The readyz endpoint contained unconditional checks for the LDAP and nats
endpoints. Depending on configuration neihter LDAP nor NATS might be
required.
* feat: add CSP and other security related headers in the oCIS proxy service
* fix: consolidate security related headers - drop middleware.Secure
* fix: use github.com/DeepDiver1975/secure
* fix: acceptance tests
* feat: support env var replacements in csp.yaml
* enhancement: use reva client pool selectors
register mock service to registry and pass tests
* enhancement: bump reva
* Fix a couple of linter issues
---------
Co-authored-by: Ralf Haferkamp <rhaferkamp@owncloud.com>
* add tags to search service resource
add tags getTags, AssignTags and UnassignTags endpoint to graph
use and prefer search event spaceOwner over executant
add tags to search report response
update libre graph api
update reva
Co-authored-by: David Christofas <dchristofas@owncloud.com>
* standalone graph service with LDAP
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* no panic on PATCH and DELETE
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix apitoken yaml key
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* update user, fix response codes
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix group creation return code
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* remove unknown user property
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix create return code checks in graph feature context
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* updating uses 200 OK when returning a body
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* revert user statusCreated change for now
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* revert return code changes
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use min tls 1.2
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add changelog
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
TLS for the services can be configure by setting the "OCIS_HTTP_TLS_ENABLED",
"OCIS_HTTP_TLS_CERTIFICATE" and "OCIS_HTTP_TLS_KEY" environment variables.
Currently the ocis proxy is this only service that directly accesses backend
services. It determines whether to use TLS or not by looking a the new registry
metadata "use_tls". As specific CA Cert for certificate verification
can be set with the "PROXY_HTTPS_CACERT" environment variable.
* use tls for nats connections
* add config options for nats client tls config
* add nats tls config to CI
* add function to create a certpool
* add option to provide a rootCA to validate the server's TLS certificate
* add option to provide a rootCA to validate the server's TLS certificate
* add option to provide a rootCA to validate the server's TLS certificate
* add option to provide a rootCA to validate the server's TLS certificate
* configure nats clients in reva to use tls
