mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-05-01 00:10:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

make auth-basic config similar to other services

Browse Source
This commit is contained in:
David Christofas
2022-04-19 16:10:29 +02:00
parent 57e4e70888
commit b31b70890f
3 changed files with 127 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
extensions/auth-basic/pkg/command/command.go
+26 -27
View File
@@ -43,8 +43,8 @@ func AuthBasic(cfg *config.Config) *cli.Command {
defer cancel()
// pre-create folders
if cfg.Service.AuthManager == "json" && cfg.Service.AuthManagers.JSON.Users != "" {
if err := os.MkdirAll(filepath.Dir(cfg.Service.AuthManagers.JSON.Users), os.FileMode(0700)); err != nil {
if cfg.AuthProvider == "json" && cfg.AuthProviders.JSON.File != "" {
if err := os.MkdirAll(filepath.Dir(cfg.AuthProviders.JSON.File), os.FileMode(0700)); err != nil {
return err
}
}
@@ -59,8 +59,8 @@ func AuthBasic(cfg *config.Config) *cli.Command {
Interface("reva-config", rcfg).
Msg("config")
if cfg.Service.AuthManager == "ldap" {
ldapCfg := cfg.Service.AuthManagers.LDAP
if cfg.AuthProvider == "ldap" {
ldapCfg := cfg.AuthProviders.LDAP
if err := ldap.WaitForCA(logger, ldapCfg.Insecure, ldapCfg.CACert); err != nil {
logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist")
return err
@@ -80,12 +80,12 @@ func AuthBasic(cfg *config.Config) *cli.Command {
debugServer, err := debug.Server(
debug.Name(c.Command.Name+"-debug"),
debug.Addr(cfg.DebugService.Address),
debug.Addr(cfg.Debug.Addr),
debug.Logger(logger),
debug.Context(ctx),
debug.Pprof(cfg.DebugService.Pprof),
debug.Zpages(cfg.DebugService.Zpages),
debug.Token(cfg.DebugService.Token),
debug.Pprof(cfg.Debug.Pprof),
debug.Zpages(cfg.Debug.Zpages),
debug.Token(cfg.Debug.Token),
)
if err != nil {
@@ -110,39 +110,38 @@ func AuthBasic(cfg *config.Config) *cli.Command {
func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} {
rcfg := map[string]interface{}{
"core": map[string]interface{}{
// "max_cpus": cfg.Reva.AuthBasic.MaxCPUs, <-- Default is use all CPUs so remove this.
"tracing_enabled": cfg.Tracing.Enabled,
"tracing_endpoint": cfg.Tracing.Endpoint,
"tracing_collector": cfg.Tracing.Collector,
"tracing_service_name": c.Command.Name,
},
"shared": map[string]interface{}{
"jwt_secret": cfg.Service.JWTSecret,
"gatewaysvc": cfg.Service.GatewayEndpoint,
"skip_user_groups_in_token": cfg.Service.SkipUserGroupsInToken,
"jwt_secret": cfg.JWTSecret,
"gatewaysvc": cfg.GatewayEndpoint,
"skip_user_groups_in_token": cfg.SkipUserGroupsInToken,
},
"grpc": map[string]interface{}{
"network": cfg.Service.Network,
"address": cfg.Service.Address,
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
// TODO build services dynamically
"services": map[string]interface{}{
"authprovider": map[string]interface{}{
"auth_manager": cfg.Service.AuthManager,
"auth_manager": cfg.AuthProvider,
"auth_managers": map[string]interface{}{
"json": map[string]interface{}{
"users": cfg.Service.AuthManagers.JSON.Users, // TODO rename config option
"users": cfg.AuthProviders.JSON.File,
},
"ldap": ldapConfigFromString(cfg.Service.AuthManagers.LDAP),
"ldap": ldapConfigFromString(cfg.AuthProviders.LDAP),
"owncloudsql": map[string]interface{}{
"dbusername": cfg.Service.AuthManagers.OwnCloudSQL.DBUsername,
"dbpassword": cfg.Service.AuthManagers.OwnCloudSQL.DBPassword,
"dbhost": cfg.Service.AuthManagers.OwnCloudSQL.DBHost,
"dbport": cfg.Service.AuthManagers.OwnCloudSQL.DBPort,
"dbname": cfg.Service.AuthManagers.OwnCloudSQL.DBName,
"idp": cfg.Service.AuthManagers.OwnCloudSQL.IDP,
"nobody": cfg.Service.AuthManagers.OwnCloudSQL.Nobody,
"join_username": cfg.Service.AuthManagers.OwnCloudSQL.JoinUsername,
"join_ownclouduuid": cfg.Service.AuthManagers.OwnCloudSQL.JoinOwnCloudUUID,
"dbusername": cfg.AuthProviders.OwnCloudSQL.DBUsername,
"dbpassword": cfg.AuthProviders.OwnCloudSQL.DBPassword,
"dbhost": cfg.AuthProviders.OwnCloudSQL.DBHost,
"dbport": cfg.AuthProviders.OwnCloudSQL.DBPort,
"dbname": cfg.AuthProviders.OwnCloudSQL.DBName,
"idp": cfg.AuthProviders.OwnCloudSQL.IDP,
"nobody": cfg.AuthProviders.OwnCloudSQL.Nobody,
"join_username": cfg.AuthProviders.OwnCloudSQL.JoinUsername,
"join_ownclouduuid": cfg.AuthProviders.OwnCloudSQL.JoinOwnCloudUUID,
},
},
},
@@ -187,7 +186,7 @@ func (s AuthBasicSutureService) Serve(ctx context.Context) error {
return nil
}
func ldapConfigFromString(cfg config.LDAPManager) map[string]interface{} {
func ldapConfigFromString(cfg config.LDAPProvider) map[string]interface{} {
return map[string]interface{}{
"uri": cfg.URI,
"cacert": cfg.CACert,
extensions/auth-basic/pkg/config/config.go
+42 -36
View File
@@ -4,55 +4,61 @@ import "github.com/owncloud/ocis/ocis-pkg/shared"
type Config struct {
*shared.Commons `yaml:"-"`
Tracing *TracingConfig `yaml:"tracing"`
Logging *LoggingConfig `yaml:"log"`
Service ServiceConfig
DebugService DebugServiceConfig `yaml:"debug"`
Service Service `yaml:"-"`
Tracing *Tracing `yaml:"tracing"`
Logging *Logging `yaml:"log"`
Debug Debug `yaml:"debug"`
Supervised bool
}
type TracingConfig struct {
Enabled bool
Endpoint string
Collector string
ServiceName string
Type string
}
type LoggingConfig struct {
Level string
Pretty bool
Color bool
File string
}
GRPC GRPCConfig `yaml:"grpc"`
type ServiceConfig struct {
JWTSecret string
GatewayEndpoint string
SkipUserGroupsInToken bool
Network string // TODO: name transport or protocol?
Address string
AuthManager string
AuthManagers AuthManagers
AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"`
AuthProviders AuthProviders `yaml:"auth_providers"`
}
type Tracing struct {
Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_BASIC_TRACING_ENABLED" desc:"Activates tracing."`
Type string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_BASIC_TRACING_TYPE"`
Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_BASIC_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."`
Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_BASIC_TRACING_COLLECTOR"`
}
type DebugServiceConfig struct {
Address string
Pprof bool
Zpages bool
Token string
type Logging struct {
Level string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL" desc:"The log level."`
Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY" desc:"Activates pretty log output."`
Color bool `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_BASIC_LOG_COLOR" desc:"Activates colorized log output."`
File string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_BASIC_LOG_FILE" desc:"The target log file."`
}
type AuthManagers struct {
JSON JSONManager
LDAP LDAPManager
OwnCloudSQL OwnCloudSQLManager
type Service struct {
Name string `yaml:"-"`
}
type JSONManager struct {
Users string // TODO is there a better name?
type Debug struct {
Addr string `yaml:"addr" env:"AUTH_BASIC_DEBUG_ADDR"`
Token string `yaml:"token" env:"AUTH_BASIC_DEBUG_TOKEN"`
Pprof bool `yaml:"pprof" env:"AUTH_BASIC_DEBUG_PPROF"`
Zpages bool `yaml:"zpages" env:"AUTH_BASIC_DEBUG_ZPAGES"`
}
type LDAPManager struct {
type GRPCConfig struct {
Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The address of the grpc service."`
Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."`
}
type AuthProviders struct {
JSON JSONProvider `yaml:"json"`
LDAP LDAPProvider `yaml:"ldap"`
OwnCloudSQL OwnCloudSQLProvider `yaml:"owncloud_sql"`
}
type JSONProvider struct {
File string `yaml:"file" env:"AUTH_BASIC_JSON_PROVIDER_FILE" desc:"The file to which the json provider writes the data."`
}
type LDAPProvider struct {
URI string
CACert string
Insecure bool
@@ -88,7 +94,7 @@ type LDAPGroupSchema struct {
Member string
}
type OwnCloudSQLManager struct {
type OwnCloudSQLProvider struct {
DBUsername string
DBPassword string
DBHost string
extensions/auth-basic/pkg/config/defaults/defaultconfig.go
+59 -38
View File
@@ -17,41 +17,62 @@ func FullDefaultConfig() *config.Config {
func DefaultConfig() *config.Config {
return &config.Config{
Service: config.ServiceConfig{
Network: "tcp",
Address: "127.0.0.1:9146",
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
AuthManager: "ldap",
AuthManagers: config.AuthManagers{
LDAP: config.LDAPManager{
URI: "ldaps:localhost:9126",
CACert: filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
Insecure: false,
UserBaseDN: "dc=ocis,dc=test",
GroupBaseDN: "dc=ocis,dc=test",
LoginAttributes: []string{"cn", "mail"},
UserFilter: "",
GroupFilter: "",
UserObjectClass: "posixAccount",
GroupObjectClass: "posixGroup",
BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test",
BindPassword: "reva",
IDP: "https://localhost:9200",
UserSchema: config.LDAPUserSchema{
ID: "ownclouduuid",
Mail: "mail",
DisplayName: "displayname",
Username: "cn",
},
GroupSchema: config.LDAPGroupSchema{
ID: "cn",
Mail: "mail",
DisplayName: "cn",
Groupname: "cn",
Member: "cn",
},
Debug: config.Debug{
Addr: "127.0.0.1:9147",
Token: "",
Pprof: false,
Zpages: false,
},
GRPC: config.GRPCConfig{
Addr: "127.0.0.1:9146",
Protocol: "tcp",
},
Service: config.Service{
Name: "auth-basic",
},
GatewayEndpoint: "127.0.0.1:9142",
JWTSecret: "Pive-Fumkiu4",
AuthProvider: "ldap",
AuthProviders: config.AuthProviders{
LDAP: config.LDAPProvider{
URI: "ldaps://localhost:9126",
CACert: filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"),
Insecure: false,
UserBaseDN: "dc=ocis,dc=test",
GroupBaseDN: "dc=ocis,dc=test",
LoginAttributes: []string{"cn", "mail"},
UserFilter: "",
GroupFilter: "",
UserObjectClass: "posixAccount",
GroupObjectClass: "posixGroup",
BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test",
BindPassword: "reva",
IDP: "https://localhost:9200",
UserSchema: config.LDAPUserSchema{
ID: "ownclouduuid",
Mail: "mail",
DisplayName: "displayname",
Username: "cn",
},
GroupSchema: config.LDAPGroupSchema{
ID: "cn",
Mail: "mail",
DisplayName: "cn",
Groupname: "cn",
Member: "cn",
},
},
JSON: config.JSONProvider{},
OwnCloudSQL: config.OwnCloudSQLProvider{
DBUsername: "owncloud",
DBPassword: "secret",
DBHost: "mysql",
DBPort: 3306,
DBName: "owncloud",
IDP: "https://localhost:9200",
Nobody: 90,
JoinUsername: false,
JoinOwnCloudUUID: false,
},
},
}
@@ -60,24 +81,24 @@ func DefaultConfig() *config.Config {
func EnsureDefaults(cfg *config.Config) {
// provide with defaults for shared logging, since we need a valid destination address for BindEnv.
if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
cfg.Logging = &config.LoggingConfig{
cfg.Logging = &config.Logging{
Level: cfg.Commons.Log.Level,
Pretty: cfg.Commons.Log.Pretty,
Color: cfg.Commons.Log.Color,
File: cfg.Commons.Log.File,
}
} else if cfg.Logging == nil {
cfg.Logging = &config.LoggingConfig{}
cfg.Logging = &config.Logging{}
}
// provide with defaults for shared tracing, since we need a valid destination address for BindEnv.
if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
cfg.Tracing = &config.TracingConfig{
cfg.Tracing = &config.Tracing{
Enabled: cfg.Commons.Tracing.Enabled,
Type: cfg.Commons.Tracing.Type,
Endpoint: cfg.Commons.Tracing.Endpoint,
Collector: cfg.Commons.Tracing.Collector,
}
} else if cfg.Tracing == nil {
cfg.Tracing = &config.TracingConfig{}
cfg.Tracing = &config.Tracing{}
}
}