From 3d57f5cc2116fda79a54db0dd700b6156916f7e6 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 13 Oct 2022 11:24:07 +0200 Subject: [PATCH] Introduce TLS Settings for all reva grpc services and clients --- changelog/unreleased/grpc-tls.md | 6 ++++ ocis-pkg/shared/reva.go | 28 +++++++++++++++++++ ocis-pkg/shared/shared_types.go | 6 ++-- services/app-provider/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../app-provider/pkg/revaconfig/config.go | 10 +++++-- services/app-registry/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../app-registry/pkg/revaconfig/config.go | 10 +++++-- services/auth-basic/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/auth-basic/pkg/revaconfig/config.go | 6 ++++ services/auth-bearer/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/auth-bearer/pkg/revaconfig/config.go | 6 ++++ services/auth-machine/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../auth-machine/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/frontend/pkg/revaconfig/config.go | 1 + services/gateway/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 9 +++--- services/gateway/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 4 +-- services/graph/pkg/identity/cs3.go | 8 +++--- services/graph/pkg/service/v0/service.go | 2 +- services/groups/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/groups/pkg/revaconfig/config.go | 6 ++++ .../idp/pkg/config/defaults/defaultconfig.go | 8 +++--- .../notifications/pkg/channels/channels.go | 2 +- services/notifications/pkg/command/server.go | 5 +++- .../pkg/config/defaults/defaultconfig.go | 4 +-- services/ocdav/pkg/command/server.go | 13 ++++++++- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../ocs/pkg/config/defaults/defaultconfig.go | 8 +++--- services/ocs/pkg/service/v0/service.go | 2 +- services/proxy/pkg/command/server.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/search/pkg/service/v0/service.go | 2 +- services/sharing/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/sharing/pkg/revaconfig/config.go | 6 ++++ .../storage-publiclink/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../pkg/revaconfig/config.go | 6 ++++ services/storage-shares/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-shares/pkg/revaconfig/config.go | 6 ++++ services/storage-system/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-system/pkg/revaconfig/config.go | 6 ++++ services/storage-users/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- .../storage-users/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 8 ++---- services/thumbnails/pkg/server/grpc/server.go | 2 +- services/users/pkg/config/config.go | 9 ++++-- .../pkg/config/defaults/defaultconfig.go | 8 +++--- services/users/pkg/revaconfig/config.go | 6 ++++ .../pkg/config/defaults/defaultconfig.go | 4 +-- services/webdav/pkg/service/v0/service.go | 2 +- 63 files changed, 308 insertions(+), 149 deletions(-) create mode 100644 changelog/unreleased/grpc-tls.md create mode 100644 ocis-pkg/shared/reva.go diff --git a/changelog/unreleased/grpc-tls.md b/changelog/unreleased/grpc-tls.md new file mode 100644 index 000000000..2db050111 --- /dev/null +++ b/changelog/unreleased/grpc-tls.md @@ -0,0 +1,6 @@ +Enhancement: Allow to setup TLS for the reva grpc services + +We added config options to allow enabling TLS encrption for all reva backed +grpc services. + +https://github.com/owncloud/ocis/pull/4798 diff --git a/ocis-pkg/shared/reva.go b/ocis-pkg/shared/reva.go new file mode 100644 index 000000000..4f43ca908 --- /dev/null +++ b/ocis-pkg/shared/reva.go @@ -0,0 +1,28 @@ +package shared + +import "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool" + +var defaultRevaConfig = Reva{ + Address: "127.0.0.1:9142", +} + +func DefaultRevaConfig() *Reva { + // copy + ret := defaultRevaConfig + return &ret +} + +func (r *Reva) GetRevaOptions() []pool.Option { + tm, _ := pool.StringToTLSMode(r.TLSMode) + opts := []pool.Option{ + pool.WithTLSMode(tm), + } + return opts +} + +func (r *Reva) GetGRPCClientConfig() map[string]interface{} { + return map[string]interface{}{ + "tls_mode": r.TLSMode, + "tls_cacert": r.TLSCACert, + } +} diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index ec3997116..3aca81ada 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -29,9 +29,11 @@ type TokenManager struct { JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."` } -// Reva defines all available REVA configuration. +// Reva defines all available REVA client configuration. type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security."` + TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` } type CacheStore struct { diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index d77524228..9979e0668 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 8f045fe2c..92e000dc1 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-provider", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "", Drivers: config.Drivers{ WOPI: config.WOPIDriver{ @@ -67,7 +65,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-provider/pkg/revaconfig/config.go b/services/app-provider/pkg/revaconfig/config.go index 8b33d14a2..bf1526599 100644 --- a/services/app-provider/pkg/revaconfig/config.go +++ b/services/app-provider/pkg/revaconfig/config.go @@ -15,12 +15,18 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} { "tracing_service_name": cfg.Service.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.TokenManager.JWTSecret, - "gatewaysvc": cfg.Reva.Address, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appprovider": map[string]interface{}{ "app_provider_url": cfg.ExternalAddr, diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index b095d5afb..3531bc3f5 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -50,9 +50,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AppRegistry struct { diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index 3764bedf6..1efd04bcc 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "app-registry", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -132,7 +130,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/app-registry/pkg/revaconfig/config.go b/services/app-registry/pkg/revaconfig/config.go index 20b754348..f3e0d5ae9 100644 --- a/services/app-registry/pkg/revaconfig/config.go +++ b/services/app-registry/pkg/revaconfig/config.go @@ -17,12 +17,18 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri "tracing_service_name": cfg.Service.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.TokenManager.JWTSecret, - "gatewaysvc": cfg.Reva.Address, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "appregistry": map[string]interface{}{ "driver": "static", diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index b9352319a..40ceb6eb8 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AuthProviders struct { diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index 944872224..a926b9408 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-basic", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), AuthProvider: "ldap", AuthProviders: config.AuthProviders{ LDAP: config.LDAPProvider{ @@ -106,7 +104,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-basic/pkg/revaconfig/config.go b/services/auth-basic/pkg/revaconfig/config.go index 57cf6a80a..f47f04bf4 100644 --- a/services/auth-basic/pkg/revaconfig/config.go +++ b/services/auth-basic/pkg/revaconfig/config.go @@ -15,10 +15,16 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index 03bd72869..11007fe26 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type OIDC struct { diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 9386f68a2..42117bc10 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-bearer", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), OIDC: config.OIDC{ Issuer: "https://localhost:9200", Insecure: false, @@ -65,7 +63,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-bearer/pkg/revaconfig/config.go b/services/auth-bearer/pkg/revaconfig/config.go index b24f11e82..1445fbab4 100644 --- a/services/auth-bearer/pkg/revaconfig/config.go +++ b/services/auth-bearer/pkg/revaconfig/config.go @@ -15,10 +15,16 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "oidc", diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index efdd2747f..7431fa665 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -51,7 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index d34a332cb..679e61a1f 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-machine", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), } } @@ -60,7 +58,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/auth-machine/pkg/revaconfig/config.go b/services/auth-machine/pkg/revaconfig/config.go index bc2422156..a72300e47 100644 --- a/services/auth-machine/pkg/revaconfig/config.go +++ b/services/auth-machine/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ "auth_manager": "machine", diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 6ff6341fc..49b8a58dc 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "frontend", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PublicURL: "https://localhost:9200", EnableFavorites: false, EnableProjectSpaces: true, @@ -99,7 +97,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/frontend/pkg/revaconfig/config.go b/services/frontend/pkg/revaconfig/config.go index 7d98a1b6d..60070e7bd 100644 --- a/services/frontend/pkg/revaconfig/config.go +++ b/services/frontend/pkg/revaconfig/config.go @@ -73,6 +73,7 @@ func FrontendConfigFromStruct(cfg *config.Config) (map[string]interface{}, error "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, // Todo or address? "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "http": map[string]interface{}{ "network": cfg.HTTP.Protocol, diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index b0f4ce048..6eba084cb 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -73,9 +73,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageRegistry struct { diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index 2681f8332..a35b54dfe 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -28,10 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "gateway", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, - + Reva: shared.DefaultRevaConfig(), CommitShareToStorageGrant: true, ShareFolder: "Shares", DisableHomeCreationOnLogin: true, @@ -90,7 +87,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index d8deec31d..25ae057ca 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -24,10 +24,16 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "gateway": map[string]interface{}{ diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 0739d218a..3c7d72022 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ WebDavBase: "https://localhost:9200", WebDavPath: "/dav/spaces/", diff --git a/services/graph/pkg/identity/cs3.go b/services/graph/pkg/identity/cs3.go index af1496e0f..6aa804379 100644 --- a/services/graph/pkg/identity/cs3.go +++ b/services/graph/pkg/identity/cs3.go @@ -42,7 +42,7 @@ func (i *CS3) UpdateUser(ctx context.Context, nameOrID string, user libregraph.U func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) (*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUser") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -70,7 +70,7 @@ func (i *CS3) GetUser(ctx context.Context, userID string, queryParam url.Values) func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregraph.User, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetUsers") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -110,7 +110,7 @@ func (i *CS3) GetUsers(ctx context.Context, queryParam url.Values) ([]*libregrap func (i *CS3) GetGroups(ctx context.Context, queryParam url.Values) ([]*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroups") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) @@ -156,7 +156,7 @@ func (i *CS3) CreateGroup(ctx context.Context, group libregraph.Group) (*libregr func (i *CS3) GetGroup(ctx context.Context, groupID string, queryParam url.Values) (*libregraph.Group, error) { logger := i.Logger.SubloggerWithRequestID(ctx) logger.Debug().Str("backend", "cs3").Msg("GetGroup") - client, err := pool.GetGatewayServiceClient(i.Config.Address) + client, err := pool.GetGatewayServiceClient(i.Config.Address, i.Config.GetRevaOptions()...) if err != nil { logger.Error().Str("backend", "cs3").Err(err).Msg("could not get client") return nil, errorcode.New(errorcode.ServiceNotAvailable, err.Error()) diff --git a/services/graph/pkg/service/v0/service.go b/services/graph/pkg/service/v0/service.go index de0e89fea..cb7030494 100644 --- a/services/graph/pkg/service/v0/service.go +++ b/services/graph/pkg/service/v0/service.go @@ -66,7 +66,7 @@ func NewService(opts ...Option) Service { } if options.GatewayClient == nil { var err error - svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address) + svc.gatewayClient, err = pool.GetGatewayServiceClient(options.Config.Reva.Address, options.Config.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("Could not get gateway client") return nil diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 56760e67f..1373a5372 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type Drivers struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 351d4f888..594f88518 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "groups", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -107,7 +105,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 6e899c1a7..2209e784b 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "groupprovider": map[string]interface{}{ diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 0bff438f4..71ef857f5 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,7 @@ func DefaultConfig() *config.Config { TLSKey: filepath.Join(defaults.BaseDataPath(), "idp", "server.key"), TLS: false, }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Service: config.Service{ Name: "idp", }, @@ -155,7 +153,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index c1a018e6d..17151623c 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,7 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address, cfg.Notifications.Reva.GetRevaOptions()...) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index c2448efe8..f3feb7360 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,7 +77,10 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient( + cfg.Notifications.Reva.Address, + cfg.Notifications.Reva.GetRevaOptions()..., + ) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") } diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 5d7d9fdd7..5e03a5aa0 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), }, } } diff --git a/services/ocdav/pkg/command/server.go b/services/ocdav/pkg/command/server.go index afd3a06c1..0dabcbbfb 100644 --- a/services/ocdav/pkg/command/server.go +++ b/services/ocdav/pkg/command/server.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/cs3org/reva/v2/pkg/micro/ocdav" + "github.com/cs3org/reva/v2/pkg/sharedconf" "github.com/oklog/run" "github.com/owncloud/ocis/v2/ocis-pkg/broker" "github.com/owncloud/ocis/v2/ocis-pkg/config/configlog" @@ -38,7 +39,17 @@ func Server(cfg *config.Config) *cli.Command { defer cancel() gr.Add(func() error { - + // init reva shared config explicitly as the go-micro based ocdav does not use + // the reva runtime. But we need e.g. the shared client settings to be initialized + sc := map[string]interface{}{ + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, + "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), + } + if err := sharedconf.Decode(sc); err != nil { + logger.Error().Err(err).Msg("error decoding shared config for ocdav") + } opts := []ocdav.Option{ ocdav.Name(cfg.HTTP.Namespace + "." + cfg.Service.Name), ocdav.Version(version.GetString()), diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 11051c346..8739f0cc9 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocdav", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), WebdavNamespace: "/users/{{.Id.OpaqueId}}", FilesNamespace: "/users/{{.Id.OpaqueId}}", SharesNamespace: "/Shares", @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 97ddd3394..dd5b389cd 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Name: "ocs", }, AccountBackend: "cs3", - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), IdentityManagement: config.IdentityManagement{ Address: "https://localhost:9200", }, @@ -82,7 +80,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/service/v0/service.go b/services/ocs/pkg/service/v0/service.go index cf476d63e..60b7e2b08 100644 --- a/services/ocs/pkg/service/v0/service.go +++ b/services/ocs/pkg/service/v0/service.go @@ -118,7 +118,7 @@ func (o Ocs) NotFound(w http.ResponseWriter, r *http.Request) { } func (o Ocs) getCS3Backend() backend.UserBackend { - revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address, o.config.Reva.GetRevaOptions()...) if err != nil { o.logger.Fatal().Msgf("could not get reva client at address %s", o.config.Reva.Address) } diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 7cd82c96a..21075a1a4 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -128,7 +128,7 @@ func Server(cfg *config.Config) *cli.Command { func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) alice.Chain { rolesClient := settingssvc.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient()) - revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + revaClient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) var userProvider backend.UserBackend switch cfg.AccountBackend { case "cs3": diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index cd40c61f9..414d74227 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -49,9 +49,7 @@ func DefaultConfig() *config.Config { }, }, PolicySelector: nil, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), PreSignedURL: config.PreSignedURL{ AllowedHTTPMethods: []string{"GET"}, Enabled: true, @@ -244,7 +242,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index 495f8ec2b..3670bb3b4 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -30,9 +30,7 @@ func DefaultConfig() *config.Config { Name: "search", }, Datapath: path.Join(defaults.BaseDataPath(), "search"), - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Events: config.Events{ Endpoint: "127.0.0.1:9233", Cluster: "ocis-cluster", @@ -74,7 +72,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/search/pkg/service/v0/service.go b/services/search/pkg/service/v0/service.go index cd6a3baae..8dd12ba71 100644 --- a/services/search/pkg/service/v0/service.go +++ b/services/search/pkg/service/v0/service.go @@ -88,7 +88,7 @@ func NewHandler(opts ...Option) (searchsvc.SearchProviderHandler, error) { return nil, err } - gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address) + gwclient, err := pool.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.GetRevaOptions()...) if err != nil { logger.Fatal().Err(err).Str("addr", cfg.Reva.Address).Msg("could not get reva client") } diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 9d35a5221..1c5b34391 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -55,9 +55,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type UserSharingDrivers struct { diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index 5368f0337..cbf0cd122 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "sharing", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), UserSharingDriver: "jsoncs3", UserSharingDrivers: config.UserSharingDrivers{ JSON: config.UserSharingJSONDriver{ @@ -103,7 +101,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/sharing/pkg/revaconfig/config.go b/services/sharing/pkg/revaconfig/config.go index a054d85ad..cfef6b520 100644 --- a/services/sharing/pkg/revaconfig/config.go +++ b/services/sharing/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "usershareprovider": map[string]interface{}{ diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 311328f41..407b7cc8f 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -51,9 +51,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageProvider struct { diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index 229f3c19b..cdd955b39 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-publiclink", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), StorageProvider: config.StorageProvider{ MountID: "7993447f-687f-490d-875c-ac95e89a62a4", }, @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-publiclink/pkg/revaconfig/config.go b/services/storage-publiclink/pkg/revaconfig/config.go index ab335219d..af366d763 100644 --- a/services/storage-publiclink/pkg/revaconfig/config.go +++ b/services/storage-publiclink/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{ "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "interceptors": map[string]interface{}{ "log": map[string]interface{}{}, "prometheus": map[string]interface{}{ diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 8cacec592..d5e353da7 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -53,7 +53,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index ef14adef8..0b8836200 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -28,9 +28,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-shares", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), MountID: "7639e57c-4433-4a12-8201-722fd0009154", ReadOnly: false, SharesProviderEndpoint: "localhost:9150", @@ -63,7 +61,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-shares/pkg/revaconfig/config.go b/services/storage-shares/pkg/revaconfig/config.go index 320681317..cb9f9dd5c 100644 --- a/services/storage-shares/pkg/revaconfig/config.go +++ b/services/storage-shares/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "sharesstorageprovider": map[string]interface{}{ "usershareprovidersvc": cfg.SharesProviderEndpoint, diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index 31b23ed72..ab79d50fb 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -56,9 +56,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index 57ba2fe4c..c87388261 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-system", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9216/data", Driver: "ocis", Drivers: config.Drivers{ @@ -75,7 +73,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-system/pkg/revaconfig/config.go b/services/storage-system/pkg/revaconfig/config.go index aa7e64cfe..56534c542 100644 --- a/services/storage-system/pkg/revaconfig/config.go +++ b/services/storage-system/pkg/revaconfig/config.go @@ -18,10 +18,16 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, "services": map[string]interface{}{ "gateway": map[string]interface{}{ // registries are located on the gateway diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index d7b24f39f..da1117481 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -60,9 +60,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index c6865dcda..fa0796d28 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), DataServerURL: "http://localhost:9158/data", MountID: "1284d238-aa92-42ce-bdc4-0b0000009157", UploadExpiration: 24 * 60 * 60, @@ -113,7 +111,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/storage-users/pkg/revaconfig/config.go b/services/storage-users/pkg/revaconfig/config.go index 4bc0ce988..81d542fd1 100644 --- a/services/storage-users/pkg/revaconfig/config.go +++ b/services/storage-users/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "storageprovider": map[string]interface{}{ diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index b5dccb365..38fc8584e 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -42,11 +42,9 @@ func DefaultConfig() *config.Config { RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, WebdavAllowInsecure: false, - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + Reva: *shared.DefaultRevaConfig(), + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index b8e8d8e26..fc33d3361 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,7 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address) + gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address, tconf.Reva.GetRevaOptions()...) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 0fb0ede10..55430e580 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -52,9 +52,12 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` + TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE"` + TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 2d93cc13b..615e30913 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -31,9 +31,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "users", }, - Reva: &shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: shared.DefaultRevaConfig(), Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ @@ -108,7 +106,9 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, + Address: cfg.Commons.Reva.Address, + TLSMode: cfg.Commons.Reva.TLSMode, + TLSCACert: cfg.Commons.Reva.TLSCACert, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index c00b31506..27c7af7bd 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -17,10 +17,16 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, + "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), }, "grpc": map[string]interface{}{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, + "tls_settings": map[string]interface{}{ + "enabled": cfg.GRPC.TLSEnabled, + "certificate": cfg.GRPC.TLSCert, + "key": cfg.GRPC.TLSKey, + }, // TODO build services dynamically "services": map[string]interface{}{ "userprovider": map[string]interface{}{ diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 98e98d6c9..3e8f7cbfc 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -38,9 +38,7 @@ func DefaultConfig() *config.Config { }, OcisPublicURL: "https://127.0.0.1:9200", WebdavNamespace: "/users/{{.Id.OpaqueId}}", - Reva: shared.Reva{ - Address: "127.0.0.1:9142", - }, + Reva: *shared.DefaultRevaConfig(), } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index be33cc7a5..b0110ae67 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,7 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address) + gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address, conf.Reva.GetRevaOptions()...) if err != nil { return nil, err }