commit 9934895

Merge: b013974 f9dcf37
Author: Willy Kloucek <[email protected]>
Date:   Mon May 2 09:31:01 2022 +0200

    Merge pull request #3551 from owncloud/ocis-init

    [full-ci] ocis init & remove default secrets

extensions/_includes/accounts-config-example.yaml

@@ -38,7 +38,7 @@ http:
 grpc:
   addr: 127.0.0.1:9180
 token_manager:
-  jwt_secret: Pive-Fumkiu4
+  jwt_secret: ""
 asset:
   path: ""
 repo:

extensions/_includes/accounts_configvars.md

@@ -10,7 +10,6 @@
 | ACCOUNTS_HTTP_ROOT | string | / | The root path of the http service.|
 | ACCOUNTS_CACHE_TTL | int | 604800 | The cache time for the static assets.|
 | ACCOUNTS_GRPC_ADDR | string | 127.0.0.1:9180 | The address of the grpc service.|
-| OCIS_JWT_SECRET;ACCOUNTS_JWT_SECRET | string | Pive-Fumkiu4 | The secret to mint jwt tokens.|
 | ACCOUNTS_ASSET_PATH | string |  | The path to the ui assets.|
 | ACCOUNTS_STORAGE_BACKEND | string | CS3 | Defines which storage implementation is to be used|
 | ACCOUNTS_STORAGE_DISK_PATH | string | ~/.ocis/accounts | The path where the accounts data is stored.|

extensions/_includes/appprovider-config-example.yaml

@@ -14,14 +14,15 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9164
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
-externaladdr: ""
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+skip_user_groups_in_token: false
+external_addr: ""
 driver: ""
 drivers:
   wopi:

extensions/_includes/auth-basic-config-example.yaml

@@ -14,13 +14,14 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9146
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+skip_user_groups_in_token: false
 auth_provider: ldap
 auth_providers:
   json:
@@ -30,7 +31,7 @@ auth_providers:
     cacert: ~/.ocis/idm/ldap.crt
     insecure: false
     binddn: uid=reva,ou=sysusers,o=libregraph-idm
-    bindpassword: reva
+    bind_password: ""
     userbasedn: ou=users,o=libregraph-idm
     groupbasedn: ou=groups,o=libregraph-idm
     userscope: sub
@@ -59,7 +60,7 @@ auth_providers:
       member: member
   owncloud_sql:
     dbusername: owncloud
-    dbpassword: secret
+    dbpassword: ""
     dbhost: mysql
     dbport: 3306
     dbname: owncloud

extensions/_includes/auth-basic_configvars.md

@@ -14,7 +14,7 @@
 | LDAP_CACERT;AUTH_BASIC_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | |
 | LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE | bool | false | |
 | LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | |
-| LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD | string | reva | |
+| LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD | string |  | |
 | LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |
 | LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | |
 | LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE | string | sub | |

extensions/_includes/auth-bearer-config-example.yaml

@@ -14,13 +14,14 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9148
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+skip_user_groups_in_token: false
 auth_provider: ldap
 auth_providers:
   oidc:

extensions/_includes/auth-machine-config-example.yaml

@@ -14,14 +14,15 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9166
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+skip_user_groups_in_token: false
 auth_provider: ldap
 auth_providers:
   machine:
-    api_key: change-me-please
+    api_key: ""

extensions/_includes/auth-machine_configvars.md

@@ -9,4 +9,4 @@
 | AUTH_MACHINE_GRPC_ADDR | string | 127.0.0.1:9166 | The address of the grpc service.|
 | AUTH_MACHINE_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.|
 | AUTH_MACHINE_AUTH_PROVIDER | string | ldap | The auth provider which should be used by the service|
-| OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_PROVIDER_API_KEY | string | change-me-please | The api key for the machine auth provider.|
+| OCIS_MACHINE_AUTH_API_KEY;AUTH_MACHINE_PROVIDER_API_KEY | string |  | The api key for the machine auth provider.|

extensions/_includes/frontend-config-example.yaml

@@ -14,35 +14,32 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 http:
   addr: 127.0.0.1:9140
   protocol: tcp
   prefix: ""
-jwt_secret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
+transfer_secret: ""
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+machine_auth_api_key: ""
+skip_users_groups_in_token: false
 favorites: false
-enableprojectspaces: true
+enable_project_spaces: true
 upload_max_chunk_size: 100000000
 upload_http_method_override: ""
 default_upload_protocol: tus
-transfer_secret: replace-me-with-a-transfer-secret
 public_url: https://localhost:9200
 archiver:
   max_num_files: 10000
   max_size: 1073741824
-  prefix: archiver
   insecure: false
-appprovider:
+app_provider:
   external_addr: ""
   driver: ""
-  apps_url: ""
-  open_url: ""
-  new_url: ""
-  prefix: ""
   insecure: false
-datagateway:
+data_gateway:
   prefix: data
 ocs:
   prefix: ocs
@@ -59,8 +56,6 @@ ocs:
       dbport: 0
       dbname: ""
       namespace: ""
-authmachine:
-  apikey: change-me-please
 checksums:
   supported_types:
   - sha1
@@ -69,4 +64,4 @@ checksums:
   preferred_upload_type: ""
 middleware:
   auth:
-    credentials_by_user_agenr: {}
+    credentials_by_user_agent: {}

extensions/_includes/frontend_configvars.md

@@ -8,8 +8,8 @@
 | FRONTEND_DEBUG_ZPAGES | bool | false | |
 | FRONTEND_HTTP_ADDR | string | 127.0.0.1:9140 | The address of the http service.|
 | FRONTEND_HTTP_PROTOCOL | string | tcp | The transport protocol of the http service.|
-| STORAGE_TRANSFER_SECRET | string | replace-me-with-a-transfer-secret | |
+| STORAGE_TRANSFER_SECRET | string |  | |
+| OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY | string |  | |
 | OCIS_URL;FRONTEND_PUBLIC_URL | string | https://localhost:9200 | |
 | OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE | bool | false | |
-| OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE | bool | false | |
-| OCIS_MACHINE_AUTH_API_KEY | string | change-me-please | |
+| OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE | bool | false | |

extensions/_includes/gateway-config-example.yaml

@@ -14,36 +14,36 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9142
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
 skipusergroupsintoken: false
-commitsharetostoragegrant: true
-commitsharetostorageref: true
-sharefolder: Shares
-disablehomecreationonlogin: true
-transfersecret: replace-me-with-a-transfer-secret
-transferexpires: 86400
-homemapping: ""
-etagcachettl: 0
-usersendpoint: localhost:9144
-groupsendpoint: localhost:9160
-permissionsendpoint: localhost:9191
-sharingendpoint: localhost:9150
-datagatewaypublicurl: ""
-frontendpublicurl: https://localhost:9200
-authbasicendpoint: localhost:9146
-authbearerendpoint: localhost:9148
-authmachineendpoint: localhost:9166
-storagepubliclinkendpoint: localhost:9178
-storageusersendpoint: localhost:9157
-storagesharesendpoint: localhost:9154
-storageregistry:
+commit_share_to_storage_grant: true
+commit_share_to_storage_ref: true
+share_folder: Shares
+disable_home_creation_on_login: true
+transfer_secret: ""
+transfer_expires: 86400
+home_mapping: ""
+etag_cache_ttl: 0
+users_endpoint: localhost:9144
+groups_endpoint: localhost:9160
+permissions_endpoint: localhost:9191
+sharing_endpoint: localhost:9150
+frontend_public_url: https://localhost:9200
+auth_basic_endpoint: localhost:9146
+auth_bearer_endpoint: localhost:9148
+auth_machine_endpoint: localhost:9166
+storage_public_link_endpoint: localhost:9178
+storage_users_endpoint: localhost:9157
+storage_shares_endpoint: localhost:9154
+storage_registry:
   driver: spaces
   rules: []
   json: ""
-appregistry:
+app_registry:
   mimetypesjson: ""

extensions/_includes/gateway_configvars.md

@@ -8,5 +8,5 @@
 | GATEWAY_DEBUG_ZPAGES | bool | false | |
 | GATEWAY_GRPC_ADDR | string | 127.0.0.1:9142 | The address of the grpc service.|
 | GATEWAY_GRPC_PROTOCOL | string | tcp | The transport protocol of the grpc service.|
-| STORAGE_TRANSFER_SECRET | string | replace-me-with-a-transfer-secret | |
+| STORAGE_TRANSFER_SECRET | string |  | |
 | OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL | string | https://localhost:9200 | |

extensions/_includes/graph-config-example.yaml

@@ -20,7 +20,7 @@ http:
 reva:
   address: 127.0.0.1:9142
 token_manager:
-  jwt_secret: Pive-Fumkiu4
+  jwt_secret: ""
 spaces:
   webdav_base: https://localhost:9200
   webdav_path: /dav/spaces/
@@ -33,7 +33,7 @@ identity:
     uri: ldaps://localhost:9235
     insecure: true
     bind_dn: uid=libregraph,ou=sysusers,o=libregraph-idm
-    bind_password: idm
+    bind_password: ""
     use_server_uuid: false
     write_enabled: true
     user_base_dn: ou=users,o=libregraph-idm

extensions/_includes/graph_configvars.md

@@ -8,8 +8,6 @@
 | GRAPH_DEBUG_ZPAGES | bool | false | |
 | GRAPH_HTTP_ADDR | string | 127.0.0.1:9120 | |
 | GRAPH_HTTP_ROOT | string | /graph | |
-| REVA_GATEWAY | string | 127.0.0.1:9142 | |
-| OCIS_JWT_SECRET;GRAPH_JWT_SECRET | string | Pive-Fumkiu4 | |
 | OCIS_URL;GRAPH_SPACES_WEBDAV_BASE | string | https://localhost:9200 | |
 | GRAPH_SPACES_WEBDAV_PATH | string | /dav/spaces/ | |
 | GRAPH_SPACES_DEFAULT_QUOTA | string | 1000000000 | |
@@ -19,7 +17,7 @@
 | LDAP_URI;GRAPH_LDAP_URI | string | ldaps://localhost:9235 | |
 | OCIS_INSECURE;GRAPH_LDAP_INSECURE | bool | true | |
 | LDAP_BIND_DN;GRAPH_LDAP_BIND_DN | string | uid=libregraph,ou=sysusers,o=libregraph-idm | |
-| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string | idm | |
+| LDAP_BIND_PASSWORD;GRAPH_LDAP_BIND_PASSWORD | string |  | |
 | GRAPH_LDAP_SERVER_UUID | bool | false | |
 | GRAPH_LDAP_SERVER_WRITE_ENABLED | bool | true | |
 | LDAP_USER_BASE_DN;GRAPH_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |

extensions/_includes/group-config-example.yaml

@@ -14,14 +14,15 @@ debug:
   token: ""
   pprof: false
   zpages: false
-supervised: false
 grpc:
   addr: 127.0.0.1:9160
   protocol: tcp
-jwtsecret: Pive-Fumkiu4
-gatewayendpoint: 127.0.0.1:9142
-skipusergroupsintoken: false
-groupmemberscacheexpiration: 5
+token_manager:
+  jwt_secret: ""
+reva:
+  address: 127.0.0.1:9142
+skip_user_groups_in_token: false
+group_members_cache_expiration: 5
 driver: ldap
 drivers:
   json:
@@ -31,7 +32,7 @@ drivers:
     cacert: ~/.ocis/idm/ldap.crt
     insecure: false
     binddn: uid=reva,ou=sysusers,o=libregraph-idm
-    bindpassword: reva
+    bind_password: ""
     userbasedn: ou=users,o=libregraph-idm
     groupbasedn: ou=groups,o=libregraph-idm
     userscope: sub

extensions/_includes/group_configvars.md

@@ -12,7 +12,7 @@
 | LDAP_CACERT;GROUPS_LDAP_CACERT | string | ~/.ocis/idm/ldap.crt | |
 | LDAP_INSECURE;GROUPS_LDAP_INSECURE | bool | false | |
 | LDAP_BIND_DN;GROUPS_LDAP_BIND_DN | string | uid=reva,ou=sysusers,o=libregraph-idm | |
-| LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD | string | reva | |
+| LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD | string |  | |
 | LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN | string | ou=users,o=libregraph-idm | |
 | LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN | string | ou=groups,o=libregraph-idm | |
 | LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE | string | sub | |

extensions/_includes/idm-config-example.yaml

@@ -21,7 +21,7 @@ idm:
   database: ~/.ocis/idm/ocis.boltdb
 create_demo_users: false
 service_user_passwords:
-  admin_password: admin
-  idm_password: idm
-  reva_password: reva
-  idp_password: idp
+  admin_password: ""
+  idm_password: ""
+  reva_password: ""
+  idp_password: ""

extensions/_includes/idm_configvars.md

@@ -11,7 +11,7 @@
 | IDM_LDAPS_KEY | string | ~/.ocis/idm/ldap.key | File name for the TLS certificate key for the server certificate|
 | IDM_DATABASE_PATH | string | ~/.ocis/idm/ocis.boltdb | Full path to the idm backend database|
 | IDM_CREATE_DEMO_USERS;ACCOUNTS_DEMO_USERS_AND_GROUPS | bool | false | Flag to enabe/disable the creation of the demo users|
-| IDM_ADMIN_PASSWORD | string | admin | Password to set for the ocis "admin" user. Either cleartext or an argon2id hash|
-| IDM_SVC_PASSWORD | string | idm | Password to set for the "idm" service user. Either cleartext or an argon2id hash|
-| IDM_REVASVC_PASSWORD | string | reva | Password to set for the "reva" service user. Either cleartext or an argon2id hash|
-| IDM_IDPSVC_PASSWORD | string | idp | Password to set for the "idp" service user. Either cleartext or an argon2id hash|
+| IDM_ADMIN_PASSWORD | string |  | Password to set for the ocis "admin" user. Either cleartext or an argon2id hash|
+| IDM_SVC_PASSWORD | string |  | Password to set for the "idm" service user. Either cleartext or an argon2id hash|
+| IDM_REVASVC_PASSWORD | string |  | Password to set for the "reva" service user. Either cleartext or an argon2id hash|
+| IDM_IDPSVC_PASSWORD | string |  | Password to set for the "idp" service user. Either cleartext or an argon2id hash|

extensions/_includes/idp-config-example.yaml

@@ -59,7 +59,7 @@ ldap:
   uri: ldaps://localhost:9235
   cacert: ~/.ocis/idm/ldap.crt
   bind_dn: uid=idp,ou=sysusers,o=libregraph-idm
-  bind_password: idp
+  bind_password: ""
   base_dn: ou=users,o=libregraph-idm
   scope: sub
   login_attribute: uid

extensions/_includes/idp_configvars.md

@@ -38,7 +38,7 @@
 | LDAP_URI;IDP_LDAP_URI | string | ldaps://localhost:9235 | |
 | LDAP_CACERT;IDP_LDAP_TLS_CACERT | string | ~/.ocis/idm/ldap.crt | |
 | LDAP_BIND_DN;IDP_LDAP_BIND_DN | string | uid=idp,ou=sysusers,o=libregraph-idm | |
-| LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD | string | idp | |
+| LDAP_BIND_PASSWORD;IDP_LDAP_BIND_PASSWORD | string |  | |
 | LDAP_USER_BASE_DN,IDP_LDAP_BASE_DN | string | ou=users,o=libregraph-idm | |
 | LDAP_USER_SCOPE;IDP_LDAP_SCOPE | string | sub | |
 | IDP_LDAP_LOGIN_ATTRIBUTE | string | uid | |