For certain setups we don't need the ADMIN_USER_ID to be set. It is
mainly needed for bootstrapping the internal idm and the initial role
assignment. If roles are assigned by other means (e.g. OIDC claims
in the future) we don't need it.
This makes the ADMIN_USER_ID optional, also if ADMIN_USER_ID is unset
we don't need to configure a password for the admin user. We will still
generated the admin_id and password when running 'ocis init', but it is
ok to run manual setups without those settings.
TLS for the services can be configure by setting the "OCIS_HTTP_TLS_ENABLED",
"OCIS_HTTP_TLS_CERTIFICATE" and "OCIS_HTTP_TLS_KEY" environment variables.
Currently the ocis proxy is this only service that directly accesses backend
services. It determines whether to use TLS or not by looking a the new registry
metadata "use_tls". As specific CA Cert for certificate verification
can be set with the "PROXY_HTTPS_CACERT" environment variable.
* Introduce TLS Settings for go-micro based grpc services and clients
TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.
TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.
By default TLS is disabled.
Co-authored-by: Martin <github@diemattels.at>
* Unify TLS configuration for all grpc services
All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.
TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.
TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.
There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.
Co-authored-by: Martin <github@diemattels.at>
Co-authored-by: Martin <github@diemattels.at>
Use OCIS_URL as the link base. This change also makes sure that the
top-level OcisURL config value gets a default assigned, even when
OCIS_URL is unset.
Fixes: #4688
* Use go-micro store to cache the roles
Add custom in-memory implementation
* replace redis with custom etcd implementation
* adjust table name for the cache in the roles manager
* Fix tests
* Fix sonarcloud issues
* Refactor for sonarcloud
* Allow configuration of cache per service
* Reuse parent context in etcd implementation
* split machineauthapikey and systemuserapikey
Signed-off-by: jkoberg <jkoberg@owncloud.com>
* changelog
Signed-off-by: jkoberg <jkoberg@owncloud.com>
* specific errors and some reverts
Signed-off-by: jkoberg <jkoberg@owncloud.com>
* use correct machine auth api key
Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de>
