mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-23 12:38:21 -05:00
Code Issues Packages Projects Releases Wiki Activity

[full-ci] Introduce TLS Settings for go-micro based grpc services and clients (#4901)

Browse Source 
* Introduce TLS Settings for go-micro based grpc services and clients

TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.

TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.

By default TLS is disabled.

Co-authored-by: Martin <github@diemattels.at>

* Unify TLS configuration for all grpc services

All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.

TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.

TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.

There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.

Co-authored-by: Martin <github@diemattels.at>

Co-authored-by: Martin <github@diemattels.at>
This commit is contained in:
Ralf Haferkamp
2022-11-03 10:17:08 +01:00
committed by GitHub
parent b7482e5410
commit ee974afebf
91 changed files with 746 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files
services/auth-basic/pkg/config/config.go
+4 -6
View File
@@ -51,12 +51,10 @@ type Debug struct {
}
type GRPCConfig struct {
Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"`
TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."`
TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."`
TLS *shared.GRPCServiceTLS `yaml:"tls"`
Namespace string `yaml:"-"`
Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."`
}
type AuthProviders struct {
services/auth-basic/pkg/config/defaults/defaultconfig.go
+10 -3
View File
@@ -104,9 +104,8 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil {
cfg.Reva = &shared.Reva{
Address: cfg.Commons.Reva.Address,
TLSMode: cfg.Commons.Reva.TLSMode,
TLSCACert: cfg.Commons.Reva.TLSCACert,
Address: cfg.Commons.Reva.Address,
TLS: cfg.Commons.Reva.TLS,
}
} else if cfg.Reva == nil {
cfg.Reva = &shared.Reva{}
@@ -120,6 +119,14 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}
if cfg.GRPC.TLS == nil {
cfg.GRPC.TLS = &shared.GRPCServiceTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil {
cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled
cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert
cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key
}
}
}
func Sanitize(cfg *config.Config) {