Skip to content
This repository has been archived by the owner on Jan 18, 2021. It is now read-only.

Commit

Permalink
Separate user and auth providers, add config for rest user
Browse files Browse the repository at this point in the history
  • Loading branch information
ishank011 committed Aug 21, 2020
1 parent 4ddffcb commit 0444190
Show file tree
Hide file tree
Showing 8 changed files with 139 additions and 14 deletions.
9 changes: 9 additions & 0 deletions changelog/unreleased/separate-auth-user-providers.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
Enhancement: Separate user and auth providers, add config for rest user

Previously, the auth and user provider services used to have the same driver,
which restricted using separate drivers and configs for both. This PR separates
the two and adds the config for the rest user driver and the gatewaysvc
parameter to EOS fs.

https://github.com/owncloud/ocis-reva/pull/412
https://github.com/cs3org/reva/pull/995
4 changes: 2 additions & 2 deletions pkg/command/authbasic.go
Original file line number Diff line number Diff line change
Expand Up @@ -88,10 +88,10 @@ func AuthBasic(cfg *config.Config) *cli.Command {
// TODO build services dynamically
"services": map[string]interface{}{
"authprovider": map[string]interface{}{
"auth_manager": cfg.Reva.Users.Driver,
"auth_manager": cfg.Reva.AuthProvider.Driver,
"auth_managers": map[string]interface{}{
"json": map[string]interface{}{
"users": cfg.Reva.Users.JSON,
"users": cfg.Reva.AuthProvider.JSON,
},
"ldap": map[string]interface{}{
"hostname": cfg.Reva.LDAP.Hostname,
Expand Down
8 changes: 5 additions & 3 deletions pkg/command/authbearer.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,11 @@ func AuthBearer(cfg *config.Config) *cli.Command {
"auth_manager": "oidc",
"auth_managers": map[string]interface{}{
"oidc": map[string]interface{}{
"issuer": cfg.Reva.OIDC.Issuer,
"insecure": cfg.Reva.OIDC.Insecure,
"id_claim": cfg.Reva.OIDC.IDClaim,
"issuer": cfg.Reva.OIDC.Issuer,
"insecure": cfg.Reva.OIDC.Insecure,
"id_claim": cfg.Reva.OIDC.IDClaim,
"uid_claim": cfg.Reva.OIDC.UIDClaim,
"gid_claim": cfg.Reva.OIDC.GIDClaim,
},
},
},
Expand Down
12 changes: 12 additions & 0 deletions pkg/command/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,18 @@ func Users(cfg *config.Config) *cli.Command {
"gidNumber": cfg.Reva.LDAP.Schema.GIDNumber,
},
},
"rest": map[string]interface{}{
"client_id": cfg.Reva.UserRest.ClientID,
"client_secret": cfg.Reva.UserRest.ClientSecret,
"redis_address": cfg.Reva.UserRest.RedisAddress,
"redis_username": cfg.Reva.UserRest.RedisUsername,
"redis_password": cfg.Reva.UserRest.RedisPassword,
"user_groups_cache_expiration": cfg.Reva.UserRest.UserGroupsCacheExpiration,
"id_provider": cfg.Reva.UserRest.IDProvider,
"api_base_url": cfg.Reva.UserRest.APIBaseURL,
"oidc_token_endpoint": cfg.Reva.UserRest.OIDCTokenEndpoint,
"target_api": cfg.Reva.UserRest.TargetAPI,
},
},
},
},
Expand Down
18 changes: 18 additions & 0 deletions pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,8 @@ type OIDC struct {
Issuer string
Insecure bool
IDClaim string
UIDClaim string
GIDClaim string
}

// LDAP defines the available ldap configuration.
Expand All @@ -220,6 +222,20 @@ type LDAP struct {
Schema LDAPSchema
}

// UserRest defines the user REST driver specification.
type UserRest struct {
ClientID string
ClientSecret string
RedisAddress string
RedisUsername string
RedisPassword string
UserGroupsCacheExpiration int
IDProvider string
APIBaseURL string
OIDCTokenEndpoint string
TargetAPI string
}

// LDAPSchema defines the available ldap schema configuration.
type LDAPSchema struct {
UID string
Expand All @@ -244,13 +260,15 @@ type Reva struct {
TransferExpires int
OIDC OIDC
LDAP LDAP
UserRest UserRest
OCDav OCDav
Storages StorageConfig
// Ports are used to configure which services to start on which port
Frontend FrontendPort
DataGateway Port
Gateway Gateway
Users Users
AuthProvider Users
AuthBasic Port
AuthBearer Port
Sharing Sharing
Expand Down
16 changes: 8 additions & 8 deletions pkg/flagset/authbasic.go
Original file line number Diff line number Diff line change
Expand Up @@ -82,21 +82,21 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
Destination: &cfg.Reva.JWTSecret,
},

// Users
// Auth

&cli.StringFlag{
Name: "users-driver",
Name: "auth-driver",
Value: "ldap",
Usage: "user driver: 'demo', 'json' or 'ldap'",
EnvVars: []string{"REVA_USERS_DRIVER"},
Destination: &cfg.Reva.Users.Driver,
Usage: "auth driver: 'demo', 'json' or 'ldap'",
EnvVars: []string{"REVA_AUTH_DRIVER"},
Destination: &cfg.Reva.AuthProvider.Driver,
},
&cli.StringFlag{
Name: "users-json",
Name: "auth-json",
Value: "",
Usage: "Path to users.json file",
EnvVars: []string{"REVA_USERS_JSON"},
Destination: &cfg.Reva.Users.JSON,
EnvVars: []string{"REVA_AUTH_JSON"},
Destination: &cfg.Reva.AuthProvider.JSON,
},

// LDAP
Expand Down
14 changes: 14 additions & 0 deletions pkg/flagset/authbearer.go
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,20 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
EnvVars: []string{"REVA_OIDC_ID_CLAIM"},
Destination: &cfg.Reva.OIDC.IDClaim,
},
&cli.StringFlag{
Name: "oidc-uid-claim",
Value: "cern_uid",
Usage: "OIDC uid claim",
EnvVars: []string{"REVA_OIDC_UID_CLAIM"},
Destination: &cfg.Reva.OIDC.UIDClaim,
},
&cli.StringFlag{
Name: "oidc-gid-claim",
Value: "cern_gid",
Usage: "OIDC gid claim",
EnvVars: []string{"REVA_OIDC_GID_CLAIM"},
Destination: &cfg.Reva.OIDC.GIDClaim,
},

// Services

Expand Down
72 changes: 71 additions & 1 deletion pkg/flagset/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,6 +199,76 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
EnvVars: []string{"REVA_LDAP_SCHEMA_GIDNUMBER"},
Destination: &cfg.Reva.LDAP.Schema.GIDNumber,
},
&cli.StringFlag{
Name: "rest-client-id",
Value: "",
Usage: "User rest driver Client ID",
EnvVars: []string{"REVA_REST_CLIENT_ID"},
Destination: &cfg.Reva.UserRest.ClientID,
},
&cli.StringFlag{
Name: "rest-client-secret",
Value: "",
Usage: "User rest driver Client Secret",
EnvVars: []string{"REVA_REST_CLIENT_SECRET"},
Destination: &cfg.Reva.UserRest.ClientSecret,
},
&cli.StringFlag{
Name: "rest-redis-address",
Value: "localhost:6379",
Usage: "Address for redis server",
EnvVars: []string{"REVA_REST_REDIS_ADDRESS"},
Destination: &cfg.Reva.UserRest.RedisAddress,
},
&cli.StringFlag{
Name: "rest-redis-username",
Value: "",
Usage: "Username for redis server",
EnvVars: []string{"REVA_REST_REDIS_USERNAME"},
Destination: &cfg.Reva.UserRest.RedisUsername,
},
&cli.StringFlag{
Name: "rest-redis-password",
Value: "",
Usage: "Password for redis server",
EnvVars: []string{"REVA_REST_REDIS_PASSWORD"},
Destination: &cfg.Reva.UserRest.RedisPassword,
},
&cli.IntFlag{
Name: "rest-user-groups-cache-expiration",
Value: 5,
Usage: "Time in minutes for redis cache expiration.",
EnvVars: []string{"REVA_REST_CACHE_EXPIRATION"},
Destination: &cfg.Reva.UserRest.UserGroupsCacheExpiration,
},
&cli.StringFlag{
Name: "rest-id-provider",
Value: "",
Usage: "The OIDC Provider",
EnvVars: []string{"REVA_REST_ID_PROVIDER"},
Destination: &cfg.Reva.UserRest.IDProvider,
},
&cli.StringFlag{
Name: "rest-api-base-url",
Value: "",
Usage: "Base API Endpoint",
EnvVars: []string{"REVA_REST_API_BASE_URL"},
Destination: &cfg.Reva.UserRest.APIBaseURL,
},
&cli.StringFlag{
Name: "rest-oidc-token-endpoint",
Value: "",
Usage: "Endpoint to generate token to access the API",
EnvVars: []string{"REVA_REST_OIDC_TOKEN_ENDPOINT"},
Destination: &cfg.Reva.UserRest.OIDCTokenEndpoint,
},
&cli.StringFlag{
Name: "rest-target-api",
Value: "",
Usage: "The target application",
EnvVars: []string{"REVA_REST_TARGET_API"},
Destination: &cfg.Reva.UserRest.TargetAPI,
},

// Services

Expand Down Expand Up @@ -242,7 +312,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
&cli.StringFlag{
Name: "driver",
Value: "ldap",
Usage: "user driver: 'demo', 'json' or 'ldap'",
Usage: "user driver: 'demo', 'json', 'ldap', or 'rest'",
EnvVars: []string{"REVA_USERS_DRIVER"},
Destination: &cfg.Reva.Users.Driver,
},
Expand Down

0 comments on commit 0444190

Please sign in to comment.