diff --git a/changelog/unreleased/metadata-gateway.md b/changelog/unreleased/metadata-gateway.md new file mode 100644 index 00000000000..3205409fb20 --- /dev/null +++ b/changelog/unreleased/metadata-gateway.md @@ -0,0 +1,5 @@ +Enhancement: wrap metadata storage with dedicated reva gateway + +We wrapped the metadata storage in a minimal reva instance with a dedicated gateway, including static storage registry, static auth registry, in memory userprovider, machine authprovider and demo permissions service. This allows us to preconfigure the service user for the ocis settings service, share and public share providers. + +https://github.com/owncloud/ocis/pull/3602 diff --git a/changelog/unreleased/update-reva.md b/changelog/unreleased/update-reva.md index 8b4b79c912f..213f925b79c 100644 --- a/changelog/unreleased/update-reva.md +++ b/changelog/unreleased/update-reva.md @@ -7,6 +7,7 @@ Updated reva to version 2.x.x. This update includes: https://github.com/owncloud/ocis/pull/3552 https://github.com/owncloud/ocis/pull/3570 https://github.com/owncloud/ocis/pull/3601 +https://github.com/owncloud/ocis/pull/3602 https://github.com/owncloud/ocis/pull/3605 https://github.com/owncloud/ocis/pull/3611 https://github.com/owncloud/ocis/pull/3621 diff --git a/extensions/idm/ldif/base.ldif.tmpl b/extensions/idm/ldif/base.ldif.tmpl index 1cbaaec4c29..e29221c62f8 100644 --- a/extensions/idm/ldif/base.ldif.tmpl +++ b/extensions/idm/ldif/base.ldif.tmpl @@ -40,17 +40,4 @@ userPassword:: {{ .Password }} {{ end -}} -## Service user for the settings service -dn: uid=95cb8724-03b2-11eb-a0a6-c33ef8ef53ad,ou=users,o=libregraph-idm -objectClass: inetOrgPerson -objectClass: organizationalPerson -objectClass: ownCloud -objectClass: person -objectClass: top -uid: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad -givenName: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad -sn: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad -cn: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad -displayName: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad -ownCloudUUID: 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad diff --git a/extensions/settings/pkg/config/config.go b/extensions/settings/pkg/config/config.go index 24de34c3a1d..8182911bf5a 100644 --- a/extensions/settings/pkg/config/config.go +++ b/extensions/settings/pkg/config/config.go @@ -40,6 +40,6 @@ type Metadata struct { StorageAddress string `yaml:"storage_addr" env:"STORAGE_GRPC_ADDR"` ServiceUserID string `yaml:"service_user_id" env:"METADATA_SERVICE_USER_UUID"` - ServiceUserIDP string `yaml:"service_user_idp" env:"OCIS_URL;METADATA_SERVICE_USER_IDP"` + ServiceUserIDP string `yaml:"service_user_idp" env:"METADATA_SERVICE_USER_IDP"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` } diff --git a/extensions/settings/pkg/config/defaults/defaultconfig.go b/extensions/settings/pkg/config/defaults/defaultconfig.go index c787af7bd36..5e87d0702bc 100644 --- a/extensions/settings/pkg/config/defaults/defaultconfig.go +++ b/extensions/settings/pkg/config/defaults/defaultconfig.go @@ -50,10 +50,9 @@ func DefaultConfig() *config.Config { }, Metadata: config.Metadata{ - GatewayAddress: "127.0.0.1:9142", + GatewayAddress: "127.0.0.1:9215", // metadata storage StorageAddress: "127.0.0.1:9215", - ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - ServiceUserIDP: "https://localhost:9200", + ServiceUserIDP: "internal", }, } } @@ -93,6 +92,10 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.Metadata.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + + if cfg.Metadata.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" { + cfg.Metadata.ServiceUserID = cfg.Commons.MetadataUserID + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/settings/pkg/service/v0/settings.go b/extensions/settings/pkg/service/v0/settings.go index abf541a4a9f..404845e51c7 100644 --- a/extensions/settings/pkg/service/v0/settings.go +++ b/extensions/settings/pkg/service/v0/settings.go @@ -6,9 +6,6 @@ import ( ) const ( - // BundleUUIDRoleMetadata represents the metadata user role - BundleUUIDRoleMetadata = "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad" - // BundleUUIDRoleAdmin represents the admin role BundleUUIDRoleAdmin = "71881883-1768-46bd-a24d-a356a2afdf7f" @@ -532,34 +529,11 @@ func generatePermissionRequests() []*settingssvc.AddSettingToBundleRequest { }, }, }, - { - BundleId: BundleUUIDRoleMetadata, - Setting: &settingsmsg.Setting{ - Id: CreateSpacePermissionID, - Name: CreateSpacePermissionName, - DisplayName: "Create own Space", - Description: "This permission allows to create a space owned by the current user.", - Resource: &settingsmsg.Resource{ - Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own? - }, - Value: &settingsmsg.Setting_PermissionValue{ - PermissionValue: &settingsmsg.Permission{ - Operation: settingsmsg.Permission_OPERATION_CREATE, - Constraint: settingsmsg.Permission_CONSTRAINT_OWN, - }, - }, - }, - }, } } func defaultRoleAssignments() []*settingsmsg.UserRoleAssignment { return []*settingsmsg.UserRoleAssignment{ - // accounts service user for the metadata user is allowed to create spaces - { - AccountUuid: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - RoleId: BundleUUIDRoleAdmin, - }, // default admin users { AccountUuid: "058bff95-6708-4fe5-91e4-9ea3d377588b", diff --git a/extensions/settings/pkg/store/defaults/defaults.go b/extensions/settings/pkg/store/defaults/defaults.go index b20357257b1..27f3d43f9f1 100644 --- a/extensions/settings/pkg/store/defaults/defaults.go +++ b/extensions/settings/pkg/store/defaults/defaults.go @@ -17,9 +17,6 @@ const ( // BundleUUIDRoleGuest represents the guest role. BundleUUIDRoleGuest = "38071a68-456a-4553-846a-fa67bf5596cc" - // BundleUUIDRoleMetadata represents the metadata user role - BundleUUIDRoleMetadata = "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad" - // RoleManagementPermissionID is the hardcoded setting UUID for the role management permission RoleManagementPermissionID string = "a53e601e-571f-4f86-8fec-d4576ef49c62" // RoleManagementPermissionName is the hardcoded setting name for the role management permission @@ -68,7 +65,6 @@ func GenerateBundlesDefaultRoles() []*settingsmsg.Bundle { generateBundleUserRole(), generateBundleGuestRole(), generateBundleProfileRequest(), - generateBundleMetadataRole(), generateBundleSpaceAdminRole(), } } @@ -434,36 +430,6 @@ func generateBundleProfileRequest() *settingsmsg.Bundle { } } -func generateBundleMetadataRole() *settingsmsg.Bundle { - return &settingsmsg.Bundle{ - Id: BundleUUIDRoleMetadata, - Name: "metadata", - Type: settingsmsg.Bundle_TYPE_ROLE, - Extension: "ocis-roles", - DisplayName: "Metadata", - Resource: &settingsmsg.Resource{ - Type: settingsmsg.Resource_TYPE_SYSTEM, - }, - Settings: []*settingsmsg.Setting{ - { - Id: CreateSpacePermissionID, - Name: CreateSpacePermissionName, - DisplayName: "Create own Space", - Description: "This permission allows to create a space owned by the current user.", - Resource: &settingsmsg.Resource{ - Type: settingsmsg.Resource_TYPE_SYSTEM, // TODO resource type space? self? me? own? - }, - Value: &settingsmsg.Setting_PermissionValue{ - PermissionValue: &settingsmsg.Permission{ - Operation: settingsmsg.Permission_OPERATION_CREATE, - Constraint: settingsmsg.Permission_CONSTRAINT_OWN, - }, - }, - }, - }, - } -} - // TODO: languageSetting needed? var languageSetting = settingsmsg.Setting_SingleChoiceValue{ SingleChoiceValue: &settingsmsg.SingleChoiceList{ @@ -532,11 +498,6 @@ var languageSetting = settingsmsg.Setting_SingleChoiceValue{ // DefaultRoleAssignments returns (as one might guess) the default role assignments func DefaultRoleAssignments() []*settingsmsg.UserRoleAssignment { return []*settingsmsg.UserRoleAssignment{ - // accounts service user for the metadata user is allowed to create spaces - { - AccountUuid: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - RoleId: BundleUUIDRoleAdmin, - }, // default admin users { AccountUuid: "058bff95-6708-4fe5-91e4-9ea3d377588b", diff --git a/extensions/settings/pkg/store/metadata/assignments.go b/extensions/settings/pkg/store/metadata/assignments.go index 11fafbccb0c..88ce7e1c18b 100644 --- a/extensions/settings/pkg/store/metadata/assignments.go +++ b/extensions/settings/pkg/store/metadata/assignments.go @@ -13,7 +13,7 @@ import ( // ListRoleAssignments loads and returns all role assignments matching the given assignment identifier. func (s *Store) ListRoleAssignments(accountUUID string) ([]*settingsmsg.UserRoleAssignment, error) { - if s.mdc == nil || accountUUID == "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad" { + if s.mdc == nil { return defaultRoleAssignments(accountUUID), nil } s.Init() diff --git a/extensions/sharing/pkg/config/defaults/defaultconfig.go b/extensions/sharing/pkg/config/defaults/defaultconfig.go index 2c00c4267ae..924e432288f 100644 --- a/extensions/sharing/pkg/config/defaults/defaultconfig.go +++ b/extensions/sharing/pkg/config/defaults/defaultconfig.go @@ -48,9 +48,8 @@ func DefaultConfig() *config.Config { JanitorRunInterval: 60, }, CS3: config.UserSharingCS3Driver{ - ProviderAddr: "127.0.0.1:9215", - ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - ServiceUserIDP: "https://localhost:9200", + ProviderAddr: "127.0.0.1:9215", // metadata storage + ServiceUserIDP: "internal", }, }, PublicSharingDriver: "json", @@ -69,9 +68,8 @@ func DefaultConfig() *config.Config { JanitorRunInterval: 60, }, CS3: config.PublicSharingCS3Driver{ - ProviderAddr: "127.0.0.1:9215", - ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - ServiceUserIDP: "https://localhost:9200", + ProviderAddr: "127.0.0.1:9215", // metadata storage + ServiceUserIDP: "internal", }, }, Events: config.Events{ @@ -125,9 +123,17 @@ func EnsureDefaults(cfg *config.Config) { cfg.UserSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + if cfg.UserSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" { + cfg.UserSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID + } + if cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + + if cfg.PublicSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" { + cfg.PublicSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/sharing/pkg/config/parser/parse.go b/extensions/sharing/pkg/config/parser/parse.go index a8a7b00e2a9..afc4d88b8ec 100644 --- a/extensions/sharing/pkg/config/parser/parse.go +++ b/extensions/sharing/pkg/config/parser/parse.go @@ -42,9 +42,17 @@ func Validate(cfg *config.Config) error { return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) } + if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.ServiceUserID == "" { + return shared.MissingMetadataUserID(cfg.Service.Name) + } + if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" { return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) } + if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.ServiceUserID == "" { + return shared.MissingMetadataUserID(cfg.Service.Name) + } + return nil } diff --git a/extensions/storage-metadata/pkg/command/command.go b/extensions/storage-metadata/pkg/command/command.go index 6631a4abe1d..54eff79d451 100644 --- a/extensions/storage-metadata/pkg/command/command.go +++ b/extensions/storage-metadata/pkg/command/command.go @@ -7,18 +7,18 @@ import ( "os" "path" - "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/parser" - "github.com/owncloud/ocis/ocis-pkg/log" - "github.com/owncloud/ocis/ocis-pkg/sync" - "github.com/owncloud/ocis/ocis-pkg/tracing" - + userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" "github.com/cs3org/reva/v2/cmd/revad/runtime" "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config" + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" "github.com/owncloud/ocis/extensions/storage/pkg/service/external" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/log" + "github.com/owncloud/ocis/ocis-pkg/sync" + "github.com/owncloud/ocis/ocis-pkg/tracing" "github.com/owncloud/ocis/ocis-pkg/version" "github.com/thejerf/suture/v4" "github.com/urfave/cli/v2" @@ -140,10 +140,74 @@ func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]in "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, - "interceptors": map[string]interface{}{ - "log": map[string]interface{}{}, - }, "services": map[string]interface{}{ + "gateway": map[string]interface{}{ + // registries are located on the gateway + "authregistrysvc": cfg.GRPC.Addr, + "storageregistrysvc": cfg.GRPC.Addr, + // user metadata is located on the users services + "userprovidersvc": cfg.GRPC.Addr, + "groupprovidersvc": cfg.GRPC.Addr, + "permissionssvc": cfg.GRPC.Addr, + // other + "disable_home_creation_on_login": true, // metadata manually creates a space + // metadata always uses the simple upload, so no transfer secret or datagateway needed + }, + "userprovider": map[string]interface{}{ + "driver": "memory", + "drivers": map[string]interface{}{ + "memory": map[string]interface{}{ + "users": map[string]interface{}{ + "serviceuser": map[string]interface{}{ + "id": map[string]interface{}{ + "opaqueId": cfg.MetadataUserID, + "idp": "internal", + "type": userpb.UserType_USER_TYPE_PRIMARY, + }, + "username": "serviceuser", + "display_name": "System User", + }, + }, + }, + }, + }, + "authregistry": map[string]interface{}{ + "driver": "static", + "drivers": map[string]interface{}{ + "static": map[string]interface{}{ + "rules": map[string]interface{}{ + "machine": cfg.GRPC.Addr, + }, + }, + }, + }, + "authprovider": map[string]interface{}{ + "auth_manager": "machine", + "auth_managers": map[string]interface{}{ + "machine": map[string]interface{}{ + "api_key": cfg.MachineAuthAPIKey, + "gateway_addr": cfg.GRPC.Addr, + }, + }, + }, + "permissions": map[string]interface{}{ + "driver": "demo", + "drivers": map[string]interface{}{ + "demo": map[string]interface{}{}, + }, + }, + "storageregistry": map[string]interface{}{ + "driver": "static", + "drivers": map[string]interface{}{ + "static": map[string]interface{}{ + "rules": map[string]interface{}{ + "/": map[string]interface{}{ + "address": cfg.GRPC.Addr, + }, + }, + }, + }, + }, "storageprovider": map[string]interface{}{ "driver": cfg.Driver, "drivers": config.MetadataDrivers(cfg), @@ -155,7 +219,7 @@ func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]in "http": map[string]interface{}{ "network": cfg.HTTP.Protocol, "address": cfg.HTTP.Addr, - // TODO build services dynamically + // no datagateway needed as the metadata clients directly talk to the dataprovider with the simple protocol "services": map[string]interface{}{ "dataprovider": map[string]interface{}{ "prefix": "data", diff --git a/extensions/storage-metadata/pkg/config/config.go b/extensions/storage-metadata/pkg/config/config.go index 97b69e2e93f..8c4475600fd 100644 --- a/extensions/storage-metadata/pkg/config/config.go +++ b/extensions/storage-metadata/pkg/config/config.go @@ -19,8 +19,10 @@ type Config struct { Context context.Context `yaml:"context"` - TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"STORAGE_METADATA_MACHINE_AUTH_API_KEY"` + MetadataUserID string `yaml:"metadata_user_id"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` Driver string `yaml:"driver" env:"STORAGE_METADATA_DRIVER" desc:"The driver which should be used by the service"` @@ -60,8 +62,8 @@ type GRPCConfig struct { } type HTTPConfig struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."` - Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` + Addr string `yaml:"addr" env:"STORAGE_METADATA_HTTP_ADDR" desc:"The address of the http service."` + Protocol string `yaml:"protocol" env:"STORAGE_METADATA_HTTP_PROTOCOL" desc:"The transport protocol of the http service."` } type Drivers struct { diff --git a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go index 270c468f5b0..4f274aa0ca1 100644 --- a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go @@ -59,7 +59,7 @@ func DefaultConfig() *config.Config { SecProtocol: "", Keytab: "", SingleUsername: "", - GatewaySVC: "127.0.0.1:9142", + GatewaySVC: "127.0.0.1:9215", }, Local: config.LocalDriver{ Root: filepath.Join(defaults.BaseDataPath(), "storage", "local", "metadata"), @@ -71,12 +71,12 @@ func DefaultConfig() *config.Config { Root: filepath.Join(defaults.BaseDataPath(), "storage", "metadata"), UserLayout: "{{.Id.OpaqueId}}", Region: "default", - PermissionsEndpoint: "127.0.0.1:9191", + PermissionsEndpoint: "127.0.0.1:9215", }, OCIS: config.OCISDriver{ Root: filepath.Join(defaults.BaseDataPath(), "storage", "metadata"), UserLayout: "{{.Id.OpaqueId}}", - PermissionsEndpoint: "127.0.0.1:9191", + PermissionsEndpoint: "127.0.0.1:9215", }, }, } @@ -121,6 +121,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } + + if cfg.MetadataUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" { + cfg.MetadataUserID = cfg.Commons.MetadataUserID + } + } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage-metadata/pkg/config/parser/parse.go b/extensions/storage-metadata/pkg/config/parser/parse.go index ae1ce03306d..413bbd52c55 100644 --- a/extensions/storage-metadata/pkg/config/parser/parse.go +++ b/extensions/storage-metadata/pkg/config/parser/parse.go @@ -38,5 +38,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + + if cfg.MetadataUserID == "" { + return shared.MissingMetadataUserID(cfg.Service.Name) + } return nil } diff --git a/extensions/storage-publiclink/pkg/config/config.go b/extensions/storage-publiclink/pkg/config/config.go index 2f9da5c66f1..92d412a6902 100644 --- a/extensions/storage-publiclink/pkg/config/config.go +++ b/extensions/storage-publiclink/pkg/config/config.go @@ -26,17 +26,17 @@ type Config struct { StorageProvider StorageProvider `yaml:"storage_provider"` } type Tracing struct { - Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."` - Type string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_METADATA_TRACING_TYPE"` - Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_METADATA_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` - Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_METADATA_TRACING_COLLECTOR"` + Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_PUBLICLINK_TRACING_ENABLED" desc:"Activates tracing."` + Type string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_PUBLICLINK_TRACING_TYPE"` + Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_PUBLICLINK_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` + Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_PUBLICLINK_TRACING_COLLECTOR"` } type Logging struct { - Level string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_METADATA_LOG_LEVEL" desc:"The log level."` - Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_METADATA_LOG_PRETTY" desc:"Activates pretty log output."` - Color bool `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_METADATA_LOG_COLOR" desc:"Activates colorized log output."` - File string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_METADATA_LOG_FILE" desc:"The target log file."` + Level string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_PUBLICLINK_LOG_LEVEL" desc:"The log level."` + Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_PUBLICLINK_LOG_PRETTY" desc:"Activates pretty log output."` + Color bool `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_PUBLICLINK_LOG_COLOR" desc:"Activates colorized log output."` + File string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_PUBLICLINK_LOG_FILE" desc:"The target log file."` } type Service struct { @@ -44,15 +44,15 @@ type Service struct { } type Debug struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_DEBUG_ADDR"` - Token string `yaml:"token" env:"STORAGE_METADATA_DEBUG_TOKEN"` - Pprof bool `yaml:"pprof" env:"STORAGE_METADATA_DEBUG_PPROF"` - Zpages bool `yaml:"zpages" env:"STORAGE_METADATA_DEBUG_ZPAGES"` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_DEBUG_ADDR"` + Token string `yaml:"token" env:"STORAGE_PUBLICLINK_DEBUG_TOKEN"` + Pprof bool `yaml:"pprof" env:"STORAGE_PUBLICLINK_DEBUG_PPROF"` + Zpages bool `yaml:"zpages" env:"STORAGE_PUBLICLINK_DEBUG_ZPAGES"` } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."` - Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The address of the grpc service."` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` } type AuthProvider struct { diff --git a/extensions/storage-shares/pkg/config/config.go b/extensions/storage-shares/pkg/config/config.go index 8f308c7fecd..4677edef2e2 100644 --- a/extensions/storage-shares/pkg/config/config.go +++ b/extensions/storage-shares/pkg/config/config.go @@ -26,17 +26,17 @@ type Config struct { SharesProviderEndpoint string `yaml:"shares_provider_endpoint"` } type Tracing struct { - Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."` - Type string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_METADATA_TRACING_TYPE"` - Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_METADATA_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` - Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_METADATA_TRACING_COLLECTOR"` + Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_SHARES_TRACING_ENABLED" desc:"Activates tracing."` + Type string `yaml:"type" env:"OCIS_TRACING_TYPE;STORAGE_SHARES_TRACING_TYPE"` + Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;STORAGE_SHARES_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` + Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;STORAGE_SHARES_TRACING_COLLECTOR"` } type Logging struct { - Level string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_METADATA_LOG_LEVEL" desc:"The log level."` - Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_METADATA_LOG_PRETTY" desc:"Activates pretty log output."` - Color bool `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_METADATA_LOG_COLOR" desc:"Activates colorized log output."` - File string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_METADATA_LOG_FILE" desc:"The target log file."` + Level string `yaml:"level" env:"OCIS_LOG_LEVEL;STORAGE_SHARES_LOG_LEVEL" desc:"The log level."` + Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;STORAGE_SHARES_LOG_PRETTY" desc:"Activates pretty log output."` + Color bool `yaml:"color" env:"OCIS_LOG_COLOR;STORAGE_SHARES_LOG_COLOR" desc:"Activates colorized log output."` + File string `yaml:"file" env:"OCIS_LOG_FILE;STORAGE_SHARES_LOG_FILE" desc:"The target log file."` } type Service struct { @@ -44,18 +44,18 @@ type Service struct { } type Debug struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_DEBUG_ADDR"` - Token string `yaml:"token" env:"STORAGE_METADATA_DEBUG_TOKEN"` - Pprof bool `yaml:"pprof" env:"STORAGE_METADATA_DEBUG_PPROF"` - Zpages bool `yaml:"zpages" env:"STORAGE_METADATA_DEBUG_ZPAGES"` + Addr string `yaml:"addr" env:"STORAGE_SHARES_DEBUG_ADDR"` + Token string `yaml:"token" env:"STORAGE_SHARES_DEBUG_TOKEN"` + Pprof bool `yaml:"pprof" env:"STORAGE_SHARES_DEBUG_PPROF"` + Zpages bool `yaml:"zpages" env:"STORAGE_SHARES_DEBUG_ZPAGES"` } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."` - Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The address of the grpc service."` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` } type HTTPConfig struct { - Addr string `yaml:"addr" env:"STORAGE_METADATA_GRPC_ADDR" desc:"The address of the grpc service."` - Protocol string `yaml:"protocol" env:"STORAGE_METADATA_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_HTTP_ADDR" desc:"The address of the grpc service."` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_HTTP_PROTOCOL" desc:"The transport protocol of the grpc service."` } diff --git a/extensions/storage/pkg/config/defaults/defaultconfig.go b/extensions/storage/pkg/config/defaults/defaultconfig.go index c573bfdccc1..0e2faf43df2 100644 --- a/extensions/storage/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage/pkg/config/defaults/defaultconfig.go @@ -331,9 +331,9 @@ func DefaultConfig() *config.Config { GRPCAddr: "127.0.0.1:9150", Services: []string{"usershareprovider", "publicshareprovider"}, }, - CS3ProviderAddr: "127.0.0.1:9215", + CS3ProviderAddr: "127.0.0.1:9215", // metadata storage CS3ServiceUser: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - CS3ServiceUserIdp: "https://localhost:9200", + CS3ServiceUserIdp: "internal", UserDriver: "json", UserJSONFile: path.Join(defaults.BaseDataPath(), "storage", "shares.json"), UserSQLUsername: "", diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index 33b9645d2ea..edd2d49772f 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -67,6 +67,7 @@ type Config struct { TokenManager *shared.TokenManager `yaml:"token_manager"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` + MetadataUserID string `yaml:"metadata_user_id"` Runtime Runtime `yaml:"runtime"` Audit *audit.Config `yaml:"audit"` diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go index 3c4939a23a3..cd5f8ab32b8 100644 --- a/ocis-pkg/config/parser/parse.go +++ b/ocis-pkg/config/parser/parse.go @@ -94,6 +94,10 @@ func EnsureCommons(cfg *config.Config) { cfg.Commons.TransferSecret = cfg.TransferSecret } + // copy metadata user id to the commons part if set + if cfg.MetadataUserID != "" { + cfg.Commons.MetadataUserID = cfg.MetadataUserID + } } func Validate(cfg *config.Config) error { @@ -109,5 +113,9 @@ func Validate(cfg *config.Config) error { return shared.MissingMachineAuthApiKeyError("ocis") } + if cfg.MetadataUserID == "" { + return shared.MissingMetadataUserID("ocis") + } + return nil } diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go index bb4b5f4ec79..de1ed5a8256 100644 --- a/ocis-pkg/shared/errors.go +++ b/ocis-pkg/shared/errors.go @@ -45,3 +45,11 @@ func MissingServiceUserPassword(service, serviceUser string) error { "the config/corresponding environment variable).", serviceUser, service, defaults.BaseConfigPath()) } + +func MissingMetadataUserID(service string) error { + return fmt.Errorf("The metadata user ID has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index f4cf19fc0bf..3497bed6114 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -44,4 +44,5 @@ type Commons struct { Reva *Reva `yaml:"reva"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` TransferSecret string `yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` + MetadataUserID string `yaml:"metadata_user_id" env:"METADATA_USER_ID"` } diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go index 8b2ca85bf05..5cce91746c6 100644 --- a/ocis/pkg/init/init.go +++ b/ocis/pkg/init/init.go @@ -9,6 +9,7 @@ import ( "path" "time" + "github.com/gofrs/uuid" "github.com/owncloud/ocis/ocis-pkg/generators" "gopkg.in/yaml.v2" ) @@ -99,6 +100,7 @@ type OcisConfig struct { TokenManager TokenManager `yaml:"token_manager"` MachineAuthApiKey string `yaml:"machine_auth_api_key"` TransferSecret string `yaml:"transfer_secret"` + MetadataUserID string `yaml:"metadata_user_id"` Graph GraphExtension Idp LdapBasedExtension Idm IdmExtension @@ -160,6 +162,8 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin return err } + metadataUserID := uuid.Must(uuid.NewV4()).String() + idmServicePassword, err := generators.GenerateRandomPassword(passwordLength) if err != nil { return fmt.Errorf("could not generate random password for idm: %s", err) @@ -199,6 +203,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin }, MachineAuthApiKey: machineAuthApiKey, TransferSecret: revaTransferSecret, + MetadataUserID: metadataUserID, Idm: IdmExtension{ ServiceUserPasswords: ServiceUserPasswordsSettings{ AdminPassword: ocisAdminServicePassword,