Skip to content
This repository has been archived by the owner on Jan 18, 2021. It is now read-only.

Separate user and auth providers, add config for rest user #412

Merged
merged 1 commit into from
Aug 26, 2020
Merged

Separate user and auth providers, add config for rest user #412

merged 1 commit into from
Aug 26, 2020

Conversation

ishank011
Copy link
Contributor

This PR

  • separates the config for the auth and user provider services. Previously, these used to have the same driver, which restricted using different configs for both.
  • adds the config for the rest user driver
  • adds the gatewaysvc parameter to EOS fs.
  • adds uid_claim and gid_claim parameters to OIDC auth.

@micbar
Copy link
Contributor

micbar commented Aug 5, 2020

@refs @PVince81 do we need to document that?

@micbar
Copy link
Contributor

micbar commented Aug 5, 2020

@ishank011 What is the user story behind this change?

@ishank011
Copy link
Contributor Author

ishank011 commented Aug 5, 2020
edited
Loading

@micbar at CERN we use OIDC for authentication, and then we have a REST API service which provides details about the other users and group resolution functionality. Previously, both the authprovider (basic auth) and userprovider services used the same driver, which didn't work for us because if we tried to set the value of this driver to rest, it would fail because there's no basic auth driver with that name. So the first two changes are about enabling that. Since the rest driver is CERN-specific, maybe we shouldn't add it here, but in a separate fork.

This change adds the capability to eos fs to call the userprovider service to lookup UIDs for users and vice versa. So the third bullet adds the config for that that.

The fourth change allows us to look up additional claims, namely uid and gid, from the OIDC tokens.

@labkode
Copy link
Member

labkode commented Aug 6, 2020
edited
Loading

@micbar this change is not only useful for us but to many deployments of current ownCloud. Let me explain that.
Users may authenticate to an IDP using for example OIDC that is backed by an LDAP/AD directory service. However, when searching for users and getting extra attributes for the user, the IdP lacks this capabilities, so you need to go to LDAP/AD. This PR allows for that.

@labkode labkode mentioned this pull request Aug 6, 2020
Open
17 tasks
@labkode
Copy link
Member

labkode commented Aug 20, 2020

@butonic @ishank011 needs rebase.

@ishank011 ishank011 force-pushed the rest-user-pkg branch 3 times, most recently from a5c71fc to 0444190 Compare August 21, 2020 14:22
@ishank011
Copy link
Contributor Author

@butonic can you restart the build? An unrelated test failed.

=== RUN   TestRegisterGRPCEndpoint
--
37 | --- FAIL: TestRegisterGRPCEndpoint (0.20s)
38 | external_test.go:54: Deregister on cancelation failed. Result-length should be zero, got 1
39 | FAIL

butonic
butonic suggested changes Aug 25, 2020
View reviewed changes
pkg/config/config.go Outdated
RedisAddress string
RedisUsername string
RedisPassword string
UserGroupsCacheExpiration int
Copy link
Member

@butonic butonic Aug 10, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

move this to the bottom of the struct properties, so we have string first, then int ...
some checks down the line might be picky about this ... 🤷‍♂️

@butonic
Copy link
Member

butonic commented Aug 25, 2020

and do a quick rebase,pls. then I'll merge

butonic
butonic suggested changes Aug 26, 2020
View reviewed changes
pkg/flagset/authbearer.go Outdated Show resolved Hide resolved
pkg/flagset/authbearer.go Outdated Show resolved Hide resolved
@ownclouders
Copy link

Codacy Here is an overview of what got changed by this pull request:

Clones removed
==============
+ pkg/command/users.go  -1
+ pkg/command/authbasic.go  -1

See the complete overview on Codacy

@butonic butonic merged commit fed4d13 into owncloud:master Aug 26, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@butonic butonic butonic approved these changes

@PVince81 PVince81 Awaiting requested review from PVince81

@labkode labkode Awaiting requested review from labkode

@SamuAlfageme SamuAlfageme Awaiting requested review from SamuAlfageme

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ishank011 @micbar @labkode @butonic @ownclouders