app-auth: Introduce config for the jsoncs3 backend

services/auth-app/pkg/config/config.go

@@ -28,9 +28,40 @@ type Config struct {
 
 	AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"1.0.0"`
 
+	StorageDriver  string         `yaml:"storage_driver" env:"AUTH_APP_STORAGE_DRIVER" desc:"Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'." introductionVersion:"%%NEXT%%"`
+	StorageDrivers StorageDrivers `yaml:"storage_drivers"`
+
 	Context context.Context `yaml:"-"`
 }
 
+type StorageDrivers struct {
+	JSONCS3 JSONCS3Driver `yaml:"jsoncs3"`
+}
+
+type JSONCS3Driver struct {
+	ProviderAddr             string                   `yaml:"provider_addr" env:"AUTH_APP_JSONCS3_PROVIDER_ADDR" desc:"GRPC address of the STORAGE-SYSTEM service." introductionVersion:"%%NEXT%%"`
+	SystemUserID             string                   `yaml:"system_user_id" env:"OC_SYSTEM_USER_ID;AUTH_APP_JSONCS3_SYSTEM_USER_ID" desc:"ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format." introductionVersion:"%%NEXT%%"`
+	SystemUserIDP            string                   `yaml:"system_user_idp" env:"OC_SYSTEM_USER_IDP;AUTH_APP_JSONCS3_SYSTEM_USER_IDP" desc:"IDP of the OpenCloud STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
+	SystemUserAPIKey         string                   `yaml:"system_user_api_key" env:"OC_SYSTEM_USER_API_KEY;AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY" desc:"API key for the STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"`
+	PasswordGenerator        string                   `yaml:"password_generator" env:"AUTH_APP_JSONCS3_PASSWORD_GENERATOR" desc:"The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'." introductionVersion:"%%NEXT%%"`
+	PasswordGeneratorOptions PasswordGeneratorOptions `yaml:"password_generator_options"`
+}
+
+type PasswordGeneratorOptions struct {
+	DicewareOptions DicewareOptions `yaml:"diceware"`
+	RandPWOpts      RandPWOpts      `yaml:"randon"`
+}
+
+// DicewareOptions defines the config options for the "diceware" password generator
+type DicewareOptions struct {
+	NumberOfWords int `yaml:"number_of_words" env:"AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS" desc:"The number of words the generated passphrase will have." introductionVersion:"%%NEXT%%"`
+}
+
+// RandPWOpts defines the config options for the "random" password generator
+type RandPWOpts struct {
+	PasswordLength int `yaml:"password_length" env:"AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH" desc:"The number of charactors the generated passwords will have." introductionVersion:"%%NEXT%%"`
+}
+
 // Log defines the loging configuration
 type Log struct {
 	Level  string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"`

services/auth-app/pkg/config/defaults/defaultconfig.go

@@ -44,6 +44,19 @@ func DefaultConfig() *config.Config {
 		Service: config.Service{
 			Name: "auth-app",
 		},
+		StorageDriver: "jsoncs3",
+		StorageDrivers: config.StorageDrivers{
+			JSONCS3: config.JSONCS3Driver{
+				ProviderAddr:      "eu.opencloud.api.storage-system",
+				SystemUserIDP:     "internal",
+				PasswordGenerator: "diceware",
+				PasswordGeneratorOptions: config.PasswordGeneratorOptions{
+					DicewareOptions: config.DicewareOptions{
+						NumberOfWords: 6,
+					},
+				},
+			},
+		},
 		Reva: shared.DefaultRevaConfig(),
 	}
 }
@@ -85,6 +98,14 @@ func EnsureDefaults(cfg *config.Config) {
 		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
 
+	if cfg.StorageDrivers.JSONCS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" {
+		cfg.StorageDrivers.JSONCS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey
+	}
+
+	if cfg.StorageDrivers.JSONCS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
+		cfg.StorageDrivers.JSONCS3.SystemUserID = cfg.Commons.SystemUserID
+	}
+
 	if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
 		cfg.TokenManager = &config.TokenManager{
 			JWTSecret: cfg.Commons.TokenManager.JWTSecret,

services/auth-app/pkg/revaconfig/config.go

@@ -11,6 +11,14 @@ import (
 func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
 	appAuthJSON := filepath.Join(defaults.BaseDataPath(), "appauth.json")
 
+	jsonCS3pwGenOpt := map[string]any{}
+	switch cfg.StorageDrivers.JSONCS3.PasswordGenerator {
+	case "random":
+		jsonCS3pwGenOpt["token_strength"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.RandPWOpts.PasswordLength
+	case "diceware":
+		jsonCS3pwGenOpt["number_of_words"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.DicewareOptions.NumberOfWords
+	}
+
 	rcfg := map[string]interface{}{
 		"shared": map[string]interface{}{
 			"jwt_secret":                cfg.TokenManager.JWTSecret,
@@ -36,11 +44,19 @@ func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} {
 					},
 				},
 				"applicationauth": map[string]interface{}{
-					"driver": "json",
+					"driver": cfg.StorageDriver,
 					"drivers": map[string]interface{}{
 						"json": map[string]interface{}{
 							"file": appAuthJSON,
 						},
+						"jsoncs3": map[string]interface{}{
+							"provider_addr":       cfg.StorageDrivers.JSONCS3.ProviderAddr,
+							"service_user_id":     cfg.StorageDrivers.JSONCS3.SystemUserID,
+							"service_user_idp":    cfg.StorageDrivers.JSONCS3.SystemUserIDP,
+							"machine_auth_apikey": cfg.StorageDrivers.JSONCS3.SystemUserAPIKey,
+							"password_generator":  cfg.StorageDrivers.JSONCS3.PasswordGenerator,
+							"generator_config":    jsonCS3pwGenOpt,
+						},
 					},
 				},
 			},