OCIS_ACCOUNTS_NAMESPACE
: Namespace of the accounts service.
OCIS_ACCOUNTS_ADDRESS
: Endpoint for the grpc service endpoint.
### Commandline flags
If you prefer to configure the service with commandline flags you can see the available variables below.
### Configuration file
So far we support the file formats `JSON` and `YAML`, if you want to get a full example configuration just take a look at [our repository](https://github.com/owncloud/ocis/accounts/tree/master/pkg/config), there you can always see the latest configuration format. These example configurations include all available options and the default values. The configuration file will be automatically loaded if it's placed at `/etc/ocis/accounts.yml`, `${HOME}/.ocis/accounts.yml` or `$(pwd)/config/accounts.yml`.
## Usage
The program provides a few sub-commands on execution. The available configuration methods have already been mentioned above. Generally you can always see a formated help output if you execute the binary via `ocis-accounts --help`.
### Server
The server command is used to start the grpc server. For further help please execute:
{{< highlight txt >}}
ocis-accounts server --help
{{< / highlight >}}

33
accounts/go.mod
View File

@@ -1,33 +0,0 @@
module github.com/owncloud/ocis/accounts
go 1.13
require (
github.com/CiscoM31/godata v0.0.0-20191007193734-c2c4ebb1b415
github.com/blevesearch/bleve v1.0.9
github.com/go-chi/chi v4.1.2+incompatible
github.com/go-chi/render v1.0.1
github.com/gofrs/uuid v3.3.0+incompatible
github.com/golang/protobuf v1.4.2
github.com/mennanov/fieldmask-utils v0.3.2
github.com/micro/cli/v2 v2.1.2
github.com/micro/go-micro/v2 v2.9.1
github.com/oklog/run v1.1.0
github.com/olekukonko/tablewriter v0.0.4
github.com/owncloud/ocis/ocis-pkg v0.0.0-20200918114005-1a0ddd2190ee
github.com/owncloud/ocis/settings v0.0.0-20200918114005-1a0ddd2190ee
github.com/restic/calens v0.2.0
github.com/rs/zerolog v1.19.0
github.com/spf13/viper v1.7.0
github.com/stretchr/testify v1.6.1
golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a
golang.org/x/net v0.0.0-20200822124328-c89045814202
google.golang.org/genproto v0.0.0-20200624020401-64a14ca9d1ad
google.golang.org/protobuf v1.25.0
)
replace (
github.com/owncloud/ocis/ocis-pkg => ../ocis-pkg
github.com/owncloud/ocis/settings => ../settings
google.golang.org/grpc => google.golang.org/grpc v1.26.0
)

2129
accounts/go.sum
View File

File diff suppressed because it is too large Load Diff

11
accounts/nightwatch.conf.js
View File

@@ -1,11 +0,0 @@
const path = require('path')
const PHOENIX_PATH = process.env.PHOENIX_PATH
const config = require(path.join(PHOENIX_PATH, 'nightwatch.conf.js'))
config.page_objects_path = [PHOENIX_PATH + '/tests/acceptance/pageObjects', 'ui/tests/acceptance/pageobjects']
config.custom_commands_path = PHOENIX_PATH + '/tests/acceptance/customCommands'
module.exports = {
...config
}

83
accounts/package.json
View File

@@ -1,83 +0,0 @@
{
"private": true,
"name": "ocis-accounts",
"version": "0.0.0",
"description": "",
"homepage": "https://github.com/owncloud/ocis-accounts#readme",
"license": "Apache-2.0",
"author": "ownCloud GmbH <devops@owncloud.com>",
"repository": "https://github.com/owncloud/ocis-accounts.git",
"bugs": {
"url": "https://github.com/owncloud/ocis/accounts/issues",
"email": "support@owncloud.com"
},
"scripts": {
"lint": "eslint ui/**/*.vue ui/**/*.js --color --global requirejs --global require",
"build": "rollup -c",
"watch": "rollup -c -w",
"test": "echo 'Not implemented'",
"generate-api": "node node_modules/swagger-vue-generator/bin/generate-api.js --package-version v0 --source pkg/proto/v0/accounts.swagger.json --moduleName accounts --destination ui/client/accounts/index.js",
"acceptance-tests": "cucumber-js --require-module @babel/register --require-module @babel/polyfill --require ${TEST_INFRA_DIRECTORY}/acceptance/setup.js --require ui/tests/acceptance/stepDefinitions --require ${TEST_INFRA_DIRECTORY}/acceptance/stepDefinitions --format node_modules/cucumber-pretty -t \"${TEST_TAGS:-not @skip and not @skipOnOC10}\""
},
"devDependencies": {
"@babel/core": "^7.7.7",
"@babel/plugin-proposal-class-properties": "^7.7.4",
"@babel/plugin-proposal-export-default-from": "^7.7.4",
"@babel/plugin-proposal-object-rest-spread": "^7.7.7",
"@babel/plugin-syntax-dynamic-import": "^7.7.4",
"@babel/plugin-transform-runtime": "^7.8.0",
"@babel/polyfill": "^7.10.1",
"@babel/preset-env": "^7.7.7",
"@babel/register": "7.10.1",
"@erquhart/rollup-plugin-node-builtins": "^2.1.5",
"@rollup/plugin-commonjs": "^11.0.1",
"@rollup/plugin-json": "^4.0.1",
"@rollup/plugin-replace": "^2.3.0",
"archiver": "^4.0.1",
"axios": "^0.19.0",
"core-js": "3",
"cross-env": "^6.0.3",
"cucumber": "^6.0.5",
"cucumber-pretty": ">=6.0.0",
"debounce": "^1.2.0",
"easygettext": "^2.7.0",
"eslint": "6.8.0",
"eslint-config-standard": "^14.1.0",
"eslint-plugin-import": "^2.17.3",
"eslint-plugin-node": "11.0.0",
"eslint-plugin-promise": "^4.1.1",
"eslint-plugin-standard": "^4.0.0",
"eslint-plugin-vue": "^6.1.2",
"fs-extra": "^9.0.1",
"join-path": "^1.1.1",
"ldap": "^0.7.1",
"nightwatch": "^1.3.6",
"nightwatch-api": "^3.0.1",
"node-fetch": "^2.6.1",
"qs": "^6.9.1",
"rimraf": "^3.0.0",
"rollup": "^1.28.0",
"rollup-plugin-babel": "^4.3.3",
"rollup-plugin-eslint": "^7.0.0",
"rollup-plugin-filesize": "^6.2.1",
"rollup-plugin-node-globals": "^1.4.0",
"rollup-plugin-node-resolve": "^5.2.0",
"rollup-plugin-terser": "^5.1.3",
"rollup-plugin-vue": "^5.1.4",
"swagger-vue-generator": "^1.0.6",
"url-search-params-polyfill": "^8.1.0",
"vue-template-compiler": "^2.6.11",
"vuex": "^3.5.1",
"xml-js": "^1.6.11"
},
"browserslist": [
"> 1%",
"not dead"
],
"peerDependencies": {
"owncloud-design-system": "^1.7.0"
},
"dependencies": {
"validator": "^13.1.1"
}
}

66
accounts/pkg/assets/assets.go
View File

@@ -1,66 +0,0 @@
package assets
import (
"net/http"
"os"
"path"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
// Fake the import to make the dep tree happy.
_ "golang.org/x/net/context"
// Fake the import to make the dep tree happy.
_ "golang.org/x/net/webdav"
)
//go:generate go run github.com/UnnoTed/fileb0x embed.yml
// assets gets initialized by New and provides the handler.
type assets struct {
logger log.Logger
config *config.Config
}
// Open just implements the HTTP filesystem interface.
func (a assets) Open(original string) (http.File, error) {
if a.config.Asset.Path != "" {
if stat, err := os.Stat(a.config.Asset.Path); err == nil && stat.IsDir() {
custom := path.Join(
a.config.Asset.Path,
original,
)
if _, err := os.Stat(custom); !os.IsNotExist(err) {
f, err := os.Open(custom)
if err != nil {
return nil, err
}
return f, nil
}
} else {
a.logger.Warn().
Str("path", a.config.Asset.Path).
Msg("Assets directory doesn't exist")
}
}
return FS.OpenFile(
CTX,
original,
os.O_RDONLY,
0644,
)
}
// New returns a new http filesystem to serve assets.
func New(opts ...Option) http.FileSystem {
options := newOptions(opts...)
return assets{
config: options.Config,
}
}

173
accounts/pkg/assets/embed.go
View File

File diff suppressed because one or more lines are too long

17
accounts/pkg/assets/embed.yml
View File

@@ -1,17 +0,0 @@
---
pkg: "assets"
dest: "."
output: "embed.go"
fmt: true
noprefix: true
compression:
compress: true
custom:
- files:
- "../../assets/"
base: "../../assets/"
prefix: ""
...

40
accounts/pkg/assets/option.go
View File

@@ -1,40 +0,0 @@
package assets
import (
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
)
// Option defines a single option function.
type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Logger log.Logger
Config *config.Config
}
// newOptions initializes the available default options.
func newOptions(opts ...Option) Options {
opt := Options{}
for _, o := range opts {
o(&opt)
}
return opt
}
// Logger provides a function to set the logger option.
func Logger(val log.Logger) Option {
return func(o *Options) {
o.Logger = val
}
}
// Config provides a function to set the config option.
func Config(val *config.Config) Option {
return func(o *Options) {
o.Config = val
}
}

56
accounts/pkg/command/add_account.go
View File

@@ -1,56 +0,0 @@
package command
import (
"fmt"
"github.com/micro/cli/v2"
"github.com/micro/go-micro/v2/client/grpc"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
)
// AddAccount command creates a new account
func AddAccount(cfg *config.Config) *cli.Command {
a := &accounts.Account{
PasswordProfile: &accounts.PasswordProfile{},
}
return &cli.Command{
Name: "add",
Usage: "Create a new account",
Aliases: []string{"create", "a"},
Flags: flagset.AddAccountWithConfig(cfg, a),
Before: func(c *cli.Context) error {
// Write value of username to the flags beneath, as preferred name
// and on-premises-sam-account-name is probably confusing for users.
if username := c.String("username"); username != "" {
if !c.IsSet("on-premises-sam-account-name") {
if err := c.Set("on-premises-sam-account-name", username); err != nil {
return err
}
}
if !c.IsSet("preferred-name") {
if err := c.Set("preferred-name", username); err != nil {
return err
}
}
}
return nil
},
Action: func(c *cli.Context) error {
accSvcID := cfg.GRPC.Namespace + "." + cfg.Server.Name
accSvc := accounts.NewAccountsService(accSvcID, grpc.NewClient())
_, err := accSvc.CreateAccount(c.Context, &accounts.CreateAccountRequest{
Account: a,
})
if err != nil {
fmt.Println(fmt.Errorf("could not create account %w", err))
return err
}
return nil
}}
}

76
accounts/pkg/command/inspect_account.go
View File

@@ -1,76 +0,0 @@
package command
import (
"fmt"
"github.com/micro/cli/v2"
"github.com/micro/go-micro/v2/client/grpc"
tw "github.com/olekukonko/tablewriter"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
"os"
"strconv"
)
// InspectAccount command shows detailed information about a specific account.
func InspectAccount(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "inspect",
Usage: "Show detailed data on an existing account",
ArgsUsage: "id",
Flags: flagset.InspectAccountWithConfig(cfg),
Action: func(c *cli.Context) error {
accServiceID := cfg.GRPC.Namespace + "." + cfg.Server.Name
if c.NArg() != 1 {
fmt.Println("Please provide a user-id")
os.Exit(1)
}
uid := c.Args().First()
accSvc := accounts.NewAccountsService(accServiceID, grpc.NewClient())
acc, err := accSvc.GetAccount(c.Context, &accounts.GetAccountRequest{
Id: uid,
})
if err != nil {
fmt.Println(fmt.Errorf("could not view account %w", err))
return err
}
buildAccountInspectTable(acc).Render()
return nil
}}
}
func buildAccountInspectTable(acc *accounts.Account) *tw.Table {
table := tw.NewWriter(os.Stdout)
table.SetAutoMergeCells(true)
table.AppendBulk([][]string{
{"ID", acc.Id},
{"Mail", acc.Mail},
{"DisplayName", acc.DisplayName},
{"PreferredName", acc.PreferredName},
{"AccountEnabled", strconv.FormatBool(acc.AccountEnabled)},
{"CreationType", acc.CreationType},
{"CreatedDateTime", acc.CreatedDateTime.String()},
{"Description", acc.Description},
{"ExternalUserState", acc.ExternalUserState},
{"UidNumber", fmt.Sprintf("%+d", acc.UidNumber)},
{"GidNumber", fmt.Sprintf("%+d", acc.GidNumber)},
{"IsResourceAccount", strconv.FormatBool(acc.IsResourceAccount)},
{"OnPremisesDistinguishedName", acc.OnPremisesDistinguishedName},
{"OnPremisesDomainName", acc.OnPremisesDomainName},
{"OnPremisesImmutableId", acc.OnPremisesImmutableId},
{"OnPremisesSamAccountName", acc.OnPremisesSamAccountName},
{"OnPremisesSecurityIdentifier", acc.OnPremisesSecurityIdentifier},
{"OnPremisesUserPrincipalName", acc.OnPremisesUserPrincipalName},
{"RefreshTokenValidFromDateTime", acc.RefreshTokensValidFromDateTime.String()},
})
// Merged cell with group memberships
for k := range acc.MemberOf {
table.Append([]string{"MemberOf", acc.MemberOf[k].DisplayName})
}
return table
}

50
accounts/pkg/command/list_accounts.go
View File

@@ -1,50 +0,0 @@
package command
import (
"fmt"
"github.com/micro/cli/v2"
"github.com/micro/go-micro/v2/client/grpc"
tw "github.com/olekukonko/tablewriter"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
"os"
"strconv"
)
// ListAccounts command lists all accounts
func ListAccounts(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "list",
Usage: "List existing accounts",
Aliases: []string{"ls"},
Flags: flagset.ListAccountsWithConfig(cfg),
Action: func(c *cli.Context) error {
accSvcID := cfg.GRPC.Namespace + "." + cfg.Server.Name
accSvc := accounts.NewAccountsService(accSvcID, grpc.NewClient())
resp, err := accSvc.ListAccounts(c.Context, &accounts.ListAccountsRequest{})
if err != nil {
fmt.Println(fmt.Errorf("could not list accounts %w", err))
return err
}
buildAccountsListTable(resp.Accounts).Render()
return nil
}}
}
// buildAccountsListTable creates an ascii table for printing on the cli
func buildAccountsListTable(accs []*accounts.Account) *tw.Table {
table := tw.NewWriter(os.Stdout)
table.SetHeader([]string{"Id", "DisplayName", "Mail", "AccountEnabled"})
table.SetAutoFormatHeaders(false)
for _, acc := range accs {
table.Append([]string{
acc.Id,
acc.DisplayName,
acc.Mail,
strconv.FormatBool(acc.AccountEnabled)})
}
return table
}

39
accounts/pkg/command/remove_account.go
View File

@@ -1,39 +0,0 @@
package command
import (
"fmt"
"github.com/micro/cli/v2"
"github.com/micro/go-micro/v2/client/grpc"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
"os"
)
// RemoveAccount command deletes an existing account.
func RemoveAccount(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "remove",
Usage: "Removes an existing account",
ArgsUsage: "id",
Aliases: []string{"rm"},
Flags: flagset.RemoveAccountWithConfig(cfg),
Action: func(c *cli.Context) error {
accServiceID := cfg.GRPC.Namespace + "." + cfg.Server.Name
if c.NArg() != 1 {
fmt.Println("Please provide a user-id")
os.Exit(1)
}
uid := c.Args().First()
accSvc := accounts.NewAccountsService(accServiceID, grpc.NewClient())
_, err := accSvc.DeleteAccount(c.Context, &accounts.DeleteAccountRequest{Id: uid})
if err != nil {
fmt.Println(fmt.Errorf("could not delete account %w", err))
return err
}
return nil
}}
}

117
accounts/pkg/command/root.go
View File

@@ -1,117 +0,0 @@
package command
import (
"os"
"strings"
"github.com/owncloud/ocis/accounts/pkg/flagset"
"github.com/micro/cli/v2"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/version"
"github.com/owncloud/ocis/ocis-pkg/log"
"github.com/spf13/viper"
)
var (
defaultConfigPaths = []string{"/etc/ocis", "$HOME/.ocis", "./config"}
defaultFilename = "accounts"
)
// Execute is the entry point for the ocis-accounts command.
func Execute() error {
cfg := config.New()
app := &cli.App{
Name: "ocis-accounts",
Version: version.String,
Usage: "Provide accounts and groups for oCIS",
Compiled: version.Compiled(),
Authors: []*cli.Author{
{
Name: "ownCloud GmbH",
Email: "support@owncloud.com",
},
},
Flags: flagset.RootWithConfig(cfg),
Before: func(c *cli.Context) error {
return ParseConfig(c, cfg)
},
Commands: []*cli.Command{
Server(cfg),
AddAccount(cfg),
UpdateAccount(cfg),
ListAccounts(cfg),
InspectAccount(cfg),
RemoveAccount(cfg),
},
}
cli.HelpFlag = &cli.BoolFlag{
Name: "help,h",
Usage: "Show the help",
}
cli.VersionFlag = &cli.BoolFlag{
Name: "version,v",
Usage: "Print the version",
}
return app.Run(os.Args)
}
// NewLogger initializes a service-specific logger instance.
func NewLogger(cfg *config.Config) log.Logger {
return log.NewLogger(
log.Name("accounts"),
log.Level(cfg.Log.Level),
log.Pretty(cfg.Log.Pretty),
log.Color(cfg.Log.Color),
)
}
// ParseConfig loads accounts configuration from Viper known paths.
func ParseConfig(c *cli.Context, cfg *config.Config) error {
logger := NewLogger(cfg)
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
viper.SetEnvPrefix("ACCOUNTS")
viper.AutomaticEnv()
if c.IsSet("config-file") {
viper.SetConfigFile(c.String("config-file"))
} else {
viper.SetConfigName(defaultFilename)
for _, v := range defaultConfigPaths {
viper.AddConfigPath(v)
}
}
if err := viper.ReadInConfig(); err != nil {
switch err.(type) {
case viper.ConfigFileNotFoundError:
logger.Info().
Msg("Continue without config")
case viper.UnsupportedConfigError:
logger.Fatal().
Err(err).
Msg("Unsupported config type")
default:
logger.Fatal().
Err(err).
Msg("Failed to read config")
}
}
if err := viper.Unmarshal(&cfg); err != nil {
logger.Fatal().
Err(err).
Msg("Failed to parse config")
}
return nil
}

114
accounts/pkg/command/server.go
View File

@@ -1,114 +0,0 @@
package command
import (
"context"
"os"
"os/signal"
"strings"
"github.com/micro/cli/v2"
"github.com/oklog/run"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
"github.com/owncloud/ocis/accounts/pkg/metrics"
"github.com/owncloud/ocis/accounts/pkg/server/grpc"
"github.com/owncloud/ocis/accounts/pkg/server/http"
svc "github.com/owncloud/ocis/accounts/pkg/service/v0"
)
// Server is the entry point for the server command.
func Server(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "server",
Usage: "Start ocis accounts service",
Description: "uses an LDAP server as the storage backend",
Flags: flagset.ServerWithConfig(cfg),
Before: func(ctx *cli.Context) error {
if cfg.HTTP.Root != "/" {
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
}
// When running on single binary mode the before hook from the root command won't get called. We manually
// call this before hook from ocis command, so the configuration can be loaded.
return ParseConfig(ctx, cfg)
},
Action: func(c *cli.Context) error {
logger := NewLogger(cfg)
var (
gr = run.Group{}
ctx, cancel = context.WithCancel(context.Background())
mtrcs = metrics.New()
)
defer cancel()
handler, err := svc.New(svc.Logger(logger), svc.Config(cfg))
if err != nil {
logger.Fatal().Err(err).Msg("could not initialize service handler")
}
{
server := http.Server(
http.Logger(logger),
http.Name(cfg.Server.Name),
http.Context(ctx),
http.Config(cfg),
http.Metrics(mtrcs),
http.Flags(flagset.RootWithConfig(cfg)),
http.Flags(flagset.ServerWithConfig(cfg)),
http.Handler(handler),
)
gr.Add(server.Run, func(_ error) {
logger.Info().
Str("server", "http").
Msg("Shutting down server")
cancel()
})
}
{
server := grpc.Server(
grpc.Logger(logger),
grpc.Name(cfg.Server.Name),
grpc.Context(ctx),
grpc.Config(cfg),
grpc.Metrics(mtrcs),
grpc.Handler(handler),
)
gr.Add(func() error {
logger.Info().Str("service", server.Name()).Msg("Reporting settings bundles to settings service")
go svc.RegisterSettingsBundles(&logger)
go svc.RegisterPermissions(&logger)
return server.Run()
}, func(_ error) {
logger.Info().
Str("server", "grpc").
Msg("Shutting down server")
cancel()
})
}
{
stop := make(chan os.Signal, 1)
gr.Add(func() error {
signal.Notify(stop, os.Interrupt)
<-stop
return nil
}, func(err error) {
close(stop)
cancel()
})
}
return gr.Run()
},
}
}

87
accounts/pkg/command/update_account.go
View File

@@ -1,87 +0,0 @@
package command
import (
"errors"
"fmt"
"github.com/micro/cli/v2"
"github.com/micro/go-micro/v2/client/grpc"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/flagset"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
"google.golang.org/genproto/protobuf/field_mask"
)
// UpdateAccount command for modifying accounts including password policies
func UpdateAccount(cfg *config.Config) *cli.Command {
a := &accounts.Account{
PasswordProfile: &accounts.PasswordProfile{},
}
return &cli.Command{
Name: "update",
Usage: "Make changes to an existing account",
ArgsUsage: "id",
Flags: flagset.UpdateAccountWithConfig(cfg, a),
Before: func(c *cli.Context) error {
if len(c.StringSlice("password_policies")) > 0 {
// StringSliceFlag doesn't support Destination
a.PasswordProfile.PasswordPolicies = c.StringSlice("password_policies")
}
if c.NArg() != 1 {
return errors.New("missing account-id")
}
if c.NumFlags() == 0 {
return errors.New("missing attribute-flags for update")
}
return nil
},
Action: func(c *cli.Context) error {
a.Id = c.Args().First()
accSvcID := cfg.GRPC.Namespace + "." + cfg.Server.Name
accSvc := accounts.NewAccountsService(accSvcID, grpc.NewClient())
_, err := accSvc.UpdateAccount(c.Context, &accounts.UpdateAccountRequest{
Account: a,
UpdateMask: buildAccUpdateMask(c.FlagNames()),
})
if err != nil {
fmt.Println(fmt.Errorf("could not update account %w", err))
return err
}
return nil
}}
}
// buildAccUpdateMask by mapping passed update flags to account fieldNames.
//
// The UpdateMask is passed with the update-request to the server so that
// only the modified values are transferred.
func buildAccUpdateMask(setFlags []string) *field_mask.FieldMask {
var flagToPath = map[string]string{
"enabled": "AccountEnabled",
"displayname": "DisplayName",
"preferred-name": "PreferredName",
"uidnumber": "UidNumber",
"gidnumber": "GidNumber",
"mail": "Mail",
"description": "Description",
"password": "PasswordProfile.Password",
"password-policies": "PasswordProfile.PasswordPolicies",
"force-password-change": "PasswordProfile.ForceChangePasswordNextSignIn",
"force-password-change-mfa": "PasswordProfile.ForceChangePasswordNextSignInWithMfa",
"on-premises-sam-account-name": "OnPremisesSamAccountName",
}
updatedPaths := make([]string, 0)
for _, v := range setFlags {
if _, ok := flagToPath[v]; ok {
updatedPaths = append(updatedPaths, flagToPath[v])
}
}
return &field_mask.FieldMask{Paths: updatedPaths}
}

77
accounts/pkg/config/config.go
View File

@@ -1,77 +0,0 @@
// Package config should be moved to internal
package config
// LDAP defines the available ldap configuration.
type LDAP struct {
Hostname string
Port int
BaseDN string
UserFilter string
GroupFilter string
BindDN string
BindPassword string
IDP string
Schema LDAPSchema
}
// LDAPSchema defines the available ldap schema configuration.
type LDAPSchema struct {
AccountID string
Identities string
Username string
DisplayName string
Mail string
Groups string
}
// HTTP defines the available http configuration.
type HTTP struct {
Addr string
Namespace string
Root string
}
// GRPC defines the available grpc configuration.
type GRPC struct {
Addr string
Namespace string
}
// Server configures a server.
type Server struct {
Name string
AccountsDataPath string
}
// Asset defines the available asset configuration.
type Asset struct {
Path string
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string
}
// Log defines the available logging configuration.
type Log struct {
Level string
Pretty bool
Color bool
}
// Config merges all Account config parameters.
type Config struct {
LDAP LDAP
HTTP HTTP
GRPC GRPC
Server Server
Asset Asset
Log Log
TokenManager TokenManager
}
// New returns a new config.
func New() *Config {
return &Config{}
}

335
accounts/pkg/flagset/flagset.go
View File

@@ -1,335 +0,0 @@
package flagset
import (
"github.com/micro/cli/v2"
"github.com/owncloud/ocis/accounts/pkg/config"
accounts "github.com/owncloud/ocis/accounts/pkg/proto/v0"
)
// RootWithConfig applies cfg to the root flagset
func RootWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "log-level",
Value: "info",
Usage: "Set logging level",
EnvVars: []string{"ACCOUNTS_LOG_LEVEL"},
Destination: &cfg.Log.Level,
},
&cli.BoolFlag{
Value: true,
Name: "log-pretty",
Usage: "Enable pretty logging",
EnvVars: []string{"ACCOUNTS_LOG_PRETTY"},
Destination: &cfg.Log.Pretty,
},
&cli.BoolFlag{
Value: true,
Name: "log-color",
Usage: "Enable colored logging",
EnvVars: []string{"ACCOUNTS_LOG_COLOR"},
Destination: &cfg.Log.Color,
},
}
}
// ServerWithConfig applies cfg to the root flagset
func ServerWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "http-namespace",
Value: "com.owncloud.web",
Usage: "Set the base namespace for the http namespace",
EnvVars: []string{"ACCOUNTS_HTTP_NAMESPACE"},
Destination: &cfg.HTTP.Namespace,
},
&cli.StringFlag{
Name: "http-addr",
Value: "0.0.0.0:9181",
Usage: "Address to bind http server",
EnvVars: []string{"ACCOUNTS_HTTP_ADDR"},
Destination: &cfg.HTTP.Addr,
},
&cli.StringFlag{
Name: "http-root",
Value: "/",
Usage: "Root path of http server",
EnvVars: []string{"ACCOUNTS_HTTP_ROOT"},
Destination: &cfg.HTTP.Root,
},
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "grpc-addr",
Value: "0.0.0.0:9180",
Usage: "Address to bind grpc server",
EnvVars: []string{"ACCOUNTS_GRPC_ADDR"},
Destination: &cfg.GRPC.Addr,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
&cli.StringFlag{
Name: "accounts-data-path",
Value: "/var/tmp/ocis-accounts",
Usage: "accounts folder",
EnvVars: []string{"ACCOUNTS_DATA_PATH"},
Destination: &cfg.Server.AccountsDataPath,
},
&cli.StringFlag{
Name: "asset-path",
Value: "",
Usage: "Path to custom assets",
EnvVars: []string{"ACCOUNTS_ASSET_PATH"},
Destination: &cfg.Asset.Path,
},
&cli.StringFlag{
Name: "jwt-secret",
Value: "Pive-Fumkiu4",
Usage: "Used to create JWT to talk to reva, should equal reva's jwt-secret",
EnvVars: []string{"ACCOUNTS_JWT_SECRET"},
Destination: &cfg.TokenManager.JWTSecret,
},
}
}
// UpdateAccountWithConfig applies update command flags to cfg
func UpdateAccountWithConfig(cfg *config.Config, a *accounts.Account) []cli.Flag {
if a.PasswordProfile == nil {
a.PasswordProfile = &accounts.PasswordProfile{}
}
return []cli.Flag{
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
&cli.BoolFlag{
Name: "enabled",
Usage: "Enable the account",
Destination: &a.AccountEnabled,
},
&cli.StringFlag{
Name: "displayname",
Usage: "Set the displayname for the account",
Destination: &a.DisplayName,
},
&cli.StringFlag{
Name: "preferred-name",
Usage: "Set the preferred-name for the account",
Destination: &a.PreferredName,
},
&cli.StringFlag{
Name: "on-premises-sam-account-name",
Usage: "Set the on-premises-sam-account-name",
Destination: &a.OnPremisesSamAccountName,
},
&cli.Int64Flag{
Name: "uidnumber",
Usage: "Set the uidnumber for the account",
Destination: &a.UidNumber,
},
&cli.Int64Flag{
Name: "gidnumber",
Usage: "Set the gidnumber for the account",
Destination: &a.GidNumber,
},
&cli.StringFlag{
Name: "mail",
Usage: "Set the mail for the account",
Destination: &a.Mail,
},
&cli.StringFlag{
Name: "description",
Usage: "Set the description for the account",
Destination: &a.Description,
},
&cli.StringFlag{
Name: "password",
Usage: "Set the password for the account",
Destination: &a.PasswordProfile.Password,
// TODO read password from ENV?
},
&cli.StringSliceFlag{
Name: "password-policies",
Usage: "Possible policies: DisableStrongPassword, DisablePasswordExpiration",
},
&cli.BoolFlag{
Name: "force-password-change",
Usage: "Force password change on next sign-in",
Destination: &a.PasswordProfile.ForceChangePasswordNextSignIn,
},
&cli.BoolFlag{
Name: "force-password-change-mfa",
Usage: "Force password change on next sign-in with mfa",
Destination: &a.PasswordProfile.ForceChangePasswordNextSignInWithMfa,
},
}
}
// AddAccountWithConfig applies create command flags to cfg
func AddAccountWithConfig(cfg *config.Config, a *accounts.Account) []cli.Flag {
if a.PasswordProfile == nil {
a.PasswordProfile = &accounts.PasswordProfile{}
}
return []cli.Flag{
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
&cli.BoolFlag{
Name: "enabled",
Usage: "Enable the account",
Destination: &a.AccountEnabled,
},
&cli.StringFlag{
Name: "displayname",
Usage: "Set the displayname for the account",
Destination: &a.DisplayName,
},
&cli.StringFlag{
Name: "username",
Usage: "Username will be written to preferred-name and on_premises_sam_account_name",
},
&cli.StringFlag{
Name: "preferred-name",
Usage: "Set the preferred-name for the account",
Destination: &a.PreferredName,
},
&cli.StringFlag{
Name: "on-premises-sam-account-name",
Usage: "Set the on-premises-sam-account-name",
Destination: &a.OnPremisesSamAccountName,
},
&cli.Int64Flag{
Name: "uidnumber",
Usage: "Set the uidnumber for the account",
Destination: &a.UidNumber,
},
&cli.Int64Flag{
Name: "gidnumber",
Usage: "Set the gidnumber for the account",
Destination: &a.GidNumber,
},
&cli.StringFlag{
Name: "mail",
Usage: "Set the mail for the account",
Destination: &a.Mail,
},
&cli.StringFlag{
Name: "description",
Usage: "Set the description for the account",
Destination: &a.Description,
},
&cli.StringFlag{
Name: "password",
Usage: "Set the password for the account",
Destination: &a.PasswordProfile.Password,
// TODO read password from ENV?
},
&cli.StringSliceFlag{
Name: "password-policies",
Usage: "Possible policies: DisableStrongPassword, DisablePasswordExpiration",
},
&cli.BoolFlag{
Name: "force-password-change",
Usage: "Force password change on next sign-in",
Destination: &a.PasswordProfile.ForceChangePasswordNextSignIn,
},
&cli.BoolFlag{
Name: "force-password-change-mfa",
Usage: "Force password change on next sign-in with mfa",
Destination: &a.PasswordProfile.ForceChangePasswordNextSignInWithMfa,
},
}
}
// ListAccountsWithConfig applies list command flags to cfg
func ListAccountsWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
}
}
// RemoveAccountWithConfig applies remove command flags to cfg
func RemoveAccountWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
}
}
// InspectAccountWithConfig applies inspect command flags to cfg
func InspectAccountWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "grpc-namespace",
Value: "com.owncloud.api",
Usage: "Set the base namespace for the grpc namespace",
EnvVars: []string{"ACCOUNTS_GRPC_NAMESPACE"},
Destination: &cfg.GRPC.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: "accounts",
Usage: "service name",
EnvVars: []string{"ACCOUNTS_NAME"},
Destination: &cfg.Server.Name,
},
}
}

22
accounts/pkg/metrics/metrics.go
View File

@@ -1,22 +0,0 @@
package metrics
var (
// Namespace defines the namespace for the defines metrics.
Namespace = "ocis"
// Subsystem defines the subsystem for the defines metrics.
Subsystem = "accounts"
)
// Metrics defines the available metrics of this service.
type Metrics struct {
// Counter *prometheus.CounterVec
}
// New initializes the available metrics.
func New() *Metrics {
m := &Metrics{
}
// TODO: implement metrics
return m
}

89
accounts/pkg/proto/v0/accounts.mock.go
View File

@@ -1,89 +0,0 @@
package proto
import (
context "context"
empty "github.com/golang/protobuf/ptypes/empty"
client "github.com/micro/go-micro/v2/client"
)
// MockAccountsService can be used to write tests
/*
To creata a mock overwrite the functions of an instance like this:
```go
func mockAccSvc(retErr bool) proto.AccountsService {
if retErr {
return &proto.MockAccountsService{
ListFunc: func(ctx context.Context, in *proto.ListAccountsRequest, opts ...client.CallOption) (out *proto.ListAccountsResponse, err error) {
return nil, fmt.Errorf("error returned by mockAccountsService LIST")
},
}
}
return &proto.MockAccountsService{
ListFunc: func(ctx context.Context, in *proto.ListAccountsRequest, opts ...client.CallOption) (out *proto.ListAccountsResponse, err error) {
return &proto.ListAccountsResponse{
Accounts: []*proto.Account{
{
Id: "yay",
},
},
}, nil
},
}
}
```
*/
type MockAccountsService struct {
ListFunc func(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error)
GetFunc func(ctx context.Context, in *GetAccountRequest, opts ...client.CallOption) (*Account, error)
CreateFunc func(ctx context.Context, in *CreateAccountRequest, opts ...client.CallOption) (*Account, error)
UpdateFunc func(ctx context.Context, in *UpdateAccountRequest, opts ...client.CallOption) (*Account, error)
DeleteFunc func(ctx context.Context, in *DeleteAccountRequest, opts ...client.CallOption) (*empty.Empty, error)
}
// ListAccounts will panic if the function has been called, but not mocked
func (m MockAccountsService) ListAccounts(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error) {
if m.ListFunc != nil {
return m.ListFunc(ctx, in, opts...)
}
panic("ListFunc was called in test but not mocked")
}
// GetAccount will panic if the function has been called, but not mocked
func (m MockAccountsService) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...client.CallOption) (*Account, error) {
if m.GetFunc != nil {
return m.GetFunc(ctx, in, opts...)
}
panic("GetFunc was called in test but not mocked")
}
// CreateAccount will panic if the function has been called, but not mocked
func (m MockAccountsService) CreateAccount(ctx context.Context, in *CreateAccountRequest, opts ...client.CallOption) (*Account, error) {
if m.CreateFunc != nil {
return m.CreateFunc(ctx, in, opts...)
}
panic("CreateFunc was called in test but not mocked")
}
// UpdateAccount will panic if the function has been called, but not mocked
func (m MockAccountsService) UpdateAccount(ctx context.Context, in *UpdateAccountRequest, opts ...client.CallOption) (*Account, error) {
if m.UpdateFunc != nil {
return m.UpdateFunc(ctx, in, opts...)
}
panic("UpdateFunc was called in test but not mocked")
}
// DeleteAccount will panic if the function has been called, but not mocked
func (m MockAccountsService) DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...client.CallOption) (*empty.Empty, error) {
if m.DeleteFunc != nil {
return m.DeleteFunc(ctx, in, opts...)
}
panic("DeleteFunc was called in test but not mocked")
}

1821
accounts/pkg/proto/v0/accounts.pb.go
View File

File diff suppressed because it is too large Load Diff

553
accounts/pkg/proto/v0/accounts.pb.micro.go
View File

@@ -1,553 +0,0 @@
// Code generated by protoc-gen-micro. DO NOT EDIT.
// source: accounts.proto
package proto
import (
fmt "fmt"
proto "github.com/golang/protobuf/proto"
empty "github.com/golang/protobuf/ptypes/empty"
_ "github.com/golang/protobuf/ptypes/timestamp"
_ "google.golang.org/genproto/googleapis/api/annotations"
_ "google.golang.org/genproto/protobuf/field_mask"
math "math"
)
import (
context "context"
api "github.com/micro/go-micro/v2/api"
client "github.com/micro/go-micro/v2/client"
server "github.com/micro/go-micro/v2/server"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
// Reference imports to suppress errors if they are not otherwise used.
var _ api.Endpoint
var _ context.Context
var _ client.Option
var _ server.Option
// Api Endpoints for AccountsService service
func NewAccountsServiceEndpoints() []*api.Endpoint {
return []*api.Endpoint{
&api.Endpoint{
Name: "AccountsService.ListAccounts",
Path: []string{"/api/v0/accounts/accounts-list"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "AccountsService.GetAccount",
Path: []string{"/api/v0/accounts/accounts-get"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "AccountsService.CreateAccount",
Path: []string{"/api/v0/accounts/accounts-create"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "AccountsService.UpdateAccount",
Path: []string{"/api/v0/accounts/accounts-update"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "AccountsService.DeleteAccount",
Path: []string{"/api/v0/accounts/accounts-delete"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
}
}
// Client API for AccountsService service
type AccountsService interface {
// Lists accounts
ListAccounts(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error)
// Gets an account
GetAccount(ctx context.Context, in *GetAccountRequest, opts ...client.CallOption) (*Account, error)
// Creates an account
CreateAccount(ctx context.Context, in *CreateAccountRequest, opts ...client.CallOption) (*Account, error)
// Updates an account
UpdateAccount(ctx context.Context, in *UpdateAccountRequest, opts ...client.CallOption) (*Account, error)
// Deletes an account
DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...client.CallOption) (*empty.Empty, error)
}
type accountsService struct {
c client.Client
name string
}
func NewAccountsService(name string, c client.Client) AccountsService {
return &accountsService{
c: c,
name: name,
}
}
func (c *accountsService) ListAccounts(ctx context.Context, in *ListAccountsRequest, opts ...client.CallOption) (*ListAccountsResponse, error) {
req := c.c.NewRequest(c.name, "AccountsService.ListAccounts", in)
out := new(ListAccountsResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountsService) GetAccount(ctx context.Context, in *GetAccountRequest, opts ...client.CallOption) (*Account, error) {
req := c.c.NewRequest(c.name, "AccountsService.GetAccount", in)
out := new(Account)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountsService) CreateAccount(ctx context.Context, in *CreateAccountRequest, opts ...client.CallOption) (*Account, error) {
req := c.c.NewRequest(c.name, "AccountsService.CreateAccount", in)
out := new(Account)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountsService) UpdateAccount(ctx context.Context, in *UpdateAccountRequest, opts ...client.CallOption) (*Account, error) {
req := c.c.NewRequest(c.name, "AccountsService.UpdateAccount", in)
out := new(Account)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *accountsService) DeleteAccount(ctx context.Context, in *DeleteAccountRequest, opts ...client.CallOption) (*empty.Empty, error) {
req := c.c.NewRequest(c.name, "AccountsService.DeleteAccount", in)
out := new(empty.Empty)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for AccountsService service
type AccountsServiceHandler interface {
// Lists accounts
ListAccounts(context.Context, *ListAccountsRequest, *ListAccountsResponse) error
// Gets an account
GetAccount(context.Context, *GetAccountRequest, *Account) error
// Creates an account
CreateAccount(context.Context, *CreateAccountRequest, *Account) error
// Updates an account
UpdateAccount(context.Context, *UpdateAccountRequest, *Account) error
// Deletes an account
DeleteAccount(context.Context, *DeleteAccountRequest, *empty.Empty) error
}
func RegisterAccountsServiceHandler(s server.Server, hdlr AccountsServiceHandler, opts ...server.HandlerOption) error {
type accountsService interface {
ListAccounts(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error
GetAccount(ctx context.Context, in *GetAccountRequest, out *Account) error
CreateAccount(ctx context.Context, in *CreateAccountRequest, out *Account) error
UpdateAccount(ctx context.Context, in *UpdateAccountRequest, out *Account) error
DeleteAccount(ctx context.Context, in *DeleteAccountRequest, out *empty.Empty) error
}
type AccountsService struct {
accountsService
}
h := &accountsServiceHandler{hdlr}
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "AccountsService.ListAccounts",
Path: []string{"/api/v0/accounts/accounts-list"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "AccountsService.GetAccount",
Path: []string{"/api/v0/accounts/accounts-get"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "AccountsService.CreateAccount",
Path: []string{"/api/v0/accounts/accounts-create"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "AccountsService.UpdateAccount",
Path: []string{"/api/v0/accounts/accounts-update"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "AccountsService.DeleteAccount",
Path: []string{"/api/v0/accounts/accounts-delete"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
return s.Handle(s.NewHandler(&AccountsService{h}, opts...))
}
type accountsServiceHandler struct {
AccountsServiceHandler
}
func (h *accountsServiceHandler) ListAccounts(ctx context.Context, in *ListAccountsRequest, out *ListAccountsResponse) error {
return h.AccountsServiceHandler.ListAccounts(ctx, in, out)
}
func (h *accountsServiceHandler) GetAccount(ctx context.Context, in *GetAccountRequest, out *Account) error {
return h.AccountsServiceHandler.GetAccount(ctx, in, out)
}
func (h *accountsServiceHandler) CreateAccount(ctx context.Context, in *CreateAccountRequest, out *Account) error {
return h.AccountsServiceHandler.CreateAccount(ctx, in, out)
}
func (h *accountsServiceHandler) UpdateAccount(ctx context.Context, in *UpdateAccountRequest, out *Account) error {
return h.AccountsServiceHandler.UpdateAccount(ctx, in, out)
}
func (h *accountsServiceHandler) DeleteAccount(ctx context.Context, in *DeleteAccountRequest, out *empty.Empty) error {
return h.AccountsServiceHandler.DeleteAccount(ctx, in, out)
}
// Api Endpoints for GroupsService service
func NewGroupsServiceEndpoints() []*api.Endpoint {
return []*api.Endpoint{
&api.Endpoint{
Name: "GroupsService.ListGroups",
Path: []string{"/api/v0/accounts/groups-list"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.GetGroup",
Path: []string{"/api/v0/accounts/groups-get"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.CreateGroup",
Path: []string{"/api/v0/accounts/groups-create"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.UpdateGroup",
Path: []string{"/api/v0/accounts/groups-update"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.DeleteGroup",
Path: []string{"/api/v0/accounts/groups-delete"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.AddMember",
Path: []string{"/api/v0/groups/{group_id=*}/members/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.RemoveMember",
Path: []string{"/api/v0/groups/{group_id=*}/members/{account_id}/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
&api.Endpoint{
Name: "GroupsService.ListMembers",
Path: []string{"/api/v0/groups/{id=*}/members/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
},
}
}
// Client API for GroupsService service
type GroupsService interface {
// Lists groups
ListGroups(ctx context.Context, in *ListGroupsRequest, opts ...client.CallOption) (*ListGroupsResponse, error)
// Gets an groups
GetGroup(ctx context.Context, in *GetGroupRequest, opts ...client.CallOption) (*Group, error)
// Creates a group
CreateGroup(ctx context.Context, in *CreateGroupRequest, opts ...client.CallOption) (*Group, error)
// Updates a group
UpdateGroup(ctx context.Context, in *UpdateGroupRequest, opts ...client.CallOption) (*Group, error)
// Deletes a group
DeleteGroup(ctx context.Context, in *DeleteGroupRequest, opts ...client.CallOption) (*empty.Empty, error)
// group:addmember https://docs.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=http
AddMember(ctx context.Context, in *AddMemberRequest, opts ...client.CallOption) (*Group, error)
// group:removemember https://docs.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0
RemoveMember(ctx context.Context, in *RemoveMemberRequest, opts ...client.CallOption) (*Group, error)
// group:listmembers https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0
ListMembers(ctx context.Context, in *ListMembersRequest, opts ...client.CallOption) (*ListMembersResponse, error)
}
type groupsService struct {
c client.Client
name string
}
func NewGroupsService(name string, c client.Client) GroupsService {
return &groupsService{
c: c,
name: name,
}
}
func (c *groupsService) ListGroups(ctx context.Context, in *ListGroupsRequest, opts ...client.CallOption) (*ListGroupsResponse, error) {
req := c.c.NewRequest(c.name, "GroupsService.ListGroups", in)
out := new(ListGroupsResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) GetGroup(ctx context.Context, in *GetGroupRequest, opts ...client.CallOption) (*Group, error) {
req := c.c.NewRequest(c.name, "GroupsService.GetGroup", in)
out := new(Group)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) CreateGroup(ctx context.Context, in *CreateGroupRequest, opts ...client.CallOption) (*Group, error) {
req := c.c.NewRequest(c.name, "GroupsService.CreateGroup", in)
out := new(Group)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) UpdateGroup(ctx context.Context, in *UpdateGroupRequest, opts ...client.CallOption) (*Group, error) {
req := c.c.NewRequest(c.name, "GroupsService.UpdateGroup", in)
out := new(Group)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) DeleteGroup(ctx context.Context, in *DeleteGroupRequest, opts ...client.CallOption) (*empty.Empty, error) {
req := c.c.NewRequest(c.name, "GroupsService.DeleteGroup", in)
out := new(empty.Empty)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) AddMember(ctx context.Context, in *AddMemberRequest, opts ...client.CallOption) (*Group, error) {
req := c.c.NewRequest(c.name, "GroupsService.AddMember", in)
out := new(Group)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) RemoveMember(ctx context.Context, in *RemoveMemberRequest, opts ...client.CallOption) (*Group, error) {
req := c.c.NewRequest(c.name, "GroupsService.RemoveMember", in)
out := new(Group)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *groupsService) ListMembers(ctx context.Context, in *ListMembersRequest, opts ...client.CallOption) (*ListMembersResponse, error) {
req := c.c.NewRequest(c.name, "GroupsService.ListMembers", in)
out := new(ListMembersResponse)
err := c.c.Call(ctx, req, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// Server API for GroupsService service
type GroupsServiceHandler interface {
// Lists groups
ListGroups(context.Context, *ListGroupsRequest, *ListGroupsResponse) error
// Gets an groups
GetGroup(context.Context, *GetGroupRequest, *Group) error
// Creates a group
CreateGroup(context.Context, *CreateGroupRequest, *Group) error
// Updates a group
UpdateGroup(context.Context, *UpdateGroupRequest, *Group) error
// Deletes a group
DeleteGroup(context.Context, *DeleteGroupRequest, *empty.Empty) error
// group:addmember https://docs.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=http
AddMember(context.Context, *AddMemberRequest, *Group) error
// group:removemember https://docs.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0
RemoveMember(context.Context, *RemoveMemberRequest, *Group) error
// group:listmembers https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0
ListMembers(context.Context, *ListMembersRequest, *ListMembersResponse) error
}
func RegisterGroupsServiceHandler(s server.Server, hdlr GroupsServiceHandler, opts ...server.HandlerOption) error {
type groupsService interface {
ListGroups(ctx context.Context, in *ListGroupsRequest, out *ListGroupsResponse) error
GetGroup(ctx context.Context, in *GetGroupRequest, out *Group) error
CreateGroup(ctx context.Context, in *CreateGroupRequest, out *Group) error
UpdateGroup(ctx context.Context, in *UpdateGroupRequest, out *Group) error
DeleteGroup(ctx context.Context, in *DeleteGroupRequest, out *empty.Empty) error
AddMember(ctx context.Context, in *AddMemberRequest, out *Group) error
RemoveMember(ctx context.Context, in *RemoveMemberRequest, out *Group) error
ListMembers(ctx context.Context, in *ListMembersRequest, out *ListMembersResponse) error
}
type GroupsService struct {
groupsService
}
h := &groupsServiceHandler{hdlr}
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.ListGroups",
Path: []string{"/api/v0/accounts/groups-list"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.GetGroup",
Path: []string{"/api/v0/accounts/groups-get"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.CreateGroup",
Path: []string{"/api/v0/accounts/groups-create"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.UpdateGroup",
Path: []string{"/api/v0/accounts/groups-update"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.DeleteGroup",
Path: []string{"/api/v0/accounts/groups-delete"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.AddMember",
Path: []string{"/api/v0/groups/{group_id=*}/members/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.RemoveMember",
Path: []string{"/api/v0/groups/{group_id=*}/members/{account_id}/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
opts = append(opts, api.WithEndpoint(&api.Endpoint{
Name: "GroupsService.ListMembers",
Path: []string{"/api/v0/groups/{id=*}/members/$ref"},
Method: []string{"POST"},
Body: "*",
Handler: "rpc",
}))
return s.Handle(s.NewHandler(&GroupsService{h}, opts...))
}
type groupsServiceHandler struct {
GroupsServiceHandler
}
func (h *groupsServiceHandler) ListGroups(ctx context.Context, in *ListGroupsRequest, out *ListGroupsResponse) error {
return h.GroupsServiceHandler.ListGroups(ctx, in, out)
}
func (h *groupsServiceHandler) GetGroup(ctx context.Context, in *GetGroupRequest, out *Group) error {
return h.GroupsServiceHandler.GetGroup(ctx, in, out)
}
func (h *groupsServiceHandler) CreateGroup(ctx context.Context, in *CreateGroupRequest, out *Group) error {
return h.GroupsServiceHandler.CreateGroup(ctx, in, out)
}
func (h *groupsServiceHandler) UpdateGroup(ctx context.Context, in *UpdateGroupRequest, out *Group) error {
return h.GroupsServiceHandler.UpdateGroup(ctx, in, out)
}
func (h *groupsServiceHandler) DeleteGroup(ctx context.Context, in *DeleteGroupRequest, out *empty.Empty) error {
return h.GroupsServiceHandler.DeleteGroup(ctx, in, out)
}
func (h *groupsServiceHandler) AddMember(ctx context.Context, in *AddMemberRequest, out *Group) error {
return h.GroupsServiceHandler.AddMember(ctx, in, out)
}
func (h *groupsServiceHandler) RemoveMember(ctx context.Context, in *RemoveMemberRequest, out *Group) error {
return h.GroupsServiceHandler.RemoveMember(ctx, in, out)
}
func (h *groupsServiceHandler) ListMembers(ctx context.Context, in *ListMembersRequest, out *ListMembersResponse) error {
return h.GroupsServiceHandler.ListMembers(ctx, in, out)
}

1162
accounts/pkg/proto/v0/accounts.pb.micro_test.go
View File

File diff suppressed because it is too large Load Diff

1129
accounts/pkg/proto/v0/accounts.pb.web.go
View File

File diff suppressed because it is too large Load Diff

654
accounts/pkg/proto/v0/accounts.proto
View File

@@ -1,654 +0,0 @@
syntax = "proto3";
option go_package = "pkg/proto/v0;proto";
package settings;
import "google/api/field_behavior.proto";
import "google/api/annotations.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/field_mask.proto";
import "google/protobuf/timestamp.proto";
// Follow recommended Methods for rpc APIs https://cloud.google.com/apis/design/resources?hl=de#methods
// https://cloud.google.com/apis/design/standard_methods?hl=de#list
// https://cloud.google.com/apis/design/naming_convention?hl=de
service AccountsService {
// Lists accounts
rpc ListAccounts(ListAccountsRequest) returns (ListAccountsResponse) {
// List method maps to HTTP GET
option (google.api.http) = {
post: "/api/v0/accounts/accounts-list",
body: "*"
};
}
// Gets an account
rpc GetAccount(GetAccountRequest) returns (Account) {
option (google.api.http) = {
post: "/api/v0/accounts/accounts-get",
body: "*"
};
}
// Creates an account
rpc CreateAccount(CreateAccountRequest) returns (Account) {
// Create maps to HTTP POST. URL path as the collection name.
// HTTP request body contains the resource
option (google.api.http) = {
post: "/api/v0/accounts/accounts-create"
body: "*"
};
}
// Updates an account
rpc UpdateAccount(UpdateAccountRequest) returns (Account) {
// Update maps to HTTP PATCH. Resource name is mapped to a URL path.
// Resource is contained in the HTTP request body
option (google.api.http) = {
post: "/api/v0/accounts/accounts-update"
body: "*"
};
};
// Deletes an account
rpc DeleteAccount(DeleteAccountRequest) returns (google.protobuf.Empty) {
// Delete maps to HTTP DELETE. Resource name maps to the URL path.
// There is no request body
option (google.api.http) = {
post: "/api/v0/accounts/accounts-delete",
body: "*"
};
}
}
service GroupsService {
// Lists groups
rpc ListGroups(ListGroupsRequest) returns (ListGroupsResponse) {
// List method maps to HTTP GET
option (google.api.http) = {
post: "/api/v0/accounts/groups-list",
body: "*"
};
}
// Gets an groups
rpc GetGroup(GetGroupRequest) returns (Group) {
option (google.api.http) = {
post: "/api/v0/accounts/groups-get",
body: "*"
};
}
// Creates a group
rpc CreateGroup(CreateGroupRequest) returns (Group) {
// Create maps to HTTP POST. URL path as the collection name.
// HTTP request body contains the resource
option (google.api.http) = {
post: "/api/v0/accounts/groups-create"
body: "*"
};
}
// Updates a group
rpc UpdateGroup(UpdateGroupRequest) returns (Group) {
// Update maps to HTTP PATCH. Resource name is mapped to a URL path.
// Resource is contained in the HTTP request body
option (google.api.http) = {
post: "/api/v0/accounts/groups-update"
body: "*"
};
};
// Deletes a group
rpc DeleteGroup(DeleteGroupRequest) returns (google.protobuf.Empty) {
// Delete maps to HTTP DELETE. Resource name maps to the URL path.
// There is no request body
option (google.api.http) = {
post: "/api/v0/accounts/groups-delete",
body: "*"
};
}
// additional group methods: https://docs.microsoft.com/en-us/graph/api/resources/group?view=graph-rest-1.0#methods
// references are accessed using $ref, see http://docs.oasis-open.org/odata/odata/v4.0/cs01/part2-url-conventions/odata-v4.0-cs01-part2-url-conventions.html#_Toc365046422
// or the stack overflow question https://stackoverflow.com/questions/49362894/why-is-the-microsoft-graph-api-using-ref-in-the-uri
// group:addmember https://docs.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0&tabs=http
rpc AddMember(AddMemberRequest) returns (Group) {
// All request parameters go into body.
option (google.api.http) = {
post: "/api/v0/groups/{group_id=*}/members/$ref"
body: "*"
};
}
// group:removemember https://docs.microsoft.com/en-us/graph/api/group-delete-members?view=graph-rest-1.0
rpc RemoveMember(RemoveMemberRequest) returns (Group) {
// All request parameters go into body.
option (google.api.http) = {
// URLs are broken
post: "/api/v0/groups/{group_id=*}/members/{account_id}/$ref"
body: "*"
};
}
// group:listmembers https://docs.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0
rpc ListMembers(ListMembersRequest) returns (ListMembersResponse) {
// All request parameters go into body.
option (google.api.http) = {
// URLs are broken
post: "/api/v0/groups/{id=*}/members/$ref"
body: "*"
};
}
}
message ListAccountsRequest {
// Optional. The maximum number of accounts to return in the response
int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. A pagination token returned from a previous call to `Get`
// that indicates from where search should continue
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Used to specify a subset of fields that should be
// returned by a get operation or modified by an update operation.
google.protobuf.FieldMask field_mask = 3;
// Optional. Search criteria used to select the accounts to return.
// If no search criteria is specified then all accounts will be
// returned
//
// TODO update query language
// Query expressions can be used to restrict results based upon
// the account properties where the operators `=`, `NOT`, `AND` and `OR`
// can be used along with the suffix wildcard symbol `*`.
//
// The string properties in a query expression should use escaped quotes
// for values that include whitespace to prevent unexpected behavior.
//
// Some example queries are:
//
// * Query `display_name=Th*` returns accounts whose display_name
// starts with "Th"
// * Query `email=foo@example.com` returns accounts with
// `email` set to `foo@example.com`
// * Query `display_name=\\"Test String\\"` returns accounts with
// display names that include both "Test" and "String"
string query = 4 [(google.api.field_behavior) = OPTIONAL];
}
message ListAccountsResponse {
// The field name should match the noun "accounts" in the method name. There
// will be a maximum number of items returned based on the page_size field
// in the request
repeated Account accounts = 1;
// Token to retrieve the next page of results, or empty if there are no
// more results in the list
string next_page_token = 2;
}
message GetAccountRequest {
string id = 1;
}
message CreateAccountRequest {
// The account resource to create
Account account = 1;
}
message UpdateAccountRequest {
// The account resource which replaces the resource on the server
Account account = 1;
// The update mask applies to the resource. For the `FieldMask` definition,
// see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
google.protobuf.FieldMask update_mask = 2;
}
message DeleteAccountRequest {
string id = 1;
}
// Account follows the properties of the ms graph api user resuorce.
// See https://docs.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0#properties
message Account {
// Note that field numbers in the range 1 through 15 take one byte to encode, including the field number and the field's type
// The unique identifier for the user. Key. Not nullable. Non reassignable. Read-only.
string id = 1;
// *true* if the account is enabled; otherwise, *false*. This property is required when a user is created. Supports $filter.
bool account_enabled = 2;
// A resource account is also known as a /disabled user object/ in Azure AD, and can be used to represent resources in general.
// In Exchange it might be used to represent conference rooms, for example, and allow them to have a phone number.
// You could give printers or machines with a sync client resource accounts as well.
// A resource account can be homed in Microsoft 365 or on premises using Skype for Business Server 2019.
// *true* if the user is a resource account; otherwise, *false*. Null value should be considered false.
bool is_resource_account = 3;
// Indicates whether the account was created as
// - a regular school or work account ("" / emptystring),
// - a local account, fully managed by ocis (LocalAccount), includes synced accounts or
// - an external account (Invitation),
// - self-service sign-up using email verification (EmailVerified). Read-only.
string creation_type = 4;
// Represents the identities that can be used to sign in to this account.
// An identity can be provided by OCIS (also known as a local account), by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and is tied to an account.
// May contain multiple items with the same signInType value. Supports $filter.
repeated Identities identities = 5;
// posixaccount properties
// The name displayed in the address book for the account.
// This is usually the combination of the user's first name, middle initial and last name.
// This property is required when a user is created and it cannot be cleared during updates.
// Supports $filter and $orderby.
// posixaccount MUST cn
string display_name = 6;
// The username
// posixaccount MUST uid
string preferred_name = 7;
// TODO rename to on_premise_? or move to extension? see https://docs.microsoft.com/en-us/graph/extensibility-open-users
// used for exposing the user using ldap
// posixaccount MUST uidnumber
int64 uid_number = 8;
// used for exposing the user using ldap
// posixaccount MUST gidnumber
int64 gid_number = 9;
// posixaccount MUST homedirectory
// constructed dynamically in glauth
// posixaccount MAY loginshell
// posixaccount MAY gecos
// For the GECOS field:
// - User's full name (or application name, if the account is for a program) -> displayname (description)
// - Building and room number or contact person -> -
// - Office telephone number -> -
// - Any other contact information (pager number, fax, etc.) -> mail
// eg "Albert Einstein (Beware! I'm doing science!),,,einstein@example.com" as the gecos
// The SMTP address for the user, for example, "jeff@contoso.onmicrosoft.com". Read-Only. Supports $filter.
// inetorgperson MAY mail
string mail = 10;
// A description, useful for resource accounts
// posixaccount MAY description
string description = 11;
// Specifies the password profile for the user.
// The profile contains the users password. This property is required when a user is created.
// The password in the profile must satisfy minimum requirements as specified by the passwordPolicies property.
// By default, a strong password is required.
// posixaccount MAY authPassword
PasswordProfile password_profile = 12;
// The groups, directory roles and administrative units that the user is a member of. Read-only. Nullable.
// should we only respond with repeated strings of ids? no clients should a proper filter mask!
repeated Group memberOf = 13;
// Field numbers in the range 16 through 2047 take two bytes. So you should reserve the field numbers 1 through 15 for very frequently occurring message elements. Remember to leave some room for frequently occurring elements that might be added in the future.
// The created date of the account object.
google.protobuf.Timestamp created_date_time = 16;
// The date and time the user was deleted. Returned only on $select.
google.protobuf.Timestamp deleted_date_time = 17;
// properties for sync
// *true* if this object is synced from an on-premises directory;
// *false* if this object was originally synced from an on-premises directory but is no longer synced;
// null if this object has never been synced from an on-premises directory (default). Read-only
bool on_premises_sync_enabled = 20;
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
string on_premises_immutable_id = 21;
// Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only.
string on_premises_security_identifier = 22;
// Contains the on-premises LDAP `distinguished name` or `DN`.
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Read-only.
string on_premises_distinguished_name = 23;
// Contains the on-premises `samAccountName` synchronized from the on-premises directory.
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Read-only.
string on_premises_sam_account_name = 24;
// Contains the on-premises `domainFQDN`, also called `dnsDomainName` synchronized from the on-premises directory
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Read-only.
string on_premises_domain_name = 25;
// Contains the on-premises userPrincipalName synchronized from the on-premises directory.
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Read-only.
string on_premises_user_principal_name = 26;
// Contains extensionAttributes 1-15 for the user. Note that the individual extension attributes are neither selectable nor filterable.
// For an onPremisesSyncEnabled user, this set of properties is mastered on-premises and is read-only.
// For a cloud-only user (where onPremisesSyncEnabled is false), these properties may be set during creation or update.
//onPremisesExtensionAttributes onPremisesExtensionAttributes = 27
// Indicates the last time at which the object was synced with the on-premises directory; Read-only.
google.protobuf.Timestamp on_premises_last_sync_date_time = 28;
// Errors when using synchronization during provisioning.
repeated OnPremisesProvisioningError on_premises_provisioning_errors = 29;
// TODO do we need to sync uidnumber and gidnumber from the external ldap? we may assign different numbers so eos has a non colliding namespace.
// we can sync them to the (uid|gid)_number fileds but what if they changed in the external ldap and now collide?
// move those properties to a posixaccount message so we can exchange that part with an external (readonly or writeable) ldap server?
// For an external user invited to the tenant using the invitation API, this property represents the invited user's invitation status.
// For invited users, the state can be `PendingAcceptance` or `Accepted`, or "" / emptystring for all other users.
// Returned only on $select. Supports $filter with the supported values. For example: $filter=externalUserState eq 'PendingAcceptance'.
string external_user_state = 40;
// Shows the timestamp for the latest change to the externalUserState property. Returned only on $select.
google.protobuf.Timestamp external_user_state_change_date_time = 41;
// Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get
// an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph).
// If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint.
// Returned only on $select. Read-only. Use invalidateAllRefreshTokens to reset.
google.protobuf.Timestamp refresh_tokens_valid_from_date_time = 60;
// Any refresh tokens or sessions tokens (session cookies) issued before this time are invalid, and applications will get
// an error when using an invalid refresh or sessions token to acquire a delegated access token (to access APIs such as Microsoft Graph).
// If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint.
// Read-only. Use revokeSignInSessions to reset.
google.protobuf.Timestamp sign_in_sessions_valid_from_date_time = 61;
}
// Identities Represents an identity used to sign in to a user account.
// An identity can be provided by ocis, by organizations, or by social identity providers such as Facebook, Google, or Microsoft, that are tied to a user account.
// This enables the user to sign in to the user account with any of those associated identities.
// They are also used to keep a history of old usernames.
message Identities {
// Specifies the user sign-in types in your directory, such as `emailAddress`, `userName` or `federated`.
// Here, federated represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer.
// Additional validation is enforced on *issuer_assigned_id* when the sign-in type is set to `emailAddress` or `userName`.
// This property can also be set to any custom string.
string sign_in_type = 1;
// Specifies the issuer of the identity, for example facebook.com.
// For local accounts (where signInType is not federated), this property is
// the local B2C tenant default domain name, for example contoso.onmicrosoft.com.
// For external users from other Azure AD organization, this will be the domain of
// the federated organization, for example contoso.com.
// Supports $filter. 512 character limit.
string issuer = 2;
// Specifies the unique identifier assigned to the user by the issuer. The combination of *issuer* and *issuerAssignedId* must be unique within the organization. Represents the sign-in name for the user, when signInType is set to emailAddress or userName (also known as local accounts).
// When *signInType* is set to:
// * `emailAddress`, (or starts with `emailAddress` like `emailAddress1`) *issuerAssignedId* must be a valid email address
// * `userName`, issuer_assigned_id must be a valid local part of an email address
// Supports $filter. 512 character limit.
string issuer_assigned_id = 3;
}
message PasswordProfile {
// The password for the user. This property is required when a user is created.
// It can be updated, but the user will be required to change the password on the next login.
// The password must satisfy minimum requirements as specified by the users passwordPolicies property. By default, a strong password is required.
string password = 1;
// The time when this account last changed their password.
google.protobuf.Timestamp last_password_change_date_time = 2;
// Specifies password policies for the user.
//This value is an enumeration with one possible value being “DisableStrongPassword”, which allows weaker passwords than the default policy to be specified.
// “DisablePasswordExpiration” can also be specified.
repeated string password_policies = 3;
// *true* if the user must change her password on the next login; otherwise false.
bool force_change_password_next_sign_in = 4;
// If *true*, at next sign-in, the user must perform a multi-factor authentication (MFA) before being forced to change their password. The behavior is identical to forceChangePasswordNextSignIn except that the user is required to first perform a multi-factor authentication before password change. After a password change, this property will be automatically reset to false. If not set, default is false.
bool force_change_password_next_sign_in_with_mfa = 5;
}
message ListGroupsRequest {
// Optional. The maximum number of groups to return in the response
int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. A pagination token returned from a previous call to `Get`
// that indicates from where search should continue
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Used to specify a subset of fields that should be
// returned by a get operation or modified by an update operation.
google.protobuf.FieldMask field_mask = 3;
// Optional. Search criteria used to select the groups to return.
// If no search criteria is specified then all groups will be
// returned
//
// TODO update query language
// Query expressions can be used to restrict results based upon
// the account properties where the operators `=`, `NOT`, `AND` and `OR`
// can be used along with the suffix wildcard symbol `*`.
//
// The string properties in a query expression should use escaped quotes
// for values that include whitespace to prevent unexpected behavior.
//
// Some example queries are:
//
// * Query `display_name=Th*` returns accounts whose display_name
// starts with "Th"
// * Query `display_name=\\"Test String\\"` returns groups with
// display names that include both "Test" and "String"
string query = 4 [(google.api.field_behavior) = OPTIONAL];
}
message ListGroupsResponse {
// The field name should match the noun "group" in the method name. There
// will be a maximum number of items returned based on the page_size field
// in the request
repeated Group groups = 1;
// Token to retrieve the next page of results, or empty if there are no
// more results in the list
string next_page_token = 2;
}
message GetGroupRequest {
string id = 1;
}
message CreateGroupRequest {
// The account resource to create
Group group = 1;
}
message UpdateGroupRequest {
// The group resource which replaces the resource on the server
Group group = 1;
// The update mask applies to the resource. For the `FieldMask` definition,
// see https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#fieldmask
google.protobuf.FieldMask update_mask = 2;
}
message DeleteGroupRequest {
string id = 1;
}
message AddMemberRequest {
// The id of the group to add a member to
string group_id = 1;
// The account id to add
string account_id = 2;
}
message RemoveMemberRequest {
// The id of the group to remove a member from
string group_id = 1;
// The account id to remove
string account_id = 2;
}
message ListMembersRequest {
int32 page_size = 1 [(google.api.field_behavior) = OPTIONAL];
// Optional. A pagination token returned from a previous call to `Get`
// that indicates from where search should continue
string page_token = 2 [(google.api.field_behavior) = OPTIONAL];
// Optional. Used to specify a subset of fields that should be
// returned by a get operation or modified by an update operation.
google.protobuf.FieldMask field_mask = 3;
// Optional. Search criteria used to select the groups to return.
// If no search criteria is specified then all groups will be
// returned
//
// TODO update query language
// Query expressions can be used to restrict results based upon
// the account properties where the operators `=`, `NOT`, `AND` and `OR`
// can be used along with the suffix wildcard symbol `*`.
//
// The string properties in a query expression should use escaped quotes
// for values that include whitespace to prevent unexpected behavior.
//
// Some example queries are:
//
// * Query `display_name=Th*` returns accounts whose display_name
// starts with "Th"
// * Query `display_name=\\"Test String\\"` returns groups with
// display names that include both "Test" and "String"
string query = 4 [(google.api.field_behavior) = OPTIONAL];
// The id of the group to list members from
string id = 5;
}
message ListMembersResponse {
// The field name should match the noun "members" in the method name. There
// will be a maximum number of items returned based on the page_size field
// in the request
repeated Account members = 1;
// Token to retrieve the next page of results, or empty if there are no
// more results in the list
string next_page_token = 2;
}
message Group {
// The unique identifier for the group.
// Returned by default. Inherited from directoryObject. Key. Not nullable. Read-only.
string id = 1;
// groupofnames
// The display name for the group. This property is required when a group is created and cannot be cleared during updates.
// Returned by default. Supports $filter and $orderby.
// groupofnames MUST cn
string display_name = 2;
// groupofnames MUST/MAY member
// Users, contacts, and groups that are members of this group. HTTP Methods: GET (supported for all groups), POST (supported for security groups and mail-enabled security groups), DELETE (supported only for security groups) Read-only. Nullable.
// TODO accounts (users) only for now, we can add groups with the dedicated message using oneof construct later
repeated Account members = 3;
// groupofnames MAY businessCategory
// groupofnames MAY o
// groupofnames MAY ou
// groupofnames MAY owner, SINGLE-VALUE but there might be multiple owners
repeated Account owners = 4;
// An optional description for the group. Returned by default.
// groupofnames MAY description
string description = 5;
// groupofnames MAY seeAlso
// posixgroup
// used for exposing the user using ldap
// posixgroup MUST gidnumber
int64 gid_number = 6;
// posixgroup MAY authPassword
// posixgroup MAY userPassword
// posixgroup MAY memberUid -> groupofnames member
// posixgroup MAY description -> groupofnames
// Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created
// Returned by default. Read-only.
google.protobuf.Timestamp created_date_time = 7;
// For some Azure Active Directory objects (user, group, application), if the object is deleted, it is first logically deleted, and this property is updated with the date and time when the object was deleted. Otherwise this property is null. If the object is restored, this property is updated to null.
// Returned by default. Read-only.
google.protobuf.Timestamp deleted_date_time = 8;
// Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created.
// Returned by default. Read-only.
google.protobuf.Timestamp expiration_date_time = 9;
// True if the group is not displayed in certain parts of the Outlook user interface:
// in the Address Book, in address lists for selecting message recipients, and in the Browse Groups dialog for searching groups; false otherwise. Default value is false.
// Returned only on $select.
bool hide_from_address_lists = 10;
// Specifies the visibility of an Office 365 group. Possible values are: Private, Public, or Hiddenmembership; blank values are treated as public. See group visibility options to learn more.
// Visibility can be set only when a group is created; it is not editable.
// Returned by default.
string visibility = 11;
// Field numbers in the range 16 through 2047 take two bytes. So you should reserve the field numbers 1 through 15 for very frequently occurring message elements. Remember to leave some room for frequently occurring elements that might be added in the future.
// properties for sync
// *true* if this group is synced from an on-premises directory;
// *false* if this group was originally synced from an on-premises directory but is no longer synced;
// null if this object has never been synced from an on-premises directory (default).
// Returned by default. Read-only. Supports $filter.
bool on_premises_sync_enabled = 20;
// This property is used to associate an on-premises LDAP user to the ocis account object.
// This property must be specified when creating a new user account in the Graph if you are using a federated domain for the users userPrincipalName (UPN) property.
// Important: The $ and _ characters cannot be used when specifying this property. Supports $filter.
string on_premises_immutable_id = 21;
// Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Read-only.
string on_premises_security_identifier = 22;
// Contains the on-premises LDAP `distinguished name` or `DN`.
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Read-only.
string on_premises_distinguished_name = 23;
// Contains the on-premises `samAccountName` synchronized from the on-premises directory.
// The property is only populated for customers who are synchronizing their on-premises directory to ocis-accounts. Returned by default. Read-only.
string on_premises_sam_account_name = 24;
// Contains the on-premises domain FQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.
// Returned by default. Read-only.
string on_premises_domain_name = 25;
// Contains the on-premises netBios name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.
// Returned by default. Read-only.
string on_premises_net_bios_name = 26;
// Indicates the last time at which the group was synced with the on-premises directory.
// Returned by default. Read-only. Supports $filter.
string on_premises_last_sync_date_time = 27;
// Errors when using synchronization during provisioning.
repeated OnPremisesProvisioningError on_premises_provisioning_errors = 28;
}
message OnPremisesProvisioningError {
// Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property.
string category = 1;
// The date and time at which the error occurred.
google.protobuf.Timestamp occurred_date_time = 2;
// Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress
string property_causing_error = 3;
// Value of the property causing the error.
string value = 4;
}

941
accounts/pkg/proto/v0/accounts.swagger.json
View File

File diff suppressed because one or more lines are too long

13
accounts/pkg/proto/v0/bleve.go
View File

@@ -1,13 +0,0 @@
package proto
// BleveAccount wraps the generated Account and adds a bleve type that is used to distinguish documents in the index
type BleveAccount struct {
Account
BleveType string `json:"bleve_type"`
}
// BleveGroup wraps the generated Group and adds a bleve type that is used to distinguish documents in the index
type BleveGroup struct {
Group
BleveType string `json:"bleve_type"`
}

1
accounts/pkg/proto/v0/staticcheck.conf
View File

@@ -1 +0,0 @@
checks = ["all", "-ST1003", "-ST1000", "-SA1019"]

128
accounts/pkg/provider/bleve.go
View File

@@ -1,128 +0,0 @@
package provider
import (
"errors"
"fmt"
"strconv"
"strings"
"github.com/CiscoM31/godata"
"github.com/blevesearch/bleve"
"github.com/blevesearch/bleve/search/query"
)
func init() {
// add (ap)prox filter
godata.GlobalFilterTokenizer = FilterTokenizer()
godata.GlobalFilterParser.DefineOperator("ap", 2, godata.OpAssociationLeft, 4, false)
}
// BuildBleveQuery converts a GoDataFilterQuery into a bleve query
func BuildBleveQuery(r *godata.GoDataFilterQuery) (query.Query, error) {
return recursiveBuildQuery(r.Tree)
}
// Builds the filter recursively using DFS
func recursiveBuildQuery(n *godata.ParseNode) (query.Query, error) {
if n.Token.Type == godata.FilterTokenFunc {
switch n.Token.Value {
case "startswith":
if len(n.Children) != 2 {
return nil, errors.New("startswith match must have two children")
}
if n.Children[0].Token.Type != godata.FilterTokenLiteral {
return nil, errors.New("startswith expected a literal as the first param")
}
if n.Children[1].Token.Type != godata.FilterTokenString {
return nil, errors.New("startswith expected a string as the second param")
} // remove enclosing ' of string tokens (looks like 'some ol'' string')
value := n.Children[1].Token.Value[1 : len(n.Children[1].Token.Value)-1]
// unescape '' as '
unescaped := strings.ReplaceAll(value, "''", "'")
q := bleve.NewPrefixQuery(unescaped)
q.SetField(n.Children[0].Token.Value)
return q, nil
// TODO contains as regex?
// TODO endswith as regex?
default:
return nil, godata.NotImplementedError(n.Token.Value + " is not implemented.")
}
}
if n.Token.Type == godata.FilterTokenLogical {
switch n.Token.Value {
case "eq":
if len(n.Children) != 2 {
return nil, errors.New("equality match must have two children")
}
if n.Children[0].Token.Type != godata.FilterTokenLiteral {
return nil, errors.New("equality expected a literal on the lhs")
}
if n.Children[1].Token.Type == godata.FilterTokenString {
// for escape rules see http://docs.oasis-open.org/odata/odata/v4.01/cs01/part2-url-conventions/odata-v4.01-cs01-part2-url-conventions.html#sec_URLComponents
// remove enclosing ' of string tokens (looks like 'some ol'' string')
value := n.Children[1].Token.Value[1 : len(n.Children[1].Token.Value)-1]
// unescape '' as '
unescaped := strings.ReplaceAll(value, "''", "'")
// use a match query, so the field mapping, e.g. lowercase is applied to the value
// remember we defined the field mapping for `preferred_name` to be lowercase
// a term query like `preferred_name eq 'Artur'` would use `Artur` to search in the index and come up empty
// a match query will apply the field mapping (lowercasing `Artur` to `artur`) before doing the search
// TODO there is a mismatch between the LDAP and odata filters:
// - LDAP matching rules depend on the attribute: see https://ldapwiki.com/wiki/MatchingRule
// - odata has functions like `startswith`, `contains`, `tolower`, `toupper`, `matchesPattern` andy more: see http://docs.oasis-open.org/odata/odata/v4.01/odata-v4.01-part1-protocol.html#sec_BuiltinQueryFunctions
// - ocis-glauth should do the mapping between LDAP and odata filter
q := bleve.NewMatchQuery(unescaped)
q.SetField(n.Children[0].Token.Value)
return q, nil
} else if n.Children[1].Token.Type == godata.FilterTokenInteger {
v, err := strconv.ParseFloat(n.Children[1].Token.Value, 64)
if err != nil {
return nil, err
}
incl := true
q := bleve.NewNumericRangeInclusiveQuery(&v, &v, &incl, &incl)
q.SetField(n.Children[0].Token.Value)
return q, nil
}
return nil, fmt.Errorf("equality expected a string or int on the rhs, got %d", n.Children[1].Token.Type)
case "and":
q := query.NewConjunctionQuery([]query.Query{})
for _, child := range n.Children {
subQuery, err := recursiveBuildQuery(child)
if err != nil {
return nil, err
}
if subQuery != nil {
q.AddQuery(subQuery)
}
}
return q, nil
case "or":
q := query.NewDisjunctionQuery([]query.Query{})
for _, child := range n.Children {
subQuery, err := recursiveBuildQuery(child)
if err != nil {
return nil, err
}
if subQuery != nil {
q.AddQuery(subQuery)
}
}
return q, nil
case "Not":
if len(n.Children) != 1 {
return nil, errors.New("not filter must have only one child")
}
subQuery, err := recursiveBuildQuery(n.Children[0])
if err != nil {
return nil, err
}
q := query.NewBooleanQuery(nil, nil, []query.Query{subQuery})
return q, nil
default:
return nil, godata.NotImplementedError(n.Token.Value + " is not implemented.")
}
}
return nil, godata.NotImplementedError(n.Token.Value + " is not implemented.")
}

38
accounts/pkg/provider/tokenizer.go
View File

@@ -1,38 +0,0 @@
package provider
import "github.com/CiscoM31/godata"
// FilterTokenizer creates a tokenizer capable of tokenizing filter statements
// TODO disable tokens we don't handle anyway
func FilterTokenizer() *godata.Tokenizer {
t := godata.Tokenizer{}
t.Add("^[0-9]{4,4}-[0-9]{2,2}-[0-9]{2,2}T[0-9]{2,2}:[0-9]{2,2}(:[0-9]{2,2}(.[0-9]+)?)?(Z|[+-][0-9]{2,2}:[0-9]{2,2})", godata.FilterTokenDateTime)
t.Add("^-?[0-9]{4,4}-[0-9]{2,2}-[0-9]{2,2}", godata.FilterTokenDate)
t.Add("^[0-9]{2,2}:[0-9]{2,2}(:[0-9]{2,2}(.[0-9]+)?)?", godata.FilterTokenTime)
t.Add("^\\(", godata.FilterTokenOpenParen)
t.Add("^\\)", godata.FilterTokenCloseParen)
t.Add("^/", godata.FilterTokenNav)
t.Add("^:", godata.FilterTokenColon)
t.Add("^,", godata.FilterTokenComma)
t.Add("^(geo.distance|geo.intersects|geo.length)", godata.FilterTokenFunc)
t.Add("^(substringof|substring|length|indexof)", godata.FilterTokenFunc)
// only change from the global tokenizer is the added ap
t.Add("^(eq|ne|gt|ge|lt|le|and|or|not|has|in|ap)", godata.FilterTokenLogical)
t.Add("^(add|sub|mul|divby|div|mod)", godata.FilterTokenOp)
t.Add("^(contains|endswith|startswith|tolower|toupper|"+
"trim|concat|year|month|day|hour|minute|second|fractionalseconds|date|"+
"time|totaloffsetminutes|now|maxdatetime|mindatetime|totalseconds|round|"+
"floor|ceiling|isof|cast)", godata.FilterTokenFunc)
t.Add("^(any|all)", godata.FilterTokenLambda)
t.Add("^null", godata.FilterTokenNull)
t.Add("^\\$it", godata.FilterTokenIt)
t.Add("^\\$root", godata.FilterTokenRoot)
t.Add("^-?[0-9]+\\.[0-9]+", godata.FilterTokenFloat)
t.Add("^-?[0-9]+", godata.FilterTokenInteger)
t.Add("^'(''|[^'])*'", godata.FilterTokenString)
t.Add("^(true|false)", godata.FilterTokenBoolean)
t.Add("^@*[a-zA-Z][a-zA-Z0-9_.]*", godata.FilterTokenLiteral) // The optional '@' character is used to identify parameter aliases
t.Ignore("^ ", godata.FilterTokenWhitespace)
return &t
}

85
accounts/pkg/server/grpc/option.go
View File

@@ -1,85 +0,0 @@
package grpc
import (
"context"
"github.com/micro/cli/v2"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/metrics"
svc "github.com/owncloud/ocis/accounts/pkg/service/v0"
"github.com/owncloud/ocis/ocis-pkg/log"
)
// Option defines a single option function.
type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Name string
Logger log.Logger
Context context.Context
Config *config.Config
Metrics *metrics.Metrics
Flags []cli.Flag
Handler *svc.Service
}
// newOptions initializes the available default options.
func newOptions(opts ...Option) Options {
opt := Options{}
for _, o := range opts {
o(&opt)
}
return opt
}
// Name provides a name for the service.
func Name(val string) Option {
return func(o *Options) {
o.Name = val
}
}
// Logger provides a function to set the logger option.
func Logger(val log.Logger) Option {
return func(o *Options) {
o.Logger = val
}
}
// Context provides a function to set the context option.
func Context(val context.Context) Option {
return func(o *Options) {
o.Context = val
}
}
// Config provides a function to set the config option.
func Config(val *config.Config) Option {
return func(o *Options) {
o.Config = val
}
}
// Metrics provides a function to set the metrics option.
func Metrics(val *metrics.Metrics) Option {
return func(o *Options) {
o.Metrics = val
}
}
// Flags provides a function to set the flags option.
func Flags(val []cli.Flag) Option {
return func(o *Options) {
o.Flags = append(o.Flags, val...)
}
}
// Handler provides a function to set the handler option.
func Handler(val *svc.Service) Option {
return func(o *Options) {
o.Handler = val
}
}

31
accounts/pkg/server/grpc/server.go
View File

@@ -1,31 +0,0 @@
package grpc
import (
"github.com/owncloud/ocis/accounts/pkg/proto/v0"
"github.com/owncloud/ocis/ocis-pkg/service/grpc"
)
// Server initializes a new go-micro service ready to run
func Server(opts ...Option) grpc.Service {
options := newOptions(opts...)
handler := options.Handler
service := grpc.NewService(
grpc.Name(options.Config.Server.Name),
grpc.Context(options.Context),
grpc.Address(options.Config.GRPC.Addr),
grpc.Namespace(options.Config.GRPC.Namespace),
grpc.Logger(options.Logger),
grpc.Flags(options.Flags...),
)
if err := proto.RegisterAccountsServiceHandler(service.Server(), handler); err != nil {
options.Logger.Fatal().Err(err).Msg("could not register service handler")
}
if err := proto.RegisterGroupsServiceHandler(service.Server(), handler); err != nil {
options.Logger.Fatal().Err(err).Msg("could not register groups handler")
}
service.Init()
return service
}

85
accounts/pkg/server/http/option.go
View File

@@ -1,85 +0,0 @@
package http
import (
"context"
"github.com/micro/cli/v2"
"github.com/owncloud/ocis/accounts/pkg/config"
"github.com/owncloud/ocis/accounts/pkg/metrics"
svc "github.com/owncloud/ocis/accounts/pkg/service/v0"
"github.com/owncloud/ocis/ocis-pkg/log"
)
// Option defines a single option function.
type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Name string
Logger log.Logger
Context context.Context
Config *config.Config
Metrics *metrics.Metrics
Flags []cli.Flag
Handler *svc.Service
}
// newOptions initializes the available default options.
func newOptions(opts ...Option) Options {
opt := Options{}
for _, o := range opts {
o(&opt)
}
return opt
}
// Name provides a name for the service.
func Name(val string) Option {
return func(o *Options) {
o.Name = val
}
}
// Logger provides a function to set the logger option.
func Logger(val log.Logger) Option {
return func(o *Options) {
o.Logger = val
}
}
// Context provides a function to set the context option.
func Context(val context.Context) Option {
return func(o *Options) {
o.Context = val
}
}
// Config provides a function to set the config option.
func Config(val *config.Config) Option {
return func(o *Options) {
o.Config = val
}
}
// Metrics provides a function to set the metrics option.
func Metrics(val *metrics.Metrics) Option {
return func(o *Options) {
o.Metrics = val
}
}
// Flags provides a function to set the flags option.
func Flags(val []cli.Flag) Option {
return func(o *Options) {
o.Flags = append(o.Flags, val...)
}
}
// Handler provides a function to set the handler option.
func Handler(val *svc.Service) Option {
return func(o *Options) {
o.Handler = val
}
}

71
accounts/pkg/server/http/server.go
View File

@@ -1,71 +0,0 @@
package http
import (
"github.com/go-chi/chi"
"github.com/owncloud/ocis/accounts/pkg/assets"
"github.com/owncloud/ocis/accounts/pkg/proto/v0"
"github.com/owncloud/ocis/accounts/pkg/version"
"github.com/owncloud/ocis/ocis-pkg/account"
"github.com/owncloud/ocis/ocis-pkg/middleware"
"github.com/owncloud/ocis/ocis-pkg/service/http"
)
// Server initializes the http service and server.
func Server(opts ...Option) http.Service {
options := newOptions(opts...)
handler := options.Handler
service := http.NewService(
http.Logger(options.Logger),
http.Name(options.Name),
http.Version(version.String),
http.Address(options.Config.HTTP.Addr),
http.Namespace(options.Config.HTTP.Namespace),
http.Context(options.Context),
http.Flags(options.Flags...),
)
mux := chi.NewMux()
mux.Use(middleware.RealIP)
mux.Use(middleware.RequestID)
mux.Use(middleware.Cache)
mux.Use(middleware.Cors)
mux.Use(middleware.Secure)
mux.Use(middleware.ExtractAccountUUID(
account.Logger(options.Logger),
account.JWTSecret(options.Config.TokenManager.JWTSecret)),
)
mux.Use(middleware.Version(
options.Name,
version.String,
))
mux.Use(middleware.Logger(
options.Logger,
))
mux.Use(middleware.Static(
options.Config.HTTP.Root,
assets.New(
assets.Logger(options.Logger),
assets.Config(options.Config),
),
))
mux.Route(options.Config.HTTP.Root, func(r chi.Router) {
proto.RegisterAccountsServiceWeb(r, handler)
proto.RegisterGroupsServiceWeb(r, handler)
})
service.Handle(
"/",
mux,
)
if err := service.Init(); err != nil {
panic(err)
}
return service
}

Some files were not shown because too many files have changed in this diff Show More