From 67865904a0346eb6c3d08f245ee8fb0ec0ed4bb5 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 12 Oct 2022 15:48:54 +0200 Subject: [PATCH 1/5] Get rid of duplicated Reva config struct Consolidate all services to use the Reva config struct for the shared package. This works because all services (except 'notifications', 'thumbnails' and 'webdav') where using the same config keys and environment variables for setting the reva gateway. --- services/app-provider/pkg/config/config.go | 2 +- .../app-provider/pkg/config/defaults/defaultconfig.go | 6 +++--- services/app-provider/pkg/config/reva.go | 5 ----- services/app-registry/pkg/config/config.go | 2 +- .../app-registry/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/app-registry/pkg/config/reva.go | 5 ----- services/auth-basic/pkg/config/config.go | 2 +- .../auth-basic/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/auth-basic/pkg/config/reva.go | 5 ----- services/auth-bearer/pkg/config/config.go | 2 +- .../auth-bearer/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/auth-bearer/pkg/config/reva.go | 5 ----- services/auth-machine/pkg/config/config.go | 2 +- .../auth-machine/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/auth-machine/pkg/config/reva.go | 5 ----- services/frontend/pkg/config/config.go | 2 +- services/frontend/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/frontend/pkg/config/reva.go | 5 ----- services/gateway/pkg/config/config.go | 2 +- services/gateway/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/gateway/pkg/config/reva.go | 5 ----- services/graph/pkg/config/config.go | 2 +- services/graph/pkg/config/defaults/defaultconfig.go | 3 ++- services/graph/pkg/config/reva.go | 5 ----- services/graph/pkg/identity/cs3.go | 4 ++-- services/groups/pkg/config/config.go | 2 +- services/groups/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/groups/pkg/config/reva.go | 5 ----- services/idp/pkg/config/config.go | 2 +- services/idp/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/idp/pkg/config/reva.go | 6 ------ services/notifications/pkg/channels/channels.go | 2 +- services/notifications/pkg/command/server.go | 4 ++-- services/notifications/pkg/config/config.go | 10 +++++----- .../notifications/pkg/config/defaults/defaultconfig.go | 5 ++++- services/ocdav/pkg/config/config.go | 2 +- services/ocdav/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/ocdav/pkg/config/reva.go | 5 ----- services/ocs/pkg/config/config.go | 2 +- services/ocs/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/ocs/pkg/config/reva.go | 5 ----- services/proxy/pkg/config/config.go | 2 +- services/proxy/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/proxy/pkg/config/reva.go | 6 ------ services/search/pkg/config/config.go | 6 +++--- services/search/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/search/pkg/config/reva.go | 6 ------ services/sharing/pkg/config/config.go | 2 +- services/sharing/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/sharing/pkg/config/reva.go | 5 ----- services/storage-publiclink/pkg/config/config.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 7 ++++--- services/storage-publiclink/pkg/config/reva.go | 5 ----- services/storage-shares/pkg/config/config.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 7 ++++--- services/storage-shares/pkg/config/reva.go | 5 ----- services/storage-system/pkg/config/config.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 7 ++++--- services/storage-system/pkg/config/reva.go | 5 ----- services/storage-users/pkg/config/config.go | 2 +- .../storage-users/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/storage-users/pkg/config/reva.go | 5 ----- services/thumbnails/pkg/config/config.go | 2 +- .../thumbnails/pkg/config/defaults/defaultconfig.go | 9 ++++++--- services/thumbnails/pkg/server/grpc/server.go | 2 +- services/users/pkg/config/config.go | 2 +- services/users/pkg/config/defaults/defaultconfig.go | 7 ++++--- services/users/pkg/config/reva.go | 5 ----- services/webdav/pkg/config/config.go | 9 ++++----- services/webdav/pkg/config/defaults/defaultconfig.go | 5 ++++- services/webdav/pkg/service/v0/service.go | 2 +- 71 files changed, 130 insertions(+), 206 deletions(-) delete mode 100644 services/idp/pkg/config/reva.go delete mode 100644 services/proxy/pkg/config/reva.go delete mode 100644 services/search/pkg/config/reva.go diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index c6f84da93d8..d77524228b4 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` ExternalAddr string `yaml:"external_addr" env:"APP_PROVIDER_EXTERNAL_ADDR" desc:"Address of the app provider, where the GATEWAY service can reach it."` Driver string `yaml:"driver" env:"APP_PROVIDER_DRIVER" desc:"Driver, the APP PROVIDER services uses. Only \"wopi\" is supported as of now."` diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 2ba8a992e45..8f045fe2ca6 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -28,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-provider", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Driver: "", @@ -66,11 +66,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/app-provider/pkg/config/reva.go b/services/app-provider/pkg/config/reva.go index 135052cdcc9..9290c1ac4a5 100644 --- a/services/app-provider/pkg/config/reva.go +++ b/services/app-provider/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;APP_PROVIDER_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index 817d0b91b79..b095d5afb2f 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -17,7 +17,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` AppRegistry AppRegistry `yaml:"app_registry"` diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index c754f4e5064..3764bedf651 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/app-registry/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-registry", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, } @@ -130,11 +131,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/app-registry/pkg/config/reva.go b/services/app-registry/pkg/config/reva.go index 13e56d8da20..bc7eddf4fdd 100644 --- a/services/app-registry/pkg/config/reva.go +++ b/services/app-registry/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;APP_REGISTRY_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index 1458ca1078f..b9352319aca 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_BASIC_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups."` AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service like 'ldap'."` diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index a84df115d49..944872224e5 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/auth-basic/pkg/config" ) @@ -30,7 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-basic", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, AuthProvider: "ldap", @@ -104,11 +105,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/auth-basic/pkg/config/reva.go b/services/auth-basic/pkg/config/reva.go index 57793f4bcdd..6242d1caa59 100644 --- a/services/auth-basic/pkg/config/reva.go +++ b/services/auth-basic/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index 5503a2cefc1..03bd7286943 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_BEARER_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups."` diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 5b5aabdbd89..9386f68a212 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/auth-bearer/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-bearer", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, OIDC: config.OIDC{ @@ -63,11 +64,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/auth-bearer/pkg/config/reva.go b/services/auth-bearer/pkg/config/reva.go index 5335b8a7286..d556a052310 100644 --- a/services/auth-bearer/pkg/config/reva.go +++ b/services/auth-bearer/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index d0b2c0b545f..efdd2747ffb 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"AUTH_MACHINE_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the encoding of the user's group memberships in the reva access token. This reduces the token size, especially when users are members of a large number of groups."` diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index c861f8b3858..d34a332cbcc 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/auth-machine/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-machine", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, } @@ -58,11 +59,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/auth-machine/pkg/config/reva.go b/services/auth-machine/pkg/config/reva.go index 099a5b3fe32..14cb00d0892 100644 --- a/services/auth-machine/pkg/config/reva.go +++ b/services/auth-machine/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_MACHINE_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/frontend/pkg/config/config.go b/services/frontend/pkg/config/config.go index a3b92de916c..2af685f4a11 100644 --- a/services/frontend/pkg/config/config.go +++ b/services/frontend/pkg/config/config.go @@ -20,7 +20,7 @@ type Config struct { TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET" desc:"Transfer secret for signing file up- and download requests."` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"FRONTEND_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index b70f8095c77..6ff6341fc08 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/frontend/pkg/config" ) @@ -28,7 +29,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "frontend", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, PublicURL: "https://localhost:9200", @@ -97,11 +98,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/frontend/pkg/config/reva.go b/services/frontend/pkg/config/reva.go index 8f0f7d14e75..c24d8b808e2 100644 --- a/services/frontend/pkg/config/reva.go +++ b/services/frontend/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;FRONTEND_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 0114bb8c665..b0f4ce048c9 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -17,7 +17,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"GATEWAY_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index 94b9b32ace2..2681f8332e9 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/gateway/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "gateway", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, @@ -88,11 +89,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/gateway/pkg/config/reva.go b/services/gateway/pkg/config/reva.go index b781f8c32b8..957e54590d6 100644 --- a/services/gateway/pkg/config/reva.go +++ b/services/gateway/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GATEWAY_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 7caa0b643c6..a4f19e11505 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -19,7 +19,7 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` TokenManager *TokenManager `yaml:"token_manager"` Spaces Spaces `yaml:"spaces"` diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 34d05c2b09c..0739d218a2e 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/graph/pkg/config" ) @@ -29,7 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Spaces: config.Spaces{ diff --git a/services/graph/pkg/config/reva.go b/services/graph/pkg/config/reva.go index 4bacfc57629..e9314b7fc85 100644 --- a/services/graph/pkg/config/reva.go +++ b/services/graph/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GRAPH_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/graph/pkg/identity/cs3.go b/services/graph/pkg/identity/cs3.go index 015de11917f..af1496e0f46 100644 --- a/services/graph/pkg/identity/cs3.go +++ b/services/graph/pkg/identity/cs3.go @@ -11,7 +11,7 @@ import ( libregraph "github.com/owncloud/libre-graph-api-go" "github.com/owncloud/ocis/v2/ocis-pkg/log" - "github.com/owncloud/ocis/v2/services/graph/pkg/config" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/graph/pkg/service/v0/errorcode" ) @@ -20,7 +20,7 @@ var ( ) type CS3 struct { - Config *config.Reva + Config *shared.Reva Logger *log.Logger } diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index fb8e9ed13bc..56760e67fbf 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"GROUPS_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 822efa66dd4..351d4f88878 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/groups/pkg/config" ) @@ -30,7 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "groups", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Driver: "ldap", @@ -105,11 +106,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/groups/pkg/config/reva.go b/services/groups/pkg/config/reva.go index 82239b44c4e..ff28fdecf59 100644 --- a/services/groups/pkg/config/reva.go +++ b/services/groups/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GROUPS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/idp/pkg/config/config.go b/services/idp/pkg/config/config.go index 385ff180d33..515b6970c3e 100644 --- a/services/idp/pkg/config/config.go +++ b/services/idp/pkg/config/config.go @@ -18,7 +18,7 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 5076544959d..0bff438f456 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/idp/pkg/config" ) @@ -28,7 +29,7 @@ func DefaultConfig() *config.Config { TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"), TLS: false, }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Service: config.Service{ @@ -153,11 +154,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { diff --git a/services/idp/pkg/config/reva.go b/services/idp/pkg/config/reva.go deleted file mode 100644 index 5b4222251d7..00000000000 --- a/services/idp/pkg/config/reva.go +++ /dev/null @@ -1,6 +0,0 @@ -package config - -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"CS3 gateway used to authenticate and look up users"` -} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index 59928fbc267..c1a018e6d84 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,7 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway) + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index c27787ac337..c2448efe8b4 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,9 +77,9 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway) + gwclient, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) if err != nil { - logger.Fatal().Err(err).Str("addr", cfg.Notifications.RevaGateway).Msg("could not get reva client") + logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") } svc := service.NewEventsNotifier(evts, channel, logger, gwclient, cfg.Notifications.MachineAuthAPIKey, cfg.Notifications.EmailTemplatePath, cfg.Commons.OcisURL) diff --git a/services/notifications/pkg/config/config.go b/services/notifications/pkg/config/config.go index fae9ec89e83..652dc32dd5d 100644 --- a/services/notifications/pkg/config/config.go +++ b/services/notifications/pkg/config/config.go @@ -22,11 +22,11 @@ type Config struct { // Notifications defines the config options for the notifications service. type Notifications struct { - SMTP SMTP `yaml:"SMTP"` - Events Events `yaml:"events"` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY;NOTIFICATIONS_REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` - EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + SMTP SMTP `yaml:"SMTP"` + Events Events `yaml:"events"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` + Reva shared.Reva `yaml:"reva"` + EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` } // SMTP combines the smtp configuration options. diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 53f8faa1d6b..5d7d9fdd751 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/notifications/pkg/config" ) @@ -36,7 +37,9 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - RevaGateway: "127.0.0.1:9142", + Reva: shared.Reva{ + Address: "127.0.0.1:9142", + }, }, } } diff --git a/services/ocdav/pkg/config/config.go b/services/ocdav/pkg/config/config.go index 3ed98bf3e76..9f2d3f12f63 100644 --- a/services/ocdav/pkg/config/config.go +++ b/services/ocdav/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { HTTP HTTPConfig `yaml:"http"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"OCDAV_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 23d2c9561e6..11051c346c9 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/ocis-pkg/version" "github.com/owncloud/ocis/v2/services/ocdav/pkg/config" ) @@ -29,7 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocdav", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, WebdavNamespace: "/users/{{.Id.OpaqueId}}", @@ -80,11 +81,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/ocdav/pkg/config/reva.go b/services/ocdav/pkg/config/reva.go index 60374747e56..6c772dafa7b 100644 --- a/services/ocdav/pkg/config/reva.go +++ b/services/ocdav/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCDAV_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/ocs/pkg/config/config.go b/services/ocs/pkg/config/config.go index 9729fa19d73..4653d516864 100644 --- a/services/ocs/pkg/config/config.go +++ b/services/ocs/pkg/config/config.go @@ -20,7 +20,7 @@ type Config struct { HTTP HTTP `yaml:"http"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` IdentityManagement IdentityManagement `yaml:"identity_management"` diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 7e9c03ea94b..97ddd339416 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -3,6 +3,7 @@ package defaults import ( "strings" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/ocs/pkg/config" ) @@ -36,7 +37,7 @@ func DefaultConfig() *config.Config { Name: "ocs", }, AccountBackend: "cs3", - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, IdentityManagement: config.IdentityManagement{ @@ -80,11 +81,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/ocs/pkg/config/reva.go b/services/ocs/pkg/config/reva.go index d4f77cdc551..149233e36a9 100644 --- a/services/ocs/pkg/config/reva.go +++ b/services/ocs/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/proxy/pkg/config/config.go b/services/proxy/pkg/config/config.go index 886351589fa..c2b2236afda 100644 --- a/services/proxy/pkg/config/config.go +++ b/services/proxy/pkg/config/config.go @@ -18,7 +18,7 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` Policies []Policy `yaml:"policies"` OIDC OIDC `yaml:"oidc"` diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 06b5878c171..cd40c61f950 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/proxy/pkg/config" ) @@ -48,7 +49,7 @@ func DefaultConfig() *config.Config { }, }, PolicySelector: nil, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, PreSignedURL: config.PreSignedURL{ @@ -242,11 +243,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } } diff --git a/services/proxy/pkg/config/reva.go b/services/proxy/pkg/config/reva.go deleted file mode 100644 index c84988f53cb..00000000000 --- a/services/proxy/pkg/config/reva.go +++ /dev/null @@ -1,6 +0,0 @@ -package config - -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} diff --git a/services/search/pkg/config/config.go b/services/search/pkg/config/config.go index 5e4eed93442..b69832cd35f 100644 --- a/services/search/pkg/config/config.go +++ b/services/search/pkg/config/config.go @@ -18,9 +18,9 @@ type Config struct { GRPC GRPC `yaml:"grpc"` - Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."` - Reva *Reva `yaml:"reva"` - Events Events `yaml:"events"` + Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."` + Reva *shared.Reva `yaml:"reva"` + Events Events `yaml:"events"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;SEARCH_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index e3b2a5535a5..495f8ec2ba8 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/search/pkg/config" ) @@ -29,7 +30,7 @@ func DefaultConfig() *config.Config { Name: "search", }, Datapath: path.Join(defaults.BaseDataPath(), "search"), - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Events: config.Events{ @@ -72,11 +73,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } } diff --git a/services/search/pkg/config/reva.go b/services/search/pkg/config/reva.go deleted file mode 100644 index f0c218ad806..00000000000 --- a/services/search/pkg/config/reva.go +++ /dev/null @@ -1,6 +0,0 @@ -package config - -// Reva defines all available REVA configuration. -type Reva struct { - Address string `ocisConfig:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index b9b2714f5cd..9d35a5221cf 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` Events Events `yaml:"events"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"SHARING_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index d404b874d11..5368f0337f7 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/sharing/pkg/config" ) @@ -30,7 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "sharing", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, UserSharingDriver: "jsoncs3", @@ -101,11 +102,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/sharing/pkg/config/reva.go b/services/sharing/pkg/config/reva.go index 85b7124dd84..2f0576e0570 100644 --- a/services/sharing/pkg/config/reva.go +++ b/services/sharing/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;SHARING_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index c2569e51965..311328f417a 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"STORAGE_PUBLICLINK_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index 9d8670ebaf3..229f3c19b46 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/storage-publiclink/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-publiclink", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, StorageProvider: config.StorageProvider{ @@ -61,11 +62,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/storage-publiclink/pkg/config/reva.go b/services/storage-publiclink/pkg/config/reva.go index 06102c99d19..bc92edbfa88 100644 --- a/services/storage-publiclink/pkg/config/reva.go +++ b/services/storage-publiclink/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_PUBLICLINK_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 33a46d2ecb3..8cacec592bf 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"STORAGE_SHARES_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index 13047125a9b..ef14adef8a4 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/storage-shares/pkg/config" ) @@ -27,7 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-shares", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, MountID: "7639e57c-4433-4a12-8201-722fd0009154", @@ -61,11 +62,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/storage-shares/pkg/config/reva.go b/services/storage-shares/pkg/config/reva.go index 1905f490a30..dc5dd4dde15 100644 --- a/services/storage-shares/pkg/config/reva.go +++ b/services/storage-shares/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_SHARES_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index 5a87745fc90..31b23ed7237 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -17,7 +17,7 @@ type Config struct { HTTP HTTPConfig `yaml:"http"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."` SystemUserAPIKey string `yaml:"system_user_api_key" env:"OCIS_SYSTEM_USER_API_KEY" desc:"API key for the STORAGE-SYSTEM system user."` diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index 99188634a89..57ba2fe4c86 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/storage-system/pkg/config" ) @@ -35,7 +36,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-system", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, DataServerURL: "http://localhost:9216/data", @@ -73,11 +74,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/storage-system/pkg/config/reva.go b/services/storage-system/pkg/config/reva.go index f401016959e..5c8ff6d4c2b 100644 --- a/services/storage-system/pkg/config/reva.go +++ b/services/storage-system/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_SYSTEM_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index 3081c42e027..d7b24f39f44 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -17,7 +17,7 @@ type Config struct { HTTP HTTPConfig `yaml:"http"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"STORAGE_USERS_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index e1f98cb0002..c6865dcda86 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/storage-users/pkg/config" ) @@ -36,7 +37,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-users", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, DataServerURL: "http://localhost:9158/data", @@ -111,11 +112,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/storage-users/pkg/config/reva.go b/services/storage-users/pkg/config/reva.go index 3eed4000653..de111cde31a 100644 --- a/services/storage-users/pkg/config/reva.go +++ b/services/storage-users/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_USERS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/thumbnails/pkg/config/config.go b/services/thumbnails/pkg/config/config.go index 781a613f780..cd428e14d82 100644 --- a/services/thumbnails/pkg/config/config.go +++ b/services/thumbnails/pkg/config/config.go @@ -35,7 +35,7 @@ type Thumbnail struct { FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` //TODO: use REVA config + Reva shared.Reva `yaml:"reva"` FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index b6d3f8b7cdb..b5dccb365dc 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -5,6 +5,7 @@ import ( "strings" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/thumbnails/pkg/config" ) @@ -41,9 +42,11 @@ func DefaultConfig() *config.Config { RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, WebdavAllowInsecure: false, - RevaGateway: "127.0.0.1:9142", - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + Reva: shared.Reva{ + Address: "127.0.0.1:9142", + }, + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index 9f78524f0fc..b8e8d8e2686 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,7 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway) + gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 269151597ba..0fb0ede101f 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { GRPC GRPCConfig `yaml:"grpc"` TokenManager *TokenManager `yaml:"token_manager"` - Reva *Reva `yaml:"reva"` + Reva *shared.Reva `yaml:"reva"` SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token" env:"USERS_SKIP_USER_GROUPS_IN_TOKEN" desc:"Disables the loading of user's group memberships from the reva access token."` diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 2f7e8717038..2d93cc13bae 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -4,6 +4,7 @@ import ( "path/filepath" "github.com/owncloud/ocis/v2/ocis-pkg/config/defaults" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/users/pkg/config" ) @@ -30,7 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "users", }, - Reva: &config.Reva{ + Reva: &shared.Reva{ Address: "127.0.0.1:9142", }, Driver: "ldap", @@ -106,11 +107,11 @@ func EnsureDefaults(cfg *config.Config) { } if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { - cfg.Reva = &config.Reva{ + cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, } } else if cfg.Reva == nil { - cfg.Reva = &config.Reva{} + cfg.Reva = &shared.Reva{} } if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { diff --git a/services/users/pkg/config/reva.go b/services/users/pkg/config/reva.go index 110f374c45e..5ae00050890 100644 --- a/services/users/pkg/config/reva.go +++ b/services/users/pkg/config/reva.go @@ -1,10 +1,5 @@ package config -// Reva defines all available REVA configuration. -type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` -} - // TokenManager is the config for using the reva token manager type TokenManager struct { JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;USERS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` diff --git a/services/webdav/pkg/config/config.go b/services/webdav/pkg/config/config.go index 2e609335a0e..5e7091983c3 100644 --- a/services/webdav/pkg/config/config.go +++ b/services/webdav/pkg/config/config.go @@ -18,9 +18,8 @@ type Config struct { HTTP HTTP `yaml:"http"` - OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` - WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` - - Context context.Context `yaml:"-"` + OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` + WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` + Reva shared.Reva `yaml:"reva"` + Context context.Context `yaml:"-"` } diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 12ded296c78..98e98d6c904 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -3,6 +3,7 @@ package defaults import ( "strings" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/webdav/pkg/config" ) @@ -37,7 +38,9 @@ func DefaultConfig() *config.Config { }, OcisPublicURL: "https://127.0.0.1:9200", WebdavNamespace: "/users/{{.Id.OpaqueId}}", - RevaGateway: "127.0.0.1:9142", + Reva: shared.Reva{ + Address: "127.0.0.1:9142", + }, } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index 1daa30deb86..be33cc7a5b5 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,7 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway) + gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address) if err != nil { return nil, err } From 0d740682b0973630c3af8c5c0f1e42250ffcf8c3 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 13 Oct 2022 11:24:07 +0200 Subject: [PATCH 2/5] Introduce TLS Settings for all reva grpc services and clients --- changelog/unreleased/grpc-tls.md | 6 ++++ ocis-pkg/shared/reva.go | 28 +++++++++++++++++++ ocis-pkg/shared/shared_types.go | 6 ++-- services/app-provider/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../app-provider/pkg/revaconfig/config.go | 10 +++++-- services/app-registry/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../app-registry/pkg/revaconfig/config.go | 10 +++++-- services/auth-basic/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/auth-basic/pkg/revaconfig/config.go | 6 ++++ services/auth-bearer/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/auth-bearer/pkg/revaconfig/config.go | 6 ++++ services/auth-machine/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../auth-machine/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/frontend/pkg/revaconfig/config.go | 1 + services/gateway/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 9 +++--- services/gateway/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 4 +-- services/graph/pkg/identity/cs3.go | 8 +++--- services/graph/pkg/service/v0/service.go | 2 +- services/groups/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/groups/pkg/revaconfig/config.go | 6 ++++ .../idp/pkg/config/defaults/defaultconfig.go | 8 +++--- .../notifications/pkg/channels/channels.go | 2 +- services/notifications/pkg/command/server.go | 5 +++- .../pkg/config/defaults/defaultconfig.go | 4 +-- services/ocdav/pkg/command/server.go | 13 ++++++++- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../ocs/pkg/config/defaults/defaultconfig.go | 8 +++--- services/ocs/pkg/service/v0/service.go | 2 +- services/proxy/pkg/command/server.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/search/pkg/service/v0/service.go | 2 +- services/sharing/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/sharing/pkg/revaconfig/config.go | 6 ++++ .../storage-publiclink/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../pkg/revaconfig/config.go | 6 ++++ services/storage-shares/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-shares/pkg/revaconfig/config.go | 6 ++++ services/storage-system/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-system/pkg/revaconfig/config.go | 6 ++++ services/storage-users/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-users/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 8 ++---- services/thumbnails/pkg/server/grpc/server.go | 2 +- services/users/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/users/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 4 +-- services/webdav/pkg/service/v0/service.go | 2 +- 63 files changed, 308 insertions(+), 149 deletions(-) create mode 100644 changelog/unreleased/grpc-tls.md create mode 100644 ocis-pkg/shared/reva.go diff --git a/changelog/unreleased/grpc-tls.md b/changelog/unreleased/grpc-tls.md new file mode 100644 index 00000000000..2db05011136 --- /dev/null +++ b/changelog/unreleased/grpc-tls.md @@ -0,0 +1,6 @@ +Enhancement: Allow to setup TLS for the reva grpc services + +We added config options to allow enabling TLS encrption for all reva backed +grpc services. + +https://github.com/owncloud/ocis/pull/4798 diff --git a/ocis-pkg/shared/reva.go b/ocis-pkg/shared/reva.go new file mode 100644 index 00000000000..4f43ca90875 --- /dev/null +++ b/ocis-pkg/shared/reva.go @@ -0,0 +1,28 @@ +package shared + +import "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool" + +var defaultRevaConfig = Reva{ + Address: "127.0.0.1:9142", +} + +func DefaultRevaConfig() *Reva { + // copy + ret := defaultRevaConfig + return &ret +} + +func (r *Reva) GetRevaOptions() []pool.Option { + tm, _ := pool.StringToTLSMode(r.TLSMode) + opts := []pool.Option{ + pool.WithTLSMode(tm), + } + return opts +} + +func (r *Reva) GetGRPCClientConfig() map[string]interface{} { + return map[string]interface{}{ + "tls_mode": r.TLSMode, + "tls_cacert": r.TLSCACert, + } +} diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index ec3997116a3..3aca81ada7b 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -29,9 +29,11 @@ type TokenManager struct { JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` } -// Reva defines all available REVA configuration. +// Reva defines all available REVA client configuration. type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security."` + TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` } type CacheStore struct { diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index d77524228b4..9979e06684a 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 8f045fe2ca6..92e000dc176 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-provider", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "", Drivers: config.Drivers{ WOPI: config.WOPIDriver{ @@ -67,7 +65,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-provider/pkg/revaconfig/config.go b/services/app-provider/pkg/revaconfig/config.go index 8b33d14a29a..bf152659907 100644 --- a/services/app-provider/pkg/revaconfig/config.go +++ b/services/app-provider/pkg/revaconfig/config.go @@ -15,12 +15,18 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} { "tracing_service_name": cfg.Service.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.TokenManager.JWTSecret, - "gatewaysvc": cfg.Reva.Address, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appprovider": map[string]interface{}{ "app_provider_url": cfg.ExternalAddr, diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index b095d5afb2f..3531bc3f5a6 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -50,9 +50,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AppRegistry struct { diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index 3764bedf651..1efd04bcc9f 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-registry", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -132,7 +130,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-registry/pkg/revaconfig/config.go b/services/app-registry/pkg/revaconfig/config.go index 20b75434843..f3e0d5ae93f 100644 --- a/services/app-registry/pkg/revaconfig/config.go +++ b/services/app-registry/pkg/revaconfig/config.go @@ -17,12 +17,18 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri "tracing_service_name": cfg.Service.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.TokenManager.JWTSecret, - "gatewaysvc": cfg.Reva.Address, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appregistry": map[string]interface{}{ "driver": "static", diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index b9352319aca..40ceb6eb800 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AuthProviders struct { diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index 944872224e5..a926b940822 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-basic", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), AuthProvider: "ldap", AuthProviders: config.AuthProviders{ LDAP: config.LDAPProvider{ @@ -106,7 +104,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-basic/pkg/revaconfig/config.go b/services/auth-basic/pkg/revaconfig/config.go index 57cf6a80a7f..f47f04bf494 100644 --- a/services/auth-basic/pkg/revaconfig/config.go +++ b/services/auth-basic/pkg/revaconfig/config.go @@ -15,10 +15,16 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index 03bd7286943..11007fe2663 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type OIDC struct { diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 9386f68a212..42117bc104b 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-bearer", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), OIDC: config.OIDC{ Issuer: "https://localhost:9200", Insecure: false, @@ -65,7 +63,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-bearer/pkg/revaconfig/config.go b/services/auth-bearer/pkg/revaconfig/config.go index b24f11e8228..1445fbab4d1 100644 --- a/services/auth-bearer/pkg/revaconfig/config.go +++ b/services/auth-bearer/pkg/revaconfig/config.go @@ -15,10 +15,16 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "oidc", diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index efdd2747ffb..7431fa665ac 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -51,7 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index d34a332cbcc..679e61a1fc1 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-machine", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -60,7 +58,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-machine/pkg/revaconfig/config.go b/services/auth-machine/pkg/revaconfig/config.go index bc2422156bd..a72300e47bf 100644 --- a/services/auth-machine/pkg/revaconfig/config.go +++ b/services/auth-machine/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "machine", diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 6ff6341fc08..49b8a58dc52 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "frontend", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PublicURL: "https://localhost:9200", EnableFavorites: false, EnableProjectSpaces: true, @@ -99,7 +97,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 7d98a1b6d19..60070e7bde3 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -73,6 +73,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, // Todo or address? "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "http": map[string]interface{}{ "network": cfg.HTTP.Protocol, diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index b0f4ce048c9..6eba084cbcd 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -73,9 +73,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageRegistry struct { diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index 2681f8332e9..a35b54dfefb 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -28,10 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "gateway", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, - + Reva: shared.DefaultRevaConfig(), CommitShareToStorageGrant: true, ShareFolder: "Shares", DisableHomeCreationOnLogin: true, @@ -90,7 +87,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index d8deec31d99..25ae057ca87 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -24,10 +24,16 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "gateway": map[string]interface{}{ diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 0739d218a2e..3c7d7202218 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ WebDavBase: "https://localhost:9200", WebDavPath: "/dav/spaces/", diff --git a/services/graph/pkg/identity/cs3.go b/services/graph/pkg/identity/cs3.go index af1496e0f46..6aa8043792c 100644 --- a/services/graph/pkg/identity/cs3.go +++ b/services/graph/pkg/identity/cs3.go @@ -42,7 +42,7 @@ func (i *CS3) UpdateUser(ctx context.Context, nameOrID string, user libregraph.U func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) (*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUser") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -70,7 +70,7 @@ func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUsers") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -110,7 +110,7 @@ func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregrap func (i *CS3) GetGroups(ctx context.Context, queryParam url.Values) ([]*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroups") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -156,7 +156,7 @@ func (i *CS3) CreateGroup(ctx context.Context, group libregraph.Group) (*libregr func (i *CS3) GetGroup(ctx context.Context, groupID string, queryParam url.Values) (*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroup") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go index de0e89fea35..cb7030494c5 100644 --- a/services/graph/pkg/service/v0/service.go +++ b/services/graph/pkg/service/v0/service.go @@ -66,7 +66,7 @@ func NewService(opts ...Option) Service { } if options.GatewayClient == nil { var err error - svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address) + svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address, options.Config.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("Could not get gateway client") return nil diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 56760e67fbf..1373a537223 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type Drivers struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 351d4f88878..594f88518d8 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "groups", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -107,7 +105,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 6e899c1a752..2209e784b9f 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "groupprovider": map[string]interface{}{ diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 0bff438f456..71ef857f55a 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"), TLS: false, }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Service: config.Service{ Name: "idp", }, @@ -155,7 +153,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index c1a018e6d84..17151623ca1 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,7 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address, cfg.Notifications.Reva.GetRevaOptions()...) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index c2448efe8b4..f3feb736014 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,7 +77,10 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient( + cfg.Notifications.Reva.Address, + cfg.Notifications.Reva.GetRevaOptions()..., + ) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") } diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 5d7d9fdd751..5e03a5aa036 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), }, } } diff --git a/services/ocdav/pkg/command/server.go b/services/ocdav/pkg/command/server.go index afd3a06c12e..0dabcbbfb41 100644 --- a/services/ocdav/pkg/command/server.go +++ b/services/ocdav/pkg/command/server.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/cs3org/reva/v2/pkg/micro/ocdav" + "github.com/cs3org/reva/v2/pkg/sharedconf" "github.com/oklog/run" "github.com/owncloud/ocis/v2/ocis-pkg/broker" "github.com/owncloud/ocis/v2/ocis-pkg/config/configlog" @@ -38,7 +39,17 @@ func Server(cfg *config.Config) *cli.Command { defer cancel() gr.Add(func() error { - + // init reva shared config explicitly as the go-micro based ocdav does not use + // the reva runtime. But we need e.g. the shared client settings to be initialized + sc := map[string]interface{}{ + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), + } + if err := sharedconf.Decode(sc); err != nil { + logger.Error().Err(err).Msg("error decoding shared config for ocdav") + } opts := []ocdav.Option{ ocdav.Name(cfg.HTTP.Namespace + "." + cfg.Service.Name), ocdav.Version(version.GetString()), diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 11051c346c9..8739f0cc975 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocdav", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), WebdavNamespace: "/users/{{.Id.OpaqueId}}", FilesNamespace: "/users/{{.Id.OpaqueId}}", SharesNamespace: "/Shares", @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 97ddd339416..dd5b389cd81 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Name: "ocs", }, AccountBackend: "cs3", - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), IdentityManagement: config.IdentityManagement{ Address: "https://localhost:9200", }, @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/service/v0/service.go b/services/ocs/pkg/service/v0/service.go index cf476d63ebb..60b7e2b08b3 100644 --- a/services/ocs/pkg/service/v0/service.go +++ b/services/ocs/pkg/service/v0/service.go @@ -118,7 +118,7 @@ func (o Ocs) NotFound(w http.ResponseWriter, r *http.Request) { } func (o Ocs) getCS3Backend() backend.UserBackend { - revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address, o.config.Reva.GetRevaOptions()...) if err != nil { o.logger.Fatal().Msgf("could not get reva client at address %s", o.config.Reva.Address) } diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 7cd82c96a66..21075a1a4d7 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -128,7 +128,7 @@ func Server(cfg *config.Config) *cli.Command { func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) alice.Chain { rolesClient := settingssvc.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient()) - revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) var userProvider backend.UserBackend switch cfg.AccountBackend { case "cs3": diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index cd40c61f950..414d742270a 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -49,9 +49,7 @@ func DefaultConfig() *config.Config { }, }, PolicySelector: nil, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PreSignedURL: config.PreSignedURL{ AllowedHTTPMethods: []string{"GET"}, Enabled: true, @@ -244,7 +242,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index 495f8ec2ba8..3670bb3b41d 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Name: "search", }, Datapath: path.Join(defaults.BaseDataPath(), "search"), - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Events: config.Events{ Endpoint: "127.0.0.1:9233", Cluster: "ocis-cluster", @@ -74,7 +72,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/service/v0/service.go b/services/search/pkg/service/v0/service.go index cd6a3baaeef..8dd12ba7135 100644 --- a/services/search/pkg/service/v0/service.go +++ b/services/search/pkg/service/v0/service.go @@ -88,7 +88,7 @@ func NewHandler(opts ...Option) (searchsvc.SearchProviderHandler, error) { return nil, err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Reva.Address).Msg("could not get reva client") } diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 9d35a5221cf..1c5b3439176 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -55,9 +55,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type UserSharingDrivers struct { diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index 5368f0337f7..cbf0cd12201 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "sharing", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), UserSharingDriver: "jsoncs3", UserSharingDrivers: config.UserSharingDrivers{ JSON: config.UserSharingJSONDriver{ @@ -103,7 +101,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/sharing/pkg/revaconfig/config.go b/services/sharing/pkg/revaconfig/config.go index a054d85ad3d..cfef6b52040 100644 --- a/services/sharing/pkg/revaconfig/config.go +++ b/services/sharing/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "usershareprovider": map[string]interface{}{ diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 311328f417a..407b7cc8f15 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageProvider struct { diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index 229f3c19b46..cdd955b3945 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-publiclink", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), StorageProvider: config.StorageProvider{ MountID: "7993447f-687f-490d-875c-ac95e89a62a4", }, @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-publiclink/pkg/revaconfig/config.go b/services/storage-publiclink/pkg/revaconfig/config.go index ab335219d50..af366d76301 100644 --- a/services/storage-publiclink/pkg/revaconfig/config.go +++ b/services/storage-publiclink/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{ "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "interceptors": map[string]interface{}{ "log": map[string]interface{}{}, "prometheus": map[string]interface{}{ diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 8cacec592bf..d5e353da744 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -53,7 +53,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index ef14adef8a4..0b8836200d1 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-shares", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), MountID: "7639e57c-4433-4a12-8201-722fd0009154", ReadOnly: false, SharesProviderEndpoint: "localhost:9150", @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-shares/pkg/revaconfig/config.go b/services/storage-shares/pkg/revaconfig/config.go index 320681317fc..cb9f9dd5c72 100644 --- a/services/storage-shares/pkg/revaconfig/config.go +++ b/services/storage-shares/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "sharesstorageprovider": map[string]interface{}{ "usershareprovidersvc": cfg.SharesProviderEndpoint, diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index 31b23ed7237..ab79d50fb53 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -56,9 +56,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index 57ba2fe4c86..c8738826160 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-system", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9216/data", Driver: "ocis", Drivers: config.Drivers{ @@ -75,7 +73,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-system/pkg/revaconfig/config.go b/services/storage-system/pkg/revaconfig/config.go index aa7e64cfefa..56534c54263 100644 --- a/services/storage-system/pkg/revaconfig/config.go +++ b/services/storage-system/pkg/revaconfig/config.go @@ -18,10 +18,16 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "gateway": map[string]interface{}{ // registries are located on the gateway diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index d7b24f39f44..da11174815b 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -60,9 +60,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index c6865dcda86..fa0796d288f 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9158/data", MountID: "1284d238-aa92-42ce-bdc4-0b0000009157", UploadExpiration: 24 * 60 * 60, @@ -113,7 +111,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-users/pkg/revaconfig/config.go b/services/storage-users/pkg/revaconfig/config.go index 4bc0ce98804..81d542fd180 100644 --- a/services/storage-users/pkg/revaconfig/config.go +++ b/services/storage-users/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "storageprovider": map[string]interface{}{ diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index b5dccb365dc..38fc8584eef 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -42,11 +42,9 @@ func DefaultConfig() *config.Config { RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, WebdavAllowInsecure: false, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + Reva: *shared.DefaultRevaConfig(), + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index b8e8d8e2686..fc33d33615f 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,7 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address) + gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address, tconf.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 0fb0ede101f..55430e580da 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 2d93cc13bae..615e3091312 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -108,7 +106,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index c00b31506f0..27c7af7bd0c 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "userprovider": map[string]interface{}{ diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 98e98d6c904..3e8f7cbfc79 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -38,9 +38,7 @@ func DefaultConfig() *config.Config { }, OcisPublicURL: "https://127.0.0.1:9200", WebdavNamespace: "/users/{{.Id.OpaqueId}}", - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index be33cc7a5b5..b0110ae67c9 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,7 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address) + gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address, conf.Reva.GetRevaOptions()...) if err != nil { return nil, err } From 0abd026dac425ce3e4fdbf6dadba42aa39548af6 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 13 Oct 2022 11:25:47 +0200 Subject: [PATCH 3/5] Explicitly disable TLS for the permissions client This is needed as the permission server (provided by the settings service) is not TLS enabled yet. --- services/storage-users/pkg/revaconfig/user.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/services/storage-users/pkg/revaconfig/user.go b/services/storage-users/pkg/revaconfig/user.go index ca06607772f..f3dd247f35d 100644 --- a/services/storage-users/pkg/revaconfig/user.go +++ b/services/storage-users/pkg/revaconfig/user.go @@ -95,6 +95,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.OCIS.PermissionsEndpoint, + "permissionssvc_tls_mode": "off", }, "s3": map[string]interface{}{ "enable_home": false, @@ -114,6 +115,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.S3NG.PermissionsEndpoint, + "permissionssvc_tls_mode": "off", "s3.region": cfg.Drivers.S3NG.Region, "s3.access_key": cfg.Drivers.S3NG.AccessKey, "s3.secret_key": cfg.Drivers.S3NG.SecretKey, From 24fc6fb77046a0a46d68373d58fe7962f45c8e17 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 20 Oct 2022 11:56:17 +0200 Subject: [PATCH 4/5] Revert backwards incompatible reva config changes The commit of unifying the Reva Client config introduced some backwards incompatible changes to the config structures and yaml config tags. For the "thumbnails", "webdav" and "notifications" service. This reverts the changes on the service and introduces TLS options in a backwards compatible manner. --- .../notifications/pkg/channels/channels.go | 10 +++++++++- services/notifications/pkg/command/server.go | 11 ++++++++--- services/notifications/pkg/config/config.go | 12 +++++++----- .../pkg/config/defaults/defaultconfig.go | 4 +++- services/thumbnails/pkg/config/config.go | 18 ++++++++++-------- .../pkg/config/defaults/defaultconfig.go | 10 ++++++---- services/thumbnails/pkg/server/grpc/server.go | 10 +++++++++- services/webdav/pkg/config/config.go | 10 ++++++---- .../pkg/config/defaults/defaultconfig.go | 8 +++++--- services/webdav/pkg/service/v0/service.go | 9 ++++++++- 10 files changed, 71 insertions(+), 31 deletions(-) diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index 17151623ca1..0a27b1f14d5 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,15 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address, cfg.Notifications.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + if err != nil { + logger.Error().Err(err).Msg("could not get gateway client tls mode") + return nil, err + } + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway, + pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index f3feb736014..b1902689933 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,12 +77,17 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } + tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + if err != nil { + return err + } gwclient, err := pool.GetGatewayServiceClient( - cfg.Notifications.Reva.Address, - cfg.Notifications.Reva.GetRevaOptions()..., + cfg.Notifications.RevaGateway, + pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), ) if err != nil { - logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") + logger.Fatal().Err(err).Str("addr", cfg.Notifications.RevaGateway).Msg("could not get reva client") } svc := service.NewEventsNotifier(evts, channel, logger, gwclient, cfg.Notifications.MachineAuthAPIKey, cfg.Notifications.EmailTemplatePath, cfg.Commons.OcisURL) diff --git a/services/notifications/pkg/config/config.go b/services/notifications/pkg/config/config.go index 652dc32dd5d..7d5fb3be0b2 100644 --- a/services/notifications/pkg/config/config.go +++ b/services/notifications/pkg/config/config.go @@ -22,11 +22,13 @@ type Config struct { // Notifications defines the config options for the notifications service. type Notifications struct { - SMTP SMTP `yaml:"SMTP"` - Events Events `yaml:"events"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` - Reva shared.Reva `yaml:"reva"` - EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + SMTP SMTP `yaml:"SMTP"` + Events Events `yaml:"events"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` + EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` } // SMTP combines the smtp configuration options. diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 5e03a5aa036..552d9f560f8 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,7 +37,9 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - Reva: *shared.DefaultRevaConfig(), + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, }, } } diff --git a/services/thumbnails/pkg/config/config.go b/services/thumbnails/pkg/config/config.go index cd428e14d82..24b6440b55b 100644 --- a/services/thumbnails/pkg/config/config.go +++ b/services/thumbnails/pkg/config/config.go @@ -31,12 +31,14 @@ type FileSystemStorage struct { // Thumbnail defines the available thumbnail related configuration. type Thumbnail struct { - Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` - FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` - WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` - CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` - Reva shared.Reva `yaml:"reva"` - FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` - TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` - DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` + Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` + FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` + WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` + CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` + TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` + DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` } diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index 38fc8584eef..d0b2c341ef6 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -41,10 +41,12 @@ func DefaultConfig() *config.Config { FileSystemStorage: config.FileSystemStorage{ RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, - WebdavAllowInsecure: false, - Reva: *shared.DefaultRevaConfig(), - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + WebdavAllowInsecure: false, + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index fc33d33615f..0ad60848a12 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,15 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address, tconf.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(tconf.RevaGatewayTLSMode) + if err != nil { + options.Logger.Error().Err(err).Msg("could not get gateway client tls mode") + return grpc.Service{} + } + gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway, + pool.WithTLSCACert(tconf.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/webdav/pkg/config/config.go b/services/webdav/pkg/config/config.go index 5e7091983c3..6f28afbc995 100644 --- a/services/webdav/pkg/config/config.go +++ b/services/webdav/pkg/config/config.go @@ -18,8 +18,10 @@ type Config struct { HTTP HTTP `yaml:"http"` - OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` - WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` - Reva shared.Reva `yaml:"reva"` - Context context.Context `yaml:"-"` + OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` + WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + Context context.Context `yaml:"-"` } diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 3e8f7cbfc79..ae6adb85a5d 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,11 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "webdav", }, - OcisPublicURL: "https://127.0.0.1:9200", - WebdavNamespace: "/users/{{.Id.OpaqueId}}", - Reva: *shared.DefaultRevaConfig(), + OcisPublicURL: "https://127.0.0.1:9200", + WebdavNamespace: "/users/{{.Id.OpaqueId}}", + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index b0110ae67c9..ccd5bfe960d 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,14 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address, conf.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(conf.RevaGatewayTLSMode) + if err != nil { + return nil, err + } + gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway, + pool.WithTLSCACert(conf.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { return nil, err } From 05ecd4d42243458e6c049a5ec542b26c62100e53 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 20 Oct 2022 12:16:57 +0200 Subject: [PATCH 5/5] Add documentation tags for grpc server TLS options --- ocis-pkg/shared/shared_types.go | 2 +- services/app-provider/pkg/config/config.go | 4 ++-- services/app-registry/pkg/config/config.go | 4 ++-- services/auth-basic/pkg/config/config.go | 4 ++-- services/auth-bearer/pkg/config/config.go | 4 ++-- services/auth-machine/pkg/config/config.go | 4 ++-- services/gateway/pkg/config/config.go | 4 ++-- services/groups/pkg/config/config.go | 4 ++-- services/sharing/pkg/config/config.go | 4 ++-- services/storage-publiclink/pkg/config/config.go | 4 ++-- services/storage-shares/pkg/config/config.go | 4 ++-- services/storage-system/pkg/config/config.go | 4 ++-- services/storage-users/pkg/config/config.go | 4 ++-- services/users/pkg/config/config.go | 4 ++-- 14 files changed, 27 insertions(+), 27 deletions(-) diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index 3aca81ada7b..493d0304751 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -32,7 +32,7 @@ type TokenManager struct { // Reva defines all available REVA client configuration. type Reva struct { Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` - TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security."` + TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` } diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index 9979e06684a..2b62c23280e 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -54,8 +54,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index 3531bc3f5a6..b44287a19e5 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -52,8 +52,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index 40ceb6eb800..26aea8518c4 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -53,8 +53,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index 11007fe2663..d3bc9abe878 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -53,8 +53,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index 7431fa665ac..9989c7c35f0 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -53,8 +53,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 6eba084cbcd..46d37ecbcbe 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -75,8 +75,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 1373a537223..8d9d962a661 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -54,8 +54,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 1c5b3439176..83e11bb048e 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -57,8 +57,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 407b7cc8f15..34d9620c56d 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -53,8 +53,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index d5e353da744..5e5c7d23e6c 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -55,8 +55,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index ab79d50fb53..eae54daec5f 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -58,8 +58,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index da11174815b..e348a76351e 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -62,8 +62,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 55430e580da..829b82c39e8 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -54,8 +54,8 @@ type Debug struct { type GRPCConfig struct { Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` Namespace string `yaml:"-"` Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` }