Mount encrypt password #38728
Mount encrypt password #38728
Conversation
|
@phil-davis The unit tests should have been fixed with the last commit |
|
docs relevant (wnd), pls file an issue when close to merge |
|
PR #37015 added those test scenarios. From reading the PR, I think that we did not know exactly which keys were appropriate to use for local storage (vs Google and other storages). Now
Or we can remove |
|
Taking into account that we don't plan to have a "client_secret" for the local storage, adjusting the test seems good enough to me. |
jvillafanez
force-pushed
the
mount_encrypt_password
branch
from
6c9e642
to
85c0fd8
Compare
jvillafanez
force-pushed
the
mount_encrypt_password
branch
from
85c0fd8
to
22f5e1c
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
| use OCP\IConfig; | ||
|
|
||
| /** | ||
| * Auto-generated migration step: Please modify to your needs! |
There was a problem hiding this comment.
IMO this comment is not relevant - the migration step has been modified according to our needs.
There was a problem hiding this comment.
If that's the only change, let me ignore it.
I'll change it if there is anything more that needs to change.
There was a problem hiding this comment.
@jvillafanez you could choose some reviewers, so that they see that this is ready for review.
|
@mmattel docs issue in owncloud/docs#3585 |
| if ($enabledApp !== 'files_external' && \OC_App::isType($enabledApp, ['filesystem'])) { | ||
| try { | ||
| \OC_App::loadApp($enabledApp); | ||
| } catch (NeedsUpdateException $ex) { |
There was a problem hiding this comment.
@jvillafanez https://drone.owncloud.com/owncloud/update-testing/1207/1/5 update-testing nightly is failing (all the pipelines):
+ php ./occ up
ownCloud or one of the apps require upgrade - only a limited number of commands are available
You may use your browser or the occ upgrade command to do the upgrade
2021-05-21T00:06:46+00:00 Set log level to debug
2021-05-21T00:06:46+00:00 Turned on maintenance mode
2021-05-21T00:06:46+00:00 Repair step: Upgrade app code from the marketplace
2021-05-21T00:06:46+00:00 Repair info: Enabling market app to assist with update
2021-05-21T00:06:46+00:00 Repair info: Using market to update existing apps
2021-05-21T00:06:46+00:00 Repair info: Attempting to update the following existing compatible apps from market: dav, federatedfilesharing, files, files_external, files_sharing, files_trashbin, files_versions, firstrunwizard, notifications, provisioning_api
2021-05-21T00:06:46+00:00 Repair info: Fetching app from market: dav
2021-05-21T00:06:46+00:00 Repair info: App (dav) is not installed
2021-05-21T00:06:46+00:00 Repair info: Fetching app from market: federatedfilesharing
2021-05-21T00:06:46+00:00 Repair info: App (federatedfilesharing) is not installed
2021-05-21T00:06:46+00:00 Repair info: Fetching app from market: files
2021-05-21T00:06:47+00:00 Repair info: App (files) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: files_external
2021-05-21T00:06:47+00:00 Repair info: App (files_external) is not installed
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: files_sharing
2021-05-21T00:06:47+00:00 Repair info: App (files_sharing) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: files_trashbin
2021-05-21T00:06:47+00:00 Repair info: App (files_trashbin) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: files_versions
2021-05-21T00:06:47+00:00 Repair info: App (files_versions) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: firstrunwizard
2021-05-21T00:06:47+00:00 Repair info: App (firstrunwizard) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: notifications
2021-05-21T00:06:47+00:00 Repair info: App (notifications) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: Fetching app from market: provisioning_api
2021-05-21T00:06:47+00:00 Repair info: App (provisioning_api) is not known at the marketplace.
2021-05-21T00:06:47+00:00 Repair info: App was not updated: dav
2021-05-21T00:06:47+00:00 Repair info: App was not updated: federatedfilesharing
2021-05-21T00:06:47+00:00 Repair info: App was not updated: files
2021-05-21T00:06:47+00:00 Repair info: App was not updated: files_external
2021-05-21T00:06:47+00:00 Repair info: App was not updated: files_sharing
2021-05-21T00:06:47+00:00 Repair info: App was not updated: files_trashbin
2021-05-21T00:06:47+00:00 Repair info: App was not updated: files_versions
2021-05-21T00:06:47+00:00 Repair info: App was not updated: firstrunwizard
2021-05-21T00:06:47+00:00 Repair info: App was not updated: notifications
2021-05-21T00:06:47+00:00 Repair info: App was not updated: provisioning_api
2021-05-21T00:06:47+00:00 Repair step: Repair MySQL database engine
2021-05-21T00:06:47+00:00 Repair step: Repair MySQL collation
2021-05-21T00:06:47+00:00 Repair info: All tables already have the correct collation -> nothing to do
2021-05-21T00:06:47+00:00 Repair step: Repair SQLite autoincrement
2021-05-21T00:06:47+00:00 Repair step: Repair orphaned reshare
2021-05-21T00:06:47+00:00 Repair step: Repair duplicate entries in oc_lucene_status
2021-05-21T00:06:47+00:00 Repair info: lucene_status table does not exist -> nothing to do
2021-05-21T00:06:47+00:00 Updating database schema
2021-05-21T00:06:50+00:00 Updated database
2021-05-21T00:06:50+00:00 Updating <firstrunwizard> ...
2021-05-21T00:06:50+00:00 Updated <firstrunwizard> to 1.2.0
2021-05-21T00:06:50+00:00 Updating <files> ...
2021-05-21T00:06:50+00:00 Updated <files> to 1.5.2
2021-05-21T00:06:50+00:00 Updating <files_sharing> ...
2021-05-21T00:06:52+00:00 Updated <files_sharing> to 0.14.0
2021-05-21T00:06:52+00:00 Updating <files_trashbin> ...
2021-05-21T00:06:53+00:00 Updated <files_trashbin> to 0.9.1
2021-05-21T00:06:53+00:00 Updating <files_versions> ...
2021-05-21T00:06:53+00:00 Updated <files_versions> to 1.3.0
2021-05-21T00:06:53+00:00 Updating <notifications> ...
2021-05-21T00:06:53+00:00 Updated <notifications> to 0.5.2
2021-05-21T00:06:53+00:00 Updating <provisioning_api> ...
2021-05-21T00:06:53+00:00 Updated <provisioning_api> to 0.5.0
2021-05-21T00:06:56+00:00 OC\NeedsUpdateException:
2021-05-21T00:06:56+00:00 Update failed
2021-05-21T00:06:56+00:00 Maintenance mode is kept active
2021-05-21T00:06:56+00:00 Reset log level
It started failing the morning of 2021-05-21. It passed the morning of 2021-05-20. So something merged on 2021-5-20 might be the cause.
This PR has a migration, and mentions NeedsUpdateException - maybe there is more or different code that is needed here?
(I haven't tried to reproduce locally! I am just guessing at the moment.)
There was a problem hiding this comment.
I raised issue #38770 so that we follow-up this.
There was a problem hiding this comment.
I don't discard problems since I mostly tested only upgrading the files_external app and not with other apps. This is probably a new case because the migration requires loading other apps, which could also require updating.
I'll need additional information about where it's failing exactly. In theory, if an additional FS app requires updating, the migration tries to update and then load the app, so it shouldn't crash like that....
|
Linking with #38773 for the follow up |
Description
Ensure configuration parameters marked as passwords in the mount point configuration are encrypted in the DB.
The encryption only happens on rest. The values are decrypted after getting the information from normal means so they can be sent to the storage without problems. The storage implementations won't need to decrypt anything.
A migration is also provided so the mount points are properly updated.
Note that this applies to any password parameter that is saved through the storage. Parameters that don't go through the storage, such as login credentials, and which are saved differently still have its own way of handling. There is no change in this regard.
Related Issue
https://github.com/owncloud/enterprise/issues/4461
Motivation and Context
How Has This Been Tested?
Manually tested.
Test 1
Test 2
Screenshots (if appropriate):
Types of changes
Checklist: