1.1.0 Tech Preview
Changes in 1.1.0
Summary
- Change - Disable pretty logging by default: #1133
- Change - Add "volume" declaration to docker images: #1375
- Change - Add "expose" information to docker images: #1366
- Change - Generate cryptographically secure state token: #1203
- Change - Move k6 to cdperf: #1358
- Change - Update go version: #1364
- Change - Update ownCloud Web to v1.0.1: #1191
- Enhancement - Add OCIS_URL env var: #1148
- Enhancement - Use sync.cache for roles cache: #1367
- Enhancement - Add named locks and refactor cache: #1212
- Enhancement - Update reva to v1.5.1: #1372
- Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: #1194
Details
-
Change - Disable pretty logging by default: #1133
Tags: ocis
Disable pretty logging default for performance reasons.
-
Change - Add "volume" declaration to docker images: #1375
Tags: docker
Add "volume" declaration to docker images. This makes it easier for Docker users to see where
oCIS stores data. -
Change - Add "expose" information to docker images: #1366
Tags: docker
Add "expose" information to docker images. Docker users will now see that we offer services on
port 9200. -
Change - Generate cryptographically secure state token: #1203
Replaced Math.random with a cryptographically secure way to generate the oidc state token
using the javascript crypto api.#1203
https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random -
Change - Move k6 to cdperf: #1358
Tags: performance, testing, k6
The ownCloud performance tests can not only be used to test ocis. This is why we have decided to
move the k6 tests to https://github.com/owncloud/cdperf -
Change - Update go version: #1364
Tags: go
Update go from 1.13 to 1.15
-
Change - Update ownCloud Web to v1.0.1: #1191
Tags: web
We updated ownCloud Web to v1.0.1. Please refer to the changelog (linked) for details on the web
release.#1191
https://github.com/owncloud/web/releases/tag/v1.0.1 -
Enhancement - Add OCIS_URL env var: #1148
Tags: ocis
We introduced a new environment variable
OCIS_URL
that expects a URL including protocol,
host and optionally port to simplify configuring all the different services. These existing
environment variables still take precedence, but will also fall back toOCIS_URL
:
STORAGE_LDAP_IDP
,STORAGE_OIDC_ISSUER
,PROXY_OIDC_ISSUER
,
STORAGE_FRONTEND_PUBLIC_URL
,KONNECTD_ISS
,WEB_OIDC_AUTHORITY
, and
WEB_UI_CONFIG_SERVER
.Some environment variables are now built dynamically if they are not set: -
STORAGE_DATAGATEWAY_PUBLIC_URL
defaults to<STORAGE_FRONTEND_PUBLIC_URL>/data
,
also falling back toOCIS_URL
-WEB_OIDC_METADATA_URL
defaults to
<WEB_OIDC_AUTHORITY>/.well-known/openid-configuration
, also falling back to
OCIS_URL
Furthermore, the built in konnectd will generate an
identifier-registration.yaml
that
uses theKONNECTD_ISS
in the allowedredirect_uris
andorigins
. It simplifies the
defaulthttps://localhost:9200
and remote deployment withOCIS_URL
which is evaluated
as a fallback ifKONNECTD_ISS
is not set.An OCIS server can now be started on a remote machine as easy as
OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server
.Note that the
OCIS_DOMAIN
environment variable is not used by ocis, but by the docker
containers. -
Enhancement - Use sync.cache for roles cache: #1367
Tags: ocis-pkg
Update ocis-pkg/roles cache to use ocis-pkg/sync cache
-
Enhancement - Add named locks and refactor cache: #1212
Tags: ocis-pkg, accounts
We had the case that we needed kind of a named locking mechanism which enables us to lock only
under certain conditions. It's used in the indexer package where we do not need to lock
everything, instead just lock the requested parts and differentiate between reads and
writes.This made it possible to entirely remove locks from the accounts service and move them to the
ocis-pkg indexer. Another part of this refactor was to make the cache atomic and write tests for
it.- remove locking from accounts service - add sync package with named mutex - add named locking to
indexer - move cache to sync package
- remove locking from accounts service - add sync package with named mutex - add named locking to
-
Enhancement - Update reva to v1.5.1: #1372
Summary -------
- Fix #1401: Use the user in request for deciding the layout for non-home DAV requests
- Fix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
- Fix #1399: Fix ocis trash-bin purge
- Enh #1397: Bump the Copyright date to 2021
- Enh #1398: Support site authorization status in Mentix
- Enh #1393: Allow setting favorites, mtime and a temporary etag
- Enh #1403: Support remote cloud gathering metrics
Details -------
- Bugfix #1401: Use the user in request for deciding the layout for non-home DAV requests
For the incoming /dav/files/userID requests, we have different namespaces depending on
whether the request is for the logged-in user's namespace or not. Since in the storage drivers,
we specify the layout depending only on the user whose resources are to be accessed, this fails
when a user wants to access another user's namespace when the storage provider depends on the
logged in user's namespace. This PR fixes that.For example, consider the following case. The owncloud fs uses a layout {{substr 0 1
.Id.OpaqueId}}/{{.Id.OpaqueId}}. The user einstein sends a request to access a resource
shared with him, say /dav/files/marie/abcd, which should be allowed. However, based on the
way we applied the layout, there's no way in which this can be translated to /m/marie/.Https://github.com/cs3org/reva/pull/1401
- Bugfix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
And git SHA to the release tool.
Https://github.com/cs3org/reva/pull/1413
- Bugfix #1399: Fix ocis trash-bin purge
Fixes the empty trash-bin functionality for ocis-storage
Https://github.com/owncloud/product/issues/254
cs3org/reva#1399- Enhancement #1397: Bump the Copyright date to 2021
Https://github.com/cs3org/reva/pull/1397
- Enhancement #1398: Support site authorization status in Mentix
This enhancement adds support for a site authorization status to Mentix. This way, sites
registered via a web app can now be excluded until authorized manually by an administrator.Furthermore, Mentix now sets the scheme for Prometheus targets. This allows us to also support
monitoring of sites that do not support the default HTTPS scheme.Https://github.com/cs3org/reva/pull/1398
- Enhancement #1393: Allow setting favorites, mtime and a temporary etag
We now let the ocis driver persist favorites, set temporary etags and the mtime as arbitrary
metadata.Https://github.com/owncloud/ocis/issues/567
cs3org/reva#1394
cs3org/reva#1393- Enhancement #1403: Support remote cloud gathering metrics
The current metrics package can only gather metrics either from json files. With this feature,
the metrics can be gathered polling the http endpoints exposed by the owncloud/nextcloud
sciencemesh apps. -
Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: #1194
- Enhancement: calculate and expose actual file permission set cs3org/reva#1368
- initial range request support cs3org/reva#1326