mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-01 09:51:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into ocis-697

Browse Source
This commit is contained in:
Alex Unger
2020-10-29 17:50:29 +01:00
parent 6761f70959 d34b5dcf92
commit 07be4c92d5
33 changed files with 1816 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
.drone.star
View File

@@ -15,12 +15,12 @@ config = {
},
'apiTests': {
'coreBranch': 'master',
'coreCommit': '6806e327048fa107678536f9eded5166eb781ba3',
'coreCommit': '47365d22af95d90fcbd7705572f715a7b93d31b6',
'numberOfParts': 6
},
'uiTests': {
'phoenixBranch': 'master',
'phoenixCommit': '2fabcb8bf376dbbdff9bb7e787dbee5c334b4a7b',
'phoenixCommit': 'f427a438e12a23e7a32f7864763787e756287461',
'suites': {
'phoenixWebUI1': [
'webUICreateFilesFolders',
@@ -67,7 +67,11 @@ config = {
'webUISharingFolderAdvancedPermissionMultipleUsers',
],
}
}
},
'rocketchat': {
'channel': 'ocis-internal',
'from_secret': 'private_rocketchat',
},
}
def getTestSuiteNames():
keys = config['modules'].keys()
@@ -90,13 +94,11 @@ def getCoreApiTestPipelineNames():
return names
def getDependsOnAllTestPipelines(ctx):
dependencies = getTestSuiteNames() + [ 'upload-coverage' ]
if ctx.build.ref != "refs/heads/master":
dependencies = getTestSuiteNames() + [
'upload-coverage',
'localApiTests-owncloud-storage',
'localApiTests-ocis-storage',
] + getCoreApiTestPipelineNames() + getUITestSuiteNames() + ['accountsUITests']
dependencies = getTestSuiteNames() + [
'upload-coverage',
'localApiTests-owncloud-storage',
'localApiTests-ocis-storage',
] + getCoreApiTestPipelineNames() + getUITestSuiteNames() + ['accountsUITests']
return dependencies
@@ -121,12 +123,18 @@ def main(ctx):
readme(ctx),
badges(ctx),
docs(ctx),
updateDeployment(ctx)
updateDeployment(ctx),
notify(ctx),
]
if '[docs-only]' in (ctx.build.title + ctx.build.message):
pipelines = docs(ctx)
pipelines['depends_on'] = []
doc_pipelines = docs(ctx)
doc_pipelines['depends_on'] = []
notify_pipelines = notify(ctx)
notify_pipelines['depends_on'] = ['docs']
pipelines = [ doc_pipelines, notify_pipelines ]
else:
pipelines = before + stages + after
@@ -376,6 +384,7 @@ def localApiTests(ctx, coreBranch = 'master', coreCommit = '', storage = 'ownclo
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/v*',
'refs/pull/**',
],
@@ -432,6 +441,7 @@ def coreApiTests(ctx, coreBranch = 'master', coreCommit = '', part_number = 1, n
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/v*',
'refs/pull/**',
],
@@ -512,6 +522,7 @@ def uiTestPipeline(suiteName, phoenixBranch = 'master', phoenixCommit = '', stor
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/v*',
'refs/pull/**',
],
@@ -604,6 +615,7 @@ def accountsUITests(ctx, phoenixBranch, phoenixCommit, storage = 'owncloud'):
],
'trigger': {
'ref': [
'refs/heads/master',
'refs/tags/v*',
'refs/pull/**',
],
@@ -858,8 +870,7 @@ def binary(ctx, name):
'image': 'toolhippie/calens:latest',
'pull': 'always',
'commands': [
'cd ocis',
'calens --version %s -o dist/CHANGELOG.md' % ctx.build.ref.replace("refs/tags/v", "").split("-")[0],
'calens --version %s -o ocis/dist/CHANGELOG.md' % ctx.build.ref.replace("refs/tags/v", "").split("-")[0],
],
'when': {
'ref': [
@@ -1320,6 +1331,42 @@ def updateDeployment(ctx):
}
}
def notify(ctx):
return {
'kind': 'pipeline',
'type': 'docker',
'name': 'chat-notifications',
'clone': {
'disable': True
},
'steps': [
{
'name': 'notify-rocketchat',
'image': 'plugins/slack:1',
'pull': 'always',
'settings': {
'webhook': {
'from_secret': config['rocketchat']['from_secret']
},
'channel': config['rocketchat']['channel']
},
'when': {
'status': [
'failure',
],
},
},
],
'depends_on': [],
'trigger': {
'ref': [
'refs/heads/master',
'refs/heads/release*',
'refs/tags/**',
],
}
}
def frontend(module):
return [
{

21
CHANGELOG.md
View File

@@ -22,6 +22,7 @@
* Change - Initial release of basic version: [#2](https://github.com/owncloud/ocis/issues/2)
* Change - Add cli-commands to manage accounts: [#115](https://github.com/owncloud/product/issues/115)
* Change - Start ocis-accounts with the ocis server command: [#25](https://github.com/owncloud/product/issues/25)
* Change - Properly style konnectd consent page: [#754](https://github.com/owncloud/ocis/pull/754)
* Change - Switch over to a new custom-built runtime: [#287](https://github.com/owncloud/ocis/pull/287)
* Change - Remove username field in OCS: [#709](https://github.com/owncloud/ocis/pull/709)
* Change - Account management permissions for Admin role: [#124](https://github.com/owncloud/product/issues/124)
@@ -32,6 +33,7 @@
* Change - Bring oC theme: [#698](https://github.com/owncloud/ocis/pull/698)
* Change - Update phoenix to v0.20.0: [#674](https://github.com/owncloud/ocis/pull/674)
* Change - Update phoenix to v0.21.0: [#728](https://github.com/owncloud/ocis/pull/728)
* Change - Update phoenix to v0.22.0: [#757](https://github.com/owncloud/ocis/pull/757)
* Change - Update reva config: [#336](https://github.com/owncloud/ocis/pull/336)
* Change - Clarify storage driver env vars: [#729](https://github.com/owncloud/ocis/pull/729)
* Change - Settings and accounts appear in the user menu: [#656](https://github.com/owncloud/ocis/pull/656)
@@ -251,6 +253,15 @@
https://github.com/owncloud/product/issues/25
https://github.com/owncloud/ocis/pull/239/files
* Change - Properly style konnectd consent page: [#754](https://github.com/owncloud/ocis/pull/754)
Tags: konnectd
After bringing our theme into konnectd, we've had to adjust the styles of the consent page so the
text is visible and button reflects our theme.
https://github.com/owncloud/ocis/pull/754
* Change - Switch over to a new custom-built runtime: [#287](https://github.com/owncloud/ocis/pull/287)
We moved away from using the go-micro runtime and are now using [our own
@@ -365,6 +376,16 @@
https://github.com/owncloud/ocis/pull/728
https://github.com/owncloud/phoenix/releases/tag/v0.21.0
* Change - Update phoenix to v0.22.0: [#757](https://github.com/owncloud/ocis/pull/757)
Tags: web
We updated phoenix to v0.22.0. Please refer to the changelog (linked) for details on the
phoenix release.
https://github.com/owncloud/ocis/pull/757
https://github.com/owncloud/phoenix/releases/tag/v0.22.0
* Change - Update reva config: [#336](https://github.com/owncloud/ocis/pull/336)
* EOS homes are not configured with an enable-flag anymore, but with a dedicated storage driver.

7
changelog/unreleased/konnectd-consent-page Normal file
View File

@@ -0,0 +1,7 @@
Change: Properly style konnectd consent page
Tags: konnectd
After bringing our theme into konnectd, we've had to adjust the styles of the consent page so the text is visible and button reflects our theme.
https://github.com/owncloud/ocis/pull/754

8
changelog/unreleased/update-phoenix-0.22.0 Normal file
View File

@@ -0,0 +1,8 @@
Change: Update phoenix to v0.22.0
Tags: web
We updated phoenix to v0.22.0. Please refer to the changelog (linked) for details on the phoenix release.
https://github.com/owncloud/ocis/pull/757
https://github.com/owncloud/phoenix/releases/tag/v0.22.0

53
deployments/examples/ocis_external_konnectd/README.md Normal file
View File

@@ -0,0 +1,53 @@
# Deployment scenario ocis with external konnectd service on separate node and traefik as reverse proxy
## Setup on ocis server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for ocisnode to /opt
`cp deployment/examples/ocis_external_konnectd/ocisnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocisnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/ocisnode/.env`
* Change into deployment folder
`cd /opt/ocisnode`
* Start application stack
`docker-compose up -d`
## Setup on idp server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for idpnode to /opt
`cp deployment/examples/ocis_external_konnectd/idpnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/idpnode/.env`
* Overwrite redirect uri with your-ocis.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/idpnode`
* Start application stack
`docker-compose up -d`

2
deployments/examples/ocis_external_konnectd/idpnode/.env Normal file
View File

@@ -0,0 +1,2 @@
OCIS_DOMAIN=ocis.domain.com
IDP_DOMAIN=idp.domain.com

18
deployments/examples/ocis_external_konnectd/idpnode/config/identifier-registration.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com

59
deployments/examples/ocis_external_konnectd/idpnode/docker-compose.yml Normal file
View File

@@ -0,0 +1,59 @@
version: '3.7'
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
networks:
- idpnet
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.idp.acme.tlschallenge=true"
- "--certificatesresolvers.idp.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.idp.acme.email=postmaster@${IDP_DOMAIN}"
- "--certificatesresolvers.idp.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
konnectd:
container_name: konnectd
image: owncloud/ocis-konnectd:latest
networks:
- idpnet
ports:
- "9130:9130"
volumes:
- ./config:/etc/ocis
environment:
OCIS_LOG_LEVEL: debug
KONNECTD_ISS: https://${IDP_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
KONNECTD_LOG_LEVEL: debug
KONNECTD_TLS: '0'
LDAP_URI: ldap://${OCIS_DOMAIN}:9125
LDAP_BINDDN: cn=konnectd,ou=sysusers,dc=example,dc=org
LDAP_BINDPW: konnectd
LDAP_BASEDN: ou=users,dc=example,dc=org
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: cn
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE=: n
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: (objectClass=posixaccount)
labels:
- "traefik.enable=true"
- "traefik.http.routers.idp.rule=Host(`${IDP_DOMAIN}`)"
- "traefik.http.routers.idp.entrypoints=websecure"
- "traefik.http.routers.idp.tls.certresolver=idp"
- "traefik.docker.network=idpnet"
- "traefik.port=9130"
- "traefik.protocol=https"

2
deployments/examples/ocis_external_konnectd/ocisnode/.env Normal file
View File

@@ -0,0 +1,2 @@
OCIS_DOMAIN=ocis.domain.com
IDP_DOMAIN=idp.domain.com

61
deployments/examples/ocis_external_konnectd/ocisnode/docker-compose.yml Normal file
View File

@@ -0,0 +1,61 @@
version: '3.7'
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
networks:
- ocisnet
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=postmaster@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
ocis:
container_name: ocis
image: owncloud/ocis:latest
tty: true
privileged: true
stdin_open: true
ports:
- 9200:9200
- 9125:9125
hostname: ocis
networks:
- ocisnet
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_OIDC_ISSUER: https://${IDP_DOMAIN}
PROXY_OIDC_INSECURE: "true"
PROXY_TLS: "false"
GRAPH_OIDC_ENDPOINT: https://${IDP_DOMAIN}
REVA_OIDC_ISSUER: https://${IDP_DOMAIN}
REVA_LDAP_IDP: https://${IDP_DOMAIN}
PHOENIX_OIDC_AUTHORITY: https://${IDP_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${IDP_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
OCIS_LOG_LEVEL: debug
REVA_TRANSFER_EXPIRES: 86400
REVA_FRONTEND_URL: https://${OCIS_DOMAIN}
REVA_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.port=9200"
- "traefik.protocol=https"

3
deployments/examples/ocis_oc10_backend/.env Normal file
View File

@@ -0,0 +1,3 @@
COMPOSE_PROJECT_NAME=bridge
OCIS_DOMAIN=ocis.domain.com
OC10_DOMAIN=oc10.domain.com

30
deployments/examples/ocis_oc10_backend/README.md Normal file
View File

@@ -0,0 +1,30 @@
# Deployment scenario ocis with oc10 backend and traefik as reverse proxy
## Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_oc10_backend /opt/`
* Overwrite OCIS_DOMAIN and OC10_DOMAIN in .env with your-ocis.domain.com and your-oc10.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/.env`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/.env`
* Overwrite redirect uris with your-ocis.domain.com and your-oc10.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_oc10_backend`
* Start application stack
`docker-compose up -d`

159
deployments/examples/ocis_oc10_backend/docker-compose.yml Normal file
View File

@@ -0,0 +1,159 @@
version: '3.7'
volumes:
files:
driver: local
mysql:
driver: local
backup:
driver: local
redis:
driver: local
tmp:
driver: local
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
# Ocis certificate resolver
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
# OC10 certificate resolver
- "--certificatesresolvers.oc10.acme.tlschallenge=true"
- "--certificatesresolvers.oc10.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.oc10.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.oc10.acme.storage=/letsencrypt/acme-oc10.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
owncloud:
build:
context: ./oc10
dockerfile: Dockerfile
expose:
- "8080"
depends_on:
- db
- redis
environment:
OWNCLOUD_DOMAIN: ${OC10_DOMAIN}
OWNCLOUD_DB_TYPE: mysql
OWNCLOUD_DB_NAME: owncloud
OWNCLOUD_DB_USERNAME: owncloud
OWNCLOUD_DB_PASSWORD: owncloud
OWNCLOUD_DB_HOST: db
OWNCLOUD_ADMIN_USERNAME: admin
OWNCLOUD_ADMIN_PASSWORD: admin
OWNCLOUD_MYSQL_UTF8MB4: "true"
OWNCLOUD_REDIS_ENABLED: "true"
OWNCLOUD_REDIS_HOST: redis
OWNCLOUD_DEBUG: "true"
OWNCLOUD_TRUSTED_PROXIES: ${OC10_DOMAIN}
OWNCLOUD_OVERWRITE_PROTOCOL: https
OWNCLOUD_OVERWRITE_HOST: ${OC10_DOMAIN}
OWNCLOUD_APPS_ENABLE: "openidconnect,oauth2,user_ldap,graphapi"
OWNCLOUD_LOG_LEVEL: 0
volumes:
- files:/mnt/data
- tmp:/tmp/shared
labels:
- "traefik.enable=true"
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN}`)"
- "traefik.http.routers.oc10.entrypoints=websecure"
- "traefik.http.routers.oc10.tls.certresolver=oc10"
- "traefik.http.services.oc10.loadbalancer.server.port=8080"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
ocis:
image: owncloud/ocis:latest
ports:
- 9200:9200
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_CONFIG_FILE: "/etc/ocis/proxy.json"
PROXY_TLS: "false"
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_OIDC_INSECURE: "true"
PROXY_AUTOPROVISION_ACCOUNTS: "true"
KONNECTD_ISS: https://${OCIS_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/config/identifier-registration.yml"
KONNECTD_TLS: 0
KONNECTD_SIGNING_KID: super
GRAPH_OIDC_ENDPOINT: https://${OC10_DOMAIN}/apps/graphapi/v1.0
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
STORAGE_STORAGE_METADATA_PROVIDER_DRIVER: owncloud # Storage fails start up if backend owncloud is selected and this env vars isn't set
STORAGE_STORAGE_METADATA_DATA_PROVIDER_DRIVER: owncloud # Storage fails start up if backend owncloud is selected and this env vars isn't set
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
GLAUTH_BACKEND_BASEDN: dc=example,dc=org
ACCOUNTS_STORAGE_DISK_PATH: /var/tmp/ocis-accounts # Accounts fails to start when cs3 backend is used atm
# Konnectd ldap setup
LDAP_URI: ldap://localhost:9125
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
LDAP_BASEDN: "dc=example,dc=org"
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: uid
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE: givenName
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: "(objectClass=posixaccount)"
volumes:
- ./ocis:/config
- ./ocis/proxy-config.json:/etc/ocis/proxy.json
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
db:
image: webhippie/mariadb:latest
restart: always
environment:
MARIADB_ROOT_PASSWORD: owncloud
MARIADB_USERNAME: owncloud
MARIADB_PASSWORD: owncloud
MARIADB_DATABASE: owncloud
MARIADB_MAX_ALLOWED_PACKET: 128M
MARIADB_INNODB_LOG_FILE_SIZE: 256M
healthcheck:
test: ["CMD", "/usr/bin/healthcheck"]
interval: 30s
timeout: 10s
retries: 5
volumes:
- mysql:/var/lib/mysql
- backup:/var/lib/backup
redis:
image: webhippie/redis:latest
environment:
- REDIS_DATABASES=1
volumes:
- redis:/var/lib/redis

3
deployments/examples/ocis_oc10_backend/oc10/Dockerfile Normal file
View File

@@ -0,0 +1,3 @@
FROM owncloud/server:10
ADD apps/graphapi-0.1.0.tar.gz /var/www/owncloud/apps/
COPY overlay /

BIN
deployments/examples/ocis_oc10_backend/oc10/apps/graphapi-0.1.0.tar.gz Normal file
View File

Binary file not shown.

127
deployments/examples/ocis_oc10_backend/ocis/identifier-registration.yml Normal file
View File

@@ -0,0 +1,127 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/
- https://ocis.domain.com/
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
- id: oc10
name: OC10
application_type: web
secret: super
insecure: yes
trusted: yes
redirect_uris:
- https://oc10.domain.com/apps/openidconnect/redirect/
- https://oc10.domain.com/apps/openidconnect/redirect
origins:
- http://oc10.domain.com
- https://oc10.domain.com
- id: ocis-explorer.js
name: OCIS Graph Explorer
trusted: yes
application_type: web
insecure: yes
- id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
application_type: native
insecure: true
- id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
application_type: native
redirect_uris:
- oc://android.owncloud.com
- id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
application_type: native
redirect_uris:
- oc://ios.owncloud.com
- oc.ios://ios.owncloud.com
# - id: playground-trusted.js
# name: Trusted OIDC Playground
# trusted: yes
# application_type: web
# redirect_uris:
# - https://my-host:8509/
# origins:
# - https://my-host:8509
# - id: playground-trusted.js
# name: Trusted Insecure OIDC Playground
# trusted: yes
# application_type: web
# insecure: yes
# - id: client-with-keys
# secret: super
# application_type: native
# redirect_uris:
# - http://localhost
# trusted_scopes:
# - konnect/guestok
# - kopano/kwm
# jwks:
# keys:
# - kty: EC
# use: sig
# kid: client-with-keys-key-1
# crv: P-256
# x: RTZpWoRbjwX1YavmSHVBj6Cy3Yzdkkp6QLvTGB22D0c
# y: jeavjwcX0xlDSchFcBMzXSU7wGs2VPpNxWCwmxFvmF0
# request_object_signing_alg: ES256
# - id: first
# secret: lala
# application_type: native
# redirect_uris:
# - my://app
# - id: second
# secret: lulu
# application_type: native
# redirect_uris:
# - http://localhost
# External authority registry.
authorities:
# - id: my-univention
# name: Univention
# client_id: kopano-konnect
# authority_type: oidc
# jwks:
# keys:
# - kty: EC
# use: sig
# kid: example-key-1
# crv: P-256
# x: RTZpWoRbjwX1YavmSHVBj6Cy3Yzdkkp6QLvTGB22D0c
# y: jeavjwcX0xlDSchFcBMzXSU7wGs2VPpNxWCwmxFvmF0
# default: yes
# authorization_endpoint: https://my-univention/signin/v1/identifier/_/authorize
# response_type: id_token
# scopes:
# - openid
# - profile
# identity_claim_name: preferred_username
# identity_aliases:
# external-user-a: local-user-a
# external-user-b: local-user-b
# identity_alias_required: true

108
deployments/examples/ocis_oc10_backend/ocis/proxy-config.json Normal file
View File

@@ -0,0 +1,108 @@
{
"HTTP": {
"Namespace": "com.owncloud"
},
"policy_selector": {
"migration": {
"acc_found_policy" : "reva",
"acc_not_found_policy": "oc10",
"unauthenticated_policy": "oc10"
}
},
"policies": [
{
"name": "reva",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://konnectd:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://konnectd:9130"
},
{
"endpoint": "/signin/",
"backend": "http://konnectd:9130"
},
{
"endpoint": "/ocs/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/remote.php/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/dav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/webdav/",
"backend": "http://localhost:9140"
},
{
"endpoint": "/status.php",
"backend": "http://localhost:9140"
},
{
"endpoint": "/index.php/",
"backend": "http://localhost:9140"
}
]
},
{
"name": "oc10",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
"endpoint": "/.well-known/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/konnect/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/signin/",
"backend": "http://localhost:9130"
},
{
"endpoint": "/ocs/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/remote.php/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/dav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/webdav/",
"backend": "http://owncloud:8080",
"apache-vhost": true
},
{
"endpoint": "/status.php",
"backend": "http://owncloud:8080"
},
{
"endpoint": "/index.php/",
"backend": "http://owncloud:8080"
}
]
}
]
}

1
deployments/examples/ocis_traefik/.env Normal file
View File

@@ -0,0 +1 @@
OCIS_DOMAIN=ocis.domain.com

27
deployments/examples/ocis_traefik/README.md Normal file
View File

@@ -0,0 +1,27 @@
# Deployment scenario ocis with traefik
## Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_traefik /opt/`
* Overwrite OCIS_DOMAIN in .env with your.domain.com
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/.env`
* Overwrite redirect uri with your.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_traefik`
* Start application stack
`docker-compose up -d`

18
deployments/examples/ocis_traefik/config/identifier-registration.yml Normal file
View File

@@ -0,0 +1,18 @@
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com

64
deployments/examples/ocis_traefik/docker-compose.yml Normal file
View File

@@ -0,0 +1,64 @@
version: "3.7"
services:
traefik:
image: "traefik:v2.2"
container_name: "traefik"
networks:
- ocisnet
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
ocis:
container_name: ocis
image: owncloud/ocis:latest
ports:
- 9200:9200
hostname: ocis
networks:
- ocisnet
volumes:
- ./config:/etc/ocis
environment:
OCIS_DOMAIN: ${OCIS_DOMAIN}
PROXY_TLS: "false"
PROXY_HTTP_ADDR: 0.0.0.0:9200
PROXY_OIDC_ISSUER: https://${OCIS_DOMAIN}
PROXY_OIDC_INSECURE: "true"
KONNECTD_ISS: https://${OCIS_DOMAIN}
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
KONNECTD_TLS: 1
GRAPH_OIDC_ENDPOINT: https://${OCIS_DOMAIN}
PHOENIX_OIDC_AUTHORITY: https://${OCIS_DOMAIN}
PHOENIX_OIDC_METADATA_URL: https://${OCIS_DOMAIN}/.well-known/openid-configuration
PHOENIX_WEB_CONFIG_SERVER: https://${OCIS_DOMAIN}
STORAGE_OIDC_ISSUER: https://${OCIS_DOMAIN}
STORAGE_TRANSFER_EXPIRES: 86400
STORAGE_FRONTEND_URL: https://${OCIS_DOMAIN}
STORAGE_DATAGATEWAY_URL: https://${OCIS_DOMAIN}/data
STORAGE_LDAP_IDP: https://${OCIS_DOMAIN}
labels:
- "traefik.enable=true"
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
- "traefik.http.routers.ocis.entrypoints=websecure"
- "traefik.http.routers.ocis.tls.certresolver=ocis"
- "traefik.http.services.ocis.loadbalancer.server.port=9200"
- "traefik.docker.network=ocisnet"
- "traefik.protocol=https"
networks:
ocisnet:

194
docs/ocis/deployment/ocis_external_konnectd.md Normal file
View File

@@ -0,0 +1,194 @@
---
title: "ocis with konnectd on external node deployment scenario"
date: 2020-10-12T14:39:00+01:00
weight: 26
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_external_konnectd.md
---
{{< toc >}}
This scenario shows how to setup ocis with konnectd as idp running on a separate node. Both node are having separate domains pointing on the servers.
## Overview
* ocis and konnectd running on linux nodes behind traefik as reverse proxy
* Cloudflare DNS is resolving the domains
* Letsencrypt provides ssl certificates for the domains
* Traefik docker container terminates ssl and forwards http requests to the services
## Nodes
### Requirements
* Server running Ubuntu 20.04 is public availible with a static ip address
* Two A-records for both domains are pointing on the servers ip address
* Create user
`$ sudo adduser username`
* Add user to sudo group
`$ sudo usermod -aG sudo username`
* Add users pub key to `~/.ssh/authorized_keys`
* Setup ssh to permit authorisation only by ssh key
* Install docker
`$ sudo apt install docker.io`
* Add user to docker group
`$ sudo usermod -aG docker username`
* Install docker-compose via
`$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose`
(docker compose version 1.27.4 as of today)
* Make docker-compose executable
`$ sudo chmod +x /usr/local/bin/docker-compose`
* Environment variables for OCIS Stack are provided by .env file
### Setup on ocis server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for ocisnode to /opt
`cp deployment/examples/ocis_external_konnectd/ocisnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocisnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/ocisnode/.env`
* Change into deployment folder
`cd /opt/ocisnode`
* Start application stack
`docker-compose up -d`
### Setup on idp server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example sub folder for idpnode to /opt
`cp deployment/examples/ocis_external_konnectd/idpnode /opt/`
* Overwrite OCIS_DOMAIN and IDP_DOMAIN in .env with your-ocis.domain.com and your-idp.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/.env`
`sed -i 's/idp.domain.com/your-idp.domain.com/g' /opt/idpnode/.env`
* Overwrite redirect uri with your-ocis.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/idpnode/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/idpnode`
* Start application stack
`docker-compose up -d`
### Stack
On both nodes, a traefik dokcer container is terminating ssl and forwards the http requests to the services. The nodes are named according to their services.
### Config
#### Repository structure
```bash
ocis_external_konnectd # rootfolder
└───ocisnode
│ │ docker-compose.yml
│ │ .env
└───idpnode
│ docker-compose.yml
│ .env
└───config
│ identifier-registration.yml
```
Both subfolders contain the dockr-compose files including additionaly conf files if required. The content of both folders has to be deployed on each node.
#### Traefik
Traefik is set up similar to the traefik example on both nodes.
The certificate resolvers are named similar to their services and behave exactly like in the other examples.
#### Konnectd
Konnectd as Openid provider needs the redirect url's to point to ocis.
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
```
Behind traefik, http is used to communicate between the services. Setting KONNECTD_TLS enforces it.
```yaml
KONNECTD_TLS: '0'
```
In order to resolve users from glauth service on ocis node, Konnectd needs ldap settings to work properly.
```yaml
LDAP_URI: ldap://${OCIS_DOMAIN}:9125
LDAP_BINDDN: cn=konnectd,ou=sysusers,dc=example,dc=org
LDAP_BINDPW: konnectd
LDAP_BASEDN: ou=users,dc=example,dc=org
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: cn
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE=: n
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: (objectClass=posixaccount)
```
#### ocis
On the ocis node, the setting is following a standard scenario, except, that port 9125 needs to be exposed for the idp node to resolve ldap querries from Konnectd.
```yaml
ocis:
...
ports:
- 9200:9200
- 9125:9125
...
```

289
docs/ocis/deployment/ocis_oc10_backend.md Normal file
View File

@@ -0,0 +1,289 @@
---
title: "ocis frontend with oc10 backend deployment scenario"
date: 2020-10-12T14:04:00+01:00
weight: 25
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_frontend_oc10_backend.md
---
{{< toc >}}
This deployment scenario shows how to use ocis as frontend for a existing owncloud 10 installation.
ocis will allow owncloud 10 users to log in and work with their files.
## Overview
### Node Setup
* ocis and oc10 running as docker containers behind traefik as reverse proxy
* Cloudflare DNS is resolving one domain for ocis and one for oc10
* Letsencrypt is providing valid ssl certificate for both domains
## Node Deployment
### Requirements
* Server running Ubuntu 20.04 is public availible with a static ip address
* Two A-records for both domains are pointing on the servers ip address
* Create user
`$ sudo adduser username`
* Add user to sudo group
`$ sudo usermod -aG sudo username`
* Add users pub key to `~/.ssh/authorized_keys`
* Setup ssh to permit authorisation only by ssh key
* Install docker
`$ sudo apt install docker.io`
* Add user to docker group
`$ sudo usermod -aG docker username`
* Install docker-compose via
`$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose`
(docker compose version 1.27.4 as of today)
* Make docker-compose executable
`$ sudo chmod +x /usr/local/bin/docker-compose`
* Environment variables for OCIS Stack are provided by .env file
### Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_oc10_backend /opt/`
* Overwrite OCIS_DOMAIN and OC10_DOMAIN in .env with your-ocis.domain.com and your-oc10.domain.com
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/.env`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/.env`
* Overwrite redirect uris with your-ocis.domain.com and your-oc10.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your-ocis.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
`sed -i 's/oc10.domain.com/your-oc10.domain.com/g' /opt/ocis_oc10_backend/ocis/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_oc10_backend`
* Start application stack
`docker-compose up -d`
### Stack
The application stack is separated in docker containers. One is a traefik proxy which is terminating ssl and forwards the https requests to the internal docker network. Additional, traefik is creating two certificates that are stored in the file `letsencrypt/acme.json` of the users home directory. In a local setup, this traefik is not included.
The next container is the ocis server which is exposing the webservice on port 9200 to traefic and provides the oidc provider konnectd to owncloud.
oc10 is running as a three container setup out of owncloud-server, a db container and a redis container as memcache storage.
### Config
#### Repository structure
```bash
ocis_oc10_backend # rootfolder
│ .env
│ docker-compose.yml
└───ocis #ocis related config files
│ │ identifier-registration.yml
│ │ proxy-config.json
└───oc10 #owncloud 10 related files
│ Dockerfile
└───apps
│ graphapi-0.1.0.tar.gz
```
#### Traefik
In this deployment scenario, traefik requests letsencrypt to issue 2 ssl certificates, so two certificate resolver are needed. These are named according to the services, ocis for the ocis container and oc10 for the oc10 container.
```yaml
...
traefik:
image: "traefik:v2.2"
container_name: "traefik"
command:
...
# Ocis certificate resolver
- "--certificatesresolvers.ocis.acme.tlschallenge=true"
- "--certificatesresolvers.ocis.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.ocis.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.ocis.acme.storage=/letsencrypt/acme-ocis.json"
# OC10 certificate resolver
- "--certificatesresolvers.oc10.acme.tlschallenge=true"
- "--certificatesresolvers.oc10.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.oc10.acme.email=user@${OCIS_DOMAIN}"
- "--certificatesresolvers.oc10.acme.storage=/letsencrypt/acme-oc10.json"
...
```
Both container's traefik labels have to match with the correct resolvers and domains
```yaml
ocis:
...
labels:
...
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
...
```
```yaml
oc10:
...
labels:
...
- "traefik.http.routers.oc10.rule=Host(`${OC10_DOMAIN}`)"
...
```
A folder for letsencypt to store the certificate needs to be created
`$ mkdir ~/letsencrypt`
This folder is bind to the docker container and the certificate is persistently stored into it.
#### ocis
Since ssl shall be terminated from traefik and inside of the docker network the services shall comunicate via http, `PROXY_TLS: "false"` as environment parameter for ocis has to be set.
For ocis 2 config files are provided.
```bash
└───ocis #ocis related config files
│ │ identifier-registration.yml
│ │ proxy-config.json
```
Changes need to be done in identifier-registration.yml to match the domains
Phoenix client needs the redirects uri's set to the ocis domain while oc10 client needs them to point on the owncloud domain
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
- id: oc10
name: OC10
application_type: web
secret: super
insecure: yes
trusted: yes
redirect_uris:
- https://oc10.domain.com/apps/openidconnect/redirect/
- https://oc10.domain.com/apps/openidconnect/redirect
origins:
- http://oc10.domain.com
- https://oc10.domain.com
```
The second file is proxy-config.json which configures the ocis internal service proxy routes. The policy_selector selector needs to be changed to forward to the related backend. ocis proxy makes the decision in this scenario to which backend the request needs to be forwarded based on the user storage.
```yaml
{
"HTTP": {
"Namespace": "works.owncloud"
},
"policy_selector": {
"migration": {
"acc_found_policy" : "reva",
"acc_not_found_policy": "oc10",
"unauthenticated_policy": "oc10"
}
"policies": [
{
"name": "reva",
"routes": [
{
"endpoint": "/",
"backend": "http://localhost:9100"
},
{
....
```
Glauth needs to be configured to utilize oc10 as primary user backend.
```yaml
GLAUTH_BACKEND_DATASTORE: owncloud
GLAUTH_BACKEND_SERVERS: https://${OC10_DOMAIN}/apps/graphapi/v1.0
GLAUTH_BACKEND_BASEDN: dc=example,dc=org
STORAGE_STORAGE_METADATA_PROVIDER_DRIVER: owncloud
STORAGE_STORAGE_METADATA_DATA_PROVIDER_DRIVER: owncloud
ACCOUNTS_STORAGE_DISK_PATH: /var/tmp/ocis-accounts # Accounts fails to start when cs3 backend is used atm
```
To allow konnectd to glauth, ldap needs to be configured have to be set.
```yaml
# Konnectd ldap setup
LDAP_URI: ldap://localhost:9125
LDAP_BINDDN: "cn=admin,dc=example,dc=org"
LDAP_BINDPW: "admin"
LDAP_BASEDN: "dc=example,dc=org"
LDAP_SCOPE: sub
LDAP_LOGIN_ATTRIBUTE: uid
LDAP_EMAIL_ATTRIBUTE: mail
LDAP_NAME_ATTRIBUTE: givenName
LDAP_UUID_ATTRIBUTE: uid
LDAP_UUID_ATTRIBUTE_TYPE: text
LDAP_FILTER: "(objectClass=posixaccount)"
```
#### oc10
Owncloud 10 needs the graph api extensions to work in this setup. This extension is needed for Glauth to get oc10 users. It's necessary to add a image build step which extends owncloud/server:latest docker image with the app. The app is provided as tarball in the folder oc10/apps
```bash
└───oc10
│ │ Dockerfile
│ │
│ └───apps
│ │ │ graphapi-0.1.0.tar.gz
```
The docker files is pretty simple
```Dockerfile
# Take the latest owncloud/server image as base
FROM owncloud/server:latest
# Add the provided tarballs into oc10's apps folder
ADD apps/graphapi-0.1.0.tar.gz /var/www/owncloud/apps/
```
The build is triggered by the terminal command `docker-compose build` from the root folder.
Constraints: In this setup it's mandatory that the user has an email adress set in oc10.

148
docs/ocis/deployment/ocis_traefik.md Normal file
View File

@@ -0,0 +1,148 @@
---
title: "ocis with traefik deployment scenario"
date: 2020-10-12T14:04:00+01:00
weight: 24
geekdocRepo: https://github.com/owncloud/ocis
geekdocEditPath: edit/master/docs/ocis/deployment
geekdocFilePath: ocis_traefik.md
---
{{< toc >}}
## Overview
* ocis running on a hcloud node behind traefik as reverse proxy
* Cloudflare DNS is resolving the domain
* Letsencrypt provides a ssl certificate for the domain
* Traefik docker container terminates ssl and forwards http requests to ocis
## Node
### Requirements
* Server running Ubuntu 20.04 is public availible with a static ip address
* Two A-records for both domains are pointing on the servers ip address
* Create user
`$ sudo adduser username`
* Add user to sudo group
`$ sudo usermod -aG sudo username`
* Add users pub key to `~/.ssh/authorized_keys`
* Setup ssh to permit authorisation only by ssh key
* Install docker
`$ sudo apt install docker.io`
* Add user to docker group
`$ sudo usermod -aG docker username`
* Install docker-compose via
`$ sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose`
(docker compose version 1.27.4 as of today)
* Make docker-compose executable
`$ sudo chmod +x /usr/local/bin/docker-compose`
* Environment variables for OCIS Stack are provided by .env file
### Setup on server
* Clone ocis repository
`git clone https://github.com/owncloud/ocis.git`
* Copy example folder to /opt
`cp deployment/examples/ocis_traefik /opt/`
* Overwrite OCIS_DOMAIN in .env with your.domain.com
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/.env`
* Overwrite redirect uri with your.domain.com in identifier-registration.yml
`sed -i 's/ocis.domain.com/your.domain.com/g' /opt/ocis_traefik/config/identifier-registration.yml`
* Change into deployment folder
`cd /opt/ocis_traefik`
* Start application stack
`docker-compose up -d`
### Stack
The application stack contains two containers. The first one is a traefik proxy which is terminating ssl and forwards the requests to the internal docker network. Additional, traefik is creating a certificate that is stored in `acme.json` in the folder `letsencrypt` inside the users home directory.
The second one is th ocis server which is exposing the webservice on port 9200 to traefic.
### Config
Edit docker-compose.yml file to fit your domain setup
```yaml
...
traefik:
image: "traefik:v2.2"
...
labels:
...
# Email address is neccesary for certificate creation
- "--certificatesresolvers.ocisresolver.acme.email=username@${OCIS_DOMAIN}"
...
```
```yaml
ocis:
container_name: ocis
...
labels:
...
# This is the domain for which traefik is creating the certificate from letsencrypt
- "traefik.http.routers.ocis.rule=Host(`${OCIS_DOMAIN}`)"
...
```
In this example, ssl is terminated from traefik while inside of the docker network the services are comunicating via http. For this `PROXY_TLS: "false"` as environment parameter for ocis has to be set.
For ocis to work properly it's neccesary to provide one config file.
Change identifier-registration.yml to match your domain.
```yaml
---
# OpenID Connect client registry.
clients:
- id: phoenix
name: OCIS
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- http://ocis.domain.com/
- https://ocis.domain.com/
- http://ocis.domain.com/oidc-callback.html
- https://ocis.domain.com/oidc-callback.html
- http://ocis.domain.com/oidc-silent-redirect.html
- https://ocis.domain.com/oidc-silent-redirect.html
origins:
- http://ocis.domain.com
- https://ocis.domain.com
```
To make it availible for ocis inside of the container, `config` hast to be mounted as volume.
```yaml
...
volumes:
- ./config:/etc/ocis
environment:
...
KONNECTD_IDENTIFIER_REGISTRATION_CONF: "/etc/ocis/identifier-registration.yml"
...
```

1
konnectd/assets/identifier-registration.yaml
View File

@@ -6,7 +6,6 @@ clients:
name: ownCloud web app
application_type: web
insecure: yes
trusted: yes
redirect_uris:
- https://localhost:9200/
- https://localhost:9200/oidc-callback.html

68
konnectd/pkg/assets/embed.go
View File

File diff suppressed because one or more lines are too long

9
konnectd/ui/src/app.css
View File

@@ -81,6 +81,11 @@ strong {
background-color: #306db5 !important;
}
.oc-checkbox-dark svg {
/* Needs to be important to overwrite material-ui */
fill: white !important;
}
.oc-footer-message {
color: white;
padding: 10px;
@@ -99,6 +104,10 @@ strong {
margin-top: 30px !important;
}
.oc-mb-m {
margin-bottom: 20px !important;
}
.oc-light {
color: #fff !important;
}

3
konnectd/ui/src/components/ScopesList.js
View File

@@ -78,8 +78,9 @@ const ScopesList = ({scopes, meta, classes, ...rest}) => {
checked
disableRipple
disabled
className="oc-checkbox-dark"
/>
<ListItemText primary={label} />
<ListItemText primary={label} className="oc-light" />
</ListItem>
);
}

30
konnectd/ui/src/containers/Login/Consent.js
View File

@@ -20,10 +20,6 @@ import ClientDisplayName from '../../components/ClientDisplayName';
import ScopesList from '../../components/ScopesList';
const styles = theme => ({
button: {
margin: theme.spacing(1),
minWidth: 100
},
buttonProgress: {
color: green[500],
position: 'absolute',
@@ -32,9 +28,6 @@ const styles = theme => ({
marginTop: -12,
marginLeft: -12
},
subHeader: {
marginBottom: theme.spacing(2)
},
scopesList: {
marginBottom: theme.spacing(2)
},
@@ -87,18 +80,18 @@ class Consent extends React.PureComponent {
return (
<div>
<Typography variant="h5" component="h3">
<Typography variant="h5" component="h3" className="oc-light">
<FormattedMessage
id="konnect.consent.headline"
defaultMessage="Hi {displayName}"
values={{displayName: hello.displayName}}>
</FormattedMessage>
values={{displayName: hello.displayName}}
/>
</Typography>
<Typography variant="subtitle1" className={classes.subHeader}>
<Typography variant="subtitle1" className="oc-light oc-mb-m">
{hello.username}
</Typography>
<Typography variant="subtitle1" gutterBottom>
<Typography variant="subtitle1" gutterBottom className="oc-light">
<FormattedMessage
id="konnect.consent.message"
defaultMessage="{clientDisplayName} wants to"
@@ -120,16 +113,7 @@ class Consent extends React.PureComponent {
</Typography>
<ScopesList dense disablePadding className={classes.scopesList} scopes={scopes} meta={meta.scopes}></ScopesList>
<Typography variant="subtitle1" gutterBottom>
<FormattedMessage
id="konnect.consent.question"
defaultMessage="Allow {clientDisplayName} to do this?"
values={{
clientDisplayName: <em><ClientDisplayName client={client}/></em>
}}
></FormattedMessage>
</Typography>
<Typography color="secondary">
<Typography className="oc-light">
<FormattedMessage
id="konnect.consent.consequence"
defaultMessage="By clicking Allow, you allow this app to use your information.">
@@ -155,7 +139,7 @@ class Consent extends React.PureComponent {
type="submit"
color="primary"
variant="contained"
className={classes.button}
className="oc-button-primary"
disabled={!!loading}
onClick={this.action(true, scopes)}
>

2
ocis-phoenix/Makefile
View File

@@ -3,7 +3,7 @@ NAME := ocis-phoenix
IMPORT := github.com/owncloud/ocis/$(NAME)
BIN := bin
DIST := dist
PHOENIX_ASSETS_VERSION = v0.21.0
PHOENIX_ASSETS_VERSION = v0.22.0
ifeq ($(OS), Windows_NT)
EXECUTABLE := $(NAME).exe

18
ocis-phoenix/pkg/assets/embed.go
View File

File diff suppressed because one or more lines are too long

151
ocis/tests/acceptance/expected-failures-on-OCIS-storage.txt
View File

@@ -473,6 +473,37 @@ apiShareOperationsToShares/gettingShares.feature:181
apiShareOperationsToShares/gettingShares.feature:219
apiShareOperationsToShares/gettingShares.feature:220
#
# https://github.com/owncloud/ocis/issues/774 Allow getting the share list filtered by share type via API
#
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:44
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:45
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:56
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:57
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:47
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:48
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:60
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:61
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:41
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:42
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:62
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:63
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:90
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:91
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:47
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:48
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:60
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:61
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:73
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:74
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:88
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:89
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:39
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:40
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:60
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:61
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:79
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:80
#
# https://github.com/owncloud/ocis-reva/issues/47 cannot get ocs:share-permissions via WebDAV
#
apiShareOperationsToShares/getWebDAVSharePermissions.feature:23
@@ -612,6 +643,27 @@ apiSharePublicLink2/updatePublicLinkShare.feature:94
apiSharePublicLink2/updatePublicLinkShare.feature:284
apiSharePublicLink2/updatePublicLinkShare.feature:285
#
# https://github.com/owncloud/ocis/issues/776 investigate ocis issues in apiSharePublicLink2/reShareAsPublicLinkToShares
#
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:25
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:26
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:47
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:48
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:63
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:64
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:78
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:79
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:100
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:101
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:123
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:124
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:140
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:141
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:161
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:162
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:184
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:185
#
# https://github.com/owncloud/ocis-reva/issues/11 listing received shares does not work
#
apiSharePublicLink2/updatePublicLinkShare.feature:303
@@ -1129,6 +1181,10 @@ apiWebdavOperations/refuseAccess.feature:22
apiWebdavOperations/refuseAccess.feature:33
apiWebdavOperations/refuseAccess.feature:34
#
# https://github.com/owncloud/core/pull/38035 PROPFIND to https://localhost:9200/remote.php/dav/files gets an error 500 response
#
apiWebdavOperations/propfind.feature:5
#
# https://github.com/owncloud/ocis-reva/issues/39 REPORT request not implemented
#
apiWebdavOperations/search.feature:42
@@ -1524,3 +1580,98 @@ apiWebdavEtagPropagation2/restoreFromTrash.feature:87
# https://github.com/owncloud/product/issues/210 Implement Versions Feature for ocis storage
#
apiWebdavEtagPropagation2/restoreVersion.feature:10
#
# https://github.com/owncloud/ocis/issues/762 path and other information are not shown if a share does not have "read" permission
#
apiShareOperationsToShares/uploadToShare.feature:64
apiShareOperationsToShares/uploadToShare.feature:65
#
# https://github.com/owncloud/ocis-reva/issues/34 groups endpoint does not exist
# https://github.com/owncloud/ocis-ocs/issues/35 group support is not yet implemented
#
apiShareOperationsToShares/uploadToShare.feature:39
apiShareOperationsToShares/uploadToShare.feature:40
apiShareOperationsToShares/uploadToShare.feature:91
apiShareOperationsToShares/uploadToShare.feature:92
apiShareOperationsToShares/uploadToShare.feature:139
apiShareOperationsToShares/uploadToShare.feature:140
#
# https://github.com/owncloud/ocis/issues/763 [OCIS-storage] reading a file that a collaborator uploaded is impossible
#
apiShareOperationsToShares/uploadToShare.feature:114
apiShareOperationsToShares/uploadToShare.feature:115
#
# https://github.com/owncloud/product/issues/247 changing user quota gives ocs status 103 / Cannot set quota
#
apiShareOperationsToShares/uploadToShare.feature:162
apiShareOperationsToShares/uploadToShare.feature:163
apiShareOperationsToShares/uploadToShare.feature:181
apiShareOperationsToShares/uploadToShare.feature:182
apiShareOperationsToShares/uploadToShare.feature:202
apiShareOperationsToShares/uploadToShare.feature:203
apiShareOperationsToShares/uploadToShare.feature:221
apiShareOperationsToShares/uploadToShare.feature:222
apiShareOperationsToShares/uploadToShare.feature:242
apiShareOperationsToShares/uploadToShare.feature:243
#
# https://github.com/owncloud/ocis-reva/issues/56 remote.php/dav/uploads endpoint does not exist
#
apiShareOperationsToShares/uploadToShare.feature:246
#
# not possible to move file into a received folder https://github.com/owncloud/ocis/issues/764
#
apiShareOperationsToShares/changingFilesShare.feature:23
apiShareOperationsToShares/changingFilesShare.feature:24
apiShareOperationsToShares/changingFilesShare.feature:63
apiShareOperationsToShares/changingFilesShare.feature:79
apiShareOperationsToShares/changingFilesShare.feature:95
#
# https://github.com/owncloud/ocis/issues/560 cannot move from Shares folder
#
apiShareOperationsToShares/changingFilesShare.feature:40
apiShareOperationsToShares/changingFilesShare.feature:41
apiShareOperationsToShares/changingFilesShare.feature:59
apiShareOperationsToShares/changingFilesShare.feature:60
#
# [OCIS-storage] overwriting a file as share receiver, does not create a new file version for the sharer https://github.com/owncloud/ocis/issues/766
#
apiVersions/fileVersionsSharingToShares.feature:33
apiVersions/fileVersionsSharingToShares.feature:56
#
# restoring an older version of a shared file deletes the share https://github.com/owncloud/ocis/issues/765
#
apiVersions/fileVersionsSharingToShares.feature:44
#
# [OCIS-storage] reading a file that a collaborator uploaded is impossible https://github.com/owncloud/ocis/issues/763
#
apiVersions/fileVersionsSharingToShares.feature:82
apiVersions/fileVersionsSharingToShares.feature:95
apiVersions/fileVersionsSharingToShares.feature:108
#
# https://github.com/owncloud/ocis/issues/560 cannot move from Shares folder
#
apiVersions/fileVersionsSharingToShares.feature:134
apiVersions/fileVersionsSharingToShares.feature:149
apiVersions/fileVersionsSharingToShares.feature:163
apiVersions/fileVersionsSharingToShares.feature:250
apiVersions/fileVersionsSharingToShares.feature:251
#
# https://github.com/owncloud/ocis-reva/issues/34 groups endpoint does not exist
# https://github.com/owncloud/ocis-ocs/issues/35 group support is not yet implemented
#
apiVersions/fileVersionsSharingToShares.feature:179
#
# not possible to move file into a received folder https://github.com/owncloud/ocis/issues/764
#
apiVersions/fileVersionsSharingToShares.feature:222
apiVersions/fileVersionsSharingToShares.feature:223
apiVersions/fileVersionsSharingToShares.feature:224
apiVersions/fileVersionsSharingToShares.feature:225
# getting the metadata without permission results in a 403 error https://github.com/owncloud/ocis/issues/773
#
apiVersions/fileVersionsSharingToShares.feature:256
#
# The version number of a file is incorrect because of the incorrect number of <d:getetag> and <d:getlastmodified> element https://github.com/owncloud/ocis-reva/issues/376
#
apiVersions/fileVersionsSharingToShares.feature:267

139
ocis/tests/acceptance/expected-failures-on-OWNCLOUD-storage.txt
View File

@@ -465,6 +465,37 @@ apiShareOperationsToShares/gettingShares.feature:181
apiShareOperationsToShares/gettingShares.feature:219
apiShareOperationsToShares/gettingShares.feature:220
#
# https://github.com/owncloud/ocis/issues/774 Allow getting the share list filtered by share type via API
#
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:44
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:45
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:56
apiShareOperationsToShares/gettingSharesPendingFiltered.feature:57
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:47
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:48
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:60
apiShareOperationsToShares/gettingSharesReceivedFiltered.feature:61
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:41
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:42
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:62
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:63
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:90
apiShareOperationsToShares/gettingSharesReceivedFilteredEmpty.feature:91
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:47
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:48
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:60
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:61
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:73
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:74
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:88
apiShareOperationsToShares/gettingSharesSharedFiltered.feature:89
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:39
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:40
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:60
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:61
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:79
apiShareOperationsToShares/gettingSharesSharedFilteredEmpty.feature:80
#
# https://github.com/owncloud/ocis-reva/issues/47 cannot get ocs:share-permissions via WebDAV
#
apiShareOperationsToShares/getWebDAVSharePermissions.feature:23
@@ -594,6 +625,27 @@ apiSharePublicLink2/updatePublicLinkShare.feature:94
apiSharePublicLink2/updatePublicLinkShare.feature:284
apiSharePublicLink2/updatePublicLinkShare.feature:285
#
# https://github.com/owncloud/ocis/issues/776 investigate ocis issues in apiSharePublicLink2/reShareAsPublicLinkToShares
#
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:25
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:26
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:47
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:48
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:63
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:64
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:78
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:79
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:100
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:101
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:123
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:124
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:140
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:141
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:161
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:162
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:184
apiSharePublicLink2/reShareAsPublicLinkToShares.feature:185
#
# https://github.com/owncloud/ocis-reva/issues/11 listing received shares does not work
#
apiSharePublicLink2/updatePublicLinkShare.feature:303
@@ -1114,6 +1166,10 @@ apiWebdavOperations/refuseAccess.feature:22
apiWebdavOperations/refuseAccess.feature:33
apiWebdavOperations/refuseAccess.feature:34
#
# https://github.com/owncloud/core/pull/38035 PROPFIND to https://localhost:9200/remote.php/dav/files gets an error 500 response
#
apiWebdavOperations/propfind.feature:5
#
# https://github.com/owncloud/ocis-reva/issues/39 REPORT request not implemented
#
apiWebdavOperations/search.feature:42
@@ -1436,3 +1492,86 @@ apiShareCreateSpecialToShares2/createShareWithInvalidPermissions.feature:109
apiShareCreateSpecialToShares2/createShareWithInvalidPermissions.feature:110
apiShareCreateSpecialToShares2/createShareWithInvalidPermissions.feature:111
apiShareCreateSpecialToShares2/createShareWithInvalidPermissions.feature:112
#
# https://github.com/owncloud/ocis/issues/762 path and other information are not shown if a share does not have "read" permission
#
apiShareOperationsToShares/uploadToShare.feature:64
apiShareOperationsToShares/uploadToShare.feature:65
#
# https://github.com/owncloud/ocis-reva/issues/34 groups endpoint does not exist
# https://github.com/owncloud/ocis-ocs/issues/35 group support is not yet implemented
#
apiShareOperationsToShares/uploadToShare.feature:39
apiShareOperationsToShares/uploadToShare.feature:40
apiShareOperationsToShares/uploadToShare.feature:91
apiShareOperationsToShares/uploadToShare.feature:92
apiShareOperationsToShares/uploadToShare.feature:139
apiShareOperationsToShares/uploadToShare.feature:140
#
# https://github.com/owncloud/product/issues/247 changing user quota gives ocs status 103 / Cannot set quota
#
apiShareOperationsToShares/uploadToShare.feature:162
apiShareOperationsToShares/uploadToShare.feature:163
apiShareOperationsToShares/uploadToShare.feature:181
apiShareOperationsToShares/uploadToShare.feature:182
apiShareOperationsToShares/uploadToShare.feature:202
apiShareOperationsToShares/uploadToShare.feature:203
apiShareOperationsToShares/uploadToShare.feature:221
apiShareOperationsToShares/uploadToShare.feature:222
apiShareOperationsToShares/uploadToShare.feature:242
apiShareOperationsToShares/uploadToShare.feature:243
#
# https://github.com/owncloud/ocis-reva/issues/56 remote.php/dav/uploads endpoint does not exist
#
apiShareOperationsToShares/uploadToShare.feature:246
#
# not possible to move file into a received folder https://github.com/owncloud/ocis/issues/764
#
apiShareOperationsToShares/changingFilesShare.feature:23
apiShareOperationsToShares/changingFilesShare.feature:24
apiShareOperationsToShares/changingFilesShare.feature:63
apiShareOperationsToShares/changingFilesShare.feature:79
apiShareOperationsToShares/changingFilesShare.feature:95
#
# https://github.com/owncloud/ocis/issues/560 cannot move from Shares folder
#
apiShareOperationsToShares/changingFilesShare.feature:40
apiShareOperationsToShares/changingFilesShare.feature:41
apiShareOperationsToShares/changingFilesShare.feature:59
apiShareOperationsToShares/changingFilesShare.feature:60
#
# restoring an older version of a shared file deletes the share https://github.com/owncloud/ocis/issues/765
#
apiVersions/fileVersionsSharingToShares.feature:44
#
# https://github.com/owncloud/ocis/issues/560 cannot move from Shares folder
#
apiVersions/fileVersionsSharingToShares.feature:134
apiVersions/fileVersionsSharingToShares.feature:149
apiVersions/fileVersionsSharingToShares.feature:163
apiVersions/fileVersionsSharingToShares.feature:250
apiVersions/fileVersionsSharingToShares.feature:251
#
# https://github.com/owncloud/ocis-reva/issues/34 groups endpoint does not exist
# https://github.com/owncloud/ocis-ocs/issues/35 group support is not yet implemented
#
apiVersions/fileVersionsSharingToShares.feature:179
#
# not possible to move file into a received folder https://github.com/owncloud/ocis/issues/764
#
apiVersions/fileVersionsSharingToShares.feature:222
apiVersions/fileVersionsSharingToShares.feature:223
apiVersions/fileVersionsSharingToShares.feature:224
apiVersions/fileVersionsSharingToShares.feature:225
# getting the metadata without permission results in a 403 error https://github.com/owncloud/ocis/issues/773
#
apiVersions/fileVersionsSharingToShares.feature:256
#
# The version number of a file is incorrect because of the incorrect number of <d:getetag> and <d:getlastmodified> element https://github.com/owncloud/ocis-reva/issues/376
#
apiVersions/fileVersionsSharingToShares.feature:267
#
# [OC-Storage] moving a file out of folder removes the versions https://github.com/owncloud/ocis/issues/777
#
apiVersions/fileVersionsSharingToShares.feature:252
apiVersions/fileVersionsSharingToShares.feature:253