From fed4d133b0969c7b43c53a01f0153d1aa80f08e3 Mon Sep 17 00:00:00 2001 From: Ishank Arora Date: Wed, 26 Aug 2020 17:15:20 +0200 Subject: [PATCH] Separate user and auth providers, add config for rest user (#412) --- .../separate-auth-user-providers.md | 9 +++ pkg/command/authbasic.go | 4 +- pkg/command/authbearer.go | 8 ++- pkg/command/users.go | 12 ++++ pkg/config/config.go | 18 +++++ pkg/flagset/authbasic.go | 16 ++--- pkg/flagset/authbearer.go | 14 ++++ pkg/flagset/users.go | 72 ++++++++++++++++++- 8 files changed, 139 insertions(+), 14 deletions(-) create mode 100644 changelog/unreleased/separate-auth-user-providers.md diff --git a/changelog/unreleased/separate-auth-user-providers.md b/changelog/unreleased/separate-auth-user-providers.md new file mode 100644 index 0000000..3f7eec4 --- /dev/null +++ b/changelog/unreleased/separate-auth-user-providers.md @@ -0,0 +1,9 @@ +Enhancement: Separate user and auth providers, add config for rest user + +Previously, the auth and user provider services used to have the same driver, +which restricted using separate drivers and configs for both. This PR separates +the two and adds the config for the rest user driver and the gatewaysvc +parameter to EOS fs. + +https://github.com/owncloud/ocis-reva/pull/412 +https://github.com/cs3org/reva/pull/995 diff --git a/pkg/command/authbasic.go b/pkg/command/authbasic.go index 96fda92..7947149 100644 --- a/pkg/command/authbasic.go +++ b/pkg/command/authbasic.go @@ -88,10 +88,10 @@ func AuthBasic(cfg *config.Config) *cli.Command { // TODO build services dynamically "services": map[string]interface{}{ "authprovider": map[string]interface{}{ - "auth_manager": cfg.Reva.Users.Driver, + "auth_manager": cfg.Reva.AuthProvider.Driver, "auth_managers": map[string]interface{}{ "json": map[string]interface{}{ - "users": cfg.Reva.Users.JSON, + "users": cfg.Reva.AuthProvider.JSON, }, "ldap": map[string]interface{}{ "hostname": cfg.Reva.LDAP.Hostname, diff --git a/pkg/command/authbearer.go b/pkg/command/authbearer.go index 630b673..d6baa56 100644 --- a/pkg/command/authbearer.go +++ b/pkg/command/authbearer.go @@ -91,9 +91,11 @@ func AuthBearer(cfg *config.Config) *cli.Command { "auth_manager": "oidc", "auth_managers": map[string]interface{}{ "oidc": map[string]interface{}{ - "issuer": cfg.Reva.OIDC.Issuer, - "insecure": cfg.Reva.OIDC.Insecure, - "id_claim": cfg.Reva.OIDC.IDClaim, + "issuer": cfg.Reva.OIDC.Issuer, + "insecure": cfg.Reva.OIDC.Insecure, + "id_claim": cfg.Reva.OIDC.IDClaim, + "uid_claim": cfg.Reva.OIDC.UIDClaim, + "gid_claim": cfg.Reva.OIDC.GIDClaim, }, }, }, diff --git a/pkg/command/users.go b/pkg/command/users.go index 50fc4f9..50558bf 100644 --- a/pkg/command/users.go +++ b/pkg/command/users.go @@ -113,6 +113,18 @@ func Users(cfg *config.Config) *cli.Command { "gidNumber": cfg.Reva.LDAP.Schema.GIDNumber, }, }, + "rest": map[string]interface{}{ + "client_id": cfg.Reva.UserRest.ClientID, + "client_secret": cfg.Reva.UserRest.ClientSecret, + "redis_address": cfg.Reva.UserRest.RedisAddress, + "redis_username": cfg.Reva.UserRest.RedisUsername, + "redis_password": cfg.Reva.UserRest.RedisPassword, + "user_groups_cache_expiration": cfg.Reva.UserRest.UserGroupsCacheExpiration, + "id_provider": cfg.Reva.UserRest.IDProvider, + "api_base_url": cfg.Reva.UserRest.APIBaseURL, + "oidc_token_endpoint": cfg.Reva.UserRest.OIDCTokenEndpoint, + "target_api": cfg.Reva.UserRest.TargetAPI, + }, }, }, }, diff --git a/pkg/config/config.go b/pkg/config/config.go index 1313a8e..6bb8cc5 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -202,6 +202,8 @@ type OIDC struct { Issuer string Insecure bool IDClaim string + UIDClaim string + GIDClaim string } // LDAP defines the available ldap configuration. @@ -220,6 +222,20 @@ type LDAP struct { Schema LDAPSchema } +// UserRest defines the user REST driver specification. +type UserRest struct { + ClientID string + ClientSecret string + RedisAddress string + RedisUsername string + RedisPassword string + IDProvider string + APIBaseURL string + OIDCTokenEndpoint string + TargetAPI string + UserGroupsCacheExpiration int +} + // LDAPSchema defines the available ldap schema configuration. type LDAPSchema struct { UID string @@ -244,6 +260,7 @@ type Reva struct { TransferExpires int OIDC OIDC LDAP LDAP + UserRest UserRest OCDav OCDav Storages StorageConfig // Ports are used to configure which services to start on which port @@ -251,6 +268,7 @@ type Reva struct { DataGateway Port Gateway Gateway Users Users + AuthProvider Users AuthBasic Port AuthBearer Port Sharing Sharing diff --git a/pkg/flagset/authbasic.go b/pkg/flagset/authbasic.go index 021bba3..4e10a77 100644 --- a/pkg/flagset/authbasic.go +++ b/pkg/flagset/authbasic.go @@ -82,21 +82,21 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { Destination: &cfg.Reva.JWTSecret, }, - // Users + // Auth &cli.StringFlag{ - Name: "users-driver", + Name: "auth-driver", Value: "ldap", - Usage: "user driver: 'demo', 'json' or 'ldap'", - EnvVars: []string{"REVA_USERS_DRIVER"}, - Destination: &cfg.Reva.Users.Driver, + Usage: "auth driver: 'demo', 'json' or 'ldap'", + EnvVars: []string{"REVA_AUTH_DRIVER"}, + Destination: &cfg.Reva.AuthProvider.Driver, }, &cli.StringFlag{ - Name: "users-json", + Name: "auth-json", Value: "", Usage: "Path to users.json file", - EnvVars: []string{"REVA_USERS_JSON"}, - Destination: &cfg.Reva.Users.JSON, + EnvVars: []string{"REVA_AUTH_JSON"}, + Destination: &cfg.Reva.AuthProvider.JSON, }, // LDAP diff --git a/pkg/flagset/authbearer.go b/pkg/flagset/authbearer.go index c01dcbc..17a8d07 100644 --- a/pkg/flagset/authbearer.go +++ b/pkg/flagset/authbearer.go @@ -111,6 +111,20 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag { EnvVars: []string{"REVA_OIDC_ID_CLAIM"}, Destination: &cfg.Reva.OIDC.IDClaim, }, + &cli.StringFlag{ + Name: "oidc-uid-claim", + Value: "", + Usage: "OIDC uid claim", + EnvVars: []string{"REVA_OIDC_UID_CLAIM"}, + Destination: &cfg.Reva.OIDC.UIDClaim, + }, + &cli.StringFlag{ + Name: "oidc-gid-claim", + Value: "", + Usage: "OIDC gid claim", + EnvVars: []string{"REVA_OIDC_GID_CLAIM"}, + Destination: &cfg.Reva.OIDC.GIDClaim, + }, // Services diff --git a/pkg/flagset/users.go b/pkg/flagset/users.go index ebe8b35..baaffec 100644 --- a/pkg/flagset/users.go +++ b/pkg/flagset/users.go @@ -199,6 +199,76 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { EnvVars: []string{"REVA_LDAP_SCHEMA_GIDNUMBER"}, Destination: &cfg.Reva.LDAP.Schema.GIDNumber, }, + &cli.StringFlag{ + Name: "rest-client-id", + Value: "", + Usage: "User rest driver Client ID", + EnvVars: []string{"REVA_REST_CLIENT_ID"}, + Destination: &cfg.Reva.UserRest.ClientID, + }, + &cli.StringFlag{ + Name: "rest-client-secret", + Value: "", + Usage: "User rest driver Client Secret", + EnvVars: []string{"REVA_REST_CLIENT_SECRET"}, + Destination: &cfg.Reva.UserRest.ClientSecret, + }, + &cli.StringFlag{ + Name: "rest-redis-address", + Value: "localhost:6379", + Usage: "Address for redis server", + EnvVars: []string{"REVA_REST_REDIS_ADDRESS"}, + Destination: &cfg.Reva.UserRest.RedisAddress, + }, + &cli.StringFlag{ + Name: "rest-redis-username", + Value: "", + Usage: "Username for redis server", + EnvVars: []string{"REVA_REST_REDIS_USERNAME"}, + Destination: &cfg.Reva.UserRest.RedisUsername, + }, + &cli.StringFlag{ + Name: "rest-redis-password", + Value: "", + Usage: "Password for redis server", + EnvVars: []string{"REVA_REST_REDIS_PASSWORD"}, + Destination: &cfg.Reva.UserRest.RedisPassword, + }, + &cli.IntFlag{ + Name: "rest-user-groups-cache-expiration", + Value: 5, + Usage: "Time in minutes for redis cache expiration.", + EnvVars: []string{"REVA_REST_CACHE_EXPIRATION"}, + Destination: &cfg.Reva.UserRest.UserGroupsCacheExpiration, + }, + &cli.StringFlag{ + Name: "rest-id-provider", + Value: "", + Usage: "The OIDC Provider", + EnvVars: []string{"REVA_REST_ID_PROVIDER"}, + Destination: &cfg.Reva.UserRest.IDProvider, + }, + &cli.StringFlag{ + Name: "rest-api-base-url", + Value: "", + Usage: "Base API Endpoint", + EnvVars: []string{"REVA_REST_API_BASE_URL"}, + Destination: &cfg.Reva.UserRest.APIBaseURL, + }, + &cli.StringFlag{ + Name: "rest-oidc-token-endpoint", + Value: "", + Usage: "Endpoint to generate token to access the API", + EnvVars: []string{"REVA_REST_OIDC_TOKEN_ENDPOINT"}, + Destination: &cfg.Reva.UserRest.OIDCTokenEndpoint, + }, + &cli.StringFlag{ + Name: "rest-target-api", + Value: "", + Usage: "The target application", + EnvVars: []string{"REVA_REST_TARGET_API"}, + Destination: &cfg.Reva.UserRest.TargetAPI, + }, // Services @@ -242,7 +312,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "driver", Value: "ldap", - Usage: "user driver: 'demo', 'json' or 'ldap'", + Usage: "user driver: 'demo', 'json', 'ldap', or 'rest'", EnvVars: []string{"REVA_USERS_DRIVER"}, Destination: &cfg.Reva.Users.Driver, },