From b31b70890fc016b4bff2d927095525d8a5a5869c Mon Sep 17 00:00:00 2001 From: David Christofas Date: Tue, 19 Apr 2022 16:10:29 +0200 Subject: [PATCH] make auth-basic config similar to other services --- extensions/auth-basic/pkg/command/command.go | 53 +++++----- extensions/auth-basic/pkg/config/config.go | 78 ++++++++------- .../pkg/config/defaults/defaultconfig.go | 97 +++++++++++-------- 3 files changed, 127 insertions(+), 101 deletions(-) diff --git a/extensions/auth-basic/pkg/command/command.go b/extensions/auth-basic/pkg/command/command.go index 7e7a8e6aa8..71b962be42 100644 --- a/extensions/auth-basic/pkg/command/command.go +++ b/extensions/auth-basic/pkg/command/command.go @@ -43,8 +43,8 @@ func AuthBasic(cfg *config.Config) *cli.Command { defer cancel() // pre-create folders - if cfg.Service.AuthManager == "json" && cfg.Service.AuthManagers.JSON.Users != "" { - if err := os.MkdirAll(filepath.Dir(cfg.Service.AuthManagers.JSON.Users), os.FileMode(0700)); err != nil { + if cfg.AuthProvider == "json" && cfg.AuthProviders.JSON.File != "" { + if err := os.MkdirAll(filepath.Dir(cfg.AuthProviders.JSON.File), os.FileMode(0700)); err != nil { return err } } @@ -59,8 +59,8 @@ func AuthBasic(cfg *config.Config) *cli.Command { Interface("reva-config", rcfg). Msg("config") - if cfg.Service.AuthManager == "ldap" { - ldapCfg := cfg.Service.AuthManagers.LDAP + if cfg.AuthProvider == "ldap" { + ldapCfg := cfg.AuthProviders.LDAP if err := ldap.WaitForCA(logger, ldapCfg.Insecure, ldapCfg.CACert); err != nil { logger.Error().Err(err).Msg("The configured LDAP CA cert does not exist") return err @@ -80,12 +80,12 @@ func AuthBasic(cfg *config.Config) *cli.Command { debugServer, err := debug.Server( debug.Name(c.Command.Name+"-debug"), - debug.Addr(cfg.DebugService.Address), + debug.Addr(cfg.Debug.Addr), debug.Logger(logger), debug.Context(ctx), - debug.Pprof(cfg.DebugService.Pprof), - debug.Zpages(cfg.DebugService.Zpages), - debug.Token(cfg.DebugService.Token), + debug.Pprof(cfg.Debug.Pprof), + debug.Zpages(cfg.Debug.Zpages), + debug.Token(cfg.Debug.Token), ) if err != nil { @@ -110,39 +110,38 @@ func AuthBasic(cfg *config.Config) *cli.Command { func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interface{} { rcfg := map[string]interface{}{ "core": map[string]interface{}{ - // "max_cpus": cfg.Reva.AuthBasic.MaxCPUs, <-- Default is use all CPUs so remove this. "tracing_enabled": cfg.Tracing.Enabled, "tracing_endpoint": cfg.Tracing.Endpoint, "tracing_collector": cfg.Tracing.Collector, "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.Service.JWTSecret, - "gatewaysvc": cfg.Service.GatewayEndpoint, - "skip_user_groups_in_token": cfg.Service.SkipUserGroupsInToken, + "jwt_secret": cfg.JWTSecret, + "gatewaysvc": cfg.GatewayEndpoint, + "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ - "network": cfg.Service.Network, - "address": cfg.Service.Address, + "network": cfg.GRPC.Protocol, + "address": cfg.GRPC.Addr, // TODO build services dynamically "services": map[string]interface{}{ "authprovider": map[string]interface{}{ - "auth_manager": cfg.Service.AuthManager, + "auth_manager": cfg.AuthProvider, "auth_managers": map[string]interface{}{ "json": map[string]interface{}{ - "users": cfg.Service.AuthManagers.JSON.Users, // TODO rename config option + "users": cfg.AuthProviders.JSON.File, }, - "ldap": ldapConfigFromString(cfg.Service.AuthManagers.LDAP), + "ldap": ldapConfigFromString(cfg.AuthProviders.LDAP), "owncloudsql": map[string]interface{}{ - "dbusername": cfg.Service.AuthManagers.OwnCloudSQL.DBUsername, - "dbpassword": cfg.Service.AuthManagers.OwnCloudSQL.DBPassword, - "dbhost": cfg.Service.AuthManagers.OwnCloudSQL.DBHost, - "dbport": cfg.Service.AuthManagers.OwnCloudSQL.DBPort, - "dbname": cfg.Service.AuthManagers.OwnCloudSQL.DBName, - "idp": cfg.Service.AuthManagers.OwnCloudSQL.IDP, - "nobody": cfg.Service.AuthManagers.OwnCloudSQL.Nobody, - "join_username": cfg.Service.AuthManagers.OwnCloudSQL.JoinUsername, - "join_ownclouduuid": cfg.Service.AuthManagers.OwnCloudSQL.JoinOwnCloudUUID, + "dbusername": cfg.AuthProviders.OwnCloudSQL.DBUsername, + "dbpassword": cfg.AuthProviders.OwnCloudSQL.DBPassword, + "dbhost": cfg.AuthProviders.OwnCloudSQL.DBHost, + "dbport": cfg.AuthProviders.OwnCloudSQL.DBPort, + "dbname": cfg.AuthProviders.OwnCloudSQL.DBName, + "idp": cfg.AuthProviders.OwnCloudSQL.IDP, + "nobody": cfg.AuthProviders.OwnCloudSQL.Nobody, + "join_username": cfg.AuthProviders.OwnCloudSQL.JoinUsername, + "join_ownclouduuid": cfg.AuthProviders.OwnCloudSQL.JoinOwnCloudUUID, }, }, }, @@ -187,7 +186,7 @@ func (s AuthBasicSutureService) Serve(ctx context.Context) error { return nil } -func ldapConfigFromString(cfg config.LDAPManager) map[string]interface{} { +func ldapConfigFromString(cfg config.LDAPProvider) map[string]interface{} { return map[string]interface{}{ "uri": cfg.URI, "cacert": cfg.CACert, diff --git a/extensions/auth-basic/pkg/config/config.go b/extensions/auth-basic/pkg/config/config.go index 7615b305a4..b20e541289 100644 --- a/extensions/auth-basic/pkg/config/config.go +++ b/extensions/auth-basic/pkg/config/config.go @@ -4,55 +4,61 @@ import "github.com/owncloud/ocis/ocis-pkg/shared" type Config struct { *shared.Commons `yaml:"-"` - Tracing *TracingConfig `yaml:"tracing"` - Logging *LoggingConfig `yaml:"log"` - Service ServiceConfig - DebugService DebugServiceConfig `yaml:"debug"` + Service Service `yaml:"-"` + Tracing *Tracing `yaml:"tracing"` + Logging *Logging `yaml:"log"` + Debug Debug `yaml:"debug"` Supervised bool -} -type TracingConfig struct { - Enabled bool - Endpoint string - Collector string - ServiceName string - Type string -} -type LoggingConfig struct { - Level string - Pretty bool - Color bool - File string -} + GRPC GRPCConfig `yaml:"grpc"` -type ServiceConfig struct { JWTSecret string GatewayEndpoint string SkipUserGroupsInToken bool - Network string // TODO: name transport or protocol? - Address string - AuthManager string - AuthManagers AuthManagers + AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"` + AuthProviders AuthProviders `yaml:"auth_providers"` +} +type Tracing struct { + Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;AUTH_BASIC_TRACING_ENABLED" desc:"Activates tracing."` + Type string `yaml:"type" env:"OCIS_TRACING_TYPE;AUTH_BASIC_TRACING_TYPE"` + Endpoint string `yaml:"endpoint" env:"OCIS_TRACING_ENDPOINT;AUTH_BASIC_TRACING_ENDPOINT" desc:"The endpoint to the tracing collector."` + Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR;AUTH_BASIC_TRACING_COLLECTOR"` } -type DebugServiceConfig struct { - Address string - Pprof bool - Zpages bool - Token string +type Logging struct { + Level string `yaml:"level" env:"OCIS_LOG_LEVEL;AUTH_BASIC_LOG_LEVEL" desc:"The log level."` + Pretty bool `yaml:"pretty" env:"OCIS_LOG_PRETTY;AUTH_BASIC_LOG_PRETTY" desc:"Activates pretty log output."` + Color bool `yaml:"color" env:"OCIS_LOG_COLOR;AUTH_BASIC_LOG_COLOR" desc:"Activates colorized log output."` + File string `yaml:"file" env:"OCIS_LOG_FILE;AUTH_BASIC_LOG_FILE" desc:"The target log file."` } -type AuthManagers struct { - JSON JSONManager - LDAP LDAPManager - OwnCloudSQL OwnCloudSQLManager +type Service struct { + Name string `yaml:"-"` } -type JSONManager struct { - Users string // TODO is there a better name? +type Debug struct { + Addr string `yaml:"addr" env:"AUTH_BASIC_DEBUG_ADDR"` + Token string `yaml:"token" env:"AUTH_BASIC_DEBUG_TOKEN"` + Pprof bool `yaml:"pprof" env:"AUTH_BASIC_DEBUG_PPROF"` + Zpages bool `yaml:"zpages" env:"AUTH_BASIC_DEBUG_ZPAGES"` } -type LDAPManager struct { +type GRPCConfig struct { + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The address of the grpc service."` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the grpc service."` +} + +type AuthProviders struct { + JSON JSONProvider `yaml:"json"` + LDAP LDAPProvider `yaml:"ldap"` + OwnCloudSQL OwnCloudSQLProvider `yaml:"owncloud_sql"` +} + +type JSONProvider struct { + File string `yaml:"file" env:"AUTH_BASIC_JSON_PROVIDER_FILE" desc:"The file to which the json provider writes the data."` +} + +type LDAPProvider struct { URI string CACert string Insecure bool @@ -88,7 +94,7 @@ type LDAPGroupSchema struct { Member string } -type OwnCloudSQLManager struct { +type OwnCloudSQLProvider struct { DBUsername string DBPassword string DBHost string diff --git a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go index a6298c3afc..7c44630c44 100644 --- a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go @@ -17,41 +17,62 @@ func FullDefaultConfig() *config.Config { func DefaultConfig() *config.Config { return &config.Config{ - Service: config.ServiceConfig{ - Network: "tcp", - Address: "127.0.0.1:9146", - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - AuthManager: "ldap", - AuthManagers: config.AuthManagers{ - LDAP: config.LDAPManager{ - URI: "ldaps:localhost:9126", - CACert: filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"), - Insecure: false, - UserBaseDN: "dc=ocis,dc=test", - GroupBaseDN: "dc=ocis,dc=test", - LoginAttributes: []string{"cn", "mail"}, - UserFilter: "", - GroupFilter: "", - UserObjectClass: "posixAccount", - GroupObjectClass: "posixGroup", - BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test", - BindPassword: "reva", - IDP: "https://localhost:9200", - UserSchema: config.LDAPUserSchema{ - ID: "ownclouduuid", - Mail: "mail", - DisplayName: "displayname", - Username: "cn", - }, - GroupSchema: config.LDAPGroupSchema{ - ID: "cn", - Mail: "mail", - DisplayName: "cn", - Groupname: "cn", - Member: "cn", - }, + Debug: config.Debug{ + Addr: "127.0.0.1:9147", + Token: "", + Pprof: false, + Zpages: false, + }, + GRPC: config.GRPCConfig{ + Addr: "127.0.0.1:9146", + Protocol: "tcp", + }, + Service: config.Service{ + Name: "auth-basic", + }, + GatewayEndpoint: "127.0.0.1:9142", + JWTSecret: "Pive-Fumkiu4", + AuthProvider: "ldap", + AuthProviders: config.AuthProviders{ + LDAP: config.LDAPProvider{ + URI: "ldaps://localhost:9126", + CACert: filepath.Join(defaults.BaseDataPath(), "ldap", "ldap.crt"), + Insecure: false, + UserBaseDN: "dc=ocis,dc=test", + GroupBaseDN: "dc=ocis,dc=test", + LoginAttributes: []string{"cn", "mail"}, + UserFilter: "", + GroupFilter: "", + UserObjectClass: "posixAccount", + GroupObjectClass: "posixGroup", + BindDN: "cn=reva,ou=sysusers,dc=ocis,dc=test", + BindPassword: "reva", + IDP: "https://localhost:9200", + UserSchema: config.LDAPUserSchema{ + ID: "ownclouduuid", + Mail: "mail", + DisplayName: "displayname", + Username: "cn", }, + GroupSchema: config.LDAPGroupSchema{ + ID: "cn", + Mail: "mail", + DisplayName: "cn", + Groupname: "cn", + Member: "cn", + }, + }, + JSON: config.JSONProvider{}, + OwnCloudSQL: config.OwnCloudSQLProvider{ + DBUsername: "owncloud", + DBPassword: "secret", + DBHost: "mysql", + DBPort: 3306, + DBName: "owncloud", + IDP: "https://localhost:9200", + Nobody: 90, + JoinUsername: false, + JoinOwnCloudUUID: false, }, }, } @@ -60,24 +81,24 @@ func DefaultConfig() *config.Config { func EnsureDefaults(cfg *config.Config) { // provide with defaults for shared logging, since we need a valid destination address for BindEnv. if cfg.Logging == nil && cfg.Commons != nil && cfg.Commons.Log != nil { - cfg.Logging = &config.LoggingConfig{ + cfg.Logging = &config.Logging{ Level: cfg.Commons.Log.Level, Pretty: cfg.Commons.Log.Pretty, Color: cfg.Commons.Log.Color, File: cfg.Commons.Log.File, } } else if cfg.Logging == nil { - cfg.Logging = &config.LoggingConfig{} + cfg.Logging = &config.Logging{} } // provide with defaults for shared tracing, since we need a valid destination address for BindEnv. if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil { - cfg.Tracing = &config.TracingConfig{ + cfg.Tracing = &config.Tracing{ Enabled: cfg.Commons.Tracing.Enabled, Type: cfg.Commons.Tracing.Type, Endpoint: cfg.Commons.Tracing.Endpoint, Collector: cfg.Commons.Tracing.Collector, } } else if cfg.Tracing == nil { - cfg.Tracing = &config.TracingConfig{} + cfg.Tracing = &config.Tracing{} } }