From 57e4e708889f3c68223cb82703bd1255e5d2e5f8 Mon Sep 17 00:00:00 2001 From: David Christofas Date: Tue, 19 Apr 2022 15:07:11 +0200 Subject: [PATCH] remove auth basic command to improve config code --- extensions/auth-basic/pkg/command/command.go | 221 ++++++++++++++++++ extensions/auth-basic/pkg/config/config.go | 101 ++++++++ .../pkg/config/defaults/defaultconfig.go | 83 +++++++ extensions/storage/pkg/command/authbasic.go | 176 -------------- extensions/storage/pkg/command/root.go | 2 +- extensions/storage/pkg/server/debug/option.go | 24 ++ extensions/storage/pkg/server/debug/server.go | 6 +- extensions/storage/pkg/tracing/tracing.go | 10 +- ocis-pkg/config/config.go | 2 + ocis-pkg/config/defaultconfig.go | 2 + ocis-pkg/ldap/ldap.go | 25 ++ ocis-pkg/tracing/tracing.go | 33 +++ ocis/pkg/command/storageauthbasic.go | 4 +- ocis/pkg/runtime/service/service.go | 6 +- 14 files changed, 505 insertions(+), 190 deletions(-) create mode 100644 extensions/auth-basic/pkg/command/command.go create mode 100644 extensions/auth-basic/pkg/config/config.go create mode 100644 extensions/auth-basic/pkg/config/defaults/defaultconfig.go delete mode 100644 extensions/storage/pkg/command/authbasic.go create mode 100644 ocis-pkg/ldap/ldap.go diff --git a/extensions/auth-basic/pkg/command/command.go b/extensions/auth-basic/pkg/command/command.go new file mode 100644 index 0000000000..7e7a8e6aa8 --- /dev/null +++ b/extensions/auth-basic/pkg/command/command.go @@ -0,0 +1,221 @@ +package command + +import ( + "context" + "flag" + "os" + "path" + "path/filepath" + + "github.com/cs3org/reva/v2/cmd/revad/runtime" + "github.com/gofrs/uuid" + "github.com/oklog/run" + "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" + "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/ldap" + "github.com/owncloud/ocis/ocis-pkg/log" + "github.com/owncloud/ocis/ocis-pkg/sync" + "github.com/owncloud/ocis/ocis-pkg/tracing" + "github.com/thejerf/suture/v4" + "github.com/urfave/cli/v2" +) + +// Command is the entrypoint for the auth-basic command. +func AuthBasic(cfg *config.Config) *cli.Command { + return &cli.Command{ + Name: "auth-basic", + Usage: "start authprovider for basic auth", + // Before: func(c *cli.Context) error { + // return ParseConfig(c, cfg, "storage-auth-basic") + // }, + Action: func(c *cli.Context) error { + logCfg := cfg.Logging + logger := log.NewLogger( + log.Level(logCfg.Level), + log.File(logCfg.File), + log.Pretty(logCfg.Pretty), + log.Color(logCfg.Color), + ) + tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger) + gr := run.Group{} + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // pre-create folders + if cfg.Service.AuthManager == "json" && cfg.Service.AuthManagers.JSON.Users != "" { + if err := os.MkdirAll(filepath.Dir(cfg.Service.AuthManagers.JSON.Users), os.FileMode(0700)); err != nil { + return err + } + } + + uuid := uuid.Must(uuid.NewV4()) + + pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid") + + rcfg := authBasicConfigFromStruct(c, cfg) + logger.Debug(). + Str("server", "authbasic"). + Interface("reva-config", rcfg). + Msg("config") + + if cfg.Service.AuthManager == "ldap" { + ldapCfg := cfg.Service.AuthManagers.LDAP + if err := ldap.WaitForCA(logger, ldapCfg.Insecure, ldapCfg.CACert); err != nil { + logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist") + return err + } + } + + gr.Add(func() error { + runtime.RunWithOptions(rcfg, pidFile, runtime.WithLogger(&logger.Logger)) + return nil + }, func(_ error) { + logger.Info(). + Str("server", c.Command.Name). + Msg("Shutting down server") + + cancel() + }) + + debugServer, err := debug.Server( + debug.Name(c.Command.Name+"-debug"), + debug.Addr(cfg.DebugService.Address), + debug.Logger(logger), + debug.Context(ctx), + debug.Pprof(cfg.DebugService.Pprof), + debug.Zpages(cfg.DebugService.Zpages), + debug.Token(cfg.DebugService.Token), + ) + + if err != nil { + logger.Info().Err(err).Str("server", "debug").Msg("Failed to initialize server") + return err + } + + gr.Add(debugServer.ListenAndServe, func(_ error) { + cancel() + }) + + if !cfg.Supervised { + sync.Trap(&gr, cancel) + } + + return gr.Run() + }, + } +} + +// authBasicConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service. +func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} { + rcfg := map[string]interface{}{ + "core": map[string]interface{}{ + // "max_cpus": cfg.Reva.AuthBasic.MaxCPUs, <-- Default is use all CPUs so remove this. + "tracing_enabled": cfg.Tracing.Enabled, + "tracing_endpoint": cfg.Tracing.Endpoint, + "tracing_collector": cfg.Tracing.Collector, + "tracing_service_name": c.Command.Name, + }, + "shared": map[string]interface{}{ + "jwt_secret": cfg.Service.JWTSecret, + "gatewaysvc": cfg.Service.GatewayEndpoint, + "skip_user_groups_in_token": cfg.Service.SkipUserGroupsInToken, + }, + "grpc": map[string]interface{}{ + "network": cfg.Service.Network, + "address": cfg.Service.Address, + // TODO build services dynamically + "services": map[string]interface{}{ + "authprovider": map[string]interface{}{ + "auth_manager": cfg.Service.AuthManager, + "auth_managers": map[string]interface{}{ + "json": map[string]interface{}{ + "users": cfg.Service.AuthManagers.JSON.Users, // TODO rename config option + }, + "ldap": ldapConfigFromString(cfg.Service.AuthManagers.LDAP), + "owncloudsql": map[string]interface{}{ + "dbusername": cfg.Service.AuthManagers.OwnCloudSQL.DBUsername, + "dbpassword": cfg.Service.AuthManagers.OwnCloudSQL.DBPassword, + "dbhost": cfg.Service.AuthManagers.OwnCloudSQL.DBHost, + "dbport": cfg.Service.AuthManagers.OwnCloudSQL.DBPort, + "dbname": cfg.Service.AuthManagers.OwnCloudSQL.DBName, + "idp": cfg.Service.AuthManagers.OwnCloudSQL.IDP, + "nobody": cfg.Service.AuthManagers.OwnCloudSQL.Nobody, + "join_username": cfg.Service.AuthManagers.OwnCloudSQL.JoinUsername, + "join_ownclouduuid": cfg.Service.AuthManagers.OwnCloudSQL.JoinOwnCloudUUID, + }, + }, + }, + }, + }, + } + return rcfg +} + +// AuthBasicSutureService allows for the storage-authbasic command to be embedded and supervised by a suture supervisor tree. +type AuthBasicSutureService struct { + cfg *config.Config +} + +// NewAuthBasicSutureService creates a new store.AuthBasicSutureService +func NewAuthBasic(cfg *ociscfg.Config) suture.Service { + cfg.AuthBasic.Commons = cfg.Commons + return AuthBasicSutureService{ + cfg: cfg.AuthBasic, + } +} + +func (s AuthBasicSutureService) Serve(ctx context.Context) error { + // s.cfg.Reva.AuthBasic.Context = ctx + f := &flag.FlagSet{} + cmdFlags := AuthBasic(s.cfg).Flags + for k := range cmdFlags { + if err := cmdFlags[k].Apply(f); err != nil { + return err + } + } + cliCtx := cli.NewContext(nil, f, nil) + if AuthBasic(s.cfg).Before != nil { + if err := AuthBasic(s.cfg).Before(cliCtx); err != nil { + return err + } + } + if err := AuthBasic(s.cfg).Action(cliCtx); err != nil { + return err + } + + return nil +} + +func ldapConfigFromString(cfg config.LDAPManager) map[string]interface{} { + return map[string]interface{}{ + "uri": cfg.URI, + "cacert": cfg.CACert, + "insecure": cfg.Insecure, + "bind_username": cfg.BindDN, + "bind_password": cfg.BindPassword, + "user_base_dn": cfg.UserBaseDN, + "group_base_dn": cfg.GroupBaseDN, + "user_filter": cfg.UserFilter, + "group_filter": cfg.GroupFilter, + "user_objectclass": cfg.UserObjectClass, + "group_objectclass": cfg.GroupObjectClass, + "login_attributes": cfg.LoginAttributes, + "idp": cfg.IDP, + "user_schema": map[string]interface{}{ + "id": cfg.UserSchema.ID, + "idIsOctetString": cfg.UserSchema.IDIsOctetString, + "mail": cfg.UserSchema.Mail, + "displayName": cfg.UserSchema.DisplayName, + "userName": cfg.UserSchema.Username, + }, + "group_schema": map[string]interface{}{ + "id": cfg.GroupSchema.ID, + "idIsOctetString": cfg.GroupSchema.IDIsOctetString, + "mail": cfg.GroupSchema.Mail, + "displayName": cfg.GroupSchema.DisplayName, + "groupName": cfg.GroupSchema.Groupname, + "member": cfg.GroupSchema.Member, + }, + } +} diff --git a/extensions/auth-basic/pkg/config/config.go b/extensions/auth-basic/pkg/config/config.go new file mode 100644 index 0000000000..7615b305a4 --- /dev/null +++ b/extensions/auth-basic/pkg/config/config.go @@ -0,0 +1,101 @@ +package config + +import "github.com/owncloud/ocis/ocis-pkg/shared" + +type Config struct { + *shared.Commons `yaml:"-"` + Tracing *TracingConfig `yaml:"tracing"` + Logging *LoggingConfig `yaml:"log"` + Service ServiceConfig + DebugService DebugServiceConfig `yaml:"debug"` + Supervised bool +} +type TracingConfig struct { + Enabled bool + Endpoint string + Collector string + ServiceName string + Type string +} + +type LoggingConfig struct { + Level string + Pretty bool + Color bool + File string +} + +type ServiceConfig struct { + JWTSecret string + GatewayEndpoint string + SkipUserGroupsInToken bool + Network string // TODO: name transport or protocol? + Address string + AuthManager string + AuthManagers AuthManagers +} + +type DebugServiceConfig struct { + Address string + Pprof bool + Zpages bool + Token string +} + +type AuthManagers struct { + JSON JSONManager + LDAP LDAPManager + OwnCloudSQL OwnCloudSQLManager +} + +type JSONManager struct { + Users string // TODO is there a better name? +} + +type LDAPManager struct { + URI string + CACert string + Insecure bool + BindDN string + BindPassword string + UserBaseDN string + GroupBaseDN string + UserFilter string + GroupFilter string + UserObjectClass string + GroupObjectClass string + LoginAttributes []string + IDP string // TODO what is this for? + GatewayEndpoint string // TODO do we need this here? + UserSchema LDAPUserSchema + GroupSchema LDAPGroupSchema +} + +type LDAPUserSchema struct { + ID string + IDIsOctetString bool + Mail string + DisplayName string + Username string +} + +type LDAPGroupSchema struct { + ID string + IDIsOctetString bool + Mail string + DisplayName string + Groupname string + Member string +} + +type OwnCloudSQLManager struct { + DBUsername string + DBPassword string + DBHost string + DBPort int + DBName string + IDP string // TODO do we need this? + Nobody int64 // TODO what is this? + JoinUsername bool + JoinOwnCloudUUID bool +} diff --git a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go new file mode 100644 index 0000000000..a6298c3afc --- /dev/null +++ b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go @@ -0,0 +1,83 @@ +package defaults + +import ( + "path/filepath" + + "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" + "github.com/owncloud/ocis/ocis-pkg/config/defaults" +) + +func FullDefaultConfig() *config.Config { + cfg := DefaultConfig() + + EnsureDefaults(cfg) + + return cfg +} + +func DefaultConfig() *config.Config { + return &config.Config{ + Service: config.ServiceConfig{ + Network: "tcp", + Address: "127.0.0.1:9146", + GatewayEndpoint: "127.0.0.1:9142", + JWTSecret: "Pive-Fumkiu4", + AuthManager: "ldap", + AuthManagers: config.AuthManagers{ + LDAP: config.LDAPManager{ + URI: "ldaps:localhost:9126", + CACert: filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"), + Insecure: false, + UserBaseDN: "dc=ocis,dc=test", + GroupBaseDN: "dc=ocis,dc=test", + LoginAttributes: []string{"cn", "mail"}, + UserFilter: "", + GroupFilter: "", + UserObjectClass: "posixAccount", + GroupObjectClass: "posixGroup", + BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test", + BindPassword: "reva", + IDP: "https://localhost:9200", + UserSchema: config.LDAPUserSchema{ + ID: "ownclouduuid", + Mail: "mail", + DisplayName: "displayname", + Username: "cn", + }, + GroupSchema: config.LDAPGroupSchema{ + ID: "cn", + Mail: "mail", + DisplayName: "cn", + Groupname: "cn", + Member: "cn", + }, + }, + }, + }, + } +} + +func EnsureDefaults(cfg *config.Config) { + // provide with defaults for shared logging, since we need a valid destination address for BindEnv. + if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil { + cfg.Logging = &config.LoggingConfig{ + Level: cfg.Commons.Log.Level, + Pretty: cfg.Commons.Log.Pretty, + Color: cfg.Commons.Log.Color, + File: cfg.Commons.Log.File, + } + } else if cfg.Logging == nil { + cfg.Logging = &config.LoggingConfig{} + } + // provide with defaults for shared tracing, since we need a valid destination address for BindEnv. + if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil { + cfg.Tracing = &config.TracingConfig{ + Enabled: cfg.Commons.Tracing.Enabled, + Type: cfg.Commons.Tracing.Type, + Endpoint: cfg.Commons.Tracing.Endpoint, + Collector: cfg.Commons.Tracing.Collector, + } + } else if cfg.Tracing == nil { + cfg.Tracing = &config.TracingConfig{} + } +} diff --git a/extensions/storage/pkg/command/authbasic.go b/extensions/storage/pkg/command/authbasic.go deleted file mode 100644 index 7b6d9be99f..0000000000 --- a/extensions/storage/pkg/command/authbasic.go +++ /dev/null @@ -1,176 +0,0 @@ -package command - -import ( - "context" - "flag" - "os" - "path" - "path/filepath" - - "github.com/cs3org/reva/v2/cmd/revad/runtime" - "github.com/gofrs/uuid" - "github.com/oklog/run" - "github.com/owncloud/ocis/extensions/storage/pkg/config" - "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" - "github.com/owncloud/ocis/extensions/storage/pkg/tracing" - ociscfg "github.com/owncloud/ocis/ocis-pkg/config" - "github.com/owncloud/ocis/ocis-pkg/sync" - "github.com/thejerf/suture/v4" - "github.com/urfave/cli/v2" -) - -// AuthBasic is the entrypoint for the auth-basic command. -func AuthBasic(cfg *config.Config) *cli.Command { - return &cli.Command{ - Name: "auth-basic", - Usage: "start authprovider for basic auth", - Before: func(c *cli.Context) error { - return ParseConfig(c, cfg, "storage-auth-basic") - }, - Action: func(c *cli.Context) error { - logger := NewLogger(cfg) - tracing.Configure(cfg, logger) - gr := run.Group{} - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // pre-create folders - if cfg.Reva.AuthProvider.Driver == "json" && cfg.Reva.AuthProvider.JSON != "" { - if err := os.MkdirAll(filepath.Dir(cfg.Reva.AuthProvider.JSON), os.FileMode(0700)); err != nil { - return err - } - } - - uuid := uuid.Must(uuid.NewV4()) - pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid") - - rcfg := authBasicConfigFromStruct(c, cfg) - logger.Debug(). - Str("server", "authbasic"). - Interface("reva-config", rcfg). - Msg("config") - - if cfg.Reva.AuthProvider.Driver == "ldap" { - if err := waitForLDAPCA(logger, &cfg.Reva.LDAP); err != nil { - logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist") - return err - } - } - - gr.Add(func() error { - runtime.RunWithOptions(rcfg, pidFile, runtime.WithLogger(&logger.Logger)) - return nil - }, func(_ error) { - logger.Info(). - Str("server", c.Command.Name). - Msg("Shutting down server") - - cancel() - }) - - debugServer, err := debug.Server( - debug.Name(c.Command.Name+"-debug"), - debug.Addr(cfg.Reva.AuthBasic.DebugAddr), - debug.Logger(logger), - debug.Context(ctx), - debug.Config(cfg), - ) - - if err != nil { - logger.Info().Err(err).Str("server", "debug").Msg("Failed to initialize server") - return err - } - - gr.Add(debugServer.ListenAndServe, func(_ error) { - cancel() - }) - - if !cfg.Reva.AuthBasic.Supervised { - sync.Trap(&gr, cancel) - } - - return gr.Run() - }, - } -} - -// authBasicConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service. -func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} { - rcfg := map[string]interface{}{ - "core": map[string]interface{}{ - "max_cpus": cfg.Reva.AuthBasic.MaxCPUs, - "tracing_enabled": cfg.Tracing.Enabled, - "tracing_endpoint": cfg.Tracing.Endpoint, - "tracing_collector": cfg.Tracing.Collector, - "tracing_service_name": c.Command.Name, - }, - "shared": map[string]interface{}{ - "jwt_secret": cfg.Reva.JWTSecret, - "gatewaysvc": cfg.Reva.Gateway.Endpoint, - "skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken, - }, - "grpc": map[string]interface{}{ - "network": cfg.Reva.AuthBasic.GRPCNetwork, - "address": cfg.Reva.AuthBasic.GRPCAddr, - // TODO build services dynamically - "services": map[string]interface{}{ - "authprovider": map[string]interface{}{ - "auth_manager": cfg.Reva.AuthProvider.Driver, - "auth_managers": map[string]interface{}{ - "json": map[string]interface{}{ - "users": cfg.Reva.AuthProvider.JSON, - }, - "ldap": ldapConfigFromString(cfg), - "owncloudsql": map[string]interface{}{ - "dbusername": cfg.Reva.UserOwnCloudSQL.DBUsername, - "dbpassword": cfg.Reva.UserOwnCloudSQL.DBPassword, - "dbhost": cfg.Reva.UserOwnCloudSQL.DBHost, - "dbport": cfg.Reva.UserOwnCloudSQL.DBPort, - "dbname": cfg.Reva.UserOwnCloudSQL.DBName, - "idp": cfg.Reva.UserOwnCloudSQL.Idp, - "nobody": cfg.Reva.UserOwnCloudSQL.Nobody, - "join_username": cfg.Reva.UserOwnCloudSQL.JoinUsername, - "join_ownclouduuid": cfg.Reva.UserOwnCloudSQL.JoinOwnCloudUUID, - }, - }, - }, - }, - }, - } - return rcfg -} - -// AuthBasicSutureService allows for the storage-authbasic command to be embedded and supervised by a suture supervisor tree. -type AuthBasicSutureService struct { - cfg *config.Config -} - -// NewAuthBasicSutureService creates a new store.AuthBasicSutureService -func NewAuthBasic(cfg *ociscfg.Config) suture.Service { - cfg.Storage.Commons = cfg.Commons - return AuthBasicSutureService{ - cfg: cfg.Storage, - } -} - -func (s AuthBasicSutureService) Serve(ctx context.Context) error { - s.cfg.Reva.AuthBasic.Context = ctx - f := &flag.FlagSet{} - cmdFlags := AuthBasic(s.cfg).Flags - for k := range cmdFlags { - if err := cmdFlags[k].Apply(f); err != nil { - return err - } - } - cliCtx := cli.NewContext(nil, f, nil) - if AuthBasic(s.cfg).Before != nil { - if err := AuthBasic(s.cfg).Before(cliCtx); err != nil { - return err - } - } - if err := AuthBasic(s.cfg).Action(cliCtx); err != nil { - return err - } - - return nil -} diff --git a/extensions/storage/pkg/command/root.go b/extensions/storage/pkg/command/root.go index 8493f125c6..225296f864 100644 --- a/extensions/storage/pkg/command/root.go +++ b/extensions/storage/pkg/command/root.go @@ -17,7 +17,7 @@ func GetCommands(cfg *config.Config) cli.Commands { Users(cfg), Groups(cfg), AppProvider(cfg), - AuthBasic(cfg), + // AuthBasic(cfg), AuthBearer(cfg), AuthMachine(cfg), Sharing(cfg), diff --git a/extensions/storage/pkg/server/debug/option.go b/extensions/storage/pkg/server/debug/option.go index 4cafd4120c..8e84764913 100644 --- a/extensions/storage/pkg/server/debug/option.go +++ b/extensions/storage/pkg/server/debug/option.go @@ -17,6 +17,9 @@ type Options struct { Logger log.Logger Context context.Context Config *config.Config + Pprof bool + Zpages bool + Token string } // newOptions initializes the available default options. @@ -64,3 +67,24 @@ func Config(val *config.Config) Option { o.Config = val } } + +// Pprof provides a function to set the pprof option. +func Pprof(val bool) Option { + return func(o *Options) { + o.Pprof = val + } +} + +// Zpages provides a function to set the zpages option. +func Zpages(val bool) Option { + return func(o *Options) { + o.Zpages = val + } +} + +// Token provides a function to set the token option. +func Token(val string) Option { + return func(o *Options) { + o.Token = val + } +} diff --git a/extensions/storage/pkg/server/debug/server.go b/extensions/storage/pkg/server/debug/server.go index 8b27597919..0038e858e8 100644 --- a/extensions/storage/pkg/server/debug/server.go +++ b/extensions/storage/pkg/server/debug/server.go @@ -18,9 +18,9 @@ func Server(opts ...Option) (*http.Server, error) { debug.Name(options.Name), debug.Version(version.String), debug.Address(options.Addr), - debug.Token(options.Config.Debug.Token), - debug.Pprof(options.Config.Debug.Pprof), - debug.Zpages(options.Config.Debug.Zpages), + debug.Token(options.Token), + debug.Pprof(options.Pprof), + debug.Zpages(options.Zpages), debug.Health(health(options.Config)), debug.Ready(ready(options.Config)), ), nil diff --git a/extensions/storage/pkg/tracing/tracing.go b/extensions/storage/pkg/tracing/tracing.go index c952d5df52..acb788e21c 100644 --- a/extensions/storage/pkg/tracing/tracing.go +++ b/extensions/storage/pkg/tracing/tracing.go @@ -9,25 +9,25 @@ import ( // to Reva services. func Configure(cfg *config.Config, logger log.Logger) { if cfg.Tracing.Enabled { - switch t := cfg.Tracing.Type; t { + switch cfg.Tracing.Type { case "agent": logger.Error(). - Str("type", t). + Str("type", cfg.Tracing.Type). Msg("Reva only supports the jaeger tracing backend") case "jaeger": logger.Info(). - Str("type", t). + Str("type", cfg.Tracing.Type). Msg("configuring storage to use the jaeger tracing backend") case "zipkin": logger.Error(). - Str("type", t). + Str("type", cfg.Tracing.Type). Msg("Reva only supports the jaeger tracing backend") default: logger.Warn(). - Str("type", t). + Str("type", cfg.Tracing.Type). Msg("Unknown tracing backend") } diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index f7c71952ec..add36e4021 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -5,6 +5,7 @@ import ( accounts "github.com/owncloud/ocis/extensions/accounts/pkg/config" audit "github.com/owncloud/ocis/extensions/audit/pkg/config" + authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" glauth "github.com/owncloud/ocis/extensions/glauth/pkg/config" graphExplorer "github.com/owncloud/ocis/extensions/graph-explorer/pkg/config" graph "github.com/owncloud/ocis/extensions/graph/pkg/config" @@ -73,6 +74,7 @@ type Config struct { Proxy *proxy.Config `yaml:"proxy"` Settings *settings.Config `yaml:"settings"` Storage *storage.Config `yaml:"storage"` + AuthBasic *authbasic.Config `yaml:"auth_basic"` Store *store.Config `yaml:"store"` Thumbnails *thumbnails.Config `yaml:"thumbnails"` WebDAV *webdav.Config `yaml:"webdav"` diff --git a/ocis-pkg/config/defaultconfig.go b/ocis-pkg/config/defaultconfig.go index bc94a224ce..afd396835e 100644 --- a/ocis-pkg/config/defaultconfig.go +++ b/ocis-pkg/config/defaultconfig.go @@ -3,6 +3,7 @@ package config import ( accounts "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults" audit "github.com/owncloud/ocis/extensions/audit/pkg/config/defaults" + authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/config/defaults" glauth "github.com/owncloud/ocis/extensions/glauth/pkg/config/defaults" graphExplorer "github.com/owncloud/ocis/extensions/graph-explorer/pkg/config/defaults" graph "github.com/owncloud/ocis/extensions/graph/pkg/config/defaults" @@ -46,5 +47,6 @@ func DefaultConfig() *Config { Thumbnails: thumbnails.DefaultConfig(), WebDAV: webdav.DefaultConfig(), Storage: storage.DefaultConfig(), + AuthBasic: authbasic.FullDefaultConfig(), } } diff --git a/ocis-pkg/ldap/ldap.go b/ocis-pkg/ldap/ldap.go new file mode 100644 index 0000000000..d9e83a7ee9 --- /dev/null +++ b/ocis-pkg/ldap/ldap.go @@ -0,0 +1,25 @@ +package ldap + +import ( + "errors" + "os" + "time" + + "github.com/owncloud/ocis/ocis-pkg/log" +) + +const _caTimeout = 5 + +func WaitForCA(log log.Logger, insecure bool, caCert string) error { + if !insecure && caCert != "" { + if _, err := os.Stat(caCert); errors.Is(err, os.ErrNotExist) { + log.Warn().Str("LDAP CACert", caCert).Msgf("File does not exist. Waiting %d seconds for it to appear.", _caTimeout) + time.Sleep(_caTimeout * time.Second) + if _, err := os.Stat(caCert); errors.Is(err, os.ErrNotExist) { + log.Warn().Str("LDAP CACert", caCert).Msgf("File does still not exist after Timeout") + return err + } + } + } + return nil +} diff --git a/ocis-pkg/tracing/tracing.go b/ocis-pkg/tracing/tracing.go index 7d76e63524..15ed62101e 100644 --- a/ocis-pkg/tracing/tracing.go +++ b/ocis-pkg/tracing/tracing.go @@ -5,6 +5,7 @@ import ( "net/url" "strings" + "github.com/owncloud/ocis/ocis-pkg/log" "go.opentelemetry.io/otel/exporters/jaeger" "go.opentelemetry.io/otel/propagation" "go.opentelemetry.io/otel/sdk/resource" @@ -93,3 +94,35 @@ func parseAgentConfig(ae string) (string, string, error) { } return p[0], p[1], nil } + +// Configure for Reva serves only as informational / instructive log messages. Tracing config will be delegated directly +// to Reva services. +func Configure(enabled bool, tracingType string, logger log.Logger) { + if enabled { + switch tracingType { + case "agent": + logger.Error(). + Str("type", tracingType). + Msg("Reva only supports the jaeger tracing backend") + + case "jaeger": + logger.Info(). + Str("type", tracingType). + Msg("configuring storage to use the jaeger tracing backend") + + case "zipkin": + logger.Error(). + Str("type", tracingType). + Msg("Reva only supports the jaeger tracing backend") + + default: + logger.Warn(). + Str("type", tracingType). + Msg("Unknown tracing backend") + } + + } else { + logger.Debug(). + Msg("Tracing is not enabled") + } +} diff --git a/ocis/pkg/command/storageauthbasic.go b/ocis/pkg/command/storageauthbasic.go index 5059fd1e0a..90ea8083cd 100644 --- a/ocis/pkg/command/storageauthbasic.go +++ b/ocis/pkg/command/storageauthbasic.go @@ -1,7 +1,7 @@ package command import ( - "github.com/owncloud/ocis/extensions/storage/pkg/command" + "github.com/owncloud/ocis/extensions/auth-basic/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis/pkg/register" "github.com/urfave/cli/v2" @@ -18,7 +18,7 @@ func StorageAuthBasicCommand(cfg *config.Config) *cli.Command { return ParseStorageCommon(ctx, cfg) }, Action: func(c *cli.Context) error { - origCmd := command.AuthBasic(cfg.Storage) + origCmd := command.AuthBasic(cfg.AuthBasic) return handleOriginalAction(c, origCmd) }, } diff --git a/ocis/pkg/runtime/service/service.go b/ocis/pkg/runtime/service/service.go index 5ea8027d34..5c70dcb090 100644 --- a/ocis/pkg/runtime/service/service.go +++ b/ocis/pkg/runtime/service/service.go @@ -20,6 +20,7 @@ import ( "github.com/olekukonko/tablewriter" accounts "github.com/owncloud/ocis/extensions/accounts/pkg/command" + authbasic "github.com/owncloud/ocis/extensions/auth-basic/pkg/command" glauth "github.com/owncloud/ocis/extensions/glauth/pkg/command" graphExplorer "github.com/owncloud/ocis/extensions/graph-explorer/pkg/command" graph "github.com/owncloud/ocis/extensions/graph/pkg/command" @@ -35,7 +36,6 @@ import ( thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/command" web "github.com/owncloud/ocis/extensions/web/pkg/command" webdav "github.com/owncloud/ocis/extensions/webdav/pkg/command" - "github.com/owncloud/ocis/ocis-pkg/config" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" "github.com/rs/zerolog" @@ -112,7 +112,7 @@ func NewService(options ...Option) (*Service, error) { s.ServicesRegistry["storage-gateway"] = storage.NewGateway s.ServicesRegistry["storage-userprovider"] = storage.NewUserProvider s.ServicesRegistry["storage-groupprovider"] = storage.NewGroupProvider - s.ServicesRegistry["storage-authbasic"] = storage.NewAuthBasic + s.ServicesRegistry["storage-authbasic"] = authbasic.NewAuthBasic s.ServicesRegistry["storage-authbearer"] = storage.NewAuthBearer s.ServicesRegistry["storage-authmachine"] = storage.NewAuthMachine s.ServicesRegistry["storage-users"] = storage.NewStorageUsers @@ -241,7 +241,7 @@ func scheduleServiceTokens(s *Service, funcSet serviceFuncMap) { // generateRunSet interprets the cfg.Runtime.Extensions config option to cherry-pick which services to start using // the runtime. -func (s *Service) generateRunSet(cfg *config.Config) { +func (s *Service) generateRunSet(cfg *ociscfg.Config) { if cfg.Runtime.Extensions != "" { e := strings.Split(strings.ReplaceAll(cfg.Runtime.Extensions, " ", ""), ",") for i := range e {