Merge branch 'cs3org:master' into ceph-fixes

.github/workflows/changelog.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4
       - name: Setup Go environment
         uses: actions/setup-go@v4
         with:

.github/workflows/compose.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: ${{ inputs.submodules }}
       - name: Download image

.github/workflows/docker.yml

@@ -27,7 +27,7 @@ jobs:
       image: ${{ steps.build.outputs.imageid }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4
       - name: Set up QEMU
         if: inputs.platforms != ''
         uses: docker/setup-qemu-action@v2

.github/workflows/lint.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3.1.0
+        uses: actions/checkout@v4
       - name: Setup Go environment
         uses: actions/setup-go@v4
         with:

.github/workflows/release.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Go environment
         id: go
         uses: actions/setup-go@v4

.github/workflows/test.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Go environment
         uses: actions/setup-go@v4
         with:
@@ -39,7 +39,7 @@ jobs:
     runs-on: self-hosted
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Go environment
         uses: actions/setup-go@v4
         with:

.gitignore

@@ -58,3 +58,4 @@ toolchain/
 logs_test/
 
 tmp/
+public/

changelog/unreleased/eos-perms.md

@@ -0,0 +1,6 @@
+Bugfix: fixed permission mapping to EOS ACLs
+
+This is to remove "m" and "q" flags in EOS ACLs
+for regular write shares (no re-sharing).
+
+https://github.com/cs3org/reva/pull/4667

changelog/unreleased/eos-userquota.md

@@ -0,0 +1,6 @@
+Enhancement: differentiate quota for user types in EOS
+
+We now assign a different initial quota to users depending
+on their type, whether PRIMARY or not.
+
+https://github.com/cs3org/reva/pull/4720

changelog/unreleased/eos-xattr.md

@@ -0,0 +1,6 @@
+Bugfix: do not use version folders for xattrs in EOS
+
+This was a workaround needed some time ago. We revert now
+to the standard behavior, xattrs are stored on the files.
+
+https://github.com/cs3org/reva/pull/4520

changelog/unreleased/fix-auth-log.md

@@ -0,0 +1,6 @@
+Bugfix: auth: increase verbosity of oidc parsing errors
+
+This is to help further debugging of auth issues.
+An unrelated error reporting was also fixed.
+
+https://github.com/cs3org/reva/pull/4599

changelog/unreleased/fix-eos-container-build.md

@@ -0,0 +1,3 @@
+Bugfix: Fix ulimits for EOS container deployment
+
+https://github.com/cs3org/reva/pull/4620

changelog/unreleased/fix-ocm-open-driver.md

@@ -0,0 +1,8 @@
+Bugfix: ocm: fixed domain not having a protocol scheme
+
+This PR fixes a bug in the OCM open driver that causes it to be unable to probe
+OCM services at the remote server due to the domain having an unsupported
+protocol scheme. in this case domain doesn't have a scheme and the changes in
+this PR add a scheme to the domain before doing the probe.
+
+https://github.com/cs3org/reva/pull/4790

changelog/unreleased/ocm-access.md

@@ -0,0 +1,8 @@
+Enhancement: ocm: support bearer token access
+
+This PR adds support for accessing remote OCM 1.1 shares via bearer token,
+as opposed to having the shared secret in the URL only.
+In addition, the OCM client package is now part of the OCMD server package,
+and the Discover methods have been all consolidated in one place.
+
+https://github.com/cs3org/reva/pull/4670

changelog/unreleased/recycle-fix.md

@@ -0,0 +1,6 @@
+Bugfix: eos: fixed error reporting for too large recycle bin listing
+
+EOS returns E2BIG, which internally gets converted to PermissionDenied
+and has to be properly handled in this case.
+
+https://github.com/cs3org/reva/pull/4591

docker/Dockerfile.revad-ceph

@@ -18,25 +18,20 @@
 
 FROM quay.io/ceph/ceph:v18
 
-# replace repo url with one that allows downloading the repo metadata
-# if http://download.ceph.com/rpm-reef/el8/x86_64/repodata/repomd.xml works again this can be dropped
-RUN sed -i 's/download.ceph.com/de.ceph.com/' /etc/yum.repos.d/ceph.repo
-RUN mkdir -p /etc/selinux/config
-
-RUN dnf update --exclude=ceph-iscsi,chrony -y && dnf install -y \
+RUN dnf update --exclude=ceph-iscsi -y  && dnf install -y \
   git \
   gcc \
   make \
   libcephfs-devel \
   librbd-devel \
   librados-devel
 
-ADD https://go.dev/dl/go1.21.5.linux-amd64.tar.gz \
-  go1.21.5.linux-amd64.tar.gz
+ADD https://go.dev/dl/go1.22.2.linux-amd64.tar.gz \
+  go1.22.2.linux-amd64.tar.gz
 
 RUN rm -rf /usr/local/go && \
-  tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz && \
-  rm go1.21.5.linux-amd64.tar.gz
+  tar -C /usr/local -xzf go1.22.2.linux-amd64.tar.gz && \
+  rm go1.22.2.linux-amd64.tar.gz
 
 ENV PATH /go/bin:/usr/local/go/bin:$PATH
 ENV GOPATH /go
@@ -52,8 +47,6 @@ RUN mkdir -p /go/bin && \
   make revad-ceph && \
   cp /go/src/github/cs3org/reva/cmd/revad/revad /usr/bin/revad
 
-RUN cp -r examples/ceph /etc/
-
 RUN mkdir -p /etc/revad/ && touch /etc/revad/revad.toml
 
 EXPOSE 9999 10000

docs/assets/scss/styles_project

@@ -0,0 +1,15 @@
+/*
+
+Add styles or override variables from the theme here.
+
+*/
+
+$primary: #29a7df;
+$secondary: #ED6A5A;
+$dark: #131516;
+$enable-gradients: false;
+$enable-rounded: false;
+$enable-shadows: false;
+$td-enable-google-fonts: true;
+$google_font_name: "Roboto";
+$google_font_family: "Roboto:300,300i,400,400i,700,700i";

docs/content/en/docs/config/grpc/interceptors/_index.md

@@ -11,4 +11,5 @@ To configure an GRPC interceptor you need to follow this convention in the confi
 {{< highlight toml >}}
 [grpc.interceptors.interceptor_name]
 ... config ...
+{{</ highlight  >}}
 

docs/content/en/docs/config/grpc/services/_index.md

@@ -11,4 +11,4 @@ To configure a GRPC service you need to follow this convention in the config fil
 {{< highlight toml >}}
 [grpc.services.service_name]
 ... config ...
-
+{{</ highlight >}}

docs/content/en/docs/config/http/middlewares/_index.md

@@ -11,4 +11,5 @@ To configure an HTTP middleware you need to follow this convention in the config
 {{< highlight toml >}}
 [http.middlewares.middleware_name]
 ... config ...
+{{</ highlight >}}
 

docs/content/en/docs/config/http/services/_index.md

@@ -11,4 +11,6 @@ To configure an HTTP service you need to follow this convention in the config fi
 {{< highlight toml >}}
 [http.services.service_name]
 ... config ...
+{{</ highlight >}}
+
 

docs/content/en/docs/config/packages/notification/notificationhelper/_index.md

@@ -32,11 +32,11 @@ nats_stream = "reva-notifications"
 {{< /highlight >}}
 {{% /dir %}}
 
-{{% dir name="templates" type="map[string]interface{}" default= %}}
+{{% dir name="templates" type="map[string]interface{}" default=nil %}}
 Notification templates for the service. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/notification/notificationhelper/notificationhelper.go#L50)
 {{< highlight toml >}}
 [notification.notificationhelper]
-templates = 
+templates = nil
 {{< /highlight >}}
 {{% /dir %}}
 

docs/content/en/docs/config/serverless/services/notifications/_index.md

@@ -16,11 +16,11 @@ nats_address = ""
 {{< /highlight >}}
 {{% /dir %}}
 
-{{% dir name="nats_token" type="string" default="The token to authenticate against the NATS server" %}}
- [[Ref]](https://github.com/cs3org/reva/tree/master/internal/serverless/services/notifications/notifications.go#L48)
+{{% dir name="nats_token" type="string" default="" %}}
+The token to authenticate against the NATS server [[Ref]](https://github.com/cs3org/reva/tree/master/internal/serverless/services/notifications/notifications.go#L48)
 {{< highlight toml >}}
 [serverless.services.notifications]
-nats_token = "The token to authenticate against the NATS server"
+nats_token = ""
 {{< /highlight >}}
 {{% /dir %}}
 
@@ -32,11 +32,11 @@ nats_prefix = "reva-notifications"
 {{< /highlight >}}
 {{% /dir %}}
 
-{{% dir name="handlers" type="map[string]map[string]interface{}" default= %}}
+{{% dir name="handlers" type="map[string]map[string]interface{}" default=nil %}}
 Settings for the different notification handlers. [[Ref]](https://github.com/cs3org/reva/tree/master/internal/serverless/services/notifications/notifications.go#L50)
 {{< highlight toml >}}
 [serverless.services.notifications]
-handlers = 
+handlers = nil
 {{< /highlight >}}
 {{% /dir %}}
 

docs/content/en/docs/tutorials/cephfs-tutorial.md

@@ -0,0 +1,135 @@
+---
+title: "Setting up Reva with CephFS"
+linkTitle: "Setting up Reva with CephFS"
+weight: 10
+description: >
+  Setting up Reva with a CephFS cluster
+---
+
+This is a guide on how to set up Reva in your local environment and connect it to an existing CephFS cluster.
+
+For questions on this tutorial plase refer to https://github.com/cs3org/reva/discussions/4610
+
+### 1. CephFS setup
+You need to have an existing CephFS installation in the machine where you will deploy Reva.
+Even though is not needed for Reva to have CephFS mounted on the machine where Reva will run, we highly recommend it 
+as it will make grasping the concepts much easier.
+
+For this tutorial, we have a Ceph mount exposed under the mountpoint `/cephfs`.
+
+```
+$ cat /etc/fstab  | grep cephfs
+cernbox@.cernbox=/                        /cephfs                 ceph    rbytes
+```
+
+```
+$ df -h | grep ceph
+10.81.22.151:6789,10.81.22.161:6789,10.81.22.171:6789:/  1.3P  650G  1.2P   1% /cephfs
+```
+
+The ceph configuration lives under `/etc/ceph`.
+
+```
+$ tree /etc/ceph/
+/etc/ceph/
+├── ceph.client.cernbox.keyring
+├── ceph.conf
+└── rbdmap
+```
+
+Your cluster details will differ, this is just an example configuration file.
+```
+$ cat /etc/ceph/ceph.conf
+[global]
+auth_client_required=cephx
+fsid=f5195e24-158c-11ee-b338-5ced8c61b074
+mon_host=[v2:10.81.22.151:3300/0,v1:10.81.22.151:6789/0],[v2:10.81.22.161:3300/0,v1:10.81.22.161:6789/0],[v2:10.81.22.171:3300/0,v1:10.81.22.171:6789/0]
+```
+
+```
+cat /etc/ceph/ceph.client.cernbox.keyring
+[client.cernbox]
+key = mycephsecretkey==
+```
+
+With this information we can start setting up Reva.
+
+
+
+## Reva setup
+
+
+Follow the steps here:
+https://reva.link/docs/getting-started/build-reva/
+
+We also need the libcephfs library, depending on your OS the command to install will change, here is how you install it for Fedora 39:
+```
+dnf install libcephfs* -y
+```
+
+At this step you shoudl have a local clone of the Reva software:
+
+```
+git clone https://github.com/cs3org/reva
+cd reva
+make revad-ceph
+make reva
+./cmd/revad/revad -v
+```
+
+You can copy the binaries (`reva` is the client cli and `revad` is the daemon) to a default location so is available in your PATH:
+```
+cp ./cmd/revad/revad /usr/local/bin/revad
+cp ./cmd/reva/reva /usr/local/bin/reva
+```
+
+
+### Creating test users
+CephFS relies on the UNIX uid and guid attributes to perform access control.
+For this example, we'll create `einstein` user with `uid=4000`:
+
+```
+$ sudo useradd -u 4000  einstein
+$ id einstein
+uid=4000(einstein) gid=4000(einstein) groups=4000(einstein)
+```
+### Create configuration files
+
+For this tutorial, we'll use two files:
+- `revad.toml` (main configuration file to run reva, preconfigured for Ceph cluster)
+- `test_users.json` (configuration used to store users, only `einstein` is configured)
+
+These files are available at https://github.com/cs3org/reva/tree/master/examples/cephfs
+
+Copy the `revad.toml` to `/etc/revad/revad.toml`, the default location where the reva binary will load its configuration.
+Copy the `test_users.json` file to `/etc/revad/test_users.json` to match the configuration from `/etc/revad/revad.toml`.
+Create directory where reva will log its outpout: `mkdir -p /var/log/revad`.
+
+### Run revad
+Ideally you would use an init system like systemd or docker to run it, for this tutorial we run it manually:
+```
+$ nohup revad  &
+```
+
+Let's take a look at the logs:
+
+```
+tail /var/log/revad/revad.log
+```
+
+### Connect to revad
+
+The Reva daemon listens on port `9143` (configured in `/etc/revad/revad.toml`)
+Let's use the reva client cli to connect to it:
+
+```
+$ reva -host localhost:9143 -insecure login basic
+username: einstein
+password: 
+OK
+
+$ reva whoami
+```
+
+
+