From b47ec79c1522022676f696c74a04b634332ddf85 Mon Sep 17 00:00:00 2001 From: Sabin Date: Tue, 19 Mar 2024 15:20:36 +0545 Subject: [PATCH 1/6] test: bump ocis commit id --- .drone.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index d66dd177745..1864a15271f 100644 --- a/.drone.star +++ b/.drone.star @@ -5,7 +5,7 @@ NOTIFICATIONS = 3 ALPINE_GIT = "alpine/git:latest" APACHE_TIKA = "apache/tika:2.8.0.0" -KEYCLOAK = "quay.io/keycloak/keycloak:22.0.4" +KEYCLOAK = "quay.io/keycloak/keycloak:24.0.1" MINIO_MC = "minio/mc:RELEASE.2021-10-07T04-19-58Z" OC_CI_ALPINE = "owncloudci/alpine:latest" OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier" From e071831c6ef79bb3b62ec6efc6e22f8d320fa5e2 Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Wed, 20 Mar 2024 12:20:48 +0545 Subject: [PATCH 2/6] ci: fix keycloak command --- .drone.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 1864a15271f..e0307e81e5c 100644 --- a/.drone.star +++ b/.drone.star @@ -2310,7 +2310,7 @@ def keycloakService(): "commands": [ "mkdir -p /opt/keycloak/data/import", "cp tests/drone/ocis_keycloak/ocis-ci-realm.dist.json /opt/keycloak/data/import/ocis-realm.json", - "/opt/keycloak/bin/kc.sh start-dev --proxy edge --spi-connections-http-client-default-disable-trust-manager=false --import-realm --health-enabled=true", + "/opt/keycloak/bin/kc.sh start-dev --proxy=edge --spi-connections-http-client-default-disable-trust-manager=true --import-realm --health-enabled=true", ], "volumes": [ { From bf5b8948d2957e42fe3ad97f125bef41a64f7273 Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Wed, 20 Mar 2024 17:45:53 +0545 Subject: [PATCH 3/6] do not use web config file with keycloak --- .drone.star | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.drone.star b/.drone.star index e0307e81e5c..8049ada8db0 100644 --- a/.drone.star +++ b/.drone.star @@ -974,7 +974,7 @@ def installPlaywright(): "PLAYWRIGHT_BROWSERS_PATH": ".playwright", }, "commands": [ - "pnpm exec playwright install --with-deps", + "pnpm exec playwright install --with-deps chromium", ], }] @@ -1233,8 +1233,7 @@ def ocisService(type, tika_enabled = False, enforce_password_public_link = False environment["OCIS_EXCLUDE_RUN_SERVICES"] = "idp" environment["GRAPH_ASSIGN_DEFAULT_USER_ROLE"] = "false" environment["GRAPH_USERNAME_MATCH"] = "none" - - if type == "app-provider": + elif type == "app-provider": environment["GATEWAY_GRPC_ADDR"] = "0.0.0.0:9142" environment["MICRO_REGISTRY"] = "nats-js-kv" environment["MICRO_REGISTRY_ADDRESS"] = "0.0.0.0:9233" @@ -1242,8 +1241,6 @@ def ocisService(type, tika_enabled = False, enforce_password_public_link = False environment["NATS_NATS_PORT"] = 9233 else: environment["WEB_UI_CONFIG_FILE"] = "%s" % dir["ocisConfig"] - environment["STORAGE_HOME_DRIVER"] = "ocis" - environment["STORAGE_USERS_DRIVER"] = "ocis" if tika_enabled: environment["FRONTEND_FULL_TEXT_SEARCH_ENABLED"] = True @@ -2269,10 +2266,9 @@ def keycloakService(): return [ { "name": "generate-keycloak-certs", - "image": OC_UBUNTU, + "image": OC_CI_NODEJS, "commands": [ - "apt install openssl -y", - "mkdir keycloak-certs", + "mkdir -p keycloak-certs", "openssl req -x509 -newkey rsa:2048 -keyout keycloak-certs/keycloakkey.pem -out keycloak-certs/keycloakcrt.pem -nodes -days 365 -subj '/CN=keycloak'", "chmod -R 777 keycloak-certs", ], @@ -2351,6 +2347,7 @@ def e2eTestsOnKeycloak(ctx): "temp": {}, }, ] + if not "full-ci" in ctx.build.title.lower() and ctx.build.event != "cron": return [] From 9f91eb10152ed6c77d187d8ccee4b25522cbe5fa Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Fri, 22 Mar 2024 16:12:25 +0545 Subject: [PATCH 4/6] use separate web config with ocis-keycloak setup --- .drone.star | 2 + .../ocis_keycloak/ocis-ci-realm.dist.json | 554 ++---------------- tests/drone/web-keycloak.json | 31 + 3 files changed, 67 insertions(+), 520 deletions(-) create mode 100644 tests/drone/web-keycloak.json diff --git a/.drone.star b/.drone.star index 8049ada8db0..3cf16d103a4 100644 --- a/.drone.star +++ b/.drone.star @@ -45,6 +45,7 @@ dir = { "app": "/srv/app", "config": "/srv/config", "ocisConfig": "/srv/config/drone/config-ocis.json", + "webKeycloakConfig": "/srv/config/drone/web-keycloak.json", "ocisIdentifierRegistrationConfig": "/srv/config/drone/identifier-registration.yml", "ocisRevaDataRoot": "/srv/app/tmp/ocis/owncloud/data/", "testingDataDir": "/srv/app/testing/data/", @@ -1233,6 +1234,7 @@ def ocisService(type, tika_enabled = False, enforce_password_public_link = False environment["OCIS_EXCLUDE_RUN_SERVICES"] = "idp" environment["GRAPH_ASSIGN_DEFAULT_USER_ROLE"] = "false" environment["GRAPH_USERNAME_MATCH"] = "none" + environment["WEB_UI_CONFIG_FILE"] = "%s" % dir["webKeycloakConfig"] elif type == "app-provider": environment["GATEWAY_GRPC_ADDR"] = "0.0.0.0:9142" environment["MICRO_REGISTRY"] = "nats-js-kv" diff --git a/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json b/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json index 8090c2aefbd..03dacdaa04b 100644 --- a/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json +++ b/tests/drone/ocis_keycloak/ocis-ci-realm.dist.json @@ -97,15 +97,9 @@ "description": "${role_default-roles}", "composite": true, "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], + "realm": ["offline_access", "uma_authorization"], "client": { - "account": [ - "manage-account", - "view-profile" - ] + "account": ["manage-account", "view-profile"] } }, "clientRole": false, @@ -123,7 +117,6 @@ } ], "client": { - "_system": [], "realm-management": [ { "id": "979ce053-a671-4b50-81d5-da4bdf7404c9", @@ -132,9 +125,7 @@ "composite": true, "composites": { "client": { - "realm-management": [ - "query-clients" - ] + "realm-management": ["query-clients"] } }, "clientRole": true, @@ -298,10 +289,7 @@ "composite": true, "composites": { "client": { - "realm-management": [ - "query-groups", - "query-users" - ] + "realm-management": ["query-groups", "query-users"] } }, "clientRole": true, @@ -336,12 +324,9 @@ "attributes": {} } ], - "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69": [], "web": [], "security-admin-console": [], - "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD": [], "admin-cli": [], - "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1": [], "account-console": [], "broker": [ { @@ -362,9 +347,7 @@ "composite": true, "composites": { "client": { - "account": [ - "manage-account-links" - ] + "account": ["manage-account-links"] } }, "clientRole": true, @@ -432,9 +415,7 @@ "composite": true, "composites": { "client": { - "account": [ - "view-consent" - ] + "account": ["view-consent"] } }, "clientRole": true, @@ -453,9 +434,7 @@ "clientRole": false, "containerId": "ownCloud Infinite Scale Test" }, - "requiredCredentials": [ - "password" - ], + "requiredCredentials": ["password"], "otpPolicyType": "totp", "otpPolicyAlgorithm": "HmacSHA1", "otpPolicyInitialCounter": 0, @@ -469,9 +448,7 @@ "totpAppFreeOTPName" ], "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], + "webAuthnPolicySignatureAlgorithms": ["ES256"], "webAuthnPolicyRpId": "", "webAuthnPolicyAttestationConveyancePreference": "not specified", "webAuthnPolicyAuthenticatorAttachment": "not specified", @@ -481,9 +458,7 @@ "webAuthnPolicyAvoidSameAuthenticatorRegister": false, "webAuthnPolicyAcceptableAaguids": [], "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], + "webAuthnPolicyPasswordlessSignatureAlgorithms": ["ES256"], "webAuthnPolicyPasswordlessRpId": "", "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", @@ -514,185 +489,9 @@ ], "disableableCredentialTypes": [], "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisAdmin", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "0a9f434c-4864-49cf-ac15-46ed0f49d59b", - "createdTimestamp": 1611912153544, - "username": "einstein", - "enabled": true, - "totp": false, - "emailVerified": true, - "firstName": "Albert", - "lastName": "Einstein", - "email": "einstein@example.org", - "credentials": [ - { - "id": "19efcb24-c5ec-42ed-97e1-2475ca025f40", - "type": "password", - "createdDate": 1611912169712, - "secretData": "{\"value\":\"RFmvq2E9BRSkTlzax83HU02nMA83KisDenT6cnb8EspZTrsXvIrFBspIeOZIZfZaJIacFBg1FXslHZMwbUp8qA==\",\"salt\":\"p2wYyBMa41n3A6/5ZAFUww==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "b44a81e2-e3ed-4241-a9ce-44604f7ac9eb", - "createdTimestamp": 1678101111607, - "username": "katherine", - "enabled": true, - "totp": false, - "emailVerified": true, - "firstName": "Katherine", - "lastName": "Johnson", - "email": "katherine@example.org", - "credentials": [ - { - "id": "be18ccc9-b80f-4895-bf06-8e8e4605c634", - "type": "password", - "userLabel": "My password", - "createdDate": 1678101159924, - "secretData": "{\"value\":\"/E/1yfcgM8deq6V544gEsTfsXZuUnzaofmM+AK+MpAsvRoNRtEyRN1pajhIpGDtEuPa/KVBDbcALE7WMbFhO1w==\",\"salt\":\"TXapvlOYBWqabQRo+fINFQ==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "ocisSpaceAdmin", - "default-roles-ocis" - ], - "notBefore": 0, - "groups": [] - }, - { - "id": "48016357-346a-443e-bf7a-945c9448a99b", - "createdTimestamp": 1611912241951, - "username": "marie", - "enabled": true, - "totp": false, - "emailVerified": true, - "firstName": "Marie", - "lastName": "Curie", - "email": "marie@example.org", - "credentials": [ - { - "id": "ff304f90-a934-4bf1-9cfe-bd165751c110", - "type": "password", - "createdDate": 1611912318408, - "secretData": "{\"value\":\"DN7g/etlfzHfd6tfF4g50xdPGy+aUboAXmjB06R0NzhGhwhOxiUh7KNWre2pqZOiu28iGXfDFWMP2xDCNid+Mg==\",\"salt\":\"ZFYXUMBaZm/XspifJgH9Tg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "d18c3689-b816-455a-9728-cd8c9797f315", - "createdTimestamp": 1611912340085, - "username": "moss", - "enabled": true, - "totp": false, - "emailVerified": true, - "firstName": "Maurice", - "lastName": "Moss", - "email": "moss@example.org", - "credentials": [ - { - "id": "273679bf-80ef-4c83-ac23-0ee569c3bece", - "type": "password", - "createdDate": 1611912354500, - "secretData": "{\"value\":\"u1oYT2/nE7cWKY4MK57zzyOAbnBGjTt1J3MWCJJfnBpSZnO0q1nB9Eymt2P9te702E0ijPDTb8towbxSm60dfQ==\",\"salt\":\"0LnbBHsRET4CLI/bzW4xng==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisAdmin", - "offline_access" - ], - "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] - }, - "notBefore": 0, - "groups": [] - }, - { - "id": "373be4c5-7f65-4e91-ba0e-bfb618c96046", - "createdTimestamp": 1611912442173, - "username": "richard", - "enabled": true, - "totp": false, - "emailVerified": true, - "firstName": "Richard", - "lastName": "Feynman", - "email": "richard@example.org", - "credentials": [ - { - "id": "2fb1bcd7-8a51-4732-b695-dc4aa14b1dca", - "type": "password", - "createdDate": 1611912452192, - "secretData": "{\"value\":\"uzN0AO66tnEoLM5SpHmJ3rNb4Gj9sXJMafn68EbDwVtQmbOR0uY7L/ePU7i5pVTvhgRN7XMj0P9Fc+iV7C+Pzw==\",\"salt\":\"PqLW9Cu52hOW9b2cVTF+Sg==\",\"additionalParameters\":{}}", - "credentialData": "{\"hashIterations\":27500,\"algorithm\":\"pbkdf2-sha256\",\"additionalParameters\":{}}" - } - ], - "disableableCredentialTypes": [], - "requiredActions": [], - "realmRoles": [ - "uma_authorization", - "ocisUser", - "offline_access" - ], + "realmRoles": ["uma_authorization", "ocisAdmin", "offline_access"], "clientRoles": { - "account": [ - "manage-account", - "view-profile" - ] + "account": ["manage-account", "view-profile"] }, "notBefore": 0, "groups": [] @@ -701,71 +500,22 @@ "scopeMappings": [ { "clientScope": "offline_access", - "roles": [ - "offline_access" - ] + "roles": ["offline_access"] }, { "clientScope": "roles", - "roles": [ - "ocisSpaceAdmin", - "ocisGuest", - "ocisUser", - "ocisAdmin" - ] + "roles": ["ocisSpaceAdmin", "ocisGuest", "ocisUser", "ocisAdmin"] } ], "clientScopeMappings": { "account": [ { "client": "account-console", - "roles": [ - "manage-account", - "view-groups" - ] + "roles": ["manage-account", "view-groups"] } ] }, "clients": [ - { - "id": "294b6cf4-b646-4f6c-bab2-616546ec3167", - "clientId": "_system", - "name": "_system", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "post.logout.redirect.uris": "+" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": false, - "nodeReRegistrationTimeout": 0, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, { "id": "9850adad-7910-4b67-a790-da6444361618", "clientId": "account", @@ -776,9 +526,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/oCIS/account/*" - ], + "redirectUris": ["/realms/oCIS/account/*"], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -809,9 +557,7 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/realms/oCIS/account/*" - ], + "redirectUris": ["/realms/oCIS/account/*"], "webOrigins": [], "notBefore": 0, "bearerOnly": false, @@ -840,19 +586,8 @@ "config": {} } ], - "defaultClientScopes": [ - "web-origins", - "acr", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "defaultClientScopes": ["web-origins", "acr", "profile", "roles", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] }, { "id": "2969b8ff-2ab3-4907-aaa7-091a7a627ccb", @@ -912,122 +647,6 @@ "defaultClientScopes": [], "optionalClientScopes": [] }, - { - "id": "c8367556-1d13-4979-b4f6-5e2cff1f82ae", - "clientId": "e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD", - "name": "ownCloud Android app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD", - "redirectUris": [ - "oc://android.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "6ae0e3da-38ff-47a4-a76e-b59eec0a2de9", - "clientId": "mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1", - "name": "ownCloud iOS app", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx", - "redirectUris": [ - "oc://ios.owncloud.com" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, { "id": "7848ee94-cc9b-40db-946f-a86ac73dc9b7", "clientId": "realm-management", @@ -1067,12 +686,8 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "/admin/oCIS/console/*" - ], - "webOrigins": [ - "+" - ], + "redirectUris": ["/admin/oCIS/console/*"], + "webOrigins": ["+"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1122,12 +737,8 @@ "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "redirectUris": [ - "https://ocis:9200/*" - ], - "webOrigins": [ - "https://ocis:9200" - ], + "redirectUris": ["https://ocis:9200/*"], + "webOrigins": ["https://ocis:9200"], "notBefore": 0, "bearerOnly": false, "consentRequired": false, @@ -1163,77 +774,8 @@ "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] - }, - { - "id": "fc7d8a8e-cb92-4cb0-b404-d723c07d8d4f", - "clientId": "xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69", - "name": "ownCloud Desktop Client", - "surrogateAuthRequired": false, - "enabled": true, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "secret": "UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh", - "redirectUris": [ - "http://127.0.0.1:*", - "http://localhost:*" - ], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": true, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "openid-connect", - "attributes": { - "saml.assertion.signature": "false", - "saml.force.post.binding": "false", - "saml.multivalued.roles": "false", - "saml.encrypt": "false", - "post.logout.redirect.uris": "+", - "backchannel.logout.revoke.offline.tokens": "false", - "saml.server.signature": "false", - "saml.server.signature.keyinfo.ext": "false", - "exclude.session.state.from.auth.response": "false", - "backchannel.logout.session.required": "true", - "client_credentials.use_refresh_token": "false", - "saml_force_name_id_format": "false", - "saml.client.signature": "false", - "tls.client.certificate.bound.access.tokens": "false", - "saml.authnstatement": "false", - "display.on.consent.screen": "false", - "saml.onetimeuse.condition": "false" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [ - "web-origins", - "profile", - "roles", - "email" - ], - "optionalClientScopes": [ - "address", - "phone", - "offline_access", - "microprofile-jwt" - ] + "defaultClientScopes": ["web-origins", "profile", "roles", "email"], + "optionalClientScopes": ["address", "phone", "offline_access", "microprofile-jwt"] } ], "clientScopes": [ @@ -1747,20 +1289,8 @@ ] } ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "roles", - "web-origins", - "acr" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], + "defaultDefaultClientScopes": ["role_list", "profile", "email", "roles", "web-origins", "acr"], + "defaultOptionalClientScopes": ["offline_access", "address", "phone", "microprofile-jwt"], "browserSecurityHeaders": { "contentSecurityPolicyReportOnly": "", "xContentTypeOptions": "nosniff", @@ -1772,9 +1302,7 @@ }, "smtpServer": {}, "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], + "eventsListeners": ["jboss-logging"], "enabledEventTypes": [], "adminEventsEnabled": false, "adminEventsDetailsEnabled": false, @@ -1789,9 +1317,7 @@ "subType": "anonymous", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" - ] + "allow-default-scopes": ["true"] } }, { @@ -1828,9 +1354,7 @@ "subType": "authenticated", "subComponents": {}, "config": { - "allow-default-scopes": [ - "true" - ] + "allow-default-scopes": ["true"] } }, { @@ -1840,9 +1364,7 @@ "subType": "anonymous", "subComponents": {}, "config": { - "max-clients": [ - "200" - ] + "max-clients": ["200"] } }, { @@ -1880,9 +1402,7 @@ "providerId": "rsa-generated", "subComponents": {}, "config": { - "priority": [ - "100" - ] + "priority": ["100"] } }, { @@ -1891,12 +1411,8 @@ "providerId": "hmac-generated", "subComponents": {}, "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] + "priority": ["100"], + "algorithm": ["HS256"] } }, { @@ -1905,9 +1421,7 @@ "providerId": "aes-generated", "subComponents": {}, "config": { - "priority": [ - "100" - ] + "priority": ["100"] } } ] diff --git a/tests/drone/web-keycloak.json b/tests/drone/web-keycloak.json new file mode 100644 index 00000000000..24eef31bd41 --- /dev/null +++ b/tests/drone/web-keycloak.json @@ -0,0 +1,31 @@ +{ + "server": "https://ocis:9200", + "theme": "https://ocis:9200/themes/owncloud/theme.json", + "openIdConnect": { + "client_id": "web", + "response_type": "code", + "scope": "openid profile email" + }, + "options": { + "topCenterNotifications": true, + "disablePreviews": true, + "displayResourcesLazy": false, + "sidebar": { + "shares": { + "showAllOnLoad": true + } + }, + "routing": { + "idBased": false + } + }, + "apps": [ + "files", + "draw-io", + "text-editor", + "media-viewer", + "pdf-viewer", + "search", + "admin-settings" + ] +} From a55cd3b6ef4d09405454e80390503770aa5a46a7 Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Fri, 22 Mar 2024 16:29:23 +0545 Subject: [PATCH 5/6] add NOTE --- .drone.star | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 3cf16d103a4..b7f64b9784d 100644 --- a/.drone.star +++ b/.drone.star @@ -9,7 +9,6 @@ KEYCLOAK = "quay.io/keycloak/keycloak:24.0.1" MINIO_MC = "minio/mc:RELEASE.2021-10-07T04-19-58Z" OC_CI_ALPINE = "owncloudci/alpine:latest" OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier" -OC_CI_CORE_NODEJS = "owncloudci/core:nodejs14" OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest" OC_CI_DRONE_SKIP_PIPELINE = "owncloudci/drone-skip-pipeline" OC_CI_GOLANG = "owncloudci/golang:1.22" @@ -1234,6 +1233,11 @@ def ocisService(type, tika_enabled = False, enforce_password_public_link = False environment["OCIS_EXCLUDE_RUN_SERVICES"] = "idp" environment["GRAPH_ASSIGN_DEFAULT_USER_ROLE"] = "false" environment["GRAPH_USERNAME_MATCH"] = "none" + + # TODO: after ocis issue is fixed + # - use config from dir["ocisConfig"] + # - remove config file from dir["webKeycloakConfig"] + # issue: https://github.com/owncloud/ocis/issues/8703 environment["WEB_UI_CONFIG_FILE"] = "%s" % dir["webKeycloakConfig"] elif type == "app-provider": environment["GATEWAY_GRPC_ADDR"] = "0.0.0.0:9142" From c8e041792839dce94df2ace8195f9ea81eff6f6c Mon Sep 17 00:00:00 2001 From: Saw-jan Date: Fri, 22 Mar 2024 16:34:42 +0545 Subject: [PATCH 6/6] remove unnecessary step --- .drone.star | 40 ++++++---------------------------------- 1 file changed, 6 insertions(+), 34 deletions(-) diff --git a/.drone.star b/.drone.star index b7f64b9784d..81d4d4af7ca 100644 --- a/.drone.star +++ b/.drone.star @@ -42,10 +42,9 @@ dir = { "ocis": "/var/www/owncloud/ocis", "commentsFile": "/var/www/owncloud/web/comments.file", "app": "/srv/app", - "config": "/srv/config", - "ocisConfig": "/srv/config/drone/config-ocis.json", - "webKeycloakConfig": "/srv/config/drone/web-keycloak.json", - "ocisIdentifierRegistrationConfig": "/srv/config/drone/identifier-registration.yml", + "ocisConfig": "/var/www/owncloud/web/tests/drone/config-ocis.json", + "webKeycloakConfig": "/var/www/owncloud/web/tests/drone/web-keycloak.json", + "ocisIdentifierRegistrationConfig": "/var/www/owncloud/web/tests/drone/identifier-registration.yml", "ocisRevaDataRoot": "/srv/app/tmp/ocis/owncloud/data/", "testingDataDir": "/srv/app/testing/data/", } @@ -219,9 +218,6 @@ go_step_volumes = [{ }, { "name": "gopath", "path": "/go", -}, { - "name": "configs", - "path": dir["config"], }] web_workspace = { @@ -680,8 +676,7 @@ def e2eTests(ctx): restoreBuildArtifactCache(ctx, "playwright", ".playwright") + \ installPnpm() + \ installPlaywright() + \ - restoreBuildArtifactCache(ctx, "web-dist", "dist") + \ - setupServerConfigureWeb(params["logLevel"]) + restoreBuildArtifactCache(ctx, "web-dist", "dist") if ctx.build.event == "cron": steps += restoreBuildArtifactCache(ctx, "ocis", "ocis") @@ -817,7 +812,6 @@ def acceptance(ctx): # TODO: don't start services if we skip it -> maybe we need to convert them to steps steps += skipIfUnchanged(ctx, "acceptance-tests") steps += restoreBuildArtifactCache(ctx, "web-dist", "dist") - steps += setupServerConfigureWeb(params["logLevel"]) services = browserService(alternateSuiteName, browser) + middlewareService() @@ -974,7 +968,7 @@ def installPlaywright(): "PLAYWRIGHT_BROWSERS_PATH": ".playwright", }, "commands": [ - "pnpm exec playwright install --with-deps chromium", + "pnpm exec playwright install --with-deps", ], }] @@ -1278,9 +1272,6 @@ def ocisService(type, tika_enabled = False, enforce_password_public_link = False "volumes": [{ "name": "gopath", "path": dir["app"], - }, { - "name": "configs", - "path": dir["config"], }, { "name": "ocis-config", "path": "/root/.ocis/config", @@ -1313,21 +1304,6 @@ def checkForExistingOcisCache(ctx): }, ] -def setupServerConfigureWeb(logLevel): - return [{ - "name": "setup-server-configure-web", - "image": OC_CI_PHP, - "commands": [ - "mkdir -p /srv/config", - "cp -r %s/tests/drone /srv/config" % dir["web"], - "ls -la /srv/config/drone", - ], - "volumes": [{ - "name": "configs", - "path": dir["config"], - }], - }] - def copyFilesForUpload(): return [{ "name": "copy-files-for-upload", @@ -1381,9 +1357,6 @@ def runWebuiAcceptanceTests(ctx, suite, alternateSuiteName, filterTags, extraEnv "volumes": [{ "name": "gopath", "path": dir["app"], - }, { - "name": "configs", - "path": dir["config"], }], }] @@ -2362,8 +2335,7 @@ def e2eTestsOnKeycloak(ctx): installPnpm() + \ installPlaywright() + \ keycloakService() + \ - restoreBuildArtifactCache(ctx, "web-dist", "dist") + \ - setupServerConfigureWeb("2") + restoreBuildArtifactCache(ctx, "web-dist", "dist") if ctx.build.event == "cron": steps += restoreBuildArtifactCache(ctx, "ocis", "ocis") else: