* enhancement: add mimetype to file extension rego function
add rego function to detect the resource extension by mimetype, at the same time this pr introduces a custom ocis namespace for the rego functions.
* enhancement: add custom logPrinter to opa policies service
* fix: imports and test
TypeByExtension which is used to resolve extension by mimetype relies on MIME-info database which differs at my local env (macos <-> drone). This is fixed by using one of the builtinTypes for testing
---------
Signed-off-by: Christian Richter <crichter@owncloud.com>
Co-authored-by: Christian Richter <crichter@owncloud.com>
After commit 52951b42b0 we need to set PROXY_USER_CS3_CLAIM and
PROXY_USER_OIDC_CLAIM for the keycloak example to still work.
Also update release notes to mentions the changed default.
when uploading files via uppy (tus), the path does not give any information about the file, PUT contains the filename in the path, tus POST not.
this pr extracts the HeaderUploadMetadata from that POST request and enhances the policies grpc environment request with that information.
Therefore, the policies service is now able to evaluate proxy requests for tus uploads too.
Use the new PROXY_ROLE_ASSIGNMENT_DRIVER "oidc". This also means we can
now run with OCIS_ADMIN_USER_ID being empty. So that no admin user will
be created on startup and no default role assignment will happen.
By setting GRAPH_ASSIGN_DEFAULT_USER_ROLE to "false", we make sure to
not create the default "user" role assignment when auto provisioning a
user.
* add policies service
add policies proxy middleware
add policies event service
add policies grpc service
prepare ci and git environments (ci, make, readme, doc)
* add webfinger to the drone conf
* fix docs
remove not used virus scan postprocessing step
* relocate example rego file
implicitly enable and disable proxy and postprocessing policy checking by setting the query.
update configuration descriptions
* move policies
update readme
* use converter func to convert pp environment to actual environment
expose and test custom rego functions
add engine unit tests
add opa unit tests
update policies readme
Co-authored-by: Martin <github@diemattels.at>
* relocate sample policies to the deployments folder
change and document policies service port
* update index.md and small fix
* add health command
add version command
add debug server
---------
Co-authored-by: Martin <github@diemattels.at>
* ocis_keycloak: Add ocis roles as realm roles
This adds the roles ocisAdmin, ocisSpaceAdmin, ocisUser and ocisGuest as realm roles
to the the oCIS realm. It also assigns those roles to the demo users.
Additionally the missing demo user "Katherine Johnson" is added with the role of
"ocisSpaceAdmin".
* Expose realm_roles in "roles" claim of id tokens and userinfo
Switch away from the unmaintained osixia image to the more uptodate
bitnami image.
Also update the owncloud schema to include the latest changes
Fixes#5636
Fix for
`ERROR: The Compose file './docker-compose.yml' is invalid because:
services.ocis.environment.NOTIFICATIONS_SMTP_INSECURE contains true, which is an invalid type, it should be a string, number, or a null`
When refint is enabled on an LDAP server, it will rename all references
to an entity if its DN is modified. If this happens, the member
renames will not be needed, and will also return an error.
This PR does the following:
* Detects the attribute error, and don't return an error.
* Log that the server has been misconfigured.
* Add config value that skips renaming if set.
