From fbb3382a421c4d559c0a8ffceb681217d0ed6339 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Thu, 20 Oct 2022 11:56:17 +0200 Subject: [PATCH] Revert backwards incompatible reva config changes The commit of unifying the Reva Client config introduced some backwards incompatible changes to the config structures and yaml config tags. For the "thumbnails", "webdav" and "notifications" service. This reverts the changes on the service and introduces TLS options in a backwards compatible manner. --- .../notifications/pkg/channels/channels.go | 10 +++++++++- services/notifications/pkg/command/server.go | 11 ++++++++--- services/notifications/pkg/config/config.go | 12 +++++++----- .../pkg/config/defaults/defaultconfig.go | 4 +++- services/thumbnails/pkg/config/config.go | 18 ++++++++++-------- .../pkg/config/defaults/defaultconfig.go | 10 ++++++---- services/thumbnails/pkg/server/grpc/server.go | 10 +++++++++- services/webdav/pkg/config/config.go | 10 ++++++---- .../pkg/config/defaults/defaultconfig.go | 8 +++++--- services/webdav/pkg/service/v0/service.go | 9 ++++++++- 10 files changed, 71 insertions(+), 31 deletions(-) diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index 17151623ca..0a27b1f14d 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,7 +27,15 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - gc, err := pool.GetGatewayServiceClient(cfg.Notifications.Reva.Address, cfg.Notifications.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + if err != nil { + logger.Error().Err(err).Msg("could not get gateway client tls mode") + return nil, err + } + gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway, + pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { logger.Error().Err(err).Msg("could not get gateway client") return nil, err diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index f3feb73601..b190268993 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,12 +77,17 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } + tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + if err != nil { + return err + } gwclient, err := pool.GetGatewayServiceClient( - cfg.Notifications.Reva.Address, - cfg.Notifications.Reva.GetRevaOptions()..., + cfg.Notifications.RevaGateway, + pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), ) if err != nil { - logger.Fatal().Err(err).Str("addr", cfg.Notifications.Reva.Address).Msg("could not get reva client") + logger.Fatal().Err(err).Str("addr", cfg.Notifications.RevaGateway).Msg("could not get reva client") } svc := service.NewEventsNotifier(evts, channel, logger, gwclient, cfg.Notifications.MachineAuthAPIKey, cfg.Notifications.EmailTemplatePath, cfg.Commons.OcisURL) diff --git a/services/notifications/pkg/config/config.go b/services/notifications/pkg/config/config.go index 652dc32dd5..7d5fb3be0b 100644 --- a/services/notifications/pkg/config/config.go +++ b/services/notifications/pkg/config/config.go @@ -22,11 +22,13 @@ type Config struct { // Notifications defines the config options for the notifications service. type Notifications struct { - SMTP SMTP `yaml:"SMTP"` - Events Events `yaml:"events"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` - Reva shared.Reva `yaml:"reva"` - EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + SMTP SMTP `yaml:"SMTP"` + Events Events `yaml:"events"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` + EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` } // SMTP combines the smtp configuration options. diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 5e03a5aa03..552d9f560f 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,7 +37,9 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - Reva: *shared.DefaultRevaConfig(), + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, }, } } diff --git a/services/thumbnails/pkg/config/config.go b/services/thumbnails/pkg/config/config.go index cd428e14d8..24b6440b55 100644 --- a/services/thumbnails/pkg/config/config.go +++ b/services/thumbnails/pkg/config/config.go @@ -31,12 +31,14 @@ type FileSystemStorage struct { // Thumbnail defines the available thumbnail related configuration. type Thumbnail struct { - Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` - FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` - WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` - CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` - Reva shared.Reva `yaml:"reva"` - FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` - TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` - DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` + Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` + FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` + WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` + CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` + TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` + DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` } diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index 38fc8584ee..d0b2c341ef 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -41,10 +41,12 @@ func DefaultConfig() *config.Config { FileSystemStorage: config.FileSystemStorage{ RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, - WebdavAllowInsecure: false, - Reva: *shared.DefaultRevaConfig(), - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + WebdavAllowInsecure: false, + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index fc33d33615..0ad60848a1 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -26,7 +26,15 @@ func NewService(opts ...Option) grpc.Service { grpc.Version(version.GetString()), ) tconf := options.Config.Thumbnail - gc, err := pool.GetGatewayServiceClient(tconf.Reva.Address, tconf.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(tconf.RevaGatewayTLSMode) + if err != nil { + options.Logger.Error().Err(err).Msg("could not get gateway client tls mode") + return grpc.Service{} + } + gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway, + pool.WithTLSCACert(tconf.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client") return grpc.Service{} diff --git a/services/webdav/pkg/config/config.go b/services/webdav/pkg/config/config.go index 5e7091983c..6f28afbc99 100644 --- a/services/webdav/pkg/config/config.go +++ b/services/webdav/pkg/config/config.go @@ -18,8 +18,10 @@ type Config struct { HTTP HTTP `yaml:"http"` - OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` - WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` - Reva shared.Reva `yaml:"reva"` - Context context.Context `yaml:"-"` + OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` + WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` + RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + Context context.Context `yaml:"-"` } diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 3e8f7cbfc7..ae6adb85a5 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -36,9 +36,11 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "webdav", }, - OcisPublicURL: "https://127.0.0.1:9200", - WebdavNamespace: "/users/{{.Id.OpaqueId}}", - Reva: *shared.DefaultRevaConfig(), + OcisPublicURL: "https://127.0.0.1:9200", + WebdavNamespace: "/users/{{.Id.OpaqueId}}", + RevaGateway: shared.DefaultRevaConfig().Address, + RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, + RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index b0110ae67c..ccd5bfe960 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,7 +60,14 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - gwc, err := pool.GetGatewayServiceClient(conf.Reva.Address, conf.Reva.GetRevaOptions()...) + tm, err := pool.StringToTLSMode(conf.RevaGatewayTLSMode) + if err != nil { + return nil, err + } + gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway, + pool.WithTLSCACert(conf.RevaGatewayTLSCACert), + pool.WithTLSMode(tm), + ) if err != nil { return nil, err }