mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2026-02-18 03:18:52 -06:00
app-auth: Introduce config for the jsoncs3 backend
This commit is contained in:
@@ -28,9 +28,40 @@ type Config struct {
|
||||
|
||||
AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"1.0.0"`
|
||||
|
||||
StorageDriver string `yaml:"storage_driver" env:"AUTH_APP_STORAGE_DRIVER" desc:"Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'." introductionVersion:"%%NEXT%%"`
|
||||
StorageDrivers StorageDrivers `yaml:"storage_drivers"`
|
||||
|
||||
Context context.Context `yaml:"-"`
|
||||
}
|
||||
|
||||
type StorageDrivers struct {
|
||||
JSONCS3 JSONCS3Driver `yaml:"jsoncs3"`
|
||||
}
|
||||
|
||||
type JSONCS3Driver struct {
|
||||
ProviderAddr string `yaml:"provider_addr" env:"AUTH_APP_JSONCS3_PROVIDER_ADDR" desc:"GRPC address of the STORAGE-SYSTEM service." introductionVersion:"%%NEXT%%"`
|
||||
SystemUserID string `yaml:"system_user_id" env:"OC_SYSTEM_USER_ID;AUTH_APP_JSONCS3_SYSTEM_USER_ID" desc:"ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format." introductionVersion:"%%NEXT%%"`
|
||||
SystemUserIDP string `yaml:"system_user_idp" env:"OC_SYSTEM_USER_IDP;AUTH_APP_JSONCS3_SYSTEM_USER_IDP" desc:"IDP of the OpenCloud STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
|
||||
SystemUserAPIKey string `yaml:"system_user_api_key" env:"OC_SYSTEM_USER_API_KEY;AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY" desc:"API key for the STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
|
||||
PasswordGenerator string `yaml:"password_generator" env:"AUTH_APP_JSONCS3_PASSWORD_GENERATOR" desc:"The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'." introductionVersion:"%%NEXT%%"`
|
||||
PasswordGeneratorOptions PasswordGeneratorOptions `yaml:"password_generator_options"`
|
||||
}
|
||||
|
||||
type PasswordGeneratorOptions struct {
|
||||
DicewareOptions DicewareOptions `yaml:"diceware"`
|
||||
RandPWOpts RandPWOpts `yaml:"randon"`
|
||||
}
|
||||
|
||||
// DicewareOptions defines the config options for the "diceware" password generator
|
||||
type DicewareOptions struct {
|
||||
NumberOfWords int `yaml:"number_of_words" env:"AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS" desc:"The number of words the generated passphrase will have." introductionVersion:"%%NEXT%%"`
|
||||
}
|
||||
|
||||
// RandPWOpts defines the config options for the "random" password generator
|
||||
type RandPWOpts struct {
|
||||
PasswordLength int `yaml:"password_length" env:"AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH" desc:"The number of charactors the generated passwords will have." introductionVersion:"%%NEXT%%"`
|
||||
}
|
||||
|
||||
// Log defines the loging configuration
|
||||
type Log struct {
|
||||
Level string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`
|
||||
|
||||
@@ -44,6 +44,19 @@ func DefaultConfig() *config.Config {
|
||||
Service: config.Service{
|
||||
Name: "auth-app",
|
||||
},
|
||||
StorageDriver: "jsoncs3",
|
||||
StorageDrivers: config.StorageDrivers{
|
||||
JSONCS3: config.JSONCS3Driver{
|
||||
ProviderAddr: "eu.opencloud.api.storage-system",
|
||||
SystemUserIDP: "internal",
|
||||
PasswordGenerator: "diceware",
|
||||
PasswordGeneratorOptions: config.PasswordGeneratorOptions{
|
||||
DicewareOptions: config.DicewareOptions{
|
||||
NumberOfWords: 6,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Reva: shared.DefaultRevaConfig(),
|
||||
}
|
||||
}
|
||||
@@ -85,6 +98,14 @@ func EnsureDefaults(cfg *config.Config) {
|
||||
cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
|
||||
}
|
||||
|
||||
if cfg.StorageDrivers.JSONCS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" {
|
||||
cfg.StorageDrivers.JSONCS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey
|
||||
}
|
||||
|
||||
if cfg.StorageDrivers.JSONCS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
|
||||
cfg.StorageDrivers.JSONCS3.SystemUserID = cfg.Commons.SystemUserID
|
||||
}
|
||||
|
||||
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
|
||||
cfg.TokenManager = &config.TokenManager{
|
||||
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
|
||||
|
||||
@@ -11,6 +11,14 @@ import (
|
||||
func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
|
||||
appAuthJSON := filepath.Join(defaults.BaseDataPath(), "appauth.json")
|
||||
|
||||
jsonCS3pwGenOpt := map[string]any{}
|
||||
switch cfg.StorageDrivers.JSONCS3.PasswordGenerator {
|
||||
case "random":
|
||||
jsonCS3pwGenOpt["token_strength"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.RandPWOpts.PasswordLength
|
||||
case "diceware":
|
||||
jsonCS3pwGenOpt["number_of_words"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.DicewareOptions.NumberOfWords
|
||||
}
|
||||
|
||||
rcfg := map[string]interface{}{
|
||||
"shared": map[string]interface{}{
|
||||
"jwt_secret": cfg.TokenManager.JWTSecret,
|
||||
@@ -36,11 +44,19 @@ func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
|
||||
},
|
||||
},
|
||||
"applicationauth": map[string]interface{}{
|
||||
"driver": "json",
|
||||
"driver": cfg.StorageDriver,
|
||||
"drivers": map[string]interface{}{
|
||||
"json": map[string]interface{}{
|
||||
"file": appAuthJSON,
|
||||
},
|
||||
"jsoncs3": map[string]interface{}{
|
||||
"provider_addr": cfg.StorageDrivers.JSONCS3.ProviderAddr,
|
||||
"service_user_id": cfg.StorageDrivers.JSONCS3.SystemUserID,
|
||||
"service_user_idp": cfg.StorageDrivers.JSONCS3.SystemUserIDP,
|
||||
"machine_auth_apikey": cfg.StorageDrivers.JSONCS3.SystemUserAPIKey,
|
||||
"password_generator": cfg.StorageDrivers.JSONCS3.PasswordGenerator,
|
||||
"generator_config": jsonCS3pwGenOpt,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user