From e35d4fd0ac99d43a029eae09365bc0291b4ac1eb Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Wed, 10 Nov 2021 16:12:29 +0100 Subject: [PATCH] remove GRPC insecure config options, since it always needs to be set to insecure --- .drone.star | 1 - .vscode/launch.json | 1 - changelog/unreleased/insecure-options.md | 1 - graph/pkg/service/v0/graph.go | 2 +- ocs/pkg/service/v0/service.go | 2 +- ocs/pkg/service/v0/users.go | 2 +- proxy/pkg/command/server.go | 2 +- proxy/pkg/config/config.go | 1 - proxy/pkg/cs3/client.go | 29 +++++++++--------------- proxy/pkg/flagset/flagset.go | 7 ------ thumbnails/pkg/server/grpc/server.go | 2 +- 11 files changed, 16 insertions(+), 34 deletions(-) diff --git a/.drone.star b/.drone.star index 34ab845f4..40721e154 100644 --- a/.drone.star +++ b/.drone.star @@ -1477,7 +1477,6 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = []): "PROXY_OIDC_INSECURE": "true", "THUMBNAILS_WEBDAVSOURCE_INSECURE": "true", "THUMBNAILS_CS3SOURCE_INSECURE": "true", - "REVA_GATEWAY_INSECURE": "true", "STORAGE_OIDC_INSECURE": "true", "STORAGE_HOME_DATAPROVIDER_INSECURE": "true", "STORAGE_METADATA_DATAPROVIDER_INSECURE": "true", diff --git a/.vscode/launch.json b/.vscode/launch.json index d00d1d4f4..06ddad706 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -21,7 +21,6 @@ "PROXY_OIDC_INSECURE": "true", "THUMBNAILS_WEBDAVSOURCE_INSECURE": "true", "THUMBNAILS_CS3SOURCE_INSECURE": "true", - "REVA_GATEWAY_INSECURE": "true", "STORAGE_OIDC_INSECURE": "true", "STORAGE_HOME_DATAPROVIDER_INSECURE": "true", "STORAGE_METADATA_DATAPROVIDER_INSECURE": "true", diff --git a/changelog/unreleased/insecure-options.md b/changelog/unreleased/insecure-options.md index ec7e032e5..5dde184e6 100644 --- a/changelog/unreleased/insecure-options.md +++ b/changelog/unreleased/insecure-options.md @@ -4,7 +4,6 @@ We had several hard-coded 'insecure' flags. These options are now configurable a ``` PROXY_OIDC_INSECURE=true -REVA_GATEWAY_INSECURE=true STORAGE_FRONTEND_APPPROVIDER_INSECURE=true STORAGE_FRONTEND_ARCHIVER_INSECURE=true STORAGE_FRONTEND_OCDAV_INSECURE=true diff --git a/graph/pkg/service/v0/graph.go b/graph/pkg/service/v0/graph.go index fb0c1c505..51f5cc604 100644 --- a/graph/pkg/service/v0/graph.go +++ b/graph/pkg/service/v0/graph.go @@ -24,7 +24,7 @@ func (g Graph) ServeHTTP(w http.ResponseWriter, r *http.Request) { // GetClient returns a gateway client to talk to reva func (g Graph) GetClient() (gateway.GatewayAPIClient, error) { - return pool.GetGatewayServiceClient(g.config.Reva.Address) //TODO: insecure defaults to true, https://github.com/cs3org/reva/issues/2216 + return pool.GetGatewayServiceClient(g.config.Reva.Address) } // The key type is unexported to prevent collisions with context keys defined in diff --git a/ocs/pkg/service/v0/service.go b/ocs/pkg/service/v0/service.go index 1262ccdf1..146561f15 100644 --- a/ocs/pkg/service/v0/service.go +++ b/ocs/pkg/service/v0/service.go @@ -161,7 +161,7 @@ func (o Ocs) getAccountService() accounts.AccountsService { } func (o Ocs) getCS3Backend() backend.UserBackend { - revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address) //TODO: insecure defaults to true, https://github.com/cs3org/reva/issues/2216 + revaClient, err := pool.GetGatewayServiceClient(o.config.Reva.Address) if err != nil { o.logger.Fatal().Msgf("could not get reva client at address %s", o.config.Reva.Address) } diff --git a/ocs/pkg/service/v0/users.go b/ocs/pkg/service/v0/users.go index 5b039016c..c9108a156 100644 --- a/ocs/pkg/service/v0/users.go +++ b/ocs/pkg/service/v0/users.go @@ -384,7 +384,7 @@ func (o Ocs) DeleteUser(w http.ResponseWriter, r *http.Request) { ctx := metadata.AppendToOutgoingContext(r.Context(), revactx.TokenHeader, t) - gwc, err := pool.GetGatewayServiceClient(o.config.Reva.Address) //TODO: insecure defaults to true, https://github.com/cs3org/reva/issues/2216 + gwc, err := pool.GetGatewayServiceClient(o.config.Reva.Address) if err != nil { o.logger.Error().Err(err).Msg("error securing a connection to Reva gateway") } diff --git a/proxy/pkg/command/server.go b/proxy/pkg/command/server.go index 162ee2843..8b4341103 100644 --- a/proxy/pkg/command/server.go +++ b/proxy/pkg/command/server.go @@ -149,7 +149,7 @@ func Server(cfg *config.Config) *cli.Command { func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) alice.Chain { rolesClient := settings.NewRoleService("com.owncloud.api.settings", grpc.DefaultClient) - revaClient, err := cs3.GetGatewayServiceClient(cfg.Reva.Address, cfg.Reva.Insecure) //TODO: insecure defaults to true, https://github.com/cs3org/reva/issues/2216 + revaClient, err := cs3.GetGatewayServiceClient(cfg.Reva.Address) var userProvider backend.UserBackend switch cfg.AccountBackend { case "accounts": diff --git a/proxy/pkg/config/config.go b/proxy/pkg/config/config.go index 7f839ef54..9dd370118 100644 --- a/proxy/pkg/config/config.go +++ b/proxy/pkg/config/config.go @@ -81,7 +81,6 @@ var ( // Reva defines all available REVA configuration. type Reva struct { Address string - Insecure bool Middleware Middleware } diff --git a/proxy/pkg/cs3/client.go b/proxy/pkg/cs3/client.go index 91a5c566a..68f52d2d7 100644 --- a/proxy/pkg/cs3/client.go +++ b/proxy/pkg/cs3/client.go @@ -7,24 +7,17 @@ import ( "google.golang.org/grpc" ) -func newConn(endpoint string, insecure bool) (*grpc.ClientConn, error) { - opts := []grpc.DialOption{} - - opts = append(opts, grpc.WithUnaryInterceptor( - otelgrpc.UnaryClientInterceptor( - otelgrpc.WithTracerProvider( - proxytracing.TraceProvider, - ), - ), - )) - - if insecure { - opts = append(opts, grpc.WithInsecure()) - } - +func newConn(endpoint string) (*grpc.ClientConn, error) { conn, err := grpc.Dial( endpoint, - opts..., + grpc.WithInsecure(), + grpc.WithUnaryInterceptor( + otelgrpc.UnaryClientInterceptor( + otelgrpc.WithTracerProvider( + proxytracing.TraceProvider, + ), + ), + ), ) if err != nil { return nil, err @@ -34,8 +27,8 @@ func newConn(endpoint string, insecure bool) (*grpc.ClientConn, error) { } // GetGatewayServiceClient returns a new cs3 gateway client -func GetGatewayServiceClient(endpoint string, insecure bool) (gateway.GatewayAPIClient, error) { - conn, err := newConn(endpoint, insecure) +func GetGatewayServiceClient(endpoint string) (gateway.GatewayAPIClient, error) { + conn, err := newConn(endpoint) if err != nil { return nil, err } diff --git a/proxy/pkg/flagset/flagset.go b/proxy/pkg/flagset/flagset.go index c16699f24..0d4b82992 100644 --- a/proxy/pkg/flagset/flagset.go +++ b/proxy/pkg/flagset/flagset.go @@ -189,13 +189,6 @@ func ServerWithConfig(cfg *config.Config) []cli.Flag { EnvVars: []string{"REVA_GATEWAY"}, Destination: &cfg.Reva.Address, }, - &cli.BoolFlag{ - Name: "reva-gateway-insecure", - Value: flags.OverrideDefaultBool(cfg.Reva.Insecure, false), - Usage: "allow insecure communication to REVA gateway endpoint", - EnvVars: []string{"REVA_GATEWAY_INSECURE"}, - Destination: &cfg.Reva.Insecure, - }, &cli.BoolFlag{ Name: "insecure", Value: flags.OverrideDefaultBool(cfg.InsecureBackends, false), diff --git a/thumbnails/pkg/server/grpc/server.go b/thumbnails/pkg/server/grpc/server.go index ccc99cbae..0c905c06e 100644 --- a/thumbnails/pkg/server/grpc/server.go +++ b/thumbnails/pkg/server/grpc/server.go @@ -25,7 +25,7 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(options.Config.Server.Version), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway) //TODO: insecure defaults to true, https://github.com/cs3org/reva/issues/2216 + gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{}