update reva (#113)

* new ocis config

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* Change default settings to be able to run ocis server without any configuration

- Konnectd uses no TLS as it is behind the proxy.
- Glauth generates dev-certificates for ldap on startup if none is provided.
- Glauth can launch unencrypted (9125) and encrypted (9126) port in parallel

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* allow configuring user sharing driver, default to json

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* update reva

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* switch to preferred_username as opaqueid

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* update drone config to override new defaults to match test environment

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* use latest reva

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* typo

* use updatet api tests

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* core tests got merged already

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

* fix changelog

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

.drone.star

@@ -132,8 +132,11 @@ def testing(ctx):
         'pull': 'always',
         'detach': True,
         'environment' : {
-          'REVA_USERS_DRIVER': 'ldap',
           'REVA_LDAP_HOSTNAME': 'ldap',
+          'REVA_LDAP_PORT': 636,
+          'REVA_LDAP_BIND_DN': 'cn=admin,dc=owncloud,dc=com',
+          'REVA_LDAP_BIND_PASSWORD': 'admin',
+          'REVA_LDAP_BASE_DN': 'dc=owncloud,dc=com',
           'REVA_STORAGE_HOME_DATA_TEMP_FOLDER': '/srv/app/tmp/',
           'REVA_STORAGE_LOCAL_ROOT': '/srv/app/tmp/reva/root',
           'REVA_STORAGE_OWNCLOUD_DATADIR': '/srv/app/tmp/reva/data',
@@ -147,7 +150,6 @@ def testing(ctx):
           'bin/ocis-reva auth-basic &',
           'bin/ocis-reva auth-bearer &',
           'bin/ocis-reva sharing &',
-          'bin/ocis-reva storage-root &',
           'bin/ocis-reva storage-home &',
           'bin/ocis-reva storage-home-data &',
           'bin/ocis-reva storage-oc &',

changelog/unreleased/fix-typos.md

@@ -0,0 +1,5 @@
+Bugfix: we fixed a typo in the `REVA_LDAP_SCHEMA_MAIL` environment variable
+
+It was misspelled as `REVA_LDAP_SCHEMA_Mail`.
+
+https://github.com/owncloud/ocis-reva/pull/113

changelog/unreleased/issue-6.md

@@ -2,6 +2,6 @@ Change: start multiple services with dedicated commands
 
 The initial version would only allow us to use a set of reva configurations to start multiple services.
 We use a more opinionated set of commands to start dedicated services that allows us to configure them individually.
-It allowcs us to switch eg. the user backend to LDAP and fully it on the cli.
+It allows us to switch eg. the user backend to LDAP and fully use it on the cli.
 
 https://github.com/owncloud/ocis-reva/issues/6

changelog/unreleased/new-ocis-config.md

@@ -0,0 +1,11 @@
+Change: default to running behind ocis-proxy
+
+We changed the default configuration to integrate better with ocis.
+
+- We use ocis-glauth as the default ldap server on port 9125 with base `dc=example,dc=org`.
+- We use a dedicated technical `reva` user to make ldap binds
+- Clients are supposed to use the ocis-proxy endpoint `https://localhost:9200`
+- We removed unneeded ocis configuration from the frontend which no longer serves an oidc provider.
+- We changed the default user OpaqueID attribute from `sub` to `preferred_username`. The latter is a claim populated by konnectd that can also be used by the reva ldap user manager to look up users by their OpaqueId
+
+https://github.com/owncloud/ocis-reva/pull/113

changelog/unreleased/user-sharing-driver-json.md

@@ -0,0 +1,5 @@
+Enhancement: Allow configuring user sharing driver
+
+We now default to `json` which persists shares in the sharing manager in a json file instead of an in memory db.
+
+https://github.com/owncloud/ocis-reva/pull/115

docs/testing.md

@@ -0,0 +1,85 @@
+---
+title: "Testing"
+date: 2018-05-02T00:00:00+00:00
+weight: 37
+geekdocRepo: https://github.com/owncloud/ocis-reva
+geekdocEditPath: edit/master/docs
+geekdocFilePath: testing.md
+---
+
+
+## Acceptance tests
+
+We are using the ownCloud 10 acceptance testsuite against ocis. To set this up you need the owncloud 10 core repo, an ldap server that the acceptance tests can use to manage users and the ocis-reva code.
+
+### Getting the tests
+
+All you need to do to get the acceptance tests is check out the core repo:
+```
+git clone https://github.com/owncloud/core.git
+```
+
+### Run an ldap server in a docker container
+
+The ownCloud 10 acceptance tests will need write permission. You can start a suitable ldap server in a docker container with:
+
+```
+docker run --hostname ldap.my-company.com \
+    -e LDAP_TLS_VERIFY_CLIENT=never \
+    -e LDAP_DOMAIN=owncloud.com \
+    -e LDAP_ORGANISATION=ownCloud \
+    -e LDAP_ADMIN_PASSWORD=admin \
+    --name docker-slapd \
+    -p 127.0.0.1:389:389 \
+    -p 636:636 -d osixia/openldap
+```
+
+### Run ocis-reva with that ldap server
+
+`ocis-reva` provides multiple subcommands. To configure them all via env vars you can export these environment variables. 
+
+```
+export REVA_USERS_DRIVER=ldap
+export REVA_LDAP_HOSTNAME=localhost
+export REVA_LDAP_PORT=636
+export REVA_LDAP_BASE_DN='dc=owncloud,dc=com'
+export REVA_LDAP_USERFILTER='(&(objectclass=posixAccount)(cn=%s))'
+export REVA_LDAP_GROUPFILTER='(&(objectclass=posixGroup)(cn=%s))'
+export REVA_LDAP_BIND_DN='cn=admin,dc=owncloud,dc=com'
+export REVA_LDAP_BIND_PASSWORD=admin
+export REVA_LDAP_SCHEMA_UID=uid
+export REVA_LDAP_SCHEMA_MAIL=mail
+export REVA_LDAP_SCHEMA_DISPLAYNAME=displayName
+export REVA_LDAP_SCHEMA_CN=cn
+```
+
+Then you need to start the ocis-reva services
+```
+bin/ocis-reva frontend & \
+bin/ocis-reva gateway & \
+bin/ocis-reva auth-basic & \
+bin/ocis-reva auth-bearer & \
+bin/ocis-reva sharing & \
+bin/ocis-reva storage-home & \
+bin/ocis-reva storage-home-data & \
+bin/ocis-reva storage-oc & \
+bin/ocis-reva storage-oc-data & \
+bin/ocis-reva users &
+```
+
+### Run the acceptance tests
+
+In the ownCloud 10 core repo run
+
+```
+make test-acceptance-api \
+TEST_SERVER_URL=http://localhost:9140 \
+TEST_EXTERNAL_USER_BACKENDS=true \
+TEST_OCIS=true \
+OCIS_REVA_DATA_ROOT=/var/tmp/reva/ \
+BEHAT_FILTER_TAGS='~@skipOnOcis&&~@skipOnLDAP&&@TestAlsoOnExternalUserBackend&&~@local_storage'
+```
+
+### Notes
+- rerunning the tests requires wiping the users in the ldap server, otherwise the tests will fail when trying to populate the users
+- users are created with usernames like `user0`, the default password is `123456`

go.mod

@@ -4,7 +4,7 @@ go 1.13
 
 require (
 	github.com/cespare/xxhash/v2 v2.1.1 // indirect
-	github.com/cs3org/reva v0.0.2-0.20200212114015-0dbce24f7e8b
+	github.com/cs3org/reva v0.1.1-0.20200320145721-40c4334849c3
 	github.com/gofrs/uuid v3.2.0+incompatible
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
 	github.com/micro/cli/v2 v2.1.1