remove auth basic command to improve config code

2026-04-24 13:08:26 -05:00 · 2022-04-19 15:07:11 +02:00
parent 634d557279
commit 57e4e70888
14 changed files with 505 additions and 190 deletions
@@ -0,0 +1,221 @@
+package command
+
+import (
+	"context"
+	"flag"
+	"os"
+	"path"
+	"path/filepath"
+
+	"github.com/cs3org/reva/v2/cmd/revad/runtime"
+	"github.com/gofrs/uuid"
+	"github.com/oklog/run"
+	"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
+	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
+	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/ldap"
+	"github.com/owncloud/ocis/ocis-pkg/log"
+	"github.com/owncloud/ocis/ocis-pkg/sync"
+	"github.com/owncloud/ocis/ocis-pkg/tracing"
+	"github.com/thejerf/suture/v4"
+	"github.com/urfave/cli/v2"
+)
+
+// Command is the entrypoint for the auth-basic command.
+func AuthBasic(cfg *config.Config) *cli.Command {
+	return &cli.Command{
+		Name:  "auth-basic",
+		Usage: "start authprovider for basic auth",
+		// Before: func(c *cli.Context) error {
+		// 	return ParseConfig(c, cfg, "storage-auth-basic")
+		// },
+		Action: func(c *cli.Context) error {
+			logCfg := cfg.Logging
+			logger := log.NewLogger(
+				log.Level(logCfg.Level),
+				log.File(logCfg.File),
+				log.Pretty(logCfg.Pretty),
+				log.Color(logCfg.Color),
+			)
+			tracing.Configure(cfg.Tracing.Enabled, cfg.Tracing.Type, logger)
+			gr := run.Group{}
+			ctx, cancel := context.WithCancel(context.Background())
+			defer cancel()
+
+			// pre-create folders
+			if cfg.Service.AuthManager == "json" && cfg.Service.AuthManagers.JSON.Users != "" {
+				if err := os.MkdirAll(filepath.Dir(cfg.Service.AuthManagers.JSON.Users), os.FileMode(0700)); err != nil {
+					return err
+				}
+			}
+
+			uuid := uuid.Must(uuid.NewV4())
+
+			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
+
+			rcfg := authBasicConfigFromStruct(c, cfg)
+			logger.Debug().
+				Str("server", "authbasic").
+				Interface("reva-config", rcfg).
+				Msg("config")
+
+			if cfg.Service.AuthManager == "ldap" {
+				ldapCfg := cfg.Service.AuthManagers.LDAP
+				if err := ldap.WaitForCA(logger, ldapCfg.Insecure, ldapCfg.CACert); err != nil {
+					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
+					return err
+				}
+			}
+
+			gr.Add(func() error {
+				runtime.RunWithOptions(rcfg, pidFile, runtime.WithLogger(&logger.Logger))
+				return nil
+			}, func(_ error) {
+				logger.Info().
+					Str("server", c.Command.Name).
+					Msg("Shutting down server")
+
+				cancel()
+			})
+
+			debugServer, err := debug.Server(
+				debug.Name(c.Command.Name+"-debug"),
+				debug.Addr(cfg.DebugService.Address),
+				debug.Logger(logger),
+				debug.Context(ctx),
+				debug.Pprof(cfg.DebugService.Pprof),
+				debug.Zpages(cfg.DebugService.Zpages),
+				debug.Token(cfg.DebugService.Token),
+			)
+
+			if err != nil {
+				logger.Info().Err(err).Str("server", "debug").Msg("Failed to initialize server")
+				return err
+			}
+
+			gr.Add(debugServer.ListenAndServe, func(_ error) {
+				cancel()
+			})
+
+			if !cfg.Supervised {
+				sync.Trap(&gr, cancel)
+			}
+
+			return gr.Run()
+		},
+	}
+}
+
+// authBasicConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
+func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
+	rcfg := map[string]interface{}{
+		"core": map[string]interface{}{
+			// "max_cpus":             cfg.Reva.AuthBasic.MaxCPUs, <-- Default is use all CPUs so remove this.
+			"tracing_enabled":      cfg.Tracing.Enabled,
+			"tracing_endpoint":     cfg.Tracing.Endpoint,
+			"tracing_collector":    cfg.Tracing.Collector,
+			"tracing_service_name": c.Command.Name,
+		},
+		"shared": map[string]interface{}{
+			"jwt_secret":                cfg.Service.JWTSecret,
+			"gatewaysvc":                cfg.Service.GatewayEndpoint,
+			"skip_user_groups_in_token": cfg.Service.SkipUserGroupsInToken,
+		},
+		"grpc": map[string]interface{}{
+			"network": cfg.Service.Network,
+			"address": cfg.Service.Address,
+			// TODO build services dynamically
+			"services": map[string]interface{}{
+				"authprovider": map[string]interface{}{
+					"auth_manager": cfg.Service.AuthManager,
+					"auth_managers": map[string]interface{}{
+						"json": map[string]interface{}{
+							"users": cfg.Service.AuthManagers.JSON.Users, // TODO rename config option
+						},
+						"ldap": ldapConfigFromString(cfg.Service.AuthManagers.LDAP),
+						"owncloudsql": map[string]interface{}{
+							"dbusername":        cfg.Service.AuthManagers.OwnCloudSQL.DBUsername,
+							"dbpassword":        cfg.Service.AuthManagers.OwnCloudSQL.DBPassword,
+							"dbhost":            cfg.Service.AuthManagers.OwnCloudSQL.DBHost,
+							"dbport":            cfg.Service.AuthManagers.OwnCloudSQL.DBPort,
+							"dbname":            cfg.Service.AuthManagers.OwnCloudSQL.DBName,
+							"idp":               cfg.Service.AuthManagers.OwnCloudSQL.IDP,
+							"nobody":            cfg.Service.AuthManagers.OwnCloudSQL.Nobody,
+							"join_username":     cfg.Service.AuthManagers.OwnCloudSQL.JoinUsername,
+							"join_ownclouduuid": cfg.Service.AuthManagers.OwnCloudSQL.JoinOwnCloudUUID,
+						},
+					},
+				},
+			},
+		},
+	}
+	return rcfg
+}
+
+// AuthBasicSutureService allows for the storage-authbasic command to be embedded and supervised by a suture supervisor tree.
+type AuthBasicSutureService struct {
+	cfg *config.Config
+}
+
+// NewAuthBasicSutureService creates a new store.AuthBasicSutureService
+func NewAuthBasic(cfg *ociscfg.Config) suture.Service {
+	cfg.AuthBasic.Commons = cfg.Commons
+	return AuthBasicSutureService{
+		cfg: cfg.AuthBasic,
+	}
+}
+
+func (s AuthBasicSutureService) Serve(ctx context.Context) error {
+	// s.cfg.Reva.AuthBasic.Context = ctx
+	f := &flag.FlagSet{}
+	cmdFlags := AuthBasic(s.cfg).Flags
+	for k := range cmdFlags {
+		if err := cmdFlags[k].Apply(f); err != nil {
+			return err
+		}
+	}
+	cliCtx := cli.NewContext(nil, f, nil)
+	if AuthBasic(s.cfg).Before != nil {
+		if err := AuthBasic(s.cfg).Before(cliCtx); err != nil {
+			return err
+		}
+	}
+	if err := AuthBasic(s.cfg).Action(cliCtx); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func ldapConfigFromString(cfg config.LDAPManager) map[string]interface{} {
+	return map[string]interface{}{
+		"uri":               cfg.URI,
+		"cacert":            cfg.CACert,
+		"insecure":          cfg.Insecure,
+		"bind_username":     cfg.BindDN,
+		"bind_password":     cfg.BindPassword,
+		"user_base_dn":      cfg.UserBaseDN,
+		"group_base_dn":     cfg.GroupBaseDN,
+		"user_filter":       cfg.UserFilter,
+		"group_filter":      cfg.GroupFilter,
+		"user_objectclass":  cfg.UserObjectClass,
+		"group_objectclass": cfg.GroupObjectClass,
+		"login_attributes":  cfg.LoginAttributes,
+		"idp":               cfg.IDP,
+		"user_schema": map[string]interface{}{
+			"id":              cfg.UserSchema.ID,
+			"idIsOctetString": cfg.UserSchema.IDIsOctetString,
+			"mail":            cfg.UserSchema.Mail,
+			"displayName":     cfg.UserSchema.DisplayName,
+			"userName":        cfg.UserSchema.Username,
+		},
+		"group_schema": map[string]interface{}{
+			"id":              cfg.GroupSchema.ID,
+			"idIsOctetString": cfg.GroupSchema.IDIsOctetString,
+			"mail":            cfg.GroupSchema.Mail,
+			"displayName":     cfg.GroupSchema.DisplayName,
+			"groupName":       cfg.GroupSchema.Groupname,
+			"member":          cfg.GroupSchema.Member,
+		},
+	}
+}
@@ -0,0 +1,101 @@
+package config
+
+import "github.com/owncloud/ocis/ocis-pkg/shared"
+
+type Config struct {
+	*shared.Commons `yaml:"-"`
+	Tracing         *TracingConfig `yaml:"tracing"`
+	Logging         *LoggingConfig `yaml:"log"`
+	Service         ServiceConfig
+	DebugService    DebugServiceConfig `yaml:"debug"`
+	Supervised      bool
+}
+type TracingConfig struct {
+	Enabled     bool
+	Endpoint    string
+	Collector   string
+	ServiceName string
+	Type        string
+}
+
+type LoggingConfig struct {
+	Level  string
+	Pretty bool
+	Color  bool
+	File   string
+}
+
+type ServiceConfig struct {
+	JWTSecret             string
+	GatewayEndpoint       string
+	SkipUserGroupsInToken bool
+	Network               string // TODO: name transport or protocol?
+	Address               string
+	AuthManager           string
+	AuthManagers          AuthManagers
+}
+
+type DebugServiceConfig struct {
+	Address string
+	Pprof   bool
+	Zpages  bool
+	Token   string
+}
+
+type AuthManagers struct {
+	JSON        JSONManager
+	LDAP        LDAPManager
+	OwnCloudSQL OwnCloudSQLManager
+}
+
+type JSONManager struct {
+	Users string // TODO is there a better name?
+}
+
+type LDAPManager struct {
+	URI              string
+	CACert           string
+	Insecure         bool
+	BindDN           string
+	BindPassword     string
+	UserBaseDN       string
+	GroupBaseDN      string
+	UserFilter       string
+	GroupFilter      string
+	UserObjectClass  string
+	GroupObjectClass string
+	LoginAttributes  []string
+	IDP              string // TODO what is this for?
+	GatewayEndpoint  string // TODO do we need this here?
+	UserSchema       LDAPUserSchema
+	GroupSchema      LDAPGroupSchema
+}
+
+type LDAPUserSchema struct {
+	ID              string
+	IDIsOctetString bool
+	Mail            string
+	DisplayName     string
+	Username        string
+}
+
+type LDAPGroupSchema struct {
+	ID              string
+	IDIsOctetString bool
+	Mail            string
+	DisplayName     string
+	Groupname       string
+	Member          string
+}
+
+type OwnCloudSQLManager struct {
+	DBUsername       string
+	DBPassword       string
+	DBHost           string
+	DBPort           int
+	DBName           string
+	IDP              string // TODO do we need this?
+	Nobody           int64  // TODO what is this?
+	JoinUsername     bool
+	JoinOwnCloudUUID bool
+}
@@ -0,0 +1,83 @@
+package defaults
+
+import (
+	"path/filepath"
+
+	"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
+	"github.com/owncloud/ocis/ocis-pkg/config/defaults"
+)
+
+func FullDefaultConfig() *config.Config {
+	cfg := DefaultConfig()
+
+	EnsureDefaults(cfg)
+
+	return cfg
+}
+
+func DefaultConfig() *config.Config {
+	return &config.Config{
+		Service: config.ServiceConfig{
+			Network:         "tcp",
+			Address:         "127.0.0.1:9146",
+			GatewayEndpoint: "127.0.0.1:9142",
+			JWTSecret:       "Pive-Fumkiu4",
+			AuthManager:     "ldap",
+			AuthManagers: config.AuthManagers{
+				LDAP: config.LDAPManager{
+					URI:              "ldaps:localhost:9126",
+					CACert:           filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
+					Insecure:         false,
+					UserBaseDN:       "dc=ocis,dc=test",
+					GroupBaseDN:      "dc=ocis,dc=test",
+					LoginAttributes:  []string{"cn", "mail"},
+					UserFilter:       "",
+					GroupFilter:      "",
+					UserObjectClass:  "posixAccount",
+					GroupObjectClass: "posixGroup",
+					BindDN:           "cn=reva,ou=sysusers,dc=ocis,dc=test",
+					BindPassword:     "reva",
+					IDP:              "https://localhost:9200",
+					UserSchema: config.LDAPUserSchema{
+						ID:          "ownclouduuid",
+						Mail:        "mail",
+						DisplayName: "displayname",
+						Username:    "cn",
+					},
+					GroupSchema: config.LDAPGroupSchema{
+						ID:          "cn",
+						Mail:        "mail",
+						DisplayName: "cn",
+						Groupname:   "cn",
+						Member:      "cn",
+					},
+				},
+			},
+		},
+	}
+}
+
+func EnsureDefaults(cfg *config.Config) {
+	// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
+	if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
+		cfg.Logging = &config.LoggingConfig{
+			Level:  cfg.Commons.Log.Level,
+			Pretty: cfg.Commons.Log.Pretty,
+			Color:  cfg.Commons.Log.Color,
+			File:   cfg.Commons.Log.File,
+		}
+	} else if cfg.Logging == nil {
+		cfg.Logging = &config.LoggingConfig{}
+	}
+	// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
+	if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
+		cfg.Tracing = &config.TracingConfig{
+			Enabled:   cfg.Commons.Tracing.Enabled,
+			Type:      cfg.Commons.Tracing.Type,
+			Endpoint:  cfg.Commons.Tracing.Endpoint,
+			Collector: cfg.Commons.Tracing.Collector,
+		}
+	} else if cfg.Tracing == nil {
+		cfg.Tracing = &config.TracingConfig{}
+	}
+}
@@ -1,176 +0,0 @@
-package command
-
-import (
-	"context"
-	"flag"
-	"os"
-	"path"
-	"path/filepath"
-
-	"github.com/cs3org/reva/v2/cmd/revad/runtime"
-	"github.com/gofrs/uuid"
-	"github.com/oklog/run"
-	"github.com/owncloud/ocis/extensions/storage/pkg/config"
-	"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
-	"github.com/owncloud/ocis/extensions/storage/pkg/tracing"
-	ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
-	"github.com/owncloud/ocis/ocis-pkg/sync"
-	"github.com/thejerf/suture/v4"
-	"github.com/urfave/cli/v2"
-)
-
-// AuthBasic is the entrypoint for the auth-basic command.
-func AuthBasic(cfg *config.Config) *cli.Command {
-	return &cli.Command{
-		Name:  "auth-basic",
-		Usage: "start authprovider for basic auth",
-		Before: func(c *cli.Context) error {
-			return ParseConfig(c, cfg, "storage-auth-basic")
-		},
-		Action: func(c *cli.Context) error {
-			logger := NewLogger(cfg)
-			tracing.Configure(cfg, logger)
-			gr := run.Group{}
-			ctx, cancel := context.WithCancel(context.Background())
-			defer cancel()
-
-			// pre-create folders
-			if cfg.Reva.AuthProvider.Driver == "json" && cfg.Reva.AuthProvider.JSON != "" {
-				if err := os.MkdirAll(filepath.Dir(cfg.Reva.AuthProvider.JSON), os.FileMode(0700)); err != nil {
-					return err
-				}
-			}
-
-			uuid := uuid.Must(uuid.NewV4())
-			pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
-
-			rcfg := authBasicConfigFromStruct(c, cfg)
-			logger.Debug().
-				Str("server", "authbasic").
-				Interface("reva-config", rcfg).
-				Msg("config")
-
-			if cfg.Reva.AuthProvider.Driver == "ldap" {
-				if err := waitForLDAPCA(logger, &cfg.Reva.LDAP); err != nil {
-					logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
-					return err
-				}
-			}
-
-			gr.Add(func() error {
-				runtime.RunWithOptions(rcfg, pidFile, runtime.WithLogger(&logger.Logger))
-				return nil
-			}, func(_ error) {
-				logger.Info().
-					Str("server", c.Command.Name).
-					Msg("Shutting down server")
-
-				cancel()
-			})
-
-			debugServer, err := debug.Server(
-				debug.Name(c.Command.Name+"-debug"),
-				debug.Addr(cfg.Reva.AuthBasic.DebugAddr),
-				debug.Logger(logger),
-				debug.Context(ctx),
-				debug.Config(cfg),
-			)
-
-			if err != nil {
-				logger.Info().Err(err).Str("server", "debug").Msg("Failed to initialize server")
-				return err
-			}
-
-			gr.Add(debugServer.ListenAndServe, func(_ error) {
-				cancel()
-			})
-
-			if !cfg.Reva.AuthBasic.Supervised {
-				sync.Trap(&gr, cancel)
-			}
-
-			return gr.Run()
-		},
-	}
-}
-
-// authBasicConfigFromStruct will adapt an oCIS config struct into a reva mapstructure to start a reva service.
-func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
-	rcfg := map[string]interface{}{
-		"core": map[string]interface{}{
-			"max_cpus":             cfg.Reva.AuthBasic.MaxCPUs,
-			"tracing_enabled":      cfg.Tracing.Enabled,
-			"tracing_endpoint":     cfg.Tracing.Endpoint,
-			"tracing_collector":    cfg.Tracing.Collector,
-			"tracing_service_name": c.Command.Name,
-		},
-		"shared": map[string]interface{}{
-			"jwt_secret":                cfg.Reva.JWTSecret,
-			"gatewaysvc":                cfg.Reva.Gateway.Endpoint,
-			"skip_user_groups_in_token": cfg.Reva.SkipUserGroupsInToken,
-		},
-		"grpc": map[string]interface{}{
-			"network": cfg.Reva.AuthBasic.GRPCNetwork,
-			"address": cfg.Reva.AuthBasic.GRPCAddr,
-			// TODO build services dynamically
-			"services": map[string]interface{}{
-				"authprovider": map[string]interface{}{
-					"auth_manager": cfg.Reva.AuthProvider.Driver,
-					"auth_managers": map[string]interface{}{
-						"json": map[string]interface{}{
-							"users": cfg.Reva.AuthProvider.JSON,
-						},
-						"ldap": ldapConfigFromString(cfg),
-						"owncloudsql": map[string]interface{}{
-							"dbusername":        cfg.Reva.UserOwnCloudSQL.DBUsername,
-							"dbpassword":        cfg.Reva.UserOwnCloudSQL.DBPassword,
-							"dbhost":            cfg.Reva.UserOwnCloudSQL.DBHost,
-							"dbport":            cfg.Reva.UserOwnCloudSQL.DBPort,
-							"dbname":            cfg.Reva.UserOwnCloudSQL.DBName,
-							"idp":               cfg.Reva.UserOwnCloudSQL.Idp,
-							"nobody":            cfg.Reva.UserOwnCloudSQL.Nobody,
-							"join_username":     cfg.Reva.UserOwnCloudSQL.JoinUsername,
-							"join_ownclouduuid": cfg.Reva.UserOwnCloudSQL.JoinOwnCloudUUID,
-						},
-					},
-				},
-			},
-		},
-	}
-	return rcfg
-}
-
-// AuthBasicSutureService allows for the storage-authbasic command to be embedded and supervised by a suture supervisor tree.
-type AuthBasicSutureService struct {
-	cfg *config.Config
-}
-
-// NewAuthBasicSutureService creates a new store.AuthBasicSutureService
-func NewAuthBasic(cfg *ociscfg.Config) suture.Service {
-	cfg.Storage.Commons = cfg.Commons
-	return AuthBasicSutureService{
-		cfg: cfg.Storage,
-	}
-}
-
-func (s AuthBasicSutureService) Serve(ctx context.Context) error {
-	s.cfg.Reva.AuthBasic.Context = ctx
-	f := &flag.FlagSet{}
-	cmdFlags := AuthBasic(s.cfg).Flags
-	for k := range cmdFlags {
-		if err := cmdFlags[k].Apply(f); err != nil {
-			return err
-		}
-	}
-	cliCtx := cli.NewContext(nil, f, nil)
-	if AuthBasic(s.cfg).Before != nil {
-		if err := AuthBasic(s.cfg).Before(cliCtx); err != nil {
-			return err
-		}
-	}
-	if err := AuthBasic(s.cfg).Action(cliCtx); err != nil {
-		return err
-	}
-
-	return nil
-}
@@ -17,7 +17,7 @@ func GetCommands(cfg *config.Config) cli.Commands {
 		Users(cfg),
 		Groups(cfg),
 		AppProvider(cfg),
-		AuthBasic(cfg),
+		// AuthBasic(cfg),
 		AuthBearer(cfg),
 		AuthMachine(cfg),
 		Sharing(cfg),
@@ -17,6 +17,9 @@ type Options struct {
 	Logger  log.Logger
 	Context context.Context
 	Config  *config.Config
+	Pprof   bool
+	Zpages  bool
+	Token   string
 }

 // newOptions initializes the available default options.
@@ -64,3 +67,24 @@ func Config(val *config.Config) Option {
 		o.Config = val
 	}
 }
+
+// Pprof provides a function to set the pprof option.
+func Pprof(val bool) Option {
+	return func(o *Options) {
+		o.Pprof = val
+	}
+}
+
+// Zpages provides a function to set the zpages option.
+func Zpages(val bool) Option {
+	return func(o *Options) {
+		o.Zpages = val
+	}
+}
+
+// Token provides a function to set the token option.
+func Token(val string) Option {
+	return func(o *Options) {
+		o.Token = val
+	}
+}
@@ -18,9 +18,9 @@ func Server(opts ...Option) (*http.Server, error) {
 		debug.Name(options.Name),
 		debug.Version(version.String),
 		debug.Address(options.Addr),
-		debug.Token(options.Config.Debug.Token),
-		debug.Pprof(options.Config.Debug.Pprof),
-		debug.Zpages(options.Config.Debug.Zpages),
+		debug.Token(options.Token),
+		debug.Pprof(options.Pprof),
+		debug.Zpages(options.Zpages),
 		debug.Health(health(options.Config)),
 		debug.Ready(ready(options.Config)),
 	), nil
@@ -9,25 +9,25 @@ import (
 // to Reva services.
 func Configure(cfg *config.Config, logger log.Logger) {
 	if cfg.Tracing.Enabled {
-		switch t := cfg.Tracing.Type; t {
+		switch cfg.Tracing.Type {
 		case "agent":
 			logger.Error().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Reva only supports the jaeger tracing backend")

 		case "jaeger":
 			logger.Info().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("configuring storage to use the jaeger tracing backend")

 		case "zipkin":
 			logger.Error().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Reva only supports the jaeger tracing backend")

 		default:
 			logger.Warn().
-				Str("type", t).
+				Str("type", cfg.Tracing.Type).
 				Msg("Unknown tracing backend")
 		}