diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index bae63b1ec7..e18955af60 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -50,7 +50,7 @@ jobs: push: ${{ inputs.push }} platforms: ${{ inputs.platforms }} - name: Upload ${{ steps.build.outputs.imageid }} Docker image to artifacts - uses: ishworkh/docker-image-artifact-upload@v1 + uses: ishworkh/container-image-artifact-upload@v2.0.0 if: inputs.load with: image: ${{ steps.build.outputs.imageid }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 896a1c4d39..69794df8db 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,327 @@ +Changelog for reva 1.29.0 (2025-01-07) +======================================= + +The following sections list the changes in reva 1.29.0 relevant to +reva users. The changes are ordered by importance. + +Summary +------- + + * Fix #4898: Make ACL operations work over gRPC + * Fix #4667: Fixed permission mapping to EOS ACLs + * Fix #4520: Do not use version folders for xattrs in EOS + * Fix #4599: Auth: increase verbosity of oidc parsing errors + * Fix #5006: Blocking reva on listSharedWithMe + * Fix #4557: Fix ceph build + * Fix #5017: No empty favs attr + * Fix #4620: Fix ulimits for EOS container deployment + * Fix #5015: Fixed error reporting in the EOS gRPC client + * Fix #4931: Fixed tree metadata following fix in EOS + * Fix #4930: Make removal of favourites work + * Fix #4574: Fix notifications + * Fix #4790: Ocm: fixed domain not having a protocol scheme + * Fix #4849: Drop assumptions about user types when dealing with shares + * Fix #4894: No certs in EOS HTTP client + * Fix #4810: Simplified error handling + * Fix #4973: Handle parsing of favs over gRPC + * Fix #4901: Broken PROPFIND perms on gRPC + * Fix #4907: Public links: return error when owner could not be resolved + * Fix #4591: Eos: fixed error reporting for too large recycle bin listing + * Fix #4896: Fix nilpointer error in RollbackToVersion + * Fix #4905: PurgeDate in ListDeletedEntries was ignored + * Fix #4939: Revert 'make home layout configurable' + * Enh #5028: Handle empty EOS traces + * Enh #4911: Cephfs refactoring + make home layout configurable + * Enh #4937: @labkode steps down as project owner + * Enh #4579: Remove domain-specific code to other repos + * Enh #4824: Refactor Ceph code + * Enh #4797: Refactor CI jobs and bump to latest deps + * Enh #4934: Access to EOS via tokens over gRPC + * Enh #4870: Only load X509 on https + * Enh #5014: Log app when creating EOS gRPC requests + * Enh #4892: Do not read eos user ACLs any longer + * Enh #4720: Differentiate quota for user types in EOS + * Enh #4863: Favourites for eos/grpc + * Enh #5013: Updated dependencies + moved to go 1.22 + * Enh #4514: Pass lock holder metadata on uploads + * Enh #4970: Improved logging on createHome + * Enh #4984: Drop shadow namespaces + * Enh #4670: Ocm: support bearer token access + * Enh #4977: Do not use root on EOS + +Details +------- + + * Bugfix #4898: Make ACL operations work over gRPC + + This change solves two issues: * AddACL would fail, because the current implementation of + AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS + side, because it will try running a recursive find on a file, which fails. * RemoveACL would + fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes + this approach to use an approach similar to what is used in the binary client: just set the rule + that you want to have deleted with no permissions. + + https://github.com/cs3org/reva/pull/4898 + + * Bugfix #4667: Fixed permission mapping to EOS ACLs + + This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing). + + https://github.com/cs3org/reva/pull/4667 + + * Bugfix #4520: Do not use version folders for xattrs in EOS + + This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are + stored on the files. + + https://github.com/cs3org/reva/pull/4520 + + * Bugfix #4599: Auth: increase verbosity of oidc parsing errors + + This is to help further debugging of auth issues. An unrelated error reporting was also fixed. + + https://github.com/cs3org/reva/pull/4599 + + * Bugfix #5006: Blocking reva on listSharedWithMe + + `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable. + This has now been fixed + + https://github.com/cs3org/reva/pull/5006 + + * Bugfix #4557: Fix ceph build + + https://github.com/cs3org/reva/pull/4557 + + * Bugfix #5017: No empty favs attr + + See issue #5016: we now unset the favs attr if no more favs are set + + https://github.com/cs3org/reva/pull/5017 + + * Bugfix #4620: Fix ulimits for EOS container deployment + + https://github.com/cs3org/reva/pull/4620 + + * Bugfix #5015: Fixed error reporting in the EOS gRPC client + + This in particular fixes the lock-related errors + + https://github.com/cs3org/reva/pull/5015 + + * Bugfix #4931: Fixed tree metadata following fix in EOS + + The treecount is now populated from the EOS response. + + https://github.com/cs3org/reva/pull/4931 + + * Bugfix #4930: Make removal of favourites work + + Currently, removing a folder from your favourites is broken, because the handleFavAttr + method is only called in SetAttr, not in UnsetAttr. This change fixes this. + + https://github.com/cs3org/reva/pull/4930 + + * Bugfix #4574: Fix notifications + + https://github.com/cs3org/reva/pull/4574 + + * Bugfix #4790: Ocm: fixed domain not having a protocol scheme + + This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the + remote server due to the domain having an unsupported protocol scheme. in this case domain + doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe. + + https://github.com/cs3org/reva/pull/4790 + + * Bugfix #4849: Drop assumptions about user types when dealing with shares + + We may have external accounts with regular usernames (and with null uid), therefore the + current logic to heuristically infer the user type from a grantee's username is broken. This PR + removes those heuristics and requires the upper level to resolve the user type. + + https://github.com/cs3org/reva/pull/4849 + + * Bugfix #4894: No certs in EOS HTTP client + + Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When + EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found + there, the whole authn flow is aborted and the user is mapped to nobody. + + https://github.com/cs3org/reva/pull/4894 + + * Bugfix #4810: Simplified error handling + + Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91 + + https://github.com/cs3org/reva/pull/4810 + + * Bugfix #4973: Handle parsing of favs over gRPC + + To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of + users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen + in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the + higher-level call in eosfs. + + https://github.com/cs3org/reva/pull/4973 + + * Bugfix #4901: Broken PROPFIND perms on gRPC + + When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were + erroneous because ACL permissions were being ignored. This stems from a bug in + grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being + populated. + + https://github.com/cs3org/reva/pull/4901 + see: + + * Bugfix #4907: Public links: return error when owner could not be resolved + + https://github.com/cs3org/reva/pull/4907 + + * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing + + EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly + handled in this case. + + https://github.com/cs3org/reva/pull/4591 + + * Bugfix #4896: Fix nilpointer error in RollbackToVersion + + https://github.com/cs3org/reva/pull/4896 + + * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored + + The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in + reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST + requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the + loop that is used to iterate over all days in the date range. + + https://github.com/cs3org/reva/pull/4905 + + * Bugfix #4939: Revert 'make home layout configurable' + + Partial revert of #4911, to be re-added after more testing and configuration validation. The + eoshome vs eos storage drivers are to be adapted. + + https://github.com/cs3org/reva/pull/4939 + + * Enhancement #5028: Handle empty EOS traces + + https://github.com/cs3org/reva/pull/5028 + + * Enhancement #4911: Cephfs refactoring + make home layout configurable + + https://github.com/cs3org/reva/pull/4911 + + * Enhancement #4937: @labkode steps down as project owner + + Hugo (@labkode) steps down as project owner of Reva. + + https://github.com/cs3org/reva/pull/4937 + + * Enhancement #4579: Remove domain-specific code to other repos + + https://github.com/cs3org/reva/pull/4579 + + * Enhancement #4824: Refactor Ceph code + + https://github.com/cs3org/reva/pull/4824 + + * Enhancement #4797: Refactor CI jobs and bump to latest deps + + https://github.com/cs3org/reva/pull/4797 + + * Enhancement #4934: Access to EOS via tokens over gRPC + + As a guest account, accessing a file shared with you relies on a token that is generated on behalf + of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC + client. Additionally, the HTTP client now takes tokens into account. + + https://github.com/cs3org/reva/pull/4934 + + * Enhancement #4870: Only load X509 on https + + Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by + default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit + tests, as these fail when this key pair is not on the file system (which is the case for the test + pipeline as well). + + This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the + EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger + the loading of the key pair. + + https://github.com/cs3org/reva/pull/4870 + + * Enhancement #5014: Log app when creating EOS gRPC requests + + https://github.com/cs3org/reva/pull/5014 + + * Enhancement #4892: Do not read eos user ACLs any longer + + This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it + to the GRPC client. + + https://github.com/cs3org/reva/pull/4892 + + * Enhancement #4720: Differentiate quota for user types in EOS + + We now assign a different initial quota to users depending on their type, whether PRIMARY or + not. + + https://github.com/cs3org/reva/pull/4720 + + * Enhancement #4863: Favourites for eos/grpc + + https://github.com/cs3org/reva/pull/4863 + + * Enhancement #5013: Updated dependencies + moved to go 1.22 + + https://github.com/cs3org/reva/pull/5013 + + * Enhancement #4514: Pass lock holder metadata on uploads + + We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the + case of conflicts due to lock mismatch. + + https://github.com/cs3org/reva/pull/4514 + + * Enhancement #4970: Improved logging on createHome + + https://github.com/cs3org/reva/pull/4970 + + * Enhancement #4984: Drop shadow namespaces + + This comes as part of the effort to operate EOS without being root, see + https://github.com/cs3org/reva/pull/4977 + + In this PR the post-home creation hook (and corresponding flag) is replaced by a + create_home_hook, and the following configuration parameters are suppressed: + + Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes + default_quota_files uploads_namespace (unused) + + https://github.com/cs3org/reva/pull/4984 + + * Enhancement #4670: Ocm: support bearer token access + + This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having + the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD + server package, and the Discover methods have been all consolidated in one place. + + https://github.com/cs3org/reva/pull/4670 + + * Enhancement #4977: Do not use root on EOS + + Currently, the EOS drivers use root authentication for many different operations. This has + now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only + operations * the user himselft + + Note that home creation is excluded here as this will be tackled in a different PR. + + https://github.com/cs3org/reva/pull/4977/ + + Changelog for reva 1.28.0 (2024-02-27) ======================================= diff --git a/RELEASE_DATE b/RELEASE_DATE index 5179d2e64e..3f49a7df3c 100644 --- a/RELEASE_DATE +++ b/RELEASE_DATE @@ -1 +1 @@ -2024-02-27 \ No newline at end of file +2025-01-07 \ No newline at end of file diff --git a/VERSION b/VERSION index 3c71e47210..72f3c1dacc 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.28.0 \ No newline at end of file +1.29.0 \ No newline at end of file diff --git a/changelog/unreleased/acl-grpc.md b/changelog/1.29.0_2025-01-07/acl-grpc.md similarity index 100% rename from changelog/unreleased/acl-grpc.md rename to changelog/1.29.0_2025-01-07/acl-grpc.md diff --git a/changelog/1.29.0_2025-01-07/better-eos-traces.md b/changelog/1.29.0_2025-01-07/better-eos-traces.md new file mode 100644 index 0000000000..cdd929f71d --- /dev/null +++ b/changelog/1.29.0_2025-01-07/better-eos-traces.md @@ -0,0 +1,3 @@ +Enhancement: Handle empty EOS traces + +https://github.com/cs3org/reva/pull/5028 diff --git a/changelog/unreleased/ceph-refactoring.md b/changelog/1.29.0_2025-01-07/ceph-refactoring.md similarity index 100% rename from changelog/unreleased/ceph-refactoring.md rename to changelog/1.29.0_2025-01-07/ceph-refactoring.md diff --git a/changelog/unreleased/change-project-ownership.md b/changelog/1.29.0_2025-01-07/change-project-ownership.md similarity index 100% rename from changelog/unreleased/change-project-ownership.md rename to changelog/1.29.0_2025-01-07/change-project-ownership.md diff --git a/changelog/unreleased/clean-repo.md b/changelog/1.29.0_2025-01-07/clean-repo.md similarity index 100% rename from changelog/unreleased/clean-repo.md rename to changelog/1.29.0_2025-01-07/clean-repo.md diff --git a/changelog/unreleased/enhance-ceph.md b/changelog/1.29.0_2025-01-07/enhance-ceph.md similarity index 100% rename from changelog/unreleased/enhance-ceph.md rename to changelog/1.29.0_2025-01-07/enhance-ceph.md diff --git a/changelog/unreleased/enhance-ci.md b/changelog/1.29.0_2025-01-07/enhance-ci.md similarity index 100% rename from changelog/unreleased/enhance-ci.md rename to changelog/1.29.0_2025-01-07/enhance-ci.md diff --git a/changelog/unreleased/eos-grpc-token-access.md b/changelog/1.29.0_2025-01-07/eos-grpc-token-access.md similarity index 100% rename from changelog/unreleased/eos-grpc-token-access.md rename to changelog/1.29.0_2025-01-07/eos-grpc-token-access.md diff --git a/changelog/unreleased/eos-http-client-tls.md b/changelog/1.29.0_2025-01-07/eos-http-client-tls.md similarity index 100% rename from changelog/unreleased/eos-http-client-tls.md rename to changelog/1.29.0_2025-01-07/eos-http-client-tls.md diff --git a/changelog/unreleased/eos-log-app.md b/changelog/1.29.0_2025-01-07/eos-log-app.md similarity index 100% rename from changelog/unreleased/eos-log-app.md rename to changelog/1.29.0_2025-01-07/eos-log-app.md diff --git a/changelog/unreleased/eos-perms.md b/changelog/1.29.0_2025-01-07/eos-perms.md similarity index 100% rename from changelog/unreleased/eos-perms.md rename to changelog/1.29.0_2025-01-07/eos-perms.md diff --git a/changelog/unreleased/eos-useracl.md b/changelog/1.29.0_2025-01-07/eos-useracl.md similarity index 100% rename from changelog/unreleased/eos-useracl.md rename to changelog/1.29.0_2025-01-07/eos-useracl.md diff --git a/changelog/unreleased/eos-userquota.md b/changelog/1.29.0_2025-01-07/eos-userquota.md similarity index 100% rename from changelog/unreleased/eos-userquota.md rename to changelog/1.29.0_2025-01-07/eos-userquota.md diff --git a/changelog/unreleased/eos-xattr.md b/changelog/1.29.0_2025-01-07/eos-xattr.md similarity index 100% rename from changelog/unreleased/eos-xattr.md rename to changelog/1.29.0_2025-01-07/eos-xattr.md diff --git a/changelog/unreleased/fav-grpc.md b/changelog/1.29.0_2025-01-07/fav-grpc.md similarity index 100% rename from changelog/unreleased/fav-grpc.md rename to changelog/1.29.0_2025-01-07/fav-grpc.md diff --git a/changelog/unreleased/fix-auth-log.md b/changelog/1.29.0_2025-01-07/fix-auth-log.md similarity index 100% rename from changelog/unreleased/fix-auth-log.md rename to changelog/1.29.0_2025-01-07/fix-auth-log.md diff --git a/changelog/unreleased/fix-block-on-sharedwithme.md b/changelog/1.29.0_2025-01-07/fix-block-on-sharedwithme.md similarity index 100% rename from changelog/unreleased/fix-block-on-sharedwithme.md rename to changelog/1.29.0_2025-01-07/fix-block-on-sharedwithme.md diff --git a/changelog/unreleased/fix-ceph-build.md b/changelog/1.29.0_2025-01-07/fix-ceph-build.md similarity index 100% rename from changelog/unreleased/fix-ceph-build.md rename to changelog/1.29.0_2025-01-07/fix-ceph-build.md diff --git a/changelog/unreleased/fix-empty-fav-attr.md b/changelog/1.29.0_2025-01-07/fix-empty-fav-attr.md similarity index 100% rename from changelog/unreleased/fix-empty-fav-attr.md rename to changelog/1.29.0_2025-01-07/fix-empty-fav-attr.md diff --git a/changelog/unreleased/fix-eos-container-build.md b/changelog/1.29.0_2025-01-07/fix-eos-container-build.md similarity index 100% rename from changelog/unreleased/fix-eos-container-build.md rename to changelog/1.29.0_2025-01-07/fix-eos-container-build.md diff --git a/changelog/unreleased/fix-eos-grpc-errors.md b/changelog/1.29.0_2025-01-07/fix-eos-grpc-errors.md similarity index 100% rename from changelog/unreleased/fix-eos-grpc-errors.md rename to changelog/1.29.0_2025-01-07/fix-eos-grpc-errors.md diff --git a/changelog/unreleased/fix-eosgrpc-stat.md b/changelog/1.29.0_2025-01-07/fix-eosgrpc-stat.md similarity index 100% rename from changelog/unreleased/fix-eosgrpc-stat.md rename to changelog/1.29.0_2025-01-07/fix-eosgrpc-stat.md diff --git a/changelog/unreleased/fix-fav-grpc.md b/changelog/1.29.0_2025-01-07/fix-fav-grpc.md similarity index 100% rename from changelog/unreleased/fix-fav-grpc.md rename to changelog/1.29.0_2025-01-07/fix-fav-grpc.md diff --git a/changelog/unreleased/fix-notifications.md b/changelog/1.29.0_2025-01-07/fix-notifications.md similarity index 100% rename from changelog/unreleased/fix-notifications.md rename to changelog/1.29.0_2025-01-07/fix-notifications.md diff --git a/changelog/unreleased/fix-ocm-open-driver.md b/changelog/1.29.0_2025-01-07/fix-ocm-open-driver.md similarity index 100% rename from changelog/unreleased/fix-ocm-open-driver.md rename to changelog/1.29.0_2025-01-07/fix-ocm-open-driver.md diff --git a/changelog/unreleased/go-mod.md b/changelog/1.29.0_2025-01-07/go-mod.md similarity index 100% rename from changelog/unreleased/go-mod.md rename to changelog/1.29.0_2025-01-07/go-mod.md diff --git a/changelog/unreleased/locks-uploads.md b/changelog/1.29.0_2025-01-07/locks-uploads.md similarity index 100% rename from changelog/unreleased/locks-uploads.md rename to changelog/1.29.0_2025-01-07/locks-uploads.md diff --git a/changelog/unreleased/log-home.md b/changelog/1.29.0_2025-01-07/log-home.md similarity index 100% rename from changelog/unreleased/log-home.md rename to changelog/1.29.0_2025-01-07/log-home.md diff --git a/changelog/unreleased/lwshares-fix.md b/changelog/1.29.0_2025-01-07/lwshares-fix.md similarity index 100% rename from changelog/unreleased/lwshares-fix.md rename to changelog/1.29.0_2025-01-07/lwshares-fix.md diff --git a/changelog/unreleased/no-certs-eos-http-client.md b/changelog/1.29.0_2025-01-07/no-certs-eos-http-client.md similarity index 100% rename from changelog/unreleased/no-certs-eos-http-client.md rename to changelog/1.29.0_2025-01-07/no-certs-eos-http-client.md diff --git a/changelog/unreleased/no-more-shadow-ns.md b/changelog/1.29.0_2025-01-07/no-more-shadow-ns.md similarity index 100% rename from changelog/unreleased/no-more-shadow-ns.md rename to changelog/1.29.0_2025-01-07/no-more-shadow-ns.md diff --git a/changelog/unreleased/ocm-access.md b/changelog/1.29.0_2025-01-07/ocm-access.md similarity index 100% rename from changelog/unreleased/ocm-access.md rename to changelog/1.29.0_2025-01-07/ocm-access.md diff --git a/changelog/unreleased/ocm-error-handling.md b/changelog/1.29.0_2025-01-07/ocm-error-handling.md similarity index 100% rename from changelog/unreleased/ocm-error-handling.md rename to changelog/1.29.0_2025-01-07/ocm-error-handling.md diff --git a/changelog/unreleased/parse-favs-grpc.md b/changelog/1.29.0_2025-01-07/parse-favs-grpc.md similarity index 100% rename from changelog/unreleased/parse-favs-grpc.md rename to changelog/1.29.0_2025-01-07/parse-favs-grpc.md diff --git a/changelog/unreleased/propfind-perms-grpc.md b/changelog/1.29.0_2025-01-07/propfind-perms-grpc.md similarity index 100% rename from changelog/unreleased/propfind-perms-grpc.md rename to changelog/1.29.0_2025-01-07/propfind-perms-grpc.md diff --git a/changelog/unreleased/publink-fix.md b/changelog/1.29.0_2025-01-07/publink-fix.md similarity index 100% rename from changelog/unreleased/publink-fix.md rename to changelog/1.29.0_2025-01-07/publink-fix.md diff --git a/changelog/unreleased/recycle-fix.md b/changelog/1.29.0_2025-01-07/recycle-fix.md similarity index 100% rename from changelog/unreleased/recycle-fix.md rename to changelog/1.29.0_2025-01-07/recycle-fix.md diff --git a/changelog/unreleased/restorefileversion-nilptr.md b/changelog/1.29.0_2025-01-07/restorefileversion-nilptr.md similarity index 100% rename from changelog/unreleased/restorefileversion-nilptr.md rename to changelog/1.29.0_2025-01-07/restorefileversion-nilptr.md diff --git a/changelog/unreleased/rootless-auth.md b/changelog/1.29.0_2025-01-07/rootless-auth.md similarity index 100% rename from changelog/unreleased/rootless-auth.md rename to changelog/1.29.0_2025-01-07/rootless-auth.md diff --git a/changelog/unreleased/trashbin-grpc.md b/changelog/1.29.0_2025-01-07/trashbin-grpc.md similarity index 100% rename from changelog/unreleased/trashbin-grpc.md rename to changelog/1.29.0_2025-01-07/trashbin-grpc.md diff --git a/changelog/NOTE.md b/changelog/NOTE.md index 32333c743b..eba9a7fab6 100644 --- a/changelog/NOTE.md +++ b/changelog/NOTE.md @@ -1,202 +1,324 @@ -Changelog for reva 1.28.0 (2024-02-27) +Changelog for reva 1.29.0 (2025-01-07) ======================================= -The following sections list the changes in reva 1.28.0 relevant to +The following sections list the changes in reva 1.29.0 relevant to reva users. The changes are ordered by importance. Summary ------- - * Fix #4369: Carefully use root credentials to perform system level ops - * Fix #4306: Correctly treat EOS urls containing # chars - * Fix #4510: Propagates traceID to EOS - * Fix #4321: Reworked List() to support version folder tricks - * Fix #4400: Fix group-based capabilities - * Fix #4319: Fixed registration of custom extensions in the mime registry - * Fix #4287: Fixes registration and naming of services - * Fix #4310: Restore changes to ceph driver - * Fix #4294: Sciencemesh fixes - * Fix #4307: Dynamic storage registry storage_id aliases - * Fix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/" - * Enh #4280: Implementation of Locks for the CephFS driver - * Enh #4282: Support multiple templates in config entries - * Enh #4304: Disable open in app for given paths - * Enh #4455: Limit max number of entries returned by ListRecycle in eos - * Enh #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat - * Enh #4311: Init time logger for eosgrpc storage driver - * Enh #4301: Added listversions command - * Enh #4493: Removed notification capability - * Enh #4288: Print plugins' version - * Enh #4508: Add pprof http service - * Enh #4376: Removed cback from upstream codebase - * Enh #4391: CERNBox setup for ScienceMesh tests - * Enh #4246: Revamp ScienceMesh integration tests - * Enh #4240: Reworked protocol with ScienceMesh NC/OC apps - * Enh #4370: Storage registry: fail at init if config is missing any providers + * Fix #4898: Make ACL operations work over gRPC + * Fix #4667: Fixed permission mapping to EOS ACLs + * Fix #4520: Do not use version folders for xattrs in EOS + * Fix #4599: Auth: increase verbosity of oidc parsing errors + * Fix #5006: Blocking reva on listSharedWithMe + * Fix #4557: Fix ceph build + * Fix #5017: No empty favs attr + * Fix #4620: Fix ulimits for EOS container deployment + * Fix #5015: Fixed error reporting in the EOS gRPC client + * Fix #4931: Fixed tree metadata following fix in EOS + * Fix #4930: Make removal of favourites work + * Fix #4574: Fix notifications + * Fix #4790: Ocm: fixed domain not having a protocol scheme + * Fix #4849: Drop assumptions about user types when dealing with shares + * Fix #4894: No certs in EOS HTTP client + * Fix #4810: Simplified error handling + * Fix #4973: Handle parsing of favs over gRPC + * Fix #4901: Broken PROPFIND perms on gRPC + * Fix #4907: Public links: return error when owner could not be resolved + * Fix #4591: Eos: fixed error reporting for too large recycle bin listing + * Fix #4896: Fix nilpointer error in RollbackToVersion + * Fix #4905: PurgeDate in ListDeletedEntries was ignored + * Fix #4939: Revert 'make home layout configurable' + * Enh #5028: Handle empty EOS traces + * Enh #4911: Cephfs refactoring + make home layout configurable + * Enh #4937: @labkode steps down as project owner + * Enh #4579: Remove domain-specific code to other repos + * Enh #4824: Refactor Ceph code + * Enh #4797: Refactor CI jobs and bump to latest deps + * Enh #4934: Access to EOS via tokens over gRPC + * Enh #4870: Only load X509 on https + * Enh #5014: Log app when creating EOS gRPC requests + * Enh #4892: Do not read eos user ACLs any longer + * Enh #4720: Differentiate quota for user types in EOS + * Enh #4863: Favourites for eos/grpc + * Enh #5013: Updated dependencies + moved to go 1.22 + * Enh #4514: Pass lock holder metadata on uploads + * Enh #4970: Improved logging on createHome + * Enh #4984: Drop shadow namespaces + * Enh #4670: Ocm: support bearer token access + * Enh #4977: Do not use root on EOS Details ------- - * Bugfix #4369: Carefully use root credentials to perform system level ops + * Bugfix #4898: Make ACL operations work over gRPC - This PR ensures that system level ops like setlock, setattr, stat... work when invoked from a - gateway This is relevant for eosgrpc, as eosbinary exploited the permissivity of the eos - cmdline + This change solves two issues: * AddACL would fail, because the current implementation of + AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS + side, because it will try running a recursive find on a file, which fails. * RemoveACL would + fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes + this approach to use an approach similar to what is used in the binary client: just set the rule + that you want to have deleted with no permissions. - https://github.com/cs3org/reva/pull/4369 + https://github.com/cs3org/reva/pull/4898 - * Bugfix #4306: Correctly treat EOS urls containing # chars + * Bugfix #4667: Fixed permission mapping to EOS ACLs - https://github.com/cs3org/reva/pull/4306 + This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing). - * Bugfix #4510: Propagates traceID to EOS + https://github.com/cs3org/reva/pull/4667 - This PR fixes the cases where the EOS trace ID was always a bunch of zeroes. + * Bugfix #4520: Do not use version folders for xattrs in EOS - https://github.com/cs3org/reva/pull/4510 + This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are + stored on the files. - * Bugfix #4321: Reworked List() to support version folder tricks + https://github.com/cs3org/reva/pull/4520 - https://github.com/cs3org/reva/pull/4321 + * Bugfix #4599: Auth: increase verbosity of oidc parsing errors - * Bugfix #4400: Fix group-based capabilities + This is to help further debugging of auth issues. An unrelated error reporting was also fixed. - The group-based capabilities require an authenticated endpoint, as we must query the - logged-in user's groups to get those. This PR moves them to the `getSelf` endpoint in the user - handler. + https://github.com/cs3org/reva/pull/4599 - https://github.com/cs3org/reva/pull/4400 + * Bugfix #5006: Blocking reva on listSharedWithMe - * Bugfix #4319: Fixed registration of custom extensions in the mime registry + `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable. + This has now been fixed - This PR ensures custom extensions/mime-types are registered by trimming any eventual - leading '.' from the extension. + https://github.com/cs3org/reva/pull/5006 - https://github.com/cs3org/reva/pull/4319 + * Bugfix #4557: Fix ceph build - * Bugfix #4287: Fixes registration and naming of services + https://github.com/cs3org/reva/pull/4557 - https://github.com/cs3org/reva/pull/4287 + * Bugfix #5017: No empty favs attr - * Bugfix #4310: Restore changes to ceph driver + See issue #5016: we now unset the favs attr if no more favs are set - PR [4166](https://github.com/cs3org/reva/pull/4166) accidentally reverted the ceph - driver changes. This PR recovers them. + https://github.com/cs3org/reva/pull/5017 - https://github.com/cs3org/reva/pull/4310 + * Bugfix #4620: Fix ulimits for EOS container deployment - * Bugfix #4294: Sciencemesh fixes + https://github.com/cs3org/reva/pull/4620 - Fixes different issues introduced with the recent changes, in ocm/sciencemesh, in - particular the `GetAccepetdUser` and `/sciencemesh/find-accepted-users` endpoints. + * Bugfix #5015: Fixed error reporting in the EOS gRPC client - https://github.com/cs3org/reva/pull/4294 + This in particular fixes the lock-related errors - * Bugfix #4307: Dynamic storage registry storage_id aliases + https://github.com/cs3org/reva/pull/5015 - Fixes the bug where the dynamic storage registry would not be able to resolve storage ids like - `eoshome-a`, as those are aliased and need to be resolved into the proper storage-id - (`eoshome-i01`). + * Bugfix #4931: Fixed tree metadata following fix in EOS - https://github.com/cs3org/reva/pull/4307 + The treecount is now populated from the EOS response. - * Bugfix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/" + https://github.com/cs3org/reva/pull/4931 - This PR removes an unnecessary and potentially problematic call, which would fail if any of the - configured storage providers has an issue. + * Bugfix #4930: Make removal of favourites work - https://github.com/cs3org/reva/pull/4497 + Currently, removing a folder from your favourites is broken, because the handleFavAttr + method is only called in SetAttr, not in UnsetAttr. This change fixes this. - * Enhancement #4280: Implementation of Locks for the CephFS driver + https://github.com/cs3org/reva/pull/4930 - This PR brings CS3APIs Locks for CephFS + * Bugfix #4574: Fix notifications - https://github.com/cs3org/reva/pull/4280 + https://github.com/cs3org/reva/pull/4574 - * Enhancement #4282: Support multiple templates in config entries + * Bugfix #4790: Ocm: fixed domain not having a protocol scheme - This PR introduces support for config entries with multiple templates, such as `parameter = - "{{ vars.v1 }} foo {{ vars.v2 }}"`. Previously, only one `{{ template }}` was allowed in a given - configuration entry. + This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the + remote server due to the domain having an unsupported protocol scheme. in this case domain + doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe. - https://github.com/cs3org/reva/pull/4282 + https://github.com/cs3org/reva/pull/4790 - * Enhancement #4304: Disable open in app for given paths + * Bugfix #4849: Drop assumptions about user types when dealing with shares - https://github.com/cs3org/reva/pull/4304 + We may have external accounts with regular usernames (and with null uid), therefore the + current logic to heuristically infer the user type from a grantee's username is broken. This PR + removes those heuristics and requires the upper level to resolve the user type. - * Enhancement #4455: Limit max number of entries returned by ListRecycle in eos + https://github.com/cs3org/reva/pull/4849 - The idea is to query first how many entries we'd have from eos recycle ls and bail out if "too - many". + * Bugfix #4894: No certs in EOS HTTP client - https://github.com/cs3org/reva/pull/4455 + Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When + EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found + there, the whole authn flow is aborted and the user is mapped to nobody. - * Enhancement #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat + https://github.com/cs3org/reva/pull/4894 - https://github.com/cs3org/reva/pull/4309 + * Bugfix #4810: Simplified error handling - * Enhancement #4311: Init time logger for eosgrpc storage driver + Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91 - Before the `eosgrpc` driver was using a custom logger. Now that the reva logger is available at - init time, the driver will use this. + https://github.com/cs3org/reva/pull/4810 - https://github.com/cs3org/reva/pull/4311 + * Bugfix #4973: Handle parsing of favs over gRPC - * Enhancement #4301: Added listversions command + To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of + users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen + in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the + higher-level call in eosfs. - https://github.com/cs3org/reva/pull/4301 + https://github.com/cs3org/reva/pull/4973 - * Enhancement #4493: Removed notification capability + * Bugfix #4901: Broken PROPFIND perms on gRPC - This is not needed any longer, the code was simplified to enable notifications if they are - configured + When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were + erroneous because ACL permissions were being ignored. This stems from a bug in + grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being + populated. - https://github.com/cs3org/reva/pull/4493 + https://github.com/cs3org/reva/pull/4901 + see: - * Enhancement #4288: Print plugins' version + * Bugfix #4907: Public links: return error when owner could not be resolved - https://github.com/cs3org/reva/pull/4288 + https://github.com/cs3org/reva/pull/4907 - * Enhancement #4508: Add pprof http service + * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing - This service is useful to trigger diagnostics on running processes + EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly + handled in this case. - https://github.com/cs3org/reva/pull/4508 + https://github.com/cs3org/reva/pull/4591 - * Enhancement #4376: Removed cback from upstream codebase + * Bugfix #4896: Fix nilpointer error in RollbackToVersion - The code has been moved to as a CERNBox plugin. + https://github.com/cs3org/reva/pull/4896 - https://github.com/cs3org/reva/pull/4376 + * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored - * Enhancement #4391: CERNBox setup for ScienceMesh tests + The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in + reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST + requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the + loop that is used to iterate over all days in the date range. - This PR includes a bundled CERNBox-like web UI and backend to test the ScienceMesh workflows - with OC10 and NC + https://github.com/cs3org/reva/pull/4905 - https://github.com/cs3org/reva/pull/4391 + * Bugfix #4939: Revert 'make home layout configurable' - * Enhancement #4246: Revamp ScienceMesh integration tests + Partial revert of #4911, to be re-added after more testing and configuration validation. The + eoshome vs eos storage drivers are to be adapted. - This extends the ScienceMesh tests by running a wopiserver next to each EFSS/IOP, and by - including a CERNBox-like minimal configuration. The latter is based on local storage and - in-memory shares (no db dependency). + https://github.com/cs3org/reva/pull/4939 - https://github.com/cs3org/reva/pull/4246 + * Enhancement #5028: Handle empty EOS traces - * Enhancement #4240: Reworked protocol with ScienceMesh NC/OC apps + https://github.com/cs3org/reva/pull/5028 - This ensures full OCM 1.1 coverage + * Enhancement #4911: Cephfs refactoring + make home layout configurable - https://github.com/cs3org/reva/pull/4240 + https://github.com/cs3org/reva/pull/4911 - * Enhancement #4370: Storage registry: fail at init if config is missing any providers + * Enhancement #4937: @labkode steps down as project owner - This change makes the dynamic storage registry fail at startup if there are missing rules in the - config file. That is, any `mount_id` in the routing table must have a corresponding - `storage_id`/`address` pair in the config, otherwise the registry will fail to start. + Hugo (@labkode) steps down as project owner of Reva. - https://github.com/cs3org/reva/pull/4370 + https://github.com/cs3org/reva/pull/4937 + + * Enhancement #4579: Remove domain-specific code to other repos + + https://github.com/cs3org/reva/pull/4579 + + * Enhancement #4824: Refactor Ceph code + + https://github.com/cs3org/reva/pull/4824 + + * Enhancement #4797: Refactor CI jobs and bump to latest deps + + https://github.com/cs3org/reva/pull/4797 + + * Enhancement #4934: Access to EOS via tokens over gRPC + + As a guest account, accessing a file shared with you relies on a token that is generated on behalf + of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC + client. Additionally, the HTTP client now takes tokens into account. + + https://github.com/cs3org/reva/pull/4934 + + * Enhancement #4870: Only load X509 on https + + Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by + default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit + tests, as these fail when this key pair is not on the file system (which is the case for the test + pipeline as well). + + This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the + EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger + the loading of the key pair. + + https://github.com/cs3org/reva/pull/4870 + + * Enhancement #5014: Log app when creating EOS gRPC requests + + https://github.com/cs3org/reva/pull/5014 + + * Enhancement #4892: Do not read eos user ACLs any longer + + This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it + to the GRPC client. + + https://github.com/cs3org/reva/pull/4892 + + * Enhancement #4720: Differentiate quota for user types in EOS + + We now assign a different initial quota to users depending on their type, whether PRIMARY or + not. + + https://github.com/cs3org/reva/pull/4720 + + * Enhancement #4863: Favourites for eos/grpc + + https://github.com/cs3org/reva/pull/4863 + + * Enhancement #5013: Updated dependencies + moved to go 1.22 + + https://github.com/cs3org/reva/pull/5013 + + * Enhancement #4514: Pass lock holder metadata on uploads + + We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the + case of conflicts due to lock mismatch. + + https://github.com/cs3org/reva/pull/4514 + + * Enhancement #4970: Improved logging on createHome + + https://github.com/cs3org/reva/pull/4970 + + * Enhancement #4984: Drop shadow namespaces + + This comes as part of the effort to operate EOS without being root, see + https://github.com/cs3org/reva/pull/4977 + + In this PR the post-home creation hook (and corresponding flag) is replaced by a + create_home_hook, and the following configuration parameters are suppressed: + + Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes + default_quota_files uploads_namespace (unused) + + https://github.com/cs3org/reva/pull/4984 + + * Enhancement #4670: Ocm: support bearer token access + + This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having + the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD + server package, and the Discover methods have been all consolidated in one place. + + https://github.com/cs3org/reva/pull/4670 + + * Enhancement #4977: Do not use root on EOS + + Currently, the EOS drivers use root authentication for many different operations. This has + now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only + operations * the user himselft + + Note that home creation is excluded here as this will be tackled in a different PR. + + https://github.com/cs3org/reva/pull/4977/ diff --git a/changelog/unreleased/.gitkeep b/changelog/unreleased/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/changelog/unreleased/broken-quota.md b/changelog/unreleased/broken-quota.md new file mode 100644 index 0000000000..7bd85be519 --- /dev/null +++ b/changelog/unreleased/broken-quota.md @@ -0,0 +1,5 @@ +Bugfix: wrong quota total reported + +The EOS `QuotaInfo` struct had fields for `AvailableBytes` and `AvailableInodes`, but these were used to mean the total. This is fixed now. + +https://github.com/cs3org/reva/pull/5082 \ No newline at end of file diff --git a/changelog/unreleased/fix-app-log.md b/changelog/unreleased/fix-app-log.md new file mode 100644 index 0000000000..ab4d975575 --- /dev/null +++ b/changelog/unreleased/fix-app-log.md @@ -0,0 +1,3 @@ +Enhancement: log viewmode in the returning app URL message + +https://github.com/cs3org/reva/pull/5080 diff --git a/changelog/unreleased/listrevisions-impersonate.md b/changelog/unreleased/listrevisions-impersonate.md new file mode 100644 index 0000000000..eb9c76ef31 --- /dev/null +++ b/changelog/unreleased/listrevisions-impersonate.md @@ -0,0 +1,5 @@ +Bugfix: impersonate owner on ListRevisions + +ListRevisions is currently broken for projects, because this happens on behalf of the user, instead of the owner of the file. This behaviour is changed to do the call on behalf of the owner (if we are in a non-home space). + +https://github.com/cs3org/reva/pull/5064 \ No newline at end of file diff --git a/changelog/unreleased/pseudo-tx-share.md b/changelog/unreleased/pseudo-tx-share.md new file mode 100644 index 0000000000..837d487315 --- /dev/null +++ b/changelog/unreleased/pseudo-tx-share.md @@ -0,0 +1,8 @@ +Enhancement: pseudo-transactionalize sharing + +Currently, sharing is not transactionalized: setting ACLs and writing the share to the db is completely independent. In the current situation, shares are written to the db before setting the ACL, letting users falsely believe that they successfully shared a resource, even if setting the ACL afterwards fails. his enhancement improves the situation by doing the least reliable (setting ACLs on EOS) first: +a) first pinging the db +b) writing the ACLs +c) writing to the db + +https://github.com/cs3org/reva/pull/5029 \ No newline at end of file diff --git a/changelog/unreleased/quota-logical.md b/changelog/unreleased/quota-logical.md new file mode 100644 index 0000000000..48441a92cb --- /dev/null +++ b/changelog/unreleased/quota-logical.md @@ -0,0 +1,5 @@ +Bugfix: use logicalbytes instead of bytes + +EOS gRPC used `usedbytes` instead of `usedlogicalbytes` for calculating quota, resulting in a wrong view + +https://github.com/cs3org/reva/pull/5084 \ No newline at end of file diff --git a/changelog/unreleased/return-err-list.md b/changelog/unreleased/return-err-list.md new file mode 100644 index 0000000000..674b62433c --- /dev/null +++ b/changelog/unreleased/return-err-list.md @@ -0,0 +1,6 @@ +Bugfix: Return an error when EOS List errors + +If we get an error while reading items, we now return the error to the user and break off the List operation +We do not want to return a partial list, because then a sync client may delete local files that are missing on the server + +https://github.com/cs3org/reva/pull/5044 \ No newline at end of file diff --git a/changelog/unreleased/revisions-impersonate b/changelog/unreleased/revisions-impersonate new file mode 100644 index 0000000000..9c5c6af480 --- /dev/null +++ b/changelog/unreleased/revisions-impersonate @@ -0,0 +1,5 @@ +Bugfix: impersonate owner on Revisions + +The current implementation of Download / Restore Revisions is not consistent with ListRevisions, where we impersonate the owner in projects. We now also impersonate in the case of Download and Restore. + +https://github.com/cs3org/reva/pull/5072 \ No newline at end of file diff --git a/changelog/unreleased/undo-gw-refactoring.md b/changelog/unreleased/undo-gw-refactoring.md new file mode 100644 index 0000000000..5d4bf8c022 --- /dev/null +++ b/changelog/unreleased/undo-gw-refactoring.md @@ -0,0 +1,7 @@ +Bugfix: revert 'make home layout configurable' + +Partial revert of #4911, to be re-added after +more testing and configuration validation. The +eoshome vs eos storage drivers are to be adapted. + +https://github.com/cs3org/reva/pull/4939 diff --git a/docs/content/en/docs/changelog/1.29.0/_index.md b/docs/content/en/docs/changelog/1.29.0/_index.md new file mode 100644 index 0000000000..70408d67dd --- /dev/null +++ b/docs/content/en/docs/changelog/1.29.0/_index.md @@ -0,0 +1,333 @@ + +--- +title: "v1.29.0" +linkTitle: "v1.29.0" +weight: 40 +description: > + Changelog for Reva v1.29.0 (2025-01-07) +--- + +Changelog for reva 1.29.0 (2025-01-07) +======================================= + +The following sections list the changes in reva 1.29.0 relevant to +reva users. The changes are ordered by importance. + +Summary +------- + + * Fix #4898: Make ACL operations work over gRPC + * Fix #4667: Fixed permission mapping to EOS ACLs + * Fix #4520: Do not use version folders for xattrs in EOS + * Fix #4599: Auth: increase verbosity of oidc parsing errors + * Fix #5006: Blocking reva on listSharedWithMe + * Fix #4557: Fix ceph build + * Fix #5017: No empty favs attr + * Fix #4620: Fix ulimits for EOS container deployment + * Fix #5015: Fixed error reporting in the EOS gRPC client + * Fix #4931: Fixed tree metadata following fix in EOS + * Fix #4930: Make removal of favourites work + * Fix #4574: Fix notifications + * Fix #4790: Ocm: fixed domain not having a protocol scheme + * Fix #4849: Drop assumptions about user types when dealing with shares + * Fix #4894: No certs in EOS HTTP client + * Fix #4810: Simplified error handling + * Fix #4973: Handle parsing of favs over gRPC + * Fix #4901: Broken PROPFIND perms on gRPC + * Fix #4907: Public links: return error when owner could not be resolved + * Fix #4591: Eos: fixed error reporting for too large recycle bin listing + * Fix #4896: Fix nilpointer error in RollbackToVersion + * Fix #4905: PurgeDate in ListDeletedEntries was ignored + * Fix #4939: Revert 'make home layout configurable' + * Enh #5028: Handle empty EOS traces + * Enh #4911: Cephfs refactoring + make home layout configurable + * Enh #4937: @labkode steps down as project owner + * Enh #4579: Remove domain-specific code to other repos + * Enh #4824: Refactor Ceph code + * Enh #4797: Refactor CI jobs and bump to latest deps + * Enh #4934: Access to EOS via tokens over gRPC + * Enh #4870: Only load X509 on https + * Enh #5014: Log app when creating EOS gRPC requests + * Enh #4892: Do not read eos user ACLs any longer + * Enh #4720: Differentiate quota for user types in EOS + * Enh #4863: Favourites for eos/grpc + * Enh #5013: Updated dependencies + moved to go 1.22 + * Enh #4514: Pass lock holder metadata on uploads + * Enh #4970: Improved logging on createHome + * Enh #4984: Drop shadow namespaces + * Enh #4670: Ocm: support bearer token access + * Enh #4977: Do not use root on EOS + +Details +------- + + * Bugfix #4898: Make ACL operations work over gRPC + + This change solves two issues: * AddACL would fail, because the current implementation of + AddACL in the EOS gRPC client always sets msg.Recursive = true. This causes issues on the EOS + side, because it will try running a recursive find on a file, which fails. * RemoveACL would + fail, because it tried matching ACL rules with a uid to ACL rules with a username. This PR changes + this approach to use an approach similar to what is used in the binary client: just set the rule + that you want to have deleted with no permissions. + + https://github.com/cs3org/reva/pull/4898 + + * Bugfix #4667: Fixed permission mapping to EOS ACLs + + This is to remove "m" and "q" flags in EOS ACLs for regular write shares (no re-sharing). + + https://github.com/cs3org/reva/pull/4667 + + * Bugfix #4520: Do not use version folders for xattrs in EOS + + This was a workaround needed some time ago. We revert now to the standard behavior, xattrs are + stored on the files. + + https://github.com/cs3org/reva/pull/4520 + + * Bugfix #4599: Auth: increase verbosity of oidc parsing errors + + This is to help further debugging of auth issues. An unrelated error reporting was also fixed. + + https://github.com/cs3org/reva/pull/4599 + + * Bugfix #5006: Blocking reva on listSharedWithMe + + `listSharesWithMe` blocked a reva thread in the case that one of the shares was not resolvable. + This has now been fixed + + https://github.com/cs3org/reva/pull/5006 + + * Bugfix #4557: Fix ceph build + + https://github.com/cs3org/reva/pull/4557 + + * Bugfix #5017: No empty favs attr + + See issue #5016: we now unset the favs attr if no more favs are set + + https://github.com/cs3org/reva/pull/5017 + + * Bugfix #4620: Fix ulimits for EOS container deployment + + https://github.com/cs3org/reva/pull/4620 + + * Bugfix #5015: Fixed error reporting in the EOS gRPC client + + This in particular fixes the lock-related errors + + https://github.com/cs3org/reva/pull/5015 + + * Bugfix #4931: Fixed tree metadata following fix in EOS + + The treecount is now populated from the EOS response. + + https://github.com/cs3org/reva/pull/4931 + + * Bugfix #4930: Make removal of favourites work + + Currently, removing a folder from your favourites is broken, because the handleFavAttr + method is only called in SetAttr, not in UnsetAttr. This change fixes this. + + https://github.com/cs3org/reva/pull/4930 + + * Bugfix #4574: Fix notifications + + https://github.com/cs3org/reva/pull/4574 + + * Bugfix #4790: Ocm: fixed domain not having a protocol scheme + + This PR fixes a bug in the OCM open driver that causes it to be unable to probe OCM services at the + remote server due to the domain having an unsupported protocol scheme. in this case domain + doesn't have a scheme and the changes in this PR add a scheme to the domain before doing the probe. + + https://github.com/cs3org/reva/pull/4790 + + * Bugfix #4849: Drop assumptions about user types when dealing with shares + + We may have external accounts with regular usernames (and with null uid), therefore the + current logic to heuristically infer the user type from a grantee's username is broken. This PR + removes those heuristics and requires the upper level to resolve the user type. + + https://github.com/cs3org/reva/pull/4849 + + * Bugfix #4894: No certs in EOS HTTP client + + Omit HTTPS cert in EOS HTTP Client, as this causes authentication issues on EOS < 5.2.28. When + EOS receives a certificate, it will look for this cert in the gridmap file. If it is not found + there, the whole authn flow is aborted and the user is mapped to nobody. + + https://github.com/cs3org/reva/pull/4894 + + * Bugfix #4810: Simplified error handling + + Minor rewording and simplification, following cs3org/OCM-API#90 and cs3org/OCM-API#91 + + https://github.com/cs3org/reva/pull/4810 + + * Bugfix #4973: Handle parsing of favs over gRPC + + To store user favorites, the key `user.http://owncloud.org/ns/favorite` maps to a list of + users, in the format `u:username=1`. Right now, extracting the "correct" user doesn't happen + in gRPC, while it is implemented in the EOS binary client. This feature has now been moved to the + higher-level call in eosfs. + + https://github.com/cs3org/reva/pull/4973 + + * Bugfix #4901: Broken PROPFIND perms on gRPC + + When using the EOS gRPC stack, the permissions returned by PROPFIND on a folder in a project were + erroneous because ACL permissions were being ignored. This stems from a bug in + grpcMDResponseToFileInfo, where the SysACL attribute of the FileInfo struct was not being + populated. + + https://github.com/cs3org/reva/pull/4901 + see: + + * Bugfix #4907: Public links: return error when owner could not be resolved + + https://github.com/cs3org/reva/pull/4907 + + * Bugfix #4591: Eos: fixed error reporting for too large recycle bin listing + + EOS returns E2BIG, which internally gets converted to PermissionDenied and has to be properly + handled in this case. + + https://github.com/cs3org/reva/pull/4591 + + * Bugfix #4896: Fix nilpointer error in RollbackToVersion + + https://github.com/cs3org/reva/pull/4896 + + * Bugfix #4905: PurgeDate in ListDeletedEntries was ignored + + The date range that can be passed to ListDeletedEntries was not taken into account due to a bug in + reva: the Purgedate argument was set, which only works for PURGE requests, and not for LIST + requests. Instead, the Listflag argument must be used. Additionally, there was a bug in the + loop that is used to iterate over all days in the date range. + + https://github.com/cs3org/reva/pull/4905 + + * Bugfix #4939: Revert 'make home layout configurable' + + Partial revert of #4911, to be re-added after more testing and configuration validation. The + eoshome vs eos storage drivers are to be adapted. + + https://github.com/cs3org/reva/pull/4939 + + * Enhancement #5028: Handle empty EOS traces + + https://github.com/cs3org/reva/pull/5028 + + * Enhancement #4911: Cephfs refactoring + make home layout configurable + + https://github.com/cs3org/reva/pull/4911 + + * Enhancement #4937: @labkode steps down as project owner + + Hugo (@labkode) steps down as project owner of Reva. + + https://github.com/cs3org/reva/pull/4937 + + * Enhancement #4579: Remove domain-specific code to other repos + + https://github.com/cs3org/reva/pull/4579 + + * Enhancement #4824: Refactor Ceph code + + https://github.com/cs3org/reva/pull/4824 + + * Enhancement #4797: Refactor CI jobs and bump to latest deps + + https://github.com/cs3org/reva/pull/4797 + + * Enhancement #4934: Access to EOS via tokens over gRPC + + As a guest account, accessing a file shared with you relies on a token that is generated on behalf + of the resource owner. This method, GenerateToken, has now been implemented in the EOS gRPC + client. Additionally, the HTTP client now takes tokens into account. + + https://github.com/cs3org/reva/pull/4934 + + * Enhancement #4870: Only load X509 on https + + Currently, the EOS HTTP Client always tries to read an X509 key pair from the file system (by + default, from /etc/grid-security/host{key,cert}.pem). This makes it harder to write unit + tests, as these fail when this key pair is not on the file system (which is the case for the test + pipeline as well). + + This PR introduces a fix for this problem, by only loading the X509 key pair if the scheme of the + EOS endpoint is https. Unit tests can then create a mock HTTP endpoint, which will not trigger + the loading of the key pair. + + https://github.com/cs3org/reva/pull/4870 + + * Enhancement #5014: Log app when creating EOS gRPC requests + + https://github.com/cs3org/reva/pull/5014 + + * Enhancement #4892: Do not read eos user ACLs any longer + + This PR drops the compatibility code to read eos user ACLs in the eos binary client, and aligns it + to the GRPC client. + + https://github.com/cs3org/reva/pull/4892 + + * Enhancement #4720: Differentiate quota for user types in EOS + + We now assign a different initial quota to users depending on their type, whether PRIMARY or + not. + + https://github.com/cs3org/reva/pull/4720 + + * Enhancement #4863: Favourites for eos/grpc + + https://github.com/cs3org/reva/pull/4863 + + * Enhancement #5013: Updated dependencies + moved to go 1.22 + + https://github.com/cs3org/reva/pull/5013 + + * Enhancement #4514: Pass lock holder metadata on uploads + + We now pass relevant metadata (lock id and lock holder) downstream on uploads, and handle the + case of conflicts due to lock mismatch. + + https://github.com/cs3org/reva/pull/4514 + + * Enhancement #4970: Improved logging on createHome + + https://github.com/cs3org/reva/pull/4970 + + * Enhancement #4984: Drop shadow namespaces + + This comes as part of the effort to operate EOS without being root, see + https://github.com/cs3org/reva/pull/4977 + + In this PR the post-home creation hook (and corresponding flag) is replaced by a + create_home_hook, and the following configuration parameters are suppressed: + + Shadow_namespace share_folder default_quota_bytes default_secondary_quota_bytes + default_quota_files uploads_namespace (unused) + + https://github.com/cs3org/reva/pull/4984 + + * Enhancement #4670: Ocm: support bearer token access + + This PR adds support for accessing remote OCM 1.1 shares via bearer token, as opposed to having + the shared secret in the URL only. In addition, the OCM client package is now part of the OCMD + server package, and the Discover methods have been all consolidated in one place. + + https://github.com/cs3org/reva/pull/4670 + + * Enhancement #4977: Do not use root on EOS + + Currently, the EOS drivers use root authentication for many different operations. This has + now been changed to use one of the following: * cbox, which is a sudo'er * daemon, for read-only + operations * the user himselft + + Note that home creation is excluded here as this will be tackled in a different PR. + + https://github.com/cs3org/reva/pull/4977/ + + diff --git a/docs/content/en/docs/config/grpc/services/ocmshareprovider/_index.md b/docs/content/en/docs/config/grpc/services/ocmshareprovider/_index.md index f68b1ea656..cc34aa2dbe 100644 --- a/docs/content/en/docs/config/grpc/services/ocmshareprovider/_index.md +++ b/docs/content/en/docs/config/grpc/services/ocmshareprovider/_index.md @@ -9,7 +9,7 @@ description: > # _struct: config_ {{% dir name="provider_domain" type="string" default="The same domain registered in the provider authorizer" %}} - [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/ocmshareprovider/ocmshareprovider.go#L71) + [[Ref]](https://github.com/cs3org/reva/tree/master/internal/grpc/services/ocmshareprovider/ocmshareprovider.go#L73) {{< highlight toml >}} [grpc.services.ocmshareprovider] provider_domain = "The same domain registered in the provider authorizer" diff --git a/docs/content/en/docs/config/http/services/wellknown/_index.md b/docs/content/en/docs/config/http/services/wellknown/_index.md index c16233de74..0413a3d6b8 100644 --- a/docs/content/en/docs/config/http/services/wellknown/_index.md +++ b/docs/content/en/docs/config/http/services/wellknown/_index.md @@ -6,15 +6,61 @@ description: > Configuration for the HelloWorld service --- -{{% pageinfo %}} -TODO -{{% /pageinfo %}} +# _struct: OcmProviderConfig_ -{{% dir name="prefix" type="string" default=".well-known" %}} -Where the HTTP service is exposed. +{{% dir name="ocm_prefix" type="string" default="ocm" %}} +The prefix URL where the OCM API is served. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L33) {{< highlight toml >}} [http.services.wellknown] -prefix = "/" +ocm_prefix = "ocm" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="endpoint" type="string" default="This host's full URL. If it's not configured, it is assumed OCM is not available." %}} + [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L34) +{{< highlight toml >}} +[http.services.wellknown] +endpoint = "This host's full URL. If it's not configured, it is assumed OCM is not available." +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="provider" type="string" default="reva" %}} +A friendly name that defines this service. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L35) +{{< highlight toml >}} +[http.services.wellknown] +provider = "reva" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="webdav_root" type="string" default="/remote.php/dav/ocm" %}} +The root URL of the WebDAV endpoint to serve OCM shares. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L36) +{{< highlight toml >}} +[http.services.wellknown] +webdav_root = "/remote.php/dav/ocm" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="webapp_root" type="string" default="/external/sciencemesh" %}} +The root URL to serve Web apps via OCM. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L37) +{{< highlight toml >}} +[http.services.wellknown] +webapp_root = "/external/sciencemesh" +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="enable_webapp" type="bool" default=false %}} +Whether web apps are enabled in OCM shares. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L38) +{{< highlight toml >}} +[http.services.wellknown] +enable_webapp = false +{{< /highlight >}} +{{% /dir %}} + +{{% dir name="enable_datatx" type="bool" default=false %}} +Whether data transfers are enabled in OCM shares. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/http/services/wellknown/ocm.go#L39) +{{< highlight toml >}} +[http.services.wellknown] +enable_datatx = false {{< /highlight >}} {{% /dir %}} diff --git a/go.mod b/go.mod index db99a9ba18..44a3b5da37 100644 --- a/go.mod +++ b/go.mod @@ -7,10 +7,10 @@ require ( github.com/beevik/etree v1.4.1 github.com/bluele/gcache v0.0.2 github.com/c-bata/go-prompt v0.2.6 - github.com/ceph/go-ceph v0.30.0 + github.com/ceph/go-ceph v0.32.0 github.com/cern-eos/go-eosgrpc v0.0.0-20240909164147-ad693be93181 github.com/cheggaaa/pb v1.0.29 - github.com/coreos/go-oidc/v3 v3.11.0 + github.com/coreos/go-oidc/v3 v3.12.0 github.com/creasty/defaults v1.8.0 github.com/cs3org/cato v0.0.0-20200828125504-e418fc54dd5e github.com/cs3org/go-cs3apis v0.0.0-20241105092511-3ad35d174fc1 @@ -19,10 +19,10 @@ require ( github.com/gdexlab/go-render v1.0.1 github.com/glpatcern/go-mime v0.0.0-20221026162842-2a8d71ad17a9 github.com/go-chi/chi/v5 v5.2.0 - github.com/go-ldap/ldap/v3 v3.4.9 + github.com/go-ldap/ldap/v3 v3.4.10 github.com/go-playground/locales v0.14.1 github.com/go-playground/universal-translator v0.18.1 - github.com/go-playground/validator/v10 v10.23.0 + github.com/go-playground/validator/v10 v10.25.0 github.com/go-sql-driver/mysql v1.8.1 github.com/gofrs/uuid v4.4.0+incompatible github.com/golang-jwt/jwt v3.2.2+incompatible @@ -38,29 +38,29 @@ require ( github.com/maxymania/go-system v0.0.0-20170110133659-647cc364bf0b github.com/mileusna/useragent v1.3.5 github.com/mitchellh/mapstructure v1.5.0 - github.com/nats-io/nats.go v1.37.0 + github.com/nats-io/nats.go v1.39.0 github.com/onsi/ginkgo v1.16.5 - github.com/onsi/gomega v1.30.0 + github.com/onsi/gomega v1.36.2 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.20.5 github.com/rs/cors v1.11.1 github.com/rs/zerolog v1.33.0 github.com/sethvargo/go-password v0.3.1 github.com/stretchr/testify v1.10.0 - github.com/studio-b12/gowebdav v0.9.0 + github.com/studio-b12/gowebdav v0.10.0 github.com/thanhpk/randstr v1.0.6 github.com/tus/tusd v1.13.0 github.com/wk8/go-ordered-map v1.0.0 go.opencensus.io v0.24.0 - go.step.sm/crypto v0.55.0 - golang.org/x/crypto v0.31.0 - golang.org/x/oauth2 v0.24.0 + go.step.sm/crypto v0.57.0 + golang.org/x/crypto v0.32.0 + golang.org/x/oauth2 v0.26.0 golang.org/x/sync v0.10.0 - golang.org/x/sys v0.28.0 - golang.org/x/term v0.27.0 + golang.org/x/sys v0.29.0 + golang.org/x/term v0.28.0 google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 - google.golang.org/grpc v1.69.0 - google.golang.org/protobuf v1.35.2 + google.golang.org/grpc v1.69.4 + google.golang.org/protobuf v1.36.4 gotest.tools v2.2.0+incompatible ) @@ -79,7 +79,7 @@ require ( github.com/dustin/go-humanize v1.0.1 // indirect github.com/fatih/color v1.16.0 // indirect github.com/fsnotify/fsnotify v1.4.9 // indirect - github.com/gabriel-vasile/mimetype v1.4.7 // indirect + github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-kit/kit v0.10.0 // indirect @@ -121,11 +121,11 @@ require ( go.mongodb.org/mongo-driver v1.17.1 // indirect go.opentelemetry.io/otel v1.31.0 // indirect go.opentelemetry.io/otel/trace v1.31.0 // indirect - golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.34.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.22.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + golang.org/x/tools v0.28.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect gopkg.in/src-d/go-errors.v1 v1.0.0 // indirect gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index e4ace02069..b377322827 100644 --- a/go.sum +++ b/go.sum @@ -844,8 +844,8 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/ceph/go-ceph v0.30.0 h1:p/+rNnn9dUByrDhXfBFilVriRZKJghMJcts8N2wQ+ws= -github.com/ceph/go-ceph v0.30.0/go.mod h1:OJFju/Xmtb7ihHo/aXOayw6RhVOUGNke5EwTipwaf6A= +github.com/ceph/go-ceph v0.32.0 h1:iXRUGdPmH7h9Vf/WA1Dg3Wo1tgL7gcUbylfpbxrlGLs= +github.com/ceph/go-ceph v0.32.0/go.mod h1:42eoJzyLS3VREzqrg2ot44NtuluQZi55hFRSoLF36GQ= github.com/cern-eos/go-eosgrpc v0.0.0-20240909164147-ad693be93181 h1:2ZK/g0kTWuO98hM8uCuGnFwtljWhjI3k6nTQJLYj8vE= github.com/cern-eos/go-eosgrpc v0.0.0-20240909164147-ad693be93181/go.mod h1:ZiIzbg4sDO2MwYlspcnauUR2dfwZHUzxker+HP9k+20= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -878,8 +878,8 @@ github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWH github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= -github.com/coreos/go-oidc/v3 v3.11.0 h1:Ia3MxdwpSw702YW0xgfmP1GVCMA9aEFWu12XUZ3/OtI= -github.com/coreos/go-oidc/v3 v3.11.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= +github.com/coreos/go-oidc/v3 v3.12.0 h1:sJk+8G2qq94rDI6ehZ71Bol3oUHy63qNYmkiSjrc/Jo= +github.com/coreos/go-oidc/v3 v3.12.0/go.mod h1:gE3LgjOgFoHi9a4ce4/tJczr0Ai2/BoDhf0r5lltWI0= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= @@ -946,8 +946,8 @@ github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= -github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/gdexlab/go-render v1.0.1 h1:rxqB3vo5s4n1kF0ySmoNeSPRYkEsyHgln4jFIQY7v0U= github.com/gdexlab/go-render v1.0.1/go.mod h1:wRi5nW2qfjiGj4mPukH4UV0IknS1cHD4VgFTmJX5JzM= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -976,8 +976,8 @@ github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBj github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= -github.com/go-ldap/ldap/v3 v3.4.9 h1:KxX9eO44/MpqPXVVMPJDB+k/35GEePHE/Jfvl7oRMUo= -github.com/go-ldap/ldap/v3 v3.4.9/go.mod h1:+CE/4PPOOdEPGTi2B7qXKQOq+pNBvXZtlBNcVZY0AWI= +github.com/go-ldap/ldap/v3 v3.4.10 h1:ot/iwPOhfpNVgB1o+AVXljizWZ9JTp7YF5oeyONmcJU= +github.com/go-ldap/ldap/v3 v3.4.10/go.mod h1:JXh4Uxgi40P6E9rdsYqpUtbW46D9UTjJ9QSwGRznplY= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= @@ -998,17 +998,18 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= -github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.25.0 h1:5Dh7cjvzR7BRZadnsVOzPhWsrwUr0nmsZJxEAnFLNO8= +github.com/go-playground/validator/v10 v10.25.0/go.mod h1:GGzBIJMuE98Ic/kJsBXbz1x/7cByt++cQ+YOuDM5wus= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gocraft/dbr/v2 v2.7.2 h1:ccUxMuz6RdZvD7VPhMRRMSS/ECF3gytPhPtcavjktHk= github.com/gocraft/dbr/v2 v2.7.2/go.mod h1:5bCqyIXO5fYn3jEp/L06QF4K1siFdhxChMjdNu6YJrg= @@ -1113,8 +1114,9 @@ github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= @@ -1355,8 +1357,8 @@ github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5Vgl github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k= github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w= -github.com/nats-io/nats.go v1.37.0 h1:07rauXbVnnJvv1gfIyghFEo6lUcYRY0WXc3x7x0vUxE= -github.com/nats-io/nats.go v1.37.0/go.mod h1:Ubdu4Nh9exXdSz0RVWRFBbRfrbSxOYd26oF0wkWclB8= +github.com/nats-io/nats.go v1.39.0 h1:2/yg2JQjiYYKLwDuBzV0FbB2sIV+eFNkEevlRi4n9lI= +github.com/nats-io/nats.go v1.39.0/go.mod h1:MgRb8oOdigA6cYpEPhXJuRVH6UE/V4jblJ2jQ27IXYM= github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.4.9 h1:qe9Faq2Gxwi6RZnZMXfmGMZkg3afLLOtrU+gDZJ35b0= @@ -1379,14 +1381,14 @@ github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.13.0 h1:0jY9lJquiL8fcf3M4LAXN5aMlS/b2BV86HFFPCPMgE4= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= @@ -1532,8 +1534,8 @@ github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/studio-b12/gowebdav v0.9.0 h1:1j1sc9gQnNxbXXM4M/CebPOX4aXYtr7MojAVcN4dHjU= -github.com/studio-b12/gowebdav v0.9.0/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE= +github.com/studio-b12/gowebdav v0.10.0 h1:Yewz8FFiadcGEu4hxS/AAJQlHelndqln1bns3hcJIYc= +github.com/studio-b12/gowebdav v0.10.0/go.mod h1:bHA7t77X/QFExdeAnDzK6vKM34kEZAcE1OX4MfiwjkE= github.com/thanhpk/randstr v1.0.6 h1:psAOktJFD4vV9NEVb3qkhRSMvYh4ORRaj1+w/hn4B+o= github.com/thanhpk/randstr v1.0.6/go.mod h1:M/H2P1eNLZzlDwAzpkkkUvoyNNMbzRGhESZuEQk3r0U= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -1583,8 +1585,8 @@ go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06F go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= -go.step.sm/crypto v0.55.0 h1:575Q7NahuM/ZRxUVN1GkO2e1aDYQJqIIg+nbfOajQJk= -go.step.sm/crypto v0.55.0/go.mod h1:MgEmD1lgwsuzZwTgI0GwKapHjKVEQLVggSvHuf3bYnU= +go.step.sm/crypto v0.57.0 h1:YjoRQDaJYAxHLVwjst0Bl0xcnoKzVwuHCJtEo2VSHYU= +go.step.sm/crypto v0.57.0/go.mod h1:+Lwp5gOVPaTa3H/Ul/TzGbxQPXZZcKIUGMS0lG6n9Go= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -1622,9 +1624,9 @@ golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98y golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= +golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1687,8 +1689,8 @@ golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1766,8 +1768,9 @@ golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= +golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1800,8 +1803,8 @@ golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.26.0 h1:afQXWNNaeC4nvZ0Ed9XvCCzXM6UHJG7iCg0W4fPqSBE= +golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1938,8 +1941,9 @@ golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1957,8 +1961,9 @@ golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2065,8 +2070,8 @@ golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2321,8 +2326,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230706204954-ccb25ca9f130/go. google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/genproto/googleapis/rpc v0.0.0-20230731190214-cbb8c96f2d6d/go.mod h1:TUfxEVdsvPg18p6AslUXFoLdpED4oBnGwyqk3dV1XzM= google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM= @@ -2373,8 +2378,8 @@ google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGO google.golang.org/grpc v1.56.1/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.56.2/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.69.4 h1:MF5TftSMkd8GLw/m0KM6V8CMOCY6NZ1NQDPGFgbTt4A= +google.golang.org/grpc v1.69.4/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -2394,8 +2399,8 @@ google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM= +google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/Acconut/lockfile.v1 v1.1.0/go.mod h1:6UCz3wJ8tSFUsPR6uP/j8uegEtDuEEqFxlpi0JI4Umw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/grpc/services/gateway/usershareprovider.go b/internal/grpc/services/gateway/usershareprovider.go index 74e612b0c9..126a65060f 100644 --- a/internal/grpc/services/gateway/usershareprovider.go +++ b/internal/grpc/services/gateway/usershareprovider.go @@ -22,6 +22,7 @@ import ( "context" "fmt" "path" + "strings" userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" rpc "github.com/cs3org/go-cs3apis/cs3/rpc/v1beta1" @@ -37,34 +38,42 @@ import ( "github.com/pkg/errors" ) -// TODO(labkode): add multi-phase commit logic when commit share or commit ref is enabled. func (s *svc) CreateShare(ctx context.Context, req *collaboration.CreateShareRequest) (*collaboration.CreateShareResponse, error) { if s.isSharedFolder(ctx, req.ResourceInfo.GetPath()) { return nil, errtypes.AlreadyExists("gateway: can't share the share folder itself") } - c, err := pool.GetUserShareProviderClient(pool.Endpoint(s.c.UserShareProviderEndpoint)) + log := appctx.GetLogger(ctx) + + shareClient, err := pool.GetUserShareProviderClient(pool.Endpoint(s.c.UserShareProviderEndpoint)) if err != nil { return &collaboration.CreateShareResponse{ Status: status.NewInternal(ctx, err, "error getting user share provider client"), }, nil } - // TODO the user share manager needs to be able to decide if the current user is allowed to create that share (and not eg. incerase permissions) - // jfd: AFAICT this can only be determined by a storage driver - either the storage provider is queried first or the share manager needs to access the storage using a storage driver - res, err := c.CreateShare(ctx, req) - if err != nil { - return nil, errors.Wrap(err, "gateway: error calling CreateShare") - } - if res.Status.Code != rpc.Code_CODE_OK { - return res, nil - } + // First we ping the db + // -------------------- + // See ADR-REVA-003 + _, err = shareClient.GetShare(ctx, &collaboration.GetShareRequest{ + Ref: &collaboration.ShareReference{ + Spec: &collaboration.ShareReference_Id{ + Id: &collaboration.ShareId{ + OpaqueId: "0", + }, + }, + }, + }) - // if we don't need to commit we return earlier - if !s.c.CommitShareToStorageGrant && !s.c.CommitShareToStorageRef { - return res, nil + // We expect a "not found" error when querying ID 0 + // error checking is kind of ugly, because we lose the original error object over grpc + if !strings.HasSuffix(err.Error(), errtypes.NotFound("0").Error()) { + return nil, errtypes.InternalError("ShareManager is not online") } + // Then we set ACLs on the storage layer + // ------------------------------------- + // TODO(labkode): if both commits are enabled they could be done concurrently. if s.c.CommitShareToStorageGrant { // If the share is a denial we call denyGrant instead. @@ -76,20 +85,32 @@ func (s *svc) CreateShare(ctx context.Context, req *collaboration.CreateShareReq if denyGrantStatus.Code != rpc.Code_CODE_OK { return &collaboration.CreateShareResponse{ Status: denyGrantStatus, - }, err + }, nil + } + } else { + addGrantStatus, err := s.addGrant(ctx, req.ResourceInfo.Id, req.Grant.Grantee, req.Grant.Permissions.Permissions) + if err != nil { + log.Error().Err(err).Str("ResourceInfo", req.ResourceInfo.String()).Str("Grantee", req.Grant.Grantee.String()).Str("Message", addGrantStatus.Message).Msg("Failed to Create Share: error during addGrant") + return nil, errors.Wrap(err, "gateway: error adding grant to storage") + } + if addGrantStatus.Code != rpc.Code_CODE_OK { + return &collaboration.CreateShareResponse{ + Status: addGrantStatus, + }, nil } - return res, nil } + } - addGrantStatus, err := s.addGrant(ctx, req.ResourceInfo.Id, req.Grant.Grantee, req.Grant.Permissions.Permissions) - if err != nil { - return nil, errors.Wrap(err, "gateway: error adding grant to storage") - } - if addGrantStatus.Code != rpc.Code_CODE_OK { - return &collaboration.CreateShareResponse{ - Status: addGrantStatus, - }, err - } + // Then we commit to the db + // ------------------------ + res, err := shareClient.CreateShare(ctx, req) + + if err != nil { + log.Error().Str("ResourceInfo", req.ResourceInfo.String()).Str("Grantee", req.Grant.Grantee.String()).Msg("Failed to Create Share but ACLs are already set") + return nil, errors.Wrap(err, "gateway: error calling CreateShare") + } + if res.Status.Code != rpc.Code_CODE_OK { + return nil, errors.New("ShareClient returned error: " + res.Status.Code.String() + ": " + res.Status.Message) } return res, nil diff --git a/internal/grpc/services/usershareprovider/usershareprovider.go b/internal/grpc/services/usershareprovider/usershareprovider.go index 6df38cb029..1bd566c289 100644 --- a/internal/grpc/services/usershareprovider/usershareprovider.go +++ b/internal/grpc/services/usershareprovider/usershareprovider.go @@ -172,7 +172,7 @@ func (s *service) GetShare(ctx context.Context, req *collaboration.GetShareReque if err != nil { return &collaboration.GetShareResponse{ Status: status.NewInternal(ctx, err, "error getting share"), - }, nil + }, err } return &collaboration.GetShareResponse{ diff --git a/internal/http/services/appprovider/appprovider.go b/internal/http/services/appprovider/appprovider.go index 9d1483b7a4..a2b8ce4552 100644 --- a/internal/http/services/appprovider/appprovider.go +++ b/internal/http/services/appprovider/appprovider.go @@ -435,7 +435,7 @@ func (s *svc) handleOpen(w http.ResponseWriter, r *http.Request) { } log := appctx.GetLogger(ctx) - log.Info().Interface("resource", fileRef).Str("url", openRes.AppUrl.AppUrl).Str("method", openRes.AppUrl.Method).Interface("target", openRes.AppUrl.Target).Msg("returning app URL for file") + log.Info().Interface("resource", fileRef).Str("url", openRes.AppUrl.AppUrl).Str("method", openRes.AppUrl.Method).Interface("viewMode", viewMode).Msg("returning app URL for file") w.Header().Set("Content-Type", "application/json") if _, err = w.Write(js); err != nil { diff --git a/pkg/eosclient/eosbinary/eosbinary.go b/pkg/eosclient/eosbinary/eosbinary.go index 1541735246..cc1b84a0a1 100644 --- a/pkg/eosclient/eosbinary/eosbinary.go +++ b/pkg/eosclient/eosbinary/eosbinary.go @@ -247,7 +247,10 @@ func (c *Client) executeEOS(ctx context.Context, cmdArgs []string, auth eosclien cmd.Args = append(cmd.Args, cmdArgs...) - cmd.Args = append(cmd.Args, "--comment", trace.Get(ctx)) + t := trace.Get(ctx) + if t != "" { + cmd.Args = append(cmd.Args, "--comment", t) + } err := cmd.Run() @@ -1070,10 +1073,10 @@ func (c *Client) parseQuota(path, raw string) (*eosclient.QuotaInfo, error) { usedInodes, _ := strconv.ParseUint(usedInodesString, 10, 64) qi := &eosclient.QuotaInfo{ - AvailableBytes: maxBytes, - UsedBytes: usedBytes, - AvailableInodes: maxInodes, - UsedInodes: usedInodes, + TotalBytes: maxBytes, + UsedBytes: usedBytes, + TotalInodes: maxInodes, + UsedInodes: usedInodes, } return qi, nil } diff --git a/pkg/eosclient/eosclient.go b/pkg/eosclient/eosclient.go index bbbf31a428..c3e436a535 100644 --- a/pkg/eosclient/eosclient.go +++ b/pkg/eosclient/eosclient.go @@ -110,11 +110,11 @@ type Checksum struct { XSType string } -// QuotaInfo reports the available bytes and inodes for a particular user. +// QuotaInfo reports the total and used bytes and inodes for a particular user. // eos reports all quota values are unsigned long, see https://github.com/cern-eos/eos/blob/93515df8c0d5a858982853d960bec98f983c1285/mgm/Quota.hh#L135 type QuotaInfo struct { - AvailableBytes, UsedBytes uint64 - AvailableInodes, UsedInodes uint64 + TotalBytes, UsedBytes uint64 + TotalInodes, UsedInodes uint64 } // SetQuotaInfo encapsulates the information needed to diff --git a/pkg/eosclient/eosgrpc/eosgrpc.go b/pkg/eosclient/eosgrpc/eosgrpc.go index 49f82dd718..a03765e707 100644 --- a/pkg/eosclient/eosgrpc/eosgrpc.go +++ b/pkg/eosclient/eosgrpc/eosgrpc.go @@ -852,18 +852,10 @@ func (c *Client) GetQuota(ctx context.Context, username string, rootAuth eosclie for i := 0; i < len(resp.Quota.Quotanode); i++ { log.Debug().Str("func", "GetQuota").Str("quotanode:", fmt.Sprintf("%d: %#v", i, resp.Quota.Quotanode[i])).Msg("") - mx := int64(resp.Quota.Quotanode[i].Maxlogicalbytes) - int64(resp.Quota.Quotanode[i].Usedbytes) - if mx < 0 { - mx = 0 - } - qi.AvailableBytes += uint64(mx) - qi.UsedBytes += resp.Quota.Quotanode[i].Usedbytes + qi.TotalBytes += max(uint64(resp.Quota.Quotanode[i].Maxlogicalbytes), 0) + qi.UsedBytes += resp.Quota.Quotanode[i].Usedlogicalbytes - mx = int64(resp.Quota.Quotanode[i].Maxfiles) - int64(resp.Quota.Quotanode[i].Usedfiles) - if mx < 0 { - mx = 0 - } - qi.AvailableInodes += uint64(mx) + qi.TotalInodes += max(uint64(resp.Quota.Quotanode[i].Maxfiles), 0) qi.UsedInodes += resp.Quota.Quotanode[i].Usedfiles } @@ -1229,13 +1221,17 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s fdrq.Role = new(erpc.RoleId) uid, gid, err := utils.ExtractUidGid(auth) - if err != nil { - return nil, errors.Wrap(err, "Failed to extract uid/gid from auth") - } - fdrq.Role.Uid = uid - fdrq.Role.Gid = gid + if err == nil { + fdrq.Role.Uid = uid + fdrq.Role.Gid = gid - fdrq.Authkey = c.opt.Authkey + fdrq.Authkey = c.opt.Authkey + } else { + if auth.Token == "" { + return nil, errors.Wrap(err, "Failed to extract uid/gid from auth") + } + fdrq.Authkey = auth.Token + } // Now send the req and see what happens resp, err := c.cl.Find(appctx.ContextGetClean(ctx), fdrq) @@ -1259,12 +1255,12 @@ func (c *Client) List(ctx context.Context, auth eosclient.Authorization, dpath s break } - // We got an error while reading items. We log this as an error and we return - // the items we have + // We got an error while reading items. We return the error to the user and break off the List operation + // We do not want to return a partial list, because then a sync client may delete local files that are missing on the server log.Error().Err(err).Str("func", "List").Int("nitems", i).Str("path", dpath).Str("got err from EOS", err.Error()).Msg("") if i > 0 { log.Error().Str("path", dpath).Int("nitems", i).Msg("No more items, dirty exit") - return mylst, nil + return nil, errors.Wrap(err, "Error listing files") } } @@ -1580,8 +1576,7 @@ func (c *Client) ListVersions(ctx context.Context, auth eosclient.Authorization, versionFolder := getVersionFolder(p) finfos, err := c.List(ctx, auth, versionFolder) if err != nil { - // we send back an empty list - return []*eosclient.FileInfo{}, nil + return []*eosclient.FileInfo{}, err } return finfos, nil } diff --git a/pkg/storage/fs/cephfs/errors.go b/pkg/storage/fs/cephfs/errors.go index 8182635bea..abc8079941 100644 --- a/pkg/storage/fs/cephfs/errors.go +++ b/pkg/storage/fs/cephfs/errors.go @@ -28,8 +28,8 @@ package cephfs */ import "C" import ( - "fmt" "context" + "fmt" "github.com/cs3org/reva/pkg/appctx" "github.com/cs3org/reva/pkg/errtypes" ) diff --git a/pkg/storage/utils/eosfs/config.go b/pkg/storage/utils/eosfs/config.go index 86b54c7496..173349787e 100644 --- a/pkg/storage/utils/eosfs/config.go +++ b/pkg/storage/utils/eosfs/config.go @@ -126,10 +126,6 @@ type Config struct { // Only considered when EnableHome is false. AllowPathRecycleOperations bool `mapstructure:"allow_path_recycle_operations"` - // Whether we should impersonate the owner of a resource when trying to perform - // revisions-related operations. - ImpersonateOwnerforRevisions bool `mapstructure:"impersonate_owner_for_revisions"` - // HTTP connections to EOS: max number of idle conns MaxIdleConns int `mapstructure:"max_idle_conns"` diff --git a/pkg/storage/utils/eosfs/eosfs.go b/pkg/storage/utils/eosfs/eosfs.go index 8267b671b7..5f56b96109 100644 --- a/pkg/storage/utils/eosfs/eosfs.go +++ b/pkg/storage/utils/eosfs/eosfs.go @@ -1202,7 +1202,7 @@ func (fs *eosfs) CreateStorageSpace(ctx context.Context, req *provider.CreateSto return nil, fmt.Errorf("unimplemented: CreateStorageSpace") } -func (fs *eosfs) GetQuota(ctx context.Context, ref *provider.Reference) (uint64, uint64, error) { +func (fs *eosfs) GetQuota(ctx context.Context, ref *provider.Reference) (totalbytes, usedbytes uint64, err error) { u, err := utils.GetUser(ctx) if err != nil { return 0, 0, errors.Wrap(err, "eosfs: no user in ctx") @@ -1221,7 +1221,7 @@ func (fs *eosfs) GetQuota(ctx context.Context, ref *provider.Reference) (uint64, return 0, 0, err } - return qi.AvailableBytes, qi.UsedBytes, nil + return qi.TotalBytes, qi.UsedBytes, nil } func (fs *eosfs) GetHome(ctx context.Context) (string, error) { @@ -1285,66 +1285,6 @@ func (fs *eosfs) CreateHome(ctx context.Context) error { return nil } -func (fs *eosfs) createUserDir(ctx context.Context, u *userpb.User, path string, recursiveAttr bool) error { - rootAuth, err := fs.getRootAuth(ctx) - if err != nil { - return nil - } - - chownAuth, err := fs.getUserAuth(ctx, u, "") - if err != nil { - return err - } - - err = fs.c.CreateDir(ctx, rootAuth, path) - if err != nil { - // EOS will return success on mkdir over an existing directory. - return errors.Wrap(err, "eosfs: error creating dir") - } - - err = fs.c.Chown(ctx, rootAuth, chownAuth, path) - if err != nil { - return errors.Wrap(err, "eosfs: error chowning directory") - } - - err = fs.c.Chmod(ctx, rootAuth, "2700", path) - if err != nil { - return errors.Wrap(err, "eosfs: error chmoding directory") - } - - attrs := []*eosclient.Attribute{ - { - Type: SystemAttr, - Key: "mask", - Val: "700", - }, - { - Type: SystemAttr, - Key: "allow.oc.sync", - Val: "1", - }, - { - Type: SystemAttr, - Key: "mtime.propagation", - Val: "1", - }, - { - Type: SystemAttr, - Key: "forced.atomic", - Val: "1", - }, - } - - for _, attr := range attrs { - err = fs.c.SetAttr(ctx, rootAuth, attr, false, recursiveAttr, path, "") - if err != nil { - return errors.Wrap(err, "eosfs: error setting attribute") - } - } - - return nil -} - func (fs *eosfs) CreateDir(ctx context.Context, ref *provider.Reference) error { log := appctx.GetLogger(ctx) @@ -1478,8 +1418,7 @@ func (fs *eosfs) ListRevisions(ctx context.Context, ref *provider.Reference) ([] var auth eosclient.Authorization var fn string var err error - - if !fs.conf.EnableHome && fs.conf.ImpersonateOwnerforRevisions { + if !fs.conf.EnableHome { // We need to access the revisions for a non-home reference. // We'll get the owner of the particular resource and impersonate them // if we have access to it. @@ -1490,7 +1429,8 @@ func (fs *eosfs) ListRevisions(ctx context.Context, ref *provider.Reference) ([] fn = fs.wrap(ctx, md.Path) if md.PermissionSet.ListFileVersions { - auth, err = fs.getUIDGateway(ctx, md.Owner) + user := appctx.ContextMustGetUser(ctx) + auth, err = fs.getEOSToken(ctx, user, fn) if err != nil { return nil, err } @@ -1524,7 +1464,7 @@ func (fs *eosfs) DownloadRevision(ctx context.Context, ref *provider.Reference, var fn string var err error - if !fs.conf.EnableHome && fs.conf.ImpersonateOwnerforRevisions { + if !fs.conf.EnableHome { // We need to access the revisions for a non-home reference. // We'll get the owner of the particular resource and impersonate them // if we have access to it. @@ -1535,7 +1475,8 @@ func (fs *eosfs) DownloadRevision(ctx context.Context, ref *provider.Reference, fn = fs.wrap(ctx, md.Path) if md.PermissionSet.InitiateFileDownload { - auth, err = fs.getUIDGateway(ctx, md.Owner) + user := appctx.ContextMustGetUser(ctx) + auth, err = fs.getEOSToken(ctx, user, fn) if err != nil { return nil, err } @@ -1557,7 +1498,7 @@ func (fs *eosfs) RestoreRevision(ctx context.Context, ref *provider.Reference, r var fn string var err error - if !fs.conf.EnableHome && fs.conf.ImpersonateOwnerforRevisions { + if !fs.conf.EnableHome { // We need to access the revisions for a non-home reference. // We'll get the owner of the particular resource and impersonate them // if we have access to it. @@ -1568,7 +1509,8 @@ func (fs *eosfs) RestoreRevision(ctx context.Context, ref *provider.Reference, r fn = fs.wrap(ctx, md.Path) if md.PermissionSet.RestoreFileVersion { - auth, err = fs.getUIDGateway(ctx, md.Owner) + user := appctx.ContextMustGetUser(ctx) + auth, err = fs.getEOSToken(ctx, user, fn) if err != nil { return err } @@ -2084,6 +2026,7 @@ func (fs *eosfs) getUserAuth(ctx context.Context, u *userpb.User, fn string) (eo return fs.extractUIDAndGID(u) } +// Generate an EOS token that acts on behalf of the owner of the file `fn` func (fs *eosfs) getEOSToken(ctx context.Context, u *userpb.User, fn string) (eosclient.Authorization, error) { if fn == "" { return eosclient.Authorization{}, errtypes.BadRequest("eosfs: path cannot be empty") @@ -2133,18 +2076,6 @@ func (fs *eosfs) getEOSToken(ctx context.Context, u *userpb.User, fn string) (eo return eosclient.Authorization{Token: tkn}, nil } -func (fs *eosfs) getRootAuth(ctx context.Context) (eosclient.Authorization, error) { - if fs.conf.ForceSingleUserMode { - if fs.singleUserAuth.Role.UID != "" && fs.singleUserAuth.Role.GID != "" { - return fs.singleUserAuth, nil - } - var err error - fs.singleUserAuth, err = fs.getUIDGateway(ctx, &userpb.UserId{OpaqueId: fs.conf.SingleUsername}) - return fs.singleUserAuth, err - } - return eosclient.Authorization{Role: eosclient.Role{UID: "0", GID: "0"}}, nil -} - // Returns an eosclient.Authorization object with the uid/gid of the daemon user // This is a system user with read-only access to files. // We use it e.g. when retrieving metadata from a file when accessing through a guest account,