When using an external user management we need to allow users to self-assign
the default role. This adds an explicit check for that to the settings service.
This also means we no longer need to fiddle with the account id in the proxy
upon first login.
Fixes: #5045
This we moved the settings service to the metadata storage with its
own gateway and permissions service, we no longer need the hardcoded
initial replies in order to bootstrap the role assignments.
This fixes a panic in the settings service when the first request to
the service is a read request on anything else but an existing role or
assignment.
* Filter hidden files from search results
* Add changelog
* Do not filter hidden files by default
* Set the hidden fields when converting fields to an entity
* Fix test
* use min tls 1.2
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add changelog
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* readme for the auth-basic service
Signed-off-by: jkoberg <jkoberg@owncloud.com>
* Apply suggestions from code review
* Apply suggestions from code review
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* Update services/auth-basic/README.md
Co-authored-by: Martin <github@diemattels.at>
Signed-off-by: jkoberg <jkoberg@owncloud.com>
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
TLS for the services can be configure by setting the "OCIS_HTTP_TLS_ENABLED",
"OCIS_HTTP_TLS_CERTIFICATE" and "OCIS_HTTP_TLS_KEY" environment variables.
Currently the ocis proxy is this only service that directly accesses backend
services. It determines whether to use TLS or not by looking a the new registry
metadata "use_tls". As specific CA Cert for certificate verification
can be set with the "PROXY_HTTPS_CACERT" environment variable.
This makes the default configuration somewhat easier. There doesn't
seem to be a specific reason why some services were still using a
static backend configuration.
* Introduce TLS Settings for go-micro based grpc services and clients
TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.
TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.
By default TLS is disabled.
Co-authored-by: Martin <github@diemattels.at>
* Unify TLS configuration for all grpc services
All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.
TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.
TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.
There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Martin <github@diemattels.at>
Michael Barz