From 5b572b38529de047191d27c8389d0f605401d693 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 27 Apr 2022 15:46:17 +0200 Subject: [PATCH] initialize insecure options --- extensions/auth-bearer/pkg/config/config.go | 24 +++--- extensions/frontend/pkg/config/config.go | 96 ++++++++++----------- extensions/graph/pkg/config/config.go | 10 +-- ocis/pkg/command/init.go | 49 ++++++++++- 4 files changed, 111 insertions(+), 68 deletions(-) diff --git a/extensions/auth-bearer/pkg/config/config.go b/extensions/auth-bearer/pkg/config/config.go index 97fcd5ee6..644ae43fe 100644 --- a/extensions/auth-bearer/pkg/config/config.go +++ b/extensions/auth-bearer/pkg/config/config.go @@ -38,25 +38,25 @@ type Service struct { } type Debug struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_DEBUG_ADDR"` - Token string `yaml:"token" env:"AUTH_BEARER_DEBUG_TOKEN"` - Pprof bool `yaml:"pprof" env:"AUTH_BEARER_DEBUG_PPROF"` - Zpages bool `yaml:"zpages" env:"AUTH_BEARER_DEBUG_ZPAGES"` + Addr string `yaml:"addr,omitempty" env:"AUTH_BEARER_DEBUG_ADDR"` + Token string `yaml:"token,omitempty" env:"AUTH_BEARER_DEBUG_TOKEN"` + Pprof bool `yaml:"pprof,omitempty" env:"AUTH_BEARER_DEBUG_PPROF"` + Zpages bool `yaml:"zpages,omitempty" env:"AUTH_BEARER_DEBUG_ZPAGES"` } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The address of the grpc service."` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` + Addr string `yaml:"addr,omitempty" env:"AUTH_BEARER_GRPC_ADDR" desc:"The address of the grpc service."` + Protocol string `yaml:"protocol,omitempty" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` } type AuthProviders struct { - OIDC OIDCProvider `yaml:"oidc"` + OIDC OIDCProvider `yaml:"oidc,omitempty"` } type OIDCProvider struct { - Issuer string `yaml:"issuer" env:"OCIS_URL;AUTH_BEARER_OIDC_ISSUER"` - Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE"` - IDClaim string `yaml:"id_claim"` - UIDClaim string `yaml:"uid_claim"` - GIDClaim string `yaml:"gid_claim"` + Issuer string `yaml:"issuer,omitempty" env:"OCIS_URL;AUTH_BEARER_OIDC_ISSUER"` + Insecure bool `yaml:"insecure,omitempty" env:"OCIS_INSECURE;AUTH_BEARER_OIDC_INSECURE"` + IDClaim string `yaml:"id_claim,omitempty"` + UIDClaim string `yaml:"uid_claim,omitempty"` + GIDClaim string `yaml:"gid_claim,omitempty"` } diff --git a/extensions/frontend/pkg/config/config.go b/extensions/frontend/pkg/config/config.go index 5a4ba7354..8e183281f 100644 --- a/extensions/frontend/pkg/config/config.go +++ b/extensions/frontend/pkg/config/config.go @@ -5,51 +5,51 @@ import "github.com/owncloud/ocis/ocis-pkg/shared" type Config struct { *shared.Commons `yaml:"-"` Service Service `yaml:"-"` - Tracing *Tracing `yaml:"tracing"` - Logging *Logging `yaml:"log"` - Debug Debug `yaml:"debug"` - Supervised bool + Tracing *Tracing `yaml:"tracing,omitempty"` + Logging *Logging `yaml:"log,omitempty"` + Debug Debug `yaml:"debug,omitempty"` + Supervised bool `yaml:"-"` - HTTP HTTPConfig `yaml:"http"` + HTTP HTTPConfig `yaml:"http,omitempty"` // JWTSecret used to verify reva access token - TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` + TransferSecret string `yaml:"transfer_secret,omitempty" env:"STORAGE_TRANSFER_SECRET"` TokenManager *TokenManager `yaml:"token_manager,omitempty"` Reva *Reva `yaml:"reva,omitempty"` - SkipUserGroupsInToken bool + SkipUserGroupsInToken bool `yaml:"skip_users_groups_in_token,omitempty"` - EnableFavorites bool `yaml:"favorites"` - EnableProjectSpaces bool - UploadMaxChunkSize int `yaml:"upload_max_chunk_size"` - UploadHTTPMethodOverride string `yaml:"upload_http_method_override"` - DefaultUploadProtocol string `yaml:"default_upload_protocol"` + EnableFavorites bool `yaml:"favorites,omitempty"` + EnableProjectSpaces bool `yaml:"enable_project_spaces,omitempty"` + UploadMaxChunkSize int `yaml:"upload_max_chunk_size,omitempty"` + UploadHTTPMethodOverride string `yaml:"upload_http_method_override,omitempty"` + DefaultUploadProtocol string `yaml:"default_upload_protocol,omitempty"` - PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` + PublicURL string `yaml:"public_url,omitempty" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` - Archiver Archiver - AppProvider AppProvider - DataGateway DataGateway - OCS OCS - AuthMachine AuthMachine - Checksums Checksums + Archiver Archiver `yaml:"archiver,omitempty"` + AppProvider AppProvider `yaml:"app_provider,omitempty"` + DataGateway DataGateway `yaml:"data_gateway,omitempty"` + OCS OCS `yaml:"ocs,omitempty"` + AuthMachine AuthMachine `yaml:"auth_machine,omitempty"` + Checksums Checksums `yaml:"checksums,omitempty"` - Middleware Middleware + Middleware Middleware `yaml:"middleware,omitempty"` } type Tracing struct { - Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."` - Type string `yaml:"type" env:"OCIS_TRACING_TYPE;FRONTEND_TRACING_TYPE"` - Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;FRONTEND_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` - Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;FRONTEND_TRACING_COLLECTOR"` + Enabled bool `yaml:"enabled,omitempty" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."` + Type string `yaml:"type,omitempty" env:"OCIS_TRACING_TYPE;FRONTEND_TRACING_TYPE"` + Endpoint string `yaml:"endpoint,omitempty" env:"OCIS_TRACING_ENDPOINT;FRONTEND_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` + Collector string `yaml:"collector,omitempty" env:"OCIS_TRACING_COLLECTOR;FRONTEND_TRACING_COLLECTOR"` } type Logging struct { - Level string `yaml:"level" env:"OCIS_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level."` - Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;FRONTEND_LOG_PRETTY" desc:"Activates pretty log output."` - Color bool `yaml:"color" env:"OCIS_LOG_COLOR;FRONTEND_LOG_COLOR" desc:"Activates colorized log output."` - File string `yaml:"file" env:"OCIS_LOG_FILE;FRONTEND_LOG_FILE" desc:"The target log file."` + Level string `yaml:"level,omitempty" env:"OCIS_LOG_LEVEL;FRONTEND_LOG_LEVEL" desc:"The log level."` + Pretty bool `yaml:"pretty,omitempty" env:"OCIS_LOG_PRETTY;FRONTEND_LOG_PRETTY" desc:"Activates pretty log output."` + Color bool `yaml:"color,omitempty" env:"OCIS_LOG_COLOR;FRONTEND_LOG_COLOR" desc:"Activates colorized log output."` + File string `yaml:"file,omitempty" env:"OCIS_LOG_FILE;FRONTEND_LOG_FILE" desc:"The target log file."` } type Service struct { @@ -57,44 +57,44 @@ type Service struct { } type Debug struct { - Addr string `yaml:"addr" env:"FRONTEND_DEBUG_ADDR"` - Token string `yaml:"token" env:"FRONTEND_DEBUG_TOKEN"` - Pprof bool `yaml:"pprof" env:"FRONTEND_DEBUG_PPROF"` - Zpages bool `yaml:"zpages" env:"FRONTEND_DEBUG_ZPAGES"` + Addr string `yaml:"addr,omitempty" env:"FRONTEND_DEBUG_ADDR"` + Token string `yaml:"token,omitempty" env:"FRONTEND_DEBUG_TOKEN"` + Pprof bool `yaml:"pprof,omitempty" env:"FRONTEND_DEBUG_PPROF"` + Zpages bool `yaml:"zpages,omitempty" env:"FRONTEND_DEBUG_ZPAGES"` } type HTTPConfig struct { - Addr string `yaml:"addr" env:"FRONTEND_HTTP_ADDR" desc:"The address of the http service."` - Protocol string `yaml:"protocol" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."` - Prefix string `yaml:"prefix"` + Addr string `yaml:"addr,omitempty" env:"FRONTEND_HTTP_ADDR" desc:"The address of the http service."` + Protocol string `yaml:"protocol,omitempty" env:"FRONTEND_HTTP_PROTOCOL" desc:"The transport protocol of the http service."` + Prefix string `yaml:"prefix,omitempty"` } // Middleware configures reva middlewares. type Middleware struct { - Auth Auth `yaml:"auth"` + Auth Auth `yaml:"auth,omitempty"` } // Auth configures reva http auth middleware. type Auth struct { - CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agenr"` + CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent,omitempty"` } type Archiver struct { - MaxNumFiles int64 `yaml:"max_num_files"` - MaxSize int64 `yaml:"max_size"` - Prefix string - Insecure bool `env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"` + MaxNumFiles int64 `yaml:"max_num_files,omitempty"` + MaxSize int64 `yaml:"max_size,omitempty"` + Prefix string `yaml:"-"` + Insecure bool `yaml:"insecure,omitempty" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"` } type AppProvider struct { - ExternalAddr string `yaml:"external_addr"` - Driver string `yaml:"driver"` + ExternalAddr string `yaml:"external_addr,omitempty"` + Driver string `yaml:"driver,omitempty"` // WopiDriver WopiDriver `yaml:"wopi_driver"` - AppsURL string `yaml:"apps_url"` - OpenURL string `yaml:"open_url"` - NewURL string `yaml:"new_url"` - Prefix string - Insecure bool `env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"` + AppsURL string `yaml:"-"` + OpenURL string `yaml:"-"` + NewURL string `yaml:"-"` + Prefix string `yaml:"-"` + Insecure bool `yaml:"insecure,omitempty" env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"` } type DataGateway struct { diff --git a/extensions/graph/pkg/config/config.go b/extensions/graph/pkg/config/config.go index 174bcabd6..31133ad5c 100644 --- a/extensions/graph/pkg/config/config.go +++ b/extensions/graph/pkg/config/config.go @@ -29,11 +29,11 @@ type Config struct { } type Spaces struct { - WebDavBase string `yaml:"webdav_base" env:"OCIS_URL;GRAPH_SPACES_WEBDAV_BASE"` - WebDavPath string `yaml:"webdav_path" env:"GRAPH_SPACES_WEBDAV_PATH"` - DefaultQuota string `yaml:"default_quota" env:"GRAPH_SPACES_DEFAULT_QUOTA"` - Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;GRAPH_SPACES_INSECURE"` - ExtendedSpacePropertiesCacheTTL int `yaml:"extended_space_properties_cache_ttl" env:"GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL"` + WebDavBase string `yaml:"webdav_base,omitempty" env:"OCIS_URL;GRAPH_SPACES_WEBDAV_BASE"` + WebDavPath string `yaml:"webdav_path,omitempty" env:"GRAPH_SPACES_WEBDAV_PATH"` + DefaultQuota string `yaml:"default_quota,omitempty" env:"GRAPH_SPACES_DEFAULT_QUOTA"` + Insecure bool `yaml:"insecure,omitempty" env:"OCIS_INSECURE;GRAPH_SPACES_INSECURE"` + ExtendedSpacePropertiesCacheTTL int `yaml:"extended_space_properties_cache_ttl,omitempty" env:"GRAPH_SPACES_EXTENDED_SPACE_PROPERTIES_CACHE_TTL"` } type LDAP struct { diff --git a/ocis/pkg/command/init.go b/ocis/pkg/command/init.go index f3d9545ac..ba63aac07 100644 --- a/ocis/pkg/command/init.go +++ b/ocis/pkg/command/init.go @@ -17,8 +17,15 @@ import ( cli "github.com/urfave/cli/v2" "gopkg.in/yaml.v3" + authbearer "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config" + frontend "github.com/owncloud/ocis/extensions/frontend/pkg/config" + graph "github.com/owncloud/ocis/extensions/graph/pkg/config" idm "github.com/owncloud/ocis/extensions/idm/pkg/config" + ocdav "github.com/owncloud/ocis/extensions/ocdav/pkg/config" proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config" + storagemetadata "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config" + storageusers "github.com/owncloud/ocis/extensions/storage-users/pkg/config" + thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config" ) const configFilename string = "ocis.yaml" // TODO: use also a constant for reading this file @@ -90,12 +97,48 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error { } cfg := config.Config{ TokenManager: &shared.TokenManager{}, - IDM: &idm.Config{}, + IDM: &idm.Config{}, } if insecure { - cfg.Proxy = &proxy.Config{} - cfg.Proxy.InsecureBackends = insecure + cfg.Proxy = &proxy.Config{ + InsecureBackends: true, + } + cfg.AuthBearer = &authbearer.Config{ + AuthProviders: authbearer.AuthProviders{ + OIDC: authbearer.OIDCProvider{ + Insecure: true, + }, + }, + } + cfg.Frontend = &frontend.Config{ + AppProvider: frontend.AppProvider{ + Insecure: true, + }, + Archiver: frontend.Archiver{ + Insecure: true, + }, + } + cfg.Graph = &graph.Config{ + Spaces: graph.Spaces{ + Insecure: true, + }, + } + cfg.OCDav = &ocdav.Config{ + Insecure: true, + } + cfg.StorageMetadata = &storagemetadata.Config{ + DataProviderInsecure: true, + } + cfg.StorageUsers = &storageusers.Config{ + DataProviderInsecure: true, + } + cfg.Thumbnails = &thumbnails.Config{ + Thumbnail: thumbnails.Thumbnail{ + WebdavAllowInsecure: true, + CS3AllowInsecure: true, + }, + } } idmServicePassword, err := generators.GenerateRandomPassword(passwordLength)