Evaluate Web of Trust in Automatic Access Grant #43
Comments
chenkins
added a commit
that referenced
this issue
Jan 10, 2024
chenkins
added a commit
that referenced
this issue
Mar 19, 2024
Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
chenkins
added a commit
that referenced
this issue
Mar 19, 2024
Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
|
relates to cryptomator/hub#281 |
chenkins
added a commit
that referenced
this issue
Jun 7, 2024
Allow for bucket acceleration to be nullable (#44). Link to admin setup documentation in github (#44). Install JDK before running mvn (#44). Run compile before generating openapi.json in github (#44). Debug openapi.json github (#44). Debug openapi.json github (#44). Fix type safety for storage profile details (#44). Storage profile details with annotation from openapi.json (#44). Storage profiles in admin area (#44). Add missing http client libraries for S3 (#47). Post-rebase fixes Fix formatting. Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
chenkins
added a commit
that referenced
this issue
Jun 7, 2024
Allow for bucket acceleration to be nullable (#44). Link to admin setup documentation in github (#44). Install JDK before running mvn (#44). Run compile before generating openapi.json in github (#44). Debug openapi.json github (#44). Debug openapi.json github (#44). Fix type safety for storage profile details (#44). Storage profile details with annotation from openapi.json (#44). Storage profiles in admin area (#44). Add missing http client libraries for S3 (#47). Post-rebase fixes Fix formatting. Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
chenkins
added a commit
that referenced
this issue
Jun 7, 2024
Post-uvf-rebase fix repository refactoring upstream. Post-uvf-rebase fix ConfigResource. Allow for bucket acceleration to be nullable (#44). Link to admin setup documentation in github (#44). Install JDK before running mvn (#44). Run compile before generating openapi.json in github (#44). Debug openapi.json github (#44). Debug openapi.json github (#44). Fix type safety for storage profile details (#44). Storage profile details with annotation from openapi.json (#44). Storage profiles in admin area (#44). Add missing http client libraries for S3 (#47). Post-rebase fixes Fix formatting. Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
chenkins
added a commit
that referenced
this issue
Aug 20, 2024
Post-uvf-rebase fix repository refactoring upstream. Post-uvf-rebase fix ConfigResource. Allow for bucket acceleration to be nullable (#44). Link to admin setup documentation in github (#44). Install JDK before running mvn (#44). Run compile before generating openapi.json in github (#44). Debug openapi.json github (#44). Debug openapi.json github (#44). Fix type safety for storage profile details (#44). Storage profile details with annotation from openapi.json (#44). Storage profiles in admin area (#44). Add missing http client libraries for S3 (#47). Post-rebase fixes Fix formatting. Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
chenkins
added a commit
that referenced
this issue
Nov 5, 2024
Post-uvf-rebase fix repository refactoring upstream. Post-uvf-rebase fix ConfigResource. Allow for bucket acceleration to be nullable (#44). Link to admin setup documentation in github (#44). Install JDK before running mvn (#44). Run compile before generating openapi.json in github (#44). Debug openapi.json github (#44). Debug openapi.json github (#44). Fix type safety for storage profile details (#44). Storage profile details with annotation from openapi.json (#44). Storage profiles in admin area (#44). Add missing http client libraries for S3 (#47). Post-rebase fixes Fix formatting. Use AWS SDK compatible with Quarkus native images (#47). Build docker image on every build as latest (#47). Remove UUID from vault JWE (#4/#6). Add storage class, bucket acceleration and bucket encryption options to storage profiles (#44). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging and openapi response documentation (#6). Improved error handling/logging for storage profiles and bucket creation (#6/#3/17). Decouple the client protocol identifier (s3-hub/s3-hub-sts) and the discriminator values (S3/S3STS) in the backend DB tables through openapi-generated client code (#6). Fix linting (#6). Hierarchical DB schema for storage profiles based on DiscriminatorColumn (#6). Use discriminatorProperty openapi scheme annotations for use with openapi-generator's oneOf discriminator lookup (#6). Use optional chaining to make linter happy again (TS18048) (#17/#3). Formatting. Improved error messages (#3/#17). Slim storage profile for what can be fetched from /api/config (#6). Fix openapi/markdown documentation for openapi-generator (#6). Do not show region/GetBucketLocation in permanent case. Update openapi/markdown documentation for storage configurations (#6/#17). Update openapi/markdown documentation for storage configurations (#6) Pull up automatic access grant top-level in vault JWE along key and backend (#13). Create bucket as first call in vault creation (#3). Bufgix GET for individual storage profile allow all users (not only admins) (#17). Show aws cli command for setting CORS (#17). Improve validation message vault template upload frontend permanent (#17) Implement GET for individual storage profile and DELETE WiP (#17) Bugfix vault template upload frontend permanent (#17) Bugfix vault template upload frontend permanent (#17). Fix linting (#17). Validate permanent credentials before uploading vault template (#17). Bugfix vault template upload frontend permanent (#17) Fix missing aud claim required for MinIO. Update documentation uploading storage profiles with admin role (#6). Fix base uri to open in Cipherduck desktop. Enforce authentication for storage profile api. Fix enable S3 Versioning upon bucket creation (#44). Formatting. Enable S3 Versioning upon bucket creation (#44). Enable S3 Versioning upon bucket creation (#44). Implement migration path automatic access grant with WoT (#13 / #43). Document decision remove access to vault. Rename KeycloakCryptomatorVaultsHelper. Rename S3StorageHelper. Fix linting. Fix upload vault template to bucket heading. Use *.cyberduckprofile for hub, s3-hub, s3-hub-sts. Fix cipherduck start/end extension markers. Refactoring (R3) storage profile service persistence (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Refactoring (R3) storage profile service WiP (#4 #6). Set container image group and name in application.properties instead of pom.xml (#47). Update setup documentation(#47). Set container image group and name (#47) Re-enable docker image build and pushing to registry. Remove cipherduckhubbookmark endpoint, add hub UUID to config endpoint to allow client-side hub-specific profile and bookmark generation (#6). Use better name VaultRequested instead of VaultR for Tag Key in assuming second role in chain for AWS (review dko). Get full region list from AWS SDK instead of hard-coding (code review overheadhunter). Extract global constant axiosUnAuth in backend.ts (code review overheadhunter). Inline hubbookmark.duck in order to avoit poentital special handling when using GraalVM to build a native image. Apply suggestions from code review More idiomatic usage of Java stream API. Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/cipherduck/BackendsConfigResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Remove obsolete added into line in diff to upstream. Comply with vue-tsc (Vue 3 Type-Checking). Update README.md Co-authored-by: Sebastian Stenzel <[email protected]> Moving S3 policies away from src/main/resources. Remove CreateVaultS3.vue in order to rebase changes in CreateVault.vue from upstream. Bugfix description displayed as false when vaults created in hub introduced through forking CreateVaultS3.vue from CreateVault.vue and then missing breaking API change. By default, in dev-realm.json, map only realm roles into access token in cryptomator and cryptomator hub clients, but not client roles. Separate roles in MinIO: bucket creation (cryptomator and cryptomatorhub cliients) and bucket access (for cryptomatorvaults client) (#10 #41) Implement template upload for permanent shared credentials (#17). Tentative implementation clean-up sync deleting dangling roles in cryptomatorvaults and corresonding client scopes (#41). Extract profiles and simplify vault jwe (#28, #6). Variable cleanup in CreateVaultS3.vue Comply with pre-release API change in granting access to newly created vault (cryptomator/hub@1c2133d). Post-rebase fix: remove manage-realm from syncer role in dev-realm.json (#41). Move staging/testing properties into custom application.properties (#41). Distinguish stsRoleArn for client and hub when creating bucket, update documentation (#12 #23). Bugfix download template in CreateVaultS3.vue User cipherduck profiles to simplify hub application.properties, add AWS permanent credentials to backend configurations application.properties (#28). Get AWS-STS back to work again, update documentation (#10 #23). Add developer flag for showing vaultId in VaultDetails and VaultList. Add missing import ArrowDownTrayIcon in CreateVaultS3.vue. BackendsConfigDto instead of Any in backend.ts Remove unnecessary manage-realm role for syncer (#41). Automatic Access Grant Flag upon vault creation (#13). Extract hard-coded cryptomatorvaults client to application.properties (#41). Get hubId from backends config service (#10 #41). Implement sharing vaults with groups and unsharing with users/groups; token-exchange into separate client (#10 #41). Cleanup application.properties Cleanup application.properties Remove proxyman stuff again as not used. Complete region list. Remove obsolete dependencies in pom.xml. Refactoring protocol serialization (#4). Remove obsolete CipherduckBookmark.vue (#16). Remove obsolete CipherduckBookmark.vue (#16). Localization DE (#31). Mark cipherduck extensions in vues. Shared long-living credentials: ask for bucket name and offer vault template download after vault creation (#17). Shared long-living credentials (#17) Use inline policy to restrict credentials passed to Hub backend (#3). Allow for choosing region upon vault creation (#3). Cleanup and documentation VaultJWEBackend (#23 #6). Button "Open in Cipherduck" not necessary in vault details, as it is confusing (does not open single vault) and on top of the vault list is still visible (#16). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#23 #6). Cleanup and documentation VaultJWEBackend (#15 #23 #6). Bugfix backend/storage configuration not re-encoded upon granting access (#13). Cleanup bucket prefix and documentation (#15 #23 #6). Implement token-exchange to get scoped token for AWS with testing.hub.cryptomator.org (#41 #10 #23 #3). Gitignore local backend/config/application.properties. Updated top-level README.md for Cipherduck. Show Vault ID in VaultDetails for debugging. Implement token-exchange to get scoped token for MinIO (#41 #10 #23 #3). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). AssumeRoleWithWebIdentity (MinIO + AWS) in frontend and pass temporary credentials to backend: get rid of policy upload and use only AWS client, admin documentation (#3, #23, #10). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Cipherduckhubbookmark end point for 1 vault = 1 storage (#4). Use StorageConfig service in frontend to get values (#3). Add configuration for hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add admin Documentation for setting up OIDC Provider at AWS/MinIO and testing vault creation (#23). Add hub frontend vault storage configuration for STS (MinIO + AWS) (#3). Add protocol field to StorageDto (#6). Refactor StorageDto into record instead of POJO. Update frontend/src/common/backend.ts Co-authored-by: Sebastian Stenzel <[email protected]> Update backend/src/main/java/org/cryptomator/hub/api/StorageResource.java Co-authored-by: Sebastian Stenzel <[email protected]> Fix failing tests as Keycloak is not available at quarkus test time. Comment out sonarcloud in github action. Update issue templates (#33) added "open bookmark" button in vault details (just in case), hid "download vault template" button Use 'x-cipherduck-action' instead of 'io.mountainduck' for OAuth custom scheme handling (#28). added "open bookmark" button in vault list Add Hub Id as UUID in hub bookmark to prevent adding the same bookmark multiple times (#29). renamed most obvious instances of Cryptomator Hub to Cipherduck Bugfix missing description in openapi.json for vault storage shared long-living credentials API (#17). cleaned up frontend Implement cipherduck hub bookmark download from browser (#16). Implement cipherduck hub bookmark download frontend page (#16). Bugfix missing constructor for first version hub frontend vault storage shared long-living credentials (#17). Implement first version hub frontend vault storage shared long-living credentials (#17). Implement cipherduck hub bookmark endpoint (#16). Use amr claim instead of aud claim for now (#10). Use cryptomator client id in staging keycloak as well (#10). Use vault instead of vault user attribute (#10). Remove admin role for syncer (#10). Remove minio client id. Switch /api/config/cipherduckprofile to local MinIO configuration to fix HubIntegration test in client project. Update TODOs. Bugfix empty attributes in keycloak. Config cipherduck-staging (one role for all buckets). Set directAccessGrantsEnabled to false. Simplify concat Add top-level .gitignore (ignoring top-level .idea folder). Add /api/config/cipherduckprofile v0. Remove obsolete dependencies to commons-io and qute. Move GeneratePolicy back to duck again. Dev-realm with minio client_id. Upload bucket policy (aws cli call in backend for now) upon vault creation and add vaultId to keycloak upon vault JWE upload. TODO: create bucket upon vault creation. Update application.properties: comment out proxyman.local Improve local dev setup description in README. Add user-001 to dev-realm.json. Add configuration with alternative host proxyman.local instead of localhost name as requests to localhost are bypassing configured proxies.
|
@overheadhunter could you point me to the ts snippet that we need to implement for automatic access grant? |
|
Use the typescript implementation as a reference:
katta-server/frontend/src/common/backend.ts Lines 272 to 274 in 06c4d28 katta-server/frontend/src/common/backend.ts Lines 94 to 97 in 06c4d28
katta-server/frontend/src/common/wot.ts Lines 55 to 76 in 06c4d28
katta-server/frontend/src/common/universalVaultFormat.ts Lines 521 to 529 in 24f4993 katta-server/frontend/src/common/crypto.ts Lines 64 to 91 in 24f4993
|
chenkins
changed the title
chenkins
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Story
Acceptance Criteria
Open Questions
Context
Implementation
The text was updated successfully, but these errors were encountered: