mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-25 15:09:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

migrate idp to the new config scheme

Browse Source
This commit is contained in:
A.Unger
2021-11-05 11:15:55 +01:00
parent da36ca8cde
commit ba1635165b
14 changed files with 449 additions and 539 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
accounts/pkg/command/root.go
View File

@@ -66,7 +66,7 @@ func NewLogger(cfg *config.Config) log.Logger {
)
}
// ParseConfig loads proxy configuration from known paths.
// ParseConfig loads accounts configuration from known paths.
func ParseConfig(c *cli.Context, cfg *config.Config) error {
conf, err := ociscfg.BindSourcesToStructs("accounts", cfg)
if err != nil {

2
glauth/pkg/command/root.go
View File

@@ -64,7 +64,7 @@ func NewLogger(cfg *config.Config) log.Logger {
)
}
// ParseConfig loads proxy configuration from known paths.
// ParseConfig loads glauth configuration from known paths.
func ParseConfig(c *cli.Context, cfg *config.Config) error {
conf, err := ociscfg.BindSourcesToStructs("glauth", cfg)
if err != nil {

2
graph/pkg/command/root.go
View File

@@ -63,7 +63,7 @@ func NewLogger(cfg *config.Config) log.Logger {
)
}
// ParseConfig loads proxy configuration from known paths.
// ParseConfig loads graph configuration from known paths.
func ParseConfig(c *cli.Context, cfg *config.Config) error {
conf, err := ociscfg.BindSourcesToStructs("graph", cfg)
if err != nil {

31
graph/pkg/flagset/flagset.go
View File

@@ -6,37 +6,6 @@ import (
"github.com/urfave/cli/v2"
)
// RootWithConfig applies cfg to the root flagset
func RootWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "config-file",
Value: flags.OverrideDefaultString(cfg.File, ""),
Usage: "Path to config file",
EnvVars: []string{"GRAPH_CONFIG_FILE"},
Destination: &cfg.File,
},
&cli.StringFlag{
Name: "log-level",
Usage: "Set logging level",
EnvVars: []string{"GRAPH_LOG_LEVEL", "OCIS_LOG_LEVEL"},
Destination: &cfg.Log.Level,
},
&cli.BoolFlag{
Name: "log-pretty",
Usage: "Enable pretty logging",
EnvVars: []string{"GRAPH_LOG_PRETTY", "OCIS_LOG_PRETTY"},
Destination: &cfg.Log.Pretty,
},
&cli.BoolFlag{
Name: "log-color",
Usage: "Enable colored logging",
EnvVars: []string{"GRAPH_LOG_COLOR", "OCIS_LOG_COLOR"},
Destination: &cfg.Log.Color,
},
}
}
// HealthWithConfig applies cfg to the root flagset
func HealthWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{

2
idp/cmd/idp/main.go
View File

@@ -8,7 +8,7 @@ import (
)
func main() {
if err := command.Execute(config.New()); err != nil {
if err := command.Execute(config.DefaultConfig()); err != nil {
os.Exit(1)
}
}

51
idp/pkg/command/root.go
View File

@@ -3,14 +3,11 @@ package command
import (
"context"
"os"
"strings"
"github.com/owncloud/ocis/idp/pkg/config"
ociscfg "github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/log"
"github.com/owncloud/ocis/ocis-pkg/sync"
"github.com/owncloud/ocis/ocis-pkg/version"
"github.com/spf13/viper"
"github.com/thejerf/suture/v4"
"github.com/urfave/cli/v2"
)
@@ -22,16 +19,12 @@ func Execute(cfg *config.Config) error {
Version: version.String,
Usage: "Serve IDP API for oCIS",
Compiled: version.Compiled(),
Authors: []*cli.Author{
{
Name: "ownCloud GmbH",
Email: "support@owncloud.com",
},
},
//Flags: flagset.RootWithConfig(cfg),
Before: func(c *cli.Context) error {
cfg.Service.Version = version.String
return nil
@@ -68,46 +61,18 @@ func NewLogger(cfg *config.Config) log.Logger {
)
}
// ParseConfig load configuration for every extension
// ParseConfig loads idp configuration from known paths.
func ParseConfig(c *cli.Context, cfg *config.Config) error {
sync.ParsingViperConfig.Lock()
defer sync.ParsingViperConfig.Unlock()
logger := NewLogger(cfg)
viper.SetEnvKeyReplacer(strings.NewReplacer(".", "_"))
viper.SetEnvPrefix("IDP")
viper.AutomaticEnv()
if c.IsSet("config-file") {
viper.SetConfigFile(c.String("config-file"))
} else {
viper.SetConfigName("idp")
viper.AddConfigPath("/etc/ocis")
viper.AddConfigPath("$HOME/.ocis")
viper.AddConfigPath("./config")
conf, err := ociscfg.BindSourcesToStructs("idp", cfg)
if err != nil {
return err
}
if err := viper.ReadInConfig(); err != nil {
switch err.(type) {
case viper.ConfigFileNotFoundError:
logger.Debug().
Msg("no config found on preconfigured location")
case viper.UnsupportedConfigError:
logger.Fatal().
Err(err).
Msg("unsupported config type")
default:
logger.Fatal().
Err(err).
Msg("failed to read config")
}
}
// load all env variables relevant to the config in the current context.
conf.LoadOSEnv(config.GetEnv(), false)
if err := viper.Unmarshal(&cfg); err != nil {
logger.Fatal().
Err(err).
Msg("failed to parse config")
if err = cfg.UnmapEnv(conf); err != nil {
return err
}
return nil

8
idp/pkg/command/server.go
View File

@@ -6,7 +6,6 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/idp/pkg/config"
"github.com/owncloud/ocis/idp/pkg/flagset"
"github.com/owncloud/ocis/idp/pkg/metrics"
"github.com/owncloud/ocis/idp/pkg/server/debug"
"github.com/owncloud/ocis/idp/pkg/server/http"
@@ -20,9 +19,7 @@ func Server(cfg *config.Config) *cli.Command {
return &cli.Command{
Name: "server",
Usage: "Start integrated server",
Flags: flagset.ServerWithConfig(cfg),
Before: func(ctx *cli.Context) error {
logger := NewLogger(cfg)
if cfg.HTTP.Root != "/" {
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
}
@@ -41,10 +38,9 @@ func Server(cfg *config.Config) *cli.Command {
cfg.IDP.SigningPrivateKeyFiles = ctx.StringSlice("signing-private-key")
}
if !cfg.Supervised {
return ParseConfig(ctx, cfg)
if err := ParseConfig(ctx, cfg); err != nil {
return err
}
logger.Debug().Str("service", "idp").Msg("ignoring config file parsing when running supervised")
return nil
},
Action: func(c *cli.Context) error {

244
idp/pkg/config/config.go
View File

@@ -2,82 +2,121 @@ package config
import (
"context"
"fmt"
"path"
"reflect"
"github.com/libregraph/lico/bootstrap"
"github.com/owncloud/ocis/ocis-pkg/config/defaults"
gofig "github.com/gookit/config/v2"
)
// Log defines the available logging configuration.
type Log struct {
Level string
Pretty bool
Color bool
File string
Level string `mapstructure:"level"`
Pretty bool `mapstructure:"pretty"`
Color bool `mapstructure:"color"`
File string `mapstructure:"file"`
}
// Debug defines the available debug configuration.
type Debug struct {
Addr string
Token string
Pprof bool
Zpages bool
Addr string `mapstructure:"addr"`
Token string `mapstructure:"token"`
Pprof bool `mapstructure:"pprof"`
Zpages bool `mapstructure:"zpages"`
}
// HTTP defines the available http configuration.
type HTTP struct {
Addr string
Root string
TLSCert string
TLSKey string
TLS bool
Addr string `mapstructure:"addr"`
Root string `mapstructure:"root"`
TLSCert string `mapstructure:"tls_cert"`
TLSKey string `mapstructure:"tls_key"`
TLS bool `mapstructure:"tls"`
}
// Ldap defines the available LDAP configuration.
type Ldap struct {
URI string
BindDN string
BindPassword string
BaseDN string
Scope string
LoginAttribute string
EmailAttribute string
NameAttribute string
UUIDAttribute string
UUIDAttributeType string
Filter string
URI string `mapstructure:"uri"`
BindDN string `mapstructure:"bind_dn"`
BindPassword string `mapstructure:"bind_password"`
BaseDN string `mapstructure:"base_dn"`
Scope string `mapstructure:"scope"`
LoginAttribute string `mapstructure:"login_attribute"`
EmailAttribute string `mapstructure:"email_attribute"`
NameAttribute string `mapstructure:"name_attribute"`
UUIDAttribute string `mapstructure:"uuid_attribute"`
UUIDAttributeType string `mapstructure:"uuid_attribute_type"`
Filter string `mapstructure:"filter"`
}
// Service defines the available service configuration.
type Service struct {
Name string
Namespace string
Version string
Name string `mapstructure:"name"`
Namespace string `mapstructure:"namespace"`
Version string `mapstructure:"version"`
}
// Tracing defines the available tracing configuration.
type Tracing struct {
Enabled bool
Type string
Endpoint string
Collector string
Service string
Enabled bool `mapstructure:"enabled"`
Type string `mapstructure:"type"`
Endpoint string `mapstructure:"endpoint"`
Collector string `mapstructure:"collector"`
Service string `mapstructure:"service"`
}
// Asset defines the available asset configuration.
type Asset struct {
Path string
Path string `mapstructure:"asset"`
}
type Settings struct {
Iss string `mapstructure:"iss"`
IdentityManager string `mapstructure:"identity_manager"`
URIBasePath string `mapstructure:"uri_base_path"`
SignInURI string `mapstructure:"sign_in_uri"`
SignedOutURI string `mapstructure:"signed_out_uri"`
AuthorizationEndpointURI string `mapstructure:"authorization_endpoint_uri"`
EndsessionEndpointURI string `mapstructure:"end_session_endpoint_uri"`
Insecure bool `mapstructure:"insecure"`
TrustedProxy []string `mapstructure:"trusted_proxy"`
AllowScope []string `mapstructure:"allow_scope"`
AllowClientGuests bool `mapstructure:"allow_client_guests"`
AllowDynamicClientRegistration bool `mapstructure:"allow_dynamic_client_registration"`
EncryptionSecretFile string `mapstructure:"encrypt_secret_file"`
Listen string `mapstructure:"listen"`
IdentifierClientDisabled bool `mapstructure:"identifier_client_disabled"`
IdentifierClientPath string `mapstructure:"identifier_client_path"`
IdentifierRegistrationConf string `mapstructure:"identifier_registration_conf"`
IdentifierScopesConf string `mapstructure:"identifier_scopes_conf"`
IdentifierDefaultBannerLogo string `mapstructure:"identifier_default_banner_logo"`
IdentifierDefaultSignInPageText string `mapstructure:"identifier_default_sign_in_page_text"`
IdentifierDefaultUsernameHintText string `mapstructure:"identifier_default_username_hint_text"`
SigningKid string `mapstructure:"sign_in_kid"`
SigningMethod string `mapstructure:"sign_in_method"`
SigningPrivateKeyFiles []string `mapstructure:"sign_in_private_key_files"`
ValidationKeysPath string `mapstructure:"validation_keys_path"`
CookieBackendURI string `mapstructure:"cookie_backend_uri"`
CookieNames []string `mapstructure:"cookie_names"`
AccessTokenDurationSeconds uint64 `mapstructure:"access_token_duration_seconds"`
IDTokenDurationSeconds uint64 `mapstructure:"id_token_duration_seconds"`
RefreshTokenDurationSeconds uint64 `mapstructure:"refresh_token_duration_seconds"`
DyamicClientSecretDurationSeconds uint64 `mapstructure:"dynamic_client_secret_duration_seconds"`
}
// Config combines all available configuration parts.
type Config struct {
File string
Log Log
Debug Debug
HTTP HTTP
Tracing Tracing
Asset Asset
IDP bootstrap.Settings
Ldap Ldap
Service Service
File string `mapstructure:"file"`
Log Log `mapstructure:"log"`
Debug Debug `mapstructure:"debug"`
HTTP HTTP `mapstructure:"http"`
Tracing Tracing `mapstructure:"tracing"`
Asset Asset `mapstructure:"asset"`
IDP Settings `mapstructure:"idp"`
Ldap Ldap `mapstructure:"ldap"`
Service Service `mapstructure:"service"`
Context context.Context
Supervised bool
@@ -87,3 +126,122 @@ type Config struct {
func New() *Config {
return &Config{}
}
func DefaultConfig() *Config {
return &Config{
Log: Log{},
Debug: Debug{
Addr: "127.0.0.1:9134",
},
HTTP: HTTP{
Addr: "127.0.0.1:9130",
Root: "/",
TLSCert: path.Join(defaults.BaseDataPath(), "idp", "server.crt"),
TLSKey: path.Join(defaults.BaseDataPath(), "idp", "server.key"),
TLS: false,
},
Tracing: Tracing{
Type: "jaeger",
Endpoint: "",
Collector: "",
Service: "idp",
},
Asset: Asset{},
IDP: Settings{
Iss: "https://localhost:9200",
IdentityManager: "ldap",
URIBasePath: "",
SignInURI: "",
SignedOutURI: "",
AuthorizationEndpointURI: "",
EndsessionEndpointURI: "",
Insecure: false,
TrustedProxy: nil,
AllowScope: nil,
AllowClientGuests: false,
AllowDynamicClientRegistration: false,
EncryptionSecretFile: "",
Listen: "",
IdentifierClientDisabled: true,
IdentifierClientPath: path.Join(defaults.BaseDataPath(), "idp"),
IdentifierRegistrationConf: path.Join(defaults.BaseDataPath(), "idp", "identifier-registration.yaml"),
IdentifierScopesConf: "",
IdentifierDefaultBannerLogo: "",
IdentifierDefaultSignInPageText: "",
IdentifierDefaultUsernameHintText: "",
SigningKid: "",
SigningMethod: "PS256",
SigningPrivateKeyFiles: nil,
ValidationKeysPath: "",
CookieBackendURI: "",
CookieNames: nil,
AccessTokenDurationSeconds: 60 * 10, // 10 minutes
IDTokenDurationSeconds: 60 * 60, // 1 hour
RefreshTokenDurationSeconds: 60 * 60 * 24 * 365 * 3, // 1 year
DyamicClientSecretDurationSeconds: 0,
},
Ldap: Ldap{
URI: "ldap://localhost:9125",
BindDN: "cn=idp,ou=sysusers,dc=ocis,dc=test",
BindPassword: "idp",
BaseDN: "ou=users,dc=ocis,dc=test",
Scope: "sub",
LoginAttribute: "cn",
EmailAttribute: "mail",
NameAttribute: "sn",
UUIDAttribute: "uid",
UUIDAttributeType: "text",
Filter: "(objectClass=posixaccount)",
},
Service: Service{
Name: "idp",
Namespace: "com.owncloud.web",
},
}
}
// GetEnv fetches a list of known env variables for this extension. It is to be used by gookit, as it provides a list
// with all the environment variables an extension supports.
func GetEnv() []string {
var r = make([]string, len(structMappings(DefaultConfig())))
for i := range structMappings(DefaultConfig()) {
r = append(r, structMappings(DefaultConfig())[i].EnvVars...)
}
return r
}
// UnmapEnv loads values from the gooconf.Config argument and sets them in the expected destination.
func (c *Config) UnmapEnv(gooconf *gofig.Config) error {
vals := structMappings(c)
for i := range vals {
for j := range vals[i].EnvVars {
// we need to guard against v != "" because this is the condition that checks that the value is set from the environment.
// the `ok` guard is not enough, apparently.
if v, ok := gooconf.GetValue(vals[i].EnvVars[j]); ok && v != "" {
// get the destination type from destination
switch reflect.ValueOf(vals[i].Destination).Type().String() {
case "*bool":
r := gooconf.Bool(vals[i].EnvVars[j])
*vals[i].Destination.(*bool) = r
case "*string":
r := gooconf.String(vals[i].EnvVars[j])
*vals[i].Destination.(*string) = r
case "*int":
r := gooconf.Int(vals[i].EnvVars[j])
*vals[i].Destination.(*int) = r
case "*float64":
// defaults to float64
r := gooconf.Float(vals[i].EnvVars[j])
*vals[i].Destination.(*float64) = r
default:
// it is unlikely we will ever get here. Let this serve more as a runtime check for when debugging.
return fmt.Errorf("invalid type for env var: `%v`", vals[i].EnvVars[j])
}
}
}
}
return nil
}

228
idp/pkg/config/env.go Normal file
View File

@@ -0,0 +1,228 @@
package config
type mapping struct {
EnvVars []string // name of the EnvVars var.
Destination interface{} // memory address of the original config value to modify.
}
// structMappings binds a set of environment variables to a destination on cfg.
func structMappings(cfg *Config) []mapping {
return []mapping{
{
EnvVars: []string{"IDP_LOG_LEVEL", "OCIS_LOG_LEVEL"},
Destination: &cfg.Log.Level,
},
{
EnvVars: []string{"IDP_LOG_PRETTY", "OCIS_LOG_PRETTY"},
Destination: &cfg.Log.Pretty,
},
{
EnvVars: []string{"IDP_LOG_COLOR", "OCIS_LOG_COLOR"},
Destination: &cfg.Log.Color,
},
{
EnvVars: []string{"IDP_LOG_FILE", "OCIS_LOG_FILE"},
Destination: &cfg.Log.File,
},
{
EnvVars: []string{"IDP_CONFIG_FILE"},
Destination: &cfg.File,
},
{
EnvVars: []string{"IDP_TRACING_ENABLED", "OCIS_TRACING_ENABLED"},
Destination: &cfg.Tracing.Enabled,
},
{
EnvVars: []string{"IDP_TRACING_TYPE", "OCIS_TRACING_TYPE"},
Destination: &cfg.Tracing.Type,
},
{
EnvVars: []string{"IDP_TRACING_ENDPOINT", "OCIS_TRACING_ENDPOINT"},
Destination: &cfg.Tracing.Endpoint,
},
{
EnvVars: []string{"IDP_TRACING_COLLECTOR", "OCIS_TRACING_COLLECTOR"},
Destination: &cfg.Tracing.Collector,
},
{
EnvVars: []string{"IDP_TRACING_SERVICE"},
Destination: &cfg.Tracing.Service,
},
{
EnvVars: []string{"IDP_DEBUG_ADDR"},
Destination: &cfg.Debug.Addr,
},
{
EnvVars: []string{"IDP_DEBUG_TOKEN"},
Destination: &cfg.Debug.Token,
},
{
EnvVars: []string{"IDP_DEBUG_PPROF"},
Destination: &cfg.Debug.Pprof,
},
{
EnvVars: []string{"IDP_DEBUG_ZPAGES"},
Destination: &cfg.Debug.Zpages,
},
{
EnvVars: []string{"IDP_HTTP_ADDR"},
Destination: &cfg.HTTP.Addr,
},
{
EnvVars: []string{"IDP_HTTP_ROOT"},
Destination: &cfg.HTTP.Root,
},
{
EnvVars: []string{"IDP_HTTP_NAMESPACE"},
Destination: &cfg.Service.Namespace,
},
{
EnvVars: []string{"IDP_NAME"},
Destination: &cfg.Service.Name,
},
{
EnvVars: []string{"IDP_IDENTITY_MANAGER"},
Destination: &cfg.IDP.IdentityManager,
},
{
EnvVars: []string{"IDP_LDAP_URI"},
Destination: &cfg.Ldap.URI,
},
{
EnvVars: []string{"IDP_LDAP_BIND_DN"},
Destination: &cfg.Ldap.BindDN,
},
{
EnvVars: []string{"IDP_LDAP_BIND_PASSWORD"},
Destination: &cfg.Ldap.BindPassword,
},
{
EnvVars: []string{"IDP_LDAP_BASE_DN"},
Destination: &cfg.Ldap.BaseDN,
},
{
EnvVars: []string{"IDP_LDAP_SCOPE"},
Destination: &cfg.Ldap.Scope,
},
{
EnvVars: []string{"IDP_LDAP_LOGIN_ATTRIBUTE"},
Destination: &cfg.Ldap.LoginAttribute,
},
{
EnvVars: []string{"IDP_LDAP_EMAIL_ATTRIBUTE"},
Destination: &cfg.Ldap.EmailAttribute,
},
{
EnvVars: []string{"IDP_LDAP_NAME_ATTRIBUTE"},
Destination: &cfg.Ldap.NameAttribute,
},
{
EnvVars: []string{"IDP_LDAP_UUID_ATTRIBUTE"},
Destination: &cfg.Ldap.UUIDAttribute,
},
{
EnvVars: []string{"IDP_LDAP_UUID_ATTRIBUTE_TYPE"},
Destination: &cfg.Ldap.UUIDAttributeType,
},
{
EnvVars: []string{"IDP_LDAP_FILTER"},
Destination: &cfg.Ldap.Filter,
},
{
EnvVars: []string{"IDP_TRANSPORT_TLS_CERT"},
Destination: &cfg.HTTP.TLSCert,
},
{
EnvVars: []string{"IDP_TRANSPORT_TLS_KEY"},
Destination: &cfg.HTTP.TLSKey,
},
{
EnvVars: []string{"IDP_ISS", "OCIS_URL"}, // IDP_ISS takes precedence over OCIS_URL
Destination: &cfg.IDP.Iss,
},
{
EnvVars: []string{"IDP_SIGNING_KID"},
Destination: &cfg.IDP.SigningKid,
},
{
EnvVars: []string{"IDP_VALIDATION_KEYS_PATH"},
Destination: &cfg.IDP.ValidationKeysPath,
},
{
EnvVars: []string{"IDP_ENCRYPTION_SECRET"},
Destination: &cfg.IDP.EncryptionSecretFile,
},
{
EnvVars: []string{"IDP_SIGNING_METHOD"},
Destination: &cfg.IDP.SigningMethod,
},
{
EnvVars: []string{"IDP_URI_BASE_PATH"},
Destination: &cfg.IDP.URIBasePath,
},
{
EnvVars: []string{"IDP_SIGN_IN_URI"},
Destination: &cfg.IDP.SignInURI,
},
{
EnvVars: []string{"IDP_SIGN_OUT_URI"},
Destination: &cfg.IDP.SignedOutURI,
},
{
EnvVars: []string{"IDP_ENDPOINT_URI"},
Destination: &cfg.IDP.AuthorizationEndpointURI,
},
{
EnvVars: []string{"IDP_ENDSESSION_ENDPOINT_URI"},
Destination: &cfg.IDP.EndsessionEndpointURI,
},
{
EnvVars: []string{"IDP_ASSET_PATH"},
Destination: &cfg.Asset.Path,
},
{
EnvVars: []string{"IDP_IDENTIFIER_CLIENT_PATH"},
Destination: &cfg.IDP.IdentifierClientPath,
},
{
EnvVars: []string{"IDP_IDENTIFIER_REGISTRATION_CONF"},
Destination: &cfg.IDP.IdentifierRegistrationConf,
},
{
EnvVars: []string{"IDP_IDENTIFIER_SCOPES_CONF"},
Destination: &cfg.IDP.IdentifierScopesConf,
},
{
EnvVars: []string{"IDP_INSECURE"},
Destination: &cfg.IDP.Insecure,
},
{
EnvVars: []string{"IDP_TLS"},
Destination: &cfg.HTTP.TLS,
},
{
EnvVars: []string{"IDP_ALLOW_CLIENT_GUESTS"},
Destination: &cfg.IDP.AllowClientGuests,
},
{
EnvVars: []string{"IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION"},
Destination: &cfg.IDP.AllowDynamicClientRegistration,
},
{
EnvVars: []string{"IDP_DISABLE_IDENTIFIER_WEBAPP"},
Destination: &cfg.IDP.IdentifierClientDisabled,
},
{
EnvVars: []string{"IDP_ACCESS_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.AccessTokenDurationSeconds,
},
{
EnvVars: []string{"IDP_ID_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.IDTokenDurationSeconds,
},
{
EnvVars: []string{"IDP_REFRESH_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.RefreshTokenDurationSeconds,
},
}
}

406
idp/pkg/flagset/flagset.go
View File

@@ -1,38 +1,11 @@
package flagset
import (
"path"
"github.com/owncloud/ocis/idp/pkg/config"
"github.com/owncloud/ocis/ocis-pkg/config/defaults"
"github.com/owncloud/ocis/ocis-pkg/flags"
"github.com/urfave/cli/v2"
)
// RootWithConfig applies cfg to the root flagset
func RootWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "log-level",
Usage: "Set logging level",
EnvVars: []string{"IDP_LOG_LEVEL", "OCIS_LOG_LEVEL"},
Destination: &cfg.Log.Level,
},
&cli.BoolFlag{
Name: "log-pretty",
Usage: "Enable pretty logging",
EnvVars: []string{"IDP_LOG_PRETTY", "OCIS_LOG_PRETTY"},
Destination: &cfg.Log.Pretty,
},
&cli.BoolFlag{
Name: "log-color",
Usage: "Enable colored logging",
EnvVars: []string{"IDP_LOG_COLOR", "OCIS_LOG_COLOR"},
Destination: &cfg.Log.Color,
},
}
}
// HealthWithConfig applies cfg to the root flagset
func HealthWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
@@ -46,385 +19,6 @@ func HealthWithConfig(cfg *config.Config) []cli.Flag {
}
}
// ServerWithConfig applies cfg to the root flagset
func ServerWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{
&cli.StringFlag{
Name: "log-file",
Usage: "Enable log to file",
EnvVars: []string{"IDP_LOG_FILE", "OCIS_LOG_FILE"},
Destination: &cfg.Log.File,
},
&cli.StringFlag{
Name: "config-file",
Value: flags.OverrideDefaultString(cfg.File, ""),
Usage: "Path to config file",
EnvVars: []string{"IDP_CONFIG_FILE"},
Destination: &cfg.File,
},
&cli.BoolFlag{
Name: "tracing-enabled",
Usage: "Enable sending traces",
EnvVars: []string{"IDP_TRACING_ENABLED", "OCIS_TRACING_ENABLED"},
Destination: &cfg.Tracing.Enabled,
},
&cli.StringFlag{
Name: "tracing-type",
Value: flags.OverrideDefaultString(cfg.Tracing.Type, "jaeger"),
Usage: "Tracing backend type",
EnvVars: []string{"IDP_TRACING_TYPE", "OCIS_TRACING_TYPE"},
Destination: &cfg.Tracing.Type,
},
&cli.StringFlag{
Name: "tracing-endpoint",
Value: flags.OverrideDefaultString(cfg.Tracing.Endpoint, ""),
Usage: "Endpoint for the agent",
EnvVars: []string{"IDP_TRACING_ENDPOINT", "OCIS_TRACING_ENDPOINT"},
Destination: &cfg.Tracing.Endpoint,
},
&cli.StringFlag{
Name: "tracing-collector",
Value: flags.OverrideDefaultString(cfg.Tracing.Collector, ""),
Usage: "Endpoint for the collector",
EnvVars: []string{"IDP_TRACING_COLLECTOR", "OCIS_TRACING_COLLECTOR"},
Destination: &cfg.Tracing.Collector,
},
&cli.StringFlag{
Name: "tracing-service",
Value: flags.OverrideDefaultString(cfg.Tracing.Service, "idp"),
Usage: "Service name for tracing",
EnvVars: []string{"IDP_TRACING_SERVICE"},
Destination: &cfg.Tracing.Service,
},
&cli.StringFlag{
Name: "debug-addr",
Value: flags.OverrideDefaultString(cfg.Debug.Addr, "127.0.0.1:9134"),
Usage: "Address to bind debug server",
EnvVars: []string{"IDP_DEBUG_ADDR"},
Destination: &cfg.Debug.Addr,
},
&cli.StringFlag{
Name: "debug-token",
Value: flags.OverrideDefaultString(cfg.Debug.Token, ""),
Usage: "Token to grant metrics access",
EnvVars: []string{"IDP_DEBUG_TOKEN"},
Destination: &cfg.Debug.Token,
},
&cli.BoolFlag{
Name: "debug-pprof",
Usage: "Enable pprof debugging",
EnvVars: []string{"IDP_DEBUG_PPROF"},
Destination: &cfg.Debug.Pprof,
},
&cli.BoolFlag{
Name: "debug-zpages",
Usage: "Enable zpages debugging",
EnvVars: []string{"IDP_DEBUG_ZPAGES"},
Destination: &cfg.Debug.Zpages,
},
&cli.StringFlag{
Name: "http-addr",
Value: flags.OverrideDefaultString(cfg.HTTP.Addr, "127.0.0.1:9130"),
Usage: "Address to bind http server",
EnvVars: []string{"IDP_HTTP_ADDR"},
Destination: &cfg.HTTP.Addr,
},
&cli.StringFlag{
Name: "http-root",
Value: flags.OverrideDefaultString(cfg.HTTP.Root, "/"),
Usage: "Root path of http server",
EnvVars: []string{"IDP_HTTP_ROOT"},
Destination: &cfg.HTTP.Root,
},
&cli.StringFlag{
Name: "http-namespace",
Value: flags.OverrideDefaultString(cfg.Service.Namespace, "com.owncloud.web"),
Usage: "Set the base namespace for service discovery",
EnvVars: []string{"IDP_HTTP_NAMESPACE"},
Destination: &cfg.Service.Namespace,
},
&cli.StringFlag{
Name: "name",
Value: flags.OverrideDefaultString(cfg.Service.Name, "idp"),
Usage: "Service name",
EnvVars: []string{"IDP_NAME"},
Destination: &cfg.Service.Name,
},
&cli.StringFlag{
Name: "identity-manager",
Value: flags.OverrideDefaultString(cfg.IDP.IdentityManager, "ldap"),
Usage: "Identity manager (one of ldap,kc,cookie,dummy)",
EnvVars: []string{"IDP_IDENTITY_MANAGER"},
Destination: &cfg.IDP.IdentityManager,
},
&cli.StringFlag{
Name: "ldap-uri",
Value: flags.OverrideDefaultString(cfg.Ldap.URI, "ldap://localhost:9125"),
Usage: "URI of the LDAP server (glauth)",
EnvVars: []string{"IDP_LDAP_URI"},
Destination: &cfg.Ldap.URI,
},
&cli.StringFlag{
Name: "ldap-bind-dn",
Value: flags.OverrideDefaultString(cfg.Ldap.BindDN, "cn=idp,ou=sysusers,dc=ocis,dc=test"),
Usage: "Bind DN for the LDAP server (glauth)",
EnvVars: []string{"IDP_LDAP_BIND_DN"},
Destination: &cfg.Ldap.BindDN,
},
&cli.StringFlag{
Name: "ldap-bind-password",
Value: flags.OverrideDefaultString(cfg.Ldap.BindPassword, "idp"),
Usage: "Password for the Bind DN of the LDAP server (glauth)",
EnvVars: []string{"IDP_LDAP_BIND_PASSWORD"},
Destination: &cfg.Ldap.BindPassword,
},
&cli.StringFlag{
Name: "ldap-base-dn",
Value: flags.OverrideDefaultString(cfg.Ldap.BaseDN, "ou=users,dc=ocis,dc=test"),
Usage: "LDAP base DN of the oCIS users",
EnvVars: []string{"IDP_LDAP_BASE_DN"},
Destination: &cfg.Ldap.BaseDN,
},
&cli.StringFlag{
Name: "ldap-scope",
Value: flags.OverrideDefaultString(cfg.Ldap.Scope, "sub"),
Usage: "LDAP scope of the oCIS users",
EnvVars: []string{"IDP_LDAP_SCOPE"},
Destination: &cfg.Ldap.Scope,
},
&cli.StringFlag{
Name: "ldap-login-attribute",
Value: flags.OverrideDefaultString(cfg.Ldap.LoginAttribute, "cn"),
Usage: "LDAP login attribute of the oCIS users",
EnvVars: []string{"IDP_LDAP_LOGIN_ATTRIBUTE"},
Destination: &cfg.Ldap.LoginAttribute,
},
&cli.StringFlag{
Name: "ldap-email-attribute",
Value: flags.OverrideDefaultString(cfg.Ldap.EmailAttribute, "mail"),
Usage: "LDAP email attribute of the oCIS users",
EnvVars: []string{"IDP_LDAP_EMAIL_ATTRIBUTE"},
Destination: &cfg.Ldap.EmailAttribute,
},
&cli.StringFlag{
Name: "ldap-name-attribute",
Value: flags.OverrideDefaultString(cfg.Ldap.NameAttribute, "sn"),
Usage: "LDAP name attribute of the oCIS users",
EnvVars: []string{"IDP_LDAP_NAME_ATTRIBUTE"},
Destination: &cfg.Ldap.NameAttribute,
},
&cli.StringFlag{
Name: "ldap-uuid-attribute",
Value: flags.OverrideDefaultString(cfg.Ldap.UUIDAttribute, "uid"),
Usage: "LDAP UUID attribute of the oCIS users",
EnvVars: []string{"IDP_LDAP_UUID_ATTRIBUTE"},
Destination: &cfg.Ldap.UUIDAttribute,
},
&cli.StringFlag{
Name: "ldap-uuid-attribute-type",
Value: flags.OverrideDefaultString(cfg.Ldap.UUIDAttributeType, "text"),
Usage: "LDAP UUID attribute type of the oCIS users",
EnvVars: []string{"IDP_LDAP_UUID_ATTRIBUTE_TYPE"},
Destination: &cfg.Ldap.UUIDAttributeType,
},
&cli.StringFlag{
Name: "ldap-filter",
Value: flags.OverrideDefaultString(cfg.Ldap.Filter, "(objectClass=posixaccount)"),
Usage: "LDAP filter of the oCIS users",
EnvVars: []string{"IDP_LDAP_FILTER"},
Destination: &cfg.Ldap.Filter,
},
&cli.StringFlag{
Name: "transport-tls-cert",
Value: flags.OverrideDefaultString(cfg.HTTP.TLSCert, path.Join(defaults.BaseDataPath(), "idp", "server.crt")),
Usage: "Certificate file for transport encryption",
EnvVars: []string{"IDP_TRANSPORT_TLS_CERT"},
Destination: &cfg.HTTP.TLSCert,
},
&cli.StringFlag{
Name: "transport-tls-key",
Value: flags.OverrideDefaultString(cfg.HTTP.TLSKey, path.Join(defaults.BaseDataPath(), "idp", "server.key")),
Usage: "Secret file for transport encryption",
EnvVars: []string{"IDP_TRANSPORT_TLS_KEY"},
Destination: &cfg.HTTP.TLSKey,
},
&cli.StringFlag{
Name: "iss",
Value: flags.OverrideDefaultString(cfg.IDP.Iss, "https://localhost:9200"),
Usage: "OIDC issuer URL",
EnvVars: []string{"IDP_ISS", "OCIS_URL"}, // IDP_ISS takes precedence over OCIS_URL
Destination: &cfg.IDP.Iss,
},
&cli.StringSliceFlag{
Name: "signing-private-key",
Usage: "Full path to PEM encoded private key file (must match the --signing-method algorithm)",
EnvVars: []string{"IDP_SIGNING_PRIVATE_KEY"},
Value: nil,
},
&cli.StringFlag{
Name: "signing-kid",
Usage: "Value of kid field to use in created tokens (uniquely identifying the signing-private-key)",
EnvVars: []string{"IDP_SIGNING_KID"},
Value: flags.OverrideDefaultString(cfg.IDP.SigningKid, ""),
Destination: &cfg.IDP.SigningKid,
},
&cli.StringFlag{
Name: "validation-keys-path",
Usage: "Full path to a folder containing PEM encoded private or public key files used for token validation (file name without extension is used as kid)",
EnvVars: []string{"IDP_VALIDATION_KEYS_PATH"},
Value: flags.OverrideDefaultString(cfg.IDP.ValidationKeysPath, ""),
Destination: &cfg.IDP.ValidationKeysPath,
},
&cli.StringFlag{
Name: "encryption-secret",
Usage: "Full path to a file containing a %d bytes secret key",
EnvVars: []string{"IDP_ENCRYPTION_SECRET"},
Value: flags.OverrideDefaultString(cfg.IDP.EncryptionSecretFile, ""),
Destination: &cfg.IDP.EncryptionSecretFile,
},
&cli.StringFlag{
Name: "signing-method",
Usage: "JWT default signing method",
EnvVars: []string{"IDP_SIGNING_METHOD"},
Value: flags.OverrideDefaultString(cfg.IDP.SigningMethod, "PS256"),
Destination: &cfg.IDP.SigningMethod,
},
&cli.StringFlag{
Name: "uri-base-path",
Usage: "Custom base path for URI endpoints",
EnvVars: []string{"IDP_URI_BASE_PATH"},
Value: flags.OverrideDefaultString(cfg.IDP.URIBasePath, ""),
Destination: &cfg.IDP.URIBasePath,
},
&cli.StringFlag{
Name: "sign-in-uri",
Usage: "Custom redirection URI to sign-in form",
EnvVars: []string{"IDP_SIGN_IN_URI"},
Value: flags.OverrideDefaultString(cfg.IDP.SignInURI, ""),
Destination: &cfg.IDP.SignInURI,
},
&cli.StringFlag{
Name: "signed-out-uri",
Usage: "Custom redirection URI to signed-out goodbye page",
EnvVars: []string{"IDP_SIGN_OUT_URI"},
Value: flags.OverrideDefaultString(cfg.IDP.SignedOutURI, ""),
Destination: &cfg.IDP.SignedOutURI,
},
&cli.StringFlag{
Name: "authorization-endpoint-uri",
Usage: "Custom authorization endpoint URI",
EnvVars: []string{"IDP_ENDPOINT_URI"},
Value: flags.OverrideDefaultString(cfg.IDP.AuthorizationEndpointURI, ""),
Destination: &cfg.IDP.AuthorizationEndpointURI,
},
&cli.StringFlag{
Name: "endsession-endpoint-uri",
Usage: "Custom endsession endpoint URI",
EnvVars: []string{"IDP_ENDSESSION_ENDPOINT_URI"},
Value: flags.OverrideDefaultString(cfg.IDP.EndsessionEndpointURI, ""),
Destination: &cfg.IDP.EndsessionEndpointURI,
},
&cli.StringFlag{
Name: "asset-path",
Value: flags.OverrideDefaultString(cfg.Asset.Path, ""),
Usage: "Path to custom assets",
EnvVars: []string{"IDP_ASSET_PATH"},
Destination: &cfg.Asset.Path,
},
&cli.StringFlag{
Name: "identifier-client-path",
Usage: "Path to the identifier web client base folder",
EnvVars: []string{"IDP_IDENTIFIER_CLIENT_PATH"},
Value: flags.OverrideDefaultString(cfg.IDP.IdentifierClientPath, path.Join(defaults.BaseDataPath(), "idp")),
Destination: &cfg.IDP.IdentifierClientPath,
},
&cli.StringFlag{
Name: "identifier-registration-conf",
Usage: "Path to a identifier-registration.yaml configuration file",
EnvVars: []string{"IDP_IDENTIFIER_REGISTRATION_CONF"},
Value: flags.OverrideDefaultString(cfg.IDP.IdentifierRegistrationConf, path.Join(defaults.BaseDataPath(), "idp", "identifier-registration.yaml")),
Destination: &cfg.IDP.IdentifierRegistrationConf,
},
&cli.StringFlag{
Name: "identifier-scopes-conf",
Usage: "Path to a scopes.yaml configuration file",
EnvVars: []string{"IDP_IDENTIFIER_SCOPES_CONF"},
Value: flags.OverrideDefaultString(cfg.IDP.IdentifierScopesConf, ""),
Destination: &cfg.IDP.IdentifierScopesConf,
},
&cli.BoolFlag{
Name: "insecure",
Usage: "Disable TLS certificate and hostname validation",
EnvVars: []string{"IDP_INSECURE"},
Destination: &cfg.IDP.Insecure,
},
&cli.BoolFlag{
Name: "tls",
Usage: "Use TLS (disable only if idp is behind a TLS-terminating reverse-proxy).",
EnvVars: []string{"IDP_TLS"},
Value: flags.OverrideDefaultBool(cfg.HTTP.TLS, false),
Destination: &cfg.HTTP.TLS,
},
&cli.StringSliceFlag{
Name: "trusted-proxy",
Usage: "Trusted proxy IP or IP network (can be used multiple times)",
EnvVars: []string{"IDP_TRUSTED_PROXY"},
Value: nil,
},
&cli.StringSliceFlag{
Name: "allow-scope",
Usage: "Allow OAuth 2 scope (can be used multiple times, if not set default scopes are allowed)",
EnvVars: []string{"IDP_ALLOW_SCOPE"},
Value: nil,
},
&cli.BoolFlag{
Name: "allow-client-guests",
Usage: "Allow sign in of client controlled guest users",
EnvVars: []string{"IDP_ALLOW_CLIENT_GUESTS"},
Destination: &cfg.IDP.AllowClientGuests,
},
&cli.BoolFlag{
Name: "allow-dynamic-client-registration",
Usage: "Allow dynamic OAuth2 client registration",
EnvVars: []string{"IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION"},
Value: flags.OverrideDefaultBool(cfg.IDP.AllowDynamicClientRegistration, false),
Destination: &cfg.IDP.AllowDynamicClientRegistration,
},
&cli.BoolFlag{
Name: "disable-identifier-webapp",
Usage: "Disable built-in identifier-webapp to use a frontend hosted elsewhere.",
EnvVars: []string{"IDP_DISABLE_IDENTIFIER_WEBAPP"},
Value: flags.OverrideDefaultBool(cfg.IDP.IdentifierClientDisabled, true),
Destination: &cfg.IDP.IdentifierClientDisabled,
},
&cli.Uint64Flag{
Name: "access-token-expiration",
Usage: "Expiration time of access tokens in seconds since generated",
EnvVars: []string{"IDP_ACCESS_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.AccessTokenDurationSeconds,
Value: flags.OverrideDefaultUint64(cfg.IDP.AccessTokenDurationSeconds, 60*10), // 10 minutes
},
&cli.Uint64Flag{
Name: "id-token-expiration",
Usage: "Expiration time of id tokens in seconds since generated",
EnvVars: []string{"IDP_ID_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.IDTokenDurationSeconds,
Value: flags.OverrideDefaultUint64(cfg.IDP.IDTokenDurationSeconds, 60*60), // 1 hour
},
&cli.Uint64Flag{
Name: "refresh-token-expiration",
Usage: "Expiration time of refresh tokens in seconds since generated",
EnvVars: []string{"IDP_REFRESH_TOKEN_EXPIRATION"},
Destination: &cfg.IDP.RefreshTokenDurationSeconds,
Value: flags.OverrideDefaultUint64(cfg.IDP.RefreshTokenDurationSeconds, 60*60*24*365*3), // 1 year
},
&cli.StringFlag{
Name: "extensions",
Usage: "Run specific extensions during supervised mode. This flag is set by the runtime",
},
}
}
// ListIDPWithConfig applies the config to the list commands flags
func ListIDPWithConfig(cfg *config.Config) []cli.Flag {
return []cli.Flag{&cli.StringFlag{

5
idp/pkg/service/v0/service.go
View File

@@ -55,7 +55,10 @@ func NewService(opts ...Option) Service {
dummyBackendSupport.MustRegister()
kcBackendSupport.MustRegister()
bs, err := bootstrap.Boot(ctx, &options.Config.IDP, &licoconfig.Config{
// https://play.golang.org/p/Mh8AVJCd593
idpSettings := bootstrap.Settings(options.Config.IDP)
bs, err := bootstrap.Boot(ctx, &idpSettings, &licoconfig.Config{
Logger: logw.Wrap(logger),
})

4
ocis-pkg/config/config.go
View File

@@ -117,11 +117,11 @@ func New() *Config {
Accounts: accounts.DefaultConfig(),
GLAuth: glauth.DefaultConfig(),
Graph: graph.DefaultConfig(),
IDP: idp.DefaultConfig(),
Proxy: proxy.DefaultConfig(),
GraphExplorer: graphExplorer.New(),
IDP: idp.New(),
OCS: ocs.New(),
Web: web.New(),
Proxy: proxy.DefaultConfig(),
Settings: settings.New(),
Storage: storage.New(),
Store: store.New(),

1
ocis/pkg/command/accounts.go
View File

@@ -18,7 +18,6 @@ func AccountsCommand(cfg *config.Config) *cli.Command {
Name: "accounts",
Usage: "Start accounts server",
Category: "Extensions",
//Flags: flagset.ServerWithConfig(cfg.Accounts),
Subcommands: []*cli.Command{
command.ListAccounts(cfg.Accounts),
command.AddAccount(cfg.Accounts),

2
ocis/pkg/command/idp.go
View File

@@ -3,7 +3,6 @@ package command
import (
"github.com/owncloud/ocis/idp/pkg/command"
svcconfig "github.com/owncloud/ocis/idp/pkg/config"
"github.com/owncloud/ocis/idp/pkg/flagset"
"github.com/owncloud/ocis/ocis-pkg/config"
"github.com/owncloud/ocis/ocis-pkg/version"
"github.com/owncloud/ocis/ocis/pkg/register"
@@ -16,7 +15,6 @@ func IDPCommand(cfg *config.Config) *cli.Command {
Name: "idp",
Usage: "Start idp server",
Category: "Extensions",
Flags: flagset.ServerWithConfig(cfg.IDP),
Subcommands: []*cli.Command{
command.PrintVersion(cfg.IDP),
},