Merge pull request #2371 from rhafer/kconnnect-to-lico

Move from kc/konnect to libregraph/lico

docs/extensions/idp/theming.md

@@ -9,7 +9,7 @@ geekdocFilePath: theming.md
 {{< toc >}}
 
 ## Intro
-Our default IDP UI is built with the [Kopano Konnect](https://github.com/Kopano-dev/konnect) React app. Even though this app comes already with a simple theming options, we have compiled our own edited version of the app with more advanced changes than the default theming offers. Because of that, it is not possible at the moment to do any kind of easy theming and including custom theme means again compiling custom assets.
+Our default IDP UI is built with the [LibreGraph Connect](https://github.com/libregraph/lico) React app. Even though this app comes already with a simple theming options, we have compiled our own edited version of the app with more advanced changes than the default theming offers. Because of that, it is not possible at the moment to do any kind of easy theming and including custom theme means again compiling custom assets.
 
 ## Customizing assets
 Depending on what changes you wish to do with the theme, there are several files you can edit. All of them are located in the `idp/ui` folder.
@@ -18,7 +18,7 @@ Depending on what changes you wish to do with the theme, there are several files
 If you wish to add static assets like images, CSS, etc., you can add them to `idp/ui/public/static`. The `public` folder also contains the `index.html` file which can be adjusted to your needs.
 
 ### CSS
-Kopano Konnect is built with [kpop](https://github.com/Kopano-dev/kpop), a collection of React UI components. To include any custom styles on top of that collection, you can define them in the `idp/ui/src/app.css` file. These rules will take precedence over the kpop.
+LibreGraph Connect is built with [kpop](https://github.com/Kopano-dev/kpop), a collection of React UI components. To include any custom styles on top of that collection, you can define them in the `idp/ui/src/app.css` file. These rules will take precedence over the kpop.
 
 ### Containers
 Layouts of all pages are located in the `idp/ui/src/containers` folder. By editing any of files in that folder, you can do any kind of changes in the layout and create advanced themes. It is, however, important to be careful when touching this code as it imports also actions which are responsible for the login flow.
@@ -47,4 +47,4 @@ In order to build all assets, run `yarn build` in the `idp` folder. This script
 
 At this point, you have two possible ways how to deploy your new theme:
 - run `make generate` in the root folder of your oCIS clone and generate the new assets
-- start the IDP service directly with custom assets by specifying the env var `IDP_ASSET_PATH`
+- start the IDP service directly with custom assets by specifying the env var `IDP_ASSET_PATH`

docs/ocis/_index.md

@@ -56,7 +56,7 @@ We use [ocis-pkg](https://github.com/owncloud/ocis/tree/master/ocis-pkg) to conf
 A lot of embedded services in oCIS are built upon the [REVA](https://reva.link/) runtime. We decided to bundle some of the [CS3 services](https://github.com/cs3org/cs3apis) to logically group them. A [home storage provider](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/storagehome.go#L93-L108), which is dealing with [metadata](https://cs3org.github.io/cs3apis/#cs3.storage.provider.v1beta1.ProviderAPI), and the corresponding [data provider](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/storagehome.go#L109-L123), which is dealing with [up and download](https://cs3org.github.io/cs3apis/#cs3.gateway.v1beta1.FileUploadProtocol), are one example. The [frontend](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go) with the [oc flavoured webdav](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L132-L138), [ocs handlers](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L139-L148) and a [datagateway](https://github.com/owncloud/ocis/blob/v1.2.0/storage/pkg/command/frontend.go#L126-L131) are another.
 
 ### Protocol driven development
-Interacting with oCIS involves a multitude af APIs. The server and all clients rely on [OpenID Connect](https://openid.net/connect/) for authentication. The [embedded konnectd](https://github.com/owncloud/ocis/tree/master/idp) can be replaced with any other OpenID Connect Identity Provider. Clients use the [WebDAV](http://webdav.org/) based [oc sync protocol](https://github.com/cernbox/smashbox/blob/master/protocol/protocol.md) to manage files and folders, [ocs to manage shares](https://doc.owncloud.com/server/developer_manual/core/apis/ocs-share-api.html) and [TUS](https://tus.io/protocols/resumable-upload.html) to upload files in a resumable way. On the server side [REVA](https://reva.link/) is the reference implementation of the [CS3 apis](https://github.com/cs3org/cs3apis) which is defined using [protobuf](https://developers.google.com/protocol-buffers/). By embedding [glauth](https://github.com/glauth/glauth/), oCIS provides a read-only [LDAP](https://tools.ietf.org/html/rfc2849) interface to make accounts, including guests available to firewalls and other systems. In the future, we are looking into [the Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0), which is based on [odata](http://docs.oasis-open.org/odata/odata/v4.0/odata-v4.0-part1-protocol.html), as a well defined REST/JSON dialect for the existing endpoints.
+Interacting with oCIS involves a multitude af APIs. The server and all clients rely on [OpenID Connect](https://openid.net/connect/) for authentication. The [embedded LibreGraph Connect](https://github.com/owncloud/ocis/tree/master/idp) can be replaced with any other OpenID Connect Identity Provider. Clients use the [WebDAV](http://webdav.org/) based [oc sync protocol](https://github.com/cernbox/smashbox/blob/master/protocol/protocol.md) to manage files and folders, [ocs to manage shares](https://doc.owncloud.com/server/developer_manual/core/apis/ocs-share-api.html) and [TUS](https://tus.io/protocols/resumable-upload.html) to upload files in a resumable way. On the server side [REVA](https://reva.link/) is the reference implementation of the [CS3 apis](https://github.com/cs3org/cs3apis) which is defined using [protobuf](https://developers.google.com/protocol-buffers/). By embedding [glauth](https://github.com/glauth/glauth/), oCIS provides a read-only [LDAP](https://tools.ietf.org/html/rfc2849) interface to make accounts, including guests available to firewalls and other systems. In the future, we are looking into [the Microsoft Graph API](https://docs.microsoft.com/en-us/graph/api/overview?view=graph-rest-1.0), which is based on [odata](http://docs.oasis-open.org/odata/odata/v4.0/odata-v4.0-part1-protocol.html), as a well defined REST/JSON dialect for the existing endpoints.
 
 ### Acceptance test suite
 We run a huge [test suite](https://github.com/owncloud/core/tree/master/tests), which originated in ownCloud 10 and continues to grow. A detailed description can be found in the developer docs for [testing]({{< ref "development/testing" >}}).

docs/ocis/deployment/ocis_keycloak.md

@@ -19,7 +19,7 @@ geekdocFilePath: ocis_keycloak.md
 
 The docker stack consists 4 containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
 
-Keykloak add two containers: Keycloak itself and a PostgreSQL as database. Keycloak will be configured as oCIS' IDP instead of the internal IDP [Konnectd]({{< ref "../../extensions/idp" >}})
+Keykloak add two containers: Keycloak itself and a PostgreSQL as database. Keycloak will be configured as oCIS' IDP instead of the internal IDP [LibreGraph Connect]({{< ref "../../extensions/idp" >}})
 
 The other container is oCIS itself running all extensions in one container. In this example oCIS uses [oCIS storage driver]({{< ref "../../extensions/storage/storages#storage-drivers" >}})
 

docs/ocis/deployment/ocis_traefik.md

@@ -18,7 +18,7 @@ geekdocFilePath: ocis_traefik.md
 
 The docker stack consists of two containers. One of them is Traefik, a proxy which is terminating ssl and forwards the requests to oCIS in the internal docker network.
 
-The other one is oCIS itself running all extensions in one container. In this example oCIS uses its internal IDP [Konnectd]({{< ref "../../extensions/idp" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storages#storage-drivers" >}})
+The other one is oCIS itself running all extensions in one container. In this example oCIS uses its internal IDP [LibreGraph Connect]({{< ref "../../extensions/idp" >}}) and the [oCIS storage driver]({{< ref "../../extensions/storage/storages#storage-drivers" >}})
 
 ## Server Deployment
 

docs/ocis/migration.md

@@ -81,7 +81,7 @@ When introducing OpenID Connect, the clients will detect the new authentication
 reauthorize at the OpenID Connecd IdP, which again, may be configured to skip the consent step for trusted clients.
 
 #### Steps
-1. There are multiple products that can be used as an OpenID Connect IdP. We test with [kopano konnect](https://stash.kopano.io/projects/KC/repos/konnect/browse), which is also [embedded in oCIS](https://github.com/owncloud/web/). Other alternatives include [Keycloak](https://www.keycloak.org/) or [Ping](https://www.pingidentity.com/). Please refer to the corresponding setup instructions for the product you intent to use.
+1. There are multiple products that can be used as an OpenID Connect IdP. We test with [LibreGraph Connect](https://github.com/libregraph/lico), which is also [embedded in oCIS](https://github.com/owncloud/web/). Other alternatives include [Keycloak](https://www.keycloak.org/) or [Ping](https://www.pingidentity.com/). Please refer to the corresponding setup instructions for the product you intent to use.
 
 <div class="editpage">
 

go.mod

@@ -42,6 +42,7 @@ require (
 	github.com/iancoleman/strcase v0.1.3
 	github.com/jmhodges/levigo v1.0.0 // indirect
 	github.com/justinas/alice v1.2.0
+	github.com/libregraph/lico v0.34.1-0.20210803054646-b584e0372224 // indirect
 	github.com/mennanov/fieldmask-utils v0.3.3
 	github.com/micro/cli/v2 v2.1.2
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
@@ -77,7 +78,6 @@ require (
 	google.golang.org/grpc/examples v0.0.0-20210802225658-edb9b3bc2266 // indirect
 	google.golang.org/protobuf v1.27.1
 	gotest.tools v2.2.0+incompatible
-	stash.kopano.io/kc/konnect v0.34.0
 	stash.kopano.io/kgol/rndm v1.1.0
 )
 

go.sum

@@ -697,6 +697,8 @@ github.com/labbsr0x/bindman-dns-webhook v1.0.2/go.mod h1:p6b+VCXIR8NYKpDr8/dg1HK
 github.com/labbsr0x/goh v1.0.1/go.mod h1:8K2UhVoaWXcCU7Lxoa2omWnC8gyW8px7/lmO61c027w=
 github.com/leodido/go-urn v1.1.0/go.mod h1:+cyI34gQWZcE1eQU7NVgKkkzdXDQHr1dBMtdAPozLkw=
 github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/libregraph/lico v0.34.1-0.20210803054646-b584e0372224 h1:1FhnQBrWoR+qo865nAK1x/3Mitix7OcPWCe0L0xfXfw=
+github.com/libregraph/lico v0.34.1-0.20210803054646-b584e0372224/go.mod h1:eBA39GVhTW/EQ6qWHoVD4opNjS7KCJEmSXp8Ywt4p0k=
 github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
 github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
 github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA=

idp/docker/Dockerfile.linux.amd64

@@ -7,7 +7,7 @@ RUN apk update && \
 	echo 'hosts: files dns' >| /etc/nsswitch.conf
 
 LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
-  org.label-schema.name="oCIS Konnectd" \
+  org.label-schema.name="oCIS LibreGraph Connect" \
   org.label-schema.vendor="ownCloud GmbH" \
   org.label-schema.schema-version="1.0"
 

idp/docker/Dockerfile.linux.arm

@@ -7,7 +7,7 @@ RUN apk update && \
 	echo 'hosts: files dns' >| /etc/nsswitch.conf
 
 LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
-  org.label-schema.name="oCIS Konnectd" \
+  org.label-schema.name="oCIS LibreGraph Connect" \
   org.label-schema.vendor="ownCloud GmbH" \
   org.label-schema.schema-version="1.0"
 

idp/docker/Dockerfile.linux.arm64

@@ -7,7 +7,7 @@ RUN apk update && \
 	echo 'hosts: files dns' >| /etc/nsswitch.conf
 
 LABEL maintainer="ownCloud GmbH <devops@owncloud.com>" \
-  org.label-schema.name="oCIS Konnectd" \
+  org.label-schema.name="oCIS LibreGraph Connect" \
   org.label-schema.vendor="ownCloud GmbH" \
   org.label-schema.schema-version="1.0"
 

idp/pkg/config/config.go

@@ -3,7 +3,7 @@ package config
 import (
 	"context"
 
-	"stash.kopano.io/kc/konnect/bootstrap"
+	"github.com/libregraph/lico/bootstrap"
 )
 
 // Log defines the available logging configuration.

idp/pkg/service/v0/service.go

@@ -11,14 +11,14 @@ import (
 
 	"github.com/go-chi/chi"
 	"github.com/gorilla/mux"
+	"github.com/libregraph/lico/bootstrap"
+	licoconfig "github.com/libregraph/lico/config"
+	"github.com/libregraph/lico/server"
 	"github.com/owncloud/ocis/idp/pkg/assets"
 	"github.com/owncloud/ocis/idp/pkg/config"
 	logw "github.com/owncloud/ocis/idp/pkg/log"
 	"github.com/owncloud/ocis/idp/pkg/middleware"
 	"github.com/owncloud/ocis/ocis-pkg/log"
-	"stash.kopano.io/kc/konnect/bootstrap"
-	kcconfig "stash.kopano.io/kc/konnect/config"
-	"stash.kopano.io/kc/konnect/server"
 	"stash.kopano.io/kgol/rndm"
 )
 
@@ -37,15 +37,15 @@ func NewService(opts ...Option) Service {
 		assets.Config(options.Config),
 	)
 
-	if err := initKonnectInternalEnvVars(&options.Config.Ldap); err != nil {
+	if err := initLicoInternalEnvVars(&options.Config.Ldap); err != nil {
 		logger.Fatal().Err(err).Msg("could not initialize env vars")
 	}
 
 	if err := createConfigsIfNotExist(assetVFS, options.Config.IDP.Iss); err != nil {
 		logger.Fatal().Err(err).Msg("could not create default config")
 	}
 
-	bs, err := bootstrap.Boot(ctx, &options.Config.IDP, &kcconfig.Config{
+	bs, err := bootstrap.Boot(ctx, &options.Config.IDP, &licoconfig.Config{
 		Logger: logw.Wrap(logger),
 	})
 
@@ -109,7 +109,7 @@ func createConfigsIfNotExist(assets http.FileSystem, ocisURL string) error {
 }
 
 // Init vars which are currently not accessible via idp api
-func initKonnectInternalEnvVars(ldap *config.Ldap) error {
+func initLicoInternalEnvVars(ldap *config.Ldap) error {
 	var defaults = map[string]string{
 		"LDAP_URI":                 ldap.URI,
 		"LDAP_BINDDN":              ldap.BindDN,
@@ -142,7 +142,7 @@ type IDP struct {
 }
 
 // initMux initializes the internal idp gorilla mux and mounts it in to a ocis chi-router
-func (k *IDP) initMux(ctx context.Context, r []server.WithRoutes, h http.Handler, options Options) {
+func (idp *IDP) initMux(ctx context.Context, r []server.WithRoutes, h http.Handler, options Options) {
 	gm := mux.NewRouter()
 	for _, route := range r {
 		route.AddRoutes(ctx, gm)
@@ -153,10 +153,10 @@ func (k *IDP) initMux(ctx context.Context, r []server.WithRoutes, h http.Handler
 		gm.NotFoundHandler = h
 	}
 
-	k.mux = chi.NewMux()
-	k.mux.Use(options.Middleware...)
+	idp.mux = chi.NewMux()
+	idp.mux.Use(options.Middleware...)
 
-	k.mux.Use(middleware.Static(
+	idp.mux.Use(middleware.Static(
 		"/signin/v1/",
 		assets.New(
 			assets.Logger(options.Logger),
@@ -165,32 +165,32 @@ func (k *IDP) initMux(ctx context.Context, r []server.WithRoutes, h http.Handler
 	))
 
 	// handle / | index.html with a template that needs to have the BASE_PREFIX replaced
-	k.mux.Get("/signin/v1/identifier", k.Index())
-	k.mux.Get("/signin/v1/identifier/", k.Index())
-	k.mux.Get("/signin/v1/identifier/index.html", k.Index())
+	idp.mux.Get("/signin/v1/identifier", idp.Index())
+	idp.mux.Get("/signin/v1/identifier/", idp.Index())
+	idp.mux.Get("/signin/v1/identifier/index.html", idp.Index())
 
-	k.mux.Mount("/", gm)
+	idp.mux.Mount("/", gm)
 }
 
 // ServeHTTP implements the Service interface.
-func (k IDP) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	k.mux.ServeHTTP(w, r)
+func (idp IDP) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	idp.mux.ServeHTTP(w, r)
 }
 
 // Index renders the static html with the
-func (k IDP) Index() http.HandlerFunc {
+func (idp IDP) Index() http.HandlerFunc {
 
-	f, err := k.assets.Open("/identifier/index.html")
+	f, err := idp.assets.Open("/identifier/index.html")
 	if err != nil {
-		k.logger.Fatal().Err(err).Msg("Could not open index template")
+		idp.logger.Fatal().Err(err).Msg("Could not open index template")
 	}
 
 	template, err := ioutil.ReadAll(f)
 	if err != nil {
-		k.logger.Fatal().Err(err).Msg("Could not read index template")
+		idp.logger.Fatal().Err(err).Msg("Could not read index template")
 	}
 	if err = f.Close(); err != nil {
-		k.logger.Fatal().Err(err).Msg("Could not close body")
+		idp.logger.Fatal().Err(err).Msg("Could not close body")
 	}
 
 	// TODO add environment variable to make the path prefix configurable
@@ -203,7 +203,7 @@ func (k IDP) Index() http.HandlerFunc {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.WriteHeader(http.StatusOK)
 		if _, err := w.Write(indexHTML); err != nil {
-			k.logger.Error().Err(err).Msg("could not write to response writer")
+			idp.logger.Error().Err(err).Msg("could not write to response writer")
 		}
 	})
 }