mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-26 15:39:18 -06:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3551 from owncloud/ocis-init

Browse Source 
[full-ci] ocis init & remove default secrets
This commit is contained in:
Willy Kloucek
2022-05-02 09:31:01 +02:00
committed by GitHub
parent b013974494 f9dcf37674
commit 9934895843
204 changed files with 2720 additions and 757 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.bingo/Variables.mk
View File

@@ -1,4 +1,4 @@
# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.2. DO NOT EDIT.
# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT.
# All tools are designed to be build inside $GOBIN.
BINGO_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
GOPATH ?= $(shell go env GOPATH)

2
.bingo/variables.env
View File

@@ -1,4 +1,4 @@
# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.2. DO NOT EDIT.
# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT.
# All tools are designed to be build inside $GOBIN.
# Those variables will work only until 'bingo get' was invoked, or if tools were installed via Makefile's Variables.mk.
GOBIN=${GOBIN:=$(go env GOBIN)}

17
.drone.star
View File

@@ -1680,6 +1680,7 @@ def ocisServerWithAccounts(storage, accounts_hash_difficulty = 4, volumes = [],
"detach": True,
"environment": environment,
"commands": [
"ocis/bin/ocis init --insecure true",
"ocis/bin/ocis server",
],
"volumes": volumes,
@@ -1700,8 +1701,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
user = "0:0"
environment = {
"OCIS_URL": "https://ocis-server:9200",
"GATEWAY_GRPC_ADDR": "0.0.0.0:9142",
"STORAGE_HOME_DRIVER": "%s" % (storage),
"GATEWAY_GRPC_ADDR": "0.0.0.0:9142", # cs3api-validator needs the cs3api gatway exposed
"STORAGE_USERS_DRIVER": "%s" % (storage),
"STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root",
"STORAGE_USERS_DRIVER_OCIS_ROOT": "/srv/app/tmp/ocis/storage/users",
@@ -1712,8 +1712,8 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
"IDP_IDENTIFIER_REGISTRATION_CONF": "/drone/src/tests/config/drone/identifier-registration.yml",
"OCIS_LOG_LEVEL": "error",
"SETTINGS_DATA_PATH": "/srv/app/tmp/ocis/settings",
"OCIS_INSECURE": "true",
"IDM_CREATE_DEMO_USERS": True,
"IDM_ADMIN_PASSWORD": "admin", # override the random admin password from `ocis init`
}
wait_for_ocis = {
"name": "wait-for-ocis-server",
@@ -1782,24 +1782,16 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
"SHARING_USER_SQL_HOST": "oc10-db",
"SHARING_USER_SQL_PORT": 3306,
"SHARING_USER_SQL_NAME": "owncloud",
# ownCloud storage readonly
# TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303
"OCIS_STORAGE_READ_ONLY": "false",
# General oCIS config
# OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services
"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,nats,ocdav",
"OCIS_LOG_LEVEL": "info",
"OCIS_URL": OCIS_URL,
"PROXY_TLS": "true",
"OCIS_BASE_DATA_PATH": "/mnt/data/ocis",
"OCIS_CONFIG_DIR": "/etc/ocis",
# change default secrets
"OCIS_JWT_SECRET": "Pive-Fumkiu4",
"STORAGE_TRANSFER_SECRET": "replace-me-with-a-transfer-secret",
"OCIS_MACHINE_AUTH_API_KEY": "change-me-please",
"OCIS_INSECURE": "true",
"PROXY_ENABLE_BASIC_AUTH": "true",
"IDM_CREATE_DEMO_USERS": True,
"IDM_ADMIN_PASSWORD": "admin", # override the random admin password from `ocis init`
}
wait_for_ocis = {
"name": "wait-for-ocis-server",
@@ -1825,6 +1817,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on =
"environment": environment,
"user": user,
"commands": [
"ocis/bin/ocis init --insecure true",
"ocis/bin/ocis server",
],
"volumes": volumes,

20
.vscode/launch.json vendored
View File

@@ -19,9 +19,25 @@
"PROXY_ENABLE_BASIC_AUTH": "true",
// set insecure options because we don't have valid certificates in dev environments
"OCIS_INSECURE": "true",
// set some hardcoded secrets
"OCIS_JWT_SECRET": "some-ocis-jwt-secret",
"STORAGE_TRANSFER_SECRET": "some-ocis-transfer-secret",
"OCIS_MACHINE_AUTH_API_KEY": "some-ocis-machine-auth-api-key",
// idm ldap
"IDM_SVC_PASSWORD": "some-ldap-idm-password",
"GRAPH_LDAP_BIND_PASSWORD": "some-ldap-idm-password",
// reva ldap
"IDM_REVASVC_PASSWORD": "some-ldap-reva-password",
"GROUPS_LDAP_BIND_PASSWORD": "some-ldap-reva-password",
"USERS_LDAP_BIND_PASSWORD": "some-ldap-reva-password",
"AUTH_BASIC_LDAP_BIND_PASSWORD": "some-ldap-reva-password",
// idp ldap
"IDM_IDPSVC_PASSWORD": "some-ldap-idp-password",
"IDP_LDAP_BIND_PASSWORD": "some-ldap-idp-password",
// admin user default password
"IDM_ADMIN_PASSWORD": "admin",
// demo users
"ACCOUNTS_DEMO_USERS_AND_GROUPS": "true",
"IDM_CREATE_DEMO_USERS": "true"
"IDM_CREATE_DEMO_USERS": "true",
// OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode
//"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,accounts,proxy,ocdav",
}

10
changelog/unreleased/change-ocis-init.md Normal file
View File

@@ -0,0 +1,10 @@
Change: Introduce `ocis init` and remove all default secrets
We've removed all default secrets. This means you can't start oCIS any longer
without setting these via environment variable or configuration file.
In order to make this easy for you, we introduced a new command: `ocis init`.
You can run this command before starting oCIS with `ocis server` and it will
bootstrap you a configuration file for a secure oCIS instance.
https://github.com/owncloud/ocis/pull/3551

19
deployments/examples/ocis_traefik/.env
View File

@@ -2,10 +2,6 @@
# It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates.
INSECURE=true
# The demo users should not be created on a production instance
# because their passwords are public
DEMO_USERS=true
### Traefik settings ###
# Serve Traefik dashboard. Defaults to "false".
TRAEFIK_DASHBOARD=
@@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL=
OCIS_DOCKER_TAG=
# Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test"
OCIS_DOMAIN=
# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
IDP_LDAP_BIND_PASSWORD=
# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
STORAGE_LDAP_BIND_PASSWORD=
# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
OCIS_JWT_SECRET=
# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
STORAGE_TRANSFER_SECRET=
# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
OCIS_MACHINE_AUTH_API_KEY=
# oCIS admin user password. Defaults to "admin".
ADMIN_PASSWORD=
# The demo users should not be created on a production instance
# because their passwords are public. Defaults to "false".
DEMO_USERS=
# If you want to use debugging and tracing with this stack,
# you need uncomment following line. Please see documentation at

23
deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh
View File

@@ -1,24 +1,5 @@
#!/bin/sh
set -e
ocis server&
sleep 10
echo "##################################################"
echo "change default secrets:"
# IDP
IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " IDP user UUID: $IDP_USER_UUID"
ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID
# REVA
REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o)
echo " Reva user UUID: $REVA_USER_UUID"
ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID
echo "default secrets changed"
echo "##################################################"
wait # wait for oCIS to exit
ocis init || true # will only initialize once
ocis server

12
deployments/examples/ocis_traefik/docker-compose.yml
View File

@@ -53,21 +53,17 @@ services:
OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test}
OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose
PROXY_TLS: "false" # do not use SSL between Traefik and oCIS
# change default secrets
IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp}
STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva}
OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4}
STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret}
OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please}
# INSECURE: needed if oCIS / Traefik is using self generated certificates
OCIS_INSECURE: "${INSECURE:-false}"
# basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect)
PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}"
# admin user password
IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file
# demo users
ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM
IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}"
volumes:
- ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh
- ocis-config:/etc/ocis
- ocis-data:/var/lib/ocis
labels:
- "traefik.enable=true"
@@ -82,7 +78,9 @@ services:
volumes:
certs:
ocis-config:
ocis-data:
networks:
ocis-net:

16
docs/extensions/accounts/tests.md
View File

@@ -19,9 +19,10 @@ Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/
{{< hint info >}}
For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests:
```
```bash
rm ~/.ocis/idp/identifier-registration.yaml
```
{{< /hint >}}
### In the web repo
@@ -30,7 +31,7 @@ rm ~/.ocis/idp/identifier-registration.yaml
Install dependencies and bundle the frontend with a watcher by running
```
```bash
yarn && yarn build:w
```
@@ -40,7 +41,7 @@ If you skip the step above, the currently bundled frontend from the oCIS binary
Start the necessary acceptance test services by using Docker (Compose):
```
```bash
docker compose up selenium middleware-ocis vnc
```
@@ -50,7 +51,7 @@ docker compose up selenium middleware-ocis vnc
Navigate into the accounts service via `cd ../accounts/` and install dependencies and build the bundled accounts UI with a watcher by running
```
```bash
yarn && yarn watch
```
@@ -58,13 +59,14 @@ yarn && yarn watch
Navigate into the oCIS directory inside the oCIS repository and build the oCIS binary by running
```
```bash
make clean build
```
Then, start oCIS from the binary via
```
```bash
./bin/ocis init
OCIS_URL=https://host.docker.internal:9200 OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true WEB_UI_CONFIG=../../web/dev/docker/ocis.web.config.json ./bin/ocis server
```
@@ -78,6 +80,6 @@ If you want visual feedback on the test run, visit http://host.docker.internal:6
Navigate into the accounts service via `cd ../accounts/` and start the acceptance tests by running
```
```bash
SERVER_HOST=https://host.docker.internal:9200 BACKEND_HOST=https://host.docker.internal:9200 RUN_ON_OCIS=true NODE_TLS_REJECT_UNAUTHORIZED=0 WEB_PATH=../../web WEB_UI_CONFIG=../../web/tests/drone/config-ocis.json MIDDLEWARE_HOST=http://host.docker.internal:3000 ./ui/tests/run-acceptance-test.sh ./ui/tests/acceptance/features/
```

16
docs/extensions/settings/tests.md
View File

@@ -19,9 +19,10 @@ Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/
{{< hint info >}}
For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests:
```
```bash
rm ~/.ocis/idp/identifier-registration.yaml
```
{{< /hint >}}
### In the web repo
@@ -30,7 +31,7 @@ rm ~/.ocis/idp/identifier-registration.yaml
Install dependencies and bundle the frontend with a watcher by running
```
```bash
yarn && yarn build:w
```
@@ -40,7 +41,7 @@ If you skip the step above, the currently bundled frontend from the oCIS binary
Start the necessary acceptance test services by using Docker (Compose):
```
```bash
docker compose up selenium middleware-ocis vnc
```
@@ -50,7 +51,7 @@ docker compose up selenium middleware-ocis vnc
Navigate into the settings service via `cd ../settings/` and install dependencies and build the bundled settings UI with a watcher by running
```
```bash
yarn && yarn watch
```
@@ -58,13 +59,14 @@ yarn && yarn watch
Navigate into the oCIS directory inside the oCIS repository and build the oCIS binary by running
```
```bash
make clean build
```
Then, start oCIS from the binary via
```
```bash
ocis init
OCIS_URL=https://host.docker.internal:9200 OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true WEB_UI_CONFIG=../../web/dev/docker/ocis.web.config.json ./bin/ocis server
```
@@ -78,6 +80,6 @@ If you want visual feedback on the test run, visit http://host.docker.internal:6
Navigate into the settings service via `cd ../settings/` and start the acceptance tests by running
```
```bash
SERVER_HOST=https://host.docker.internal:9200 BACKEND_HOST=https://host.docker.internal:9200 RUN_ON_OCIS=true NODE_TLS_REJECT_UNAUTHORIZED=0 WEB_PATH=../../web WEB_UI_CONFIG=../../web/tests/drone/config-ocis.json MIDDLEWARE_HOST=http://host.docker.internal:3000 ./ui/tests/run-acceptance-test.sh ./ui/tests/acceptance/features/
```

5
docs/helpers/example-config-generator.go.tmpl
View File

@@ -22,9 +22,7 @@ func main() {
{{- range $key, $value := .}}
replacer.Replace("{{$value}}"): func() string {
fmt.Println("Generating example YAML config for {{ $value -}}")
c := pkg{{$key}}.DefaultConfig()
pkg{{$key}}.EnsureDefaults(c)
pkg{{$key}}.Sanitize(c)
c := pkg{{$key}}.FullDefaultConfig()
yml, err := yaml.Marshal(c)
if err != nil {
log.Fatalf("Marshalling yaml for pkg0 failed: %s\n", err)
@@ -50,4 +48,3 @@ func main() {
}
}
}

37
docs/ocis/deployment/_index.md
View File

@@ -27,38 +27,7 @@ oCIS deployments are super simple, yet there are many configurations possible fo
## Secure an oCIS instance
### Change default secrets
oCIS uses two system users which are needed for being operational:
- Reva Inter Operability Platform (bc596f3c-c955-4328-80a0-60d018b4ad57)
- Kopano IDP (820ba2a1-3f54-4538-80a4-2d73007e30bf)
oCIS no longer has any default secrets in versions later than oCIS 1.20.0. Therefore you're no
longer able to start oCIS without generating / setting all needed secrets.
Both have simple default passwords which need to be changed. Currently, changing a password is only possible on the command line. You need to run `ocis accounts update --password <new-password> <id>` for both users.
The new password for the Reva Inter Operability Platform user must be made available to oCIS by using the environment variable `STORAGE_LDAP_BIND_PASSWORD`. The same applies to the new Kopano IDP user password, which needs to be made available to oCIS in `IDP_LDAP_BIND_PASSWORD`.
Furthermore, oCIS uses a shared secret to sign JWT tokens for inter service authorization, which also needs to be changed by the user.
You can change it by setting the `OCIS_JWT_SECRET` environment variable for oCIS to a random string.
Another is used secret for singing JWT tokens for uploads and downloads, which also needs to be changed by the user.
You can change it by setting the `STORAGE_TRANSFER_SECRET` environment variable for oCIS to a random string.
One more secret is used for machine auth, so that external applications can authenticate with an API key.
You can change it by setting the `OCIS_MACHINE_AUTH_API_KEY` environment variable for oCIS to a random string.
### Delete demo users
{{< hint info >}}
Before deleting the demo users mentioned below, you must create a new account for yourself and assign it to the administrator role.
By default, oCIS doesn't create any demo users. During the first startup, it generates only the admin and one user for IDP and Reva respectively.
{{< /hint >}}
oCIS ships with a few demo users besides the system users:
- Admin (ddc2004c-0977-11eb-9d3f-a793888cd0f8)
- Albert Einstein (4c510ada-c86b-4815-8820-42cdf82c3d51)
- Richard Feynman (932b4540-8d16-481e-8ef4-588e4b6b151c)
- Maurice Moss (058bff95-6708-4fe5-91e4-9ea3d377588b)
- Marie Curie (f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c)
You can view them in ownCloud Web if you log in as Admin user or list them by running `ocis accounts list`.
After adding your own user it is safe to delete the demo users in the web UI or with the command `ocis accounts remove <id>`. Please do not delete the system users (see [change default secrets]({{< ref "./#change-default-secrets" >}})) or oCIS will not function properly anymore.
The recommended way is to use `ocis init` for that. It will generate a secure config file for you.

6
docs/ocis/deployment/basic-remote-setup.md
View File

@@ -15,6 +15,8 @@ If you need to access oCIS running in a docker container, on a VM or a remote ma
## Start the oCIS fullstack server from binary
Initialize the oCIS configuration by running `./bin/ocis init`.
Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a directory tree skeleton in `$HOME/.ocis`. If that is already existing it will not be overwritten as it contains all relevant data for oCIS.
In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to configure the built-in identity provider and therefore contains the OpenID Connect issuer and also information about relying parties, for example ownCloud Web and our desktop and mobile applications.
@@ -23,10 +25,6 @@ In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to con
The `identifier-registration.yaml` file will only be generated if it does not exist yet. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors.
{{< /hint >}}
{{< hint warning >}}
oCIS is currently in a Tech Preview state and is shipped with demo users. In order to secure your oCIS instances please follow following guide: [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}})
{{< /hint >}}
For the following examples you need to have the oCIS binary in your current working directory, we assume it is named `ocis` and it needs to be marked as executable. See [Getting Started]({{< ref "../getting-started/#binaries" >}}) for where to get the binary from.
### Using automatically generated certificates

2
docs/ocis/deployment/oc10_ocis_parallel.md
View File

@@ -122,8 +122,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oC10 and oCIS frontend in `CLOUD_DOMAIN=`, e.g. `CLOUD_DOMAIN=cloud.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
By default ownCloud 10 will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OC10_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated).
You can switch the default application of ownCloud 10 by setting`OWNCLOUD_DEFAULT_APP=files` in oder to have the classic UI as frontend, which is also the default. If you prefer ownCloud Web as the default application in ownCloud 10 just set `OWNCLOUD_DEFAULT_APP=web`.

2
docs/ocis/deployment/ocis_hello.md
View File

@@ -95,8 +95,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated).
Now you have configured everything and can save the file.

2
docs/ocis/deployment/ocis_individual_services.md
View File

@@ -91,8 +91,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
You also can run more than one instance of the service by setting `OCIS_SCALE` to number greater than one.
Now you have configured everything and can save the file.

2
docs/ocis/deployment/ocis_keycloak.md
View File

@@ -108,8 +108,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
Set your domain for the Keycloak administration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` e.g. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`.
Changing the used Keycloak realm can be done by setting `KEYCLOAK_REALM=`. This defaults to the oCIS realm `KEYCLOAK_REALM=oCIS`. The oCIS realm will be automatically imported on startup and includes our demo users.

2
docs/ocis/deployment/ocis_ldap.md
View File

@@ -93,8 +93,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=cloud.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
The OpenLDAP server in this example deployment has an admin users, which is also used as bind user in order to keep these examples simple. You can change the default password "admin" to a different one by setting it to `LDAP_ADMIN_PASSWORD=...`.
Set your domain for the LDAP manager UI in `LDAP_MANAGER_DOMAIN=`, e.g. `ldap.owncloud.test`.

2
docs/ocis/deployment/ocis_s3.md
View File

@@ -104,8 +104,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, e.g. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here.
If you like you can change the default name of the S3 bucket by setting `MINIO_BUCKET=` to a different value.

2
docs/ocis/deployment/ocis_traefik.md
View File

@@ -88,8 +88,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
Now you have configured everything and can save the file.
* Start the docker stack

2
docs/ocis/deployment/ocis_wopi.md
View File

@@ -130,8 +130,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`.
You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}).
By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated).
Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where all office suites can download the files via the WOPI protocol.

6
docs/ocis/deployment/systemd.md
View File

@@ -39,11 +39,10 @@ WantedBy=multi-user.target
For reasons of simplicity we are using the root user and group to run oCIS which is not recommended. Please use a non-root user in production environments and modify the oCIS service definition accordingly.
In the service definition we referenced `/etc/ocis/ocis.env` as our file containing environment variables for the oCIS process.
In order to create the file we need first to create the folder `/etc/ocis/` and then we can add the actual `/etc/ocis/ocis.env` with following content:
```
```bash
OCIS_URL=https://some-hostname-or-ip:9200
PROXY_HTTP_ADDR=0.0.0.0:9200
OCIS_INSECURE=false
@@ -60,9 +59,10 @@ Please change your `OCIS_URL` in order to reflect your actual deployment. If you
oCIS will store all data in `/var/lib/ocis`, because we configured it so by setting `OCIS_BASE_DATA_PATH`. Therefore you need to create that directory and make it accessible to the user, you use to start oCIS.
## Starting the oCIS service
Initialize the oCIS configuration by running `ocis init --config-path /etc/ocis`.
You can enable oCIS now by running `systemctl enable --now ocis`. It will ensure that oCIS also is restarted after a reboot of the host.
If you need to restart oCIS because of configuration changes in `/etc/ocis/ocis.env`, run `systemctl restart ocis`.

15
docs/ocis/development/testing.md
View File

@@ -89,7 +89,7 @@ We are using the ownCloud 10 acceptance test suite against oCIS.
All you need to do to get the acceptance tests is check out the core repo:
```
```bash
git clone https://github.com/owncloud/core.git
```
@@ -97,7 +97,8 @@ git clone https://github.com/owncloud/core.git
To start ocis:
```
```bash
ocis init
OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true bin/ocis server
```
@@ -108,12 +109,13 @@ OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true bin/ocis server
First we will need to clone the testing app in owncloud which contains the skeleton files required for running the tests.
In the ownCloud 10 core clone the testing app with the following command:
```
```bash
git clone https://github.com/owncloud/testing apps/testing
```
Then run the api acceptance tests with the following command from the root of the ownCloud 10 core repository:
```
```bash
make test-acceptance-api \
TEST_SERVER_URL=https://localhost:9200 \
TEST_OCIS=true \
@@ -153,7 +155,7 @@ If you want to work on a specific issue
E.g.:
```
```bash
make test-acceptance-api \
TEST_SERVER_URL=https://localhost:9200 \
TEST_OCIS=true \
@@ -174,7 +176,8 @@ If you want to work on a specific issue
Instruction on setup is available [here](https://owncloud.dev/ocis/deployment/oc10_ocis_parallel/#local-setup)
Edit the `.env` file and uncomment this line:
```
```bash
COMPOSE_FILE=docker-compose.yml:testing/docker-compose-additions.yml
```

20
docs/ocis/getting-started/_index.md
View File

@@ -42,14 +42,17 @@ curl https://download.owncloud.com/ocis/ocis/stable/1.20.0/ocis-1.20.0-linux-amd
# make binary executable
chmod +x ocis
# initialize a minimal oCIS configuration
./ocis init
# run with demo users
OCIS_INSECURE=true ACCOUNTS_DEMO_USERS_AND_GROUPS=true ./ocis server
IDM_CREATE_DEMO_USERS=true ./ocis server
```
The default primary storage location is `~/.ocis` or `/var/lib/ocis` depending on the packaging format and your operating system user. You can change that value by configuration.
{{< hint info >}}
When you're using oCIS with self-signed certificates, you need to set the environment variable `OCIS_INSECURE=true`, in order to make oCIS work.
When you're using oCIS with self-signed certificates, you need to answer the the question for certificate checking with "yes" or set the environment variable `OCIS_INSECURE=true`, in order to make oCIS work.
{{< /hint >}}
{{< hint warning >}}
@@ -64,7 +67,8 @@ The `latest` tag always reflects the current master branch.
```console
docker pull owncloud/ocis
docker run --rm -ti -p 9200:9200 -e OCIS_INSECURE=true -e ACCOUNTS_DEMO_USERS_AND_GROUPS=true owncloud/ocis
docker run --rm -it -v ocis-config:/etc/ocis owncloud/ocis init
docker run --rm -p 9200:9200 -v ocis-config:/etc/ocis -v ocis-data:/var/lib/ocis -e IDM_CREATE_DEMO_USERS=true owncloud/ocis
```
{{< hint info >}}
@@ -72,11 +76,11 @@ When you're using oCIS with self-signed certificates, you need to set the enviro
{{< /hint >}}
{{< hint warming >}}
When you're creating the [demo users]({{< ref "./demo-users" >}}) by setting `ACCOUNTS_DEMO_USERS_AND_GROUPS=true`, you need to be sure that this instance is not used in production because the passwords are public.
When you're creating the [demo users]({{< ref "./demo-users" >}}) by setting `IDM_CREATE_DEMO_USERS=true`, you need to be sure that this instance is not used in production because the passwords are public.
{{< /hint >}}
{{< hint warning >}}
In order to persist your data, you need to mount a docker volume or create a host bind-mount at `/var/lib/ocis`, for example with: `-v /some/host/dir:/var/lib/ocis`
We are using named volumes for the oCIS configuration and oCIS data in the above example (`-v ocis-config:/etc/ocis -v ocis-data:/var/lib/ocis`). You could instead also use host bind-mounts instead, eg. `-v /some/host/dir:/var/lib/ocis`.
You cannot use bind mounts on MacOS, since extended attributes are not supported ([owncloud/ocis#182](https://github.com/owncloud/ocis/issues/182), [moby/moby#1070](https://github.com/moby/moby/issues/1070)).
{{< /hint >}}
@@ -91,6 +95,12 @@ Open [https://localhost:9200](https://localhost:9200) and [login using one of th
The oCIS single binary contains multiple extensions and the `ocis` command helps you to manage them. You already used `ocis server` to run all available extensions in the [Run oCIS]({{< ref "#run-ocis" >}}) section. We now will show you some more management commands, which you may also explore by typing `ocis --help` or going to the [docs]({{< ref "../config" >}}).
To initialize the oCIS configuration:
{{< highlight txt >}}
ocis init
{{< / highlight >}}
To start oCIS server:
{{< highlight txt >}}

16
docs/ocis/getting-started/demo-users.md
View File

@@ -16,13 +16,13 @@ To create the demo users, run the initial setup step with an additional environm
Following users are available in the demo set:
| username | password | email | role | groups |
| --------- | ------------- | --------------------- | ----------- | ----------------------------------------------------------------------- |
| admin | admin | admin@example.org | admin | users |
| einstein | relativity | einstein@example.org | user | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters |
| marie | radioactivity | marie@example.org | user | users, physics-lovers, polonium-lovers, radium-lovers |
| moss | vista | moss@example.org | admin | users |
| richard | superfluidity | richard@example.org | user | users, philosophy-haters, physics-lovers, quantum-lovers |
| katherine | gemini | katherine@example.org | space admin | users, sailing-lovers, physics-lovers, quantum-lovers |
| username | password | email | role | groups |
| --------- | ----------------------------------------- | --------------------- | ----------- | ----------------------------------------------------------------------- |
| admin | admin or the one generated by `ocis init` | admin@example.org | admin | users |
| einstein | relativity | einstein@example.org | user | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters |
| marie | radioactivity | marie@example.org | user | users, physics-lovers, polonium-lovers, radium-lovers |
| moss | vista | moss@example.org | admin | users |
| richard | superfluidity | richard@example.org | user | users, philosophy-haters, physics-lovers, quantum-lovers |
| katherine | gemini | katherine@example.org | space admin | users, sailing-lovers, physics-lovers, quantum-lovers |
You may also want to run oCIS with only your custom users by [deleting the demo users]({{< ref "../deployment#delete-demo-users" >}}).

5
docs/ocis/storage-backends/dcfsnfs.md
View File

@@ -53,12 +53,11 @@ The oCIS server can be instructed to set up the decomposed FS at a certain path
The test setup started an oCIS tech preview single binary release using this start command:
```
```bash
ocis init
OCIS_BASE_DATA_PATH=/mnt/ocisdata/ OCIS_LOG_LEVEL=debug OCIS_INSECURE=true PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_URL=https://hostname:9200 ./ocis-1.18.0-linux-amd64 server
```
This starts oCIS and a decomposed FS skeleton file system structure is set up on the NFS share.
The oCIS instance is passing a smoke test.

27
extensions/accounts/cmd/helper/defaultconfig/main.go
View File

@@ -1,27 +0,0 @@
package main
import (
"fmt"
accountsdefaults "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults"
idpdefaults "github.com/owncloud/ocis/extensions/idp/pkg/config/defaults"
"gopkg.in/yaml.v2"
)
func main() {
fn1 := accountsdefaults.FullDefaultConfig
fn2 := idpdefaults.FullDefaultConfig
b, err := yaml.Marshal(fn1())
if err != nil {
return
}
fmt.Println(string(b))
b, err = yaml.Marshal(fn2())
if err != nil {
return
}
fmt.Println(string(b))
}

6
extensions/accounts/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/accounts/pkg/command/server.go
View File

@@ -25,7 +25,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

7
extensions/accounts/pkg/config/config.go
View File

@@ -19,7 +19,7 @@ type Config struct {
HTTP HTTP `yaml:"http"`
GRPC GRPC `yaml:"grpc"`
TokenManager TokenManager `yaml:"token_manager"`
TokenManager *TokenManager `yaml:"token_manager"`
Asset Asset `yaml:"asset"`
Repo Repo `yaml:"repo"`
@@ -36,11 +36,6 @@ type Asset struct {
Path string `yaml:"path" env:"ACCOUNTS_ASSET_PATH" desc:"The path to the ui assets."`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;ACCOUNTS_JWT_SECRET" desc:"The secret to mint jwt tokens."`
}
// Repo defines which storage implementation is to be used.
type Repo struct {
Backend string `yaml:"backend" env:"ACCOUNTS_STORAGE_BACKEND" desc:"Defines which storage implementation is to be used"`

15
extensions/accounts/pkg/config/defaults/defaultconfig.go
View File

@@ -10,10 +10,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -44,10 +42,7 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "accounts",
},
Asset: config.Asset{},
TokenManager: config.TokenManager{
JWTSecret: "Pive-Fumkiu4",
},
Asset: config.Asset{},
HashDifficulty: 11,
DemoUsersAndGroups: false,
Repo: config.Repo{
@@ -101,6 +96,14 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {

10
extensions/accounts/pkg/config/parser/parse.go
View File

@@ -6,11 +6,12 @@ import (
"github.com/owncloud/ocis/extensions/accounts/pkg/config"
defaults "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -29,5 +30,12 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
return nil
}

6
extensions/accounts/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,6 @@
package config
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;ACCOUNTS_JWT_SECRET"`
}

15
extensions/appprovider/pkg/command/command.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"flag"
"fmt"
"os"
"path"
@@ -10,6 +11,7 @@ import (
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
"github.com/owncloud/ocis/extensions/appprovider/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
@@ -24,6 +26,13 @@ func AppProvider(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "app-provider",
Usage: "start appprovider for providing apps",
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
logger := log.NewLogger(
@@ -92,8 +101,8 @@ func appProviderConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{
@@ -114,7 +123,7 @@ func appProviderConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]
"app_url": cfg.Drivers.WOPI.AppURL,
"insecure_connections": cfg.Drivers.WOPI.Insecure,
"iop_secret": cfg.Drivers.WOPI.IopSecret,
"jwt_secret": cfg.JWTSecret,
"jwt_secret": cfg.TokenManager.JWTSecret,
"wopi_url": cfg.Drivers.WOPI.WopiURL,
},
},

15
extensions/appprovider/pkg/config/config.go
View File

@@ -8,16 +8,17 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
ExternalAddr string
Driver string
Drivers Drivers
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
ExternalAddr string `yaml:"external_addr"`
Driver string `yaml:"driver"`
Drivers Drivers `yaml:"drivers"`
}
type Tracing struct {

35
extensions/appprovider/pkg/config/defaults/defaultconfig.go
View File

@@ -2,13 +2,13 @@ package defaults
import (
"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
)
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -27,9 +27,10 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "appprovider",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
Driver: "",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
Driver: "",
Drivers: config.Drivers{
WOPI: config.WOPIDriver{},
},
@@ -59,8 +60,32 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {
// nothing to sanitize here atm
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
return nil
}

42
extensions/appprovider/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,42 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/appprovider/pkg/config"
"github.com/owncloud/ocis/extensions/appprovider/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
return nil
}

11
extensions/appprovider/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;APP_PROVIDER_JWT_SECRET"`
}

6
extensions/audit/pkg/command/server.go
View File

@@ -22,7 +22,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

2
extensions/audit/pkg/config/defaults/defaultconfig.go
View File

@@ -6,10 +6,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}

6
extensions/audit/pkg/config/parser/parse.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
return nil
}

13
extensions/auth-basic/pkg/command/command.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"flag"
"fmt"
"os"
"path"
"path/filepath"
@@ -11,6 +12,7 @@ import (
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
"github.com/owncloud/ocis/extensions/auth-basic/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/ldap"
@@ -26,6 +28,13 @@ func AuthBasic(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "auth-basic",
Usage: "start authprovider for basic auth",
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
logger := log.NewLogger(
@@ -113,8 +122,8 @@ func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]in
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{

11
extensions/auth-basic/pkg/config/config.go
View File

@@ -8,13 +8,14 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
AuthProviders AuthProviders `yaml:"auth_providers"`
}
@@ -63,7 +64,7 @@ type LDAPProvider struct {
CACert string `env:"LDAP_CACERT;AUTH_BASIC_LDAP_CACERT"`
Insecure bool `env:"LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE"`
BindDN string `env:"LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN"`
BindPassword string `env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"`
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"`
UserBaseDN string `env:"LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN"`
GroupBaseDN string `env:"LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN"`
UserScope string `env:"LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE"`

29
extensions/auth-basic/pkg/config/defaults/defaultconfig.go
View File

@@ -9,9 +9,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -30,9 +29,10 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "auth-basic",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
AuthProvider: "ldap",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
AuthProvider: "ldap",
AuthProviders: config.AuthProviders{
LDAP: config.LDAPProvider{
URI: "ldaps://localhost:9235",
@@ -48,7 +48,6 @@ func DefaultConfig() *config.Config {
UserObjectClass: "inetOrgPerson",
GroupObjectClass: "groupOfNames",
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
BindPassword: "reva",
IDP: "https://localhost:9200",
UserSchema: config.LDAPUserSchema{
ID: "ownclouduuid",
@@ -67,7 +66,6 @@ func DefaultConfig() *config.Config {
JSON: config.JSONProvider{},
OwnCloudSQL: config.OwnCloudSQLProvider{
DBUsername: "owncloud",
DBPassword: "secret",
DBHost: "mysql",
DBPort: 3306,
DBName: "owncloud",
@@ -103,6 +101,23 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {

46
extensions/auth-basic/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,46 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/auth-basic/pkg/config"
"github.com/owncloud/ocis/extensions/auth-basic/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.AuthProviders.LDAP.BindPassword == "" && cfg.AuthProvider == "ldap" {
return shared.MissingLDAPBindPassword(cfg.Service.Name)
}
return nil
}

11
extensions/auth-basic/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET"`
}

13
extensions/auth-bearer/pkg/command/command.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"flag"
"fmt"
"os"
"path"
@@ -10,6 +11,7 @@ import (
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
@@ -24,6 +26,13 @@ func AuthBearer(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "auth-bearer",
Usage: "start authprovider for bearer auth",
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
logger := log.NewLogger(
@@ -94,8 +103,8 @@ func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]i
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{

9
extensions/auth-bearer/pkg/config/config.go
View File

@@ -8,13 +8,14 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
AuthProvider string `yaml:"auth_provider" env:"AUTH_BEARER_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
AuthProviders AuthProviders `yaml:"auth_providers"`
}

26
extensions/auth-bearer/pkg/config/defaults/defaultconfig.go
View File

@@ -6,9 +6,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -27,9 +26,10 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "auth-bearer",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
AuthProvider: "ldap",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
AuthProvider: "ldap",
AuthProviders: config.AuthProviders{
OIDC: config.OIDCProvider{
Issuer: "https://localhost:9200",
@@ -63,6 +63,22 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {

42
extensions/auth-bearer/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,42 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config"
"github.com/owncloud/ocis/extensions/auth-bearer/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
return nil
}

11
extensions/auth-bearer/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET"`
}

15
extensions/auth-machine/pkg/command/command.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"flag"
"fmt"
"os"
"path"
@@ -10,6 +11,7 @@ import (
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
"github.com/owncloud/ocis/extensions/auth-machine/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
@@ -24,6 +26,13 @@ func AuthMachine(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "auth-machine",
Usage: "start authprovider for machine auth",
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
logger := log.NewLogger(
@@ -94,8 +103,8 @@ func authMachineConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{
@@ -108,7 +117,7 @@ func authMachineConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]
"auth_managers": map[string]interface{}{
"machine": map[string]interface{}{
"api_key": cfg.AuthProviders.Machine.APIKey,
"gateway_addr": cfg.GatewayEndpoint,
"gateway_addr": cfg.Reva.Address,
},
},
},

9
extensions/auth-machine/pkg/config/config.go
View File

@@ -8,13 +8,14 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
AuthProvider string `yaml:"auth_provider" env:"AUTH_MACHINE_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
AuthProviders AuthProviders `yaml:"auth_providers"`
}

33
extensions/auth-machine/pkg/config/defaults/defaultconfig.go
View File

@@ -6,9 +6,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -27,14 +26,10 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "auth-machine",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
AuthProvider: "ldap",
AuthProviders: config.AuthProviders{
Machine: config.MachineProvider{
APIKey: "change-me-please",
},
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
AuthProvider: "ldap",
}
}
@@ -61,6 +56,26 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.AuthProviders.Machine.APIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.AuthProviders.Machine.APIKey = cfg.Commons.MachineAuthAPIKey
}
}
func Sanitize(cfg *config.Config) {

45
extensions/auth-machine/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,45 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/auth-machine/pkg/config"
"github.com/owncloud/ocis/extensions/auth-machine/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.AuthProviders.Machine.APIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
}
return nil
}

11
extensions/auth-machine/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_MACHINE_JWT_SECRET"`
}

54
extensions/frontend/pkg/command/command.go
View File

@@ -7,15 +7,14 @@ import (
"os"
"path"
"strconv"
"strings"
"github.com/cs3org/reva/v2/cmd/revad/runtime"
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/frontend/pkg/config"
"github.com/owncloud/ocis/extensions/frontend/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/conversions"
"github.com/owncloud/ocis/ocis-pkg/log"
"github.com/owncloud/ocis/ocis-pkg/sync"
"github.com/owncloud/ocis/ocis-pkg/tracing"
@@ -28,11 +27,12 @@ func Frontend(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "frontend",
Usage: "start frontend service",
Before: func(c *cli.Context) error {
if err := loadUserAgent(c, cfg); err != nil {
return err
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return nil
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
@@ -53,13 +53,6 @@ func Frontend(cfg *config.Config) *cli.Command {
uuid := uuid.Must(uuid.NewV4())
pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid")
// pregenerate list of valid localhost ports for the desktop redirect_uri
// TODO use custom scheme like "owncloud://localhost/user/callback" tracked in
var desktopRedirectURIs [65535 - 1024]string
for port := 0; port < len(desktopRedirectURIs); port++ {
desktopRedirectURIs[port] = fmt.Sprintf("http://localhost:%d", (port + 1024))
}
archivers := []map[string]interface{}{
{
"enabled": true,
@@ -156,8 +149,8 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint, // Todo or address?
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address, // Todo or address?
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"http": map[string]interface{}{
@@ -194,13 +187,13 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
"insecure": true,
},
"ocs": map[string]interface{}{
"storage_registry_svc": cfg.GatewayEndpoint,
"storage_registry_svc": cfg.Reva.Address,
"share_prefix": cfg.OCS.SharePrefix,
"home_namespace": cfg.OCS.HomeNamespace,
"resource_info_cache_ttl": cfg.OCS.ResourceInfoCacheTTL,
"prefix": cfg.OCS.Prefix,
"additional_info_attribute": cfg.OCS.AdditionalInfoAttribute,
"machine_auth_apikey": cfg.AuthMachine.APIKey,
"machine_auth_apikey": cfg.MachineAuthAPIKey,
"cache_warmup_driver": cfg.OCS.CacheWarmupDriver,
"cache_warmup_drivers": map[string]interface{}{
"cbox": map[string]interface{}{
@@ -210,7 +203,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
"db_port": cfg.OCS.CacheWarmupDrivers.CBOX.DBPort,
"db_name": cfg.OCS.CacheWarmupDrivers.CBOX.DBName,
"namespace": cfg.OCS.CacheWarmupDrivers.CBOX.Namespace,
"gatewaysvc": cfg.GatewayEndpoint,
"gatewaysvc": cfg.Reva.Address,
},
},
"config": map[string]interface{}{
@@ -311,31 +304,6 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s
}
}
// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of
// "user-agent":"challenge" locks in for Reva.
// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e:
// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0
// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent
// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we
// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied
// in reverse for each individual part
func loadUserAgent(c *cli.Context, cfg *config.Config) error {
cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string)
locks := c.StringSlice("user-agent-whitelist-lock-in")
for _, v := range locks {
vv := conversions.Reverse(v)
parts := strings.SplitN(vv, ":", 2)
if len(parts) != 2 {
return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v)
}
cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0])
}
return nil
}
// FrontendSutureService allows for the storage-frontend command to be embedded and supervised by a suture supervisor tree.
type FrontendSutureService struct {
cfg *config.Config

58
extensions/frontend/pkg/config/config.go
View File

@@ -8,31 +8,35 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
HTTP HTTPConfig `yaml:"http"`
// JWTSecret used to verify reva access token
JWTSecret string `yaml:"jwt_secret"`
GatewayEndpoint string
SkipUserGroupsInToken bool
EnableFavorites bool `yaml:"favorites"`
EnableProjectSpaces bool
TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"`
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY"`
SkipUserGroupsInToken bool `yaml:"skip_users_groups_in_token"`
EnableFavorites bool `yaml:"favorites"`
EnableProjectSpaces bool `yaml:"enable_project_spaces"`
UploadMaxChunkSize int `yaml:"upload_max_chunk_size"`
UploadHTTPMethodOverride string `yaml:"upload_http_method_override"`
DefaultUploadProtocol string `yaml:"default_upload_protocol"`
TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"`
PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"`
Archiver Archiver
AppProvider AppProvider
DataGateway DataGateway
OCS OCS
AuthMachine AuthMachine
Checksums Checksums
PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"`
Middleware Middleware
Archiver Archiver `yaml:"archiver"`
AppProvider AppProvider `yaml:"app_provider"`
DataGateway DataGateway `yaml:"data_gateway"`
OCS OCS `yaml:"ocs"`
Checksums Checksums `yaml:"checksums"`
Middleware Middleware `yaml:"middleware"`
}
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."`
@@ -72,25 +76,25 @@ type Middleware struct {
// Auth configures reva http auth middleware.
type Auth struct {
CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agenr"`
CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"`
}
type Archiver struct {
MaxNumFiles int64 `yaml:"max_num_files"`
MaxSize int64 `yaml:"max_size"`
Prefix string
Insecure bool `env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"`
MaxNumFiles int64 `yaml:"max_num_files"`
MaxSize int64 `yaml:"max_size"`
Prefix string `yaml:"-"`
Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"`
}
type AppProvider struct {
ExternalAddr string `yaml:"external_addr"`
Driver string `yaml:"driver"`
// WopiDriver WopiDriver `yaml:"wopi_driver"`
AppsURL string `yaml:"apps_url"`
OpenURL string `yaml:"open_url"`
NewURL string `yaml:"new_url"`
Prefix string
Insecure bool `env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"`
AppsURL string `yaml:"-"`
OpenURL string `yaml:"-"`
NewURL string `yaml:"-"`
Prefix string `yaml:"-"`
Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"`
}
type DataGateway struct {
@@ -120,10 +124,6 @@ type CBOXDriver struct {
Namespace string
}
type AuthMachine struct {
APIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
}
type Checksums struct {
SupportedTypes []string `yaml:"supported_types"`
PreferredUploadType string `yaml:"preferred_upload_type"`

37
extensions/frontend/pkg/config/defaults/defaultconfig.go
View File

@@ -6,9 +6,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -28,15 +27,15 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "frontend",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
PublicURL: "https://localhost:9200",
EnableFavorites: false,
EnableProjectSpaces: true,
UploadMaxChunkSize: 1e+8,
UploadHTTPMethodOverride: "",
DefaultUploadProtocol: "tus",
TransferSecret: "replace-me-with-a-transfer-secret",
Checksums: config.Checksums{
SupportedTypes: []string{"sha1", "md5", "adler32"},
PreferredUploadType: "",
@@ -62,9 +61,6 @@ func DefaultConfig() *config.Config {
AdditionalInfoAttribute: "{{.Mail}}",
ResourceInfoCacheTTL: 0,
},
AuthMachine: config.AuthMachine{
APIKey: "change-me-please",
},
Middleware: config.Middleware{
Auth: config.Auth{
CredentialsByUserAgent: map[string]string{},
@@ -96,6 +92,31 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
cfg.TransferSecret = cfg.Commons.TransferSecret
}
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
}
func Sanitize(cfg *config.Config) {

50
extensions/frontend/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,50 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/frontend/pkg/config"
"github.com/owncloud/ocis/extensions/frontend/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.TransferSecret == "" {
return shared.MissingRevaTransferSecretError(cfg.Service.Name)
}
if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
}
return nil
}

11
extensions/frontend/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;FRONTEND_JWT_SECRET"`
}

24
extensions/gateway/pkg/command/command.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"os"
"path"
@@ -15,6 +16,7 @@ import (
"github.com/mitchellh/mapstructure"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/gateway/pkg/config"
"github.com/owncloud/ocis/extensions/gateway/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
"github.com/owncloud/ocis/extensions/storage/pkg/service/external"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
@@ -31,12 +33,12 @@ func Gateway(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "gateway",
Usage: "start gateway",
Before: func(c *cli.Context) error {
if cfg.DataGatewayPublicURL == "" {
cfg.DataGatewayPublicURL = strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data"
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return nil
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
@@ -125,8 +127,8 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{
@@ -136,9 +138,9 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
"services": map[string]interface{}{
"gateway": map[string]interface{}{
// registries is located on the gateway
"authregistrysvc": cfg.GatewayEndpoint,
"storageregistrysvc": cfg.GatewayEndpoint,
"appregistrysvc": cfg.GatewayEndpoint,
"authregistrysvc": cfg.Reva.Address,
"storageregistrysvc": cfg.Reva.Address,
"appregistrysvc": cfg.Reva.Address,
// user metadata is located on the users services
"preferencessvc": cfg.UsersEndpoint,
"userprovidersvc": cfg.UsersEndpoint,
@@ -153,7 +155,7 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg
"share_folder": cfg.ShareFolder, // ShareFolder is the location where to create shares in the recipient's storage provider.
// other
"disable_home_creation_on_login": cfg.DisableHomeCreationOnLogin,
"datagateway": cfg.DataGatewayPublicURL,
"datagateway": strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data",
"transfer_shared_secret": cfg.TransferSecret,
"transfer_expires": cfg.TransferExpires,
"home_mapping": cfg.HomeMapping,

59
extensions/gateway/pkg/config/config.go
View File

@@ -4,42 +4,43 @@ import "github.com/owncloud/ocis/ocis-pkg/shared"
type Config struct {
*shared.Commons `yaml:"-"`
Service Service `yaml:"-"`
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Service Service `yaml:"-"`
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool
CommitShareToStorageGrant bool
CommitShareToStorageRef bool
ShareFolder string
DisableHomeCreationOnLogin bool
TransferSecret string `env:"STORAGE_TRANSFER_SECRET"`
TransferExpires int
HomeMapping string
EtagCacheTTL int
CommitShareToStorageGrant bool `yaml:"commit_share_to_storage_grant"`
CommitShareToStorageRef bool `yaml:"commit_share_to_storage_ref"`
ShareFolder string `yaml:"share_folder"`
DisableHomeCreationOnLogin bool `yaml:"disable_home_creation_on_login"`
TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"`
TransferExpires int `yaml:"transfer_expires"`
HomeMapping string `yaml:"home_mapping"`
EtagCacheTTL int `yaml:"etag_cache_ttl"`
UsersEndpoint string
GroupsEndpoint string
PermissionsEndpoint string
SharingEndpoint string
DataGatewayPublicURL string
FrontendPublicURL string `env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL"`
AuthBasicEndpoint string
AuthBearerEndpoint string
AuthMachineEndpoint string
StoragePublicLinkEndpoint string
StorageUsersEndpoint string
StorageSharesEndpoint string
UsersEndpoint string `yaml:"users_endpoint"`
GroupsEndpoint string `yaml:"groups_endpoint"`
PermissionsEndpoint string `yaml:"permissions_endpoint"`
SharingEndpoint string `yaml:"sharing_endpoint"`
FrontendPublicURL string `yaml:"frontend_public_url" env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL"`
AuthBasicEndpoint string `yaml:"auth_basic_endpoint"`
AuthBearerEndpoint string `yaml:"auth_bearer_endpoint"`
AuthMachineEndpoint string `yaml:"auth_machine_endpoint"`
StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint"`
StorageUsersEndpoint string `yaml:"storage_users_endpoint"`
StorageSharesEndpoint string `yaml:"storage_shares_endpoint"`
StorageRegistry StorageRegistry
AppRegistry AppRegistry
StorageRegistry StorageRegistry `yaml:"storage_registry"`
AppRegistry AppRegistry `yaml:"app_registry"`
}
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GATEWAY_TRACING_ENABLED" desc:"Activates tracing."`

30
extensions/gateway/pkg/config/defaults/defaultconfig.go
View File

@@ -6,9 +6,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -27,14 +26,14 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "gateway",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
CommitShareToStorageGrant: true,
CommitShareToStorageRef: true,
ShareFolder: "Shares",
DisableHomeCreationOnLogin: true,
TransferSecret: "replace-me-with-a-transfer-secret",
TransferExpires: 24 * 60 * 60,
HomeMapping: "",
EtagCacheTTL: 0,
@@ -43,7 +42,6 @@ func DefaultConfig() *config.Config {
GroupsEndpoint: "localhost:9160",
PermissionsEndpoint: "localhost:9191",
SharingEndpoint: "localhost:9150",
DataGatewayPublicURL: "",
FrontendPublicURL: "https://localhost:9200",
AuthBasicEndpoint: "localhost:9146",
AuthBearerEndpoint: "localhost:9148",
@@ -85,6 +83,26 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
cfg.TransferSecret = cfg.Commons.TransferSecret
}
}
func Sanitize(cfg *config.Config) {

46
extensions/gateway/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,46 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/gateway/pkg/config"
"github.com/owncloud/ocis/extensions/gateway/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.TransferSecret == "" {
return shared.MissingRevaTransferSecretError(cfg.Service.Name)
}
return nil
}

11
extensions/gateway/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GATEWAY_JWT_SECRET"`
}

6
extensions/glauth/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/glauth/pkg/command/server.go
View File

@@ -28,7 +28,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

2
extensions/glauth/pkg/config/defaults/defaultconfig.go
View File

@@ -9,10 +9,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}

7
extensions/glauth/pkg/config/parser/parse.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -28,5 +28,10 @@ func ParseConfig(cfg *config.Config) error {
// sanitize config
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
return nil
}

6
extensions/graph-explorer/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/graph-explorer/pkg/command/server.go
View File

@@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(ctx *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

2
extensions/graph-explorer/pkg/config/defaults/defaultconfig.go
View File

@@ -8,10 +8,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}

6
extensions/graph-explorer/pkg/config/parser/parse.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -30,5 +30,9 @@ func ParseConfig(cfg *config.Config) error {
// sanitize config
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
return nil
}

6
extensions/graph/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/graph/pkg/command/server.go
View File

@@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

4
extensions/graph/pkg/config/config.go
View File

@@ -18,8 +18,8 @@ type Config struct {
HTTP HTTP `yaml:"http"`
Reva Reva `yaml:"reva"`
TokenManager TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
TokenManager *TokenManager `yaml:"token_manager"`
Spaces Spaces `yaml:"spaces"`
Identity Identity `yaml:"identity"`

21
extensions/graph/pkg/config/defaults/defaultconfig.go
View File

@@ -6,6 +6,13 @@ import (
"github.com/owncloud/ocis/extensions/graph/pkg/config"
)
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
func DefaultConfig() *config.Config {
return &config.Config{
Debug: config.Debug{
@@ -20,12 +27,9 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "graph",
},
Reva: config.Reva{
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
TokenManager: config.TokenManager{
JWTSecret: "Pive-Fumkiu4",
},
Spaces: config.Spaces{
WebDavBase: "https://localhost:9200",
WebDavPath: "/dav/spaces/",
@@ -38,7 +42,6 @@ func DefaultConfig() *config.Config {
URI: "ldaps://localhost:9235",
Insecure: true,
BindDN: "uid=libregraph,ou=sysusers,o=libregraph-idm",
BindPassword: "idm",
UseServerUUID: false,
WriteEnabled: true,
UserBaseDN: "ou=users,o=libregraph-idm",
@@ -89,6 +92,14 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {

15
extensions/graph/pkg/config/parser/parse.go
View File

@@ -6,11 +6,12 @@ import (
"github.com/owncloud/ocis/extensions/graph/pkg/config"
"github.com/owncloud/ocis/extensions/graph/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -29,5 +30,17 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.Identity.Backend == "ldap" && cfg.Identity.LDAP.BindPassword == "" {
return shared.MissingLDAPBindPassword(cfg.Service.Name)
}
return nil
}

2
extensions/graph/pkg/service/v0/graph_suite_test.go
View File

@@ -3,7 +3,7 @@ package svc_test
import (
"testing"
. "github.com/onsi/ginkgo"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
)

9
extensions/graph/pkg/service/v0/graph_test.go
View File

@@ -13,10 +13,11 @@ import (
provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1"
typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1"
"github.com/cs3org/reva/v2/pkg/rgrpc/status"
. "github.com/onsi/ginkgo"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
libregraph "github.com/owncloud/libre-graph-api-go"
"github.com/owncloud/ocis/extensions/graph/mocks"
"github.com/owncloud/ocis/extensions/graph/pkg/config"
"github.com/owncloud/ocis/extensions/graph/pkg/config/defaults"
service "github.com/owncloud/ocis/extensions/graph/pkg/service/v0"
"github.com/owncloud/ocis/extensions/graph/pkg/service/v0/errorcode"
@@ -30,15 +31,19 @@ var _ = Describe("Graph", func() {
httpClient *mocks.HTTPClient
eventsPublisher mocks.Publisher
ctx context.Context
cfg *config.Config
)
JustBeforeEach(func() {
ctx = context.Background()
cfg = defaults.FullDefaultConfig()
cfg.TokenManager.JWTSecret = "loremipsum"
gatewayClient = &mocks.GatewayClient{}
httpClient = &mocks.HTTPClient{}
eventsPublisher = mocks.Publisher{}
svc = service.NewService(
service.Config(defaults.DefaultConfig()),
service.Config(cfg),
service.WithGatewayClient(gatewayClient),
service.WithHTTPClient(httpClient),
service.EventsPublisher(&eventsPublisher),

2
extensions/graph/pkg/service/v0/service.go
View File

@@ -59,7 +59,7 @@ func NewService(opts ...Option) Service {
switch options.Config.Identity.Backend {
case "cs3":
backend = &identity.CS3{
Config: &options.Config.Reva,
Config: options.Config.Reva,
Logger: &options.Logger,
}
case "ldap":

13
extensions/group/pkg/command/command.go
View File

@@ -3,6 +3,7 @@ package command
import (
"context"
"flag"
"fmt"
"os"
"path"
"path/filepath"
@@ -11,6 +12,7 @@ import (
"github.com/gofrs/uuid"
"github.com/oklog/run"
"github.com/owncloud/ocis/extensions/group/pkg/config"
"github.com/owncloud/ocis/extensions/group/pkg/config/parser"
"github.com/owncloud/ocis/extensions/storage/pkg/server/debug"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/ldap"
@@ -26,6 +28,13 @@ func Groups(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "groups",
Usage: "start groups service",
Before: func(ctx *cli.Context) error {
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logCfg := cfg.Logging
logger := log.NewLogger(
@@ -111,8 +120,8 @@ func groupsConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inter
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"jwt_secret": cfg.TokenManager.JWTSecret,
"gatewaysvc": cfg.Reva.Address,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{

17
extensions/group/pkg/config/config.go
View File

@@ -8,16 +8,17 @@ type Config struct {
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
Supervised bool `yaml:"-"`
GRPC GRPCConfig `yaml:"grpc"`
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
GroupMembersCacheExpiration int
Driver string
Drivers Drivers
TokenManager *TokenManager `yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"`
GroupMembersCacheExpiration int `yaml:"group_members_cache_expiration"`
Driver string `yaml:"driver"`
Drivers Drivers `yaml:"drivers"`
}
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GROUPS_TRACING_ENABLED" desc:"Activates tracing."`
@@ -64,7 +65,7 @@ type LDAPDriver struct {
CACert string `env:"LDAP_CACERT;GROUPS_LDAP_CACERT"`
Insecure bool `env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE"`
BindDN string `env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN"`
BindPassword string `env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"`
BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"`
UserBaseDN string `env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN"`
GroupBaseDN string `env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN"`
UserScope string `env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE"`

27
extensions/group/pkg/config/defaults/defaultconfig.go
View File

@@ -9,9 +9,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -31,9 +30,10 @@ func DefaultConfig() *config.Config {
Name: "user",
},
GroupMembersCacheExpiration: 5,
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
Driver: "ldap",
Reva: &config.Reva{
Address: "127.0.0.1:9142",
},
Driver: "ldap",
Drivers: config.Drivers{
LDAP: config.LDAPDriver{
URI: "ldaps://localhost:9235",
@@ -49,7 +49,6 @@ func DefaultConfig() *config.Config {
UserObjectClass: "inetOrgPerson",
GroupObjectClass: "groupOfNames",
BindDN: "uid=reva,ou=sysusers,o=libregraph-idm",
BindPassword: "reva",
IDP: "https://localhost:9200",
UserSchema: config.LDAPUserSchema{
ID: "ownclouduuid",
@@ -108,6 +107,22 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &config.Reva{
Address: cfg.Commons.Reva.Address,
}
} else if cfg.Reva == nil {
cfg.Reva = &config.Reva{}
}
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
cfg.TokenManager = &config.TokenManager{
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
}
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
}
func Sanitize(cfg *config.Config) {

46
extensions/group/pkg/config/parser/parse.go Normal file
View File

@@ -0,0 +1,46 @@
package parser
import (
"errors"
"github.com/owncloud/ocis/extensions/group/pkg/config"
"github.com/owncloud/ocis/extensions/group/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
return err
}
defaults.EnsureDefaults(cfg)
// load all env variables relevant to the config in the current context.
if err := envdecode.Decode(cfg); err != nil {
// no environment variable set for this config is an expected "error"
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
return err
}
}
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
}
if cfg.Drivers.LDAP.BindPassword == "" && cfg.Driver == "ldap" {
return shared.MissingLDAPBindPassword(cfg.Service.Name)
}
return nil
}

11
extensions/group/pkg/config/reva.go Normal file
View File

@@ -0,0 +1,11 @@
package config
// Reva defines all available REVA configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY"`
}
// TokenManager is the config for using the reva token manager
type TokenManager struct {
JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GROUPS_JWT_SECRET"`
}

6
extensions/idm/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/idm/pkg/command/server.go
View File

@@ -29,7 +29,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

8
extensions/idm/pkg/config/defaults/defaultconfig.go
View File

@@ -9,10 +9,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -22,12 +20,6 @@ func DefaultConfig() *config.Config {
Name: "idm",
},
CreateDemoUsers: false,
ServiceUserPasswords: config.ServiceUserPasswords{
OcisAdmin: "admin",
Idm: "idm",
Idp: "idp",
Reva: "reva",
},
IDM: config.Settings{
LDAPSAddr: "127.0.0.1:9235",
Cert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),

22
extensions/idm/pkg/config/parser/parse.go
View File

@@ -6,11 +6,12 @@ import (
"github.com/owncloud/ocis/extensions/idm/pkg/config"
"github.com/owncloud/ocis/extensions/idm/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -28,5 +29,24 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.ServiceUserPasswords.Idm == "" {
return shared.MissingServiceUserPassword(cfg.Service.Name, "IDM")
}
if cfg.ServiceUserPasswords.OcisAdmin == "" {
return shared.MissingServiceUserPassword(cfg.Service.Name, "admin")
}
if cfg.ServiceUserPasswords.Idp == "" {
return shared.MissingServiceUserPassword(cfg.Service.Name, "IDP")
}
if cfg.ServiceUserPasswords.Reva == "" {
return shared.MissingServiceUserPassword(cfg.Service.Name, "REVA")
}
return nil
}

6
extensions/idp/pkg/command/health.go
View File

@@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command {
Usage: "check health status",
Category: "info",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

6
extensions/idp/pkg/command/server.go
View File

@@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

3
extensions/idp/pkg/config/defaults/defaultconfig.go
View File

@@ -10,10 +10,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}
@@ -71,7 +69,6 @@ func DefaultConfig() *config.Config {
URI: "ldaps://localhost:9235",
TLSCACert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
BindDN: "uid=idp,ou=sysusers,o=libregraph-idm",
BindPassword: "idp",
BaseDN: "ou=users,o=libregraph-idm",
Scope: "sub",
LoginAttribute: "uid",

11
extensions/idp/pkg/config/parser/parse.go
View File

@@ -6,11 +6,12 @@ import (
"github.com/owncloud/ocis/extensions/idp/pkg/config"
"github.com/owncloud/ocis/extensions/idp/pkg/config/defaults"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/shared"
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -29,5 +30,13 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
if cfg.Ldap.BindPassword == "" {
return shared.MissingLDAPBindPassword(cfg.Service.Name)
}
return nil
}

6
extensions/nats/pkg/command/server.go
View File

@@ -20,7 +20,11 @@ func Server(cfg *config.Config) *cli.Command {
Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name),
Category: "server",
Before: func(c *cli.Context) error {
return parser.ParseConfig(cfg)
err := parser.ParseConfig(cfg)
if err != nil {
fmt.Printf("%v", err)
}
return err
},
Action: func(c *cli.Context) error {
logger := logging.Configure(cfg.Service.Name, cfg.Log)

2
extensions/nats/pkg/config/defaults/defaultconfig.go
View File

@@ -12,10 +12,8 @@ import (
func FullDefaultConfig() *config.Config {
cfg := DefaultConfig()
EnsureDefaults(cfg)
Sanitize(cfg)
return cfg
}

6
extensions/nats/pkg/config/parser/parse.go
View File

@@ -10,7 +10,7 @@ import (
"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
)
// ParseConfig loads accounts configuration from known paths.
// ParseConfig loads configuration from known paths.
func ParseConfig(cfg *config.Config) error {
_, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg)
if err != nil {
@@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error {
defaults.Sanitize(cfg)
return Validate(cfg)
}
func Validate(cfg *config.Config) error {
return nil
}

2
extensions/notifications/pkg/channels/channels.go
View File

@@ -86,7 +86,7 @@ func (m Mail) getReceiverAddresses(receivers []string) ([]string, error) {
res, err := m.gatewayClient.Authenticate(context.Background(), &gateway.AuthenticateRequest{
Type: "machine",
ClientId: "userid:" + id,
ClientSecret: m.conf.Notifications.MachineAuthSecret,
ClientSecret: m.conf.Notifications.MachineAuthAPIKey,
})
if err != nil {
return nil, err

2
extensions/notifications/pkg/command/root.go
View File

@@ -48,7 +48,7 @@ type SutureService struct {
// NewSutureService creates a new notifications.SutureService
func NewSutureService(cfg *ociscfg.Config) suture.Service {
cfg.Settings.Commons = cfg.Commons
cfg.Notifications.Commons = cfg.Commons
return SutureService{
cfg: cfg.Notifications,
}

Some files were not shown because too many files have changed in this diff Show More