From fdf28f73e6aac6003cfbe2f5ea4252431bd54e6b Mon Sep 17 00:00:00 2001 From: jkoberg Date: Thu, 1 Jun 2023 13:58:33 +0200 Subject: [PATCH] bump reva Signed-off-by: jkoberg --- go.mod | 2 + go.sum | 6 +- ocis/pkg/command/auth-service.go | 3 - .../reva/v2/pkg/auth/manager/loader/loader.go | 1 + .../v2/pkg/auth/manager/registry/registry.go | 4 +- .../serviceaccounts/serviceaccounts.go | 85 +++++++++++++++++++ .../reva/v2/pkg/events/postprocessing.go | 13 +++ .../cs3org/reva/v2/pkg/utils/grpc.go | 21 +++++ vendor/modules.txt | 4 +- 9 files changed, 130 insertions(+), 9 deletions(-) create mode 100644 vendor/github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts/serviceaccounts.go diff --git a/go.mod b/go.mod index 26f3dc3e91c..49f87775684 100644 --- a/go.mod +++ b/go.mod @@ -329,3 +329,5 @@ require ( ) replace github.com/cs3org/go-cs3apis => github.com/2403905/go-cs3apis v0.0.0-20230517122726-727045414fd1 + +replace github.com/cs3org/reva/v2 => github.com/kobergj/reva/v2 v2.0.0-20230613093505-a6260009f404 diff --git a/go.sum b/go.sum index c575bd8517e..db4b0fec81b 100644 --- a/go.sum +++ b/go.sum @@ -629,10 +629,6 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc= github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA= -github.com/cs3org/reva/v2 v2.14.1-0.20230608155229-cf1aa9641f93 h1:yRhkp28pdpSbEDX+XQtq5ZiZ8jLMRnmuEKwFj9AlzfY= -github.com/cs3org/reva/v2 v2.14.1-0.20230608155229-cf1aa9641f93/go.mod h1:E32krZG159YflDSjDWfx/QGIC2529PS5LiPnGNHu3d0= -github.com/cs3org/reva/v2 v2.14.1-0.20230612154151-5fbd21b664e1 h1:LN4ADWFL8SbuVDCN5d5b63swaEA8D7Ojt39AgUv46qA= -github.com/cs3org/reva/v2 v2.14.1-0.20230612154151-5fbd21b664e1/go.mod h1:E32krZG159YflDSjDWfx/QGIC2529PS5LiPnGNHu3d0= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI= github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= @@ -1186,6 +1182,8 @@ github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa02 github.com/klauspost/cpuid/v2 v2.0.4/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/klauspost/cpuid/v2 v2.1.0 h1:eyi1Ad2aNJMW95zcSbmGg7Cg6cq3ADwLpMAP96d8rF0= github.com/klauspost/cpuid/v2 v2.1.0/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= +github.com/kobergj/reva/v2 v2.0.0-20230613093505-a6260009f404 h1:8iWS2/9MD7WKibXXMiguZOASeZJZjDqTxhRtHiqGdH0= +github.com/kobergj/reva/v2 v2.0.0-20230613093505-a6260009f404/go.mod h1:E32krZG159YflDSjDWfx/QGIC2529PS5LiPnGNHu3d0= github.com/kolo/xmlrpc v0.0.0-20200310150728-e0350524596b/go.mod h1:o03bZfuBwAXHetKXuInt4S7omeXUu62/A845kiycsSQ= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= diff --git a/ocis/pkg/command/auth-service.go b/ocis/pkg/command/auth-service.go index 493b9d08686..e0796e9b61a 100644 --- a/ocis/pkg/command/auth-service.go +++ b/ocis/pkg/command/auth-service.go @@ -1,8 +1,6 @@ package command import ( - "fmt" - "github.com/owncloud/ocis/v2/ocis-pkg/config" "github.com/owncloud/ocis/v2/ocis-pkg/config/configlog" "github.com/owncloud/ocis/v2/ocis-pkg/config/parser" @@ -21,7 +19,6 @@ func AuthServiceCommand(cfg *config.Config) *cli.Command { Before: func(c *cli.Context) error { configlog.Error(parser.ParseConfig(cfg, true)) cfg.AuthService.Commons = cfg.Commons - fmt.Println("SERVICE", cfg.AuthService.Commons.TokenManager.JWTSecret) return nil }, Subcommands: command.GetCommands(cfg.AuthService), diff --git a/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/loader/loader.go b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/loader/loader.go index 694cd98c29f..9fcba055412 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/loader/loader.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/loader/loader.go @@ -30,5 +30,6 @@ import ( _ "github.com/cs3org/reva/v2/pkg/auth/manager/oidc" _ "github.com/cs3org/reva/v2/pkg/auth/manager/owncloudsql" _ "github.com/cs3org/reva/v2/pkg/auth/manager/publicshares" + _ "github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts" // Add your own here ) diff --git a/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/registry/registry.go b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/registry/registry.go index aea682f79d4..8d92a13e193 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/registry/registry.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/registry/registry.go @@ -18,7 +18,9 @@ package registry -import "github.com/cs3org/reva/v2/pkg/auth" +import ( + "github.com/cs3org/reva/v2/pkg/auth" +) // NewFunc is the function that auth implementations // should register to at init time. diff --git a/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts/serviceaccounts.go b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts/serviceaccounts.go new file mode 100644 index 00000000000..43b09b7d183 --- /dev/null +++ b/vendor/github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts/serviceaccounts.go @@ -0,0 +1,85 @@ +package serviceaccounts + +import ( + "context" + + authpb "github.com/cs3org/go-cs3apis/cs3/auth/provider/v1beta1" + userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" + + "github.com/cs3org/reva/v2/pkg/auth" + "github.com/cs3org/reva/v2/pkg/auth/manager/registry" + "github.com/cs3org/reva/v2/pkg/auth/scope" + "github.com/mitchellh/mapstructure" + "github.com/pkg/errors" +) + +type conf struct { + ServiceUsers []serviceuser `mapstructure:"service_accounts"` +} + +type serviceuser struct { + ID string `mapstructure:"id"` + Secret string `mapstructure:"secret"` +} + +type manager struct { + authenticate func(userID, secret string) error +} + +func init() { + registry.Register("serviceaccounts", New) +} + +// Configure parses the map conf +func (m *manager) Configure(config map[string]interface{}) error { + c := &conf{} + if err := mapstructure.Decode(config, c); err != nil { + return errors.Wrap(err, "error decoding conf") + } + // only inmem authenticator for now + a := &inmemAuthenticator{make(map[string]string)} + for _, s := range c.ServiceUsers { + // TODO: hash secrets + a.m[s.ID] = s.Secret + } + m.authenticate = a.Authenticate + return nil +} + +// New creates a new manager for the 'service' authentication +func New(conf map[string]interface{}) (auth.Manager, error) { + m := &manager{} + err := m.Configure(conf) + if err != nil { + return nil, err + } + + return m, nil +} + +// Authenticate authenticates the service account +func (m *manager) Authenticate(ctx context.Context, userID string, secret string) (*userpb.User, map[string]*authpb.Scope, error) { + if err := m.authenticate(userID, secret); err != nil { + return nil, nil, err + } + scope, err := scope.AddOwnerScope(nil) + if err != nil { + return nil, nil, err + } + return &userpb.User{ + // TODO: more details for service users? + Id: &userpb.UserId{OpaqueId: userID}, + }, scope, nil +} + +type inmemAuthenticator struct { + m map[string]string +} + +func (a *inmemAuthenticator) Authenticate(userID string, secret string) error { + // TODO: hash secrets + if a.m[userID] == secret { + return nil + } + return errors.New("secrets do not match") +} diff --git a/vendor/github.com/cs3org/reva/v2/pkg/events/postprocessing.go b/vendor/github.com/cs3org/reva/v2/pkg/events/postprocessing.go index 74968e28e31..0b010501120 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/events/postprocessing.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/events/postprocessing.go @@ -171,3 +171,16 @@ func (UploadReady) Unmarshal(v []byte) (interface{}, error) { err := json.Unmarshal(v, &e) return e, err } + +// ResumePostprocessing can be emitted to repair broken postprocessing +type ResumePostprocessing struct { + UploadID string + Timestamp *types.Timestamp +} + +// Unmarshal to fulfill umarshaller interface +func (ResumePostprocessing) Unmarshal(v []byte) (interface{}, error) { + e := ResumePostprocessing{} + err := json.Unmarshal(v, &e) + return e, err +} diff --git a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go index 3945d32e8cb..2088aa9bbb0 100644 --- a/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go +++ b/vendor/github.com/cs3org/reva/v2/pkg/utils/grpc.go @@ -37,6 +37,9 @@ func GetUser(userID *user.UserId, gwc gateway.GatewayAPIClient, machineAuthAPIKe // ImpersonateUser impersonates the given user func ImpersonateUser(usr *user.User, gwc gateway.GatewayAPIClient, machineAuthAPIKey string) (context.Context, error) { + if true { + return ImpersonateServiceUser("service-user-id", gwc, "secret-string") + } ctx := revactx.ContextSetUser(context.Background(), usr) authRes, err := gwc.Authenticate(ctx, &gateway.AuthenticateRequest{ Type: "machine", @@ -52,3 +55,21 @@ func ImpersonateUser(usr *user.User, gwc gateway.GatewayAPIClient, machineAuthAP return metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, authRes.Token), nil } + +// ImpersonateServiceUser impersonates the given user +func ImpersonateServiceUser(userID string, gwc gateway.GatewayAPIClient, machineAuthAPIKey string) (context.Context, error) { + ctx := context.Background() + authRes, err := gwc.Authenticate(ctx, &gateway.AuthenticateRequest{ + Type: "serviceaccounts", + ClientId: userID, + ClientSecret: machineAuthAPIKey, + }) + if err != nil { + return nil, err + } + if authRes.GetStatus().GetCode() != rpc.Code_CODE_OK { + return nil, fmt.Errorf("error impersonating user: %s", authRes.Status.Message) + } + + return metadata.AppendToOutgoingContext(ctx, revactx.TokenHeader, authRes.Token), nil +} diff --git a/vendor/modules.txt b/vendor/modules.txt index f483caad5ec..7cc4c5d7d27 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -352,7 +352,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1 github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1 github.com/cs3org/go-cs3apis/cs3/tx/v1beta1 github.com/cs3org/go-cs3apis/cs3/types/v1beta1 -# github.com/cs3org/reva/v2 v2.14.1-0.20230612154151-5fbd21b664e1 +# github.com/cs3org/reva/v2 v2.14.1-0.20230612154151-5fbd21b664e1 => github.com/kobergj/reva/v2 v2.0.0-20230613093505-a6260009f404 ## explicit; go 1.20 github.com/cs3org/reva/v2/cmd/revad/internal/grace github.com/cs3org/reva/v2/cmd/revad/runtime @@ -469,6 +469,7 @@ github.com/cs3org/reva/v2/pkg/auth/manager/owncloudsql github.com/cs3org/reva/v2/pkg/auth/manager/owncloudsql/accounts github.com/cs3org/reva/v2/pkg/auth/manager/publicshares github.com/cs3org/reva/v2/pkg/auth/manager/registry +github.com/cs3org/reva/v2/pkg/auth/manager/serviceaccounts github.com/cs3org/reva/v2/pkg/auth/registry/loader github.com/cs3org/reva/v2/pkg/auth/registry/registry github.com/cs3org/reva/v2/pkg/auth/registry/static @@ -2167,3 +2168,4 @@ stash.kopano.io/kgol/oidc-go ## explicit; go 1.13 stash.kopano.io/kgol/rndm # github.com/cs3org/go-cs3apis => github.com/2403905/go-cs3apis v0.0.0-20230517122726-727045414fd1 +# github.com/cs3org/reva/v2 => github.com/kobergj/reva/v2 v2.0.0-20230613093505-a6260009f404