bump pkg/tracing semconf to 1.37.0

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

.woodpecker.env

@@ -1,4 +1,4 @@
 # The test runner source for UI tests
-WEB_COMMITID=6abffcc9cff31c46a341105eb6030fec56338126
-WEB_BRANCH=main
+WEB_COMMITID=3d7367cfb1abe288d0fc0b0b1cc494a7747bcaf6
+WEB_BRANCH=stable-4.2
 

.woodpecker.star

@@ -608,8 +608,8 @@ def testPipelines(ctx):
         pipelines += apiTests(ctx)
 
     enable_watch_fs = [False]
-    if ctx.build.event == "cron" in ctx.build.title.lower():
-    enable_watch_fs.append(True)
+    if ctx.build.event == "cron" or "full-ci" in ctx.build.title.lower():
+        enable_watch_fs.append(True)
 
     for run_with_watch_fs_enabled in enable_watch_fs:
         pipelines += e2eTestPipeline(ctx, run_with_watch_fs_enabled) + multiServiceE2ePipeline(ctx, run_with_watch_fs_enabled)
@@ -994,7 +994,7 @@ def localApiTestPipeline(ctx):
 
     with_remote_php = [True]
     enable_watch_fs = [False]
-    if ctx.build.event == "cron" in ctx.build.title.lower():
+    if ctx.build.event == "cron" or "full-ci" in ctx.build.title.lower():
         with_remote_php.append(False)
         enable_watch_fs.append(True)
 
@@ -1310,7 +1310,7 @@ def apiTests(ctx):
 
     with_remote_php = [True]
     enable_watch_fs = [False]
-    if ctx.build.event == "cron" in ctx.build.title.lower():
+    if ctx.build.event == "cron" or "full-ci" in ctx.build.title.lower():
         with_remote_php.append(False)
         enable_watch_fs.append(True)
 

devtools/deployments/multi-tenancy/.env.example

@@ -1,161 +0,0 @@
-## Basic Settings ##
-# Define the docker compose log driver used.
-# Defaults to local
-LOG_DRIVER=
-# If you're on an internet facing server, comment out following line.
-# It skips certificate validation for various parts of OpenCloud and is
-# needed when self signed certificates are used.
-INSECURE=true
-
-## Features ##
-COMPOSE_FILE=docker-compose.yml:traefik.yml:keycloak.yml:ldap-server.yml
-
-## Traefik Settings ##
-# Note: Traefik is always enabled and can't be disabled.
-# Serve Traefik dashboard.
-# Defaults to "false".
-TRAEFIK_DASHBOARD=
-# Domain of Traefik, where you can find the dashboard.
-# Defaults to "traefik.opencloud.test"
-TRAEFIK_DOMAIN=
-# Basic authentication for the traefik dashboard.
-# Defaults to user "admin" and password "admin" (written as: "admin:$2y$05$KDHu3xq92SPaO3G8Ybkc7edd51pPLJcG1nWk3lmlrIdANQ/B6r5pq").
-# To create user:password pair, it's possible to use this command:
-# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
-TRAEFIK_BASIC_AUTH_USERS=
-# Email address for obtaining LetsEncrypt certificates.
-# Needs only be changed if this is a public facing server.
-TRAEFIK_ACME_MAIL=
-# Set to the following for testing to check the certificate process:
-# "https://acme-staging-v02.api.letsencrypt.org/directory"
-# With staging configured, there will be an SSL error in the browser.
-# When certificates are displayed and are emitted by # "Fake LE Intermediate X1",
-# the process went well and the envvar can be reset to empty to get valid certificates.
-TRAEFIK_ACME_CASERVER=
-# Enable the Traefik ACME (Automatic Certificate Management Environment) for automatic SSL certificate management.
-TRAEFIK_SERVICES_TLS_CONFIG="tls.certresolver=letsencrypt"
-# Enable Traefik to use local certificates.
-#TRAEFIK_SERVICES_TLS_CONFIG="tls=true"
-# You also need to provide a config file in ./config/traefik/dynamic/certs.yml
-# Example:
-# cat ./config/traefik/dynamic/certs.yml
-# tls:
-#   certificates:
-#     - certFile: /certs/opencloud.test.crt
-#       keyFile: /certs/opencloud.test.key
-#     stores:
-#       - default
-#
-# The certificates need to copied into ./certs/, the absolute path inside the container is /certs/.
-# You can also use TRAEFIK_CERTS_DIR=/path/on/host to set the path to the certificates directory.
-# Enable the access log for Traefik by setting the following variable to true.
-TRAEFIK_ACCESS_LOG=
-# Configure the log level for Traefik.
-# Possible values are "TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL" and "PANIC". Default is "ERROR".
-TRAEFIK_LOG_LEVEL=
-
-
-## OpenCloud Settings ##
-# The opencloud container image.
-# For production releases: "opencloudeu/opencloud"
-# For rolling releases:    "opencloudeu/opencloud-rolling"
-# Defaults to production if not set otherwise
-OC_DOCKER_IMAGE=opencloudeu/opencloud-rolling
-# The openCloud container version.
-# Defaults to "latest" and points to the latest stable tag.
-OC_DOCKER_TAG=
-# Domain of openCloud, where you can find the frontend.
-# Defaults to "cloud.opencloud.test"
-OC_DOMAIN=
-# Demo users should not be created on a production instance,
-# because their passwords are public. Defaults to "false".
-# If demo users is set to "true", the following user accounts are created automatically:
-# alan, mary, margaret, dennis and lynn - the password is 'demo' for all.
-DEMO_USERS=
-# Admin Password for the OpenCloud admin user.
-# NOTE: This is only needed when using the built-in LDAP server (idm).
-# If you are using an external LDAP server, the admin password is managed by the LDAP server.
-# NOTE: This variable needs to be set before the first start of OpenCloud. Changes to this variable after the first start will be IGNORED.
-# If not set, opencloud will not work properly. The container will be restarting.
-# After the first initialization, the admin password can only be changed via the OpenCloud User Settings UI or by using the OpenCloud CLI.
-# Documentation: https://docs.opencloud.eu/docs/admin/resources/common-issues#-change-admin-password-set-in-env
-INITIAL_ADMIN_PASSWORD=
-# Define the openCloud loglevel used.
-#
-LOG_LEVEL=
-# Define the kind of logging.
-# The default log can be read by machines.
-# Set this to true to make the log human readable.
-# LOG_PRETTY=true
-#
-# Define the openCloud storage location. Set the paths for config and data to a local path.
-# Ensure that the configuration and data directories are owned by the user and group with ID 1000:1000.
-# This matches the default user inside the container and avoids permission issues when accessing files.
-# Note that especially the data directory can grow big.
-# Leaving it default stores data in docker internal volumes.
-# OC_CONFIG_DIR=/your/local/opencloud/config
-# OC_DATA_DIR=/your/local/opencloud/data
-
-### Compose Configuration ###
-# Path separator for supplemental compose files specified in COMPOSE_FILE.
-COMPOSE_PATH_SEPARATOR=:
-
-### Ldap Settings ###
-# LDAP is always needed for OpenCloud to store user data as there is no relational database.
-# The built-in LDAP server should used for testing purposes or small installations only.
-# For production installations, it is recommended to use an external LDAP server.
-# We are using OpenLDAP as the default LDAP server because it is proven to be stable and reliable.
-# This LDAP configuration is known to work with OpenCloud and provides a blueprint for
-# configuring an external LDAP server based on other products like Microsoft Active Directory or other LDAP servers.
-#
-# Password of LDAP bind user "cn=admin,dc=opencloud,dc=eu". Defaults to "admin"
-LDAP_BIND_PASSWORD=
-# The LDAP server also creates an openCloud admin user dn: uid=admin,ou=users,dc=opencloud,dc=eu
-# The initial password for this user is "admin"
-# NOTE: This password can only be set once, if you want to change it later, you have to use the OpenCloud User Settings UI.
-# If you changed the password and lost it, you need to execute the following LDAP query to reset it:
-# enter the ldap-server container with `docker compose exec ldap-server sh`
-# and run the following command to change the password:
-# ldappasswd -H ldap://127.0.0.1:1389 -D "cn=admin,dc=opencloud,dc=eu" -W "uid=admin,ou=users,dc=opencloud,dc=eu"
-# You will be prompted for the LDAP bind password.
-# The output should provide you a new password for the admin user.
-
-
-### Keycloak Settings ###
-# Keycloak is an open-source identity and access management solution.
-# We are using Keycloak as the default identity provider on production installations.
-# It can be used to federate authentication with other identity providers like
-# Microsoft Entra ID, ADFS or other SAML/OIDC providers.
-# The use of Keycloak as bridge between OpenCloud and other identity providers creates more control over the
-# authentication process, the allowed clients and the session management.
-# Keycloak also manages the Role Based Access Control (RBAC) for OpenCloud.
-# Keycloak can be used in two different modes:
-# 1. Autoprovisioning: New users are automatically created in openCloud when they log in for the first time.
-# 2. Shared User Directory: Users are created in Keycloak and can be used in OpenCloud immediately
-# because the LDAP server is connected to both Keycloak and OpenCloud.
-# Only use one of the two modes at a time.
-
-## Autoprovisioning Mode ##
-# Use together with idm/external-idp.yml
-# If you want to use a keycloak for local testing, you can use testing/external-keycloak.yml and testing/ldap-manager.yml
-# Domain of your Identity Provider.
-IDP_DOMAIN=
-# IdP Issuer URL, which is used to identify the Identity Provider.
-# We need the complete URL, including the protocol (http or https) and the realm.
-# Example: "https://keycloak.opencloud.test/realms/openCloud"
-IDP_ISSUER_URL=
-# Url of the account edit page from your Identity Provider.
-IDP_ACCOUNT_URL=
-
-## Shared User Directory Mode ##
-# Use together with idm/ldap-keycloak.yml and traefik/ldap-keycloak.yml
-# Domain for Keycloak. Defaults to "keycloak.opencloud.test".
-KEYCLOAK_DOMAIN=
-# Admin user login name. Defaults to "kcadmin".
-KEYCLOAK_ADMIN=
-# Admin user login password. Defaults to "admin".
-KEYCLOAK_ADMIN_PASSWORD=
-# Keycloak Database username. Defaults to "keycloak".
-KC_DB_USERNAME=
-# Keycloak Database password. Defaults to "keycloak".
-KC_DB_PASSWORD=

devtools/deployments/multi-tenancy/README.md

@@ -1,49 +0,0 @@
-# Development/Test Deployment for a multi-tenacy setup
-
-The docker compose files in this directory are derived from the
-opencloud-compose project and can be used to deploy a Development or Testing
-environment for a multi-tenancy setup of OpenCloud. It consists of the
-following services:
-
-* `provisioning`: The OpenCloud graph service deployed in a standalone mode. It
-  is configured to provide the libregraph education API for managing tenants
-  and users. The `ldap-server`service (see below) is used to store the tenants
-  and users.
-* `ldap-server`: An OpenLDAP server that is used by the provisioning service to
-  store tenants and users. Used by the OpenCloud services as the user directory
-  (for looking up users and searching for sharees).
-* `keycloak`: The OpenID Connect Provider used for authenticating users. The
-  pre-loaded realm is configured to add `tenantid` claim into the identity and
-  access tokens. It's also currently consuming user from the `ldap-server`
-  (this federation will likely go away in the future and is optional for future
-  configurations).
-* `opencloud`: The OpenCloud configured so that is hides users from different
-  tenants from each other.
-
-To deploy the setup, run:
-
-```bash
-docker compose -f docker-compose.yml -f keycloak.yml -f ldap-server.yml -f traefik.yml up
-```
-
-Once deployed you can use the `initialize_users.go` to create a couple of example
-tenants and some users in each tenant:
-
-* Tenant `Famous Coders` with users `dennis` and `grace`
-* Tenant `Scientists` with users `einstein` and `marie`
-
-The passwords for the users is set to `demo` in keycloak
-
-```
-> go run initialize_users.go
-Created tenant: Famous Coders with id fc58e19a-3a2a-4afc-90ec-8f94986db340
-Created user: Dennis Ritchie with id ee1e14e7-b00b-4eec-8b03-a6bf0e29c77c
-Created user: Grace Hopper with id a29f3afd-e4a3-4552-91e8-cc99e26bffce
-Created tenant: Scientists with id 18406c53-e2d6-4e83-98b6-a55880eef195
-Created user: Albert Einstein with id 12023d37-d6ce-4f19-a318-b70866f265ba
-Created user: Marie Curie with id 30c3c825-c37d-4e85-8195-0142e4884872
-Setting password for user: grace
-Setting password for user: marie
-Setting password for user: dennis
-Setting password for user: einstein
-```

devtools/deployments/multi-tenancy/config/keycloak/clients/OpenCloudAndroid.json

@@ -1,63 +0,0 @@
-{
-  "clientId": "OpenCloudAndroid",
-  "name": "OpenCloud Android App",
-  "surrogateAuthRequired": false,
-  "enabled": true,
-  "alwaysDisplayInConsole": false,
-  "clientAuthenticatorType": "client-secret",
-  "redirectUris": [
-    "oc://android.opencloud.eu"
-  ],
-  "webOrigins": [],
-  "notBefore": 0,
-  "bearerOnly": false,
-  "consentRequired": false,
-  "standardFlowEnabled": true,
-  "implicitFlowEnabled": false,
-  "directAccessGrantsEnabled": true,
-  "serviceAccountsEnabled": false,
-  "publicClient": true,
-  "frontchannelLogout": false,
-  "protocol": "openid-connect",
-  "attributes": {
-    "saml.assertion.signature": "false",
-    "saml.force.post.binding": "false",
-    "saml.multivalued.roles": "false",
-    "saml.encrypt": "false",
-    "post.logout.redirect.uris": "oc://android.opencloud.eu",
-    "backchannel.logout.revoke.offline.tokens": "false",
-    "saml.server.signature": "false",
-    "saml.server.signature.keyinfo.ext": "false",
-    "exclude.session.state.from.auth.response": "false",
-    "backchannel.logout.session.required": "true",
-    "client_credentials.use_refresh_token": "false",
-    "saml_force_name_id_format": "false",
-    "saml.client.signature": "false",
-    "tls.client.certificate.bound.access.tokens": "false",
-    "saml.authnstatement": "false",
-    "display.on.consent.screen": "false",
-    "saml.onetimeuse.condition": "false"
-  },
-  "authenticationFlowBindingOverrides": {},
-  "fullScopeAllowed": true,
-  "nodeReRegistrationTimeout": -1,
-  "defaultClientScopes": [
-    "web-origins",
-    "profile",
-    "roles",
-    "groups",
-    "basic",
-    "email"
-  ],
-  "optionalClientScopes": [
-    "address",
-    "phone",
-    "offline_access",
-    "microprofile-jwt"
-  ],
-  "access": {
-    "view": true,
-    "configure": true,
-    "manage": true
-  }
-}

devtools/deployments/multi-tenancy/config/keycloak/clients/OpenCloudDesktop.json

@@ -1,64 +0,0 @@
-{
-  "clientId": "OpenCloudDesktop",
-  "name": "OpenCloud Desktop Client",
-  "surrogateAuthRequired": false,
-  "enabled": true,
-  "alwaysDisplayInConsole": false,
-  "clientAuthenticatorType": "client-secret",
-  "redirectUris": [
-    "http://127.0.0.1",
-    "http://localhost"
-  ],
-  "webOrigins": [],
-  "notBefore": 0,
-  "bearerOnly": false,
-  "consentRequired": false,
-  "standardFlowEnabled": true,
-  "implicitFlowEnabled": false,
-  "directAccessGrantsEnabled": true,
-  "serviceAccountsEnabled": false,
-  "publicClient": true,
-  "frontchannelLogout": false,
-  "protocol": "openid-connect",
-  "attributes": {
-    "saml.assertion.signature": "false",
-    "saml.force.post.binding": "false",
-    "saml.multivalued.roles": "false",
-    "saml.encrypt": "false",
-    "post.logout.redirect.uris": "+",
-    "backchannel.logout.revoke.offline.tokens": "false",
-    "saml.server.signature": "false",
-    "saml.server.signature.keyinfo.ext": "false",
-    "exclude.session.state.from.auth.response": "false",
-    "backchannel.logout.session.required": "true",
-    "client_credentials.use_refresh_token": "false",
-    "saml_force_name_id_format": "false",
-    "saml.client.signature": "false",
-    "tls.client.certificate.bound.access.tokens": "false",
-    "saml.authnstatement": "false",
-    "display.on.consent.screen": "false",
-    "saml.onetimeuse.condition": "false"
-  },
-  "authenticationFlowBindingOverrides": {},
-  "fullScopeAllowed": true,
-  "nodeReRegistrationTimeout": -1,
-  "defaultClientScopes": [
-    "web-origins",
-    "profile",
-    "roles",
-    "groups",
-    "basic",
-    "email"
-  ],
-  "optionalClientScopes": [
-    "address",
-    "phone",
-    "offline_access",
-    "microprofile-jwt"
-  ],
-  "access": {
-    "view": true,
-    "configure": true,
-    "manage": true
-  }
-}

devtools/deployments/multi-tenancy/config/keycloak/clients/OpenCloudIOS.json

@@ -1,63 +0,0 @@
-{
-  "clientId": "OpenCloudIOS",
-  "name": "OpenCloud iOS App",
-  "surrogateAuthRequired": false,
-  "enabled": true,
-  "alwaysDisplayInConsole": false,
-  "clientAuthenticatorType": "client-secret",
-  "redirectUris": [
-    "oc://ios.opencloud.eu"
-  ],
-  "webOrigins": [],
-  "notBefore": 0,
-  "bearerOnly": false,
-  "consentRequired": false,
-  "standardFlowEnabled": true,
-  "implicitFlowEnabled": false,
-  "directAccessGrantsEnabled": true,
-  "serviceAccountsEnabled": false,
-  "publicClient": true,
-  "frontchannelLogout": false,
-  "protocol": "openid-connect",
-  "attributes": {
-    "saml.assertion.signature": "false",
-    "saml.force.post.binding": "false",
-    "saml.multivalued.roles": "false",
-    "saml.encrypt": "false",
-    "post.logout.redirect.uris": "oc://ios.opencloud.eu",
-    "backchannel.logout.revoke.offline.tokens": "false",
-    "saml.server.signature": "false",
-    "saml.server.signature.keyinfo.ext": "false",
-    "exclude.session.state.from.auth.response": "false",
-    "backchannel.logout.session.required": "true",
-    "client_credentials.use_refresh_token": "false",
-    "saml_force_name_id_format": "false",
-    "saml.client.signature": "false",
-    "tls.client.certificate.bound.access.tokens": "false",
-    "saml.authnstatement": "false",
-    "display.on.consent.screen": "false",
-    "saml.onetimeuse.condition": "false"
-  },
-  "authenticationFlowBindingOverrides": {},
-  "fullScopeAllowed": true,
-  "nodeReRegistrationTimeout": -1,
-  "defaultClientScopes": [
-    "web-origins",
-    "profile",
-    "roles",
-    "groups",
-    "basic",
-    "email"
-  ],
-  "optionalClientScopes": [
-    "address",
-    "phone",
-    "offline_access",
-    "microprofile-jwt"
-  ],
-  "access": {
-    "view": true,
-    "configure": true,
-    "manage": true
-  }
-}

devtools/deployments/multi-tenancy/config/keycloak/clients/cyberduck.json

@@ -1,66 +0,0 @@
-{
-  "clientId": "Cyberduck",
-  "name": "Cyberduck",
-  "description": "File transfer utility client",
-  "surrogateAuthRequired": false,
-  "enabled": true,
-  "alwaysDisplayInConsole": false,
-  "clientAuthenticatorType": "client-secret",
-  "redirectUris": [
-    "x-cyberduck-action:oauth",
-    "x-mountainduck-action:oauth"
-  ],
-  "webOrigins": [],
-  "notBefore": 0,
-  "bearerOnly": false,
-  "consentRequired": false,
-  "standardFlowEnabled": true,
-  "implicitFlowEnabled": false,
-  "directAccessGrantsEnabled": true,
-  "serviceAccountsEnabled": false,
-  "publicClient": true,
-  "frontchannelLogout": false,
-  "protocol": "openid-connect",
-  "attributes": {
-    "saml.assertion.signature": "false",
-    "saml.force.post.binding": "false",
-    "saml.multivalued.roles": "false",
-    "saml.encrypt": "false",
-    "oauth2.device.authorization.grant.enabled": "false",
-    "backchannel.logout.revoke.offline.tokens": "false",
-    "saml.server.signature": "false",
-    "saml.server.signature.keyinfo.ext": "false",
-    "exclude.session.state.from.auth.response": "false",
-    "oidc.ciba.grant.enabled": "false",
-    "backchannel.logout.session.required": "true",
-    "client_credentials.use_refresh_token": "false",
-    "saml_force_name_id_format": "false",
-    "saml.client.signature": "false",
-    "tls.client.certificate.bound.access.tokens": "false",
-    "saml.authnstatement": "false",
-    "display.on.consent.screen": "false",
-    "saml.onetimeuse.condition": "false"
-  },
-  "authenticationFlowBindingOverrides": {},
-  "fullScopeAllowed": true,
-  "nodeReRegistrationTimeout": -1,
-  "defaultClientScopes": [
-    "web-origins",
-    "profile",
-    "roles",
-    "groups",
-    "basic",
-    "email"
-  ],
-  "optionalClientScopes": [
-    "address",
-    "phone",
-    "offline_access",
-    "microprofile-jwt"
-  ],
-  "access": {
-    "view": true,
-    "configure": true,
-    "manage": true
-  }
-}

devtools/deployments/multi-tenancy/config/keycloak/clients/web.json

@@ -1,74 +0,0 @@
-{
-  "clientId": "web",
-  "name": "OpenCloud Web App",
-  "description": "",
-  "rootUrl": "{{OC_URL}}",
-  "adminUrl": "{{OC_URL}}",
-  "baseUrl": "",
-  "surrogateAuthRequired": false,
-  "enabled": true,
-  "alwaysDisplayInConsole": false,
-  "clientAuthenticatorType": "client-secret",
-  "redirectUris": [
-    "{{OC_URL}}/",
-    "{{OC_URL}}/oidc-callback.html",
-    "{{OC_URL}}/oidc-silent-redirect.html"
-  ],
-  "webOrigins": [
-    "{{OC_URL}}"
-  ],
-  "notBefore": 0,
-  "bearerOnly": false,
-  "consentRequired": false,
-  "standardFlowEnabled": true,
-  "implicitFlowEnabled": false,
-  "directAccessGrantsEnabled": true,
-  "serviceAccountsEnabled": false,
-  "publicClient": true,
-  "frontchannelLogout": false,
-  "protocol": "openid-connect",
-  "attributes": {
-    "saml.assertion.signature": "false",
-    "saml.force.post.binding": "false",
-    "saml.multivalued.roles": "false",
-    "saml.encrypt": "false",
-    "post.logout.redirect.uris": "+",
-    "oauth2.device.authorization.grant.enabled": "false",
-    "backchannel.logout.revoke.offline.tokens": "false",
-    "saml.server.signature": "false",
-    "saml.server.signature.keyinfo.ext": "false",
-    "exclude.session.state.from.auth.response": "false",
-    "oidc.ciba.grant.enabled": "false",
-    "backchannel.logout.url": "{{OC_URL}}/backchannel_logout",
-    "backchannel.logout.session.required": "true",
-    "client_credentials.use_refresh_token": "false",
-    "saml_force_name_id_format": "false",
-    "saml.client.signature": "false",
-    "tls.client.certificate.bound.access.tokens": "false",
-    "saml.authnstatement": "false",
-    "display.on.consent.screen": "false",
-    "saml.onetimeuse.condition": "false"
-  },
-  "authenticationFlowBindingOverrides": {},
-  "fullScopeAllowed": true,
-  "nodeReRegistrationTimeout": -1,
-  "defaultClientScopes": [
-    "web-origins",
-    "profile",
-    "roles",
-    "groups",
-    "basic",
-    "email"
-  ],
-  "optionalClientScopes": [
-    "address",
-    "phone",
-    "offline_access",
-    "microprofile-jwt"
-  ],
-  "access": {
-    "view": true,
-    "configure": true,
-    "manage": true
-  }
-}

devtools/deployments/multi-tenancy/config/keycloak/docker-entrypoint-override.sh

@@ -1,8 +0,0 @@
-#!/bin/bash
-printenv
-# replace openCloud domain and LDAP password in keycloak realm import
-mkdir /opt/keycloak/data/import
-sed -e "s/cloud.opencloud.test/${OC_DOMAIN}/g" -e "s/ldap-admin-password/${LDAP_ADMIN_PASSWORD:-admin}/g" /opt/keycloak/data/import-dist/openCloud-realm.json > /opt/keycloak/data/import/openCloud-realm.json
-
-# run original docker-entrypoint
-/opt/keycloak/bin/kc.sh "$@"

devtools/deployments/multi-tenancy/config/keycloak/themes/opencloud/login/resources/css/theme.css

@@ -1,38 +0,0 @@
-:root {
-    --pf-global--primary-color--100: #e2baff;
-    --pf-global--primary-color--200: #e2baff;
-    --pf-global--primary-color--dark-100: #e2baff;
-    --pf-global--Color--light-100: #20434f;
-}
-
-@font-face {
-    font-family: OpenCloud;
-    src: url('../fonts/OpenCloud500-Regular.woff2') format('woff2');
-    font-weight: normal;
-    font-style: normal;
-}
-
-@font-face {
-    font-family: OpenCloud;
-    src: url('../fonts/OpenCloud750-Bold.woff2') format('woff2');
-    font-weight: bold;
-    font-style: normal;
-}
-
-body {
-    font-family: "OpenCloud", "Open Sans", Helvetica, Arial, sans-serif;
-    background: url(../img/background.png) no-repeat center !important;
-    background-size: cover !important;
-}
-
-.kc-logo-text {
-    background-image: url(../img/logo.svg) !important;
-    background-size: contain;
-    width: 400px;
-    margin: 0 !important;
-}
-
-#kc-header-wrapper{
-    display: flex;
-    justify-content: center;
-}

devtools/deployments/multi-tenancy/config/keycloak/themes/opencloud/login/resources/img/logo.svg

@@ -1,14 +0,0 @@
-<svg width="170" height="35" viewBox="0 0 170 35" fill="none" xmlns="http://www.w3.org/2000/svg">
-<path d="M45.1928 23.7428C42.5766 22.2684 41.0547 19.5569 41.0547 16.1555C41.0547 14.4433 41.4115 12.921 42.1485 11.589C43.5753 8.92532 46.2869 7.35547 49.6879 7.35547C51.377 7.35547 52.8514 7.73604 54.1593 8.47339C56.7523 9.97188 58.2508 12.7307 58.2508 16.1555C58.2508 17.8443 57.894 19.3663 57.1801 20.6748C55.753 23.315 53.042 24.8605 49.6879 24.8605C47.9992 24.8605 46.501 24.504 45.1928 23.7428ZM49.6641 22.1254C52.9942 22.1254 55.1824 19.7947 55.1824 16.1555C55.1824 12.4215 52.8755 10.0667 49.6641 10.0667C46.4534 10.0667 44.1224 12.4215 44.1224 16.1555C44.1224 19.771 46.3345 22.1254 49.6641 22.1254Z" fill="#E2BAFF"/>
-<path d="M62.0912 11.9934L63.6608 14.7522C65.0879 12.4929 66.967 11.9934 68.4176 11.9934C69.5828 11.9934 70.5821 12.255 71.4618 12.8259C72.3657 13.4202 73.0558 14.1814 73.5077 15.1328C74.0069 16.1318 74.2448 17.2259 74.2448 18.4387C74.2448 19.6518 74.0069 20.7697 73.5077 21.7687C73.0558 22.7201 72.3419 23.4813 71.4381 24.0283C70.5821 24.5989 69.5828 24.8605 68.4176 24.8605C67.6327 24.8605 66.8477 24.6943 66.0869 24.3613C65.3971 24.0283 64.7787 23.5526 64.2792 22.958V28.9992H61.3774V16.5599L59.5938 13.4443L62.0912 11.9934ZM64.2792 18.4387C64.2792 19.1764 64.4219 19.8658 64.7073 20.4605C65.0641 21.1027 65.4685 21.5546 65.9442 21.84C66.4913 22.1493 67.0856 22.292 67.7754 22.292C68.489 22.292 69.0836 22.1493 69.6069 21.84C70.1302 21.5308 70.5583 21.0789 70.8196 20.4605C71.1289 19.8658 71.2478 19.1764 71.2478 18.4387C71.2478 17.2497 70.9386 16.2983 70.3204 15.6323C69.6782 14.9187 68.8457 14.562 67.7516 14.562C66.7291 14.562 65.8728 14.9187 65.2306 15.6323C64.6122 16.2983 64.2792 17.2497 64.2792 18.4387Z" fill="#E2BAFF"/>
-<path d="M76.5405 15.133C77.0162 14.1812 77.7297 13.3966 78.7049 12.7782C79.7039 12.2311 80.7981 11.9695 82.0587 11.9695C83.319 11.9695 84.3656 12.2311 85.1981 12.7306C86.1017 13.3015 86.768 14.0626 87.2437 15.0137C87.6715 15.9892 87.9094 17.1544 87.9094 18.4386L87.8621 19.1286H78.6098C78.7049 20.1987 79.0855 21.0077 79.7515 21.6261C80.4175 22.1491 81.2976 22.387 82.3438 22.387C83.1528 22.387 83.8661 22.2446 84.5318 21.9826C85.1981 21.721 85.7925 21.388 86.2685 20.9836C86.3398 21.0553 87.505 23.1005 87.505 23.1005C86.768 23.6476 85.9352 24.0758 85.0316 24.4084C84.1991 24.7177 83.2239 24.8604 82.1535 24.8604C80.8694 24.8604 79.7277 24.599 78.8001 24.052C77.8962 23.5287 77.1589 22.7675 76.5642 21.7689C76.0409 20.7696 75.7793 19.6516 75.7793 18.4386C75.7793 17.2496 76.0172 16.1317 76.5405 15.133ZM78.6811 17.1544H85.0316C84.9365 16.203 84.6273 15.5373 84.104 15.1089C83.5331 14.6097 82.8671 14.348 82.0587 14.348C81.2259 14.348 80.5126 14.6097 79.8704 15.0616C79.2996 15.5135 78.919 16.203 78.6811 17.1544Z" fill="#E2BAFF"/>
-<path d="M102.054 17.0594V24.4799H99.1283V17.3211C99.1283 16.3459 98.9142 15.6561 98.4623 15.2042C98.0342 14.6809 97.3919 14.443 96.5121 14.443C95.9411 14.443 95.4656 14.5857 94.9899 14.895C94.538 15.1328 94.1812 15.5372 93.9433 16.0367C93.7293 16.5124 93.5866 17.0832 93.5866 17.773V24.4799H90.6371V16.5599L88.8535 13.4202L91.3745 11.9934L92.8492 14.5144C94.3477 12.2785 95.9648 11.9934 97.059 11.9934C98.2958 11.9934 99.0569 12.2072 99.5564 12.445C100.056 12.6832 100.508 12.9921 100.841 13.3727C101.649 14.2527 102.054 15.4896 102.054 17.0594Z" fill="#E2BAFF"/>
-<path d="M117.538 23.838C117.015 24.0999 116.325 24.3613 115.469 24.5991C114.684 24.7656 113.851 24.8608 112.971 24.8608C111.259 24.8608 109.737 24.4802 108.429 23.7669C107.144 23.0531 106.145 22.0303 105.408 20.6748C104.694 19.3663 104.338 17.8443 104.338 16.1083C104.338 14.4195 104.694 12.8972 105.384 11.5414C106.074 10.2097 107.144 9.16318 108.405 8.47339C109.713 7.71225 111.283 7.35547 113.138 7.35547C114.066 7.35547 114.874 7.42683 115.564 7.61711C116.373 7.80739 117.038 8.04525 117.514 8.33068C118.014 8.56854 118.608 8.90153 119.298 9.35346L117.8 11.8982C117.062 11.3987 116.349 11.0185 115.659 10.733C114.85 10.4238 113.994 10.2573 113.066 10.2573C111.83 10.2573 110.807 10.4952 109.999 10.9944C109.118 11.5414 108.476 12.2312 108.048 13.0875C107.62 14.0151 107.382 15.0379 107.382 16.1555C107.382 17.2738 107.62 18.2725 108.048 19.1525C108.476 20.0088 109.118 20.6986 109.999 21.1981C110.831 21.6735 111.854 21.9117 113.043 21.9117C113.733 21.9117 114.351 21.84 114.922 21.6973C115.54 21.5308 116.064 21.3408 116.491 21.103C117.086 20.7937 117.538 20.5083 117.871 20.2467L119.346 22.8152C118.632 23.2434 118.037 23.6001 117.538 23.838Z" fill="#E2BAFF"/>
-<rect x="121.127" y="7.23633" width="2.90154" height="17.2437" fill="#E2BAFF"/>
-<path d="M126.195 18.4387C126.195 14.6809 128.859 11.9934 132.688 11.9934C136.494 11.9934 139.134 14.6571 139.134 18.4152C139.134 22.2206 136.494 24.8605 132.664 24.8605C129.002 24.8605 126.195 22.3633 126.195 18.4387ZM132.664 22.3633C134.71 22.3633 136.113 20.9124 136.113 18.4152C136.113 15.9891 134.71 14.4671 132.664 14.4671C130.548 14.4671 129.192 16.0604 129.192 18.4152C129.192 20.8411 130.572 22.3633 132.664 22.3633Z" fill="#E2BAFF"/>
-<path d="M145.86 24.8606C144.456 24.8606 143.339 24.4324 142.482 23.5048C141.674 22.5774 141.27 21.3168 141.27 19.747V12.374H144.171V19.5329C144.171 20.4605 144.385 21.1741 144.837 21.6736C145.265 22.1493 145.931 22.3634 146.811 22.3634C147.382 22.3634 147.881 22.2444 148.334 21.9828C148.785 21.7212 149.118 21.3168 149.356 20.8173C149.618 20.294 149.737 19.6994 149.737 19.081V12.374H152.662V20.3654L154.422 23.4337L151.925 24.8606L150.522 22.4585C150.522 22.4585 149.974 23.1721 149.237 23.7905C148.334 24.5517 147.382 24.8606 145.86 24.8606Z" fill="#E2BAFF"/>
-<path d="M156.104 15.1328C156.651 14.0624 157.293 13.2775 158.173 12.8259C159.053 12.2788 160.076 11.9696 161.17 11.9696C162.098 11.9696 162.859 12.1599 163.525 12.4929C164.191 12.8259 164.809 13.254 165.309 13.8959V7.23657H168.21V20.3415L169.947 23.4099L167.449 24.837L165.927 22.1968C165.927 22.1968 164.88 23.6712 163.525 24.3375C162.954 24.623 162.05 24.837 161.194 24.837C160.076 24.837 159.053 24.5751 158.173 24.0045C157.317 23.5526 156.651 22.7677 156.104 21.7687C155.604 20.7697 155.391 19.6993 155.391 18.4387C155.391 17.1546 155.604 16.0604 156.104 15.1328ZM158.363 18.4387C158.363 19.2474 158.506 19.8896 158.792 20.437C159.125 21.1027 159.553 21.5073 160.004 21.7925C160.528 22.1017 161.098 22.2682 161.812 22.2682C162.526 22.2682 163.144 22.1017 163.644 21.7925C164.143 21.5073 164.571 21.0789 164.88 20.437C165.166 19.8896 165.309 19.2474 165.309 18.4387C165.309 17.2497 164.999 16.2507 164.333 15.6323C163.763 14.9187 162.883 14.5385 161.836 14.5385C160.766 14.5385 159.933 14.9187 159.339 15.6323C158.673 16.2507 158.363 17.2497 158.363 18.4387Z" fill="#E2BAFF"/>
-<path d="M13.4814 25.5141L14.9505 24.6659V18.5276L20.234 15.4772V13.785L18.7649 12.9368L13.4462 16.0076L8.20127 12.9794L6.73242 13.8273V15.5198L12.0159 18.5703V24.668L13.4814 25.5141Z" fill="#E2BAFF"/>
-<path d="M26.9649 7.78377L13.4828 0L0 7.78408V11.1725L13.4824 3.38806L26.9649 11.1721V7.78377Z" fill="#E2BAFF"/>
-<path d="M26.9646 23.8279L13.4821 31.612L0 23.8279V27.2163L13.4821 35L26.9646 27.2163V23.8279Z" fill="#E2BAFF"/>
-</svg>

devtools/deployments/multi-tenancy/config/keycloak/themes/opencloud/login/resources/js/script.js

@@ -1,19 +0,0 @@
-document.addEventListener("DOMContentLoaded", function () {
-    const setLogoUrl = (url) => {
-        const logoTextSelector = document.querySelector(".kc-logo-text");
-
-        if (!logoTextSelector) {
-            return
-        }
-
-        const link = document.createElement("a");
-        link.href = url;
-        link.target = "_blank";
-
-        const parent = logoTextSelector.parentNode;
-        parent.insertBefore(link, logoTextSelector);
-        link.appendChild(logoTextSelector);
-    }
-
-    setLogoUrl('https://opencloud.eu')
-});

devtools/deployments/multi-tenancy/config/keycloak/themes/opencloud/login/theme.properties

@@ -1,5 +0,0 @@
-parent=keycloak
-import=common/keycloak
-
-styles=css/login.css css/theme.css
-scripts=js/script.js

devtools/deployments/multi-tenancy/config/ldap/docker-entrypoint-override.sh

@@ -1,9 +0,0 @@
-#!/bin/bash
-echo "Running custom LDAP entrypoint script..."
-
-if [ ! -f /opt/bitnami/openldap/share/openldap.key ]
-then	
-	openssl req -x509 -newkey rsa:4096 -keyout /opt/bitnami/openldap/share/openldap.key -out /opt/bitnami/openldap/share/openldap.crt -sha256 -days 365 -batch -nodes
-fi
-# run original docker-entrypoint
-/opt/bitnami/scripts/openldap/entrypoint.sh "$@"

devtools/deployments/multi-tenancy/config/ldap/ldif/10_base.ldif

@@ -1,20 +0,0 @@
-dn: dc=opencloud,dc=eu
-objectClass: organization
-objectClass: dcObject
-dc: opencloud
-o: openCloud
-
-dn: ou=users,dc=opencloud,dc=eu
-objectClass: organizationalUnit
-ou: users
-
-dn: cn=admin,dc=opencloud,dc=eu
-objectClass: inetOrgPerson
-objectClass: person
-cn: admin
-sn: admin
-uid: ldapadmin
-
-dn: ou=tenants,dc=opencloud,dc=eu
-objectClass: organizationalUnit
-ou: tenants

devtools/deployments/multi-tenancy/config/ldap/ldif/20_admin.ldif

@@ -1,20 +0,0 @@
-dn: uid=admin,ou=users,dc=opencloud,dc=eu
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-uid: admin
-givenName: Admin
-sn: Admin
-cn: admin
-displayName: Admin
-description: An admin for this OpenCloud instance.
-mail: admin@example.org
-userPassword:: e1NTSEF9UWhmaFB3dERydTUydURoWFFObDRMbzVIckI3TkI5Nmo==
-
-dn: cn=administrators,ou=groups,dc=opencloud,dc=eu
-objectClass: groupOfNames
-objectClass: top
-cn: administrators
-description: OpenCloud Administrators
-member: uid=admin,ou=users,dc=opencloud,dc=eu

devtools/deployments/multi-tenancy/config/opencloud/csp.yaml

@@ -1,44 +0,0 @@
-directives:
-  child-src:
-    - '''self'''
-  connect-src:
-    - '''self'''
-    - 'blob:'
-    - 'https://${COMPANION_DOMAIN|companion.opencloud.test}/'
-    - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}/'
-    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
-    - 'https://${IDP_DOMAIN|keycloak.opencloud.test}/'
-  default-src:
-    - '''none'''
-  font-src:
-    - '''self'''
-  frame-ancestors:
-    - '''self'''
-  frame-src:
-    - '''self'''
-    - 'blob:'
-    - 'https://embed.diagrams.net/'
-    # In contrary to bash and docker the default is given after the | character
-    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
-    # This is needed for the external-sites web extension when embedding sites
-    - 'https://docs.opencloud.eu'
-  img-src:
-    - '''self'''
-    - 'data:'
-    - 'blob:'
-    - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/'
-    # In contrary to bash and docker the default is given after the | character
-    - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}/'
-  manifest-src:
-    - '''self'''
-  media-src:
-    - '''self'''
-  object-src:
-    - '''self'''
-    - 'blob:'
-  script-src:
-    - '''self'''
-    - '''unsafe-inline'''
-  style-src:
-    - '''self'''
-    - '''unsafe-inline'''

devtools/deployments/multi-tenancy/config/opencloud/proxy.yaml

@@ -1,40 +0,0 @@
-# This adds four additional routes to the proxy. Forwarding
-# request on '/carddav/', '/caldav/' and the respective '/.well-knwown'
-# endpoints to the radicale container and setting the required headers.
-additional_policies:
-  - name: default
-    routes:
-      - endpoint: /caldav/
-        backend: http://radicale:5232
-        remote_user_header: X-Remote-User
-        skip_x_access_token: true
-        additional_headers:
-          - X-Script-Name: /caldav
-      - endpoint: /.well-known/caldav
-        backend: http://radicale:5232
-        remote_user_header: X-Remote-User
-        skip_x_access_token: true
-        additional_headers:
-          - X-Script-Name: /caldav
-      - endpoint: /carddav/
-        backend: http://radicale:5232
-        remote_user_header: X-Remote-User
-        skip_x_access_token: true
-        additional_headers:
-          - X-Script-Name: /carddav
-      - endpoint: /.well-known/carddav
-        backend: http://radicale:5232
-        remote_user_header: X-Remote-User
-        skip_x_access_token: true
-        additional_headers:
-          - X-Script-Name: /carddav
-# To enable the radicale web UI add this rule.
-# "unprotected" is True because the Web UI itself ask for
-# the password.
-# Also set "type" to "internal" in the config/radicale/config
-#      - endpoint: /caldav/.web/
-#        backend: http://radicale:5232/
-#        unprotected: true
-#        skip_x_access_token: true
-#        additional_headers:
-#          - X-Script-Name: /caldav

devtools/deployments/multi-tenancy/config/traefik/docker-entrypoint-override.sh

@@ -1,72 +0,0 @@
-set -e
-
-printenv
-# Function to add arguments to the command
-add_arg() {
-    TRAEFIK_CMD="$TRAEFIK_CMD $1"
-}
-
-# Initialize the base command
-TRAEFIK_CMD="traefik"
-
-# Base Traefik arguments (from your existing configuration)
-add_arg "--log.level=${TRAEFIK_LOG_LEVEL:-ERROR}"
-# enable dashboard
-add_arg "--api.dashboard=true"
-# define entrypoints
-add_arg "--entryPoints.http.address=:80"
-add_arg "--entryPoints.http.http.redirections.entryPoint.to=https"
-add_arg "--entryPoints.http.http.redirections.entryPoint.scheme=https"
-add_arg "--entryPoints.https.address=:443"
-# change default timeouts for long-running requests
-# this is needed for webdav clients that do not support the TUS protocol
-add_arg "--entryPoints.https.transport.respondingTimeouts.readTimeout=12h"
-add_arg "--entryPoints.https.transport.respondingTimeouts.writeTimeout=12h"
-add_arg "--entryPoints.https.transport.respondingTimeouts.idleTimeout=3m"
-# docker provider (get configuration from container labels)
-add_arg "--providers.docker.endpoint=unix:///var/run/docker.sock"
-add_arg "--providers.docker.exposedByDefault=false"
-# access log
-add_arg "--accessLog=${TRAEFIK_ACCESS_LOG:-false}"
-add_arg "--accessLog.format=json"
-add_arg "--accessLog.fields.headers.names.X-Request-Id=keep"
-
-# Add Let's Encrypt configuration if enabled
-if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" = "tls.certresolver=letsencrypt" ]; then
-    echo "Configuring Traefik with Let's Encrypt..."
-    add_arg "--certificatesResolvers.letsencrypt.acme.email=${TRAEFIK_ACME_MAIL:-example@example.org}"
-    add_arg "--certificatesResolvers.letsencrypt.acme.storage=/certs/acme.json"
-    add_arg "--certificatesResolvers.letsencrypt.acme.httpChallenge.entryPoint=http"
-    add_arg "--certificatesResolvers.letsencrypt.acme.caserver=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
-fi
-
-# Add local certificate configuration if enabled
-if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" = "tls=true" ]; then
-    echo "Configuring Traefik with local certificates..."
-    add_arg "--providers.file.directory=/etc/traefik/dynamic"
-    add_arg "--providers.file.watch=true"
-fi
-
-# Warning if neither certificate method is enabled
-if [ "${TRAEFIK_SERVICES_TLS_CONFIG}" != "tls=true" ] && [ "${TRAEFIK_SERVICES_TLS_CONFIG}" != "tls.certresolver=letsencrypt" ]; then
-    echo "WARNING: Neither Let's Encrypt nor local certificates are enabled."
-    echo "HTTPS will not work properly without certificate configuration."
-fi
-
-# Add any custom arguments from environment variable
-if [ -n "${TRAEFIK_CUSTOM_ARGS}" ]; then
-    echo "Adding custom Traefik arguments: ${TRAEFIK_CUSTOM_ARGS}"
-    TRAEFIK_CMD="$TRAEFIK_CMD $TRAEFIK_CUSTOM_ARGS"
-fi
-
-# Add any additional arguments passed to the script
-for arg in "$@"; do
-    add_arg "$arg"
-done
-
-# Print the final command for debugging
-echo "Starting Traefik with command:"
-echo "$TRAEFIK_CMD"
-
-# Execute Traefik
-exec $TRAEFIK_CMD

devtools/deployments/multi-tenancy/docker-compose.yml

@@ -1,119 +0,0 @@
----
-services:
-  # OpenCloud instance configured for multi-tenancy using keycloak as identity provider
-  # The graph service is setup to consume users via the CS3 API.
-  opencloud:
-    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
-    # changelog: https://github.com/opencloud-eu/opencloud/tree/main/changelog
-    # release notes: https://docs.opencloud.eu/opencloud_release_notes.html
-    networks:
-      opencloud-net:
-    entrypoint:
-      - /bin/sh
-    # run opencloud init to initialize a configuration file with random secrets
-    # it will fail on subsequent runs, because the config file already exists
-    # therefore we ignore the error and then start the opencloud server
-    command: ["-c", "opencloud init || true; opencloud server"]
-    environment:
-      OC_MULTI_TENANT_ENABLED: "true"
-      # enable services that are not started automatically
-      OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}
-      OC_LOG_LEVEL: ${LOG_LEVEL:-info}
-      OC_LOG_COLOR: "${LOG_PRETTY:-false}"
-      OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
-      OC_EXCLUDE_RUN_SERVICES: idm,idp
-      PROXY_ROLE_ASSIGNMENT_DRIVER: "oidc"
-      OC_OIDC_ISSUER: https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud
-      PROXY_OIDC_REWRITE_WELLKNOWN: "true"
-      WEB_OIDC_CLIENT_ID: ${OC_OIDC_CLIENT_ID:-web}
-      PROXY_USER_OIDC_CLAIM: "uuid"
-      PROXY_USER_CS3_CLAIM: "userid"
-      WEB_OPTION_ACCOUNT_EDIT_LINK_HREF: "https://${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}/realms/openCloud/account"
-      # admin and demo accounts must be created in Keycloak
-      OC_ADMIN_USER_ID: ""
-      SETTINGS_SETUP_DEFAULT_ASSIGNMENTS: "false"
-      GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
-      GRAPH_USERNAME_MATCH: "none"
-      GROUPS_DRIVER: "null"
-      # This is needed to set the correct CSP rules for OpenCloud
-      IDP_DOMAIN: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
-      # do not use SSL between the reverse proxy and OpenCloud
-      PROXY_TLS: "false"
-      # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates
-      OC_INSECURE: "${INSECURE:-false}"
-      # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
-      PROXY_ENABLE_BASIC_AUTH: "false"
-      GRAPH_IDENTITY_BACKEND: "cs3"
-      PROXY_CSP_CONFIG_FILE_LOCATION: /etc/opencloud/csp.yaml
-      OC_LDAP_URI: ldaps://ldap-server:1636
-      OC_LDAP_INSECURE: "true"
-      OC_LDAP_BIND_DN: "cn=admin,dc=opencloud,dc=eu"
-      OC_LDAP_BIND_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
-      OC_LDAP_USER_BASE_DN: "ou=users,dc=opencloud,dc=eu"
-      OC_LDAP_USER_SCHEMA_TENANT_ID: "openCloudMemberOfSchool"
-      PROXY_LOG_LEVEL: "debug"
-    volumes:
-      - ./config/opencloud/csp.yaml:/etc/opencloud/csp.yaml
-      # configure the .env file to use own paths instead of docker internal volumes
-      - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud
-      - ${OC_DATA_DIR:-opencloud-data}:/var/lib/opencloud
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.opencloud.entrypoints=https"
-      - "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)"
-      - "traefik.http.routers.opencloud.service=opencloud"
-      - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
-      - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
-  # Stand-alone instance of the 'graph' service to serve the provisioning API
-  provsioning:
-    image: ${OC_DOCKER_IMAGE:-opencloudeu/opencloud-rolling}:${OC_DOCKER_TAG:-latest}
-    networks:
-      opencloud-net:
-    entrypoint:
-      - /bin/sh
-    # run opencloud init to initialize a configuration file with random secrets
-    # it will fail on subsequent runs, because the config file already exists
-    # therefore we ignore the error and then start the opencloud server
-    command: ["-c", "opencloud init || true; opencloud graph server"]
-    environment:
-      OC_LOG_LEVEL: "debug"
-      OC_LOG_COLOR: "${LOG_PRETTY:-false}"
-      OC_LOG_PRETTY: "${LOG_PRETTY:-false}"
-      # This just runs the standalone graph service we don't need access to the registry
-      MICRO_REGISTRY: "memory"
-      # INSECURE: needed if OpenCloud / reverse proxy is using self generated certificates
-      OC_INSECURE: "${INSECURE:-false}"
-      GRAPH_HTTP_ADDR: "0.0.0.0:9120"
-      GRAPH_HTTP_API_TOKEN: "${PROVISIONING_API_TOKEN:-changeme}"
-      # disable listening for events
-      GRAPH_EVENTS_ENDPOINT: ""
-      GRAPH_STORE_NODES: ""
-      GRAPH_ASSIGN_DEFAULT_USER_ROLE: "false"
-      GRAPH_USERNAME_MATCH: "none"
-      GRAPH_LDAP_EDUCATION_RESOURCES_ENABLED: "true"
-      GRAPH_LDAP_SCHOOL_BASE_DN: "ou=tenants,dc=opencloud,dc=eu"
-      OC_LDAP_URI: ldaps://ldap-server:1636
-      OC_LDAP_INSECURE: "true"
-      OC_LDAP_BIND_DN: "cn=admin,dc=opencloud,dc=eu"
-      OC_LDAP_BIND_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
-      OC_LDAP_USER_BASE_DN: "ou=users,dc=opencloud,dc=eu"
-      OC_LDAP_USER_FILTER: "(objectclass=inetOrgPerson)"
-    volumes:
-      # configure the .env file to use own paths instead of docker internal volumes
-      - ${PROVISIONING_CONFIG_DIR:-provisioning-config}:/etc/opencloud
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-    ports:
-      - "9120:9120"
-
-volumes:
-  opencloud-config:
-  opencloud-data:
-  provisioning-config:
-
-networks:
-  opencloud-net:

devtools/deployments/multi-tenancy/initialize_users.go

@@ -1,140 +0,0 @@
-package main
-
-import (
-	"context"
-	"crypto/tls"
-	"fmt"
-
-	"github.com/Nerzal/gocloak/v13"
-	"github.com/go-resty/resty/v2"
-	libregraph "github.com/opencloud-eu/libre-graph-api-go"
-)
-
-const (
-	provisioningAPIURL    = "http://localhost:9120/graph"
-	provisioningAuthToken = "changeme"
-)
-
-type tenantWithUsers struct {
-	tenant libregraph.EducationSchool
-	users  []libregraph.EducationUser
-}
-
-var demoTenants = []tenantWithUsers{
-	{
-		tenant: libregraph.EducationSchool{
-			DisplayName: libregraph.PtrString("Famous Coders"),
-		},
-		users: []libregraph.EducationUser{
-			{
-				DisplayName:              libregraph.PtrString("Dennis Ritchie"),
-				OnPremisesSamAccountName: libregraph.PtrString("dennis"),
-				Mail:                     libregraph.PtrString("dennis@example.org"),
-			},
-			{
-				DisplayName:              libregraph.PtrString("Grace Hopper"),
-				OnPremisesSamAccountName: libregraph.PtrString("grace"),
-				Mail:                     libregraph.PtrString("grace@example.org"),
-			},
-		},
-	},
-	{
-		tenant: libregraph.EducationSchool{
-			DisplayName: libregraph.PtrString("Scientists"),
-		},
-		users: []libregraph.EducationUser{
-			{
-				DisplayName:              libregraph.PtrString("Albert Einstein"),
-				OnPremisesSamAccountName: libregraph.PtrString("einstein"),
-				Mail:                     libregraph.PtrString("einstein@example.org"),
-			},
-			{
-				DisplayName:              libregraph.PtrString("Marie Curie"),
-				OnPremisesSamAccountName: libregraph.PtrString("marie"),
-				Mail:                     libregraph.PtrString("marie@example.org"),
-			},
-		},
-	},
-}
-
-func main() {
-	lgconf := libregraph.NewConfiguration()
-	lgconf.Servers = libregraph.ServerConfigurations{
-		{
-			URL: provisioningAPIURL,
-		},
-	}
-	lgconf.DefaultHeader = map[string]string{"Authorization": "Bearer " + provisioningAuthToken}
-	lgclient := libregraph.NewAPIClient(lgconf)
-
-	for _, tenant := range demoTenants {
-		tenantid, err := createTenant(lgclient, tenant.tenant)
-		if err != nil {
-			fmt.Printf("Failed to create tenant: %s\n", err)
-			continue
-		}
-		for _, user := range tenant.users {
-			userid1, err := createUser(lgclient, user)
-			if err != nil {
-				fmt.Printf("Failed to create user: %s\n", err)
-				continue
-			}
-			_, err = lgclient.EducationSchoolApi.AddUserToSchool(context.TODO(), tenantid).EducationUserReference(libregraph.EducationUserReference{
-				OdataId: libregraph.PtrString(fmt.Sprintf("%s/education/users/%s", provisioningAPIURL, userid1)),
-			}).Execute()
-			if err != nil {
-				fmt.Printf("Failed to add user to tenant: %s\n", err)
-				continue
-			}
-		}
-	}
-
-	resetAllUserPasswords()
-}
-
-func createUser(client *libregraph.APIClient, user libregraph.EducationUser) (string, error) {
-	newUser, _, err := client.EducationUserApi.CreateEducationUser(context.TODO()).EducationUser(user).Execute()
-	if err != nil {
-		fmt.Printf("Failed to create user: %s\n", err)
-		return "", err
-	}
-	fmt.Printf("Created user: %s with id %s\n", newUser.GetDisplayName(), newUser.GetId())
-	return newUser.GetId(), nil
-}
-
-func createTenant(client *libregraph.APIClient, tenant libregraph.EducationSchool) (string, error) {
-	newTenant, _, err := client.EducationSchoolApi.CreateSchool(context.TODO()).EducationSchool(tenant).Execute()
-	if err != nil {
-		fmt.Printf("Failed to create tenant: %s\n", err)
-		return "", err
-	}
-	fmt.Printf("Created tenant: %s with id %s\n", newTenant.GetDisplayName(), newTenant.GetId())
-	return newTenant.GetId(), nil
-}
-
-func resetAllUserPasswords() {
-	tls := tls.Config{InsecureSkipVerify: true}
-	restyClient := resty.New().SetTLSClientConfig(&tls)
-	client := gocloak.NewClient("https://keycloak.opencloud.test")
-	client.SetRestyClient(restyClient)
-	ctx := context.Background()
-	token, err := client.LoginAdmin(ctx, "kcadmin", "admin", "master")
-	if err != nil {
-		fmt.Printf("Failed to login: %s\n", err)
-		panic("Something wrong with the credentials or url")
-	}
-
-	users, err := client.GetUsers(ctx, token.AccessToken, "openCloud", gocloak.GetUsersParams{})
-	if err != nil {
-		fmt.Printf("%s\n", err)
-		panic("Oh no!, failed to list users :(")
-	}
-	for _, user := range users {
-		fmt.Printf("Setting password for user: %s\n", *user.Username)
-		err = client.SetPassword(ctx, token.AccessToken, *user.ID, "openCloud", "demo", false)
-		if err != nil {
-			fmt.Printf("Failed to set password for user %s: %s\n", *user.Username, err)
-		}
-	}
-
-}

devtools/deployments/multi-tenancy/keycloak.yml

@@ -1,55 +0,0 @@
----
-services:
-  opencloud:
-    environment:
-  postgres:
-    image: postgres:alpine
-    networks:
-      opencloud-net:
-    volumes:
-      - keycloak_postgres_data:/var/lib/postgresql/data
-    environment:
-      POSTGRES_DB: keycloak
-      POSTGRES_USER: ${KC_DB_USERNAME:-keycloak}
-      POSTGRES_PASSWORD: ${KC_DB_PASSWORD:-keycloak}
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-
-  keycloak:
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.keycloak.entrypoints=https"
-      - "traefik.http.routers.keycloak.rule=Host(`${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}`)"
-      - "traefik.http.routers.keycloak.${TRAEFIK_SERVICES_TLS_CONFIG}"
-      - "traefik.http.routers.keycloak.service=keycloak"
-      - "traefik.http.services.keycloak.loadbalancer.server.port=8080"
-    image: quay.io/keycloak/keycloak:26.4
-    networks:
-      opencloud-net:
-    command: [ "start", "--spi-connections-http-client-default-disable-trust-manager=${INSECURE:-false}", "--import-realm" ]
-    entrypoint: [ "/bin/sh", "/opt/keycloak/bin/docker-entrypoint-override.sh" ]
-    volumes:
-      - "./config/keycloak/docker-entrypoint-override.sh:/opt/keycloak/bin/docker-entrypoint-override.sh"
-      - "./config/keycloak/openCloud-realm.dist.json:/opt/keycloak/data/import-dist/openCloud-realm.json"
-      - "./config/keycloak/themes/opencloud:/opt/keycloak/themes/opencloud"
-    environment:
-      OC_DOMAIN: ${OC_DOMAIN:-cloud.opencloud.test}
-      KC_HOSTNAME: ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
-      KC_DB: postgres
-      KC_DB_URL: "jdbc:postgresql://postgres:5432/keycloak"
-      KC_DB_USERNAME: ${KC_DB_USERNAME:-keycloak}
-      KC_DB_PASSWORD: ${KC_DB_PASSWORD:-keycloak}
-      KC_FEATURES: impersonation
-      KC_PROXY_HEADERS: xforwarded
-      KC_HTTP_ENABLED: true
-      KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN:-kcadmin}
-      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD:-admin}
-    depends_on:
-      - postgres
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always
-
-volumes:
-  keycloak_postgres_data:

devtools/deployments/multi-tenancy/ldap-server.yml

@@ -1,32 +0,0 @@
----
-services:
-  ldap-server:
-    image: bitnamilegacy/openldap:2.6
-    networks:
-      opencloud-net:
-    entrypoint: [ "/bin/sh", "/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh", "/opt/bitnami/scripts/openldap/run.sh" ]
-    environment:
-      BITNAMI_DEBUG: true
-      LDAP_TLS_VERIFY_CLIENT: never
-      LDAP_ENABLE_TLS: "yes"
-      LDAP_TLS_CA_FILE: /opt/bitnami/openldap/share/openldap.crt
-      LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/share/openldap.crt
-      LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/share/openldap.key
-      LDAP_ROOT: "dc=opencloud,dc=eu"
-      LDAP_ADMIN_PASSWORD: ${LDAP_BIND_PASSWORD:-admin}
-    ports:
-      - "127.0.0.1:389:1389"
-      - "127.0.0.1:636:1636"
-    volumes:
-      # Only use the base ldif file to create the base structure
-      - ./config/ldap/ldif/10_base.ldif:/ldifs/10_base.ldif
-      # Use the custom schema from opencloud because we are in full control of the ldap server
-      - ../shared/config/ldap/schemas/10_opencloud_schema.ldif:/schemas/10_opencloud_schema.ldif
-      - ../shared/config/ldap/schemas/20_opencloud_education_schema.ldif:/schemas/20_opencloud_education_schema.ldif
-      - ./config/ldap/docker-entrypoint-override.sh:/opt/bitnami/scripts/openldap/docker-entrypoint-override.sh
-      - ${LDAP_CERTS_DIR:-ldap-certs}:/opt/bitnami/openldap/share
-      - ${LDAP_DATA_DIR:-ldap-data}:/bitnami/openldap
-
-volumes:
-  ldap-certs:
-  ldap-data:

devtools/deployments/multi-tenancy/testing/ldap-manager.yml

@@ -1,24 +0,0 @@
----
-# This file can be used to be added to the opencloud_full example
-# to browse the LDAP server with a web interface.
-# This is not a production ready setup.
-services:
-  ldap-manager:
-    image: phpldapadmin/phpldapadmin:latest
-    networks:
-      opencloud-net:
-    environment:
-      LDAP_HOST: ldap-server
-      LDAP_PORT: 1389
-      LDAP_LOGIN_OBJECTCLASS: "inetOrgPerson"
-      APP_URL: "https://${LDAP_MANAGER_DOMAIN:-ldap.opencloud.test}"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.ldap-manager.entrypoints=https"
-      - "traefik.http.routers.ldap-manager.rule=Host(`${LDAP_MANAGER_DOMAIN:-ldap.opencloud.test}`)"
-      - "traefik.http.routers.ldap-manager.${TRAEFIK_SERVICES_TLS_CONFIG}"
-      - "traefik.http.routers.ldap-manager.service=ldap-manager"
-      - "traefik.http.services.ldap-manager.loadbalancer.server.port=8080"
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always

devtools/deployments/multi-tenancy/traefik.yml

@@ -1,45 +0,0 @@
----
-services:
-  opencloud:
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.opencloud.entrypoints=https"
-      - "traefik.http.routers.opencloud.rule=Host(`${OC_DOMAIN:-cloud.opencloud.test}`)"
-      - "traefik.http.routers.opencloud.service=opencloud"
-      - "traefik.http.services.opencloud.loadbalancer.server.port=9200"
-      - "traefik.http.routers.opencloud.${TRAEFIK_SERVICES_TLS_CONFIG}"
-  traefik:
-    image: traefik:v3.3.1
-    # release notes: https://github.com/traefik/traefik/releases
-    networks:
-      opencloud-net:
-        aliases:
-          - ${OC_DOMAIN:-cloud.opencloud.test}
-          - ${KEYCLOAK_DOMAIN:-keycloak.opencloud.test}
-    entrypoint: [ "/bin/sh", "/opt/traefik/bin/docker-entrypoint-override.sh"]
-    environment:
-      - "TRAEFIK_SERVICES_TLS_CONFIG=${TRAEFIK_SERVICES_TLS_CONFIG:-tls.certresolver=letsencrypt}"
-      - "TRAEFIK_ACME_MAIL=${TRAEFIK_ACME_MAIL:-example@example.org}"
-      - "TRAEFIK_ACME_CASERVER=${TRAEFIK_ACME_CASERVER:-https://acme-v02.api.letsencrypt.org/directory}"
-      - "TRAEFIK_LOG_LEVEL=${TRAEFIK_LOG_LEVEL:-ERROR}"
-      - "TRAEFIK_ACCESS_LOG=${TRAEFIK_ACCESS_LOG:-false}"
-    ports:
-      - "80:80"
-      - "443:443"
-    volumes:
-      - "${DOCKER_SOCKET_PATH:-/var/run/docker.sock}:/var/run/docker.sock:ro"
-      - "./config/traefik/docker-entrypoint-override.sh:/opt/traefik/bin/docker-entrypoint-override.sh"
-      - "${TRAEFIK_CERTS_DIR:-./certs}:/certs"
-      - "./config/traefik/dynamic:/etc/traefik/dynamic"
-    labels:
-      - "traefik.enable=${TRAEFIK_DASHBOARD:-false}"
-      # defaults to admin:admin
-      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_BASIC_AUTH_USERS:-admin:$$apr1$$4vqie50r$$YQAmQdtmz5n9rEALhxJ4l.}"
-      - "traefik.http.routers.traefik.entrypoints=https"
-      - "traefik.http.routers.traefik.rule=Host(`${TRAEFIK_DOMAIN:-traefik.opencloud.test}`)"
-      - "traefik.http.routers.traefik.middlewares=traefik-auth"
-      - "traefik.http.routers.traefik.${TRAEFIK_SERVICES_TLS_CONFIG}"
-      - "traefik.http.routers.traefik.service=api@internal"
-    logging:
-      driver: ${LOG_DRIVER:-local}
-    restart: always

pkg/tracing/tracing.go

@@ -15,7 +15,7 @@ import (
 	"go.opentelemetry.io/otel/propagation"
 	"go.opentelemetry.io/otel/sdk/resource"
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
-	semconv "go.opentelemetry.io/otel/semconv/v1.4.0"
+	semconv "go.opentelemetry.io/otel/semconv/v1.37.0"
 	"go.opentelemetry.io/otel/trace"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials/insecure"

services/graph/pkg/identity/ldap.go

@@ -497,7 +497,7 @@ func (i *LDAP) searchLDAPEntryByFilter(basedn string, attrs []string, filter str
 	return res.Entries[0], nil
 }
 
-func filterEscapeUUID(binary bool, id string) (string, error) {
+func filterEscapeAttribute(attribute string, binary bool, id string) (string, error) {
 	var escaped string
 	if binary {
 		pid, err := uuid.Parse(id)
@@ -505,17 +505,44 @@ func filterEscapeUUID(binary bool, id string) (string, error) {
 			err := fmt.Errorf("error parsing id '%s' as UUID: %w", id, err)
 			return "", err
 		}
-		for _, b := range pid {
-			escaped = fmt.Sprintf("%s\\%02x", escaped, b)
-		}
+		escaped = filterEscapeBinaryUUID(attribute, pid)
 	} else {
 		escaped = ldap.EscapeFilter(id)
 	}
 	return escaped, nil
 }
 
+// swapObjectGUIDBytes converts between AD's mixed-endian objectGUID format and standard UUID byte order
+func swapObjectGUIDBytes(value []byte) []byte {
+	if len(value) != 16 {
+		return value
+	}
+	return []byte{
+		value[3], value[2], value[1], value[0], // First component (4 bytes) - reverse
+		value[5], value[4], // Second component (2 bytes) - reverse
+		value[7], value[6], // Third component (2 bytes) - reverse
+		value[8], value[9], value[10], value[11], value[12], value[13], value[14], value[15], // Last 8 bytes - keep as-is
+	}
+}
+
+func filterEscapeBinaryUUID(attribute string, value uuid.UUID) string {
+	bytes := value[:]
+
+	// AD stores objectGUID with mixed endianness 🤪 - swap first 3 components
+	if strings.EqualFold(attribute, "objectguid") {
+		bytes = swapObjectGUIDBytes(bytes)
+	}
+
+	var filtered strings.Builder
+	filtered.Grow(len(bytes) * 3) // Pre-allocate: each byte becomes "\xx"
+	for _, b := range bytes {
+		fmt.Fprintf(&filtered, "\\%02x", b)
+	}
+	return filtered.String()
+}
+
 func (i *LDAP) getLDAPUserByID(id string) (*ldap.Entry, error) {
-	idString, err := filterEscapeUUID(i.userIDisOctetString, id)
+	idString, err := filterEscapeAttribute(i.userAttributeMap.id, i.userIDisOctetString, id)
 	if err != nil {
 		return nil, fmt.Errorf("invalid User id: %w", err)
 	}
@@ -524,7 +551,7 @@ func (i *LDAP) getLDAPUserByID(id string) (*ldap.Entry, error) {
 }
 
 func (i *LDAP) getLDAPUserByNameOrID(nameOrID string) (*ldap.Entry, error) {
-	idString, err := filterEscapeUUID(i.userIDisOctetString, nameOrID)
+	idString, err := filterEscapeAttribute(i.userAttributeMap.id, i.userIDisOctetString, nameOrID)
 	// err != nil just means that this is not an uuid, so we can skip the uuid filter part
 	// and just filter by name
 	var filter string
@@ -812,16 +839,25 @@ func (i *LDAP) updateUserPassword(ctx context.Context, dn, password string) erro
 	return err
 }
 
-func (i *LDAP) ldapUUIDtoString(e *ldap.Entry, attrType string, binary bool) (string, error) {
+func (i *LDAP) ldapUUIDtoString(e *ldap.Entry, attribute string, binary bool) (string, error) {
 	if binary {
-		rawValue := e.GetEqualFoldRawAttributeValue(attrType)
-		value, err := uuid.FromBytes(rawValue)
-		if err == nil {
-			return value.String(), nil
+		value := e.GetEqualFoldRawAttributeValue(attribute)
+
+		if len(value) != 16 {
+			return "", fmt.Errorf("invalid UUID in '%s' attribute (got %d bytes)", attribute, len(value))
 		}
-		return "", err
+
+		// AD stores objectGUID with mixed endianness 🤪 - swap first 3 components
+		if strings.EqualFold(attribute, "objectguid") {
+			value = swapObjectGUIDBytes(value)
+		}
+		id, err := uuid.FromBytes(value)
+		if err != nil {
+			return "", fmt.Errorf("error parsing UUID from '%s' attribute bytes: %w", attribute, err)
+		}
+		return id.String(), nil
 	}
-	return e.GetEqualFoldAttributeValue(attrType), nil
+	return e.GetEqualFoldAttributeValue(attribute), nil
 }
 
 func (i *LDAP) createUserModelFromLDAP(e *ldap.Entry) *libregraph.User {

services/graph/pkg/identity/ldap_group.go

@@ -455,7 +455,7 @@ func (i *LDAP) groupToLDAPAttrValues(group libregraph.Group) (map[string][]strin
 }
 
 func (i *LDAP) getLDAPGroupByID(id string, requestMembers bool) (*ldap.Entry, error) {
-	idString, err := filterEscapeUUID(i.groupIDisOctetString, id)
+	idString, err := filterEscapeAttribute(i.groupAttributeMap.id, i.groupIDisOctetString, id)
 	if err != nil {
 		return nil, fmt.Errorf("invalid group id: %w", err)
 	}
@@ -464,7 +464,7 @@ func (i *LDAP) getLDAPGroupByID(id string, requestMembers bool) (*ldap.Entry, er
 }
 
 func (i *LDAP) getLDAPGroupByNameOrID(nameOrID string, requestMembers bool) (*ldap.Entry, error) {
-	idString, err := filterEscapeUUID(i.groupIDisOctetString, nameOrID)
+	idString, err := filterEscapeAttribute(i.groupAttributeMap.id, i.groupIDisOctetString, nameOrID)
 	// err != nil just means that this is not an uuid, so we can skip the uuid filter part
 	// and just filter by name
 	filter := ""

services/graph/pkg/identity/ldap_test.go

@@ -2,6 +2,7 @@ package identity
 
 import (
 	"context"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"net/url"
@@ -9,10 +10,10 @@ import (
 
 	"github.com/CiscoM31/godata"
 	"github.com/go-ldap/ldap/v3"
+	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/opencloud-eu/opencloud/pkg/log"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/config"
 	"github.com/opencloud-eu/opencloud/services/graph/pkg/identity/mocks"
-	libregraph "github.com/opencloud-eu/libre-graph-api-go"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/mock"
 )
@@ -63,6 +64,33 @@ var userEntry = ldap.NewEntry("uid=user",
 		"usertypeattribute":    {"Member"},
 	})
 
+var lconfigAD = config.LDAP{
+	UserBaseDN:               "ou=users,dc=test",
+	UserObjectClass:          "user",
+	UserSearchScope:          "sub",
+	UserFilter:               "",
+	UserDisplayNameAttribute: "displayname",
+	UserIDAttribute:          "objectGUID",
+	UserIDIsOctetString:      true,
+	UserEmailAttribute:       "mail",
+	UserNameAttribute:        "uid",
+	UserEnabledAttribute:     "userEnabledAttribute",
+	UserTypeAttribute:        "userTypeAttribute",
+	LdapDisabledUsersGroupDN: disableUsersGroup,
+	DisableUserMechanism:     "attribute",
+
+	GroupBaseDN:          "ou=groups,dc=test",
+	GroupObjectClass:     "group",
+	GroupSearchScope:     "sub",
+	GroupFilter:          "",
+	GroupNameAttribute:   "cn",
+	GroupMemberAttribute: "member",
+	GroupIDAttribute:     "objectGUID",
+	GroupIDIsOctetString: true,
+
+	WriteEnabled: true,
+}
+
 var invalidUserEntry = ldap.NewEntry("uid=user",
 	map[string][]string{
 		"uid":         {"invalid"},
@@ -260,6 +288,50 @@ func TestGetUser(t *testing.T) {
 	assert.ErrorContains(t, err, "itemNotFound:")
 }
 
+func TestGetUserAD(t *testing.T) {
+
+	// we have to simulate ldap / AD returning a binary encoded objectguid
+	byteID, err := base64.StdEncoding.DecodeString("js8n0m6YBUqIYK8ZMFYnig==")
+	if err != nil {
+		t.Error(err)
+	}
+	userEntryAD := ldap.NewEntry("uid=user",
+		map[string][]string{
+			"uid":                  {"user"},
+			"displayname":          {"DisplayName"},
+			"mail":                 {"user@example"},
+			"objectguid":           {string(byteID)}, // ugly but works
+			"sn":                   {"surname"},
+			"givenname":            {"givenName"},
+			"userenabledattribute": {"TRUE"},
+			"usertypeattribute":    {"Member"},
+		})
+
+	// Mock a valid Search Result
+	lm := &mocks.Client{}
+	lm.On("Search", mock.Anything).
+		Return(
+			&ldap.SearchResult{
+				Entries: []*ldap.Entry{userEntryAD},
+			},
+			nil)
+
+	odataReqDefault, err := godata.ParseRequest(context.Background(), "",
+		url.Values{})
+	if err != nil {
+		t.Errorf("Expected success got '%s'", err.Error())
+	}
+
+	b, _ := getMockedBackend(lm, lconfigAD, &logger)
+	u, err := b.GetUser(context.Background(), "user", odataReqDefault)
+	if err != nil {
+		t.Errorf("Expected GetUser to succeed. Got %s", err.Error())
+	} else if *u.Id != "d227cf8e-986e-4a05-8860-af193056278a" { // this checks if we decoded the objectguid correctly
+		t.Errorf("Expected GetUser to return a valid user")
+	}
+
+}
+
 func TestGetUsers(t *testing.T) {
 	// Mock a Sizelimit Error
 	lm := &mocks.Client{}

services/web/Makefile

@@ -1,6 +1,6 @@
 SHELL := bash
 NAME := web
-WEB_ASSETS_VERSION = v4.2.1-alpha.1
+WEB_ASSETS_VERSION = v4.2.1-rc.1
 WEB_ASSETS_BRANCH = main
 
 ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI

vendor/go.opentelemetry.io/otel/semconv/internal/http.go

@@ -1,338 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-// Package internal provides common semconv functionality.
-package internal // import "go.opentelemetry.io/otel/semconv/internal"
-
-import (
-	"fmt"
-	"net"
-	"net/http"
-	"strconv"
-	"strings"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/trace"
-)
-
-// SemanticConventions are the semantic convention values defined for a
-// version of the OpenTelemetry specification.
-type SemanticConventions struct {
-	EnduserIDKey                attribute.Key
-	HTTPClientIPKey             attribute.Key
-	HTTPFlavorKey               attribute.Key
-	HTTPHostKey                 attribute.Key
-	HTTPMethodKey               attribute.Key
-	HTTPRequestContentLengthKey attribute.Key
-	HTTPRouteKey                attribute.Key
-	HTTPSchemeHTTP              attribute.KeyValue
-	HTTPSchemeHTTPS             attribute.KeyValue
-	HTTPServerNameKey           attribute.Key
-	HTTPStatusCodeKey           attribute.Key
-	HTTPTargetKey               attribute.Key
-	HTTPURLKey                  attribute.Key
-	HTTPUserAgentKey            attribute.Key
-	NetHostIPKey                attribute.Key
-	NetHostNameKey              attribute.Key
-	NetHostPortKey              attribute.Key
-	NetPeerIPKey                attribute.Key
-	NetPeerNameKey              attribute.Key
-	NetPeerPortKey              attribute.Key
-	NetTransportIP              attribute.KeyValue
-	NetTransportOther           attribute.KeyValue
-	NetTransportTCP             attribute.KeyValue
-	NetTransportUDP             attribute.KeyValue
-	NetTransportUnix            attribute.KeyValue
-}
-
-// NetAttributesFromHTTPRequest generates attributes of the net
-// namespace as specified by the OpenTelemetry specification for a
-// span.  The network parameter is a string that net.Dial function
-// from standard library can understand.
-func (sc *SemanticConventions) NetAttributesFromHTTPRequest(
-	network string,
-	request *http.Request,
-) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-
-	switch network {
-	case "tcp", "tcp4", "tcp6":
-		attrs = append(attrs, sc.NetTransportTCP)
-	case "udp", "udp4", "udp6":
-		attrs = append(attrs, sc.NetTransportUDP)
-	case "ip", "ip4", "ip6":
-		attrs = append(attrs, sc.NetTransportIP)
-	case "unix", "unixgram", "unixpacket":
-		attrs = append(attrs, sc.NetTransportUnix)
-	default:
-		attrs = append(attrs, sc.NetTransportOther)
-	}
-
-	peerIP, peerName, peerPort := hostIPNamePort(request.RemoteAddr)
-	if peerIP != "" {
-		attrs = append(attrs, sc.NetPeerIPKey.String(peerIP))
-	}
-	if peerName != "" {
-		attrs = append(attrs, sc.NetPeerNameKey.String(peerName))
-	}
-	if peerPort != 0 {
-		attrs = append(attrs, sc.NetPeerPortKey.Int(peerPort))
-	}
-
-	hostIP, hostName, hostPort := "", "", 0
-	for _, someHost := range []string{request.Host, request.Header.Get("Host"), request.URL.Host} {
-		hostIP, hostName, hostPort = hostIPNamePort(someHost)
-		if hostIP != "" || hostName != "" || hostPort != 0 {
-			break
-		}
-	}
-	if hostIP != "" {
-		attrs = append(attrs, sc.NetHostIPKey.String(hostIP))
-	}
-	if hostName != "" {
-		attrs = append(attrs, sc.NetHostNameKey.String(hostName))
-	}
-	if hostPort != 0 {
-		attrs = append(attrs, sc.NetHostPortKey.Int(hostPort))
-	}
-
-	return attrs
-}
-
-// hostIPNamePort extracts the IP address, name and (optional) port from hostWithPort.
-// It handles both IPv4 and IPv6 addresses. If the host portion is not recognized
-// as a valid IPv4 or IPv6 address, the `ip` result will be empty and the
-// host portion will instead be returned in `name`.
-func hostIPNamePort(hostWithPort string) (ip, name string, port int) {
-	var (
-		hostPart, portPart string
-		parsedPort         uint64
-		err                error
-	)
-	if hostPart, portPart, err = net.SplitHostPort(hostWithPort); err != nil {
-		hostPart, portPart = hostWithPort, ""
-	}
-	if parsedIP := net.ParseIP(hostPart); parsedIP != nil {
-		ip = parsedIP.String()
-	} else {
-		name = hostPart
-	}
-	if parsedPort, err = strconv.ParseUint(portPart, 10, 16); err == nil {
-		port = int(parsedPort) // nolint: gosec  // Bit size of 16 checked above.
-	}
-	return
-}
-
-// EndUserAttributesFromHTTPRequest generates attributes of the
-// enduser namespace as specified by the OpenTelemetry specification
-// for a span.
-func (sc *SemanticConventions) EndUserAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	if username, _, ok := request.BasicAuth(); ok {
-		return []attribute.KeyValue{sc.EnduserIDKey.String(username)}
-	}
-	return nil
-}
-
-// HTTPClientAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the client side.
-func (sc *SemanticConventions) HTTPClientAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-
-	// remove any username/password info that may be in the URL
-	// before adding it to the attributes
-	userinfo := request.URL.User
-	request.URL.User = nil
-
-	attrs = append(attrs, sc.HTTPURLKey.String(request.URL.String()))
-
-	// restore any username/password info that was removed
-	request.URL.User = userinfo
-
-	return append(attrs, sc.httpCommonAttributesFromHTTPRequest(request)...)
-}
-
-func (sc *SemanticConventions) httpCommonAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-	if ua := request.UserAgent(); ua != "" {
-		attrs = append(attrs, sc.HTTPUserAgentKey.String(ua))
-	}
-	if request.ContentLength > 0 {
-		attrs = append(attrs, sc.HTTPRequestContentLengthKey.Int64(request.ContentLength))
-	}
-
-	return append(attrs, sc.httpBasicAttributesFromHTTPRequest(request)...)
-}
-
-func (sc *SemanticConventions) httpBasicAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	// as these attributes are used by HTTPServerMetricAttributesFromHTTPRequest, they should be low-cardinality
-	attrs := []attribute.KeyValue{}
-
-	if request.TLS != nil {
-		attrs = append(attrs, sc.HTTPSchemeHTTPS)
-	} else {
-		attrs = append(attrs, sc.HTTPSchemeHTTP)
-	}
-
-	if request.Host != "" {
-		attrs = append(attrs, sc.HTTPHostKey.String(request.Host))
-	} else if request.URL != nil && request.URL.Host != "" {
-		attrs = append(attrs, sc.HTTPHostKey.String(request.URL.Host))
-	}
-
-	flavor := ""
-	switch request.ProtoMajor {
-	case 1:
-		flavor = fmt.Sprintf("1.%d", request.ProtoMinor)
-	case 2:
-		flavor = "2"
-	}
-	if flavor != "" {
-		attrs = append(attrs, sc.HTTPFlavorKey.String(flavor))
-	}
-
-	if request.Method != "" {
-		attrs = append(attrs, sc.HTTPMethodKey.String(request.Method))
-	} else {
-		attrs = append(attrs, sc.HTTPMethodKey.String(http.MethodGet))
-	}
-
-	return attrs
-}
-
-// HTTPServerMetricAttributesFromHTTPRequest generates low-cardinality attributes
-// to be used with server-side HTTP metrics.
-func (sc *SemanticConventions) HTTPServerMetricAttributesFromHTTPRequest(
-	serverName string,
-	request *http.Request,
-) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{}
-	if serverName != "" {
-		attrs = append(attrs, sc.HTTPServerNameKey.String(serverName))
-	}
-	return append(attrs, sc.httpBasicAttributesFromHTTPRequest(request)...)
-}
-
-// HTTPServerAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the server side. Currently, only basic authentication is
-// supported.
-func (sc *SemanticConventions) HTTPServerAttributesFromHTTPRequest(
-	serverName, route string,
-	request *http.Request,
-) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{
-		sc.HTTPTargetKey.String(request.RequestURI),
-	}
-
-	if serverName != "" {
-		attrs = append(attrs, sc.HTTPServerNameKey.String(serverName))
-	}
-	if route != "" {
-		attrs = append(attrs, sc.HTTPRouteKey.String(route))
-	}
-	if values := request.Header["X-Forwarded-For"]; len(values) > 0 {
-		addr := values[0]
-		if i := strings.Index(addr, ","); i > 0 {
-			addr = addr[:i]
-		}
-		attrs = append(attrs, sc.HTTPClientIPKey.String(addr))
-	}
-
-	return append(attrs, sc.httpCommonAttributesFromHTTPRequest(request)...)
-}
-
-// HTTPAttributesFromHTTPStatusCode generates attributes of the http
-// namespace as specified by the OpenTelemetry specification for a
-// span.
-func (sc *SemanticConventions) HTTPAttributesFromHTTPStatusCode(code int) []attribute.KeyValue {
-	attrs := []attribute.KeyValue{
-		sc.HTTPStatusCodeKey.Int(code),
-	}
-	return attrs
-}
-
-type codeRange struct {
-	fromInclusive int
-	toInclusive   int
-}
-
-func (r codeRange) contains(code int) bool {
-	return r.fromInclusive <= code && code <= r.toInclusive
-}
-
-var validRangesPerCategory = map[int][]codeRange{
-	1: {
-		{http.StatusContinue, http.StatusEarlyHints},
-	},
-	2: {
-		{http.StatusOK, http.StatusAlreadyReported},
-		{http.StatusIMUsed, http.StatusIMUsed},
-	},
-	3: {
-		{http.StatusMultipleChoices, http.StatusUseProxy},
-		{http.StatusTemporaryRedirect, http.StatusPermanentRedirect},
-	},
-	4: {
-		{http.StatusBadRequest, http.StatusTeapot}, // yes, teapot is so useful…
-		{http.StatusMisdirectedRequest, http.StatusUpgradeRequired},
-		{http.StatusPreconditionRequired, http.StatusTooManyRequests},
-		{http.StatusRequestHeaderFieldsTooLarge, http.StatusRequestHeaderFieldsTooLarge},
-		{http.StatusUnavailableForLegalReasons, http.StatusUnavailableForLegalReasons},
-	},
-	5: {
-		{http.StatusInternalServerError, http.StatusLoopDetected},
-		{http.StatusNotExtended, http.StatusNetworkAuthenticationRequired},
-	},
-}
-
-// SpanStatusFromHTTPStatusCode generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-func SpanStatusFromHTTPStatusCode(code int) (codes.Code, string) {
-	spanCode, valid := validateHTTPStatusCode(code)
-	if !valid {
-		return spanCode, fmt.Sprintf("Invalid HTTP status code %d", code)
-	}
-	return spanCode, ""
-}
-
-// SpanStatusFromHTTPStatusCodeAndSpanKind generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-// Exclude 4xx for SERVER to set the appropriate status.
-func SpanStatusFromHTTPStatusCodeAndSpanKind(code int, spanKind trace.SpanKind) (codes.Code, string) {
-	spanCode, valid := validateHTTPStatusCode(code)
-	if !valid {
-		return spanCode, fmt.Sprintf("Invalid HTTP status code %d", code)
-	}
-	category := code / 100
-	if spanKind == trace.SpanKindServer && category == 4 {
-		return codes.Unset, ""
-	}
-	return spanCode, ""
-}
-
-// validateHTTPStatusCode validates the HTTP status code and returns
-// corresponding span status code. If the `code` is not a valid HTTP status
-// code, returns span status Error and false.
-func validateHTTPStatusCode(code int) (codes.Code, bool) {
-	category := code / 100
-	ranges, ok := validRangesPerCategory[category]
-	if !ok {
-		return codes.Error, false
-	}
-	ok = false
-	for _, crange := range ranges {
-		ok = crange.contains(code)
-		if ok {
-			break
-		}
-	}
-	if !ok {
-		return codes.Error, false
-	}
-	if category > 0 && category < 4 {
-		return codes.Unset, true
-	}
-	return codes.Error, true
-}

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/README.md

@@ -1,3 +0,0 @@
-# Semconv v1.4.0
-
-[![PkgGoDev](https://pkg.go.dev/badge/go.opentelemetry.io/otel/semconv/v1.4.0)](https://pkg.go.dev/go.opentelemetry.io/otel/semconv/v1.4.0)

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/doc.go

@@ -1,9 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-// Package semconv implements OpenTelemetry semantic conventions.
-//
-// OpenTelemetry semantic conventions are agreed standardized naming
-// patterns for OpenTelemetry things. This package represents the conventions
-// as of the v1.4.0 version of the OpenTelemetry specification.
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.4.0"

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/exception.go

@@ -1,9 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.4.0"
-
-const (
-	// ExceptionEventName is the name of the Span event representing an exception.
-	ExceptionEventName = "exception"
-)

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/http.go

@@ -1,103 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.4.0"
-
-import (
-	"net/http"
-
-	"go.opentelemetry.io/otel/attribute"
-	"go.opentelemetry.io/otel/codes"
-	"go.opentelemetry.io/otel/semconv/internal"
-	"go.opentelemetry.io/otel/trace"
-)
-
-// HTTP scheme attributes.
-var (
-	HTTPSchemeHTTP  = HTTPSchemeKey.String("http")
-	HTTPSchemeHTTPS = HTTPSchemeKey.String("https")
-)
-
-var sc = &internal.SemanticConventions{
-	EnduserIDKey:                EnduserIDKey,
-	HTTPClientIPKey:             HTTPClientIPKey,
-	HTTPFlavorKey:               HTTPFlavorKey,
-	HTTPHostKey:                 HTTPHostKey,
-	HTTPMethodKey:               HTTPMethodKey,
-	HTTPRequestContentLengthKey: HTTPRequestContentLengthKey,
-	HTTPRouteKey:                HTTPRouteKey,
-	HTTPSchemeHTTP:              HTTPSchemeHTTP,
-	HTTPSchemeHTTPS:             HTTPSchemeHTTPS,
-	HTTPServerNameKey:           HTTPServerNameKey,
-	HTTPStatusCodeKey:           HTTPStatusCodeKey,
-	HTTPTargetKey:               HTTPTargetKey,
-	HTTPURLKey:                  HTTPURLKey,
-	HTTPUserAgentKey:            HTTPUserAgentKey,
-	NetHostIPKey:                NetHostIPKey,
-	NetHostNameKey:              NetHostNameKey,
-	NetHostPortKey:              NetHostPortKey,
-	NetPeerIPKey:                NetPeerIPKey,
-	NetPeerNameKey:              NetPeerNameKey,
-	NetPeerPortKey:              NetPeerPortKey,
-	NetTransportIP:              NetTransportIP,
-	NetTransportOther:           NetTransportOther,
-	NetTransportTCP:             NetTransportTCP,
-	NetTransportUDP:             NetTransportUDP,
-	NetTransportUnix:            NetTransportUnix,
-}
-
-// NetAttributesFromHTTPRequest generates attributes of the net
-// namespace as specified by the OpenTelemetry specification for a
-// span.  The network parameter is a string that net.Dial function
-// from standard library can understand.
-func NetAttributesFromHTTPRequest(network string, request *http.Request) []attribute.KeyValue {
-	return sc.NetAttributesFromHTTPRequest(network, request)
-}
-
-// EndUserAttributesFromHTTPRequest generates attributes of the
-// enduser namespace as specified by the OpenTelemetry specification
-// for a span.
-func EndUserAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	return sc.EndUserAttributesFromHTTPRequest(request)
-}
-
-// HTTPClientAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the client side.
-func HTTPClientAttributesFromHTTPRequest(request *http.Request) []attribute.KeyValue {
-	return sc.HTTPClientAttributesFromHTTPRequest(request)
-}
-
-// HTTPServerMetricAttributesFromHTTPRequest generates low-cardinality attributes
-// to be used with server-side HTTP metrics.
-func HTTPServerMetricAttributesFromHTTPRequest(serverName string, request *http.Request) []attribute.KeyValue {
-	return sc.HTTPServerMetricAttributesFromHTTPRequest(serverName, request)
-}
-
-// HTTPServerAttributesFromHTTPRequest generates attributes of the
-// http namespace as specified by the OpenTelemetry specification for
-// a span on the server side. Currently, only basic authentication is
-// supported.
-func HTTPServerAttributesFromHTTPRequest(serverName, route string, request *http.Request) []attribute.KeyValue {
-	return sc.HTTPServerAttributesFromHTTPRequest(serverName, route, request)
-}
-
-// HTTPAttributesFromHTTPStatusCode generates attributes of the http
-// namespace as specified by the OpenTelemetry specification for a
-// span.
-func HTTPAttributesFromHTTPStatusCode(code int) []attribute.KeyValue {
-	return sc.HTTPAttributesFromHTTPStatusCode(code)
-}
-
-// SpanStatusFromHTTPStatusCode generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-func SpanStatusFromHTTPStatusCode(code int) (codes.Code, string) {
-	return internal.SpanStatusFromHTTPStatusCode(code)
-}
-
-// SpanStatusFromHTTPStatusCodeAndSpanKind generates a status code and a message
-// as specified by the OpenTelemetry specification for a span.
-// Exclude 4xx for SERVER to set the appropriate status.
-func SpanStatusFromHTTPStatusCodeAndSpanKind(code int, spanKind trace.SpanKind) (codes.Code, string) {
-	return internal.SpanStatusFromHTTPStatusCodeAndSpanKind(code, spanKind)
-}

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/resource.go

@@ -1,895 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-// Code generated from semantic convention specification. DO NOT EDIT.
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.4.0"
-
-import "go.opentelemetry.io/otel/attribute"
-
-// A cloud environment (e.g. GCP, Azure, AWS)
-const (
-	// Name of the cloud provider.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Examples: 'gcp'
-	CloudProviderKey = attribute.Key("cloud.provider")
-	// The cloud account ID the resource is assigned to.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '111111111111', 'opentelemetry'
-	CloudAccountIDKey = attribute.Key("cloud.account.id")
-	// The geographical region the resource is running. Refer to your provider's docs
-	// to see the available regions, for example [AWS
-	// regions](https://aws.amazon.com/about-aws/global-infrastructure/regions_az/),
-	// [Azure regions](https://azure.microsoft.com/en-us/global-
-	// infrastructure/geographies/), or [Google Cloud
-	// regions](https://cloud.google.com/about/locations).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'us-central1', 'us-east-1'
-	CloudRegionKey = attribute.Key("cloud.region")
-	// Cloud regions often have multiple, isolated locations known as zones to
-	// increase availability. Availability zone represents the zone where the resource
-	// is running.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'us-east-1c'
-	// Note: Availability zones are called "zones" on Google Cloud.
-	CloudAvailabilityZoneKey = attribute.Key("cloud.availability_zone")
-	// The cloud platform in use.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Examples: 'aws_ec2', 'azure_vm', 'gcp_compute_engine'
-	// Note: The prefix of the service SHOULD match the one specified in
-	// `cloud.provider`.
-	CloudPlatformKey = attribute.Key("cloud.platform")
-)
-
-var (
-	// Amazon Web Services
-	CloudProviderAWS = CloudProviderKey.String("aws")
-	// Microsoft Azure
-	CloudProviderAzure = CloudProviderKey.String("azure")
-	// Google Cloud Platform
-	CloudProviderGCP = CloudProviderKey.String("gcp")
-)
-
-var (
-	// AWS Elastic Compute Cloud
-	CloudPlatformAWSEC2 = CloudPlatformKey.String("aws_ec2")
-	// AWS Elastic Container Service
-	CloudPlatformAWSECS = CloudPlatformKey.String("aws_ecs")
-	// AWS Elastic Kubernetes Service
-	CloudPlatformAWSEKS = CloudPlatformKey.String("aws_eks")
-	// AWS Lambda
-	CloudPlatformAWSLambda = CloudPlatformKey.String("aws_lambda")
-	// AWS Elastic Beanstalk
-	CloudPlatformAWSElasticBeanstalk = CloudPlatformKey.String("aws_elastic_beanstalk")
-	// Azure Virtual Machines
-	CloudPlatformAzureVM = CloudPlatformKey.String("azure_vm")
-	// Azure Container Instances
-	CloudPlatformAzureContainerInstances = CloudPlatformKey.String("azure_container_instances")
-	// Azure Kubernetes Service
-	CloudPlatformAzureAKS = CloudPlatformKey.String("azure_aks")
-	// Azure Functions
-	CloudPlatformAzureFunctions = CloudPlatformKey.String("azure_functions")
-	// Azure App Service
-	CloudPlatformAzureAppService = CloudPlatformKey.String("azure_app_service")
-	// Google Cloud Compute Engine (GCE)
-	CloudPlatformGCPComputeEngine = CloudPlatformKey.String("gcp_compute_engine")
-	// Google Cloud Run
-	CloudPlatformGCPCloudRun = CloudPlatformKey.String("gcp_cloud_run")
-	// Google Cloud Kubernetes Engine (GKE)
-	CloudPlatformGCPKubernetesEngine = CloudPlatformKey.String("gcp_kubernetes_engine")
-	// Google Cloud Functions (GCF)
-	CloudPlatformGCPCloudFunctions = CloudPlatformKey.String("gcp_cloud_functions")
-	// Google Cloud App Engine (GAE)
-	CloudPlatformGCPAppEngine = CloudPlatformKey.String("gcp_app_engine")
-)
-
-// Resources used by AWS Elastic Container Service (ECS).
-const (
-	// The Amazon Resource Name (ARN) of an [ECS container instance](https://docs.aws.
-	// amazon.com/AmazonECS/latest/developerguide/ECS_instances.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-
-	// west-1:123456789123:container/32624152-9086-4f0e-acae-1a75b14fe4d9'
-	AWSECSContainerARNKey = attribute.Key("aws.ecs.container.arn")
-	// The ARN of an [ECS cluster](https://docs.aws.amazon.com/AmazonECS/latest/develo
-	// perguide/clusters.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSECSClusterARNKey = attribute.Key("aws.ecs.cluster.arn")
-	// The [launch type](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/l
-	// aunch_types.html) for an ECS task.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	// Examples: 'ec2', 'fargate'
-	AWSECSLaunchtypeKey = attribute.Key("aws.ecs.launchtype")
-	// The ARN of an [ECS task definition](https://docs.aws.amazon.com/AmazonECS/lates
-	// t/developerguide/task_definitions.html).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-
-	// west-1:123456789123:task/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSECSTaskARNKey = attribute.Key("aws.ecs.task.arn")
-	// The task definition family this task definition is a member of.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-family'
-	AWSECSTaskFamilyKey = attribute.Key("aws.ecs.task.family")
-	// The revision for this task definition.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '8', '26'
-	AWSECSTaskRevisionKey = attribute.Key("aws.ecs.task.revision")
-)
-
-var (
-	// ec2
-	AWSECSLaunchtypeEC2 = AWSECSLaunchtypeKey.String("ec2")
-	// fargate
-	AWSECSLaunchtypeFargate = AWSECSLaunchtypeKey.String("fargate")
-)
-
-// Resources used by AWS Elastic Kubernetes Service (EKS).
-const (
-	// The ARN of an EKS cluster.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:ecs:us-west-2:123456789123:cluster/my-cluster'
-	AWSEKSClusterARNKey = attribute.Key("aws.eks.cluster.arn")
-)
-
-// Resources specific to Amazon Web Services.
-const (
-	// The name(s) of the AWS log group(s) an application is writing to.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: '/aws/lambda/my-function', 'opentelemetry-service'
-	// Note: Multiple log groups must be supported for cases like multi-container
-	// applications, where a single application has sidecar containers, and each write
-	// to their own log group.
-	AWSLogGroupNamesKey = attribute.Key("aws.log.group.names")
-	// The Amazon Resource Name(s) (ARN) of the AWS log group(s).
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:*'
-	// Note: See the [log group ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-
-	// access-control-overview-cwl.html#CWL_ARN_Format).
-	AWSLogGroupARNsKey = attribute.Key("aws.log.group.arns")
-	// The name(s) of the AWS log stream(s) an application is writing to.
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	AWSLogStreamNamesKey = attribute.Key("aws.log.stream.names")
-	// The ARN(s) of the AWS log stream(s).
-	//
-	// Type: string[]
-	// Required: No
-	// Stability: stable
-	// Examples: 'arn:aws:logs:us-west-1:123456789012:log-group:/aws/my/group:log-
-	// stream:logs/main/10838bed-421f-43ef-870a-f43feacbbb5b'
-	// Note: See the [log stream ARN format
-	// documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/iam-
-	// access-control-overview-cwl.html#CWL_ARN_Format). One log group can contain
-	// several log streams, so these ARNs necessarily identify both a log group and a
-	// log stream.
-	AWSLogStreamARNsKey = attribute.Key("aws.log.stream.arns")
-)
-
-// A container instance.
-const (
-	// Container name.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-autoconf'
-	ContainerNameKey = attribute.Key("container.name")
-	// Container ID. Usually a UUID, as for example used to [identify Docker
-	// containers](https://docs.docker.com/engine/reference/run/#container-
-	// identification). The UUID might be abbreviated.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'a3bf90e006b2'
-	ContainerIDKey = attribute.Key("container.id")
-	// The container runtime managing this container.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'docker', 'containerd', 'rkt'
-	ContainerRuntimeKey = attribute.Key("container.runtime")
-	// Name of the image the container was built on.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'gcr.io/opentelemetry/operator'
-	ContainerImageNameKey = attribute.Key("container.image.name")
-	// Container image tag.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0.1'
-	ContainerImageTagKey = attribute.Key("container.image.tag")
-)
-
-// The software deployment.
-const (
-	// Name of the [deployment
-	// environment](https://en.wikipedia.org/wiki/Deployment_environment) (aka
-	// deployment tier).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'staging', 'production'
-	DeploymentEnvironmentKey = attribute.Key("deployment.environment")
-)
-
-// The device on which the process represented by this resource is running.
-const (
-	// A unique identifier representing the device
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2ab2916d-a51f-4ac8-80ee-45ac31a28092'
-	// Note: The device identifier MUST only be defined using the values outlined
-	// below. This value is not an advertising identifier and MUST NOT be used as
-	// such. On iOS (Swift or Objective-C), this value MUST be equal to the [vendor id
-	// entifier](https://developer.apple.com/documentation/uikit/uidevice/1620059-iden
-	// tifierforvendor). On Android (Java or Kotlin), this value MUST be equal to the
-	// Firebase Installation ID or a globally unique UUID which is persisted across
-	// sessions in your application. More information can be found
-	// [here](https://developer.android.com/training/articles/user-data-ids) on best
-	// practices and exact implementation details. Caution should be taken when
-	// storing personal data or anything which can identify a user. GDPR and data
-	// protection laws may apply, ensure you do your own due diligence.
-	DeviceIDKey = attribute.Key("device.id")
-	// The model identifier for the device
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iPhone3,4', 'SM-G920F'
-	// Note: It's recommended this value represents a machine readable version of the
-	// model identifier rather than the market or consumer-friendly name of the
-	// device.
-	DeviceModelIdentifierKey = attribute.Key("device.model.identifier")
-	// The marketing name for the device model
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iPhone 6s Plus', 'Samsung Galaxy S6'
-	// Note: It's recommended this value represents a human readable version of the
-	// device model rather than a machine readable alternative.
-	DeviceModelNameKey = attribute.Key("device.model.name")
-)
-
-// A serverless instance.
-const (
-	// The name of the function being executed.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'my-function'
-	FaaSNameKey = attribute.Key("faas.name")
-	// The unique ID of the function being executed.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'arn:aws:lambda:us-west-2:123456789012:function:my-function'
-	// Note: For example, in AWS Lambda this field corresponds to the
-	// [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-
-	// namespaces.html) value, in GCP to the URI of the resource, and in Azure to the
-	// [FunctionDirectory](https://github.com/Azure/azure-functions-
-	// host/wiki/Retrieving-information-about-the-currently-running-function) field.
-	FaaSIDKey = attribute.Key("faas.id")
-	// The version string of the function being executed as defined in [Version
-	// Attributes](../../resource/semantic_conventions/README.md#version-attributes).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2.0.0'
-	FaaSVersionKey = attribute.Key("faas.version")
-	// The execution environment ID as a string.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'my-function:instance-0001'
-	FaaSInstanceKey = attribute.Key("faas.instance")
-	// The amount of memory available to the serverless function in MiB.
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 128
-	// Note: It's recommended to set this attribute since e.g. too little memory can
-	// easily stop a Java AWS Lambda function from working correctly. On AWS Lambda,
-	// the environment variable `AWS_LAMBDA_FUNCTION_MEMORY_SIZE` provides this
-	// information.
-	FaaSMaxMemoryKey = attribute.Key("faas.max_memory")
-)
-
-// A host is defined as a general computing instance.
-const (
-	// Unique host ID. For Cloud, this must be the instance_id assigned by the cloud
-	// provider.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-test'
-	HostIDKey = attribute.Key("host.id")
-	// Name of the host. On Unix systems, it may contain what the hostname command
-	// returns, or the fully qualified hostname, or another name specified by the
-	// user.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-test'
-	HostNameKey = attribute.Key("host.name")
-	// Type of host. For Cloud, this must be the machine type.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'n1-standard-1'
-	HostTypeKey = attribute.Key("host.type")
-	// The CPU architecture the host system is running on.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	HostArchKey = attribute.Key("host.arch")
-	// Name of the VM image or OS install the host was instantiated from.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'infra-ami-eks-worker-node-7d4ec78312', 'CentOS-8-x86_64-1905'
-	HostImageNameKey = attribute.Key("host.image.name")
-	// VM image ID. For Cloud, this value is from the provider.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'ami-07b06b442921831e5'
-	HostImageIDKey = attribute.Key("host.image.id")
-	// The version string of the VM image as defined in [Version
-	// Attributes](README.md#version-attributes).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '0.1'
-	HostImageVersionKey = attribute.Key("host.image.version")
-)
-
-var (
-	// AMD64
-	HostArchAMD64 = HostArchKey.String("amd64")
-	// ARM32
-	HostArchARM32 = HostArchKey.String("arm32")
-	// ARM64
-	HostArchARM64 = HostArchKey.String("arm64")
-	// Itanium
-	HostArchIA64 = HostArchKey.String("ia64")
-	// 32-bit PowerPC
-	HostArchPPC32 = HostArchKey.String("ppc32")
-	// 64-bit PowerPC
-	HostArchPPC64 = HostArchKey.String("ppc64")
-	// 32-bit x86
-	HostArchX86 = HostArchKey.String("x86")
-)
-
-// A Kubernetes Cluster.
-const (
-	// The name of the cluster.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-cluster'
-	K8SClusterNameKey = attribute.Key("k8s.cluster.name")
-)
-
-// A Kubernetes Node object.
-const (
-	// The name of the Node.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'node-1'
-	K8SNodeNameKey = attribute.Key("k8s.node.name")
-	// The UID of the Node.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1eb3a0c6-0477-4080-a9cb-0cb7db65c6a2'
-	K8SNodeUIDKey = attribute.Key("k8s.node.uid")
-)
-
-// A Kubernetes Namespace.
-const (
-	// The name of the namespace that the pod is running in.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'default'
-	K8SNamespaceNameKey = attribute.Key("k8s.namespace.name")
-)
-
-// A Kubernetes Pod object.
-const (
-	// The UID of the Pod.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SPodUIDKey = attribute.Key("k8s.pod.uid")
-	// The name of the Pod.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry-pod-autoconf'
-	K8SPodNameKey = attribute.Key("k8s.pod.name")
-)
-
-// A container in a [PodTemplate](https://kubernetes.io/docs/concepts/workloads/pods/#pod-templates).
-const (
-	// The name of the Container in a Pod template.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'redis'
-	K8SContainerNameKey = attribute.Key("k8s.container.name")
-)
-
-// A Kubernetes ReplicaSet object.
-const (
-	// The UID of the ReplicaSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SReplicasetUIDKey = attribute.Key("k8s.replicaset.uid")
-	// The name of the ReplicaSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SReplicasetNameKey = attribute.Key("k8s.replicaset.name")
-)
-
-// A Kubernetes Deployment object.
-const (
-	// The UID of the Deployment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDeploymentUIDKey = attribute.Key("k8s.deployment.uid")
-	// The name of the Deployment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDeploymentNameKey = attribute.Key("k8s.deployment.name")
-)
-
-// A Kubernetes StatefulSet object.
-const (
-	// The UID of the StatefulSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SStatefulsetUIDKey = attribute.Key("k8s.statefulset.uid")
-	// The name of the StatefulSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SStatefulsetNameKey = attribute.Key("k8s.statefulset.name")
-)
-
-// A Kubernetes DaemonSet object.
-const (
-	// The UID of the DaemonSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SDaemonsetUIDKey = attribute.Key("k8s.daemonset.uid")
-	// The name of the DaemonSet.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SDaemonsetNameKey = attribute.Key("k8s.daemonset.name")
-)
-
-// A Kubernetes Job object.
-const (
-	// The UID of the Job.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SJobUIDKey = attribute.Key("k8s.job.uid")
-	// The name of the Job.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SJobNameKey = attribute.Key("k8s.job.name")
-)
-
-// A Kubernetes CronJob object.
-const (
-	// The UID of the CronJob.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '275ecb36-5aa8-4c2a-9c47-d8bb681b9aff'
-	K8SCronJobUIDKey = attribute.Key("k8s.cronjob.uid")
-	// The name of the CronJob.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	K8SCronJobNameKey = attribute.Key("k8s.cronjob.name")
-)
-
-// The operating system (OS) on which the process represented by this resource is running.
-const (
-	// The operating system type.
-	//
-	// Type: Enum
-	// Required: Always
-	// Stability: stable
-	OSTypeKey = attribute.Key("os.type")
-	// Human readable (not intended to be parsed) OS version information, like e.g.
-	// reported by `ver` or `lsb_release -a` commands.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Microsoft Windows [Version 10.0.18363.778]', 'Ubuntu 18.04.1 LTS'
-	OSDescriptionKey = attribute.Key("os.description")
-	// Human readable operating system name.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'iOS', 'Android', 'Ubuntu'
-	OSNameKey = attribute.Key("os.name")
-	// The version string of the operating system as defined in [Version
-	// Attributes](../../resource/semantic_conventions/README.md#version-attributes).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '14.2.1', '18.04.1'
-	OSVersionKey = attribute.Key("os.version")
-)
-
-var (
-	// Microsoft Windows
-	OSTypeWindows = OSTypeKey.String("windows")
-	// Linux
-	OSTypeLinux = OSTypeKey.String("linux")
-	// Apple Darwin
-	OSTypeDarwin = OSTypeKey.String("darwin")
-	// FreeBSD
-	OSTypeFreeBSD = OSTypeKey.String("freebsd")
-	// NetBSD
-	OSTypeNetBSD = OSTypeKey.String("netbsd")
-	// OpenBSD
-	OSTypeOpenBSD = OSTypeKey.String("openbsd")
-	// DragonFly BSD
-	OSTypeDragonflyBSD = OSTypeKey.String("dragonflybsd")
-	// HP-UX (Hewlett Packard Unix)
-	OSTypeHPUX = OSTypeKey.String("hpux")
-	// AIX (Advanced Interactive eXecutive)
-	OSTypeAIX = OSTypeKey.String("aix")
-	// Oracle Solaris
-	OSTypeSolaris = OSTypeKey.String("solaris")
-	// IBM z/OS
-	OSTypeZOS = OSTypeKey.String("z_os")
-)
-
-// An operating system process.
-const (
-	// Process identifier (PID).
-	//
-	// Type: int
-	// Required: No
-	// Stability: stable
-	// Examples: 1234
-	ProcessPIDKey = attribute.Key("process.pid")
-	// The name of the process executable. On Linux based systems, can be set to the
-	// `Name` in `proc/[pid]/status`. On Windows, can be set to the base name of
-	// `GetProcessImageFileNameW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'otelcol'
-	ProcessExecutableNameKey = attribute.Key("process.executable.name")
-	// The full path to the process executable. On Linux based systems, can be set to
-	// the target of `proc/[pid]/exe`. On Windows, can be set to the result of
-	// `GetProcessImageFileNameW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: '/usr/bin/cmd/otelcol'
-	ProcessExecutablePathKey = attribute.Key("process.executable.path")
-	// The command used to launch the process (i.e. the command name). On Linux based
-	// systems, can be set to the zeroth string in `proc/[pid]/cmdline`. On Windows,
-	// can be set to the first parameter extracted from `GetCommandLineW`.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'cmd/otelcol'
-	ProcessCommandKey = attribute.Key("process.command")
-	// The full command used to launch the process as a single string representing the
-	// full command. On Windows, can be set to the result of `GetCommandLineW`. Do not
-	// set this if you have to assemble it just for monitoring; use
-	// `process.command_args` instead.
-	//
-	// Type: string
-	// Required: See below
-	// Stability: stable
-	// Examples: 'C:\\cmd\\otecol --config="my directory\\config.yaml"'
-	ProcessCommandLineKey = attribute.Key("process.command_line")
-	// All the command arguments (including the command/executable itself) as received
-	// by the process. On Linux-based systems (and some other Unixoid systems
-	// supporting procfs), can be set according to the list of null-delimited strings
-	// extracted from `proc/[pid]/cmdline`. For libc-based executables, this would be
-	// the full argv vector passed to `main`.
-	//
-	// Type: string[]
-	// Required: See below
-	// Stability: stable
-	// Examples: 'cmd/otecol', '--config=config.yaml'
-	ProcessCommandArgsKey = attribute.Key("process.command_args")
-	// The username of the user that owns the process.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'root'
-	ProcessOwnerKey = attribute.Key("process.owner")
-)
-
-// The single (language) runtime instance which is monitored.
-const (
-	// The name of the runtime of this process. For compiled native binaries, this
-	// SHOULD be the name of the compiler.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'OpenJDK Runtime Environment'
-	ProcessRuntimeNameKey = attribute.Key("process.runtime.name")
-	// The version of the runtime of this process, as returned by the runtime without
-	// modification.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '14.0.2'
-	ProcessRuntimeVersionKey = attribute.Key("process.runtime.version")
-	// An additional description about the runtime of the process, for example a
-	// specific vendor customization of the runtime environment.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Eclipse OpenJ9 Eclipse OpenJ9 VM openj9-0.21.0'
-	ProcessRuntimeDescriptionKey = attribute.Key("process.runtime.description")
-)
-
-// A service instance.
-const (
-	// Logical name of the service.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'shoppingcart'
-	// Note: MUST be the same for all instances of horizontally scaled services. If
-	// the value was not specified, SDKs MUST fallback to `unknown_service:`
-	// concatenated with [`process.executable.name`](process.md#process), e.g.
-	// `unknown_service:bash`. If `process.executable.name` is not available, the
-	// value MUST be set to `unknown_service`.
-	ServiceNameKey = attribute.Key("service.name")
-	// A namespace for `service.name`.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'Shop'
-	// Note: A string value having a meaning that helps to distinguish a group of
-	// services, for example the team name that owns a group of services.
-	// `service.name` is expected to be unique within the same namespace. If
-	// `service.namespace` is not specified in the Resource then `service.name` is
-	// expected to be unique for all services that have no explicit namespace defined
-	// (so the empty/unspecified namespace is simply one more valid namespace). Zero-
-	// length namespace string is assumed equal to unspecified namespace.
-	ServiceNamespaceKey = attribute.Key("service.namespace")
-	// The string ID of the service instance.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '627cc493-f310-47de-96bd-71410b7dec09'
-	// Note: MUST be unique for each instance of the same
-	// `service.namespace,service.name` pair (in other words
-	// `service.namespace,service.name,service.instance.id` triplet MUST be globally
-	// unique). The ID helps to distinguish instances of the same service that exist
-	// at the same time (e.g. instances of a horizontally scaled service). It is
-	// preferable for the ID to be persistent and stay the same for the lifetime of
-	// the service instance, however it is acceptable that the ID is ephemeral and
-	// changes during important lifetime events for the service (e.g. service
-	// restarts). If the service has no inherent unique ID that can be used as the
-	// value of this attribute it is recommended to generate a random Version 1 or
-	// Version 4 RFC 4122 UUID (services aiming for reproducible UUIDs may also use
-	// Version 5, see RFC 4122 for more recommendations).
-	ServiceInstanceIDKey = attribute.Key("service.instance.id")
-	// The version string of the service API or implementation.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '2.0.0'
-	ServiceVersionKey = attribute.Key("service.version")
-)
-
-// The telemetry SDK used to capture data recorded by the instrumentation libraries.
-const (
-	// The name of the telemetry SDK as defined above.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'opentelemetry'
-	TelemetrySDKNameKey = attribute.Key("telemetry.sdk.name")
-	// The language of the telemetry SDK.
-	//
-	// Type: Enum
-	// Required: No
-	// Stability: stable
-	TelemetrySDKLanguageKey = attribute.Key("telemetry.sdk.language")
-	// The version string of the telemetry SDK.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1.2.3'
-	TelemetrySDKVersionKey = attribute.Key("telemetry.sdk.version")
-	// The version string of the auto instrumentation agent, if used.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '1.2.3'
-	TelemetryAutoVersionKey = attribute.Key("telemetry.auto.version")
-)
-
-var (
-	// cpp
-	TelemetrySDKLanguageCPP = TelemetrySDKLanguageKey.String("cpp")
-	// dotnet
-	TelemetrySDKLanguageDotnet = TelemetrySDKLanguageKey.String("dotnet")
-	// erlang
-	TelemetrySDKLanguageErlang = TelemetrySDKLanguageKey.String("erlang")
-	// go
-	TelemetrySDKLanguageGo = TelemetrySDKLanguageKey.String("go")
-	// java
-	TelemetrySDKLanguageJava = TelemetrySDKLanguageKey.String("java")
-	// nodejs
-	TelemetrySDKLanguageNodejs = TelemetrySDKLanguageKey.String("nodejs")
-	// php
-	TelemetrySDKLanguagePHP = TelemetrySDKLanguageKey.String("php")
-	// python
-	TelemetrySDKLanguagePython = TelemetrySDKLanguageKey.String("python")
-	// ruby
-	TelemetrySDKLanguageRuby = TelemetrySDKLanguageKey.String("ruby")
-	// webjs
-	TelemetrySDKLanguageWebjs = TelemetrySDKLanguageKey.String("webjs")
-)
-
-// Resource describing the packaged software running the application code. Web engines are typically executed using process.runtime.
-const (
-	// The name of the web engine.
-	//
-	// Type: string
-	// Required: Always
-	// Stability: stable
-	// Examples: 'WildFly'
-	WebEngineNameKey = attribute.Key("webengine.name")
-	// The version of the web engine.
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: '21.0.0'
-	WebEngineVersionKey = attribute.Key("webengine.version")
-	// Additional description of the web engine (e.g. detailed version and edition
-	// information).
-	//
-	// Type: string
-	// Required: No
-	// Stability: stable
-	// Examples: 'WildFly Full 21.0.0.Final (WildFly Core 13.0.1.Final) - 2.2.2.Final'
-	WebEngineDescriptionKey = attribute.Key("webengine.description")
-)

vendor/go.opentelemetry.io/otel/semconv/v1.4.0/schema.go

@@ -1,9 +0,0 @@
-// Copyright The OpenTelemetry Authors
-// SPDX-License-Identifier: Apache-2.0
-
-package semconv // import "go.opentelemetry.io/otel/semconv/v1.4.0"
-
-// SchemaURL is the schema URL that matches the version of the semantic conventions
-// that this package defines. Semconv packages starting from v1.4.0 must declare
-// non-empty schema URL in the form https://opentelemetry.io/schemas/<version>
-const SchemaURL = "https://opentelemetry.io/schemas/1.4.0"

vendor/modules.txt

@@ -2302,7 +2302,6 @@ go.opentelemetry.io/otel/codes
 go.opentelemetry.io/otel/internal/baggage
 go.opentelemetry.io/otel/internal/global
 go.opentelemetry.io/otel/propagation
-go.opentelemetry.io/otel/semconv/internal
 go.opentelemetry.io/otel/semconv/internal/v4
 go.opentelemetry.io/otel/semconv/v1.20.0
 go.opentelemetry.io/otel/semconv/v1.20.0/httpconv
@@ -2311,7 +2310,6 @@ go.opentelemetry.io/otel/semconv/v1.37.0
 go.opentelemetry.io/otel/semconv/v1.37.0/httpconv
 go.opentelemetry.io/otel/semconv/v1.37.0/otelconv
 go.opentelemetry.io/otel/semconv/v1.37.0/rpcconv
-go.opentelemetry.io/otel/semconv/v1.4.0
 # go.opentelemetry.io/otel/exporters/jaeger v1.17.0
 ## explicit; go 1.19
 go.opentelemetry.io/otel/exporters/jaeger