mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-13 23:49:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

[full-ci] Introduce TLS Settings for go-micro based grpc services and clients (#4901)

Browse Source 
* Introduce TLS Settings for go-micro based grpc services and clients

TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.

TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.

By default TLS is disabled.

Co-authored-by: Martin <github@diemattels.at>

* Unify TLS configuration for all grpc services

All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.

TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.

TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.

There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.

Co-authored-by: Martin <github@diemattels.at>

Co-authored-by: Martin <github@diemattels.at>
This commit is contained in:
Ralf Haferkamp
2022-11-03 10:17:08 +01:00
committed by GitHub
parent b7482e5410
commit ee974afebf
91 changed files with 746 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
changelog/unreleased/grpc-tls.md
View File

@@ -1,6 +1,7 @@
Enhancement: Allow to setup TLS for the reva grpc services
Enhancement: Allow to setup TLS for grpc services
We added config options to allow enabling TLS encrption for all reva backed
We added config options to allow enabling TLS encrption for all reva and go-micro backed
grpc services.
https://github.com/owncloud/ocis/pull/4798
https://github.com/owncloud/ocis/pull/4901

8
ocis-pkg/config/config.go
View File

@@ -56,9 +56,11 @@ type Runtime struct {
type Config struct {
*shared.Commons `yaml:"shared"`
Tracing *shared.Tracing `yaml:"tracing"`
Log *shared.Log `yaml:"log"`
CacheStore *shared.CacheStore `yaml:"cache_store"`
Tracing *shared.Tracing `yaml:"tracing"`
Log *shared.Log `yaml:"log"`
CacheStore *shared.CacheStore `yaml:"cache_store"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"`
Mode Mode // DEPRECATED
File string

15
ocis-pkg/config/parser/parse.go
View File

@@ -51,6 +51,13 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.CacheStore == nil {
cfg.CacheStore = &shared.CacheStore{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
}
if cfg.GRPCServiceTLS == nil {
cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{}
}
}
// EnsureCommons copies applicable parts of the oCIS config into the commons part
@@ -94,6 +101,14 @@ func EnsureCommons(cfg *config.Config) {
cfg.Commons.CacheStore = &shared.CacheStore{}
}
if cfg.GRPCClientTLS != nil {
cfg.Commons.GRPCClientTLS = cfg.GRPCClientTLS
}
if cfg.GRPCServiceTLS != nil {
cfg.Commons.GRPCServiceTLS = cfg.GRPCServiceTLS
}
// copy token manager to the commons part if set
if cfg.TokenManager != nil {
cfg.Commons.TokenManager = cfg.TokenManager

101
ocis-pkg/service/grpc/client.go Normal file
View File

@@ -0,0 +1,101 @@
package grpc
import (
"crypto/tls"
"crypto/x509"
"errors"
"io/ioutil"
"sync"
mgrpcc "github.com/go-micro/plugins/v4/client/grpc"
mbreaker "github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker"
"github.com/owncloud/ocis/v2/ocis-pkg/registry"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
"go-micro.dev/v4/client"
)
var (
defaultClient client.Client
once sync.Once
)
// ClientOptions represent options (e.g. tls settings) for the grpc clients
type ClientOptions struct {
tlsMode string
caCert string
}
// Option is used to pass client options
type ClientOption func(opts *ClientOptions)
// WithTLSMode allows to set the TLSMode option for grpc clients
func WithTLSMode(v string) ClientOption {
return func(o *ClientOptions) {
o.tlsMode = v
}
}
// WithTLSCACert allows to set the CA Certificate for grpc clients
func WithTLSCACert(v string) ClientOption {
return func(o *ClientOptions) {
o.caCert = v
}
}
// Configure configures the default oOCIS grpc client (e.g. TLS settings)
func Configure(opts ...ClientOption) error {
var options ClientOptions
for _, opt := range opts {
opt(&options)
}
var outerr error
once.Do(func() {
reg := registry.GetRegistry()
var tlsConfig *tls.Config
cOpts := []client.Option{
client.Registry(reg),
client.Wrap(mbreaker.NewClientWrapper()),
}
switch options.tlsMode {
case "insecure":
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
}
cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
case "on":
tlsConfig = &tls.Config{}
// Note: If caCert is empty we use the system's default set of trusted CAs
if options.caCert != "" {
certs := x509.NewCertPool()
pemData, err := ioutil.ReadFile(options.caCert)
if err != nil {
outerr = err
return
}
if !certs.AppendCertsFromPEM(pemData) {
outerr = errors.New("Error initializing LDAP Backend. Adding CA cert failed")
return
}
tlsConfig.RootCAs = certs
}
cOpts = append(cOpts, mgrpcc.AuthTLS(tlsConfig))
}
defaultClient = mgrpcc.NewClient(cOpts...)
})
return outerr
}
// DefaultClient returns a custom oCIS grpc configured client.
func DefaultClient() client.Client {
return defaultClient
}
func GetClientOptions(t *shared.GRPCClientTLS) []ClientOption {
opts := []ClientOption{
WithTLSMode(t.Mode),
WithTLSCACert(t.CACert),
}
return opts
}

32
ocis-pkg/service/grpc/option.go
View File

@@ -12,13 +12,16 @@ type Option func(o *Options)
// Options defines the available options for this package.
type Options struct {
Logger log.Logger
Namespace string
Name string
Version string
Address string
Context context.Context
Flags []cli.Flag
Logger log.Logger
Namespace string
Name string
Version string
Address string
TLSEnabled bool
TLSCert string
TLSKey string
Context context.Context
Flags []cli.Flag
}
// newOptions initializes the available default options.
@@ -69,6 +72,21 @@ func Address(a string) Option {
}
}
// TLSEnabled provides a function to enable/disable TLS
func TLSEnabled(v bool) Option {
return func(o *Options) {
o.TLSEnabled = v
}
}
// TLSCert provides a function to set the TLS server certificate and key
func TLSCert(c string, k string) Option {
return func(o *Options) {
o.TLSCert = c
o.TLSKey = k
}
}
// Context provides a function to set the context option.
func Context(ctx context.Context) Option {
return func(o *Options) {

69
ocis-pkg/service/grpc/service.go
View File

@@ -1,54 +1,65 @@
package grpc
import (
"crypto/tls"
"fmt"
"net"
"strings"
"sync"
"time"
mgrpcc "github.com/go-micro/plugins/v4/client/grpc"
mgrpcs "github.com/go-micro/plugins/v4/server/grpc"
mbreaker "github.com/go-micro/plugins/v4/wrapper/breaker/gobreaker"
"github.com/go-micro/plugins/v4/wrapper/monitoring/prometheus"
"github.com/go-micro/plugins/v4/wrapper/trace/opencensus"
"github.com/owncloud/ocis/v2/ocis-pkg/registry"
"go-micro.dev/v4"
"go-micro.dev/v4/client"
"go-micro.dev/v4/server"
mtls "go-micro.dev/v4/util/tls"
)
// DefaultClient is a custom oCIS grpc configured client.
var (
defaultClient client.Client
once sync.Once
)
func DefaultClient() client.Client {
return getDefaultGrpcClient()
}
func getDefaultGrpcClient() client.Client {
once.Do(func() {
reg := registry.GetRegistry()
defaultClient = mgrpcc.NewClient(
client.Registry(reg),
client.Wrap(mbreaker.NewClientWrapper()),
)
})
return defaultClient
}
// Service simply wraps the go-micro grpc service.
type Service struct {
micro.Service
}
// NewService initializes a new grpc service.
func NewService(opts ...Option) Service {
func NewService(opts ...Option) (Service, error) {
var mServer server.Server
sopts := newOptions(opts...)
tlsConfig := &tls.Config{}
if sopts.TLSEnabled {
var cert tls.Certificate
var err error
if sopts.TLSCert != "" {
cert, err = tls.LoadX509KeyPair(sopts.TLSCert, sopts.TLSKey)
if err != nil {
sopts.Logger.Error().Err(err).Str("cert", sopts.TLSCert).Str("key", sopts.TLSKey).Msg("error loading server certifcate and key")
return Service{}, fmt.Errorf("grpc service error loading server certificate and key: %w", err)
}
} else {
// Generate a self-signed server certificate on the fly. This requires the clients
// to connect with InsecureSkipVerify.
subj := []string{sopts.Address}
if host, _, err := net.SplitHostPort(sopts.Address); err == nil && host != "" {
subj = []string{host}
}
sopts.Logger.Warn().Str("address", sopts.Address).
Msg("GRPC: No server certificate configured. Generating a temporary self-signed certificate")
cert, err = mtls.Certificate(subj...)
if err != nil {
return Service{}, fmt.Errorf("grpc service error creating temporary self-signed certificate: %w", err)
}
}
tlsConfig.Certificates = []tls.Certificate{cert}
mServer = mgrpcs.NewServer(mgrpcs.AuthTLS(tlsConfig))
} else {
mServer = mgrpcs.NewServer()
}
mopts := []micro.Option{
// first add a server because it will reset any options
micro.Server(mgrpcs.NewServer()),
micro.Server(mServer),
// also add a client that can be used after initializing the service
micro.Client(DefaultClient()),
micro.Address(sopts.Address),
@@ -65,5 +76,5 @@ func NewService(opts ...Option) Service {
micro.WrapSubscriber(opencensus.NewSubscriberWrapper()),
}
return Service{micro.NewService(mopts...)}
return Service{micro.NewService(mopts...)}, nil
}

6
ocis-pkg/shared/reva.go
View File

@@ -13,7 +13,7 @@ func DefaultRevaConfig() *Reva {
}
func (r *Reva) GetRevaOptions() []pool.Option {
tm, _ := pool.StringToTLSMode(r.TLSMode)
tm, _ := pool.StringToTLSMode(r.TLS.Mode)
opts := []pool.Option{
pool.WithTLSMode(tm),
}
@@ -22,7 +22,7 @@ func (r *Reva) GetRevaOptions() []pool.Option {
func (r *Reva) GetGRPCClientConfig() map[string]interface{} {
return map[string]interface{}{
"tls_mode": r.TLSMode,
"tls_cacert": r.TLSCACert,
"tls_mode": r.TLS.Mode,
"tls_cacert": r.TLS.CACert,
}
}

40
ocis-pkg/shared/shared_types.go
View File

@@ -31,9 +31,19 @@ type TokenManager struct {
// Reva defines all available REVA client configuration.
type Reva struct {
Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."`
TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."`
TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."`
Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."`
TLS GRPCClientTLS `yaml:"tls"`
}
type GRPCClientTLS struct {
Mode string `yaml:"mode" env:"OCIS_GRPC_CLIENT_TLS_MODE" desc:"TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."`
CACert string `yaml:"cacert env:"OCIS_GRPC_CLIENT_TLS_CACERT" desc:"The root CA certificate used to validate TLS server certificates of the go-micro based grpc services."`
}
type GRPCServiceTLS struct {
Enabled bool `yaml:"enabled" env:"OCIS_GRPC_TLS_ENABLED" desc:"Activates TLS for the grpcs based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure."`
Cert string `yaml:"cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the grpc services."`
Key string `yaml:"key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services."`
}
type CacheStore struct {
@@ -45,15 +55,17 @@ type CacheStore struct {
// Commons holds configuration that are common to all extensions. Each extension can then decide whether
// to overwrite its values.
type Commons struct {
Log *Log `yaml:"log"`
Tracing *Tracing `yaml:"tracing"`
CacheStore *CacheStore `yaml:"cache_store"`
OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."`
TokenManager *TokenManager `mask:"struct" yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."`
TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"`
SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."`
SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"`
AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."`
Log *Log `yaml:"log"`
Tracing *Tracing `yaml:"tracing"`
CacheStore *CacheStore `yaml:"cache_store"`
GRPCClientTLS *GRPCClientTLS `yaml:"grpc_client_tls"`
GRPCServiceTLS *GRPCServiceTLS `yaml:"grpc_service_tls"`
OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."`
TokenManager *TokenManager `mask:"struct" yaml:"token_manager"`
Reva *Reva `yaml:"reva"`
MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."`
TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"`
SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."`
SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"`
AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."`
}

5
ocis/pkg/command/server.go
View File

@@ -5,6 +5,7 @@ import (
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
"github.com/owncloud/ocis/v2/ocis-pkg/config/parser"
"github.com/owncloud/ocis/v2/ocis-pkg/registry"
"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis/pkg/register"
"github.com/owncloud/ocis/v2/ocis/pkg/runtime"
"github.com/urfave/cli/v2"
@@ -22,6 +23,10 @@ func Server(cfg *config.Config) *cli.Command {
Action: func(c *cli.Context) error {
// Prefer the in-memory registry as the default when running in single-binary mode
registry.Configure("memory")
err := grpc.Configure(grpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
r := runtime.New(cfg)
return r.Start()
},

10
services/app-provider/pkg/config/config.go
View File

@@ -52,12 +52,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
}
type Drivers struct {

14
services/app-provider/pkg/config/defaults/defaultconfig.go
View File

@@ -65,9 +65,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -80,6 +79,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/app-provider/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"appprovider": map[string]interface{}{

10
services/app-registry/pkg/config/config.go
View File

@@ -50,12 +50,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type AppRegistry struct {

13
services/app-registry/pkg/config/defaults/defaultconfig.go
View File

@@ -130,9 +130,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -146,6 +145,14 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
// Sanitize the config

6
services/app-registry/pkg/revaconfig/config.go
View File

@@ -25,9 +25,9 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"appregistry": map[string]interface{}{

10
services/auth-basic/pkg/config/config.go
View File

@@ -51,12 +51,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type AuthProviders struct {

13
services/auth-basic/pkg/config/defaults/defaultconfig.go
View File

@@ -104,9 +104,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -120,6 +119,14 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/auth-basic/pkg/revaconfig/config.go
View File

@@ -21,9 +21,9 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

10
services/auth-bearer/pkg/config/config.go
View File

@@ -51,12 +51,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type OIDC struct {

14
services/auth-bearer/pkg/config/defaults/defaultconfig.go
View File

@@ -63,9 +63,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -78,6 +77,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/auth-bearer/pkg/revaconfig/config.go
View File

@@ -21,9 +21,9 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"authprovider": map[string]interface{}{

10
services/auth-machine/pkg/config/config.go
View File

@@ -51,10 +51,8 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}

14
services/auth-machine/pkg/config/defaults/defaultconfig.go
View File

@@ -58,9 +58,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -77,6 +76,15 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/auth-machine/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"authprovider": map[string]interface{}{

5
services/frontend/pkg/config/defaults/defaultconfig.go
View File

@@ -140,9 +140,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}

10
services/gateway/pkg/config/config.go
View File

@@ -73,12 +73,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type StorageRegistry struct {

14
services/gateway/pkg/config/defaults/defaultconfig.go
View File

@@ -87,9 +87,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -106,6 +105,15 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" {
cfg.TransferSecret = cfg.Commons.TransferSecret
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/gateway/pkg/revaconfig/config.go
View File

@@ -30,9 +30,9 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

5
services/graph/pkg/command/server.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/graph/pkg/config"
"github.com/owncloud/ocis/v2/services/graph/pkg/config/parser"
@@ -32,6 +33,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
gr := run.Group{}
ctx, cancel := func() (context.Context, context.CancelFunc) {

5
services/graph/pkg/config/config.go
View File

@@ -19,8 +19,9 @@ type Config struct {
HTTP HTTP `yaml:"http"`
Reva *shared.Reva `yaml:"reva"`
TokenManager *TokenManager `yaml:"token_manager"`
Reva *shared.Reva `yaml:"reva"`
TokenManager *TokenManager `yaml:"token_manager"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
Spaces Spaces `yaml:"spaces"`
Identity Identity `yaml:"identity"`

8
services/graph/pkg/config/defaults/defaultconfig.go
View File

@@ -113,6 +113,14 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
}
func Sanitize(cfg *config.Config) {

3
services/graph/pkg/service/v0/graph_test.go
View File

@@ -17,6 +17,7 @@ import (
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
libregraph "github.com/owncloud/libre-graph-api-go"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
"github.com/owncloud/ocis/v2/services/graph/mocks"
"github.com/owncloud/ocis/v2/services/graph/pkg/config"
@@ -41,7 +42,9 @@ var _ = Describe("Graph", func() {
cfg.Identity.LDAP.CACert = "" // skip the startup checks, we don't use LDAP at all in this tests
cfg.TokenManager.JWTSecret = "loremipsum"
cfg.Commons = &shared.Commons{}
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
_ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
gatewayClient = &mocks.GatewayClient{}
eventsPublisher = mocks.Publisher{}
svc = service.NewService(

10
services/groups/pkg/config/config.go
View File

@@ -52,12 +52,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type Drivers struct {

14
services/groups/pkg/config/defaults/defaultconfig.go
View File

@@ -105,9 +105,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -120,6 +119,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/groups/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

5
services/idp/pkg/config/defaults/defaultconfig.go
View File

@@ -153,9 +153,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}

4
services/notifications/pkg/channels/channels.go
View File

@@ -27,13 +27,13 @@ type Channel interface {
// NewMailChannel instantiates a new mail communication channel.
func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) {
tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode)
tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode)
if err != nil {
logger.Error().Err(err).Msg("could not get gateway client tls mode")
return nil, err
}
gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway,
pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert),
pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert),
pool.WithTLSMode(tm),
)
if err != nil {

4
services/notifications/pkg/command/server.go
View File

@@ -77,13 +77,13 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode)
tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode)
if err != nil {
return err
}
gwclient, err := pool.GetGatewayServiceClient(
cfg.Notifications.RevaGateway,
pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert),
pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert),
pool.WithTLSMode(tm),
)
if err != nil {

13
services/notifications/pkg/config/config.go
View File

@@ -22,13 +22,12 @@ type Config struct {
// Notifications defines the config options for the notifications service.
type Notifications struct {
SMTP SMTP `yaml:"SMTP"`
Events Events `yaml:"events"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."`
EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."`
RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"`
RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"`
RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"`
SMTP SMTP `yaml:"SMTP"`
Events Events `yaml:"events"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."`
EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."`
RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
}
// SMTP combines the smtp configuration options.

10
services/notifications/pkg/config/defaults/defaultconfig.go
View File

@@ -37,9 +37,7 @@ func DefaultConfig() *config.Config {
ConsumerGroup: "notifications",
EnableTLS: false,
},
RevaGateway: shared.DefaultRevaConfig().Address,
RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode,
RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert,
RevaGateway: shared.DefaultRevaConfig().Address,
},
}
}
@@ -60,6 +58,12 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.Notifications.GRPCClientTLS == nil {
cfg.Notifications.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.Notifications.GRPCClientTLS = cfg.Commons.GRPCClientTLS
}
}
}
func Sanitize(cfg *config.Config) {

5
services/ocdav/pkg/config/defaults/defaultconfig.go
View File

@@ -80,9 +80,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}

5
services/ocs/pkg/command/server.go
View File

@@ -5,6 +5,7 @@ import (
"fmt"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/ocs/pkg/config/parser"
"github.com/owncloud/ocis/v2/services/ocs/pkg/logging"
@@ -33,6 +34,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
var (
gr = run.Group{}

5
services/ocs/pkg/config/config.go
View File

@@ -19,8 +19,9 @@ type Config struct {
HTTP HTTP `yaml:"http"`
TokenManager *TokenManager `yaml:"token_manager"`
Reva *shared.Reva `yaml:"reva"`
TokenManager *TokenManager `yaml:"token_manager"`
Reva *shared.Reva `yaml:"reva"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
IdentityManagement IdentityManagement `yaml:"identity_management"`

13
services/ocs/pkg/config/defaults/defaultconfig.go
View File

@@ -80,9 +80,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -99,6 +98,14 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
}
func Sanitize(cfg *config.Config) {

5
services/ocs/pkg/service/v0/users.go
View File

@@ -14,7 +14,7 @@ import (
cs3 "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1"
revactx "github.com/cs3org/reva/v2/pkg/ctx"
"github.com/go-chi/chi/v5"
"github.com/go-micro/plugins/v4/client/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/services/ocs/pkg/service/v0/data"
"github.com/owncloud/ocis/v2/services/ocs/pkg/service/v0/response"
ocstracing "github.com/owncloud/ocis/v2/services/ocs/pkg/tracing"
@@ -166,7 +166,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
// use the user's UUID
userID := u.Id.OpaqueId
c := storesvc.NewStoreService("com.owncloud.api.store", grpc.NewClient())
c := storesvc.NewStoreService("com.owncloud.api.store", grpc.DefaultClient())
res, err := c.Read(r.Context(), &storesvc.ReadRequest{
Options: &storemsg.ReadOptions{
Database: "proxy",
@@ -186,6 +186,7 @@ func (o Ocs) GetSigningKey(w http.ResponseWriter, r *http.Request) {
if e.Code == http.StatusNotFound {
// not found is ok, so we can continue and generate the key on the fly
} else {
o.logger.Error().Err(err).Msg("error reading from server")
o.mustRender(w, r, response.ErrRender(data.MetaServerError.StatusCode, "error reading from store"))
return
}

5
services/proxy/pkg/command/server.go
View File

@@ -17,6 +17,7 @@ import (
"github.com/owncloud/ocis/v2/ocis-pkg/log"
pkgmiddleware "github.com/owncloud/ocis/v2/ocis-pkg/middleware"
"github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
settingssvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/settings/v0"
storesvc "github.com/owncloud/ocis/v2/protogen/gen/ocis/services/store/v0"
@@ -50,6 +51,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
var (
m = metrics.New()

3
services/proxy/pkg/config/config.go
View File

@@ -18,7 +18,8 @@ type Config struct {
HTTP HTTP `yaml:"http"`
Reva *shared.Reva `yaml:"reva"`
Reva *shared.Reva `yaml:"reva"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
Policies []Policy `yaml:"policies"`
OIDC OIDC `yaml:"oidc"`

13
services/proxy/pkg/config/defaults/defaultconfig.go
View File

@@ -242,13 +242,20 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
}
// Sanitize sanitizes the configuration

5
services/search/pkg/command/server.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/search/pkg/config"
"github.com/owncloud/ocis/v2/services/search/pkg/config/parser"
@@ -32,6 +33,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
gr := run.Group{}
ctx, cancel := func() (context.Context, context.CancelFunc) {

9
services/search/pkg/config/config.go
View File

@@ -16,11 +16,12 @@ type Config struct {
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
GRPC GRPC `yaml:"grpc"`
GRPC GRPCConfig `yaml:"grpc"`
Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."`
Reva *shared.Reva `yaml:"reva"`
Events Events `yaml:"events"`
Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."`
Reva *shared.Reva `yaml:"reva"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
Events Events `yaml:"events"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;SEARCH_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."`

22
services/search/pkg/config/defaults/defaultconfig.go
View File

@@ -22,7 +22,7 @@ func DefaultConfig() *config.Config {
Addr: "127.0.0.1:9224",
Token: "",
},
GRPC: config.GRPC{
GRPC: config.GRPCConfig{
Addr: "127.0.0.1:9220",
Namespace: "com.owncloud.api",
},
@@ -72,13 +72,27 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
// Sanitize sanitizes the configuration

11
services/search/pkg/config/grpc.go
View File

@@ -1,7 +1,10 @@
package config
// GRPC defines the available grpc configuration.
type GRPC struct {
Addr string `ocisConfig:"addr" env:"SEARCH_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `ocisConfig:"-" yaml:"-"`
import "github.com/owncloud/ocis/v2/ocis-pkg/shared"
// GRPCConfig defines the available grpc configuration.
type GRPCConfig struct {
Addr string `ocisConfig:"addr" env:"SEARCH_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `ocisConfig:"-" yaml:"-"`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
}

11
services/search/pkg/server/grpc/server.go
View File

@@ -11,7 +11,12 @@ import (
func Server(opts ...Option) grpc.Service {
options := newOptions(opts...)
service := grpc.NewService(
service, err := grpc.NewService(
grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled),
grpc.TLSCert(
options.Config.GRPC.TLS.Cert,
options.Config.GRPC.TLS.Key,
),
grpc.Name(options.Config.Service.Name),
grpc.Context(options.Context),
grpc.Address(options.Config.GRPC.Addr),
@@ -20,6 +25,10 @@ func Server(opts ...Option) grpc.Service {
grpc.Flags(options.Flags...),
grpc.Version(version.GetString()),
)
if err != nil {
options.Logger.Fatal().Err(err).Msg("Error creating search service")
return grpc.Service{}
}
handle, err := svc.NewHandler(
svc.Config(options.Config),

5
services/settings/pkg/command/server.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/settings/pkg/config"
"github.com/owncloud/ocis/v2/services/settings/pkg/config/parser"
@@ -33,6 +34,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
servers := run.Group{}
ctx, cancel := func() (context.Context, context.CancelFunc) {

6
services/settings/pkg/config/config.go
View File

@@ -16,8 +16,10 @@ type Config struct {
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
HTTP HTTP `yaml:"http"`
GRPC GRPC `yaml:"grpc"`
HTTP HTTP `yaml:"http"`
GRPC GRPCConfig `yaml:"grpc"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
StoreType string `yaml:"store_type" env:"SETTINGS_STORE_TYPE" desc:"Store type configures the persistency driver. Supported values are \"metadata\" and \"filesystem\"."`
DataPath string `yaml:"data_path" env:"SETTINGS_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings."`

19
services/settings/pkg/config/defaults/defaultconfig.go
View File

@@ -5,6 +5,7 @@ import (
"strings"
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
"github.com/owncloud/ocis/v2/services/settings/pkg/config"
)
@@ -39,7 +40,7 @@ func DefaultConfig() *config.Config {
AllowCredentials: true,
},
},
GRPC: config.GRPC{
GRPC: config.GRPCConfig{
Addr: "127.0.0.1:9191",
Namespace: "com.owncloud.api",
},
@@ -100,6 +101,22 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.AdminUserID == "" && cfg.Commons != nil {
cfg.AdminUserID = cfg.Commons.AdminUserID
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

11
services/settings/pkg/config/grpc.go
View File

@@ -1,7 +1,10 @@
package config
// GRPC defines the available grpc configuration.
type GRPC struct {
Addr string `yaml:"addr" env:"SETTINGS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `yaml:"-"`
import "github.com/owncloud/ocis/v2/ocis-pkg/shared"
// GRPCConfig defines the available grpc configuration.
type GRPCConfig struct {
Addr string `yaml:"addr" env:"SETTINGS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `yaml:"-"`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
}

10
services/settings/pkg/server/grpc/server.go
View File

@@ -16,7 +16,12 @@ import (
func Server(opts ...Option) grpc.Service {
options := newOptions(opts...)
service := grpc.NewService(
service, err := grpc.NewService(
grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled),
grpc.TLSCert(
options.Config.GRPC.TLS.Cert,
options.Config.GRPC.TLS.Key,
),
grpc.Logger(options.Logger),
grpc.Name(options.Name),
grpc.Version(version.GetString()),
@@ -25,6 +30,9 @@ func Server(opts ...Option) grpc.Service {
grpc.Context(options.Context),
grpc.Flags(options.Flags...),
)
if err != nil {
options.Logger.Fatal().Err(err).Msg("Error creating settings service")
}
handle := svc.NewService(options.Config, options.Logger)
if err := settingssvc.RegisterBundleServiceHandler(service.Server(), handle); err != nil {

10
services/sharing/pkg/config/config.go
View File

@@ -55,12 +55,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type UserSharingDrivers struct {

14
services/sharing/pkg/config/defaults/defaultconfig.go
View File

@@ -101,9 +101,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -117,6 +116,15 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
if cfg.UserSharingDrivers.CS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" {
cfg.UserSharingDrivers.CS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey
}

6
services/sharing/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

10
services/storage-publiclink/pkg/config/config.go
View File

@@ -51,12 +51,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type StorageProvider struct {

14
services/storage-publiclink/pkg/config/defaults/defaultconfig.go
View File

@@ -61,9 +61,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/storage-publiclink/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"interceptors": map[string]interface{}{
"log": map[string]interface{}{},

10
services/storage-shares/pkg/config/config.go
View File

@@ -53,10 +53,8 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}

14
services/storage-shares/pkg/config/defaults/defaultconfig.go
View File

@@ -61,9 +61,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/storage-shares/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"sharesstorageprovider": map[string]interface{}{

10
services/storage-system/pkg/config/config.go
View File

@@ -56,12 +56,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
}
type HTTPConfig struct {

14
services/storage-system/pkg/config/defaults/defaultconfig.go
View File

@@ -73,9 +73,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -97,6 +96,15 @@ func EnsureDefaults(cfg *config.Config) {
cfg.SystemUserID = cfg.Commons.SystemUserID
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/storage-system/pkg/revaconfig/config.go
View File

@@ -24,9 +24,9 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
"services": map[string]interface{}{
"gateway": map[string]interface{}{

10
services/storage-users/pkg/config/config.go
View File

@@ -60,12 +60,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
}
type HTTPConfig struct {

14
services/storage-users/pkg/config/defaults/defaultconfig.go
View File

@@ -111,9 +111,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -126,6 +125,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/storage-users/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

4
services/storage-users/pkg/revaconfig/user.go
View File

@@ -95,7 +95,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
"treetime_accounting": true,
"treesize_accounting": true,
"permissionssvc": cfg.Drivers.OCIS.PermissionsEndpoint,
"permissionssvc_tls_mode": "off",
"permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode,
},
"s3": map[string]interface{}{
"enable_home": false,
@@ -115,7 +115,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
"treetime_accounting": true,
"treesize_accounting": true,
"permissionssvc": cfg.Drivers.S3NG.PermissionsEndpoint,
"permissionssvc_tls_mode": "off",
"permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode,
"s3.region": cfg.Drivers.S3NG.Region,
"s3.access_key": cfg.Drivers.S3NG.AccessKey,
"s3.secret_key": cfg.Drivers.S3NG.SecretKey,

5
services/store/pkg/command/server.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/store/pkg/config"
"github.com/owncloud/ocis/v2/services/store/pkg/config/parser"
@@ -33,6 +34,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
var (
gr = run.Group{}

4
services/store/pkg/config/config.go
View File

@@ -16,7 +16,9 @@ type Config struct {
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
GRPC GRPC `yaml:"grpc"`
GRPC GRPCConfig `yaml:"grpc"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
Datapath string `yaml:"data_path" env:"STORE_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/store."`

19
services/store/pkg/config/defaults/defaultconfig.go
View File

@@ -4,6 +4,7 @@ import (
"path"
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
"github.com/owncloud/ocis/v2/services/store/pkg/config"
)
@@ -22,7 +23,7 @@ func DefaultConfig() *config.Config {
Pprof: false,
Zpages: false,
},
GRPC: config.GRPC{
GRPC: config.GRPCConfig{
Addr: "127.0.0.1:9460",
Namespace: "com.owncloud.api",
},
@@ -56,6 +57,22 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

11
services/store/pkg/config/grpc.go
View File

@@ -1,7 +1,10 @@
package config
// GRPC defines the available grpc configuration.
type GRPC struct {
Addr string `yaml:"addr" env:"STORE_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `yaml:"-"`
import "github.com/owncloud/ocis/v2/ocis-pkg/shared"
// GRPCConfig defines the available grpc configuration.
type GRPCConfig struct {
Addr string `yaml:"addr" env:"STORE_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `yaml:"-"`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
}

11
services/store/pkg/server/grpc/server.go
View File

@@ -11,7 +11,12 @@ import (
func Server(opts ...Option) grpc.Service {
options := newOptions(opts...)
service := grpc.NewService(
service, err := grpc.NewService(
grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled),
grpc.TLSCert(
options.Config.GRPC.TLS.Cert,
options.Config.GRPC.TLS.Key,
),
grpc.Namespace(options.Config.GRPC.Namespace),
grpc.Name(options.Config.Service.Name),
grpc.Version(version.GetString()),
@@ -20,6 +25,10 @@ func Server(opts ...Option) grpc.Service {
grpc.Logger(options.Logger),
grpc.Flags(options.Flags...),
)
if err != nil {
options.Logger.Fatal().Err(err).Msg("Error creating store service")
return grpc.Service{}
}
hdlr, err := svc.New(
svc.Logger(options.Logger),

5
services/thumbnails/pkg/command/server.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/thumbnails/pkg/config"
"github.com/owncloud/ocis/v2/services/thumbnails/pkg/config/parser"
@@ -33,6 +34,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
var (
gr = run.Group{}

24
services/thumbnails/pkg/config/config.go
View File

@@ -16,8 +16,10 @@ type Config struct {
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
GRPC GRPC `yaml:"grpc"`
HTTP HTTP `yaml:"http"`
GRPC GRPCConfig `yaml:"grpc"`
HTTP HTTP `yaml:"http"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
Thumbnail Thumbnail `yaml:"thumbnail"`
@@ -31,14 +33,12 @@ type FileSystemStorage struct {
// Thumbnail defines the available thumbnail related configuration.
type Thumbnail struct {
Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."`
FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"`
WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."`
CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."`
RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"`
RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"`
RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"`
FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."`
TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."`
DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."`
Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."`
FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"`
WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."`
CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."`
RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"`
FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."`
TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."`
DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."`
}

28
services/thumbnails/pkg/config/defaults/defaultconfig.go
View File

@@ -24,7 +24,7 @@ func DefaultConfig() *config.Config {
Pprof: false,
Zpages: false,
},
GRPC: config.GRPC{
GRPC: config.GRPCConfig{
Addr: "127.0.0.1:9185",
Namespace: "com.owncloud.api",
},
@@ -41,12 +41,10 @@ func DefaultConfig() *config.Config {
FileSystemStorage: config.FileSystemStorage{
RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"),
},
WebdavAllowInsecure: false,
RevaGateway: shared.DefaultRevaConfig().Address,
RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode,
RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert,
CS3AllowInsecure: false,
DataEndpoint: "http://127.0.0.1:9186/thumbnails/data",
WebdavAllowInsecure: false,
RevaGateway: shared.DefaultRevaConfig().Address,
CS3AllowInsecure: false,
DataEndpoint: "http://127.0.0.1:9186/thumbnails/data",
},
}
}
@@ -74,6 +72,22 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

11
services/thumbnails/pkg/config/grpc.go
View File

@@ -1,7 +1,10 @@
package config
// GRPC defines the available grpc configuration.
type GRPC struct {
Addr string `yaml:"addr" env:"THUMBNAILS_GRPC_ADDR" desc:"The address off the grpc service."`
Namespace string `yaml:"-"`
import "github.com/owncloud/ocis/v2/ocis-pkg/shared"
// GRPCConfig defines the available grpc configuration.
type GRPCConfig struct {
Addr string `yaml:"addr" env:"THUMBNAILS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
Namespace string `yaml:"-"`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
}

16
services/thumbnails/pkg/server/grpc/server.go
View File

@@ -15,7 +15,12 @@ import (
func NewService(opts ...Option) grpc.Service {
options := newOptions(opts...)
service := grpc.NewService(
service, err := grpc.NewService(
grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled),
grpc.TLSCert(
options.Config.GRPC.TLS.Cert,
options.Config.GRPC.TLS.Key,
),
grpc.Logger(options.Logger),
grpc.Namespace(options.Namespace),
grpc.Name(options.Name),
@@ -25,14 +30,19 @@ func NewService(opts ...Option) grpc.Service {
grpc.Flags(options.Flags...),
grpc.Version(version.GetString()),
)
if err != nil {
options.Logger.Fatal().Err(err).Msg("Error creating thumbnail service")
return grpc.Service{}
}
tconf := options.Config.Thumbnail
tm, err := pool.StringToTLSMode(tconf.RevaGatewayTLSMode)
tm, err := pool.StringToTLSMode(options.Config.GRPCClientTLS.Mode)
if err != nil {
options.Logger.Error().Err(err).Msg("could not get gateway client tls mode")
return grpc.Service{}
}
gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway,
pool.WithTLSCACert(tconf.RevaGatewayTLSCACert),
pool.WithTLSCACert(options.Config.GRPCClientTLS.CACert),
pool.WithTLSMode(tm),
)
if err != nil {

10
services/users/pkg/config/config.go
View File

@@ -52,12 +52,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."`
}
type Drivers struct {

14
services/users/pkg/config/defaults/defaultconfig.go
View File

@@ -106,9 +106,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -121,6 +120,15 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.TokenManager == nil {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {

6
services/users/pkg/revaconfig/config.go
View File

@@ -23,9 +23,9 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} {
"network": cfg.GRPC.Protocol,
"address": cfg.GRPC.Addr,
"tls_settings": map[string]interface{}{
"enabled": cfg.GRPC.TLSEnabled,
"certificate": cfg.GRPC.TLSCert,
"key": cfg.GRPC.TLSKey,
"enabled": cfg.GRPC.TLS.Enabled,
"certificate": cfg.GRPC.TLS.Cert,
"key": cfg.GRPC.TLS.Key,
},
// TODO build services dynamically
"services": map[string]interface{}{

5
services/webdav/pkg/command/server.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/oklog/run"
"github.com/owncloud/ocis/v2/ocis-pkg/config/configlog"
ogrpc "github.com/owncloud/ocis/v2/ocis-pkg/service/grpc"
"github.com/owncloud/ocis/v2/ocis-pkg/version"
"github.com/owncloud/ocis/v2/services/webdav/pkg/config"
"github.com/owncloud/ocis/v2/services/webdav/pkg/config/parser"
@@ -32,6 +33,10 @@ func Server(cfg *config.Config) *cli.Command {
if err != nil {
return err
}
err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
if err != nil {
return err
}
var (
gr = run.Group{}

2
services/webdav/pkg/config/config.go
View File

@@ -16,6 +16,8 @@ type Config struct {
Log *Log `yaml:"log"`
Debug Debug `yaml:"debug"`
GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
HTTP HTTP `yaml:"http"`
OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."`

16
services/webdav/pkg/config/defaults/defaultconfig.go
View File

@@ -36,11 +36,9 @@ func DefaultConfig() *config.Config {
Service: config.Service{
Name: "webdav",
},
OcisPublicURL: "https://127.0.0.1:9200",
WebdavNamespace: "/users/{{.Id.OpaqueId}}",
RevaGateway: shared.DefaultRevaConfig().Address,
RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode,
RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert,
OcisPublicURL: "https://127.0.0.1:9200",
WebdavNamespace: "/users/{{.Id.OpaqueId}}",
RevaGateway: shared.DefaultRevaConfig().Address,
}
}
@@ -67,6 +65,14 @@ func EnsureDefaults(cfg *config.Config) {
} else if cfg.Tracing == nil {
cfg.Tracing = &config.Tracing{}
}
if cfg.GRPCClientTLS == nil {
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
}
}
}
func Sanitize(cfg *config.Config) {

4
services/webdav/pkg/service/v0/service.go
View File

@@ -60,12 +60,12 @@ func NewService(opts ...Option) (Service, error) {
// chi.RegisterMethod("REPORT")
m.Use(options.Middleware...)
tm, err := pool.StringToTLSMode(conf.RevaGatewayTLSMode)
tm, err := pool.StringToTLSMode(conf.GRPCClientTLS.Mode)
if err != nil {
return nil, err
}
gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway,
pool.WithTLSCACert(conf.RevaGatewayTLSCACert),
pool.WithTLSCACert(conf.GRPCClientTLS.CACert),
pool.WithTLSMode(tm),
)
if err != nil {