Introduce TLS Settings for all reva grpc services and clients

ocis-pkg/shared/reva.go

@@ -0,0 +1,28 @@
+package shared
+
+import "github.com/cs3org/reva/v2/pkg/rgrpc/todo/pool"
+
+var defaultRevaConfig = Reva{
+	Address: "127.0.0.1:9142",
+}
+
+func DefaultRevaConfig() *Reva {
+	// copy
+	ret := defaultRevaConfig
+	return &ret
+}
+
+func (r *Reva) GetRevaOptions() []pool.Option {
+	tm, _ := pool.StringToTLSMode(r.TLSMode)
+	opts := []pool.Option{
+		pool.WithTLSMode(tm),
+	}
+	return opts
+}
+
+func (r *Reva) GetGRPCClientConfig() map[string]interface{} {
+	return map[string]interface{}{
+		"tls_mode":   r.TLSMode,
+		"tls_cacert": r.TLSCACert,
+	}
+}

ocis-pkg/shared/shared_types.go

@@ -29,9 +29,11 @@ type TokenManager struct {
 	JWTSecret string `mask:"password" yaml:"jwt_secret" env:"OCIS_JWT_SECRET" desc:"The secret to mint and validate jwt tokens."`
 }
 
-// Reva defines all available REVA configuration.
+// Reva defines all available REVA client configuration.
 type Reva struct {
-	Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."`
+	Address   string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."`
+	TLSMode   string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security."`
+	TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."`
 }
 
 type CacheStore struct {