When using metadata backend the default role assignments for the demo users
where create independed of whether the demo users are were actually requested
to be created. This also fixes the name of the env var for enabling the demo
users. This was missed when moving from the accounts service to graph/idm for
user management.
When using the metadata storage (the current default) the default role
assignments were recreated at every start of the settings service. Leading to
duplicated role assignments
Fixes: #3432
* add policies service
add policies proxy middleware
add policies event service
add policies grpc service
prepare ci and git environments (ci, make, readme, doc)
* add webfinger to the drone conf
* fix docs
remove not used virus scan postprocessing step
* relocate example rego file
implicitly enable and disable proxy and postprocessing policy checking by setting the query.
update configuration descriptions
* move policies
update readme
* use converter func to convert pp environment to actual environment
expose and test custom rego functions
add engine unit tests
add opa unit tests
update policies readme
Co-authored-by: Martin <github@diemattels.at>
* relocate sample policies to the deployments folder
change and document policies service port
* update index.md and small fix
* add health command
add version command
add debug server
---------
Co-authored-by: Martin <github@diemattels.at>
* graph: Allow updating "surname" and "givenName" of users
Also use attribute getters to lookup the attribute Values instead of fiddling around
with pointers.
* graph: Allow updating education users
Update suppport for education users was still missing.
This PR adds configuration parameters to the auth-basic and users
services that passes them through to reva. These configuration parameters
are all related to the new user disable mechanism that @Excds added to
the graph API, and that I added to reva.
* Remove unused code from oidc module
* Use already existing Metadata type for jwks discovery
ocis-pkg/oidc already provides a type for the oidc metadata. Switch to
that instead of defining yet another custom type.
* oidc: Add helper to get IDP metadata
David Christofas