From eaf6629b976aae4e2f5e025083aaebd5e4b5c539 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 13 Oct 2022 11:24:07 +0200 Subject: [PATCH] Introduce TLS Settings for all reva grpc services and clients --- ocis-pkg/shared/reva.go | 21 +++++++++++++++++++ ocis-pkg/shared/shared_types.go | 6 ++++-- services/app-provider/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../app-provider/pkg/revaconfig/config.go | 9 ++++++++ services/app-registry/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../app-registry/pkg/revaconfig/config.go | 9 ++++++++ services/auth-basic/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/auth-basic/pkg/revaconfig/config.go | 9 ++++++++ services/auth-bearer/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/auth-bearer/pkg/revaconfig/config.go | 9 ++++++++ services/auth-machine/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../auth-machine/pkg/revaconfig/config.go | 9 ++++++++ .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/frontend/pkg/revaconfig/config.go | 4 ++++ services/gateway/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 9 ++++---- services/gateway/pkg/revaconfig/config.go | 9 ++++++++ .../pkg/config/defaults/defaultconfig.go | 4 +--- services/graph/pkg/identity/cs3.go | 8 +++---- services/graph/pkg/service/v0/service.go | 2 +- services/groups/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/groups/pkg/revaconfig/config.go | 5 +++++ .../idp/pkg/config/defaults/defaultconfig.go | 8 +++---- .../notifications/pkg/channels/channels.go | 2 +- services/notifications/pkg/command/server.go | 5 ++++- .../pkg/config/defaults/defaultconfig.go | 4 +--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../ocs/pkg/config/defaults/defaultconfig.go | 8 +++---- services/ocs/pkg/service/v0/service.go | 2 +- services/proxy/pkg/command/server.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/search/pkg/service/v0/service.go | 2 +- services/sharing/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/sharing/pkg/revaconfig/config.go | 5 +++++ .../storage-publiclink/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../pkg/revaconfig/config.go | 9 ++++++++ services/storage-shares/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../storage-shares/pkg/revaconfig/config.go | 9 ++++++++ services/storage-system/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../storage-system/pkg/revaconfig/config.go | 9 ++++++++ services/storage-users/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- .../storage-users/pkg/revaconfig/config.go | 9 ++++++++ .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/thumbnails/pkg/server/grpc/server.go | 2 +- services/users/pkg/config/config.go | 9 +++++--- .../pkg/config/defaults/defaultconfig.go | 8 +++---- services/users/pkg/revaconfig/config.go | 5 +++++ .../pkg/config/defaults/defaultconfig.go | 4 +--- services/webdav/pkg/service/v0/service.go | 2 +- 61 files changed, 309 insertions(+), 144 deletions(-) create mode 100644 ocis-pkg/shared/reva.go diff --git a/ocis-pkg/shared/reva.go b/ocis-pkg/shared/reva.go new file mode 100644 index 00000000000..d9ef7dbad6f --- /dev/null +++ b/ocis-pkg/shared/reva.go @@ -0,0 +1,21 @@ +package shared + +import "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool" + +var defaultRevaConfig = Reva{ + Address: "127.0.0.1:9142", +} + +func DefaultRevaConfig() *Reva { + // copy + ret := defaultRevaConfig + return &ret +} + +func (r *Reva) GetRevaOptions() []pool.Option { + tm, _ := pool.StringToTLSMode(r.TLSMode) + opts := []pool.Option{ + pool.WithTLSMode(tm), + } + return opts +} diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index ec3997116a3..3aca81ada7b 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -29,9 +29,11 @@ type TokenManager struct { JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` } -// Reva defines all available REVA configuration. +// Reva defines all available REVA client configuration. type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security."` + TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` } type CacheStore struct { diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index d77524228b4..9979e06684a 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 8f045fe2ca6..92e000dc176 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-provider", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "", Drivers: config.Drivers{ WOPI: config.WOPIDriver{ @@ -67,7 +65,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-provider/pkg/revaconfig/config.go b/services/app-provider/pkg/revaconfig/config.go index 8b33d14a29a..de313029583 100644 --- a/services/app-provider/pkg/revaconfig/config.go +++ b/services/app-provider/pkg/revaconfig/config.go @@ -17,10 +17,19 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} { "shared": map[string]interface{}{ "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appprovider": map[string]interface{}{ "app_provider_url": cfg.ExternalAddr, diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index b095d5afb2f..3531bc3f5a6 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -50,9 +50,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AppRegistry struct { diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index 3764bedf651..1efd04bcc9f 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-registry", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -132,7 +130,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-registry/pkg/revaconfig/config.go b/services/app-registry/pkg/revaconfig/config.go index 20b75434843..34e9799faa6 100644 --- a/services/app-registry/pkg/revaconfig/config.go +++ b/services/app-registry/pkg/revaconfig/config.go @@ -19,10 +19,19 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri "shared": map[string]interface{}{ "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appregistry": map[string]interface{}{ "driver": "static", diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index b9352319aca..40ceb6eb800 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AuthProviders struct { diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index 944872224e5..a926b940822 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-basic", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), AuthProvider: "ldap", AuthProviders: config.AuthProviders{ LDAP: config.LDAPProvider{ @@ -106,7 +104,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-basic/pkg/revaconfig/config.go b/services/auth-basic/pkg/revaconfig/config.go index 57cf6a80a7f..4f3407db66b 100644 --- a/services/auth-basic/pkg/revaconfig/config.go +++ b/services/auth-basic/pkg/revaconfig/config.go @@ -15,10 +15,19 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index 03bd7286943..11007fe2663 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type OIDC struct { diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 9386f68a212..42117bc104b 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-bearer", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), OIDC: config.OIDC{ Issuer: "https://localhost:9200", Insecure: false, @@ -65,7 +63,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-bearer/pkg/revaconfig/config.go b/services/auth-bearer/pkg/revaconfig/config.go index b24f11e8228..45ef719c714 100644 --- a/services/auth-bearer/pkg/revaconfig/config.go +++ b/services/auth-bearer/pkg/revaconfig/config.go @@ -15,10 +15,19 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "oidc", diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index efdd2747ffb..7431fa665ac 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -51,7 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index d34a332cbcc..679e61a1fc1 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-machine", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -60,7 +58,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-machine/pkg/revaconfig/config.go b/services/auth-machine/pkg/revaconfig/config.go index bc2422156bd..57c914d5b81 100644 --- a/services/auth-machine/pkg/revaconfig/config.go +++ b/services/auth-machine/pkg/revaconfig/config.go @@ -17,10 +17,19 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "machine", diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 6ff6341fc08..49b8a58dc52 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "frontend", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PublicURL: "https://localhost:9200", EnableFavorites: false, EnableProjectSpaces: true, @@ -99,7 +97,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 5bd573bef7f..5d3312d39b1 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -73,6 +73,10 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, // Todo or address? "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "http": map[string]interface{}{ "network": cfg.HTTP.Protocol, diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index b0f4ce048c9..6eba084cbcd 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -73,9 +73,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageRegistry struct { diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index 2681f8332e9..a35b54dfefb 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -28,10 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "gateway", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, - + Reva: shared.DefaultRevaConfig(), CommitShareToStorageGrant: true, ShareFolder: "Shares", DisableHomeCreationOnLogin: true, @@ -90,7 +87,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index d8deec31d99..0f18f085a82 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -24,10 +24,19 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "gateway": map[string]interface{}{ diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index d033cee0480..94baf6f9688 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ WebDavBase: "https://localhost:9200", WebDavPath: "/dav/spaces/", diff --git a/services/graph/pkg/identity/cs3.go b/services/graph/pkg/identity/cs3.go index af1496e0f46..6aa8043792c 100644 --- a/services/graph/pkg/identity/cs3.go +++ b/services/graph/pkg/identity/cs3.go @@ -42,7 +42,7 @@ func (i *CS3) UpdateUser(ctx context.Context, nameOrID string, user libregraph.U func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) (*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUser") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -70,7 +70,7 @@ func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUsers") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -110,7 +110,7 @@ func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregrap func (i *CS3) GetGroups(ctx context.Context, queryParam url.Values) ([]*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroups") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -156,7 +156,7 @@ func (i *CS3) CreateGroup(ctx context.Context, group libregraph.Group) (*libregr func (i *CS3) GetGroup(ctx context.Context, groupID string, queryParam url.Values) (*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroup") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go index de0e89fea35..cb7030494c5 100644 --- a/services/graph/pkg/service/v0/service.go +++ b/services/graph/pkg/service/v0/service.go @@ -66,7 +66,7 @@ func NewService(opts ...Option) Service { } if options.GatewayClient == nil { var err error - svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address) + svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address, options.Config.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("Could not get gateway client") return nil diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 56760e67fbf..1373a537223 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type Drivers struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 351d4f88878..594f88518d8 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "groups", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -107,7 +105,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 6e899c1a752..a5cc4c3e39a 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -21,6 +21,11 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "groupprovider": map[string]interface{}{ diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 0bff438f456..71ef857f55a 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"), TLS: false, }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Service: config.Service{ Name: "idp", }, @@ -155,7 +153,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index c1a018e6d84..17151623ca1 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,7 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address, cfg.Notifications.Reva.GetRevaOptions()...) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index 7146608a1f8..4feb6404aaa 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -73,7 +73,10 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient( + cfg.Notifications.Reva.Address, + cfg.Notifications.Reva.GetRevaOptions()..., + ) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") } diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index f417743709a..f85ba336301 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,7 @@ func DefaultConfig() *config.Config { Cluster: "ocis-cluster", ConsumerGroup: "notifications", }, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), }, } } diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 11051c346c9..8739f0cc975 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocdav", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), WebdavNamespace: "/users/{{.Id.OpaqueId}}", FilesNamespace: "/users/{{.Id.OpaqueId}}", SharesNamespace: "/Shares", @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 97ddd339416..dd5b389cd81 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Name: "ocs", }, AccountBackend: "cs3", - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), IdentityManagement: config.IdentityManagement{ Address: "https://localhost:9200", }, @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/service/v0/service.go b/services/ocs/pkg/service/v0/service.go index cf476d63ebb..60b7e2b08b3 100644 --- a/services/ocs/pkg/service/v0/service.go +++ b/services/ocs/pkg/service/v0/service.go @@ -118,7 +118,7 @@ func (o Ocs) NotFound(w http.ResponseWriter, r *http.Request) { } func (o Ocs) getCS3Backend() backend.UserBackend { - revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address, o.config.Reva.GetRevaOptions()...) if err != nil { o.logger.Fatal().Msgf("could not get reva client at address %s", o.config.Reva.Address) } diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 7cd82c96a66..21075a1a4d7 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -128,7 +128,7 @@ func Server(cfg *config.Config) *cli.Command { func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) alice.Chain { rolesClient := settingssvc.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient()) - revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) var userProvider backend.UserBackend switch cfg.AccountBackend { case "cs3": diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index cd40c61f950..414d742270a 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -49,9 +49,7 @@ func DefaultConfig() *config.Config { }, }, PolicySelector: nil, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PreSignedURL: config.PreSignedURL{ AllowedHTTPMethods: []string{"GET"}, Enabled: true, @@ -244,7 +242,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index b1c80e06a5b..14f356bd562 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Name: "search", }, Datapath: path.Join(defaults.BaseDataPath(), "search"), - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Events: config.Events{ Endpoint: "127.0.0.1:9233", Cluster: "ocis-cluster", @@ -73,7 +71,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/service/v0/service.go b/services/search/pkg/service/v0/service.go index ec7ef06c260..10a630b50a8 100644 --- a/services/search/pkg/service/v0/service.go +++ b/services/search/pkg/service/v0/service.go @@ -85,7 +85,7 @@ func NewHandler(opts ...Option) (searchsvc.SearchProviderHandler, error) { return nil, err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Reva.Address).Msg("could not get reva client") } diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 650d7635833..66178495415 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -55,9 +55,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type UserSharingDrivers struct { diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index 9204baf223e..c9433aba27e 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "sharing", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), UserSharingDriver: "jsoncs3", UserSharingDrivers: config.UserSharingDrivers{ JSON: config.UserSharingJSONDriver{ @@ -103,7 +101,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/sharing/pkg/revaconfig/config.go b/services/sharing/pkg/revaconfig/config.go index 49761b8ae02..02c78db714a 100644 --- a/services/sharing/pkg/revaconfig/config.go +++ b/services/sharing/pkg/revaconfig/config.go @@ -21,6 +21,11 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} { "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "usershareprovider": map[string]interface{}{ diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 311328f417a..407b7cc8f15 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageProvider struct { diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index 229f3c19b46..cdd955b3945 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-publiclink", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), StorageProvider: config.StorageProvider{ MountID: "7993447f-687f-490d-875c-ac95e89a62a4", }, @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-publiclink/pkg/revaconfig/config.go b/services/storage-publiclink/pkg/revaconfig/config.go index ab335219d50..45addcf6771 100644 --- a/services/storage-publiclink/pkg/revaconfig/config.go +++ b/services/storage-publiclink/pkg/revaconfig/config.go @@ -17,10 +17,19 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{ "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "interceptors": map[string]interface{}{ "log": map[string]interface{}{}, "prometheus": map[string]interface{}{ diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 8cacec592bf..d5e353da744 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -53,7 +53,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index ef14adef8a4..0b8836200d1 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-shares", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), MountID: "7639e57c-4433-4a12-8201-722fd0009154", ReadOnly: false, SharesProviderEndpoint: "localhost:9150", @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-shares/pkg/revaconfig/config.go b/services/storage-shares/pkg/revaconfig/config.go index 320681317fc..408df2cd486 100644 --- a/services/storage-shares/pkg/revaconfig/config.go +++ b/services/storage-shares/pkg/revaconfig/config.go @@ -17,10 +17,19 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "sharesstorageprovider": map[string]interface{}{ "usershareprovidersvc": cfg.SharesProviderEndpoint, diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index 31b23ed7237..ab79d50fb53 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -56,9 +56,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index 57ba2fe4c86..c8738826160 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-system", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9216/data", Driver: "ocis", Drivers: config.Drivers{ @@ -75,7 +73,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-system/pkg/revaconfig/config.go b/services/storage-system/pkg/revaconfig/config.go index aa7e64cfefa..f09076573d4 100644 --- a/services/storage-system/pkg/revaconfig/config.go +++ b/services/storage-system/pkg/revaconfig/config.go @@ -18,10 +18,19 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "gateway": map[string]interface{}{ // registries are located on the gateway diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index 48d15fb8450..c1e9d4331de 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -60,9 +60,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index 10c83dc5bc9..0eb683da3b8 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9158/data", MountID: "1284d238-aa92-42ce-bdc4-0b0000009157", UploadExpiration: 24 * 60 * 60, @@ -113,7 +111,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-users/pkg/revaconfig/config.go b/services/storage-users/pkg/revaconfig/config.go index 332f8a5efdd..2055f62d908 100644 --- a/services/storage-users/pkg/revaconfig/config.go +++ b/services/storage-users/pkg/revaconfig/config.go @@ -17,10 +17,19 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": map[string]interface{}{ + "tls_mode": cfg.Reva.TLSMode, + "tls_cacert": cfg.Reva.TLSCACert, + }, }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "storageprovider": map[string]interface{}{ diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index b5dccb365dc..38fc8584eef 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -42,11 +42,9 @@ func DefaultConfig() *config.Config { RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, WebdavAllowInsecure: false, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + Reva: *shared.DefaultRevaConfig(), + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index b8e8d8e2686..fc33d33615f 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,7 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address) + gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address, tconf.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 0fb0ede101f..55430e580da 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 2d93cc13bae..615e3091312 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -108,7 +106,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index c00b31506f0..70acc5d51da 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -21,6 +21,11 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "userprovider": map[string]interface{}{ diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 98e98d6c904..3e8f7cbfc79 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -38,9 +38,7 @@ func DefaultConfig() *config.Config { }, OcisPublicURL: "https://127.0.0.1:9200", WebdavNamespace: "/users/{{.Id.OpaqueId}}", - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index be33cc7a5b5..b0110ae67c9 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,7 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address) + gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address, conf.Reva.GetRevaOptions()...) if err != nil { return nil, err }