This PR adds configuration parameters to the auth-basic and users
services that passes them through to reva. These configuration parameters
are all related to the new user disable mechanism that @Excds added to
the graph API, and that I added to reva.
* ocis_keycloak: Add ocis roles as realm roles
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".
* Expose realm_roles in "roles" claim of id tokens and userinfo
* Remove unused code from oidc module
* Use already existing Metadata type for jwks discovery
ocis-pkg/oidc already provides a type for the oidc metadata. Switch to
that instead of defining yet another custom type.
* oidc: Add helper to get IDP metadata
* make benchmark clients remember cookies
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add --rate option for benchmark clients
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* create a new request on every request to fix vanishing data
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use corret minute unit
Co-authored-by: Florian Schade <f.schade@icloud.com>
---------
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Florian Schade <f.schade@icloud.com>
* Configure the file metadata cache for storage-users
* Also configure the cache for the system storage
* Update services/storage-system/pkg/config/config.go
Co-authored-by: Martin <github@diemattels.at>
* Improve documentation
* Bump reva to pull in the latest ini backend changes
* Fix missing comment
* Update services/storage-users/README.md
Co-authored-by: Martin <github@diemattels.at>
* Update services/storage-system/README.md
Co-authored-by: Martin <github@diemattels.at>
* Tweak docs
* Apply suggestions from code review
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Martin <github@diemattels.at>
---------
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* A new config option for disabling users with the options "none", "attribute" and "group".
* When set to "none", there will be no enabledAttribute returned in user info and trying to change enabledAttribute will return an error
* Disable/enable group name DN as config parameter
* Adding/removing users to specified group on user update
* Changing log level for service initialization failure to error
* Adding helper methods to check if user is enabled/disabled + tests
Fixes#5554
This add support for combining filters on the /users with a logical "or" operation.
E.g. the filter:
"filter=(memberOf/any(m:m/id eq 509a9dcd-bb37-4f4f-a01a-19dca27d9cfa) or memberOf/any(m:m/id eq 262982c1-2362-4afa-bfdf-8cbfef64a06e)"
will return all users that are a member of either of the referenced group.
Closes: #5667
