diff --git a/.bingo/Variables.mk b/.bingo/Variables.mk index c3a6f1db5b1..cd90d103da6 100644 --- a/.bingo/Variables.mk +++ b/.bingo/Variables.mk @@ -1,4 +1,4 @@ -# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.2. DO NOT EDIT. +# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT. # All tools are designed to be build inside $GOBIN. BINGO_DIR := $(dir $(lastword $(MAKEFILE_LIST))) GOPATH ?= $(shell go env GOPATH) diff --git a/.bingo/variables.env b/.bingo/variables.env index e19cf5f1dbb..d64a412b023 100644 --- a/.bingo/variables.env +++ b/.bingo/variables.env @@ -1,4 +1,4 @@ -# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.5.2. DO NOT EDIT. +# Auto generated binary variables helper managed by https://github.com/bwplotka/bingo v0.6. DO NOT EDIT. # All tools are designed to be build inside $GOBIN. # Those variables will work only until 'bingo get' was invoked, or if tools were installed via Makefile's Variables.mk. GOBIN=${GOBIN:=$(go env GOBIN)} diff --git a/.drone.star b/.drone.star index 16542d0f7e5..98b27ef5353 100644 --- a/.drone.star +++ b/.drone.star @@ -1680,6 +1680,7 @@ def ocisServerWithAccounts(storage, accounts_hash_difficulty = 4, volumes = [], "detach": True, "environment": environment, "commands": [ + "ocis/bin/ocis init --insecure true", "ocis/bin/ocis server", ], "volumes": volumes, @@ -1700,8 +1701,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = user = "0:0" environment = { "OCIS_URL": "https://ocis-server:9200", - "GATEWAY_GRPC_ADDR": "0.0.0.0:9142", - "STORAGE_HOME_DRIVER": "%s" % (storage), + "GATEWAY_GRPC_ADDR": "0.0.0.0:9142", # cs3api-validator needs the cs3api gatway exposed "STORAGE_USERS_DRIVER": "%s" % (storage), "STORAGE_USERS_DRIVER_LOCAL_ROOT": "/srv/app/tmp/ocis/local/root", "STORAGE_USERS_DRIVER_OCIS_ROOT": "/srv/app/tmp/ocis/storage/users", @@ -1712,8 +1712,8 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = "IDP_IDENTIFIER_REGISTRATION_CONF": "/drone/src/tests/config/drone/identifier-registration.yml", "OCIS_LOG_LEVEL": "error", "SETTINGS_DATA_PATH": "/srv/app/tmp/ocis/settings", - "OCIS_INSECURE": "true", "IDM_CREATE_DEMO_USERS": True, + "IDM_ADMIN_PASSWORD": "admin", # override the random admin password from `ocis init` } wait_for_ocis = { "name": "wait-for-ocis-server", @@ -1782,24 +1782,16 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = "SHARING_USER_SQL_HOST": "oc10-db", "SHARING_USER_SQL_PORT": 3306, "SHARING_USER_SQL_NAME": "owncloud", - # ownCloud storage readonly - # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303 - "OCIS_STORAGE_READ_ONLY": "false", # General oCIS config # OCIS_RUN_EXTENSIONS specifies to start all extensions except glauth, idp and accounts. These are replaced by external services "OCIS_RUN_EXTENSIONS": "settings,storage-metadata,graph,graph-explorer,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,proxy,nats,ocdav", "OCIS_LOG_LEVEL": "info", "OCIS_URL": OCIS_URL, - "PROXY_TLS": "true", "OCIS_BASE_DATA_PATH": "/mnt/data/ocis", "OCIS_CONFIG_DIR": "/etc/ocis", - # change default secrets - "OCIS_JWT_SECRET": "Pive-Fumkiu4", - "STORAGE_TRANSFER_SECRET": "replace-me-with-a-transfer-secret", - "OCIS_MACHINE_AUTH_API_KEY": "change-me-please", - "OCIS_INSECURE": "true", "PROXY_ENABLE_BASIC_AUTH": "true", "IDM_CREATE_DEMO_USERS": True, + "IDM_ADMIN_PASSWORD": "admin", # override the random admin password from `ocis init` } wait_for_ocis = { "name": "wait-for-ocis-server", @@ -1825,6 +1817,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = "environment": environment, "user": user, "commands": [ + "ocis/bin/ocis init --insecure true", "ocis/bin/ocis server", ], "volumes": volumes, diff --git a/.vscode/launch.json b/.vscode/launch.json index 4332cf2e1ab..aec90a875e5 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -19,9 +19,25 @@ "PROXY_ENABLE_BASIC_AUTH": "true", // set insecure options because we don't have valid certificates in dev environments "OCIS_INSECURE": "true", + // set some hardcoded secrets + "OCIS_JWT_SECRET": "some-ocis-jwt-secret", + "STORAGE_TRANSFER_SECRET": "some-ocis-transfer-secret", + "OCIS_MACHINE_AUTH_API_KEY": "some-ocis-machine-auth-api-key", + // idm ldap + "IDM_SVC_PASSWORD": "some-ldap-idm-password", + "GRAPH_LDAP_BIND_PASSWORD": "some-ldap-idm-password", + // reva ldap + "IDM_REVASVC_PASSWORD": "some-ldap-reva-password", + "GROUPS_LDAP_BIND_PASSWORD": "some-ldap-reva-password", + "USERS_LDAP_BIND_PASSWORD": "some-ldap-reva-password", + "AUTH_BASIC_LDAP_BIND_PASSWORD": "some-ldap-reva-password", + // idp ldap + "IDM_IDPSVC_PASSWORD": "some-ldap-idp-password", + "IDP_LDAP_BIND_PASSWORD": "some-ldap-idp-password", + // admin user default password + "IDM_ADMIN_PASSWORD": "admin", // demo users - "ACCOUNTS_DEMO_USERS_AND_GROUPS": "true", - "IDM_CREATE_DEMO_USERS": "true" + "IDM_CREATE_DEMO_USERS": "true", // OCIS_RUN_EXTENSIONS allows to start a subset of extensions even in the supervised mode //"OCIS_RUN_EXTENSIONS": "settings,storage-metadata,glauth,graph,graph-explorer,idp,ocs,store,thumbnails,web,webdav,storage-frontend,storage-gateway,storage-userprovider,storage-groupprovider,storage-authbasic,storage-authbearer,storage-authmachine,storage-users,storage-shares,storage-public-link,storage-appprovider,storage-sharing,accounts,proxy,ocdav", } diff --git a/changelog/unreleased/change-ocis-init.md b/changelog/unreleased/change-ocis-init.md new file mode 100644 index 00000000000..a4a81eb3854 --- /dev/null +++ b/changelog/unreleased/change-ocis-init.md @@ -0,0 +1,10 @@ +Change: Introduce `ocis init` and remove all default secrets + +We've removed all default secrets. This means you can't start oCIS any longer +without setting these via environment variable or configuration file. + +In order to make this easy for you, we introduced a new command: `ocis init`. +You can run this command before starting oCIS with `ocis server` and it will +bootstrap you a configuration file for a secure oCIS instance. + +https://github.com/owncloud/ocis/pull/3551 diff --git a/deployments/examples/ocis_traefik/.env b/deployments/examples/ocis_traefik/.env index f75e2d5fb90..478247e879c 100644 --- a/deployments/examples/ocis_traefik/.env +++ b/deployments/examples/ocis_traefik/.env @@ -2,10 +2,6 @@ # It skips certificate validation for various parts of oCIS and is needed if you use self signed certificates. INSECURE=true -# The demo users should not be created on a production instance -# because their passwords are public -DEMO_USERS=true - ### Traefik settings ### # Serve Traefik dashboard. Defaults to "false". TRAEFIK_DASHBOARD= @@ -21,16 +17,11 @@ TRAEFIK_ACME_MAIL= OCIS_DOCKER_TAG= # Domain of oCIS, where you can find the frontend. Defaults to "ocis.owncloud.test" OCIS_DOMAIN= -# IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp". -IDP_LDAP_BIND_PASSWORD= -# Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva". -STORAGE_LDAP_BIND_PASSWORD= -# JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4" -OCIS_JWT_SECRET= -# JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" -STORAGE_TRANSFER_SECRET= -# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" -OCIS_MACHINE_AUTH_API_KEY= +# oCIS admin user password. Defaults to "admin". +ADMIN_PASSWORD= +# The demo users should not be created on a production instance +# because their passwords are public. Defaults to "false". +DEMO_USERS= # If you want to use debugging and tracing with this stack, # you need uncomment following line. Please see documentation at diff --git a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh b/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh index c1f96fae4ef..b5befa04aab 100644 --- a/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh +++ b/deployments/examples/ocis_traefik/config/ocis/entrypoint-override.sh @@ -1,24 +1,5 @@ #!/bin/sh - set -e -ocis server& -sleep 10 - -echo "##################################################" -echo "change default secrets:" - -# IDP -IDP_USER_UUID=$(ocis accounts list | grep "| Kopano IDP " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " IDP user UUID: $IDP_USER_UUID" -ocis accounts update --password $IDP_LDAP_BIND_PASSWORD $IDP_USER_UUID - -# REVA -REVA_USER_UUID=$(ocis accounts list | grep " | Reva Inter " | egrep '[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}' -o) -echo " Reva user UUID: $REVA_USER_UUID" -ocis accounts update --password $STORAGE_LDAP_BIND_PASSWORD $REVA_USER_UUID - -echo "default secrets changed" -echo "##################################################" - -wait # wait for oCIS to exit +ocis init || true # will only initialize once +ocis server diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 35fc4756cf2..fc1133e5dcc 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -53,21 +53,17 @@ services: OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose PROXY_TLS: "false" # do not use SSL between Traefik and oCIS - # change default secrets - IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} - STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} - OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} - STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} - OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # INSECURE: needed if oCIS / Traefik is using self generated certificates OCIS_INSECURE: "${INSECURE:-false}" # basic auth (not recommended, but needed for eg. WebDav clients that do not support OpenID Connect) PROXY_ENABLE_BASIC_AUTH: "${PROXY_ENABLE_BASIC_AUTH:-false}" + # admin user password + IDM_ADMIN_PASSWORD: "${ADMIN_PASSWORD:-admin}" # this overrides the admin password from the configuration file # demo users - ACCOUNTS_DEMO_USERS_AND_GROUPS: "${DEMO_USERS:-false}" # deprecated, remove after switching to LibreIDM IDM_CREATE_DEMO_USERS: "${DEMO_USERS:-false}" volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh + - ocis-config:/etc/ocis - ocis-data:/var/lib/ocis labels: - "traefik.enable=true" @@ -82,7 +78,9 @@ services: volumes: certs: + ocis-config: ocis-data: + networks: ocis-net: diff --git a/docs/extensions/accounts/tests.md b/docs/extensions/accounts/tests.md index 07de8e5dc37..5fdb2b54968 100644 --- a/docs/extensions/accounts/tests.md +++ b/docs/extensions/accounts/tests.md @@ -19,9 +19,10 @@ Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/ {{< hint info >}} For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests: -``` +```bash rm ~/.ocis/idp/identifier-registration.yaml ``` + {{< /hint >}} ### In the web repo @@ -30,7 +31,7 @@ rm ~/.ocis/idp/identifier-registration.yaml Install dependencies and bundle the frontend with a watcher by running -``` +```bash yarn && yarn build:w ``` @@ -40,7 +41,7 @@ If you skip the step above, the currently bundled frontend from the oCIS binary Start the necessary acceptance test services by using Docker (Compose): -``` +```bash docker compose up selenium middleware-ocis vnc ``` @@ -50,7 +51,7 @@ docker compose up selenium middleware-ocis vnc Navigate into the accounts service via `cd ../accounts/` and install dependencies and build the bundled accounts UI with a watcher by running -``` +```bash yarn && yarn watch ``` @@ -58,13 +59,14 @@ yarn && yarn watch Navigate into the oCIS directory inside the oCIS repository and build the oCIS binary by running -``` +```bash make clean build ``` Then, start oCIS from the binary via -``` +```bash +./bin/ocis init OCIS_URL=https://host.docker.internal:9200 OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true WEB_UI_CONFIG=../../web/dev/docker/ocis.web.config.json ./bin/ocis server ``` @@ -78,6 +80,6 @@ If you want visual feedback on the test run, visit http://host.docker.internal:6 Navigate into the accounts service via `cd ../accounts/` and start the acceptance tests by running -``` +```bash SERVER_HOST=https://host.docker.internal:9200 BACKEND_HOST=https://host.docker.internal:9200 RUN_ON_OCIS=true NODE_TLS_REJECT_UNAUTHORIZED=0 WEB_PATH=../../web WEB_UI_CONFIG=../../web/tests/drone/config-ocis.json MIDDLEWARE_HOST=http://host.docker.internal:3000 ./ui/tests/run-acceptance-test.sh ./ui/tests/acceptance/features/ ``` diff --git a/docs/extensions/settings/tests.md b/docs/extensions/settings/tests.md index 06a4b3fb5f5..b07ae587392 100644 --- a/docs/extensions/settings/tests.md +++ b/docs/extensions/settings/tests.md @@ -19,9 +19,10 @@ Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/ {{< hint info >}} For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests: -``` +```bash rm ~/.ocis/idp/identifier-registration.yaml ``` + {{< /hint >}} ### In the web repo @@ -30,7 +31,7 @@ rm ~/.ocis/idp/identifier-registration.yaml Install dependencies and bundle the frontend with a watcher by running -``` +```bash yarn && yarn build:w ``` @@ -40,7 +41,7 @@ If you skip the step above, the currently bundled frontend from the oCIS binary Start the necessary acceptance test services by using Docker (Compose): -``` +```bash docker compose up selenium middleware-ocis vnc ``` @@ -50,7 +51,7 @@ docker compose up selenium middleware-ocis vnc Navigate into the settings service via `cd ../settings/` and install dependencies and build the bundled settings UI with a watcher by running -``` +```bash yarn && yarn watch ``` @@ -58,13 +59,14 @@ yarn && yarn watch Navigate into the oCIS directory inside the oCIS repository and build the oCIS binary by running -``` +```bash make clean build ``` Then, start oCIS from the binary via -``` +```bash +ocis init OCIS_URL=https://host.docker.internal:9200 OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true WEB_UI_CONFIG=../../web/dev/docker/ocis.web.config.json ./bin/ocis server ``` @@ -78,6 +80,6 @@ If you want visual feedback on the test run, visit http://host.docker.internal:6 Navigate into the settings service via `cd ../settings/` and start the acceptance tests by running -``` +```bash SERVER_HOST=https://host.docker.internal:9200 BACKEND_HOST=https://host.docker.internal:9200 RUN_ON_OCIS=true NODE_TLS_REJECT_UNAUTHORIZED=0 WEB_PATH=../../web WEB_UI_CONFIG=../../web/tests/drone/config-ocis.json MIDDLEWARE_HOST=http://host.docker.internal:3000 ./ui/tests/run-acceptance-test.sh ./ui/tests/acceptance/features/ ``` diff --git a/docs/helpers/example-config-generator.go.tmpl b/docs/helpers/example-config-generator.go.tmpl index 6e40721c1ca..277cfdc9dc2 100644 --- a/docs/helpers/example-config-generator.go.tmpl +++ b/docs/helpers/example-config-generator.go.tmpl @@ -22,9 +22,7 @@ func main() { {{- range $key, $value := .}} replacer.Replace("{{$value}}"): func() string { fmt.Println("Generating example YAML config for {{ $value -}}") - c := pkg{{$key}}.DefaultConfig() - pkg{{$key}}.EnsureDefaults(c) - pkg{{$key}}.Sanitize(c) + c := pkg{{$key}}.FullDefaultConfig() yml, err := yaml.Marshal(c) if err != nil { log.Fatalf("Marshalling yaml for pkg0 failed: %s\n", err) @@ -50,4 +48,3 @@ func main() { } } } - diff --git a/docs/ocis/deployment/_index.md b/docs/ocis/deployment/_index.md index e3fc175fda4..7da501f392b 100644 --- a/docs/ocis/deployment/_index.md +++ b/docs/ocis/deployment/_index.md @@ -27,38 +27,7 @@ oCIS deployments are super simple, yet there are many configurations possible fo ## Secure an oCIS instance -### Change default secrets -oCIS uses two system users which are needed for being operational: -- Reva Inter Operability Platform (bc596f3c-c955-4328-80a0-60d018b4ad57) -- Kopano IDP (820ba2a1-3f54-4538-80a4-2d73007e30bf) +oCIS no longer has any default secrets in versions later than oCIS 1.20.0. Therefore you're no +longer able to start oCIS without generating / setting all needed secrets. -Both have simple default passwords which need to be changed. Currently, changing a password is only possible on the command line. You need to run `ocis accounts update --password ` for both users. - -The new password for the Reva Inter Operability Platform user must be made available to oCIS by using the environment variable `STORAGE_LDAP_BIND_PASSWORD`. The same applies to the new Kopano IDP user password, which needs to be made available to oCIS in `IDP_LDAP_BIND_PASSWORD`. - -Furthermore, oCIS uses a shared secret to sign JWT tokens for inter service authorization, which also needs to be changed by the user. -You can change it by setting the `OCIS_JWT_SECRET` environment variable for oCIS to a random string. - -Another is used secret for singing JWT tokens for uploads and downloads, which also needs to be changed by the user. -You can change it by setting the `STORAGE_TRANSFER_SECRET` environment variable for oCIS to a random string. - -One more secret is used for machine auth, so that external applications can authenticate with an API key. -You can change it by setting the `OCIS_MACHINE_AUTH_API_KEY` environment variable for oCIS to a random string. - -### Delete demo users - -{{< hint info >}} -Before deleting the demo users mentioned below, you must create a new account for yourself and assign it to the administrator role. - -By default, oCIS doesn't create any demo users. During the first startup, it generates only the admin and one user for IDP and Reva respectively. -{{< /hint >}} - -oCIS ships with a few demo users besides the system users: -- Admin (ddc2004c-0977-11eb-9d3f-a793888cd0f8) -- Albert Einstein (4c510ada-c86b-4815-8820-42cdf82c3d51) -- Richard Feynman (932b4540-8d16-481e-8ef4-588e4b6b151c) -- Maurice Moss (058bff95-6708-4fe5-91e4-9ea3d377588b) -- Marie Curie (f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c) - -You can view them in ownCloud Web if you log in as Admin user or list them by running `ocis accounts list`. -After adding your own user it is safe to delete the demo users in the web UI or with the command `ocis accounts remove `. Please do not delete the system users (see [change default secrets]({{< ref "./#change-default-secrets" >}})) or oCIS will not function properly anymore. +The recommended way is to use `ocis init` for that. It will generate a secure config file for you. diff --git a/docs/ocis/deployment/basic-remote-setup.md b/docs/ocis/deployment/basic-remote-setup.md index eaa95ac7025..461cb5b4b5a 100644 --- a/docs/ocis/deployment/basic-remote-setup.md +++ b/docs/ocis/deployment/basic-remote-setup.md @@ -15,6 +15,8 @@ If you need to access oCIS running in a docker container, on a VM or a remote ma ## Start the oCIS fullstack server from binary +Initialize the oCIS configuration by running `./bin/ocis init`. + Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a directory tree skeleton in `$HOME/.ocis`. If that is already existing it will not be overwritten as it contains all relevant data for oCIS. In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to configure the built-in identity provider and therefore contains the OpenID Connect issuer and also information about relying parties, for example ownCloud Web and our desktop and mobile applications. @@ -23,10 +25,6 @@ In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to con The `identifier-registration.yaml` file will only be generated if it does not exist yet. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors. {{< /hint >}} -{{< hint warning >}} -oCIS is currently in a Tech Preview state and is shipped with demo users. In order to secure your oCIS instances please follow following guide: [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}) -{{< /hint >}} - For the following examples you need to have the oCIS binary in your current working directory, we assume it is named `ocis` and it needs to be marked as executable. See [Getting Started]({{< ref "../getting-started/#binaries" >}}) for where to get the binary from. ### Using automatically generated certificates diff --git a/docs/ocis/deployment/oc10_ocis_parallel.md b/docs/ocis/deployment/oc10_ocis_parallel.md index d5ff6e72e4b..d87f233ae57 100644 --- a/docs/ocis/deployment/oc10_ocis_parallel.md +++ b/docs/ocis/deployment/oc10_ocis_parallel.md @@ -122,8 +122,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oC10 and oCIS frontend in `CLOUD_DOMAIN=`, e.g. `CLOUD_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - By default ownCloud 10 will be started in the `latest` version. If you want to start a specific version of oCIS set the version to `OC10_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis/tags?page=1&ordering=last_updated). You can switch the default application of ownCloud 10 by setting`OWNCLOUD_DEFAULT_APP=files` in oder to have the classic UI as frontend, which is also the default. If you prefer ownCloud Web as the default application in ownCloud 10 just set `OWNCLOUD_DEFAULT_APP=web`. diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index afc6e441c11..312939a73a2 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -95,8 +95,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - By default the oCIS Hello extension will be started in the `latest` version. If you want to start a specific version of oCIS Hello set the version to `OCIS_HELLO_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/owncloud/ocis-hello/tags?page=1&ordering=last_updated). Now you have configured everything and can save the file. diff --git a/docs/ocis/deployment/ocis_individual_services.md b/docs/ocis/deployment/ocis_individual_services.md index ab2bebe9b34..718e5291a42 100644 --- a/docs/ocis/deployment/ocis_individual_services.md +++ b/docs/ocis/deployment/ocis_individual_services.md @@ -91,8 +91,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - You also can run more than one instance of the service by setting `OCIS_SCALE` to number greater than one. Now you have configured everything and can save the file. diff --git a/docs/ocis/deployment/ocis_keycloak.md b/docs/ocis/deployment/ocis_keycloak.md index 7495f661f5a..5708569e2a3 100644 --- a/docs/ocis/deployment/ocis_keycloak.md +++ b/docs/ocis/deployment/ocis_keycloak.md @@ -108,8 +108,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) If you want to change the OIDC client id of th ownCloud Web frontend, you can do this by setting the name to `OCIS_OIDC_CLIENT_ID=`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - Set your domain for the Keycloak administration panel and authentication endpoints to `KEYCLOAK_DOMAIN=` e.g. `KEYCLOAK_DOMAIN=keycloak.owncloud.test`. Changing the used Keycloak realm can be done by setting `KEYCLOAK_REALM=`. This defaults to the oCIS realm `KEYCLOAK_REALM=oCIS`. The oCIS realm will be automatically imported on startup and includes our demo users. diff --git a/docs/ocis/deployment/ocis_ldap.md b/docs/ocis/deployment/ocis_ldap.md index 7b0bea33546..8ec958451aa 100644 --- a/docs/ocis/deployment/ocis_ldap.md +++ b/docs/ocis/deployment/ocis_ldap.md @@ -93,8 +93,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=cloud.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - The OpenLDAP server in this example deployment has an admin users, which is also used as bind user in order to keep these examples simple. You can change the default password "admin" to a different one by setting it to `LDAP_ADMIN_PASSWORD=...`. Set your domain for the LDAP manager UI in `LDAP_MANAGER_DOMAIN=`, e.g. `ldap.owncloud.test`. diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index d98617aee62..38c2d9ddf2d 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -104,8 +104,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - Set your domain for the MinIO frontend in `MINIO_DOMAIN=`, e.g. `MINIO_DOMAIN=minio.owncloud.test`. If you are using other S3-compatible providers you need to configure the respective endpoint here. If you like you can change the default name of the S3 bucket by setting `MINIO_BUCKET=` to a different value. diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md index a672577e2c4..ee6851d108c 100644 --- a/docs/ocis/deployment/ocis_traefik.md +++ b/docs/ocis/deployment/ocis_traefik.md @@ -88,8 +88,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - Now you have configured everything and can save the file. * Start the docker stack diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md index 10c5fd04d3c..99f9713918e 100644 --- a/docs/ocis/deployment/ocis_wopi.md +++ b/docs/ocis/deployment/ocis_wopi.md @@ -130,8 +130,6 @@ See also [example server setup]({{< ref "preparing_server" >}}) Set your domain for the oCIS frontend in `OCIS_DOMAIN=`, e.g. `OCIS_DOMAIN=ocis.owncloud.test`. - You also must override the default secrets in `IDP_LDAP_BIND_PASSWORD`, `STORAGE_LDAP_BIND_PASSWORD`, `OCIS_JWT_SECRET`, `STORAGE_TRANSFER_SECRET` and `OCIS_MACHINE_AUTH_API_KEY` in order to secure your oCIS instance. Choose some random strings e.g. from the output of `openssl rand -base64 32`. For more information see [secure an oCIS instance]({{< ref "./#secure-an-ocis-instance" >}}). - By default the CS3Org WOPI server will also be started in the `latest` version. If you want to start a specific version of it, you can set the version to `WOPISERVER_DOCKER_TAG=`. Available versions can be found on [Docker Hub](https://hub.docker.com/r/cs3org/wopiserver/tags?page=1&ordering=last_updated). Set your domain for the CS3Org WOPI server in `WOPISERVER_DOMAIN=`, where all office suites can download the files via the WOPI protocol. diff --git a/docs/ocis/deployment/systemd.md b/docs/ocis/deployment/systemd.md index d37d380f404..55d723e0462 100644 --- a/docs/ocis/deployment/systemd.md +++ b/docs/ocis/deployment/systemd.md @@ -39,11 +39,10 @@ WantedBy=multi-user.target For reasons of simplicity we are using the root user and group to run oCIS which is not recommended. Please use a non-root user in production environments and modify the oCIS service definition accordingly. - In the service definition we referenced `/etc/ocis/ocis.env` as our file containing environment variables for the oCIS process. In order to create the file we need first to create the folder `/etc/ocis/` and then we can add the actual `/etc/ocis/ocis.env` with following content: -``` +```bash OCIS_URL=https://some-hostname-or-ip:9200 PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_INSECURE=false @@ -60,9 +59,10 @@ Please change your `OCIS_URL` in order to reflect your actual deployment. If you oCIS will store all data in `/var/lib/ocis`, because we configured it so by setting `OCIS_BASE_DATA_PATH`. Therefore you need to create that directory and make it accessible to the user, you use to start oCIS. - ## Starting the oCIS service +Initialize the oCIS configuration by running `ocis init --config-path /etc/ocis`. + You can enable oCIS now by running `systemctl enable --now ocis`. It will ensure that oCIS also is restarted after a reboot of the host. If you need to restart oCIS because of configuration changes in `/etc/ocis/ocis.env`, run `systemctl restart ocis`. diff --git a/docs/ocis/development/testing.md b/docs/ocis/development/testing.md index 58270b65f1b..1439e67c6c7 100644 --- a/docs/ocis/development/testing.md +++ b/docs/ocis/development/testing.md @@ -89,7 +89,7 @@ We are using the ownCloud 10 acceptance test suite against oCIS. All you need to do to get the acceptance tests is check out the core repo: -``` +```bash git clone https://github.com/owncloud/core.git ``` @@ -97,7 +97,8 @@ git clone https://github.com/owncloud/core.git To start ocis: -``` +```bash +ocis init OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true bin/ocis server ``` @@ -108,12 +109,13 @@ OCIS_INSECURE=true PROXY_ENABLE_BASIC_AUTH=true bin/ocis server First we will need to clone the testing app in owncloud which contains the skeleton files required for running the tests. In the ownCloud 10 core clone the testing app with the following command: -``` +```bash git clone https://github.com/owncloud/testing apps/testing ``` Then run the api acceptance tests with the following command from the root of the ownCloud 10 core repository: -``` + +```bash make test-acceptance-api \ TEST_SERVER_URL=https://localhost:9200 \ TEST_OCIS=true \ @@ -153,7 +155,7 @@ If you want to work on a specific issue E.g.: - ``` + ```bash make test-acceptance-api \ TEST_SERVER_URL=https://localhost:9200 \ TEST_OCIS=true \ @@ -174,7 +176,8 @@ If you want to work on a specific issue Instruction on setup is available [here](https://owncloud.dev/ocis/deployment/oc10_ocis_parallel/#local-setup) Edit the `.env` file and uncomment this line: -``` + +```bash COMPOSE_FILE=docker-compose.yml:testing/docker-compose-additions.yml ``` diff --git a/docs/ocis/getting-started/_index.md b/docs/ocis/getting-started/_index.md index 0838cafdd12..5a31560b831 100644 --- a/docs/ocis/getting-started/_index.md +++ b/docs/ocis/getting-started/_index.md @@ -42,14 +42,17 @@ curl https://download.owncloud.com/ocis/ocis/stable/1.20.0/ocis-1.20.0-linux-amd # make binary executable chmod +x ocis +# initialize a minimal oCIS configuration +./ocis init + # run with demo users -OCIS_INSECURE=true ACCOUNTS_DEMO_USERS_AND_GROUPS=true ./ocis server +IDM_CREATE_DEMO_USERS=true ./ocis server ``` The default primary storage location is `~/.ocis` or `/var/lib/ocis` depending on the packaging format and your operating system user. You can change that value by configuration. {{< hint info >}} -When you're using oCIS with self-signed certificates, you need to set the environment variable `OCIS_INSECURE=true`, in order to make oCIS work. +When you're using oCIS with self-signed certificates, you need to answer the the question for certificate checking with "yes" or set the environment variable `OCIS_INSECURE=true`, in order to make oCIS work. {{< /hint >}} {{< hint warning >}} @@ -64,7 +67,8 @@ The `latest` tag always reflects the current master branch. ```console docker pull owncloud/ocis -docker run --rm -ti -p 9200:9200 -e OCIS_INSECURE=true -e ACCOUNTS_DEMO_USERS_AND_GROUPS=true owncloud/ocis +docker run --rm -it -v ocis-config:/etc/ocis owncloud/ocis init +docker run --rm -p 9200:9200 -v ocis-config:/etc/ocis -v ocis-data:/var/lib/ocis -e IDM_CREATE_DEMO_USERS=true owncloud/ocis ``` {{< hint info >}} @@ -72,11 +76,11 @@ When you're using oCIS with self-signed certificates, you need to set the enviro {{< /hint >}} {{< hint warming >}} -When you're creating the [demo users]({{< ref "./demo-users" >}}) by setting `ACCOUNTS_DEMO_USERS_AND_GROUPS=true`, you need to be sure that this instance is not used in production because the passwords are public. +When you're creating the [demo users]({{< ref "./demo-users" >}}) by setting `IDM_CREATE_DEMO_USERS=true`, you need to be sure that this instance is not used in production because the passwords are public. {{< /hint >}} {{< hint warning >}} -In order to persist your data, you need to mount a docker volume or create a host bind-mount at `/var/lib/ocis`, for example with: `-v /some/host/dir:/var/lib/ocis` +We are using named volumes for the oCIS configuration and oCIS data in the above example (`-v ocis-config:/etc/ocis -v ocis-data:/var/lib/ocis`). You could instead also use host bind-mounts instead, eg. `-v /some/host/dir:/var/lib/ocis`. You cannot use bind mounts on MacOS, since extended attributes are not supported ([owncloud/ocis#182](https://github.com/owncloud/ocis/issues/182), [moby/moby#1070](https://github.com/moby/moby/issues/1070)). {{< /hint >}} @@ -91,6 +95,12 @@ Open [https://localhost:9200](https://localhost:9200) and [login using one of th The oCIS single binary contains multiple extensions and the `ocis` command helps you to manage them. You already used `ocis server` to run all available extensions in the [Run oCIS]({{< ref "#run-ocis" >}}) section. We now will show you some more management commands, which you may also explore by typing `ocis --help` or going to the [docs]({{< ref "../config" >}}). +To initialize the oCIS configuration: + +{{< highlight txt >}} +ocis init +{{< / highlight >}} + To start oCIS server: {{< highlight txt >}} diff --git a/docs/ocis/getting-started/demo-users.md b/docs/ocis/getting-started/demo-users.md index 15179f98bd4..470a1ed39df 100644 --- a/docs/ocis/getting-started/demo-users.md +++ b/docs/ocis/getting-started/demo-users.md @@ -16,13 +16,13 @@ To create the demo users, run the initial setup step with an additional environm Following users are available in the demo set: -| username | password | email | role | groups | -| --------- | ------------- | --------------------- | ----------- | ----------------------------------------------------------------------- | -| admin | admin | admin@example.org | admin | users | -| einstein | relativity | einstein@example.org | user | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters | -| marie | radioactivity | marie@example.org | user | users, physics-lovers, polonium-lovers, radium-lovers | -| moss | vista | moss@example.org | admin | users | -| richard | superfluidity | richard@example.org | user | users, philosophy-haters, physics-lovers, quantum-lovers | -| katherine | gemini | katherine@example.org | space admin | users, sailing-lovers, physics-lovers, quantum-lovers | +| username | password | email | role | groups | +| --------- | ----------------------------------------- | --------------------- | ----------- | ----------------------------------------------------------------------- | +| admin | admin or the one generated by `ocis init` | admin@example.org | admin | users | +| einstein | relativity | einstein@example.org | user | users, philosophy-haters, physics-lovers, sailing-lovers, violin-haters | +| marie | radioactivity | marie@example.org | user | users, physics-lovers, polonium-lovers, radium-lovers | +| moss | vista | moss@example.org | admin | users | +| richard | superfluidity | richard@example.org | user | users, philosophy-haters, physics-lovers, quantum-lovers | +| katherine | gemini | katherine@example.org | space admin | users, sailing-lovers, physics-lovers, quantum-lovers | You may also want to run oCIS with only your custom users by [deleting the demo users]({{< ref "../deployment#delete-demo-users" >}}). diff --git a/docs/ocis/storage-backends/dcfsnfs.md b/docs/ocis/storage-backends/dcfsnfs.md index 07e68fbf435..6ef13be37aa 100644 --- a/docs/ocis/storage-backends/dcfsnfs.md +++ b/docs/ocis/storage-backends/dcfsnfs.md @@ -53,12 +53,11 @@ The oCIS server can be instructed to set up the decomposed FS at a certain path The test setup started an oCIS tech preview single binary release using this start command: -``` +```bash +ocis init OCIS_BASE_DATA_PATH=/mnt/ocisdata/ OCIS_LOG_LEVEL=debug OCIS_INSECURE=true PROXY_HTTP_ADDR=0.0.0.0:9200 OCIS_URL=https://hostname:9200 ./ocis-1.18.0-linux-amd64 server ``` This starts oCIS and a decomposed FS skeleton file system structure is set up on the NFS share. The oCIS instance is passing a smoke test. - - diff --git a/extensions/accounts/cmd/helper/defaultconfig/main.go b/extensions/accounts/cmd/helper/defaultconfig/main.go deleted file mode 100644 index f60d1525d17..00000000000 --- a/extensions/accounts/cmd/helper/defaultconfig/main.go +++ /dev/null @@ -1,27 +0,0 @@ -package main - -import ( - "fmt" - - accountsdefaults "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults" - idpdefaults "github.com/owncloud/ocis/extensions/idp/pkg/config/defaults" - "gopkg.in/yaml.v2" -) - -func main() { - - fn1 := accountsdefaults.FullDefaultConfig - fn2 := idpdefaults.FullDefaultConfig - - b, err := yaml.Marshal(fn1()) - if err != nil { - return - } - fmt.Println(string(b)) - - b, err = yaml.Marshal(fn2()) - if err != nil { - return - } - fmt.Println(string(b)) -} diff --git a/extensions/accounts/pkg/command/health.go b/extensions/accounts/pkg/command/health.go index 28794625760..0590938e938 100644 --- a/extensions/accounts/pkg/command/health.go +++ b/extensions/accounts/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/accounts/pkg/command/server.go b/extensions/accounts/pkg/command/server.go index cad2406868f..26fb0f1f494 100644 --- a/extensions/accounts/pkg/command/server.go +++ b/extensions/accounts/pkg/command/server.go @@ -25,7 +25,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/accounts/pkg/config/config.go b/extensions/accounts/pkg/config/config.go index 9b46d2dbf17..29c2ce7fe5e 100644 --- a/extensions/accounts/pkg/config/config.go +++ b/extensions/accounts/pkg/config/config.go @@ -19,7 +19,7 @@ type Config struct { HTTP HTTP `yaml:"http"` GRPC GRPC `yaml:"grpc"` - TokenManager TokenManager `yaml:"token_manager"` + TokenManager *TokenManager `yaml:"token_manager"` Asset Asset `yaml:"asset"` Repo Repo `yaml:"repo"` @@ -36,11 +36,6 @@ type Asset struct { Path string `yaml:"path" env:"ACCOUNTS_ASSET_PATH" desc:"The path to the ui assets."` } -// TokenManager is the config for using the reva token manager -type TokenManager struct { - JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;ACCOUNTS_JWT_SECRET" desc:"The secret to mint jwt tokens."` -} - // Repo defines which storage implementation is to be used. type Repo struct { Backend string `yaml:"backend" env:"ACCOUNTS_STORAGE_BACKEND" desc:"Defines which storage implementation is to be used"` diff --git a/extensions/accounts/pkg/config/defaults/defaultconfig.go b/extensions/accounts/pkg/config/defaults/defaultconfig.go index d44ca4aafb3..6aaea79f334 100644 --- a/extensions/accounts/pkg/config/defaults/defaultconfig.go +++ b/extensions/accounts/pkg/config/defaults/defaultconfig.go @@ -10,10 +10,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -44,10 +42,7 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "accounts", }, - Asset: config.Asset{}, - TokenManager: config.TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, + Asset: config.Asset{}, HashDifficulty: 11, DemoUsersAndGroups: false, Repo: config.Repo{ @@ -101,6 +96,14 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/accounts/pkg/config/parser/parse.go b/extensions/accounts/pkg/config/parser/parse.go index 91d47c19d8a..b052fd59c33 100644 --- a/extensions/accounts/pkg/config/parser/parse.go +++ b/extensions/accounts/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/accounts/pkg/config" defaults "github.com/owncloud/ocis/extensions/accounts/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +30,12 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } return nil } diff --git a/extensions/accounts/pkg/config/reva.go b/extensions/accounts/pkg/config/reva.go new file mode 100644 index 00000000000..172786f6f1c --- /dev/null +++ b/extensions/accounts/pkg/config/reva.go @@ -0,0 +1,6 @@ +package config + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;ACCOUNTS_JWT_SECRET"` +} diff --git a/extensions/appprovider/pkg/command/command.go b/extensions/appprovider/pkg/command/command.go index 2c1399446fe..f638e3c98cf 100644 --- a/extensions/appprovider/pkg/command/command.go +++ b/extensions/appprovider/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -10,6 +11,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/appprovider/pkg/config" + "github.com/owncloud/ocis/extensions/appprovider/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" @@ -24,6 +26,13 @@ func AppProvider(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "app-provider", Usage: "start appprovider for providing apps", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -92,8 +101,8 @@ func appProviderConfigFromStruct(c *cli.Context, cfg *config.Config) map[string] "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ @@ -114,7 +123,7 @@ func appProviderConfigFromStruct(c *cli.Context, cfg *config.Config) map[string] "app_url": cfg.Drivers.WOPI.AppURL, "insecure_connections": cfg.Drivers.WOPI.Insecure, "iop_secret": cfg.Drivers.WOPI.IopSecret, - "jwt_secret": cfg.JWTSecret, + "jwt_secret": cfg.TokenManager.JWTSecret, "wopi_url": cfg.Drivers.WOPI.WopiURL, }, }, diff --git a/extensions/appprovider/pkg/config/config.go b/extensions/appprovider/pkg/config/config.go index 72645eee81c..9f0c0e9c555 100644 --- a/extensions/appprovider/pkg/config/config.go +++ b/extensions/appprovider/pkg/config/config.go @@ -8,16 +8,17 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - ExternalAddr string - Driver string - Drivers Drivers + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + ExternalAddr string `yaml:"external_addr"` + Driver string `yaml:"driver"` + Drivers Drivers `yaml:"drivers"` } type Tracing struct { diff --git a/extensions/appprovider/pkg/config/defaults/defaultconfig.go b/extensions/appprovider/pkg/config/defaults/defaultconfig.go index 332ce0dba47..978c6d2edb6 100644 --- a/extensions/appprovider/pkg/config/defaults/defaultconfig.go +++ b/extensions/appprovider/pkg/config/defaults/defaultconfig.go @@ -2,13 +2,13 @@ package defaults import ( "github.com/owncloud/ocis/extensions/appprovider/pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" ) func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -27,9 +27,10 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "appprovider", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - Driver: "", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + Driver: "", Drivers: config.Drivers{ WOPI: config.WOPIDriver{}, }, @@ -59,8 +60,32 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { // nothing to sanitize here atm } + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/appprovider/pkg/config/parser/parse.go b/extensions/appprovider/pkg/config/parser/parse.go new file mode 100644 index 00000000000..ff554af4759 --- /dev/null +++ b/extensions/appprovider/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/appprovider/pkg/config" + "github.com/owncloud/ocis/extensions/appprovider/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/appprovider/pkg/config/reva.go b/extensions/appprovider/pkg/config/reva.go new file mode 100644 index 00000000000..aec078b05a4 --- /dev/null +++ b/extensions/appprovider/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;APP_PROVIDER_JWT_SECRET"` +} diff --git a/extensions/audit/pkg/command/server.go b/extensions/audit/pkg/command/server.go index 2ace55644a0..ad4ad4e1752 100644 --- a/extensions/audit/pkg/command/server.go +++ b/extensions/audit/pkg/command/server.go @@ -22,7 +22,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/audit/pkg/config/defaults/defaultconfig.go b/extensions/audit/pkg/config/defaults/defaultconfig.go index 27b94a8147d..f6ec2fb31e3 100644 --- a/extensions/audit/pkg/config/defaults/defaultconfig.go +++ b/extensions/audit/pkg/config/defaults/defaultconfig.go @@ -6,10 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/audit/pkg/config/parser/parse.go b/extensions/audit/pkg/config/parser/parse.go index 7c9179761c0..f34652a3193 100644 --- a/extensions/audit/pkg/config/parser/parse.go +++ b/extensions/audit/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/auth-basic/pkg/command/command.go b/extensions/auth-basic/pkg/command/command.go index 7835e9f09f5..cd08691a568 100644 --- a/extensions/auth-basic/pkg/command/command.go +++ b/extensions/auth-basic/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" "path/filepath" @@ -11,6 +12,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" + "github.com/owncloud/ocis/extensions/auth-basic/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/ldap" @@ -26,6 +28,13 @@ func AuthBasic(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "auth-basic", Usage: "start authprovider for basic auth", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -113,8 +122,8 @@ func authBasicConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]in "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/auth-basic/pkg/config/config.go b/extensions/auth-basic/pkg/config/config.go index e3706473cc0..2632ac9b166 100644 --- a/extensions/auth-basic/pkg/config/config.go +++ b/extensions/auth-basic/pkg/config/config.go @@ -8,13 +8,14 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` AuthProvider string `yaml:"auth_provider" env:"AUTH_BASIC_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"` AuthProviders AuthProviders `yaml:"auth_providers"` } @@ -63,7 +64,7 @@ type LDAPProvider struct { CACert string `env:"LDAP_CACERT;AUTH_BASIC_LDAP_CACERT"` Insecure bool `env:"LDAP_INSECURE;AUTH_BASIC_LDAP_INSECURE"` BindDN string `env:"LDAP_BIND_DN;AUTH_BASIC_LDAP_BIND_DN"` - BindPassword string `env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;AUTH_BASIC_LDAP_BIND_PASSWORD"` UserBaseDN string `env:"LDAP_USER_BASE_DN;AUTH_BASIC_LDAP_USER_BASE_DN"` GroupBaseDN string `env:"LDAP_GROUP_BASE_DN;AUTH_BASIC_LDAP_GROUP_BASE_DN"` UserScope string `env:"LDAP_USER_SCOPE;AUTH_BASIC_LDAP_USER_SCOPE"` diff --git a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go index 309b1324469..3bfbaf800f7 100644 --- a/extensions/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/extensions/auth-basic/pkg/config/defaults/defaultconfig.go @@ -9,9 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -30,9 +29,10 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-basic", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - AuthProvider: "ldap", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + AuthProvider: "ldap", AuthProviders: config.AuthProviders{ LDAP: config.LDAPProvider{ URI: "ldaps://localhost:9235", @@ -48,7 +48,6 @@ func DefaultConfig() *config.Config { UserObjectClass: "inetOrgPerson", GroupObjectClass: "groupOfNames", BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - BindPassword: "reva", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", @@ -67,7 +66,6 @@ func DefaultConfig() *config.Config { JSON: config.JSONProvider{}, OwnCloudSQL: config.OwnCloudSQLProvider{ DBUsername: "owncloud", - DBPassword: "secret", DBHost: "mysql", DBPort: 3306, DBName: "owncloud", @@ -103,6 +101,23 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + } func Sanitize(cfg *config.Config) { diff --git a/extensions/auth-basic/pkg/config/parser/parse.go b/extensions/auth-basic/pkg/config/parser/parse.go new file mode 100644 index 00000000000..de3b06d5c54 --- /dev/null +++ b/extensions/auth-basic/pkg/config/parser/parse.go @@ -0,0 +1,46 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/auth-basic/pkg/config" + "github.com/owncloud/ocis/extensions/auth-basic/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.AuthProviders.LDAP.BindPassword == "" && cfg.AuthProvider == "ldap" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/auth-basic/pkg/config/reva.go b/extensions/auth-basic/pkg/config/reva.go new file mode 100644 index 00000000000..e01bce8ed76 --- /dev/null +++ b/extensions/auth-basic/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BASIC_JWT_SECRET"` +} diff --git a/extensions/auth-bearer/pkg/command/command.go b/extensions/auth-bearer/pkg/command/command.go index dd27a0b8e48..ea41172d272 100644 --- a/extensions/auth-bearer/pkg/command/command.go +++ b/extensions/auth-bearer/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -10,6 +11,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config" + "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" @@ -24,6 +26,13 @@ func AuthBearer(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "auth-bearer", Usage: "start authprovider for bearer auth", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -94,8 +103,8 @@ func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]i "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/auth-bearer/pkg/config/config.go b/extensions/auth-bearer/pkg/config/config.go index 0bc26ab120a..984ac379845 100644 --- a/extensions/auth-bearer/pkg/config/config.go +++ b/extensions/auth-bearer/pkg/config/config.go @@ -8,13 +8,14 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` AuthProvider string `yaml:"auth_provider" env:"AUTH_BEARER_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"` AuthProviders AuthProviders `yaml:"auth_providers"` } diff --git a/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go b/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go index 4ca3d0f5caf..59d0acd7066 100644 --- a/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/extensions/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -27,9 +26,10 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-bearer", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - AuthProvider: "ldap", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + AuthProvider: "ldap", AuthProviders: config.AuthProviders{ OIDC: config.OIDCProvider{ Issuer: "https://localhost:9200", @@ -63,6 +63,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/auth-bearer/pkg/config/parser/parse.go b/extensions/auth-bearer/pkg/config/parser/parse.go new file mode 100644 index 00000000000..fc3a1c50206 --- /dev/null +++ b/extensions/auth-bearer/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config" + "github.com/owncloud/ocis/extensions/auth-bearer/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/auth-bearer/pkg/config/reva.go b/extensions/auth-bearer/pkg/config/reva.go new file mode 100644 index 00000000000..1615b97d006 --- /dev/null +++ b/extensions/auth-bearer/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_BEARER_JWT_SECRET"` +} diff --git a/extensions/auth-machine/pkg/command/command.go b/extensions/auth-machine/pkg/command/command.go index 332c1ed8656..1ab91220afb 100644 --- a/extensions/auth-machine/pkg/command/command.go +++ b/extensions/auth-machine/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -10,6 +11,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/auth-machine/pkg/config" + "github.com/owncloud/ocis/extensions/auth-machine/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" @@ -24,6 +26,13 @@ func AuthMachine(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "auth-machine", Usage: "start authprovider for machine auth", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -94,8 +103,8 @@ func authMachineConfigFromStruct(c *cli.Context, cfg *config.Config) map[string] "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ @@ -108,7 +117,7 @@ func authMachineConfigFromStruct(c *cli.Context, cfg *config.Config) map[string] "auth_managers": map[string]interface{}{ "machine": map[string]interface{}{ "api_key": cfg.AuthProviders.Machine.APIKey, - "gateway_addr": cfg.GatewayEndpoint, + "gateway_addr": cfg.Reva.Address, }, }, }, diff --git a/extensions/auth-machine/pkg/config/config.go b/extensions/auth-machine/pkg/config/config.go index 50a2db2c157..19ff424c9bf 100644 --- a/extensions/auth-machine/pkg/config/config.go +++ b/extensions/auth-machine/pkg/config/config.go @@ -8,13 +8,14 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` AuthProvider string `yaml:"auth_provider" env:"AUTH_MACHINE_AUTH_PROVIDER" desc:"The auth provider which should be used by the service"` AuthProviders AuthProviders `yaml:"auth_providers"` } diff --git a/extensions/auth-machine/pkg/config/defaults/defaultconfig.go b/extensions/auth-machine/pkg/config/defaults/defaultconfig.go index 4a442d48b88..47b0f1a16a7 100644 --- a/extensions/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/extensions/auth-machine/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -27,14 +26,10 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-machine", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - AuthProvider: "ldap", - AuthProviders: config.AuthProviders{ - Machine: config.MachineProvider{ - APIKey: "change-me-please", - }, + Reva: &config.Reva{ + Address: "127.0.0.1:9142", }, + AuthProvider: "ldap", } } @@ -61,6 +56,26 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.AuthProviders.Machine.APIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.AuthProviders.Machine.APIKey = cfg.Commons.MachineAuthAPIKey + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/auth-machine/pkg/config/parser/parse.go b/extensions/auth-machine/pkg/config/parser/parse.go new file mode 100644 index 00000000000..2eb535806ba --- /dev/null +++ b/extensions/auth-machine/pkg/config/parser/parse.go @@ -0,0 +1,45 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/auth-machine/pkg/config" + "github.com/owncloud/ocis/extensions/auth-machine/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.AuthProviders.Machine.APIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + return nil +} diff --git a/extensions/auth-machine/pkg/config/reva.go b/extensions/auth-machine/pkg/config/reva.go new file mode 100644 index 00000000000..e81446d87f3 --- /dev/null +++ b/extensions/auth-machine/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;AUTH_MACHINE_JWT_SECRET"` +} diff --git a/extensions/frontend/pkg/command/command.go b/extensions/frontend/pkg/command/command.go index 98d0c49122c..96fb5e023c8 100644 --- a/extensions/frontend/pkg/command/command.go +++ b/extensions/frontend/pkg/command/command.go @@ -7,15 +7,14 @@ import ( "os" "path" "strconv" - "strings" "github.com/cs3org/reva/v2/cmd/revad/runtime" "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/frontend/pkg/config" + "github.com/owncloud/ocis/extensions/frontend/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" - "github.com/owncloud/ocis/ocis-pkg/conversions" "github.com/owncloud/ocis/ocis-pkg/log" "github.com/owncloud/ocis/ocis-pkg/sync" "github.com/owncloud/ocis/ocis-pkg/tracing" @@ -28,11 +27,12 @@ func Frontend(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "frontend", Usage: "start frontend service", - Before: func(c *cli.Context) error { - if err := loadUserAgent(c, cfg); err != nil { - return err + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) } - return nil + return err }, Action: func(c *cli.Context) error { logCfg := cfg.Logging @@ -53,13 +53,6 @@ func Frontend(cfg *config.Config) *cli.Command { uuid := uuid.Must(uuid.NewV4()) pidFile := path.Join(os.TempDir(), "revad-"+c.Command.Name+"-"+uuid.String()+".pid") - // pregenerate list of valid localhost ports for the desktop redirect_uri - // TODO use custom scheme like "owncloud://localhost/user/callback" tracked in - var desktopRedirectURIs [65535 - 1024]string - for port := 0; port < len(desktopRedirectURIs); port++ { - desktopRedirectURIs[port] = fmt.Sprintf("http://localhost:%d", (port + 1024)) - } - archivers := []map[string]interface{}{ { "enabled": true, @@ -156,8 +149,8 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, // Todo or address? + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, // Todo or address? "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "http": map[string]interface{}{ @@ -194,13 +187,13 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s "insecure": true, }, "ocs": map[string]interface{}{ - "storage_registry_svc": cfg.GatewayEndpoint, + "storage_registry_svc": cfg.Reva.Address, "share_prefix": cfg.OCS.SharePrefix, "home_namespace": cfg.OCS.HomeNamespace, "resource_info_cache_ttl": cfg.OCS.ResourceInfoCacheTTL, "prefix": cfg.OCS.Prefix, "additional_info_attribute": cfg.OCS.AdditionalInfoAttribute, - "machine_auth_apikey": cfg.AuthMachine.APIKey, + "machine_auth_apikey": cfg.MachineAuthAPIKey, "cache_warmup_driver": cfg.OCS.CacheWarmupDriver, "cache_warmup_drivers": map[string]interface{}{ "cbox": map[string]interface{}{ @@ -210,7 +203,7 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s "db_port": cfg.OCS.CacheWarmupDrivers.CBOX.DBPort, "db_name": cfg.OCS.CacheWarmupDrivers.CBOX.DBName, "namespace": cfg.OCS.CacheWarmupDrivers.CBOX.Namespace, - "gatewaysvc": cfg.GatewayEndpoint, + "gatewaysvc": cfg.Reva.Address, }, }, "config": map[string]interface{}{ @@ -311,31 +304,6 @@ func frontendConfigFromStruct(c *cli.Context, cfg *config.Config, filesCfg map[s } } -// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of -// "user-agent":"challenge" locks in for Reva. -// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e: -// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0 -// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent -// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we -// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied -// in reverse for each individual part -func loadUserAgent(c *cli.Context, cfg *config.Config) error { - cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string) - locks := c.StringSlice("user-agent-whitelist-lock-in") - - for _, v := range locks { - vv := conversions.Reverse(v) - parts := strings.SplitN(vv, ":", 2) - if len(parts) != 2 { - return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v) - } - - cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0]) - } - - return nil -} - // FrontendSutureService allows for the storage-frontend command to be embedded and supervised by a suture supervisor tree. type FrontendSutureService struct { cfg *config.Config diff --git a/extensions/frontend/pkg/config/config.go b/extensions/frontend/pkg/config/config.go index fd9d1c99a88..7006febe774 100644 --- a/extensions/frontend/pkg/config/config.go +++ b/extensions/frontend/pkg/config/config.go @@ -8,31 +8,35 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` HTTP HTTPConfig `yaml:"http"` // JWTSecret used to verify reva access token - JWTSecret string `yaml:"jwt_secret"` - GatewayEndpoint string - SkipUserGroupsInToken bool - EnableFavorites bool `yaml:"favorites"` - EnableProjectSpaces bool + TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` + + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;FRONTEND_MACHINE_AUTH_API_KEY"` + + SkipUserGroupsInToken bool `yaml:"skip_users_groups_in_token"` + + EnableFavorites bool `yaml:"favorites"` + EnableProjectSpaces bool `yaml:"enable_project_spaces"` UploadMaxChunkSize int `yaml:"upload_max_chunk_size"` UploadHTTPMethodOverride string `yaml:"upload_http_method_override"` DefaultUploadProtocol string `yaml:"default_upload_protocol"` - TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` - PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` - Archiver Archiver - AppProvider AppProvider - DataGateway DataGateway - OCS OCS - AuthMachine AuthMachine - Checksums Checksums + PublicURL string `yaml:"public_url" env:"OCIS_URL;FRONTEND_PUBLIC_URL"` - Middleware Middleware + Archiver Archiver `yaml:"archiver"` + AppProvider AppProvider `yaml:"app_provider"` + DataGateway DataGateway `yaml:"data_gateway"` + OCS OCS `yaml:"ocs"` + Checksums Checksums `yaml:"checksums"` + + Middleware Middleware `yaml:"middleware"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;FRONTEND_TRACING_ENABLED" desc:"Activates tracing."` @@ -72,25 +76,25 @@ type Middleware struct { // Auth configures reva http auth middleware. type Auth struct { - CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agenr"` + CredentialsByUserAgent map[string]string `yaml:"credentials_by_user_agent"` } type Archiver struct { - MaxNumFiles int64 `yaml:"max_num_files"` - MaxSize int64 `yaml:"max_size"` - Prefix string - Insecure bool `env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"` + MaxNumFiles int64 `yaml:"max_num_files"` + MaxSize int64 `yaml:"max_size"` + Prefix string `yaml:"-"` + Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_ARCHIVER_INSECURE"` } type AppProvider struct { ExternalAddr string `yaml:"external_addr"` Driver string `yaml:"driver"` // WopiDriver WopiDriver `yaml:"wopi_driver"` - AppsURL string `yaml:"apps_url"` - OpenURL string `yaml:"open_url"` - NewURL string `yaml:"new_url"` - Prefix string - Insecure bool `env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"` + AppsURL string `yaml:"-"` + OpenURL string `yaml:"-"` + NewURL string `yaml:"-"` + Prefix string `yaml:"-"` + Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;FRONTEND_APPPROVIDER_INSECURE"` } type DataGateway struct { @@ -120,10 +124,6 @@ type CBOXDriver struct { Namespace string } -type AuthMachine struct { - APIKey string `env:"OCIS_MACHINE_AUTH_API_KEY"` -} - type Checksums struct { SupportedTypes []string `yaml:"supported_types"` PreferredUploadType string `yaml:"preferred_upload_type"` diff --git a/extensions/frontend/pkg/config/defaults/defaultconfig.go b/extensions/frontend/pkg/config/defaults/defaultconfig.go index 182914b8227..11f7958f1f3 100644 --- a/extensions/frontend/pkg/config/defaults/defaultconfig.go +++ b/extensions/frontend/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -28,15 +27,15 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "frontend", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, PublicURL: "https://localhost:9200", EnableFavorites: false, EnableProjectSpaces: true, UploadMaxChunkSize: 1e+8, UploadHTTPMethodOverride: "", DefaultUploadProtocol: "tus", - TransferSecret: "replace-me-with-a-transfer-secret", Checksums: config.Checksums{ SupportedTypes: []string{"sha1", "md5", "adler32"}, PreferredUploadType: "", @@ -62,9 +61,6 @@ func DefaultConfig() *config.Config { AdditionalInfoAttribute: "{{.Mail}}", ResourceInfoCacheTTL: 0, }, - AuthMachine: config.AuthMachine{ - APIKey: "change-me-please", - }, Middleware: config.Middleware{ Auth: config.Auth{ CredentialsByUserAgent: map[string]string{}, @@ -96,6 +92,31 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" { + cfg.TransferSecret = cfg.Commons.TransferSecret + } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } + } func Sanitize(cfg *config.Config) { diff --git a/extensions/frontend/pkg/config/parser/parse.go b/extensions/frontend/pkg/config/parser/parse.go new file mode 100644 index 00000000000..e2ff551a5c4 --- /dev/null +++ b/extensions/frontend/pkg/config/parser/parse.go @@ -0,0 +1,50 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/frontend/pkg/config" + "github.com/owncloud/ocis/extensions/frontend/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.TransferSecret == "" { + return shared.MissingRevaTransferSecretError(cfg.Service.Name) + } + + if cfg.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/frontend/pkg/config/reva.go b/extensions/frontend/pkg/config/reva.go new file mode 100644 index 00000000000..77484698f31 --- /dev/null +++ b/extensions/frontend/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;FRONTEND_JWT_SECRET"` +} diff --git a/extensions/gateway/pkg/command/command.go b/extensions/gateway/pkg/command/command.go index af5bb5e836c..60440c22797 100644 --- a/extensions/gateway/pkg/command/command.go +++ b/extensions/gateway/pkg/command/command.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "flag" + "fmt" "io/ioutil" "os" "path" @@ -15,6 +16,7 @@ import ( "github.com/mitchellh/mapstructure" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/gateway/pkg/config" + "github.com/owncloud/ocis/extensions/gateway/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" "github.com/owncloud/ocis/extensions/storage/pkg/service/external" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" @@ -31,12 +33,12 @@ func Gateway(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "gateway", Usage: "start gateway", - Before: func(c *cli.Context) error { - if cfg.DataGatewayPublicURL == "" { - cfg.DataGatewayPublicURL = strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data" + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) } - - return nil + return err }, Action: func(c *cli.Context) error { logCfg := cfg.Logging @@ -125,8 +127,8 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ @@ -136,9 +138,9 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg "services": map[string]interface{}{ "gateway": map[string]interface{}{ // registries is located on the gateway - "authregistrysvc": cfg.GatewayEndpoint, - "storageregistrysvc": cfg.GatewayEndpoint, - "appregistrysvc": cfg.GatewayEndpoint, + "authregistrysvc": cfg.Reva.Address, + "storageregistrysvc": cfg.Reva.Address, + "appregistrysvc": cfg.Reva.Address, // user metadata is located on the users services "preferencessvc": cfg.UsersEndpoint, "userprovidersvc": cfg.UsersEndpoint, @@ -153,7 +155,7 @@ func gatewayConfigFromStruct(c *cli.Context, cfg *config.Config, logger log.Logg "share_folder": cfg.ShareFolder, // ShareFolder is the location where to create shares in the recipient's storage provider. // other "disable_home_creation_on_login": cfg.DisableHomeCreationOnLogin, - "datagateway": cfg.DataGatewayPublicURL, + "datagateway": strings.TrimRight(cfg.FrontendPublicURL, "/") + "/data", "transfer_shared_secret": cfg.TransferSecret, "transfer_expires": cfg.TransferExpires, "home_mapping": cfg.HomeMapping, diff --git a/extensions/gateway/pkg/config/config.go b/extensions/gateway/pkg/config/config.go index 740fa151f6a..ca3555e7216 100644 --- a/extensions/gateway/pkg/config/config.go +++ b/extensions/gateway/pkg/config/config.go @@ -4,42 +4,43 @@ import "github.com/owncloud/ocis/ocis-pkg/shared" type Config struct { *shared.Commons `yaml:"-"` - Service Service `yaml:"-"` - Tracing *Tracing `yaml:"tracing"` - Logging *Logging `yaml:"log"` - Debug Debug `yaml:"debug"` - Supervised bool + + Service Service `yaml:"-"` + Tracing *Tracing `yaml:"tracing"` + Logging *Logging `yaml:"log"` + Debug Debug `yaml:"debug"` + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + SkipUserGroupsInToken bool - CommitShareToStorageGrant bool - CommitShareToStorageRef bool - ShareFolder string - DisableHomeCreationOnLogin bool - TransferSecret string `env:"STORAGE_TRANSFER_SECRET"` - TransferExpires int - HomeMapping string - EtagCacheTTL int + CommitShareToStorageGrant bool `yaml:"commit_share_to_storage_grant"` + CommitShareToStorageRef bool `yaml:"commit_share_to_storage_ref"` + ShareFolder string `yaml:"share_folder"` + DisableHomeCreationOnLogin bool `yaml:"disable_home_creation_on_login"` + TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` + TransferExpires int `yaml:"transfer_expires"` + HomeMapping string `yaml:"home_mapping"` + EtagCacheTTL int `yaml:"etag_cache_ttl"` - UsersEndpoint string - GroupsEndpoint string - PermissionsEndpoint string - SharingEndpoint string - DataGatewayPublicURL string - FrontendPublicURL string `env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL"` - AuthBasicEndpoint string - AuthBearerEndpoint string - AuthMachineEndpoint string - StoragePublicLinkEndpoint string - StorageUsersEndpoint string - StorageSharesEndpoint string + UsersEndpoint string `yaml:"users_endpoint"` + GroupsEndpoint string `yaml:"groups_endpoint"` + PermissionsEndpoint string `yaml:"permissions_endpoint"` + SharingEndpoint string `yaml:"sharing_endpoint"` + FrontendPublicURL string `yaml:"frontend_public_url" env:"OCIS_URL;GATEWAY_FRONTEND_PUBLIC_URL"` + AuthBasicEndpoint string `yaml:"auth_basic_endpoint"` + AuthBearerEndpoint string `yaml:"auth_bearer_endpoint"` + AuthMachineEndpoint string `yaml:"auth_machine_endpoint"` + StoragePublicLinkEndpoint string `yaml:"storage_public_link_endpoint"` + StorageUsersEndpoint string `yaml:"storage_users_endpoint"` + StorageSharesEndpoint string `yaml:"storage_shares_endpoint"` - StorageRegistry StorageRegistry - AppRegistry AppRegistry + StorageRegistry StorageRegistry `yaml:"storage_registry"` + AppRegistry AppRegistry `yaml:"app_registry"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GATEWAY_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/gateway/pkg/config/defaults/defaultconfig.go b/extensions/gateway/pkg/config/defaults/defaultconfig.go index 44c3dc0df30..21e3cc1862c 100644 --- a/extensions/gateway/pkg/config/defaults/defaultconfig.go +++ b/extensions/gateway/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -27,14 +26,14 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "gateway", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, CommitShareToStorageGrant: true, CommitShareToStorageRef: true, ShareFolder: "Shares", DisableHomeCreationOnLogin: true, - TransferSecret: "replace-me-with-a-transfer-secret", TransferExpires: 24 * 60 * 60, HomeMapping: "", EtagCacheTTL: 0, @@ -43,7 +42,6 @@ func DefaultConfig() *config.Config { GroupsEndpoint: "localhost:9160", PermissionsEndpoint: "localhost:9191", SharingEndpoint: "localhost:9150", - DataGatewayPublicURL: "", FrontendPublicURL: "https://localhost:9200", AuthBasicEndpoint: "localhost:9146", AuthBearerEndpoint: "localhost:9148", @@ -85,6 +83,26 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" { + cfg.TransferSecret = cfg.Commons.TransferSecret + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/gateway/pkg/config/parser/parse.go b/extensions/gateway/pkg/config/parser/parse.go new file mode 100644 index 00000000000..424efdbfb21 --- /dev/null +++ b/extensions/gateway/pkg/config/parser/parse.go @@ -0,0 +1,46 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/gateway/pkg/config" + "github.com/owncloud/ocis/extensions/gateway/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.TransferSecret == "" { + return shared.MissingRevaTransferSecretError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/gateway/pkg/config/reva.go b/extensions/gateway/pkg/config/reva.go new file mode 100644 index 00000000000..2a5534c7e26 --- /dev/null +++ b/extensions/gateway/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GATEWAY_JWT_SECRET"` +} diff --git a/extensions/glauth/pkg/command/health.go b/extensions/glauth/pkg/command/health.go index c6e54893cea..0ec61709215 100644 --- a/extensions/glauth/pkg/command/health.go +++ b/extensions/glauth/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/glauth/pkg/command/server.go b/extensions/glauth/pkg/command/server.go index fda86d30c18..5a674cdc948 100644 --- a/extensions/glauth/pkg/command/server.go +++ b/extensions/glauth/pkg/command/server.go @@ -28,7 +28,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/glauth/pkg/config/defaults/defaultconfig.go b/extensions/glauth/pkg/config/defaults/defaultconfig.go index 8d0eb366daa..d4508ee9d74 100644 --- a/extensions/glauth/pkg/config/defaults/defaultconfig.go +++ b/extensions/glauth/pkg/config/defaults/defaultconfig.go @@ -9,10 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/glauth/pkg/config/parser/parse.go b/extensions/glauth/pkg/config/parser/parse.go index 532fb514953..a3598df4bc0 100644 --- a/extensions/glauth/pkg/config/parser/parse.go +++ b/extensions/glauth/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -28,5 +28,10 @@ func ParseConfig(cfg *config.Config) error { // sanitize config defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/graph-explorer/pkg/command/health.go b/extensions/graph-explorer/pkg/command/health.go index a6122e5af73..8ee126ebb2d 100644 --- a/extensions/graph-explorer/pkg/command/health.go +++ b/extensions/graph-explorer/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/graph-explorer/pkg/command/server.go b/extensions/graph-explorer/pkg/command/server.go index 093cbe60b33..562cfa569cc 100644 --- a/extensions/graph-explorer/pkg/command/server.go +++ b/extensions/graph-explorer/pkg/command/server.go @@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/graph-explorer/pkg/config/defaults/defaultconfig.go b/extensions/graph-explorer/pkg/config/defaults/defaultconfig.go index a343da50af6..27b194940a2 100644 --- a/extensions/graph-explorer/pkg/config/defaults/defaultconfig.go +++ b/extensions/graph-explorer/pkg/config/defaults/defaultconfig.go @@ -8,10 +8,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/graph-explorer/pkg/config/parser/parse.go b/extensions/graph-explorer/pkg/config/parser/parse.go index 499fbb8f369..ae369113fc8 100644 --- a/extensions/graph-explorer/pkg/config/parser/parse.go +++ b/extensions/graph-explorer/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -30,5 +30,9 @@ func ParseConfig(cfg *config.Config) error { // sanitize config defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/graph/pkg/command/health.go b/extensions/graph/pkg/command/health.go index 0de5812985b..befa8a2e5c7 100644 --- a/extensions/graph/pkg/command/health.go +++ b/extensions/graph/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/graph/pkg/command/server.go b/extensions/graph/pkg/command/server.go index c7e3e317a36..1a281fc895c 100644 --- a/extensions/graph/pkg/command/server.go +++ b/extensions/graph/pkg/command/server.go @@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/graph/pkg/config/config.go b/extensions/graph/pkg/config/config.go index 4d11d73f93e..d147eaa30cd 100644 --- a/extensions/graph/pkg/config/config.go +++ b/extensions/graph/pkg/config/config.go @@ -18,8 +18,8 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva Reva `yaml:"reva"` - TokenManager TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + TokenManager *TokenManager `yaml:"token_manager"` Spaces Spaces `yaml:"spaces"` Identity Identity `yaml:"identity"` diff --git a/extensions/graph/pkg/config/defaults/defaultconfig.go b/extensions/graph/pkg/config/defaults/defaultconfig.go index 512fa68d10d..a9a50720df9 100644 --- a/extensions/graph/pkg/config/defaults/defaultconfig.go +++ b/extensions/graph/pkg/config/defaults/defaultconfig.go @@ -6,6 +6,13 @@ import ( "github.com/owncloud/ocis/extensions/graph/pkg/config" ) +func FullDefaultConfig() *config.Config { + cfg := DefaultConfig() + EnsureDefaults(cfg) + Sanitize(cfg) + return cfg +} + func DefaultConfig() *config.Config { return &config.Config{ Debug: config.Debug{ @@ -20,12 +27,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "graph", }, - Reva: config.Reva{ + Reva: &config.Reva{ Address: "127.0.0.1:9142", }, - TokenManager: config.TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, Spaces: config.Spaces{ WebDavBase: "https://localhost:9200", WebDavPath: "/dav/spaces/", @@ -38,7 +42,6 @@ func DefaultConfig() *config.Config { URI: "ldaps://localhost:9235", Insecure: true, BindDN: "uid=libregraph,ou=sysusers,o=libregraph-idm", - BindPassword: "idm", UseServerUUID: false, WriteEnabled: true, UserBaseDN: "ou=users,o=libregraph-idm", @@ -89,6 +92,14 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/graph/pkg/config/parser/parse.go b/extensions/graph/pkg/config/parser/parse.go index cf4612cc881..f554a623d8e 100644 --- a/extensions/graph/pkg/config/parser/parse.go +++ b/extensions/graph/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/graph/pkg/config" "github.com/owncloud/ocis/extensions/graph/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +30,17 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.Identity.Backend == "ldap" && cfg.Identity.LDAP.BindPassword == "" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } + return nil } diff --git a/extensions/graph/pkg/service/v0/graph_suite_test.go b/extensions/graph/pkg/service/v0/graph_suite_test.go index 1c6cfc6cc95..6b34ae0631b 100644 --- a/extensions/graph/pkg/service/v0/graph_suite_test.go +++ b/extensions/graph/pkg/service/v0/graph_suite_test.go @@ -3,7 +3,7 @@ package svc_test import ( "testing" - . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) diff --git a/extensions/graph/pkg/service/v0/graph_test.go b/extensions/graph/pkg/service/v0/graph_test.go index fe328d93a6e..0d52357cf8a 100644 --- a/extensions/graph/pkg/service/v0/graph_test.go +++ b/extensions/graph/pkg/service/v0/graph_test.go @@ -13,10 +13,11 @@ import ( provider "github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1" typesv1beta1 "github.com/cs3org/go-cs3apis/cs3/types/v1beta1" "github.com/cs3org/reva/v2/pkg/rgrpc/status" - . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" libregraph "github.com/owncloud/libre-graph-api-go" "github.com/owncloud/ocis/extensions/graph/mocks" + "github.com/owncloud/ocis/extensions/graph/pkg/config" "github.com/owncloud/ocis/extensions/graph/pkg/config/defaults" service "github.com/owncloud/ocis/extensions/graph/pkg/service/v0" "github.com/owncloud/ocis/extensions/graph/pkg/service/v0/errorcode" @@ -30,15 +31,19 @@ var _ = Describe("Graph", func() { httpClient *mocks.HTTPClient eventsPublisher mocks.Publisher ctx context.Context + cfg *config.Config ) JustBeforeEach(func() { ctx = context.Background() + cfg = defaults.FullDefaultConfig() + cfg.TokenManager.JWTSecret = "loremipsum" + gatewayClient = &mocks.GatewayClient{} httpClient = &mocks.HTTPClient{} eventsPublisher = mocks.Publisher{} svc = service.NewService( - service.Config(defaults.DefaultConfig()), + service.Config(cfg), service.WithGatewayClient(gatewayClient), service.WithHTTPClient(httpClient), service.EventsPublisher(&eventsPublisher), diff --git a/extensions/graph/pkg/service/v0/service.go b/extensions/graph/pkg/service/v0/service.go index 11fe37c2fe0..599a558f3b3 100644 --- a/extensions/graph/pkg/service/v0/service.go +++ b/extensions/graph/pkg/service/v0/service.go @@ -59,7 +59,7 @@ func NewService(opts ...Option) Service { switch options.Config.Identity.Backend { case "cs3": backend = &identity.CS3{ - Config: &options.Config.Reva, + Config: options.Config.Reva, Logger: &options.Logger, } case "ldap": diff --git a/extensions/group/pkg/command/command.go b/extensions/group/pkg/command/command.go index 0f2162e0a3c..9f5d45dfe6f 100644 --- a/extensions/group/pkg/command/command.go +++ b/extensions/group/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" "path/filepath" @@ -11,6 +12,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/group/pkg/config" + "github.com/owncloud/ocis/extensions/group/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/ldap" @@ -26,6 +28,13 @@ func Groups(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "groups", Usage: "start groups service", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -111,8 +120,8 @@ func groupsConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inter "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/group/pkg/config/config.go b/extensions/group/pkg/config/config.go index c0eb2a4a71e..415db0255ec 100644 --- a/extensions/group/pkg/config/config.go +++ b/extensions/group/pkg/config/config.go @@ -8,16 +8,17 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - GroupMembersCacheExpiration int - Driver string - Drivers Drivers + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + GroupMembersCacheExpiration int `yaml:"group_members_cache_expiration"` + Driver string `yaml:"driver"` + Drivers Drivers `yaml:"drivers"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;GROUPS_TRACING_ENABLED" desc:"Activates tracing."` @@ -64,7 +65,7 @@ type LDAPDriver struct { CACert string `env:"LDAP_CACERT;GROUPS_LDAP_CACERT"` Insecure bool `env:"LDAP_INSECURE;GROUPS_LDAP_INSECURE"` BindDN string `env:"LDAP_BIND_DN;GROUPS_LDAP_BIND_DN"` - BindPassword string `env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;GROUPS_LDAP_BIND_PASSWORD"` UserBaseDN string `env:"LDAP_USER_BASE_DN;GROUPS_LDAP_USER_BASE_DN"` GroupBaseDN string `env:"LDAP_GROUP_BASE_DN;GROUPS_LDAP_GROUP_BASE_DN"` UserScope string `env:"LDAP_USER_SCOPE;GROUPS_LDAP_USER_SCOPE"` diff --git a/extensions/group/pkg/config/defaults/defaultconfig.go b/extensions/group/pkg/config/defaults/defaultconfig.go index 372bcc69525..373e118a4be 100644 --- a/extensions/group/pkg/config/defaults/defaultconfig.go +++ b/extensions/group/pkg/config/defaults/defaultconfig.go @@ -9,9 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -31,9 +30,10 @@ func DefaultConfig() *config.Config { Name: "user", }, GroupMembersCacheExpiration: 5, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - Driver: "ldap", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ URI: "ldaps://localhost:9235", @@ -49,7 +49,6 @@ func DefaultConfig() *config.Config { UserObjectClass: "inetOrgPerson", GroupObjectClass: "groupOfNames", BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - BindPassword: "reva", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", @@ -108,6 +107,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/group/pkg/config/parser/parse.go b/extensions/group/pkg/config/parser/parse.go new file mode 100644 index 00000000000..f1e7880c9be --- /dev/null +++ b/extensions/group/pkg/config/parser/parse.go @@ -0,0 +1,46 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/group/pkg/config" + "github.com/owncloud/ocis/extensions/group/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.Drivers.LDAP.BindPassword == "" && cfg.Driver == "ldap" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/group/pkg/config/reva.go b/extensions/group/pkg/config/reva.go new file mode 100644 index 00000000000..e2aae1a7a09 --- /dev/null +++ b/extensions/group/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;GROUPS_JWT_SECRET"` +} diff --git a/extensions/idm/pkg/command/health.go b/extensions/idm/pkg/command/health.go index cc61b7c1dc4..22bae6b94f2 100644 --- a/extensions/idm/pkg/command/health.go +++ b/extensions/idm/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/idm/pkg/command/server.go b/extensions/idm/pkg/command/server.go index c63b0f2af70..90f399dfa93 100644 --- a/extensions/idm/pkg/command/server.go +++ b/extensions/idm/pkg/command/server.go @@ -29,7 +29,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/idm/pkg/config/defaults/defaultconfig.go b/extensions/idm/pkg/config/defaults/defaultconfig.go index 983db3c0718..25ea4785fe3 100644 --- a/extensions/idm/pkg/config/defaults/defaultconfig.go +++ b/extensions/idm/pkg/config/defaults/defaultconfig.go @@ -9,10 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -22,12 +20,6 @@ func DefaultConfig() *config.Config { Name: "idm", }, CreateDemoUsers: false, - ServiceUserPasswords: config.ServiceUserPasswords{ - OcisAdmin: "admin", - Idm: "idm", - Idp: "idp", - Reva: "reva", - }, IDM: config.Settings{ LDAPSAddr: "127.0.0.1:9235", Cert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), diff --git a/extensions/idm/pkg/config/parser/parse.go b/extensions/idm/pkg/config/parser/parse.go index 0998543ad05..7d04c55ad4d 100644 --- a/extensions/idm/pkg/config/parser/parse.go +++ b/extensions/idm/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/idm/pkg/config" "github.com/owncloud/ocis/extensions/idm/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -28,5 +29,24 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.ServiceUserPasswords.Idm == "" { + return shared.MissingServiceUserPassword(cfg.Service.Name, "IDM") + } + + if cfg.ServiceUserPasswords.OcisAdmin == "" { + return shared.MissingServiceUserPassword(cfg.Service.Name, "admin") + } + + if cfg.ServiceUserPasswords.Idp == "" { + return shared.MissingServiceUserPassword(cfg.Service.Name, "IDP") + } + if cfg.ServiceUserPasswords.Reva == "" { + return shared.MissingServiceUserPassword(cfg.Service.Name, "REVA") + } + return nil } diff --git a/extensions/idp/pkg/command/health.go b/extensions/idp/pkg/command/health.go index cd282e8bac8..3ff2833bb24 100644 --- a/extensions/idp/pkg/command/health.go +++ b/extensions/idp/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/idp/pkg/command/server.go b/extensions/idp/pkg/command/server.go index c541245d014..8b3f25e3008 100644 --- a/extensions/idp/pkg/command/server.go +++ b/extensions/idp/pkg/command/server.go @@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/idp/pkg/config/defaults/defaultconfig.go b/extensions/idp/pkg/config/defaults/defaultconfig.go index d9b68fb506f..b3498b97551 100644 --- a/extensions/idp/pkg/config/defaults/defaultconfig.go +++ b/extensions/idp/pkg/config/defaults/defaultconfig.go @@ -10,10 +10,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -71,7 +69,6 @@ func DefaultConfig() *config.Config { URI: "ldaps://localhost:9235", TLSCACert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"), BindDN: "uid=idp,ou=sysusers,o=libregraph-idm", - BindPassword: "idp", BaseDN: "ou=users,o=libregraph-idm", Scope: "sub", LoginAttribute: "uid", diff --git a/extensions/idp/pkg/config/parser/parse.go b/extensions/idp/pkg/config/parser/parse.go index 101ea85bdcc..b75b10b398e 100644 --- a/extensions/idp/pkg/config/parser/parse.go +++ b/extensions/idp/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/idp/pkg/config" "github.com/owncloud/ocis/extensions/idp/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +30,13 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.Ldap.BindPassword == "" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } + return nil } diff --git a/extensions/nats/pkg/command/server.go b/extensions/nats/pkg/command/server.go index 79f3f7f4434..14234b42439 100644 --- a/extensions/nats/pkg/command/server.go +++ b/extensions/nats/pkg/command/server.go @@ -20,7 +20,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/nats/pkg/config/defaults/defaultconfig.go b/extensions/nats/pkg/config/defaults/defaultconfig.go index f9435ff4df2..a522ca67857 100644 --- a/extensions/nats/pkg/config/defaults/defaultconfig.go +++ b/extensions/nats/pkg/config/defaults/defaultconfig.go @@ -12,10 +12,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/nats/pkg/config/parser/parse.go b/extensions/nats/pkg/config/parser/parse.go index 2a427a3bd91..a3a27113e2d 100644 --- a/extensions/nats/pkg/config/parser/parse.go +++ b/extensions/nats/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/notifications/pkg/channels/channels.go b/extensions/notifications/pkg/channels/channels.go index 2d6d9203ecd..956ee692dfc 100644 --- a/extensions/notifications/pkg/channels/channels.go +++ b/extensions/notifications/pkg/channels/channels.go @@ -86,7 +86,7 @@ func (m Mail) getReceiverAddresses(receivers []string) ([]string, error) { res, err := m.gatewayClient.Authenticate(context.Background(), &gateway.AuthenticateRequest{ Type: "machine", ClientId: "userid:" + id, - ClientSecret: m.conf.Notifications.MachineAuthSecret, + ClientSecret: m.conf.Notifications.MachineAuthAPIKey, }) if err != nil { return nil, err diff --git a/extensions/notifications/pkg/command/root.go b/extensions/notifications/pkg/command/root.go index 7a38a24d4f0..e2534e15a61 100644 --- a/extensions/notifications/pkg/command/root.go +++ b/extensions/notifications/pkg/command/root.go @@ -48,7 +48,7 @@ type SutureService struct { // NewSutureService creates a new notifications.SutureService func NewSutureService(cfg *ociscfg.Config) suture.Service { - cfg.Settings.Commons = cfg.Commons + cfg.Notifications.Commons = cfg.Commons return SutureService{ cfg: cfg.Notifications, } diff --git a/extensions/notifications/pkg/command/server.go b/extensions/notifications/pkg/command/server.go index 4a887fc4b93..a51fda70102 100644 --- a/extensions/notifications/pkg/command/server.go +++ b/extensions/notifications/pkg/command/server.go @@ -21,7 +21,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/notifications/pkg/config/config.go b/extensions/notifications/pkg/config/config.go index 7cc1838523a..36ff2e6c8c3 100644 --- a/extensions/notifications/pkg/config/config.go +++ b/extensions/notifications/pkg/config/config.go @@ -22,10 +22,11 @@ type Config struct { // Notifications definces the config options for the notifications service. type Notifications struct { + *shared.Commons `yaml:"-"` SMTP SMTP `yaml:"SMTP"` Events Events `yaml:"events"` RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY;NOTIFICATIONS_REVA_GATEWAY"` - MachineAuthSecret string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"` } // SMTP combines the smtp configuration options. diff --git a/extensions/notifications/pkg/config/defaults/defaultconfig.go b/extensions/notifications/pkg/config/defaults/defaultconfig.go index 19c3cc2df8e..09d08d13fbe 100644 --- a/extensions/notifications/pkg/config/defaults/defaultconfig.go +++ b/extensions/notifications/pkg/config/defaults/defaultconfig.go @@ -1,13 +1,13 @@ package defaults -import "github.com/owncloud/ocis/extensions/notifications/pkg/config" +import ( + "github.com/owncloud/ocis/extensions/notifications/pkg/config" +) func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -31,8 +31,7 @@ func DefaultConfig() *config.Config { Cluster: "ocis-cluster", ConsumerGroup: "notifications", }, - RevaGateway: "127.0.0.1:9142", - MachineAuthSecret: "change-me-please", + RevaGateway: "127.0.0.1:9142", }, } } @@ -49,6 +48,10 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Log == nil { cfg.Log = &config.Log{} } + + if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/notifications/pkg/config/parser/parse.go b/extensions/notifications/pkg/config/parser/parse.go index 2a4876a33c5..85ac780a342 100644 --- a/extensions/notifications/pkg/config/parser/parse.go +++ b/extensions/notifications/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/notifications/pkg/config" "github.com/owncloud/ocis/extensions/notifications/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +30,13 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.Notifications.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + return nil } diff --git a/extensions/ocdav/pkg/command/ocdav.go b/extensions/ocdav/pkg/command/ocdav.go index e73f5d1b1ee..20bb8a29b67 100644 --- a/extensions/ocdav/pkg/command/ocdav.go +++ b/extensions/ocdav/pkg/command/ocdav.go @@ -4,14 +4,13 @@ import ( "context" "flag" "fmt" - "strings" "github.com/cs3org/reva/v2/pkg/micro/ocdav" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/ocdav/pkg/config" + "github.com/owncloud/ocis/extensions/ocdav/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" - "github.com/owncloud/ocis/ocis-pkg/conversions" "github.com/owncloud/ocis/ocis-pkg/log" "github.com/owncloud/ocis/ocis-pkg/sync" "github.com/owncloud/ocis/ocis-pkg/tracing" @@ -25,11 +24,12 @@ func OCDav(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "ocdav", Usage: "start ocdav service", - Before: func(c *cli.Context) error { - if err := loadUserAgent(c, cfg); err != nil { - return err + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) } - return nil + return err }, Action: func(c *cli.Context) error { logCfg := cfg.Logging @@ -59,8 +59,8 @@ func OCDav(cfg *config.Config) *cli.Command { ocdav.Insecure(cfg.Insecure), ocdav.PublicURL(cfg.PublicURL), ocdav.Prefix(cfg.HTTP.Prefix), - ocdav.GatewaySvc(cfg.GatewayEndpoint), - ocdav.JWTSecret(cfg.JWTSecret), + ocdav.GatewaySvc(cfg.Reva.Address), + ocdav.JWTSecret(cfg.TokenManager.JWTSecret), // ocdav.FavoriteManager() // FIXME needs a proper persistence implementation // ocdav.LockSystem(), // will default to the CS3 lock system // ocdav.TLSConfig() // tls config for the http server @@ -144,28 +144,3 @@ func (s OCDavSutureService) Serve(ctx context.Context) error { return nil } - -// loadUserAgent reads the user-agent-whitelist-lock-in, since it is a string flag, and attempts to construct a map of -// "user-agent":"challenge" locks in for Reva. -// Modifies cfg. Spaces don't need to be trimmed as urfavecli takes care of it. User agents with spaces are valid. i.e: -// Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0 -// This function works by relying in our format of specifying [user-agent:challenge] and the fact that the user agent -// might contain ":" (colon), so the original string is reversed, split in two parts, by the time it is split we -// have the indexes reversed and the tuple is in the format of [challenge:user-agent], then the same process is applied -// in reverse for each individual part -func loadUserAgent(c *cli.Context, cfg *config.Config) error { - cfg.Middleware.Auth.CredentialsByUserAgent = make(map[string]string) - locks := c.StringSlice("user-agent-whitelist-lock-in") - - for _, v := range locks { - vv := conversions.Reverse(v) - parts := strings.SplitN(vv, ":", 2) - if len(parts) != 2 { - return fmt.Errorf("unexpected config value for user-agent lock-in: %v, expected format is user-agent:challenge", v) - } - - cfg.Middleware.Auth.CredentialsByUserAgent[conversions.Reverse(parts[1])] = conversions.Reverse(parts[0]) - } - - return nil -} diff --git a/extensions/ocdav/pkg/config/config.go b/extensions/ocdav/pkg/config/config.go index e81e6b6288d..da510a3eff6 100644 --- a/extensions/ocdav/pkg/config/config.go +++ b/extensions/ocdav/pkg/config/config.go @@ -8,14 +8,14 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` HTTP HTTPConfig `yaml:"http"` - // JWTSecret used to verify reva access token - JWTSecret string `yaml:"jwt_secret"` - GatewayEndpoint string - SkipUserGroupsInToken bool + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` WebdavNamespace string `yaml:"webdav_namespace"` FilesNamespace string `yaml:"files_namespace"` @@ -26,8 +26,8 @@ type Config struct { // Insecure certificates allowed when making requests to the gateway Insecure bool `yaml:"insecure" env:"OCIS_INSECURE;OCDAV_INSECURE"` // Timeout in seconds when making requests to the gateway - Timeout int64 `yaml:"timeout"` - Middleware Middleware + Timeout int64 `yaml:"timeout"` + Middleware Middleware `yaml:"middleware"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;OCDAV_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/ocdav/pkg/config/defaults/defaultconfig.go b/extensions/ocdav/pkg/config/defaults/defaultconfig.go index eaffe1c8c5f..b55f9e65134 100644 --- a/extensions/ocdav/pkg/config/defaults/defaultconfig.go +++ b/extensions/ocdav/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -28,8 +27,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocdav", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, WebdavNamespace: "/users/{{.Id.OpaqueId}}", FilesNamespace: "/users/{{.Id.OpaqueId}}", SharesNamespace: "/Shares", @@ -67,6 +67,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/ocdav/pkg/config/parser/parse.go b/extensions/ocdav/pkg/config/parser/parse.go new file mode 100644 index 00000000000..77766296bfd --- /dev/null +++ b/extensions/ocdav/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/ocdav/pkg/config" + "github.com/owncloud/ocis/extensions/ocdav/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/ocdav/pkg/config/reva.go b/extensions/ocdav/pkg/config/reva.go new file mode 100644 index 00000000000..4a0f1449beb --- /dev/null +++ b/extensions/ocdav/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCDAV_JWT_SECRET"` +} diff --git a/extensions/ocs/pkg/command/health.go b/extensions/ocs/pkg/command/health.go index 515f3840801..6e7d9c08b1e 100644 --- a/extensions/ocs/pkg/command/health.go +++ b/extensions/ocs/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/ocs/pkg/command/server.go b/extensions/ocs/pkg/command/server.go index 0b88c99728e..5df57b61038 100644 --- a/extensions/ocs/pkg/command/server.go +++ b/extensions/ocs/pkg/command/server.go @@ -24,7 +24,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/ocs/pkg/config/config.go b/extensions/ocs/pkg/config/config.go index 52d7e954248..b5e7fbe8594 100644 --- a/extensions/ocs/pkg/config/config.go +++ b/extensions/ocs/pkg/config/config.go @@ -18,8 +18,8 @@ type Config struct { HTTP HTTP `yaml:"http"` - TokenManager TokenManager `yaml:"token_manager"` - Reva Reva `yaml:"reva"` + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` IdentityManagement IdentityManagement `yaml:"identity_management"` diff --git a/extensions/ocs/pkg/config/defaults/defaultconfig.go b/extensions/ocs/pkg/config/defaults/defaultconfig.go index 6038e0c8d52..20a3e3ca9ed 100644 --- a/extensions/ocs/pkg/config/defaults/defaultconfig.go +++ b/extensions/ocs/pkg/config/defaults/defaultconfig.go @@ -8,10 +8,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -37,16 +35,11 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "ocs", }, - - TokenManager: config.TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, AccountBackend: "cs3", - Reva: config.Reva{ + Reva: &config.Reva{ Address: "127.0.0.1:9142", }, StorageUsersDriver: "ocis", - MachineAuthAPIKey: "change-me-please", IdentityManagement: config.IdentityManagement{ Address: "https://localhost:9200", }, @@ -77,6 +70,25 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/ocs/pkg/config/parser/parse.go b/extensions/ocs/pkg/config/parser/parse.go index b9c312ca3d3..536ed52de18 100644 --- a/extensions/ocs/pkg/config/parser/parse.go +++ b/extensions/ocs/pkg/config/parser/parse.go @@ -5,12 +5,14 @@ import ( "github.com/owncloud/ocis/extensions/ocs/pkg/config" "github.com/owncloud/ocis/extensions/ocs/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +31,17 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + return nil } diff --git a/extensions/ocs/pkg/server/http/svc_test.go b/extensions/ocs/pkg/server/http/svc_test.go index 3c30212a837..a6f4051d4ee 100644 --- a/extensions/ocs/pkg/server/http/svc_test.go +++ b/extensions/ocs/pkg/server/http/svc_test.go @@ -723,7 +723,8 @@ func getService() svc.Service { Root: "/", Addr: "localhost:9110", }, - TokenManager: config.TokenManager{ + Reva: &config.Reva{}, + TokenManager: &config.TokenManager{ JWTSecret: jwtSecret, }, Log: &config.Log{ diff --git a/extensions/proxy/pkg/command/health.go b/extensions/proxy/pkg/command/health.go index e3014e58708..a90cb78b41b 100644 --- a/extensions/proxy/pkg/command/health.go +++ b/extensions/proxy/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/proxy/pkg/command/server.go b/extensions/proxy/pkg/command/server.go index 83322463998..ed1752ebb7e 100644 --- a/extensions/proxy/pkg/command/server.go +++ b/extensions/proxy/pkg/command/server.go @@ -43,7 +43,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) @@ -212,7 +216,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) middleware.AccountResolver( middleware.Logger(logger), middleware.UserProvider(userProvider), - middleware.TokenManagerConfig(cfg.TokenManager), + middleware.TokenManagerConfig(*cfg.TokenManager), middleware.UserOIDCClaim(cfg.UserOIDCClaim), middleware.UserCS3Claim(cfg.UserCS3Claim), middleware.AutoprovisionAccounts(cfg.AutoprovisionAccounts), @@ -227,7 +231,7 @@ func loadMiddlewares(ctx context.Context, logger log.Logger, cfg *config.Config) // finally, trigger home creation when a user logs in middleware.CreateHome( middleware.Logger(logger), - middleware.TokenManagerConfig(cfg.TokenManager), + middleware.TokenManagerConfig(*cfg.TokenManager), middleware.RevaGatewayClient(revaClient), ), middleware.PublicShareAuth( diff --git a/extensions/proxy/pkg/config/config.go b/extensions/proxy/pkg/config/config.go index 7beb4d9c4cd..b1959b9ccd5 100644 --- a/extensions/proxy/pkg/config/config.go +++ b/extensions/proxy/pkg/config/config.go @@ -18,11 +18,11 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva Reva `yaml:"reva"` + Reva *Reva `yaml:"reva"` Policies []Policy `yaml:"policies"` OIDC OIDC `yaml:"oidc"` - TokenManager TokenManager `yaml:"token_manager"` + TokenManager *TokenManager `yaml:"token_manager"` PolicySelector *PolicySelector `yaml:"policy_selector"` PreSignedURL PreSignedURL `yaml:"pre_signed_url"` AccountBackend string `yaml:"account_backend" env:"PROXY_ACCOUNT_BACKEND_TYPE"` diff --git a/extensions/proxy/pkg/config/defaults/defaultconfig.go b/extensions/proxy/pkg/config/defaults/defaultconfig.go index d646436d815..1b45e273f84 100644 --- a/extensions/proxy/pkg/config/defaults/defaultconfig.go +++ b/extensions/proxy/pkg/config/defaults/defaultconfig.go @@ -8,6 +8,13 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/defaults" ) +func FullDefaultConfig() *config.Config { + cfg := DefaultConfig() + EnsureDefaults(cfg) + Sanitize(cfg) + return cfg +} + func DefaultConfig() *config.Config { return &config.Config{ Debug: config.Debug{ @@ -34,11 +41,8 @@ func DefaultConfig() *config.Config { TTL: 10, }, }, - TokenManager: config.TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, PolicySelector: nil, - Reva: config.Reva{ + Reva: &config.Reva{ Address: "127.0.0.1:9142", }, PreSignedURL: config.PreSignedURL{ @@ -48,7 +52,6 @@ func DefaultConfig() *config.Config { AccountBackend: "cs3", UserOIDCClaim: "email", UserCS3Claim: "mail", - MachineAuthAPIKey: "change-me-please", AutoprovisionAccounts: false, EnableBasicAuth: false, InsecureBackends: false, @@ -181,6 +184,25 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/proxy/pkg/config/parser/parse.go b/extensions/proxy/pkg/config/parser/parse.go index 2f29670f658..f792d79557e 100644 --- a/extensions/proxy/pkg/config/parser/parse.go +++ b/extensions/proxy/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/proxy/pkg/config" "github.com/owncloud/ocis/extensions/proxy/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -28,5 +29,17 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + return nil } diff --git a/extensions/settings/pkg/command/health.go b/extensions/settings/pkg/command/health.go index 82cc7202f35..620734e00dd 100644 --- a/extensions/settings/pkg/command/health.go +++ b/extensions/settings/pkg/command/health.go @@ -16,7 +16,11 @@ func Health(cfg *config.Config) *cli.Command { Name: "health", Usage: "Check health status", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/settings/pkg/command/server.go b/extensions/settings/pkg/command/server.go index 877b48b2fa3..407a4f41268 100644 --- a/extensions/settings/pkg/command/server.go +++ b/extensions/settings/pkg/command/server.go @@ -24,7 +24,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/settings/pkg/config/config.go b/extensions/settings/pkg/config/config.go index a60b2df1f3f..24de34c3a1d 100644 --- a/extensions/settings/pkg/config/config.go +++ b/extensions/settings/pkg/config/config.go @@ -23,8 +23,8 @@ type Config struct { DataPath string `yaml:"data_path" env:"SETTINGS_DATA_PATH"` Metadata Metadata `yaml:"metadata_config"` - Asset Asset `yaml:"asset"` - TokenManager TokenManager `yaml:"token_manager"` + Asset Asset `yaml:"asset"` + TokenManager *TokenManager `yaml:"token_manager"` Context context.Context `yaml:"-"` } diff --git a/extensions/settings/pkg/config/defaults/defaultconfig.go b/extensions/settings/pkg/config/defaults/defaultconfig.go index 4a3a4cd3189..c787af7bd36 100644 --- a/extensions/settings/pkg/config/defaults/defaultconfig.go +++ b/extensions/settings/pkg/config/defaults/defaultconfig.go @@ -10,10 +10,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -50,16 +48,12 @@ func DefaultConfig() *config.Config { Asset: config.Asset{ Path: "", }, - TokenManager: config.TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, Metadata: config.Metadata{ - GatewayAddress: "127.0.0.1:9142", - StorageAddress: "127.0.0.1:9215", - ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - ServiceUserIDP: "https://localhost:9200", - MachineAuthAPIKey: "change-me-please", + GatewayAddress: "127.0.0.1:9142", + StorageAddress: "127.0.0.1:9215", + ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", + ServiceUserIDP: "https://localhost:9200", }, } } @@ -87,6 +81,18 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.Metadata.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/settings/pkg/config/parser/parse.go b/extensions/settings/pkg/config/parser/parse.go index 3880a7ebbc4..b59d8ee9fd1 100644 --- a/extensions/settings/pkg/config/parser/parse.go +++ b/extensions/settings/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/settings/pkg/config" "github.com/owncloud/ocis/extensions/settings/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -28,5 +29,17 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.Metadata.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + return nil } diff --git a/extensions/sharing/pkg/command/command.go b/extensions/sharing/pkg/command/command.go index 807b24132be..29cde193573 100644 --- a/extensions/sharing/pkg/command/command.go +++ b/extensions/sharing/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" "path/filepath" @@ -15,6 +16,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/sharing/pkg/config" + "github.com/owncloud/ocis/extensions/sharing/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/thejerf/suture/v4" @@ -26,6 +28,13 @@ func Sharing(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "sharing", Usage: "start sharing service", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -109,8 +118,8 @@ func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inte "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ @@ -123,7 +132,7 @@ func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inte "drivers": map[string]interface{}{ "json": map[string]interface{}{ "file": cfg.UserSharingDrivers.JSON.File, - "gateway_addr": cfg.GatewayEndpoint, + "gateway_addr": cfg.Reva.Address, }, "sql": map[string]interface{}{ // cernbox sql "db_username": cfg.UserSharingDrivers.SQL.DBUsername, @@ -156,7 +165,7 @@ func sharingConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]inte "drivers": map[string]interface{}{ "json": map[string]interface{}{ "file": cfg.PublicSharingDrivers.JSON.File, - "gateway_addr": cfg.GatewayEndpoint, + "gateway_addr": cfg.Reva.Address, }, "sql": map[string]interface{}{ "db_username": cfg.PublicSharingDrivers.SQL.DBUsername, diff --git a/extensions/sharing/pkg/config/config.go b/extensions/sharing/pkg/config/config.go index 5302b788b7d..f81d37faa1c 100644 --- a/extensions/sharing/pkg/config/config.go +++ b/extensions/sharing/pkg/config/config.go @@ -8,18 +8,19 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - UserSharingDriver string - UserSharingDrivers UserSharingDrivers - PublicSharingDriver string - PublicSharingDrivers PublicSharingDrivers - Events Events + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + UserSharingDriver string `yaml:"user_sharing_driver"` + UserSharingDrivers UserSharingDrivers `yaml:"user_sharin_drivers"` + PublicSharingDriver string `yaml:"public_sharing_driver"` + PublicSharingDrivers PublicSharingDrivers `yaml:"public_sharing_drivers"` + Events Events `yaml:"events"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;SHARING_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/sharing/pkg/config/defaults/defaultconfig.go b/extensions/sharing/pkg/config/defaults/defaultconfig.go index b7a7f8d9911..2c00c4267ae 100644 --- a/extensions/sharing/pkg/config/defaults/defaultconfig.go +++ b/extensions/sharing/pkg/config/defaults/defaultconfig.go @@ -9,9 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -30,8 +29,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "sharing", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, UserSharingDriver: "json", UserSharingDrivers: config.UserSharingDrivers{ JSON: config.UserSharingJSONDriver{ @@ -104,6 +104,30 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + + if cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.UserSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } + + if cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/sharing/pkg/config/parser/parse.go b/extensions/sharing/pkg/config/parser/parse.go new file mode 100644 index 00000000000..a8a7b00e2a9 --- /dev/null +++ b/extensions/sharing/pkg/config/parser/parse.go @@ -0,0 +1,50 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/sharing/pkg/config" + "github.com/owncloud/ocis/extensions/sharing/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + + if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/sharing/pkg/config/reva.go b/extensions/sharing/pkg/config/reva.go new file mode 100644 index 00000000000..7bb95d858a3 --- /dev/null +++ b/extensions/sharing/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;SHARING_JWT_SECRET"` +} diff --git a/extensions/storage-metadata/pkg/command/command.go b/extensions/storage-metadata/pkg/command/command.go index 06e5c224547..6631a4abe1d 100644 --- a/extensions/storage-metadata/pkg/command/command.go +++ b/extensions/storage-metadata/pkg/command/command.go @@ -3,9 +3,11 @@ package command import ( "context" "flag" + "fmt" "os" "path" + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/parser" "github.com/owncloud/ocis/ocis-pkg/log" "github.com/owncloud/ocis/ocis-pkg/sync" "github.com/owncloud/ocis/ocis-pkg/tracing" @@ -30,6 +32,13 @@ func StorageMetadata(cfg *config.Config) *cli.Command { Name: "storage-metadata", Usage: "start storage-metadata service", Category: "extensions", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -124,8 +133,8 @@ func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]in "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/storage-metadata/pkg/config/config.go b/extensions/storage-metadata/pkg/config/config.go index 526a4eabc04..97b69e2e93f 100644 --- a/extensions/storage-metadata/pkg/config/config.go +++ b/extensions/storage-metadata/pkg/config/config.go @@ -12,20 +12,22 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` HTTP HTTPConfig `yaml:"http"` - Context context.Context - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool + Context context.Context `yaml:"context"` + + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` Driver string `yaml:"driver" env:"STORAGE_METADATA_DRIVER" desc:"The driver which should be used by the service"` Drivers Drivers `yaml:"drivers"` - DataServerURL string - TempFolder string - DataProviderInsecure bool `env:"OCIS_INSECURE;STORAGE_METADATA_DATAPROVIDER_INSECURE"` + DataServerURL string `yaml:"data_server_url"` + TempFolder string `yaml:"temp_folder"` + DataProviderInsecure bool `yaml:"data_provider_insecure" env:"OCIS_INSECURE;STORAGE_METADATA_DATAPROVIDER_INSECURE"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go index 298d31eb564..270c468f5b0 100644 --- a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go @@ -10,9 +10,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -35,11 +34,12 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-metadata", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - TempFolder: filepath.Join(defaults.BaseDataPath(), "tmp", "metadata"), - DataServerURL: "http://localhost:9216/data", - Driver: "ocis", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + TempFolder: filepath.Join(defaults.BaseDataPath(), "tmp", "metadata"), + DataServerURL: "http://localhost:9216/data", + Driver: "ocis", Drivers: config.Drivers{ EOS: config.EOSDriver{ Root: "/eos/dockertest/reva", @@ -105,6 +105,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage-metadata/pkg/config/parser/parse.go b/extensions/storage-metadata/pkg/config/parser/parse.go new file mode 100644 index 00000000000..ae1ce03306d --- /dev/null +++ b/extensions/storage-metadata/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config" + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/storage-metadata/pkg/config/reva.go b/extensions/storage-metadata/pkg/config/reva.go new file mode 100644 index 00000000000..3094a801354 --- /dev/null +++ b/extensions/storage-metadata/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_METADATA_JWT_SECRET"` +} diff --git a/extensions/storage-publiclink/pkg/command/storagepubliclink.go b/extensions/storage-publiclink/pkg/command/storagepubliclink.go index 5991885449a..06fe7ada8ae 100644 --- a/extensions/storage-publiclink/pkg/command/storagepubliclink.go +++ b/extensions/storage-publiclink/pkg/command/storagepubliclink.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -10,6 +11,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config" + "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" @@ -25,6 +27,13 @@ func StoragePublicLink(cfg *config.Config) *cli.Command { Name: "storage-public-link", Usage: "start storage-public-link service", Category: "extensions", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -94,8 +103,8 @@ func storagePublicLinkConfigFromStruct(c *cli.Context, cfg *config.Config) map[s "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/storage-publiclink/pkg/config/config.go b/extensions/storage-publiclink/pkg/config/config.go index 3766e35ead7..2f9da5c66f1 100644 --- a/extensions/storage-publiclink/pkg/config/config.go +++ b/extensions/storage-publiclink/pkg/config/config.go @@ -12,16 +12,18 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - Context context.Context - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - AuthProvider AuthProvider - StorageProvider StorageProvider + Context context.Context `yaml:"context"` + + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + AuthProvider AuthProvider `yaml:"auth_provider"` + StorageProvider StorageProvider `yaml:"storage_provider"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go b/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go index bd2a7cc05c0..47b729c05a8 100644 --- a/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -27,8 +26,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-publiclink", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, AuthProvider: config.AuthProvider{ GatewayEndpoint: "127.0.0.1:9142", }, @@ -62,6 +62,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage-publiclink/pkg/config/parser/parse.go b/extensions/storage-publiclink/pkg/config/parser/parse.go new file mode 100644 index 00000000000..f0e7cda9922 --- /dev/null +++ b/extensions/storage-publiclink/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config" + "github.com/owncloud/ocis/extensions/storage-publiclink/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/storage-publiclink/pkg/config/reva.go b/extensions/storage-publiclink/pkg/config/reva.go new file mode 100644 index 00000000000..306ae4f2621 --- /dev/null +++ b/extensions/storage-publiclink/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_PUBLICLINK_JWT_SECRET"` +} diff --git a/extensions/storage-shares/pkg/command/command.go b/extensions/storage-shares/pkg/command/command.go index b6804326f31..6964706456e 100644 --- a/extensions/storage-shares/pkg/command/command.go +++ b/extensions/storage-shares/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -14,6 +15,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/storage-shares/pkg/config" + "github.com/owncloud/ocis/extensions/storage-shares/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/thejerf/suture/v4" @@ -25,6 +27,13 @@ func StorageShares(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "storage-shares", Usage: "start storage-shares service", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -96,8 +105,8 @@ func storageSharesConfigFromStruct(c *cli.Context, cfg *config.Config) map[strin "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/storage-shares/pkg/config/config.go b/extensions/storage-shares/pkg/config/config.go index 8c134560138..8f308c7fecd 100644 --- a/extensions/storage-shares/pkg/config/config.go +++ b/extensions/storage-shares/pkg/config/config.go @@ -12,17 +12,18 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` HTTP HTTPConfig `yaml:"http"` - Context context.Context - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - ReadOnly bool - SharesProviderEndpoint string + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + Context context.Context `yaml:"context"` + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + ReadOnly bool `yaml:"readonly"` + SharesProviderEndpoint string `yaml:"shares_provider_endpoint"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_METADATA_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/storage-shares/pkg/config/defaults/defaultconfig.go b/extensions/storage-shares/pkg/config/defaults/defaultconfig.go index bf56e76cc69..75a6127e90c 100644 --- a/extensions/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage-shares/pkg/config/defaults/defaultconfig.go @@ -6,9 +6,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -31,8 +30,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-metadata", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, ReadOnly: false, SharesProviderEndpoint: "localhost:9150", } @@ -61,6 +61,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage-shares/pkg/config/parser/parse.go b/extensions/storage-shares/pkg/config/parser/parse.go new file mode 100644 index 00000000000..6b0efc7aef7 --- /dev/null +++ b/extensions/storage-shares/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/storage-shares/pkg/config" + "github.com/owncloud/ocis/extensions/storage-shares/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/storage-shares/pkg/config/reva.go b/extensions/storage-shares/pkg/config/reva.go new file mode 100644 index 00000000000..75b30df05a8 --- /dev/null +++ b/extensions/storage-shares/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_SHARES_JWT_SECRET"` +} diff --git a/extensions/storage-users/pkg/command/command.go b/extensions/storage-users/pkg/command/command.go index 564dd4e558d..5e48a2db036 100644 --- a/extensions/storage-users/pkg/command/command.go +++ b/extensions/storage-users/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" @@ -10,6 +11,7 @@ import ( "github.com/gofrs/uuid" "github.com/oklog/run" "github.com/owncloud/ocis/extensions/storage-users/pkg/config" + "github.com/owncloud/ocis/extensions/storage-users/pkg/config/parser" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/log" @@ -24,6 +26,13 @@ func StorageUsers(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "storage-users", Usage: "start storage-users service", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -95,8 +104,8 @@ func storageUsersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/storage-users/pkg/config/config.go b/extensions/storage-users/pkg/config/config.go index 1cbe6163440..7cb28881486 100644 --- a/extensions/storage-users/pkg/config/config.go +++ b/extensions/storage-users/pkg/config/config.go @@ -12,24 +12,26 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` HTTP HTTPConfig `yaml:"http"` - Context context.Context - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + Context context.Context `yaml:"context"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` Driver string `yaml:"driver" env:"STORAGE_USERS_DRIVER" desc:"The storage driver which should be used by the service"` Drivers Drivers `yaml:"drivers"` - DataServerURL string - TempFolder string - DataProviderInsecure bool `env:"OCIS_INSECURE;STORAGE_USERS_DATAPROVIDER_INSECURE"` - Events Events - MountID string - ExposeDataServer bool - ReadOnly bool + DataServerURL string `yaml:"data_server_url"` + TempFolder string `yaml:"temp_folder"` + DataProviderInsecure bool `yaml:"data_provider_insecure" env:"OCIS_INSECURE;STORAGE_USERS_DATAPROVIDER_INSECURE"` + Events Events `yaml:"events"` + MountID string `yaml:"mount_id"` + ExposeDataServer bool `yaml:"expose_data_server"` + ReadOnly bool `yaml:"readonly"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;STORAGE_USERS_TRACING_ENABLED" desc:"Activates tracing."` diff --git a/extensions/storage-users/pkg/config/defaults/defaultconfig.go b/extensions/storage-users/pkg/config/defaults/defaultconfig.go index 8dc305fced0..b29e9daa980 100644 --- a/extensions/storage-users/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage-users/pkg/config/defaults/defaultconfig.go @@ -10,9 +10,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -36,12 +35,13 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "storage-users", }, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - TempFolder: filepath.Join(defaults.BaseDataPath(), "tmp", "users"), - DataServerURL: "http://localhost:9158/data", - MountID: "1284d238-aa92-42ce-bdc4-0b0000009157", - Driver: "ocis", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + TempFolder: filepath.Join(defaults.BaseDataPath(), "tmp", "users"), + DataServerURL: "http://localhost:9158/data", + MountID: "1284d238-aa92-42ce-bdc4-0b0000009157", + Driver: "ocis", Drivers: config.Drivers{ EOS: config.EOSDriver{ Root: "/eos/dockertest/reva", @@ -124,6 +124,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage-users/pkg/config/parser/parse.go b/extensions/storage-users/pkg/config/parser/parse.go new file mode 100644 index 00000000000..b6a55e1aef6 --- /dev/null +++ b/extensions/storage-users/pkg/config/parser/parse.go @@ -0,0 +1,42 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/storage-users/pkg/config" + "github.com/owncloud/ocis/extensions/storage-users/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/storage-users/pkg/config/reva.go b/extensions/storage-users/pkg/config/reva.go new file mode 100644 index 00000000000..fd15399fe20 --- /dev/null +++ b/extensions/storage-users/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;STORAGE_USERS_JWT_SECRET"` +} diff --git a/extensions/storage/pkg/config/config.go b/extensions/storage/pkg/config/config.go index cfd35175e71..c3a626e40f2 100644 --- a/extensions/storage/pkg/config/config.go +++ b/extensions/storage/pkg/config/config.go @@ -188,7 +188,7 @@ type Auth struct { // DataGatewayPort has a public url type DataGatewayPort struct { Port - PublicURL string `yaml:""` + PublicURL string } type DataProvider struct { diff --git a/extensions/storage/pkg/config/defaults/defaultconfig.go b/extensions/storage/pkg/config/defaults/defaultconfig.go index c14ac52f0d6..c573bfdccc1 100644 --- a/extensions/storage/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage/pkg/config/defaults/defaultconfig.go @@ -20,10 +20,8 @@ const ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -34,9 +32,7 @@ func DefaultConfig() *config.Config { Addr: "127.0.0.1:9109", }, Reva: config.Reva{ - JWTSecret: "Pive-Fumkiu4", SkipUserGroupsInToken: false, - TransferSecret: "replace-me-with-a-transfer-secret", TransferExpires: 24 * 60 * 60, OIDC: config.OIDC{ Issuer: defaultPublicURL, @@ -57,7 +53,6 @@ func DefaultConfig() *config.Config { UserObjectClass: "inetOrgPerson", GroupObjectClass: "groupOfNames", BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - BindPassword: "reva", IDP: defaultPublicURL, UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", @@ -81,7 +76,6 @@ func DefaultConfig() *config.Config { }, UserOwnCloudSQL: config.UserOwnCloudSQL{ DBUsername: "owncloud", - DBPassword: "secret", DBHost: "mysql", DBPort: 3306, DBName: "owncloud", @@ -328,9 +322,7 @@ func DefaultConfig() *config.Config { Services: []string{"authprovider"}, Endpoint: "localhost:9166", }, - AuthMachineConfig: config.AuthMachineConfig{ - MachineAuthAPIKey: "change-me-please", - }, + AuthMachineConfig: config.AuthMachineConfig{}, Sharing: config.Sharing{ Port: config.Port{ Endpoint: "localhost:9150", @@ -451,7 +443,6 @@ func DefaultConfig() *config.Config { GatewaySVC: defaultGatewayAddr, Insecure: false, // true? Timeout: 84300, - JWTSecret: "Pive-Fumkiu4", }, Tracing: config.Tracing{ Service: "storage", @@ -462,9 +453,7 @@ func DefaultConfig() *config.Config { } func EnsureDefaults(cfg *config.Config) { - // TODO: IMPLEMENT ME! } func Sanitize(cfg *config.Config) { - // TODO: IMPLEMENT ME! } diff --git a/extensions/storage/pkg/config/parser/parse.go b/extensions/storage/pkg/config/parser/parse.go new file mode 100644 index 00000000000..d486f6dad4b --- /dev/null +++ b/extensions/storage/pkg/config/parser/parse.go @@ -0,0 +1,37 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config" + "github.com/owncloud/ocis/extensions/storage-metadata/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + return nil +} diff --git a/extensions/store/pkg/command/health.go b/extensions/store/pkg/command/health.go index 7bf3ba8f46b..341f59317c6 100644 --- a/extensions/store/pkg/command/health.go +++ b/extensions/store/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/store/pkg/command/server.go b/extensions/store/pkg/command/server.go index ac14affd2cf..a2995507e79 100644 --- a/extensions/store/pkg/command/server.go +++ b/extensions/store/pkg/command/server.go @@ -24,7 +24,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/store/pkg/config/defaults/defaultconfig.go b/extensions/store/pkg/config/defaults/defaultconfig.go index 1d84c1c4746..8932d4266a2 100644 --- a/extensions/store/pkg/config/defaults/defaultconfig.go +++ b/extensions/store/pkg/config/defaults/defaultconfig.go @@ -9,10 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/store/pkg/config/parser/parse.go b/extensions/store/pkg/config/parser/parse.go index 7c9f02bda38..68045ecf751 100644 --- a/extensions/store/pkg/config/parser/parse.go +++ b/extensions/store/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +29,10 @@ func ParseConfig(cfg *config.Config) error { // sanitize config defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/thumbnails/pkg/command/health.go b/extensions/thumbnails/pkg/command/health.go index f63d023d555..17e93587716 100644 --- a/extensions/thumbnails/pkg/command/health.go +++ b/extensions/thumbnails/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/thumbnails/pkg/command/server.go b/extensions/thumbnails/pkg/command/server.go index 8bfd35a1bdb..7244a7c86c7 100644 --- a/extensions/thumbnails/pkg/command/server.go +++ b/extensions/thumbnails/pkg/command/server.go @@ -24,7 +24,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/thumbnails/pkg/config/config.go b/extensions/thumbnails/pkg/config/config.go index 0afad535c69..4e65f12e826 100644 --- a/extensions/thumbnails/pkg/config/config.go +++ b/extensions/thumbnails/pkg/config/config.go @@ -42,6 +42,6 @@ type Thumbnail struct { CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE"` RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY"` //TODO: use REVA config FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE"` - TransferTokenSecret string `yaml:"transfer_token" env:"THUMBNAILS_TRANSFER_TOKEN"` + TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_TOKEN;THUMBNAILS_TRANSFER_TOKEN"` DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT"` } diff --git a/extensions/thumbnails/pkg/config/defaults/defaultconfig.go b/extensions/thumbnails/pkg/config/defaults/defaultconfig.go index c74b85065b1..b24c9e3d114 100644 --- a/extensions/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/extensions/thumbnails/pkg/config/defaults/defaultconfig.go @@ -9,10 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } @@ -44,7 +42,6 @@ func DefaultConfig() *config.Config { WebdavAllowInsecure: false, RevaGateway: "127.0.0.1:9142", CS3AllowInsecure: false, - TransferTokenSecret: "changemeplease", DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } @@ -73,6 +70,10 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Thumbnail.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" { + cfg.Thumbnail.TransferSecret = cfg.Commons.TransferSecret + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/thumbnails/pkg/config/parser/parse.go b/extensions/thumbnails/pkg/config/parser/parse.go index 4ed73255342..4c47c635ddd 100644 --- a/extensions/thumbnails/pkg/config/parser/parse.go +++ b/extensions/thumbnails/pkg/config/parser/parse.go @@ -6,11 +6,12 @@ import ( "github.com/owncloud/ocis/extensions/thumbnails/pkg/config" "github.com/owncloud/ocis/extensions/thumbnails/pkg/config/defaults" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -30,5 +31,13 @@ func ParseConfig(cfg *config.Config) error { // sanitize config defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.Thumbnail.TransferSecret == "" { + return shared.MissingRevaTransferSecretError(cfg.Service.Name) + } + return nil } diff --git a/extensions/thumbnails/pkg/service/grpc/v0/service.go b/extensions/thumbnails/pkg/service/grpc/v0/service.go index b5f34f32fd2..22a3465c937 100644 --- a/extensions/thumbnails/pkg/service/grpc/v0/service.go +++ b/extensions/thumbnails/pkg/service/grpc/v0/service.go @@ -48,8 +48,8 @@ func NewService(opts ...Option) decorators.DecoratedService { preprocessorOpts: PreprocessorOpts{ TxtFontFileMap: options.Config.Thumbnail.FontMapFile, }, - dataEndpoint: options.Config.Thumbnail.DataEndpoint, - transferTokenSecret: options.Config.Thumbnail.TransferTokenSecret, + dataEndpoint: options.Config.Thumbnail.DataEndpoint, + transferSecret: options.Config.Thumbnail.TransferSecret, } return svc @@ -57,15 +57,15 @@ func NewService(opts ...Option) decorators.DecoratedService { // Thumbnail implements the GRPC handler. type Thumbnail struct { - serviceID string - dataEndpoint string - transferTokenSecret string - manager thumbnail.Manager - webdavSource imgsource.Source - cs3Source imgsource.Source - logger log.Logger - cs3Client gateway.GatewayAPIClient - preprocessorOpts PreprocessorOpts + serviceID string + dataEndpoint string + transferSecret string + manager thumbnail.Manager + webdavSource imgsource.Source + cs3Source imgsource.Source + logger log.Logger + cs3Client gateway.GatewayAPIClient + preprocessorOpts PreprocessorOpts } type PreprocessorOpts struct { @@ -113,7 +113,7 @@ func (g Thumbnail) GetThumbnail(ctx context.Context, req *thumbnailssvc.GetThumb } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) - transferToken, err := token.SignedString([]byte(g.transferTokenSecret)) + transferToken, err := token.SignedString([]byte(g.transferSecret)) if err != nil { g.logger.Error(). Err(err). diff --git a/extensions/thumbnails/pkg/service/http/v0/service.go b/extensions/thumbnails/pkg/service/http/v0/service.go index 864dca0ae81..944020cb5ad 100644 --- a/extensions/thumbnails/pkg/service/http/v0/service.go +++ b/extensions/thumbnails/pkg/service/http/v0/service.go @@ -102,7 +102,7 @@ func (s Thumbnails) TransferTokenValidator(next http.Handler) http.Handler { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } - return []byte(s.config.Thumbnail.TransferTokenSecret), nil + return []byte(s.config.Thumbnail.TransferSecret), nil }) if err != nil { s.logger.Error(). diff --git a/extensions/user/pkg/command/command.go b/extensions/user/pkg/command/command.go index a77f23f4c19..27e7cabfab8 100644 --- a/extensions/user/pkg/command/command.go +++ b/extensions/user/pkg/command/command.go @@ -3,6 +3,7 @@ package command import ( "context" "flag" + "fmt" "os" "path" "path/filepath" @@ -12,6 +13,7 @@ import ( "github.com/oklog/run" "github.com/owncloud/ocis/extensions/storage/pkg/server/debug" "github.com/owncloud/ocis/extensions/user/pkg/config" + "github.com/owncloud/ocis/extensions/user/pkg/config/parser" ociscfg "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/ldap" "github.com/owncloud/ocis/ocis-pkg/log" @@ -26,6 +28,13 @@ func User(cfg *config.Config) *cli.Command { return &cli.Command{ Name: "users", Usage: "start users service", + Before: func(ctx *cli.Context) error { + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err + }, Action: func(c *cli.Context) error { logCfg := cfg.Logging logger := log.NewLogger( @@ -116,8 +125,8 @@ func usersConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]interf "tracing_service_name": c.Command.Name, }, "shared": map[string]interface{}{ - "jwt_secret": cfg.JWTSecret, - "gatewaysvc": cfg.GatewayEndpoint, + "jwt_secret": cfg.TokenManager.JWTSecret, + "gatewaysvc": cfg.Reva.Address, "skip_user_groups_in_token": cfg.SkipUserGroupsInToken, }, "grpc": map[string]interface{}{ diff --git a/extensions/user/pkg/config/config.go b/extensions/user/pkg/config/config.go index fdb08f931d0..41cc0ab6e60 100644 --- a/extensions/user/pkg/config/config.go +++ b/extensions/user/pkg/config/config.go @@ -8,16 +8,17 @@ type Config struct { Tracing *Tracing `yaml:"tracing"` Logging *Logging `yaml:"log"` Debug Debug `yaml:"debug"` - Supervised bool + Supervised bool `yaml:"-"` GRPC GRPCConfig `yaml:"grpc"` - JWTSecret string - GatewayEndpoint string - SkipUserGroupsInToken bool - UsersCacheExpiration int - Driver string - Drivers Drivers + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + + SkipUserGroupsInToken bool `yaml:"skip_user_groups_in_token"` + UsersCacheExpiration int `yaml:"users_cache_expiration"` + Driver string `yaml:"driver"` + Drivers Drivers `yaml:"drivers"` } type Tracing struct { Enabled bool `yaml:"enabled" env:"OCIS_TRACING_ENABLED;USERS_TRACING_ENABLED" desc:"Activates tracing."` @@ -64,7 +65,7 @@ type LDAPDriver struct { CACert string `env:"LDAP_CACERT;USERS_LDAP_CACERT"` Insecure bool `env:"LDAP_INSECURE;USERS_LDAP_INSECURE"` BindDN string `env:"LDAP_BIND_DN;USERS_LDAP_BIND_DN"` - BindPassword string `env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD"` + BindPassword string `yaml:"bind_password" env:"LDAP_BIND_PASSWORD;USERS_LDAP_BIND_PASSWORD"` UserBaseDN string `env:"LDAP_USER_BASE_DN;USERS_LDAP_USER_BASE_DN"` GroupBaseDN string `env:"LDAP_GROUP_BASE_DN;USERS_LDAP_GROUP_BASE_DN"` UserScope string `env:"LDAP_USER_SCOPE;USERS_LDAP_USER_SCOPE"` diff --git a/extensions/user/pkg/config/defaults/defaultconfig.go b/extensions/user/pkg/config/defaults/defaultconfig.go index 20a486f47a3..b7212abd0bc 100644 --- a/extensions/user/pkg/config/defaults/defaultconfig.go +++ b/extensions/user/pkg/config/defaults/defaultconfig.go @@ -9,9 +9,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) - + Sanitize(cfg) return cfg } @@ -31,9 +30,10 @@ func DefaultConfig() *config.Config { Name: "user", }, UsersCacheExpiration: 5, - GatewayEndpoint: "127.0.0.1:9142", - JWTSecret: "Pive-Fumkiu4", - Driver: "ldap", + Reva: &config.Reva{ + Address: "127.0.0.1:9142", + }, + Driver: "ldap", Drivers: config.Drivers{ LDAP: config.LDAPDriver{ URI: "ldaps://localhost:9235", @@ -49,7 +49,6 @@ func DefaultConfig() *config.Config { UserObjectClass: "inetOrgPerson", GroupObjectClass: "groupOfNames", BindDN: "uid=reva,ou=sysusers,o=libregraph-idm", - BindPassword: "reva", IDP: "https://localhost:9200", UserSchema: config.LDAPUserSchema{ ID: "ownclouduuid", @@ -108,6 +107,22 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Tracing == nil { cfg.Tracing = &config.Tracing{} } + + if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { + cfg.Reva = &config.Reva{ + Address: cfg.Commons.Reva.Address, + } + } else if cfg.Reva == nil { + cfg.Reva = &config.Reva{} + } + + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/user/pkg/config/parser/parse.go b/extensions/user/pkg/config/parser/parse.go new file mode 100644 index 00000000000..2b5f8030a50 --- /dev/null +++ b/extensions/user/pkg/config/parser/parse.go @@ -0,0 +1,46 @@ +package parser + +import ( + "errors" + + "github.com/owncloud/ocis/extensions/user/pkg/config" + "github.com/owncloud/ocis/extensions/user/pkg/config/defaults" + ociscfg "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/shared" + + "github.com/owncloud/ocis/ocis-pkg/config/envdecode" +) + +// ParseConfig loads configuration from known paths. +func ParseConfig(cfg *config.Config) error { + _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) + if err != nil { + return err + } + + defaults.EnsureDefaults(cfg) + + // load all env variables relevant to the config in the current context. + if err := envdecode.Decode(cfg); err != nil { + // no environment variable set for this config is an expected "error" + if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) { + return err + } + } + + defaults.Sanitize(cfg) + + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError(cfg.Service.Name) + } + + if cfg.Driver == "ldap" && cfg.Drivers.LDAP.BindPassword == "" { + return shared.MissingLDAPBindPassword(cfg.Service.Name) + } + + return nil +} diff --git a/extensions/user/pkg/config/reva.go b/extensions/user/pkg/config/reva.go new file mode 100644 index 00000000000..310858a7952 --- /dev/null +++ b/extensions/user/pkg/config/reva.go @@ -0,0 +1,11 @@ +package config + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;USERS_JWT_SECRET"` +} diff --git a/extensions/web/pkg/command/health.go b/extensions/web/pkg/command/health.go index 397f14da415..70e33f31e1e 100644 --- a/extensions/web/pkg/command/health.go +++ b/extensions/web/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/web/pkg/command/server.go b/extensions/web/pkg/command/server.go index e62494d0729..d95587aa25b 100644 --- a/extensions/web/pkg/command/server.go +++ b/extensions/web/pkg/command/server.go @@ -24,7 +24,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/web/pkg/config/defaults/defaultconfig.go b/extensions/web/pkg/config/defaults/defaultconfig.go index fe8ced251db..f3411c2040b 100644 --- a/extensions/web/pkg/config/defaults/defaultconfig.go +++ b/extensions/web/pkg/config/defaults/defaultconfig.go @@ -8,10 +8,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/web/pkg/config/parser/parse.go b/extensions/web/pkg/config/parser/parse.go index d850943577a..c2d87716033 100644 --- a/extensions/web/pkg/config/parser/parse.go +++ b/extensions/web/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/extensions/webdav/pkg/command/health.go b/extensions/webdav/pkg/command/health.go index d6226f8e8fa..9882d035bfe 100644 --- a/extensions/webdav/pkg/command/health.go +++ b/extensions/webdav/pkg/command/health.go @@ -17,7 +17,11 @@ func Health(cfg *config.Config) *cli.Command { Usage: "check health status", Category: "info", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/webdav/pkg/command/server.go b/extensions/webdav/pkg/command/server.go index 291276cbbe7..b603681a0f6 100644 --- a/extensions/webdav/pkg/command/server.go +++ b/extensions/webdav/pkg/command/server.go @@ -23,7 +23,11 @@ func Server(cfg *config.Config) *cli.Command { Usage: fmt.Sprintf("start %s extension without runtime (unsupervised mode)", cfg.Service.Name), Category: "server", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { logger := logging.Configure(cfg.Service.Name, cfg.Log) diff --git a/extensions/webdav/pkg/config/defaults/defaultconfig.go b/extensions/webdav/pkg/config/defaults/defaultconfig.go index 48e00e17f1a..3c975cfa709 100644 --- a/extensions/webdav/pkg/config/defaults/defaultconfig.go +++ b/extensions/webdav/pkg/config/defaults/defaultconfig.go @@ -8,10 +8,8 @@ import ( func FullDefaultConfig() *config.Config { cfg := DefaultConfig() - EnsureDefaults(cfg) Sanitize(cfg) - return cfg } diff --git a/extensions/webdav/pkg/config/parser/parse.go b/extensions/webdav/pkg/config/parser/parse.go index 7597255f9cc..be9d202072b 100644 --- a/extensions/webdav/pkg/config/parser/parse.go +++ b/extensions/webdav/pkg/config/parser/parse.go @@ -10,7 +10,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/config/envdecode" ) -// ParseConfig loads accounts configuration from known paths. +// ParseConfig loads configuration from known paths. func ParseConfig(cfg *config.Config) error { _, err := ociscfg.BindSourcesToStructs(cfg.Service.Name, cfg) if err != nil { @@ -29,5 +29,9 @@ func ParseConfig(cfg *config.Config) error { defaults.Sanitize(cfg) + return Validate(cfg) +} + +func Validate(cfg *config.Config) error { return nil } diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index 11fea705d70..33b9645d2ea 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -35,11 +35,6 @@ import ( webdav "github.com/owncloud/ocis/extensions/webdav/pkg/config" ) -// TokenManager is the config for using the reva token manager -type TokenManager struct { - JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET"` -} - const ( // SUPERVISED sets the runtime mode as supervised threads. SUPERVISED = iota @@ -61,16 +56,18 @@ type Runtime struct { type Config struct { *shared.Commons `yaml:"shared"` - Tracing shared.Tracing `yaml:"tracing"` - Log *shared.Log `yaml:"log"` + Tracing *shared.Tracing `yaml:"tracing"` + Log *shared.Log `yaml:"log"` Mode Mode // DEPRECATED File string OcisURL string `yaml:"ocis_url"` - Registry string `yaml:"registry"` - TokenManager TokenManager `yaml:"token_manager"` - Runtime Runtime `yaml:"runtime"` + Registry string `yaml:"registry"` + TokenManager *shared.TokenManager `yaml:"token_manager"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` + TransferSecret string `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"` + Runtime Runtime `yaml:"runtime"` Audit *audit.Config `yaml:"audit"` Accounts *accounts.Config `yaml:"accounts"` diff --git a/ocis-pkg/config/defaultconfig.go b/ocis-pkg/config/defaultconfig.go index 0b9f0f70abc..bd48781dda2 100644 --- a/ocis-pkg/config/defaultconfig.go +++ b/ocis-pkg/config/defaultconfig.go @@ -35,42 +35,39 @@ import ( func DefaultConfig() *Config { return &Config{ - TokenManager: TokenManager{ - JWTSecret: "Pive-Fumkiu4", - }, Runtime: Runtime{ Port: "9250", Host: "localhost", }, - Audit: audit.DefaultConfig(), Accounts: accounts.DefaultConfig(), + AppProvider: appprovider.DefaultConfig(), + Audit: audit.DefaultConfig(), + AuthBasic: authbasic.DefaultConfig(), + AuthBearer: authbearer.DefaultConfig(), + AuthMachine: authmachine.DefaultConfig(), + Frontend: frontend.DefaultConfig(), + Gateway: gateway.DefaultConfig(), GLAuth: glauth.DefaultConfig(), Graph: graph.DefaultConfig(), - IDP: idp.DefaultConfig(), + GraphExplorer: graphExplorer.DefaultConfig(), + Group: group.DefaultConfig(), IDM: idm.DefaultConfig(), + IDP: idp.DefaultConfig(), Nats: nats.DefaultConfig(), Notifications: notifications.DefaultConfig(), - Proxy: proxy.DefaultConfig(), - GraphExplorer: graphExplorer.DefaultConfig(), + OCDav: ocdav.DefaultConfig(), OCS: ocs.DefaultConfig(), + Proxy: proxy.DefaultConfig(), Settings: settings.DefaultConfig(), - Web: web.DefaultConfig(), + Sharing: sharing.DefaultConfig(), + StorageMetadata: storagemetadata.DefaultConfig(), + StoragePublicLink: storagepublic.DefaultConfig(), + StorageShares: storageshares.DefaultConfig(), + StorageUsers: storageusers.DefaultConfig(), Store: store.DefaultConfig(), Thumbnails: thumbnails.DefaultConfig(), + User: user.DefaultConfig(), + Web: web.DefaultConfig(), WebDAV: webdav.DefaultConfig(), - Gateway: gateway.FullDefaultConfig(), - AuthBasic: authbasic.FullDefaultConfig(), - AuthBearer: authbearer.FullDefaultConfig(), - AuthMachine: authmachine.FullDefaultConfig(), - User: user.FullDefaultConfig(), - Group: group.FullDefaultConfig(), - Sharing: sharing.FullDefaultConfig(), - StorageMetadata: storagemetadata.FullDefaultConfig(), - StoragePublicLink: storagepublic.FullDefaultConfig(), - StorageUsers: storageusers.FullDefaultConfig(), - StorageShares: storageshares.FullDefaultConfig(), - AppProvider: appprovider.FullDefaultConfig(), - Frontend: frontend.FullDefaultConfig(), - OCDav: ocdav.FullDefaultConfig(), } } diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go index ba75a411c0d..3c4939a23a3 100644 --- a/ocis-pkg/config/parser/parse.go +++ b/ocis-pkg/config/parser/parse.go @@ -8,24 +8,16 @@ import ( "github.com/owncloud/ocis/ocis-pkg/shared" ) -// ParseConfig loads ocis configuration. +// ParseConfig loads the ocis configuration and +// copies applicable parts into the commons part, from +// where the extensions can copy it into their own config func ParseConfig(cfg *config.Config) error { _, err := config.BindSourcesToStructs("ocis", cfg) if err != nil { return err } - // provide with defaults for shared logging, since we need a valid destination address for BindEnv. - if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil { - cfg.Log = &shared.Log{ - Level: cfg.Commons.Log.Level, - Pretty: cfg.Commons.Log.Pretty, - Color: cfg.Commons.Log.Color, - File: cfg.Commons.Log.File, - } - } else if cfg.Log == nil { - cfg.Log = &shared.Log{} - } + EnsureDefaults(cfg) // load all env variables relevant to the config in the current context. if err := envdecode.Decode(cfg); err != nil { @@ -35,5 +27,87 @@ func ParseConfig(cfg *config.Config) error { } } + EnsureCommons(cfg) + + return Validate(cfg) +} + +// EnsureDefaults, ensures that all pointers in the +// oCIS config (not the extensions configs) are initialized +func EnsureDefaults(cfg *config.Config) { + if cfg.Tracing == nil { + cfg.Tracing = &shared.Tracing{} + } + if cfg.Log == nil { + cfg.Log = &shared.Log{} + } + if cfg.TokenManager == nil { + cfg.TokenManager = &shared.TokenManager{} + } +} + +// EnsureCommons copies applicable parts of the oCIS config into the commons part +func EnsureCommons(cfg *config.Config) { + // ensure the commons part is initialized + if cfg.Commons == nil { + cfg.Commons = &shared.Commons{} + } + + // copy config to the commons part if set + if cfg.Log != nil { + cfg.Commons.Log = &shared.Log{ + Level: cfg.Log.Level, + Pretty: cfg.Log.Pretty, + Color: cfg.Log.Color, + File: cfg.File, + } + } else { + cfg.Commons.Log = &shared.Log{} + } + + // copy tracing to the commons part if set + if cfg.Tracing != nil { + cfg.Commons.Tracing = &shared.Tracing{ + Enabled: cfg.Tracing.Enabled, + Type: cfg.Tracing.Type, + Endpoint: cfg.Tracing.Endpoint, + Collector: cfg.Tracing.Collector, + } + } else { + cfg.Commons.Tracing = &shared.Tracing{} + } + + // copy token manager to the commons part if set + if cfg.TokenManager != nil { + cfg.Commons.TokenManager = cfg.TokenManager + } else { + cfg.Commons.TokenManager = &shared.TokenManager{} + } + + // copy machine auth api key to the commons part if set + if cfg.MachineAuthAPIKey != "" { + cfg.Commons.MachineAuthAPIKey = cfg.MachineAuthAPIKey + } + + // copy transfer secret to the commons part if set + if cfg.TransferSecret != "" { + cfg.Commons.TransferSecret = cfg.TransferSecret + } + +} + +func Validate(cfg *config.Config) error { + if cfg.TokenManager.JWTSecret == "" { + return shared.MissingJWTTokenError("ocis") + } + + if cfg.TransferSecret == "" { + return shared.MissingRevaTransferSecretError("ocis") + } + + if cfg.MachineAuthAPIKey == "" { + return shared.MissingMachineAuthApiKeyError("ocis") + } + return nil } diff --git a/ocis-pkg/crypto/crypto_suite_test.go b/ocis-pkg/crypto/crypto_suite_test.go index e60462b997c..87ac8f6f730 100644 --- a/ocis-pkg/crypto/crypto_suite_test.go +++ b/ocis-pkg/crypto/crypto_suite_test.go @@ -3,7 +3,7 @@ package crypto_test import ( "testing" - . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) diff --git a/ocis-pkg/crypto/crypto_test.go b/ocis-pkg/crypto/crypto_test.go index 328607ba9e2..0f547962558 100644 --- a/ocis-pkg/crypto/crypto_test.go +++ b/ocis-pkg/crypto/crypto_test.go @@ -8,7 +8,7 @@ import ( "github.com/owncloud/ocis/ocis-pkg/crypto" "github.com/owncloud/ocis/ocis-pkg/log" - . "github.com/onsi/ginkgo" + . "github.com/onsi/ginkgo/v2" cfg "github.com/owncloud/ocis/ocis-pkg/config" ) diff --git a/ocis-pkg/generators/password.go b/ocis-pkg/generators/password.go new file mode 100644 index 00000000000..3c2d571fa5d --- /dev/null +++ b/ocis-pkg/generators/password.go @@ -0,0 +1,20 @@ +package generators + +import ( + "crypto/rand" + "math/big" +) + +func GenerateRandomPassword(length int) (string, error) { + const chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-=+!@#$%^&*." + ret := make([]byte, length) + for i := 0; i < length; i++ { + num, err := rand.Int(rand.Reader, big.NewInt(int64(len(chars)))) + if err != nil { + return "", err + } + ret[i] = chars[num.Int64()] + } + + return string(ret), nil +} diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go new file mode 100644 index 00000000000..bb4b5f4ec79 --- /dev/null +++ b/ocis-pkg/shared/errors.go @@ -0,0 +1,47 @@ +package shared + +import ( + "fmt" + + "github.com/owncloud/ocis/ocis-pkg/config/defaults" +) + +func MissingMachineAuthApiKeyError(service string) error { + return fmt.Errorf("The Machineauth API key has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingJWTTokenError(service string) error { + return fmt.Errorf("jwt_secret has not been set properly in your config for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingRevaTransferSecretError(service string) error { + return fmt.Errorf("transfer_secret has not been set properly in your config for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingLDAPBindPassword(service string) error { + return fmt.Errorf("bind_password has not been set properly in your config for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingServiceUserPassword(service, serviceUser string) error { + return fmt.Errorf("password of service user %s has not been set properly in your config for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + serviceUser, service, defaults.BaseConfigPath()) +} diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index 2201bac98d7..f4cf19fc0bf 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -24,10 +24,24 @@ type Tracing struct { Collector string `yaml:"collector" env:"OCIS_TRACING_COLLECTOR"` } +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET" desc:"The secret to mint jwt tokens."` +} + +// Reva defines all available REVA configuration. +type Reva struct { + Address string `yaml:"address" env:"REVA_GATEWAY"` +} + // Commons holds configuration that are common to all extensions. Each extension can then decide whether // to overwrite its values. type Commons struct { - Log *Log `yaml:"log"` - Tracing *Tracing `yaml:"tracing"` - OcisURL string `yaml:"ocis_url" env:"OCIS_URL"` + Log *Log `yaml:"log"` + Tracing *Tracing `yaml:"tracing"` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL"` + TokenManager *TokenManager `yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` + TransferSecret string `yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` } diff --git a/ocis/pkg/command/accounts.go b/ocis/pkg/command/accounts.go index f8a56bfcc5b..8434e0c2f51 100644 --- a/ocis/pkg/command/accounts.go +++ b/ocis/pkg/command/accounts.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/accounts/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func AccountsCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Accounts.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Accounts), } diff --git a/ocis/pkg/command/audit.go b/ocis/pkg/command/audit.go index 638367a166b..884b79fb3eb 100644 --- a/ocis/pkg/command/audit.go +++ b/ocis/pkg/command/audit.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/audit/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func AuditCommand(cfg *config.Config) *cli.Command { Usage: "start audit service", Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Audit), } diff --git a/ocis/pkg/command/glauth.go b/ocis/pkg/command/glauth.go index ad91954eb03..bbe5af9e7fc 100644 --- a/ocis/pkg/command/glauth.go +++ b/ocis/pkg/command/glauth.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/glauth/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func GLAuthCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.GLAuth.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.GLAuth), } diff --git a/ocis/pkg/command/graph.go b/ocis/pkg/command/graph.go index 836ad44465d..34158e1cc31 100644 --- a/ocis/pkg/command/graph.go +++ b/ocis/pkg/command/graph.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/graph/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func GraphCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Graph.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Graph), } diff --git a/ocis/pkg/command/graphexplorer.go b/ocis/pkg/command/graphexplorer.go index 95be9e503ff..6e1f890fbd3 100644 --- a/ocis/pkg/command/graphexplorer.go +++ b/ocis/pkg/command/graphexplorer.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/graph-explorer/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func GraphExplorerCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.GraphExplorer.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.GraphExplorer), } diff --git a/ocis/pkg/command/idm.go b/ocis/pkg/command/idm.go index d768b6dc58b..86d3cae7778 100644 --- a/ocis/pkg/command/idm.go +++ b/ocis/pkg/command/idm.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/idm/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func IDMCommand(cfg *config.Config) *cli.Command { Usage: "idm extension commands", Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.IDM), } diff --git a/ocis/pkg/command/idp.go b/ocis/pkg/command/idp.go index 0c6828c5928..0f37a98c059 100644 --- a/ocis/pkg/command/idp.go +++ b/ocis/pkg/command/idp.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/idp/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func IDPCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.IDP.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.IDP), } diff --git a/ocis/pkg/command/init.go b/ocis/pkg/command/init.go new file mode 100644 index 00000000000..4c697011ccc --- /dev/null +++ b/ocis/pkg/command/init.go @@ -0,0 +1,84 @@ +package command + +import ( + "bufio" + "fmt" + "log" + "os" + "strings" + + "github.com/owncloud/ocis/ocis-pkg/config" + "github.com/owncloud/ocis/ocis-pkg/config/defaults" + ocisinit "github.com/owncloud/ocis/ocis/pkg/init" + "github.com/owncloud/ocis/ocis/pkg/register" + cli "github.com/urfave/cli/v2" +) + +// InitCommand is the entrypoint for the init command +func InitCommand(cfg *config.Config) *cli.Command { + return &cli.Command{ + Name: "init", + Usage: "initialise an ocis config", + Flags: []cli.Flag{ + &cli.StringFlag{ + Name: "insecure", + EnvVars: []string{"OCIS_INSECURE"}, + Value: "ask", + Usage: "Allow insecure oCIS config", + }, + &cli.BoolFlag{ + Name: "force-overwrite", + Aliases: []string{"f"}, + EnvVars: []string{"OCIS_FORCE_CONFIG_OVERWRITE"}, + Value: false, + Usage: "Force overwrite existing config file", + }, + &cli.StringFlag{ + Name: "config-path", + Value: defaults.BaseConfigPath(), + Usage: "Config path for the ocis runtime", + EnvVars: []string{"OCIS_CONFIG_DIR"}, + }, + &cli.StringFlag{ + Name: "admin-password", + Aliases: []string{"ap"}, + EnvVars: []string{"ADMIN_PASSWORD", "IDM_ADMIN_PASSWORD"}, + Usage: "Set admin password instead of using a random generated one", + }, + }, + Action: func(c *cli.Context) error { + insecureFlag := c.String("insecure") + insecure := false + if insecureFlag == "ask" { + answer := strings.ToLower(stringPrompt("Do want to configure oCIS with certificate checking disabled?\n This is not recommended for public instances! [yes | no = default]")) + if answer == "yes" || answer == "y" { + insecure = true + } + } else if insecureFlag == strings.ToLower("true") || insecureFlag == strings.ToLower("yes") || insecureFlag == strings.ToLower("y") { + insecure = true + } + err := ocisinit.CreateConfig(insecure, c.Bool("force-overwrite"), c.String("config-path"), c.String("admin-password")) + if err != nil { + log.Fatalf("Could not create config: %s", err) + } + return nil + }, + } +} + +func init() { + register.AddCommand(InitCommand) +} + +func stringPrompt(label string) string { + input := "" + reader := bufio.NewReader(os.Stdin) + for { + fmt.Fprint(os.Stderr, label+" ") + input, _ = reader.ReadString('\n') + if input != "" { + break + } + } + return strings.TrimSpace(input) +} diff --git a/ocis/pkg/command/natsserver.go b/ocis/pkg/command/natsserver.go index 1e7f3432317..6a46a1cc7a3 100644 --- a/ocis/pkg/command/natsserver.go +++ b/ocis/pkg/command/natsserver.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/nats/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func NatsServerCommand(cfg *config.Config) *cli.Command { Usage: "start nats server", Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Nats), } diff --git a/ocis/pkg/command/notifications.go b/ocis/pkg/command/notifications.go index f4108e299af..a6f1113d747 100644 --- a/ocis/pkg/command/notifications.go +++ b/ocis/pkg/command/notifications.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/notifications/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func NotificationsCommand(cfg *config.Config) *cli.Command { Usage: "start notifications service", Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Notifications), } diff --git a/ocis/pkg/command/ocs.go b/ocis/pkg/command/ocs.go index 2fae3beb95d..fdd76af613c 100644 --- a/ocis/pkg/command/ocs.go +++ b/ocis/pkg/command/ocs.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/ocs/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func OCSCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.OCS.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.OCS), } diff --git a/ocis/pkg/command/proxy.go b/ocis/pkg/command/proxy.go index 429ca83e19f..a23eec33cf3 100644 --- a/ocis/pkg/command/proxy.go +++ b/ocis/pkg/command/proxy.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/proxy/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func ProxyCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Proxy.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Proxy), } diff --git a/ocis/pkg/command/server.go b/ocis/pkg/command/server.go index 00b9c89da31..c4bba27eb08 100644 --- a/ocis/pkg/command/server.go +++ b/ocis/pkg/command/server.go @@ -1,9 +1,10 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" - "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis/pkg/register" "github.com/owncloud/ocis/ocis/pkg/runtime" "github.com/urfave/cli/v2" @@ -16,14 +17,13 @@ func Server(cfg *config.Config) *cli.Command { Usage: "start a fullstack server (runtime and all extensions in supervised mode)", Category: "fullstack", Before: func(c *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Action: func(c *cli.Context) error { - - cfg.Commons = &shared.Commons{ - Log: cfg.Log, - } - r := runtime.New(cfg) return r.Start() }, diff --git a/ocis/pkg/command/settings.go b/ocis/pkg/command/settings.go index 32c8b43e690..33032f30c0b 100644 --- a/ocis/pkg/command/settings.go +++ b/ocis/pkg/command/settings.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/settings/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func SettingsCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Settings.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Settings), } diff --git a/ocis/pkg/command/store.go b/ocis/pkg/command/store.go index e37d5ab79f1..12bda770f99 100644 --- a/ocis/pkg/command/store.go +++ b/ocis/pkg/command/store.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/store/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -16,7 +18,11 @@ func StoreCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Store.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Store), } diff --git a/ocis/pkg/command/thumbnails.go b/ocis/pkg/command/thumbnails.go index 8409c98dc07..ca6e693a02d 100644 --- a/ocis/pkg/command/thumbnails.go +++ b/ocis/pkg/command/thumbnails.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/thumbnails/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func ThumbnailsCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Thumbnails.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Thumbnails), } diff --git a/ocis/pkg/command/web.go b/ocis/pkg/command/web.go index 0b3ec822e24..70499da3fe7 100644 --- a/ocis/pkg/command/web.go +++ b/ocis/pkg/command/web.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/web/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -15,7 +17,11 @@ func WebCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.Web.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.Web), } diff --git a/ocis/pkg/command/webdav.go b/ocis/pkg/command/webdav.go index 7add32497fa..a87145ab4e8 100644 --- a/ocis/pkg/command/webdav.go +++ b/ocis/pkg/command/webdav.go @@ -1,6 +1,8 @@ package command import ( + "fmt" + "github.com/owncloud/ocis/extensions/webdav/pkg/command" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" @@ -16,7 +18,11 @@ func WebDAVCommand(cfg *config.Config) *cli.Command { Usage: subcommandDescription(cfg.WebDAV.Service.Name), Category: "extensions", Before: func(ctx *cli.Context) error { - return parser.ParseConfig(cfg) + err := parser.ParseConfig(cfg) + if err != nil { + fmt.Printf("%v", err) + } + return err }, Subcommands: command.GetCommands(cfg.WebDAV), } diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go new file mode 100644 index 00000000000..8b2ca85bf05 --- /dev/null +++ b/ocis/pkg/init/init.go @@ -0,0 +1,307 @@ +package init + +import ( + "fmt" + "io" + "io/ioutil" + "log" + "os" + "path" + "time" + + "github.com/owncloud/ocis/ocis-pkg/generators" + "gopkg.in/yaml.v2" +) + +const configFilename string = "ocis.yaml" // TODO: use also a constant for reading this file +const passwordLength int = 32 + +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret"` +} + +type InsecureExtension struct { + Insecure bool +} + +type InsecureProxyExtension struct { + Insecure_backends bool +} + +type DataProviderInsecureSettings struct { + Data_provider_insecure bool +} + +type LdapSettings struct { + Bind_password string +} +type LdapBasedExtension struct { + Ldap LdapSettings +} + +type GraphExtension struct { + Spaces InsecureExtension + Identity LdapBasedExtension +} + +type ServiceUserPasswordsSettings struct { + AdminPassword string `yaml:"admin_password"` + IdmPassword string `yaml:"idm_password"` + RevaPassword string `yaml:"reva_password"` + IdpPassword string `yaml:"idp_password"` +} +type IdmExtension struct { + ServiceUserPasswords ServiceUserPasswordsSettings `yaml:"service_user_passwords"` +} + +type FrontendExtension struct { + Archiver InsecureExtension + AppProvider InsecureExtension `yaml:"app_provider"` +} + +type AuthbasicExtension struct { + AuthProviders LdapBasedExtension `yaml:"auth_providers"` +} + +type AuthProviderSettings struct { + Oidc InsecureExtension +} +type AuthbearerExtension struct { + AuthProviders AuthProviderSettings `yaml:"auth_providers"` +} + +type UserAndGroupExtension struct { + Drivers LdapBasedExtension +} + +type ThumbnailSettings struct { + WebdavAllowInsecure bool `yaml:"webdav_allow_insecure"` + Cs3AllowInsecure bool `yaml:"cs3_allow_insecure"` +} + +type ThumbNailExtension struct { + Thumbnail ThumbnailSettings +} + +// TODO: use the oCIS config struct instead of this custom struct +// We can't use it right now, because it would need "omitempty" on +// all elements, in order to produce a slim config file with `ocis init`. +// We can't just add these "omitempty" tags, since we want to generate +// full example configuration files with that struct, too. +// Proposed solution to get rid of this temporary solution: +// - use the oCIS config struct +// - set the needed values like below +// - marshal it to yaml +// - unmarshal it into yaml.Node +// - recurse through the nodes and delete empty / default ones +// - marshal it to yaml +type OcisConfig struct { + TokenManager TokenManager `yaml:"token_manager"` + MachineAuthApiKey string `yaml:"machine_auth_api_key"` + TransferSecret string `yaml:"transfer_secret"` + Graph GraphExtension + Idp LdapBasedExtension + Idm IdmExtension + Proxy InsecureProxyExtension + Frontend FrontendExtension + AuthBasic AuthbasicExtension `yaml:"auth_basic"` + AuthBearer AuthbearerExtension `yaml:"auth_bearer"` + User UserAndGroupExtension + Group UserAndGroupExtension + StorageMetadata DataProviderInsecureSettings `yaml:"storage_metadata"` + StorageUsers DataProviderInsecureSettings `yaml:"storage_users"` + Ocdav InsecureExtension + Thumbnails ThumbNailExtension +} + +func checkConfigPath(configPath string) error { + targetPath := path.Join(configPath, configFilename) + if _, err := os.Stat(targetPath); err == nil { + return fmt.Errorf("config in %s already exists", targetPath) + } + return nil +} + +func backupOcisConfigFile(configPath string) (string, error) { + sourceConfig := path.Join(configPath, configFilename) + targetBackupConfig := path.Join(configPath, configFilename+"."+time.Now().Format("2006-01-02-15-04-05")+".backup") + source, err := os.Open(sourceConfig) + if err != nil { + log.Fatalf("Could not read %s (%s)", sourceConfig, err) + } + defer source.Close() + target, err := os.Create(targetBackupConfig) + if err != nil { + log.Fatalf("Could not generate backup %s (%s)", targetBackupConfig, err) + } + defer target.Close() + _, err = io.Copy(target, source) + if err != nil { + log.Fatalf("Could not write backup %s (%s)", targetBackupConfig, err) + } + return targetBackupConfig, nil +} + +// CreateConfig creates a config file with random passwords at configPath +func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword string) error { + err := checkConfigPath(configPath) + if err != nil && !forceOverwrite { + return err + } + targetBackupConfig := "" + if err != nil { + targetBackupConfig, err = backupOcisConfigFile(configPath) + if err != nil { + return err + } + } + err = os.MkdirAll(configPath, 0700) + if err != nil { + return err + } + + idmServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for idm: %s", err) + } + idpServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for idp: %s", err) + } + ocisAdminServicePassword := adminPassword + if ocisAdminServicePassword == "" { + ocisAdminServicePassword, err = generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for ocis admin: %s", err) + } + } + + revaServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for reva: %s", err) + } + tokenManagerJwtSecret, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for tokenmanager: %s", err) + } + machineAuthApiKey, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) + } + revaTransferSecret, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) + } + + cfg := OcisConfig{ + TokenManager: TokenManager{ + JWTSecret: tokenManagerJwtSecret, + }, + MachineAuthApiKey: machineAuthApiKey, + TransferSecret: revaTransferSecret, + Idm: IdmExtension{ + ServiceUserPasswords: ServiceUserPasswordsSettings{ + AdminPassword: ocisAdminServicePassword, + IdpPassword: idpServicePassword, + RevaPassword: revaServicePassword, + IdmPassword: idmServicePassword, + }, + }, + Idp: LdapBasedExtension{ + Ldap: LdapSettings{ + Bind_password: idpServicePassword, + }, + }, + AuthBasic: AuthbasicExtension{ + AuthProviders: LdapBasedExtension{ + Ldap: LdapSettings{ + Bind_password: revaServicePassword, + }, + }, + }, + Group: UserAndGroupExtension{ + Drivers: LdapBasedExtension{ + Ldap: LdapSettings{ + Bind_password: revaServicePassword, + }, + }, + }, + User: UserAndGroupExtension{ + Drivers: LdapBasedExtension{ + Ldap: LdapSettings{ + Bind_password: revaServicePassword, + }, + }, + }, + Graph: GraphExtension{ + Identity: LdapBasedExtension{ + Ldap: LdapSettings{ + Bind_password: idmServicePassword, + }, + }, + }, + } + + if insecure { + cfg.AuthBearer = AuthbearerExtension{ + AuthProviders: AuthProviderSettings{ + Oidc: InsecureExtension{ + Insecure: true, + }, + }, + } + cfg.Frontend = FrontendExtension{ + AppProvider: InsecureExtension{ + Insecure: true, + }, + Archiver: InsecureExtension{ + Insecure: true, + }, + } + cfg.Graph.Spaces = InsecureExtension{ + Insecure: true, + } + cfg.Ocdav = InsecureExtension{ + Insecure: true, + } + cfg.Proxy = InsecureProxyExtension{ + Insecure_backends: true, + } + cfg.StorageMetadata = DataProviderInsecureSettings{ + Data_provider_insecure: true, + } + cfg.StorageUsers = DataProviderInsecureSettings{ + Data_provider_insecure: true, + } + cfg.Thumbnails = ThumbNailExtension{ + Thumbnail: ThumbnailSettings{ + WebdavAllowInsecure: true, + Cs3AllowInsecure: true, + }, + } + } + + yamlOutput, err := yaml.Marshal(cfg) + if err != nil { + return fmt.Errorf("could not marshall config into yaml: %s", err) + } + targetPath := path.Join(configPath, configFilename) + err = ioutil.WriteFile(targetPath, yamlOutput, 0600) + if err != nil { + return err + } + fmt.Printf( + "\n=========================================\n"+ + " generated OCIS Config\n"+ + "=========================================\n"+ + " configpath : %s\n"+ + " user : admin\n"+ + " password : %s\n\n", + targetPath, ocisAdminServicePassword) + if targetBackupConfig != "" { + fmt.Printf("\n=========================================\n"+ + "An older config file has been backuped to\n %s\n\n", + targetBackupConfig) + } + return nil +}