Skip to content

Commit

Permalink
separate machine auth key and system auth key
Browse files Browse the repository at this point in the history
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
  • Loading branch information
butonic committed May 3, 2022
1 parent 7ee2d92 commit 783687e
Show file tree
Hide file tree
Showing 39 changed files with 141 additions and 110 deletions.
5 changes: 3 additions & 2 deletions .vscode/launch.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,9 @@
"IDM_ADMIN_PASSWORD": "admin",
// demo users
"IDM_CREATE_DEMO_USERS": "true",
// metadata storage
"METADATA_USER_ID": "some-metadata-user-id"
// system storage
"SYSTEM_USER_ID": "some-system-user-id",
"SYSTEM_AUTH_API_KEY": "some-system-auth-api-key",
// OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode
//"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,accounts,proxy,ocdav",
}
Expand Down
2 changes: 1 addition & 1 deletion extensions/accounts/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}
return nil
}
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func Sanitize(cfg *config.Config) {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/appprovider/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/auth-basic/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.AuthProviders.LDAP.BindPassword == "" && cfg.AuthProvider == "ldap" {
Expand Down
2 changes: 1 addition & 1 deletion extensions/auth-bearer/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

return nil
Expand Down
4 changes: 2 additions & 2 deletions extensions/auth-machine/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.AuthProviders.Machine.APIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}
return nil
}
6 changes: 3 additions & 3 deletions extensions/frontend/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,15 +35,15 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.TransferSecret == "" {
return shared.MissingRevaTransferSecretError(cfg.Service.Name)
return shared.MissingRevaTransferSecret(cfg.Service.Name)
}

if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}

return nil
Expand Down
4 changes: 2 additions & 2 deletions extensions/gateway/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.TransferSecret == "" {
return shared.MissingRevaTransferSecretError(cfg.Service.Name)
return shared.MissingRevaTransferSecret(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/graph/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.Identity.Backend == "ldap" && cfg.Identity.LDAP.BindPassword == "" {
Expand Down
2 changes: 1 addition & 1 deletion extensions/group/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.Drivers.LDAP.BindPassword == "" && cfg.Driver == "ldap" {
Expand Down
2 changes: 1 addition & 1 deletion extensions/notifications/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.Notifications.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/ocdav/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

return nil
Expand Down
3 changes: 2 additions & 1 deletion extensions/ocs/pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@ type Config struct {

IdentityManagement IdentityManagement `yaml:"identity_management"`

AccountBackend string `yaml:"account_backend" env:"OCS_ACCOUNT_BACKEND_TYPE"`
AccountBackend string `yaml:"account_backend" env:"OCS_ACCOUNT_BACKEND_TYPE"`
// StorageUsersDriver is used to list and then delete all spaces owned by the user
StorageUsersDriver string `yaml:"storage_users_driver" env:"STORAGE_USERS_DRIVER;OCS_STORAGE_USERS_DRIVER"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;OCS_MACHINE_AUTH_API_KEY"`

Expand Down
4 changes: 2 additions & 2 deletions extensions/ocs/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}

return nil
Expand Down
4 changes: 2 additions & 2 deletions extensions/proxy/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,11 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/search/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
return shared.MissingMachineAuthAPIKey(cfg.Service.Name)
}
return nil
}
6 changes: 3 additions & 3 deletions extensions/settings/pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ type Metadata struct {
GatewayAddress string `yaml:"gateway_addr" env:"STORAGE_GATEWAY_GRPC_ADDR"`
StorageAddress string `yaml:"storage_addr" env:"STORAGE_GRPC_ADDR"`

ServiceUserID string `yaml:"service_user_id" env:"METADATA_SERVICE_USER_UUID"`
ServiceUserIDP string `yaml:"service_user_idp" env:"METADATA_SERVICE_USER_IDP"`
MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
SystemUserID string `yaml:"system_user_id" env:"SYSTEM_USER_ID"`
SystemUserIDP string `yaml:"system_user_idp" env:"SYSTEM_USER_IDP"`
SystemAuthAPIKey string `yaml:"machine_auth_api_key" env:"SYSTEM_AUTH_API_KEY"`
}
10 changes: 5 additions & 5 deletions extensions/settings/pkg/config/defaults/defaultconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ func DefaultConfig() *config.Config {
Metadata: config.Metadata{
GatewayAddress: "127.0.0.1:9215", // metadata storage
StorageAddress: "127.0.0.1:9215",
ServiceUserIDP: "internal",
SystemUserIDP: "internal",
},
}
}
Expand Down Expand Up @@ -89,12 +89,12 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}

if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.Metadata.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
if cfg.Metadata.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
cfg.Metadata.SystemUserID = cfg.Commons.SystemUserID
}

if cfg.Metadata.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
cfg.Metadata.ServiceUserID = cfg.Commons.MetadataUserID
if cfg.Metadata.SystemAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemAuthAPIKey != "" {
cfg.Metadata.SystemAuthAPIKey = cfg.Commons.SystemAuthAPIKey
}
}

Expand Down
10 changes: 7 additions & 3 deletions extensions/settings/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -34,11 +34,15 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.Metadata.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
if cfg.Metadata.SystemUserID == "" {
return shared.MissingSystemUserID(cfg.Service.Name)
}

if cfg.Metadata.SystemAuthAPIKey == "" {
return shared.MissingSystemAuthAPIKey(cfg.Service.Name)
}

return nil
Expand Down
2 changes: 1 addition & 1 deletion extensions/settings/pkg/store/metadata/store.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ func New(cfg *config.Config) settings.Manager {

// NewMetadataClient returns the MetadataClient
func NewMetadataClient(cfg config.Metadata) MetadataClient {
mdc, err := metadata.NewCS3Storage(cfg.GatewayAddress, cfg.StorageAddress, cfg.ServiceUserID, cfg.ServiceUserIDP, cfg.MachineAuthAPIKey)
mdc, err := metadata.NewCS3Storage(cfg.GatewayAddress, cfg.StorageAddress, cfg.SystemUserIDP, cfg.SystemUserIDP, cfg.SystemAuthAPIKey)
if err != nil {
log.Fatal("error connecting to mdc:", err)
}
Expand Down
12 changes: 6 additions & 6 deletions extensions/sharing/pkg/command/command.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,9 +154,9 @@ func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inte
},
"cs3": map[string]interface{}{
"provider_addr": cfg.UserSharingDrivers.CS3.ProviderAddr,
"service_user_id": cfg.UserSharingDrivers.CS3.ServiceUserID,
"service_user_idp": cfg.UserSharingDrivers.CS3.ServiceUserIDP,
"machine_auth_apikey": cfg.UserSharingDrivers.CS3.MachineAuthAPIKey,
"service_user_id": cfg.UserSharingDrivers.CS3.SystemUserID,
"service_user_idp": cfg.UserSharingDrivers.CS3.SystemUserIDP,
"machine_auth_apikey": cfg.UserSharingDrivers.CS3.SystemAuthAPIKey,
},
},
},
Expand Down Expand Up @@ -190,9 +190,9 @@ func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inte
},
"cs3": map[string]interface{}{
"provider_addr": cfg.PublicSharingDrivers.CS3.ProviderAddr,
"service_user_id": cfg.PublicSharingDrivers.CS3.ServiceUserID,
"service_user_idp": cfg.PublicSharingDrivers.CS3.ServiceUserIDP,
"machine_auth_apikey": cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey,
"service_user_id": cfg.PublicSharingDrivers.CS3.SystemUserID,
"service_user_idp": cfg.PublicSharingDrivers.CS3.SystemUserIDP,
"machine_auth_apikey": cfg.PublicSharingDrivers.CS3.SystemAuthAPIKey,
},
},
},
Expand Down
16 changes: 8 additions & 8 deletions extensions/sharing/pkg/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,10 @@ type UserSharingSQLDriver struct {
}

type UserSharingCS3Driver struct {
ProviderAddr string
ServiceUserID string
ServiceUserIDP string `env:"OCIS_URL;SHARING_CS3_SERVICE_USER_IDP"`
MachineAuthAPIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
ProviderAddr string
SystemUserID string `env:"SYSTEM_USER_ID;SHARING_USER_SYSTEM_USER_ID"`
SystemUserIDP string `env:"SYSTEM_USER_IDP;SHARING_USER_SYSTEM_USER_IDP"`
SystemAuthAPIKey string `env:"SYSTEM_AUTH_API_KEY;SHARING_USER_SYSTEM_AUTH_API_KEY"`
}

type PublicSharingDrivers struct {
Expand All @@ -104,10 +104,10 @@ type PublicSharingSQLDriver struct {
}

type PublicSharingCS3Driver struct {
ProviderAddr string
ServiceUserID string
ServiceUserIDP string
MachineAuthAPIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"`
ProviderAddr string
SystemUserID string `env:"SYSTEM_USER_ID;SHARING_PUBLIC_SYSTEM_USER_ID"`
SystemUserIDP string `env:"SYSTEM_USER_IDP;SHARING_PUBLIC_SYSTEM_USER_IDP"`
SystemAuthAPIKey string `env:"SYSTEM_AUTH_API_KEY;SHARING_PUBLIC_SYSTEM_AUTH_API_KEY"`
}

type Events struct {
Expand Down
24 changes: 12 additions & 12 deletions extensions/sharing/pkg/config/defaults/defaultconfig.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ func DefaultConfig() *config.Config {
JanitorRunInterval: 60,
},
CS3: config.UserSharingCS3Driver{
ProviderAddr: "127.0.0.1:9215", // metadata storage
ServiceUserIDP: "internal",
ProviderAddr: "127.0.0.1:9215", // metadata storage
SystemUserIDP: "internal",
},
},
PublicSharingDriver: "json",
Expand All @@ -68,8 +68,8 @@ func DefaultConfig() *config.Config {
JanitorRunInterval: 60,
},
CS3: config.PublicSharingCS3Driver{
ProviderAddr: "127.0.0.1:9215", // metadata storage
ServiceUserIDP: "internal",
ProviderAddr: "127.0.0.1:9215", // metadata storage
SystemUserIDP: "internal",
},
},
Events: config.Events{
Expand Down Expand Up @@ -119,20 +119,20 @@ func EnsureDefaults(cfg *config.Config) {
cfg.TokenManager = &config.TokenManager{}
}

if cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.UserSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
if cfg.UserSharingDrivers.CS3.SystemAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemAuthAPIKey != "" {
cfg.UserSharingDrivers.CS3.SystemAuthAPIKey = cfg.Commons.SystemAuthAPIKey
}

if cfg.UserSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
cfg.UserSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID
if cfg.UserSharingDrivers.CS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
cfg.UserSharingDrivers.CS3.SystemUserID = cfg.Commons.SystemUserID
}

if cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
if cfg.PublicSharingDrivers.CS3.SystemAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemAuthAPIKey != "" {
cfg.PublicSharingDrivers.CS3.SystemAuthAPIKey = cfg.Commons.SystemAuthAPIKey
}

if cfg.PublicSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
cfg.PublicSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID
if cfg.PublicSharingDrivers.CS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" {
cfg.PublicSharingDrivers.CS3.SystemUserID = cfg.Commons.SystemUserID
}
}

Expand Down
18 changes: 9 additions & 9 deletions extensions/sharing/pkg/config/parser/parse.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,23 +35,23 @@ func ParseConfig(cfg *config.Config) error {

func Validate(cfg *config.Config) error {
if cfg.TokenManager.JWTSecret == "" {
return shared.MissingJWTTokenError(cfg.Service.Name)
return shared.MissingJWTToken(cfg.Service.Name)
}

if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.SystemAuthAPIKey == "" {
return shared.MissingSystemAuthAPIKey(cfg.Service.Name)
}

if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.ServiceUserID == "" {
return shared.MissingMetadataUserID(cfg.Service.Name)
if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.SystemUserID == "" {
return shared.MissingSystemUserID(cfg.Service.Name)
}

if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" {
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.SystemAuthAPIKey == "" {
return shared.MissingSystemAuthAPIKey(cfg.Service.Name)
}

if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.ServiceUserID == "" {
return shared.MissingMetadataUserID(cfg.Service.Name)
if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.SystemUserID == "" {
return shared.MissingSystemUserID(cfg.Service.Name)
}

return nil
Expand Down
Loading

0 comments on commit 783687e

Please sign in to comment.