* bump libregraph-go lib
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add appRoleAssignment stubs
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* add get application stub
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fetch appRoles for application from settings service
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* initial list appRoleAssignments implementation
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* initial create appRoleAssignment implementation, extract assignmentToAppRoleAssignment, configurable app id and displayname
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* initial delete appRoleAssignment implementation, changed error handling and logging
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* initial expand appRoleAssignment on users
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* test user expand appRoleAssignment
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* test appRoleAssignment
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix education test by actually using the mocked roleManager
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* test getapplication
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* list assignments
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* use common not exists error handling
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* default to just 'ownCloud Infinite Scale' as application name
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix store_test
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* roll application uuid on init
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* fix tests
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* extract method
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
* Apply suggestions from code review
Co-authored-by: Michael Barz <mbarz@owncloud.com>
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Michael Barz <mbarz@owncloud.com>
This PR changes the following:
* Create an API config section for API configurables.
* Add a setting `UserPatchLimit` that controls how many users can be changed in a PATCH request.
* Use this setting in the API to limit the amount of users that can be changed.
TLS for the services can be configure by setting the "OCIS_HTTP_TLS_ENABLED",
"OCIS_HTTP_TLS_CERTIFICATE" and "OCIS_HTTP_TLS_KEY" environment variables.
Currently the ocis proxy is this only service that directly accesses backend
services. It determines whether to use TLS or not by looking a the new registry
metadata "use_tls". As specific CA Cert for certificate verification
can be set with the "PROXY_HTTPS_CACERT" environment variable.
* Introduce TLS Settings for go-micro based grpc services and clients
TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.
TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.
By default TLS is disabled.
Co-authored-by: Martin <github@diemattels.at>
* Unify TLS configuration for all grpc services
All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.
TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.
TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.
There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Martin <github@diemattels.at>
Consolidate all services to use the Reva config struct for the shared package.
This works because all services (except 'notifications', 'thumbnails' and
'webdav') where using the same config keys and environment variables for
setting the reva gateway.
* Use go-micro store to cache the roles
Add custom in-memory implementation
* replace redis with custom etcd implementation
* adjust table name for the cache in the roles manager
* Fix tests
* Fix sonarcloud issues
* Refactor for sonarcloud
* Allow configuration of cache per service
* Reuse parent context in etcd implementation
By default the graph API will now use the LDAP Password Modify Extended
Operation for setting user passwords. By this we make sure that the
LDAP server can e.g. properly hash the password with and algorithm that
it supports.
This can be reverted to the old behaviour (using "normal" LDAP modify
requests) by setting GRAPH_LDAP_SERVER_USE_PASSWORD_MODIFY_EXOP=false
Fixes: #3778
