Changes in 2.0.0-beta.3
Summary
- Bugfix - Remove runtime kill and run commands: #3740
- Bugfix - Check permissions when deleting Space: #3709
- Bugfix - Allow empty environment variables: #3892
- Bugfix - Remove unused transfer secret from app provider: #3798
- Bugfix - Make IDP secrets configurable via environment variables: #3744
- Bugfix - Enable debug server by default: #3827
- Bugfix - Fix search index getting out of sync: #3851
- Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
- Bugfix - Fix LDAP insecure options: #3897
- Bugfix - Set default name for public link via capabilities: #3834
- Bugfix - Remove legacy accounts proxy routes: #3831
- Bugfix - Fix the
ocis search
command: #3796 - Bugfix - Rename search env variable for the grpc server address: #3800
- Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
- Bugfix - Fix configuration validation for extensions' server commands: #3911
- Bugfix - Fix multiple storage-users env variables: #3802
- Bugfix - Thumbnails for
/dav/xxx?preview=1
requests: #3567 - Bugfix - Fix user autoprovisioning: #3893
- Bugfix - Fix version number in status page: #3788
- Bugfix - Fix the webdav URL of drive roots: #3706
- Bugfix - Idp: Check if CA certificate if present: #3623
- Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
- Bugfix - Save Katherine: #3823
- Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
- Bugfix - URL encode the webdav url in the graph API: #3597
- Change - Update ocis packages and imports to V2: #3678
- Change - Load configuration files just from one directory: #3587
- Change - Reduce permissions on docker image predeclared volumes: #3641
- Change - Introduce
ocis init
and remove all default secrets: #3551 - Change - The
glauth
andaccounts
services are removed: #3685 - Change - Reduce drives in graph /me/drives API: #3629
- Change - Switched default configuration to use libregraph/idm: #3331
- Change - Rename MetadataUserID: #3671
- Change - Use new space ID util functions: #3648
- Change - Prevent access to disabled space: #3779
- Change - Rename serviceUser to systemUser: #3673
- Change - Split MachineAuth from SystemUser: #3672
- Enhancement - Align service naming: #3606
- Enhancement - Introduce service registry cache: #3833
- Enhancement - Reintroduce user autoprovisioning in proxy: #3860
- Enhancement - Add config option to provide TLS certificate: #3818
- Enhancement - Add descriptions for graph-explorer config: #3759
- Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
- Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
- Enhancement - Product field in OCS version: #2918
- Enhancement - Add initial version of the search extensions: #3635
- Enhancement - Add capability for public link single file edit: #6787
- Enhancement - Added
share_jail
andprojects
feature flags in spaces capability: #3626 - Enhancement - Add description tags to the thumbnails config structs: #3752
- Enhancement - Update linkshare capabilities: #3579
- Enhancement - Update reva to version 2.4.1: #3746
- Enhancement - Update reva to version 2.5.1: #3932
- Enhancement - Update reva to v2.3.1: #3552
- Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
- Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
- Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
- Enhancement - Add descriptions to webdav configuration: #3755
Details
-
Bugfix - Remove runtime kill and run commands: #3740
We've removed the kill and run commands from the oCIS runtime. If these dynamic capabilities
are needed, one should switch to a full fledged supervisor and start oCIS as individual
services.If one wants to start a only a subset of services, this is still possible by setting
OCIS_RUN_EXTENSIONS. -
Bugfix - Check permissions when deleting Space: #3709
Check for manager permissions when deleting spaces. Do not allow deleting spaces via dav
service -
Bugfix - Allow empty environment variables: #3892
We've fixed the behavior for empty environment variables, that previously would not have
overwritten default values. Therefore it had the same effect like not setting the environment
variable. We now check if the environment variable is set at all and if so, we also allow to
override a default value with an empty value. -
Bugfix - Remove unused transfer secret from app provider: #3798
We've fixed the startup of the app provider by removing the startup dependency on a configured
transfer secret, which was not used. This only happend if you start the app provider without
runtime (eg.ocis app-provider server
) and didn't have configured all oCIS secrets. -
Bugfix - Make IDP secrets configurable via environment variables: #3744
We've fixed the configuration options of the IDP to make the IDP secrets again configurable via
environment variables. -
Bugfix - Enable debug server by default: #3827
We've fixed the behavior for the audit, idm, nats and notifications extensions, that did not
start their debug server by default. -
Bugfix - Fix search index getting out of sync: #3851
We fixed a problem where the search index got out of sync with child elements of a parent
containing special characters. -
Bugfix - Inconsistency env var naming for LDAP filter configuration: #3890
There was a naming inconsitency for the enviroment variables used to define LDAP filters for
user and groups queries. Some services usedLDAP_USER_FILTER
while others used
LDAP_USERFILTER
. This is now changed to useLDAP_USER_FILTER
andLDAP_GROUP_FILTER
.Note: If your oCIS setup is using an LDAP configuration that has any of the
*_LDAP_USERFILTER
or*_LDAP_GROUPFILTER
environment variables set, please update the configuration to use
the new unified names*_LDAP_USER_FILTER
respectively*_LDAP_GROUP_FILTER
instead. -
Bugfix - Fix LDAP insecure options: #3897
We've fixed multiple LDAP insecure options:
- The Graph LDAP insecure option default was set to
true
and now defaults tofalse
. This is possible after #3888, since the Graph also now uses the LDAP CAcert by default. - The Graph LDAP insecure option was configurable by the environment variable
OCIS_INSECURE
, which was replaced by the dedicatedLDAP_INSECURE
variable. This variable is also used by all other services using LDAP. - The IDP insecure option for the user backend now also picks up configuration from
LDAP_INSECURE
.
- The Graph LDAP insecure option default was set to
-
Bugfix - Set default name for public link via capabilities: #3834
We have now added a default name for public link shares which is communicated via the
capabilities. -
Bugfix - Remove legacy accounts proxy routes: #3831
We've removed the legacy accounts routes from the proxy default config. There were no longer
used since the switch to IDM as the default user backend. Also accounts is no longer part of the
oCIS binary and therefore should not be part of the proxy default route config. -
Bugfix - Fix the
ocis search
command: #3796We've fixed the behavior for
ocis search
, which didn't show further help when not all secrets
have been configured. It also was not possible to start the search service standalone from the
oCIS binary without configuring all oCIS secrets, even they were not needed by the search
service. -
Bugfix - Rename search env variable for the grpc server address: #3800
We've fixed the gprc server address configuration environment variable by renaming it from
ACCOUNTS_GRPC_ADDR
toSEARCH_GRPC_ADDR
-
Bugfix - Fix the idm and settings extensions' admin user id configuration option: #3799
We've fixed the admin user id configuration of the settings and idm extensions. The have
previously only been configurable via the oCIS shared configuration and therefore have been
undocumented for the extensions. This config option is now part of both extensions'
configuration and can now also be used when the extensions are compiled standalone. -
Bugfix - Fix configuration validation for extensions' server commands: #3911
We've fixed the configuration validation for the extensions' server commands. Before that
fix error messages have occurred when trying to start individual services without certain
oCIS fullstack configuration values.We now no longer do the common oCIS configuration validation for extensions' server commands
and now rely only on the extensions' validation function. -
Bugfix - Fix multiple storage-users env variables: #3802
We've fixed multiple environment variable configuration options for the storage-users
extension:STORAGE_USERS_GRPC_ADDR
was used to configure both the address of the http and grpc server. This resulted in a failing startup of the storage-users extension if this config option is set, because the service tries to double-bind the configured port (one time for each of the http and grpc server). You can now configure the grpc server's address with the environment variableSTORAGE_USERS_GRPC_ADDR
and the http server's address with the environment variableSTORAGE_USERS_HTTP_ADDR
STORAGE_USERS_S3NG_USERS_PROVIDER_ENDPOINT
was used to configure the permissions service endpoint for the S3NG driver and was therefore renamed toSTORAGE_USERS_S3NG_PERMISSIONS_ENDPOINT
- It's now possible to configure the permissions service endpoint for all storage drivers with the environment variable
STORAGE_USERS_PERMISSION_ENDPOINT
, which was previously only used by the S3NG driver.
-
Bugfix - Thumbnails for
/dav/xxx?preview=1
requests: #3567We've added the thumbnail rendering for
/dav/xxx?preview=1
,
/remote.php/webdav/{relative path}?preview=1
and/webdav/{relative path}?preview=1
requests, which was previously not supported because of missing routes. It
now returns the same thumbnails as for/remote.php/dav/xxx?preview=1
. -
Bugfix - Fix user autoprovisioning: #3893
We've fixed the autoprovsioning feature that was introduced in beta2. Due to a bug the role
assignment of the privileged user that is used to create accounts wasn't propagated correctly
to thegraph
service. -
Bugfix - Fix version number in status page: #3788
We needed to undo the version number changes on the status page to keep compatibility for legacy
clients. We added a new fieldproductversion
for the actual version of the product. -
Bugfix - Fix the webdav URL of drive roots: #3706
Fixed the webdav URL of drive roots in the graph API.
-
Bugfix - Idp: Check if CA certificate if present: #3623
Upon first start with the default configurtation the idm service creates a server
certificate, that might not be finished before the idp service is starting. Add a check to idp
similar to what the user, group, and auth-providers implement. -
Bugfix - Return proper errors when ocs/cloud/users is using the cs3 backend: #3483
The ocs API was just exiting with a fatal error on any update request, when configured for the cs3
backend. Now it returns a proper error. -
Bugfix - Save Katherine: #3823
SpaceManager user katherine was removed with the demo user switch. Now she comes back
-
Bugfix - Fix Thumbnails for IDs without a trailing path: #3791
The routes in the chi router were not matching thumbnail requests without a trailing path.
-
Bugfix - URL encode the webdav url in the graph API: #3597
Fixed the webdav URL in the drives responses. Without encoding the URL could be broken by files
with spaces in the file name. -
Change - Update ocis packages and imports to V2: #3678
This needs to be done in preparation for the major version bump in ocis.
-
Change - Load configuration files just from one directory: #3587
We've changed the configuration file loading behavior and are now only loading configuration
files from ONE single directory. This directory can be set on compile time or via an environment
variable on startup (OCIS_CONFIG_DIR
).We are using following configuration default paths:
- Docker images:
/etc/ocis/
- Binary releases:$HOME/.ocis/config/
- Docker images:
-
Change - Reduce permissions on docker image predeclared volumes: #3641
We've lowered the permissions on the predeclared volumes of the oCIS docker image from 777 to
750.This change doesn't affect you, unless you use the docker image with the non default uid/guid to
start oCIS (default is 1000:1000). -
Change - Introduce
ocis init
and remove all default secrets: #3551We've removed all default secrets and the hardcoded UUID of the user
admin
. This means you
can't start oCIS any longer without setting these via environment variable or configuration
file.In order to make this easy for you, we introduced a new command:
ocis init
. You can run this
command before starting oCIS withocis server
and it will bootstrap you a configuration file
for a secure oCIS instance. -
Change - The
glauth
andaccounts
services are removed: #3685After switching the default configuration to libregraph/idm we could remove the glauth and
accounts services from the source code (they were already disabled by default with the
previous release) -
Change - Reduce drives in graph /me/drives API: #3629
Reduced the drives in the graph
/me/drives
API to only the drives the user has access to. The
endpoint/drives
will list all drives when the user has the permission. -
Change - Switched default configuration to use libregraph/idm: #3331
We switched the default configuration of oCIS to use the "idm" service (based on
libregraph/idm) as the standard source for user and group information. The accounts and
glauth services are no longer enabled by default and will be removed with an upcoming release. -
Change - Rename MetadataUserID: #3671
MetadataUserID is renamed to SystemUserID including yaml tags and env vars
-
Change - Use new space ID util functions: #3648
Changed code to use the new space ID util functions so that everything works with the new spaces
ID format. -
Change - Prevent access to disabled space: #3779
Previously managers where allowed to edit the space even when it is disabled This is no longer
possible -
Change - Rename serviceUser to systemUser: #3673
We renamed serviceUser to systemUser in all configs and vars including yaml-tags and env vars
-
Change - Split MachineAuth from SystemUser: #3672
We now have two different APIKeys: MachineAuth for the machine-auth service and SystemUser
for the system user used e.g. by settings service -
Enhancement - Align service naming: #3606
We now reflect the configured service names when listing them in the ocis runtime
-
Enhancement - Introduce service registry cache: #3833
We've improved the service registry / service discovery by setting up registry caching (TTL
20s), so that not every requests has to do a lookup on the registry. -
Enhancement - Reintroduce user autoprovisioning in proxy: #3860
With the removal of the accounts service autoprovisioning of users upon first login was no
longer possible. We added this feature back for the cs3 user backend in the proxy. Leveraging
the libregraph users API for creating the users. -
Enhancement - Add config option to provide TLS certificate: #3818
Added a config option to the graph service to provide a TLS certificate to be used to verify the
LDAP server certificate. -
Enhancement - Add descriptions for graph-explorer config: #3759
Added descriptions tags to the graph-explorer config tags so that they will be included in the
documentation. -
Enhancement - Add /me/changePassword endpoint to GraphAPI: #3063
When using the builtin user management, allow users to update their own password via the
graph/v1.0/me/changePassword endpoint. -
Enhancement - Wrap metadata storage with dedicated reva gateway: #3602
We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including
static storage registry, static auth registry, in memory userprovider, machine
authprovider and demo permissions service. This allows us to preconfigure the service user
for the ocis settings service, share and public share providers. -
Enhancement - Product field in OCS version: #2918
We've added a new field to the OCS Version, which is supposed to announce the product name. The
web ui as a client will make use of it to make the backend product and version available (e.g. for
easier bug reports). -
Enhancement - Add initial version of the search extensions: #3635
It is now possible to search for files and directories by their name using the web UI. Therefor
new search extension indexes files in a persistent local index. -
Enhancement - Add capability for public link single file edit: #6787
It is now possible to share a single file by link with edit permissions. Therefore we need a
public share capability to enable that feature in the clients. At the same time, we improved the
WebDAV permissions for public links. -
Enhancement - Added
share_jail
andprojects
feature flags in spaces capability: #3626We've added feature flags to the
spaces
capability to indicate to clients which features are
supposed to be shown to users. -
Enhancement - Add description tags to the thumbnails config structs: #3752
Added description tags to the config structs in the thumbnails service so they will be included
in the config documentation.Important If you ran
ocis init
with thev2.0.0-alpha*
version then you have to manually add thetransfer_secret
to the ocis.yaml.Just open the
ocis.yaml
config file and look for the thumbnails section. Then add a random
transfer_secret
so that it looks like this:yaml thumbnails: thumbnail: transfer_secret: <put random value here>
-
Enhancement - Update linkshare capabilities: #3579
We have updated the capabilities regarding password enforcement and expiration dates of
public links. They were previously hardcoded in a way that didn't reflect the actual backend
functionality anymore. -
Enhancement - Update reva to version 2.4.1: #3746
Changelog for reva 2.4.1 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.1 relevant to reva users. The changes are
ordered by importance.Summary -------
- Bugfix cs3org/reva#2891: Add missing http status code
Changelog for reva 2.4.0 (2022-05-24) =======================================
The following sections list the changes in reva 2.4.0 relevant to reva users. The changes are
ordered by importance.Summary -------
- Bugfix cs3org/reva#2854: Handle non uuid space and nodeid in decomposedfs
- Bugfix cs3org/reva#2853: Filter CS3 share manager listing
- Bugfix cs3org/reva#2868: Actually remove blobs when purging
- Bugfix cs3org/reva#2882: Fix FileUploaded event being emitted too early
- Bugfix cs3org/reva#2848: Fix storage id in the references in the ItemTrashed events
- Bugfix cs3org/reva#2852: Fix rcbox dependency on reva 1.18
- Bugfix cs3org/reva#3505: Fix creating a new file with wopi
- Bugfix cs3org/reva#2885: Move stat out of usershareprovider
- Bugfix cs3org/reva#2883: Fix role consideration when updating a share
- Bugfix cs3org/reva#2864: Fix Grant Space IDs
- Bugfix cs3org/reva#2870: Update quota calculation
- Bugfix cs3org/reva#2876: Fix version number in status page
- Bugfix cs3org/reva#2829: Don't include versions in quota
- Change cs3org/reva#2856: Do not allow to edit disabled spaces
- Enhancement cs3org/reva#3741: Add download endpoint to ocdav versions API
- Enhancement cs3org/reva#2884: Show mounted shares in virtual share jail root
- Enhancement cs3org/reva#2792: Use storageproviderid for spaces routing
-
Enhancement - Update reva to version 2.5.1: #3932
Changelog for reva 2.5.1 (2022-06-08) =======================================
The following sections list the changes in reva 2.5.1 relevant to reva users. The changes are
ordered by importance.Summary -------
- Bugfix cs3org/reva#2931: Allow listing share jail space
- Bugfix cs3org/reva#2918: Fix propfinds with depth 0
Changelog for reva 2.5.0 (2022-06-07) =======================================
The following sections list the changes in reva 2.5.0 relevant to reva users. The changes are
ordered by importance.Summary -------
- Bugfix cs3org/reva#2909: The decomposedfs now checks the GetPath permission
- Bugfix cs3org/reva#2899: Empty meta requests should return body
- Bugfix cs3org/reva#2928: Fix mkcol response code
- Bugfix cs3org/reva#2907: Correct share jail child aggregation
- Bugfix cs3org/reva#2895: Fix unlimited quota in spaces
- Bugfix cs3org/reva#2905: Check user permissions before updating/removing public shares
- Bugfix cs3org/reva#2904: Share jail now works properly when accessed as a space
- Bugfix cs3org/reva#2903: User owncloudsql now uses the correct userid
- Change cs3org/reva#2920: Clean up the propfind code
- Change cs3org/reva#2913: Rename ocs parameter "space_ref"
- Enhancement cs3org/reva#2919: EOS Spaces implementation
- Enhancement cs3org/reva#2888: Introduce spaces field mask
- Enhancement cs3org/reva#2922: Refactor webdav error handling
-
Enhancement - Update reva to v2.3.1: #3552
Updated reva to version 2.3.1. This update includes
- Bugfix cs3org/reva#2827: Check permissions when deleting spaces
- Bugfix cs3org/reva#2830: Correctly render response when accepting merged shares
- Bugfix cs3org/reva#2831: Fix uploads to owncloudsql storage when no mtime is provided
- Enhancement cs3org/reva#2833: Make status.php values configurable
- Enhancement cs3org/reva#2832: Add version option for ocdav go-micro service
Updated reva to version 2.3.0. This update includes:
- Bugfix cs3org/reva#2693: Support editnew actions from MS Office
- Bugfix cs3org/reva#2588: Dockerfile.revad-ceph to use the right base image
- Bugfix cs3org/reva#2499: Removed check DenyGrant in resource permission
- Bugfix cs3org/reva#2285: Accept new userid idp format
- Bugfix cs3org/reva#2802: Bugfix the resource id handling for space shares
- Bugfix cs3org/reva#2800: Bugfix spaceid parsing in spaces trashbin API
- Bugfix cs3org/reva#2608: Respect the tracing_service_name config variable
- Bugfix cs3org/reva#2742: Use exact match in login filter
- Bugfix cs3org/reva#2759: Made uid, gid claims parsing more robust in OIDC auth provider
- Bugfix cs3org/reva#2788: Return the correct file IDs on public link resources
- Bugfix cs3org/reva#2322: Use RFC3339 for parsing dates
- Bugfix cs3org/reva#2784: Disable storageprovider cache for the share jail
- Bugfix cs3org/reva#2555: Bugfix site accounts endpoints
- Bugfix cs3org/reva#2675: Updates Makefile according to latest go standards
- Bugfix cs3org/reva#2572: Wait for nats server on middleware start
- Change cs3org/reva#2735: Avoid user enumeration
- Change cs3org/reva#2737: Bump go-cs3api
- Change cs3org/reva#2763: Change the oCIS and S3NG storage driver blob store layout
- Change cs3org/reva#2596: Remove hash from public link urls
- Change cs3org/reva#2785: Implement workaround for chi.RegisterMethod
- Change cs3org/reva#2559: Do not encode webDAV ids to base64
- Change cs3org/reva#2740: Rename oc10 share manager driver
- Change cs3org/reva#2561: Merge oidcmapping auth manager into oidc
- Enhancement cs3org/reva#2698: Make capabilities endpoint public, authenticate users is present
- Enhancement cs3org/reva#2515: Enabling tracing by default if not explicitly disabled
- Enhancement cs3org/reva#2686: Features for favorites xattrs in EOS, cache for scope expansion
- Enhancement cs3org/reva#2494: Use sys ACLs for file permissions
- Enhancement cs3org/reva#2522: Introduce events
- Enhancement cs3org/reva#2811: Add event for created directories
- Enhancement cs3org/reva#2798: Add additional fields to events to enable search
- Enhancement cs3org/reva#2790: Fake providerids so API stays stable after beta
- Enhancement cs3org/reva#2685: Enable federated account access
- Enhancement cs3org/reva#1787: Add support for HTTP TPC
- Enhancement cs3org/reva#2799: Add flag to enable unrestriced listing of spaces
- Enhancement cs3org/reva#2560: Mentix PromSD extensions
- Enhancement cs3org/reva#2741: Meta path for user
- Enhancement cs3org/reva#2613: Externalize custom mime types configuration for storage providers
- Enhancement cs3org/reva#2163: Nextcloud-based share manager for pkg/ocm/share
- Enhancement cs3org/reva#2696: Preferences driver refactor and cbox sql implementation
- Enhancement cs3org/reva#2052: New CS3API datatx methods
- Enhancement cs3org/reva#2743: Add capability for public link single file edit
- Enhancement cs3org/reva#2738: Site accounts site-global settings
- Enhancement cs3org/reva#2672: Further Site Accounts improvements
- Enhancement cs3org/reva#2549: Site accounts improvements
- Enhancement cs3org/reva#2795: Add feature flags "projects" and "share_jail" to spaces capability
- Enhancement cs3org/reva#2514: Reuse ocs role objects in other drivers
- Enhancement cs3org/reva#2781: In memory user provider
- Enhancement cs3org/reva#2752: Refactor the rest user and group provider drivers
-
Enhancement - Update ownCloud Web to v5.5.0-rc.8: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.8. Please refer to the changelog (linked) for details on
the web release.owncloud/web#6854
#3844
#3862
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.8 -
Enhancement - Update ownCloud Web to v5.5.0-rc.9: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.9. Please refer to the changelog (linked) for details on
the web release.Summary -------
- Bugfix owncloud/web#6939: Not logged out if backend is ownCloud 10
- Bugfix owncloud/web#7061: Prevent rename button from getting covered
- Bugfix owncloud/web#7032: Show message when upload size exceeds quota
- Bugfix owncloud/web#7036: Drag and drop upload when a file is selected
- Enhancement owncloud/web#7022: Add config option for hoverable quick actions
- Enhancement owncloud/web#6555: Consistent dropdown menus
- Enhancement owncloud/web#6994: Copy/Move conflict dialog
- Enhancement owncloud/web#6750: Make contexthelpers opt-out
- Enhancement owncloud/web#7038: Rendering of share-indicators in ResourceTable
- Enhancement owncloud/web#6776: Prevent the resource name in the sidebar from being truncated
- Enhancement owncloud/web#7067: Upload progress & overlay improvements
owncloud/web#6854
#3927
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.9 -
Enhancement - Update ownCloud Web to v5.5.0-rc.6: #6854
Tags: web
We updated ownCloud Web to v5.5.0-rc.6. Please refer to the changelog (linked) for details on
the web release.owncloud/web#6854
#3664
#3680
#3727
#3747
#3797
https://github.com/owncloud/web/releases/tag/v5.5.0-rc.6 -
Enhancement - Add descriptions to webdav configuration: #3755
Added descriptions to webdav config structs to include them in the config documentation.