cs3org · ishank011 · Feb 14, 2022 · Aug 18, 2021 · Oct 15, 2021 · Dec 13, 2021
@@ -0,0 +1,15 @@
+Enhancement: Add support for HTTP TPC
+
+We have added support for HTTP Third Party Copy.
+This allows remote data transfers between storages managed by either two different reva servers,
+or a reva server and a Grid (WLCG/ESCAPE) site server.
+
+Such remote transfers are expected to be driven by [GFAL](https://cern.ch/dmc-docs/gfal2/gfal2.html),
+the underlying library used by [FTS](https://cern.ch/fts), and [Rucio](https://rucio.cern.ch).
+
+In addition, the oidcmapping package has been refactored to
+support the standard OIDC use cases as well when no mapping
+is defined.
+
+https://github.com/cs3org/reva/issues/1787
+https://github.com/cs3org/reva/pull/2007
@@ -9,58 +9,74 @@ description: >
 # _struct: config_
 
 {{% dir name="insecure" type="bool" default=false %}}
-Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L57)
+Whether to skip certificate checks when sending requests. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L59)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 insecure = false
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="issuer" type="string" default="" %}}
-The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L58)
+The issuer of the OIDC token. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L60)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 issuer = ""
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="id_claim" type="string" default="sub" %}}
-The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L59)
+The claim containing the ID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L61)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 id_claim = "sub"
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="uid_claim" type="string" default="" %}}
-The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L60)
+The claim containing the UID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L62)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 uid_claim = ""
 {{< /highlight >}}
 {{% /dir %}}
 
 {{% dir name="gid_claim" type="string" default="" %}}
-The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L61)
+The claim containing the GID of the user. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L63)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 gid_claim = ""
 {{< /highlight >}}
 {{% /dir %}}
 
+{{% dir name="gatewaysvc" type="string" default="" %}}
+The endpoint at which the GRPC gateway is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L64)
+{{< highlight toml >}}
+[auth.manager.oidcmapping]
+gatewaysvc = ""
+{{< /highlight >}}
+{{% /dir %}}
+
 {{% dir name="userprovidersvc" type="string" default="" %}}
-The endpoint at which the GRPC userprovider is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L62)
+The endpoint at which the GRPC userprovider is exposed. [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L65)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
 userprovidersvc = ""
 {{< /highlight >}}
 {{% /dir %}}
 
-{{% dir name="usersmapping" type="string" default="" %}}
- The OIDC users mapping file path [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L63)
+{{% dir name="users_mapping" type="string" default="" %}}
+ The optional OIDC users mapping file path [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L66)
+{{< highlight toml >}}
+[auth.manager.oidcmapping]
+users_mapping = ""
+{{< /highlight >}}
+{{% /dir %}}
+
+{{% dir name="group_claim" type="string" default="" %}}
+ The group claim to be looked up to map the user (default to 'groups'). [[Ref]](https://github.com/cs3org/reva/tree/master/pkg/auth/manager/oidcmapping/oidcmapping.go#L67)
 {{< highlight toml >}}
 [auth.manager.oidcmapping]
-usersmapping = ""
+group_claim = ""
 {{< /highlight >}}
 {{% /dir %}}
 
@@ -12,12 +12,18 @@ auth_manager = "oidcmapping"
 [grpc.services.authprovider.auth_managers.json]
 users = "users.json"
 [grpc.services.authprovider.auth_managers.oidcmapping]
-issuer = "http://iam-login-service:8080/"
-userprovidersvc = "0.0.0.0:13000"
+gatewaysvc = "localhost:19000"
+issuer = "https://iam-escape.cloud.cnaf.infn.it/"
+# ESCAPE adopted the WLCG groups as group claims
+group_claim = "wlcg.groups"
 # The OIDC users mapping file path
-usersmapping = "/go/src/github/cs3org/reva/examples/oidc-mapping/users-oidcmapping.json"
+users_mapping = "users-oidcmapping-1.demo.json"
+# If your local identity provider service configuration includes further claims,
+# please configure them also here
+#uid_claim = ""
+#gid_claim = ""
 
 [grpc.services.userprovider]
 driver = "json"
 [grpc.services.userprovider.drivers.json]
-users = "users.json"
+users = "users.demo.json"
@@ -0,0 +1,29 @@
+[shared]
+jwt_secret = "Pive-Fumkiu4"
+
+# This toml config file will start a reva service that:
+# - handles user metadata and user preferences
+# - serves the grpc services on port 14000
+[grpc]
+address = "0.0.0.0:14000"
+
+[grpc.services.authprovider]
+auth_manager = "oidcmapping"
+[grpc.services.authprovider.auth_managers.json]
+users = "users.json"
+[grpc.services.authprovider.auth_managers.oidcmapping]
+gatewaysvc = "localhost:17000"
+issuer = "https://iam-escape.cloud.cnaf.infn.it/"
+# ESCAPE adopted the WLCG groups as group claims
+group_claim = "wlcg.groups"
+# The OIDC users mapping file path
+users_mapping = "users-oidcmapping-2.demo.json"
+# If your local identity provider service configuration includes further claims,
+# please configure them also here
+#uid_claim = ""
+#gid_claim = ""
+
+[grpc.services.userprovider]
+driver = "json"
+[grpc.services.userprovider.drivers.json]
+users = "users.demo.json"
@@ -0,0 +1,198 @@
+[
+	{
+		"name": "cernbox",
+		"full_name": "CERNBox",
+		"organization": "CERN",
+		"domain": "cernbox.cern.ch",
+		"homepage": "https://cernbox.web.cern.ch",
+		"description": "CERNBox provides cloud data storage to all CERN users.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "CERNBox Open Cloud Mesh API"
+					},
+					"name": "CERNBox - OCM API",
+					"path": "http://127.0.0.1:19001/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Webdav",
+						"description": "CERNBox Webdav API"
+					},
+					"name": "CERNBox - Webdav API",
+					"path": "http://127.0.0.1:19001/remote.php/webdav/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Gateway",
+						"description": "CERNBox GRPC Gateway"
+					},
+					"name": "CERNBox - GRPC Gateway",
+					"path": "127.0.0.1:19000",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "127.0.0.1:19000"
+			}
+		]
+	},
+	{
+		"name": "oc-cesnet",
+		"full_name": "ownCloud@CESNET",
+		"organization": "CESNET",
+		"domain": "cesnet.cz",
+		"homepage": "https://owncloud.cesnet.cz",
+		"description": "OwnCloud has been designed for individual users.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "CESNET Open Cloud Mesh API"
+					},
+					"name": "CESNET - OCM API",
+					"path": "http://127.0.0.1:17001/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:17001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Webdav",
+						"description": "CESNET Webdav API"
+					},
+					"name": "CESNET - Webdav API",
+					"path": "http://127.0.0.1:17001/remote.php/webdav/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:17001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Gateway",
+						"description": "CESNET GRPC Gateway"
+					},
+					"name": "CESNET - GRPC Gateway",
+					"path": "127.0.0.1:17000",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "127.0.0.1:17000"
+			}
+		]
+	},
+	{
+		"name": "example",
+		"full_name": "ownCloud@Example",
+		"organization": "Example",
+		"domain": "example.org",
+		"homepage": "http://example.org",
+		"description": "Example cloud storage.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "Example Open Cloud Mesh API"
+					},
+					"name": "Example - OCM API",
+					"path": "http://127.0.0.1:19001/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Webdav",
+						"description": "Example Webdav API"
+					},
+					"name": "Example - Webdav API",
+					"path": "http://127.0.0.1:19001/remote.php/webdav/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Gateway",
+						"description": "Example GRPC Gateway"
+					},
+					"name": "Example - GRPC Gateway",
+					"path": "127.0.0.1:19000",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "127.0.0.1:19000"
+			}
+		]
+	},
+	{
+		"name": "test",
+		"full_name": "ownCloud@Test",
+		"organization": "Test",
+		"domain": "test.org",
+		"homepage": "http://test.org",
+		"description": "Test cloud storage.",
+		"services": [
+			{
+				"endpoint": {
+					"type": {
+						"name": "OCM",
+						"description": "Test Open Cloud Mesh API"
+					},
+					"name": "Test - OCM API",
+					"path": "http://127.0.0.1:19001/ocm/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Webdav",
+						"description": "Test Webdav API"
+					},
+					"name": "Test - Webdav API",
+					"path": "http://127.0.0.1:19001/remote.php/webdav/",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "http://127.0.0.1:19001/"
+			},
+			{
+				"endpoint": {
+					"type": {
+						"name": "Gateway",
+						"description": "Test GRPC Gateway"
+					},
+					"name": "Test - GRPC Gateway",
+					"path": "127.0.0.1:19000",
+					"is_monitored": true
+				},
+				"api_version": "0.0.1",
+				"host": "127.0.0.1:19000"
+			}
+		]
+	}
+]