Merge branch 'master' into quota-fetching

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>

.drone.env

@@ -1,7 +1,7 @@
 # The test runner source for API tests
-CORE_COMMITID=a11dbcf8ae3903c550bffea6bbfc7f587bede995
+CORE_COMMITID=2ffd04b68cd7795b8c3dac3f386df45d3c2eb88f
 CORE_BRANCH=master
 
 # The test runner source for UI tests
-WEB_COMMITID=eb00649279daab8442dd392bb34b85ab1e1d75ef
+WEB_COMMITID=54495e55a46c051680e121dae8c9c4f7938746cb
 WEB_BRANCH=master

.drone.star

@@ -43,7 +43,6 @@ DEFAULT_NODEJS_VERSION = "14"
 config = {
     "modules": [
         # if you add a module here please also add it to the root level Makefile
-        "extensions/accounts",
         "extensions/app-provider",
         "extensions/app-registry",
         "extensions/audit",
@@ -52,7 +51,6 @@ config = {
         "extensions/auth-machine",
         "extensions/frontend",
         "extensions/gateway",
-        "extensions/glauth",
         "extensions/graph-explorer",
         "extensions/graph",
         "extensions/groups",
@@ -97,10 +95,6 @@ config = {
         "skipExceptParts": [],
         "earlyFail": True,
     },
-    "accountsUITests": {
-        "skip": True,
-        "earlyFail": True,
-    },
     "settingsUITests": {
         "skip": True,
         "earlyFail": True,
@@ -110,19 +104,15 @@ config = {
             "suites": [
                 "apiShareManagement",
             ],
-            # The tests fail after the storage config changes
-            # They will be fixed later.
-            "skip": True,
+            "skip": False,
             "earlyFail": True,
             "cron": "nightly",
         },
         "apiWebdav": {
             "suites": [
                 "apiWebdavOperations",
             ],
-            # The tests fail after the storage config changes
-            # They will be fixed later.
-            "skip": True,
+            "skip": False,
             "earlyFail": True,
             "cron": "nightly",
         },
@@ -233,12 +223,17 @@ def main(ctx):
 
     pipelines = test_pipelines + build_release_pipelines + build_release_helpers
 
-    pipelines = \
-        pipelines + \
-        pipelinesDependsOn(
-            example_deploys(ctx),
-            pipelines,
-        )
+    if ctx.build.event == "cron":
+        pipelines = \
+            pipelines + \
+            example_deploys(ctx)
+    else:
+        pipelines = \
+            pipelines + \
+            pipelinesDependsOn(
+                example_deploys(ctx),
+                pipelines,
+            )
 
     # always append notification step
     pipelines.append(
@@ -303,9 +298,6 @@ def testPipelines(ctx):
     if "skip" not in config["uiTests"] or not config["uiTests"]["skip"]:
         pipelines += uiTests(ctx)
 
-    if "skip" not in config["accountsUITests"] or not config["accountsUITests"]["skip"]:
-        pipelines.append(accountsUITests(ctx))
-
     if "skip" not in config["settingsUITests"] or not config["settingsUITests"]["skip"]:
         pipelines.append(settingsUITests(ctx))
 
@@ -753,70 +745,6 @@ def uiTestPipeline(ctx, filterTags, early_fail, runPart = 1, numberOfParts = 1,
         },
     }
 
-def accountsUITests(ctx, storage = "ocis", accounts_hash_difficulty = 4):
-    early_fail = config["accountsUITests"]["earlyFail"] if "earlyFail" in config["accountsUITests"] else False
-
-    return {
-        "kind": "pipeline",
-        "type": "docker",
-        "name": "accountsUITests",
-        "platform": {
-            "os": "linux",
-            "arch": "amd64",
-        },
-        "steps": skipIfUnchanged(ctx, "acceptance-tests") + restoreBuildArtifactCache(ctx, "ocis-binary-amd64", "ocis/bin/ocis") +
-                 ocisServer(storage, accounts_hash_difficulty, [stepVolumeOC10Tests]) + waitForSeleniumService() + waitForMiddlewareService() + [
-            {
-                "name": "WebUIAcceptanceTests",
-                "image": OC_CI_NODEJS % DEFAULT_NODEJS_VERSION,
-                "environment": {
-                    "SERVER_HOST": "https://ocis-server:9200",
-                    "BACKEND_HOST": "https://ocis-server:9200",
-                    "RUN_ON_OCIS": "true",
-                    "OCIS_REVA_DATA_ROOT": "/srv/app/tmp/ocis/owncloud/data",
-                    "WEB_UI_CONFIG": "/drone/src/tests/config/drone/ocis-config.json",
-                    "TEST_TAGS": "not @skipOnOCIS and not @skip",
-                    "LOCAL_UPLOAD_DIR": "/uploads",
-                    "NODE_TLS_REJECT_UNAUTHORIZED": 0,
-                    "WEB_PATH": "/srv/app/web",
-                    "FEATURE_PATH": "/drone/src/extensions/accounts/ui/tests/acceptance/features",
-                    "MIDDLEWARE_HOST": "http://middleware:3000",
-                },
-                "commands": [
-                    ". /drone/src/.drone.env",
-                    # we need to have Web around for some general step definitions (eg. how to log in)
-                    "git clone -b $WEB_BRANCH --single-branch --no-tags https://github.com/owncloud/web.git /srv/app/web",
-                    "cd /srv/app/web",
-                    "git checkout $WEB_COMMITID",
-                    # TODO: settings/package.json has all the acceptance test dependencies
-                    # they shouldn't be needed since we could also use them from web:/tests/acceptance/package.json
-                    "cd /drone/src/extensions/accounts",
-                    "yarn install --immutable",
-                    "make test-acceptance-webui",
-                ],
-                "volumes": [stepVolumeOC10Tests] +
-                           [{
-                               "name": "uploads",
-                               "path": "/uploads",
-                           }],
-            },
-        ] + failEarly(ctx, early_fail),
-        "services": selenium() + middlewareService(),
-        "volumes": [stepVolumeOC10Tests] +
-                   [{
-                       "name": "uploads",
-                       "temp": {},
-                   }],
-        "depends_on": getPipelineNames([buildOcisBinaryForTesting(ctx)]),
-        "trigger": {
-            "ref": [
-                "refs/heads/master",
-                "refs/tags/v*",
-                "refs/pull/**",
-            ],
-        },
-    }
-
 def settingsUITests(ctx, storage = "ocis", accounts_hash_difficulty = 4):
     early_fail = config["settingsUITests"]["earlyFail"] if "earlyFail" in config["settingsUITests"] else False
 
@@ -1641,7 +1569,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
     if not testing_parallel_deploy:
         user = "0:0"
         environment = {
-            "OCIS_URL": "https://ocis-server:9200",
+            "OCIS_URL": OCIS_URL,
             "GATEWAY_GRPC_ADDR": "0.0.0.0:9142",  # cs3api-validator needs the cs3api gatway exposed
             "STORAGE_USERS_DRIVER": "%s" % (storage),
             "STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root",
@@ -1667,41 +1595,37 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
     else:
         user = "33:33"
         environment = {
-            "GRAPH_IDENTITY_BACKEND": "cs3",
-            "GRAPH_LDAP_SERVER_WRITE_ENABLED": "false",
             # Keycloak IDP specific configuration
-            "PROXY_OIDC_ISSUER": "https://keycloak/auth/realms/owncloud",
-            "LDAP_IDP": "https://keycloak/auth/realms/owncloud",
-            "WEB_OIDC_AUTHORITY": "https://keycloak/auth/realms/owncloud",
-            "WEB_OIDC_CLIENT_ID": "ocis-web",
+            "OCIS_OIDC_ISSUER": "https://keycloak/auth/realms/owncloud",
             "WEB_OIDC_METADATA_URL": "https://keycloak/auth/realms/owncloud/.well-known/openid-configuration",
-            "AUTH_BEARER_OIDC_ISSUER": "https://keycloak",
+            "WEB_OIDC_CLIENT_ID": "ocis-web",
             "WEB_OIDC_SCOPE": "openid profile email owncloud",
+            # external  ldap is supposed to be read only
+            "GRAPH_IDENTITY_BACKEND": "ldap",
+            "GRAPH_LDAP_SERVER_WRITE_ENABLED": "false",
             # LDAP bind
             "LDAP_URI": "ldaps://openldap",
             "LDAP_INSECURE": "true",
             "LDAP_BIND_DN": "cn=admin,dc=owncloud,dc=com",
             "LDAP_BIND_PASSWORD": "admin",
             # LDAP user settings
-            "PROXY_AUTOPROVISION_ACCOUNTS": "true",  # automatically create users when they login
-            "PROXY_ACCOUNT_BACKEND_TYPE": "cs3",  # proxy should get users from CS3APIS (which gets it from LDAP)
             "PROXY_USER_OIDC_CLAIM": "ocis.user.uuid",  # claim was added in Keycloak
             "PROXY_USER_CS3_CLAIM": "userid",  # equals STORAGE_LDAP_USER_SCHEMA_UID
-            "LDAP_GROUP_BASE_DN": "ou=testgroups,dc=owncloud,dc=com",
+            "LDAP_GROUP_BASE_DN": "ou=TestGroups,dc=owncloud,dc=com",
             "LDAP_GROUP_OBJECTCLASS": "groupOfUniqueNames",
-            "LDAP_GROUPFILTER": "(objectclass=owncloud)",
             "LDAP_GROUP_SCHEMA_DISPLAYNAME": "cn",
             "LDAP_GROUP_SCHEMA_ID": "cn",
             "LDAP_GROUP_SCHEMA_MAIL": "mail",
             "LDAP_GROUP_SCHEMA_MEMBER": "cn",
-            "LDAP_USER_BASE_DN": "ou=testusers,dc=owncloud,dc=com",
+            "LDAP_GROUPFILTER": "(objectclass=owncloud)",
+            "LDAP_LOGIN_ATTRIBUTES": "uid",
+            "LDAP_USER_BASE_DN": "ou=TestUsers,dc=owncloud,dc=com",
             "LDAP_USER_OBJECTCLASS": "posixAccount",
-            "LDAP_USERFILTER": "(objectclass=owncloud)",
-            "LDAP_USER_SCHEMA_USERNAME": "cn",
             "LDAP_USER_SCHEMA_DISPLAYNAME": "displayname",
-            "LDAP_USER_SCHEMA_MAIL": "mail",
             "LDAP_USER_SCHEMA_ID": "ownclouduuid",
-            "LDAP_LOGIN_ATTRIBUTES": "uid,mail",
+            "LDAP_USER_SCHEMA_MAIL": "mail",
+            "LDAP_USER_SCHEMA_USERNAME": "cn",
+            "LDAP_USERFILTER": "(objectclass=owncloud)",
             # ownCloudSQL storage driver
             "STORAGE_USERS_DRIVER": "owncloudsql",
             "STORAGE_USERS_OWNCLOUDSQL_DATADIR": "/mnt/data/files",
@@ -1720,15 +1644,13 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
             "SHARING_USER_OWNCLOUDSQL_DB_PORT": 3306,
             "SHARING_USER_OWNCLOUDSQL_DB_NAME": "owncloud",
             # General oCIS config
-            # OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
-            "OCIS_RUN_EXTENSIONS": "settings,storage-system,graph,graph-explorer,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,auth-machine,storage-users,storage-shares,storage-publiclink,app-provider,sharing,proxy,nats,ocdav",
+            # OCIS_RUN_EXTENSIONS specifies to start all extensions except idm, idp and accounts. These are replaced by external services
+            "OCIS_RUN_EXTENSIONS": "app-registry,app-provider,audit,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav",
             "OCIS_LOG_LEVEL": "info",
             "OCIS_URL": OCIS_URL,
             "OCIS_BASE_DATA_PATH": "/mnt/data/ocis",
             "OCIS_CONFIG_DIR": "/etc/ocis",
             "PROXY_ENABLE_BASIC_AUTH": "true",
-            "IDM_CREATE_DEMO_USERS": True,
-            "IDM_ADMIN_PASSWORD": "admin",  # override the random admin password from `ocis init`
         }
         wait_for_ocis = {
             "name": "wait-for-ocis-server",

.vscode/launch.json

@@ -22,7 +22,7 @@
                 // demo users
                 "IDM_CREATE_DEMO_USERS": "true",
                 // OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode
-                //"OCIS_RUN_EXTENSIONS": "settings,storage-system,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,storage-authmachine,storage-users,storage-shares,storage-publiclink,app-provider,sharing,accounts,proxy,ocdav",
+                //"OCIS_RUN_EXTENSIONS": "settings,storage-system,graph,graph-explorer,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,storage-authmachine,storage-users,storage-shares,storage-publiclink,app-provider,sharing,proxy,ocdav",
 
                 /*
                  * Keep secrets and passwords in one block to allow easy uncommenting