mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-05-07 12:01:27 -05:00
revert all changes to idp
This commit is contained in:
case0sh
@@ -19,12 +19,13 @@ package bootstrap
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os"
|
||||
|
||||
"github.com/libregraph/lico/bootstrap"
|
||||
"github.com/libregraph/lico/identifier"
|
||||
"github.com/libregraph/lico/identity"
|
||||
"github.com/libregraph/lico/identity/managers"
|
||||
cs3 "github.com/owncloud/ocis/v2/services/idp/pkg/backends/cs3/identifier"
|
||||
"os"
|
||||
)
|
||||
|
||||
// Identity managers.
|
||||
@@ -73,6 +74,7 @@ func NewIdentityManager(bs bootstrap.Bootstrap) (identity.Manager, error) {
|
||||
config.TLSClientConfig,
|
||||
// FIXME add a map[string]interface{} property to the lico config.Config so backends can pass custom config parameters through the bootstrap process
|
||||
os.Getenv("CS3_GATEWAY"),
|
||||
os.Getenv("CS3_MACHINE_AUTH_API_KEY"),
|
||||
config.Settings.Insecure,
|
||||
)
|
||||
if identifierErr != nil {
|
||||
|
||||
@@ -33,10 +33,11 @@ var cs3SpportedScopes = []string{
|
||||
type CS3Backend struct {
|
||||
supportedScopes []string
|
||||
|
||||
logger logrus.FieldLogger
|
||||
tlsConfig *tls.Config
|
||||
gatewayURI string
|
||||
insecure bool
|
||||
logger logrus.FieldLogger
|
||||
tlsConfig *tls.Config
|
||||
gatewayURI string
|
||||
machineAuthAPIKey string
|
||||
insecure bool
|
||||
|
||||
sessions cmap.ConcurrentMap
|
||||
|
||||
@@ -48,6 +49,7 @@ func NewCS3Backend(
|
||||
c *config.Config,
|
||||
tlsConfig *tls.Config,
|
||||
gatewayURI string,
|
||||
machineAuthAPIKey string,
|
||||
insecure bool,
|
||||
) (*CS3Backend, error) {
|
||||
|
||||
@@ -58,10 +60,11 @@ func NewCS3Backend(
|
||||
b := &CS3Backend{
|
||||
supportedScopes: supportedScopes,
|
||||
|
||||
logger: c.Logger,
|
||||
tlsConfig: tlsConfig,
|
||||
gatewayURI: gatewayURI,
|
||||
insecure: insecure,
|
||||
logger: c.Logger,
|
||||
tlsConfig: tlsConfig,
|
||||
gatewayURI: gatewayURI,
|
||||
machineAuthAPIKey: machineAuthAPIKey,
|
||||
insecure: insecure,
|
||||
|
||||
sessions: cmap.New(),
|
||||
}
|
||||
@@ -154,8 +157,9 @@ func (b *CS3Backend) ResolveUserByUsername(ctx context.Context, username string)
|
||||
client := cs3gateway.NewGatewayAPIClient(l)
|
||||
|
||||
res, err := client.Authenticate(ctx, &cs3gateway.AuthenticateRequest{
|
||||
Type: "machine",
|
||||
ClientId: "username:" + username,
|
||||
Type: "machine",
|
||||
ClientId: "username:" + username,
|
||||
ClientSecret: b.machineAuthAPIKey,
|
||||
})
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("cs3 backend machine authenticate rpc error: %v", err)
|
||||
|
||||
@@ -20,6 +20,8 @@ type Config struct {
|
||||
|
||||
Reva *shared.Reva `yaml:"reva"`
|
||||
|
||||
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;IDP_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."`
|
||||
|
||||
Asset Asset `yaml:"asset"`
|
||||
IDP Settings `yaml:"idp"`
|
||||
Clients []Client `yaml:"clients"`
|
||||
|
||||
@@ -159,6 +159,9 @@ func EnsureDefaults(cfg *config.Config) {
|
||||
cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva)
|
||||
}
|
||||
|
||||
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
|
||||
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
|
||||
}
|
||||
}
|
||||
|
||||
// Sanitize sanitizes the configuration
|
||||
|
||||
@@ -35,6 +35,10 @@ func ParseConfig(cfg *config.Config) error {
|
||||
|
||||
func Validate(cfg *config.Config) error {
|
||||
switch cfg.IDP.IdentityManager {
|
||||
case "cs3":
|
||||
if cfg.MachineAuthAPIKey == "" {
|
||||
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
|
||||
}
|
||||
case "ldap":
|
||||
if cfg.Ldap.BindPassword == "" {
|
||||
return shared.MissingLDAPBindPassword(cfg.Service.Name)
|
||||
|
||||
@@ -57,7 +57,7 @@ func NewService(opts ...Option) Service {
|
||||
switch options.Config.IDP.IdentityManager {
|
||||
case "cs3":
|
||||
cs3BackendSupport.MustRegister()
|
||||
if err := initCS3EnvVars(options.Config.Reva.Address); err != nil {
|
||||
if err := initCS3EnvVars(options.Config.Reva.Address, options.Config.MachineAuthAPIKey); err != nil {
|
||||
logger.Fatal().Err(err).Msg("could not initialize cs3 backend env vars")
|
||||
}
|
||||
case "ldap":
|
||||
@@ -152,9 +152,10 @@ func createTemporaryClientsConfig(filePath, ocisURL string, clients []config.Cli
|
||||
}
|
||||
|
||||
// Init cs3 backend vars which are currently not accessible via idp api
|
||||
func initCS3EnvVars(cs3Addr string) error {
|
||||
func initCS3EnvVars(cs3Addr, machineAuthAPIKey string) error {
|
||||
defaults := map[string]string{
|
||||
"CS3_GATEWAY": cs3Addr,
|
||||
"CS3_GATEWAY": cs3Addr,
|
||||
"CS3_MACHINE_AUTH_API_KEY": machineAuthAPIKey,
|
||||
}
|
||||
|
||||
for k, v := range defaults {
|
||||
|
||||
Generated
+311
-311
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user