Skip to content

[feature/guest-links] introduce migration framework and import spacemember shares#617

Draft
rhafer wants to merge 9 commits intoopencloud-eu:feature/guest-linksfrom
rhafer:space-member-migration
Draft

[feature/guest-links] introduce migration framework and import spacemember shares#617
rhafer wants to merge 9 commits intoopencloud-eu:feature/guest-linksfrom
rhafer:space-member-migration

Conversation

@rhafer
Copy link
Copy Markdown
Member

@rhafer rhafer commented May 6, 2026
edited
Loading

The migration state (currently only the version number) is persisted on the metadata storage (migratiion/state.json).
Add a first migration "0001_import_spacemembers" to import the spaceroot Grants on the storageprovider as shares into the manager.

There are still some open issues to address:

  • Tests, Tests, Tests, ...
  • The UserIds stored in the grants on storageprovider do not include the IDP value. As a temporary hack we use a hardcoded value for IDP. This needs to be change to perform a user/groupid lookup via the gateway to get the correct value
  • There no is protection against running the migratons in parallel when multiple instances of the shareprovider are running
  • while migrations are running we should deny any request that would cause a write to the storage (reads should be ok)
  • some optimization (e.g. don't run migrations on a fresh install)

Issue: opencloud-eu/opencloud#2612

rhafer added 4 commits May 6, 2026 11:09
@rhafer
shares(jsoncs3): Initialize metadata connection at startup
8efcec0 
Move away from lazily initializing the connection to the metastorage and
try initialize at service startup. This is ground work for the upcoming
migration to import the space memberships into the jsoncs3 share
manager.
@rhafer
shares(jsoncs3): fix naming of system user config
20e5f2b 
This is not a service user (i.e. managed by the service-auth
authentication), but a special just for the system metadata storage.
@rhafer
fix(jsoncs3 sharemanager): improve import of received shares
d98f290 
When the received share to import has a userid set, we need to update
the UserReceiveState even if the Grantee is a group (to correctly import
the "accepted" state).
@rhafer
Give ListGrants permission to service users
a07bc15 
For the upcoming migration of space memberships to the shareprovider
the service user needs to be able to read the Grants of all spaceroots.
@rhafer rhafer self-assigned this May 6, 2026
@rhafer
feat(jsoncs3-sharemanager) introduce migration framework and import s…
ac8443e 
…pacemember shares

The migration state (currently only the version number) is persisted on
the metadata storage (migratiion/state.json).
Add a first migration  "0001_import_spacemembers" to import the
spaceroot Grants on the storageprovider as shares into the manager.

Issue: opencloud-eu/opencloud#2612
@rhafer rhafer force-pushed the space-member-migration branch from 89bc138 to ac8443e Compare May 6, 2026 10:53
rhafer added 2 commits May 6, 2026 15:33
@rhafer
fix(users): improve LDAP error handling
29f35ef 
Set a proper "unavailable" status that the caller can handle when
the LDAP lookup failed because the LDAP server is unavailable instead
of always returning "not found".
@rhafer
fix(migration): resolve user's idp via lookup
20ddefe 
When importing space membership, the userid's from the grants do not
have an IDP value set. Do a user/group lookup to get the correct IDP
value. Cache results to avoid repeated lookups.
@rhafer rhafer force-pushed the space-member-migration branch from 67975cf to 20ddefe Compare May 6, 2026 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@rhafer rhafer

Labels

Type:Feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rhafer