From 16670b6d7db5e683cfc8cf95088d29444e4bd7d6 Mon Sep 17 00:00:00 2001 From: Ralf Haferkamp Date: Wed, 26 Oct 2022 16:24:56 +0200 Subject: [PATCH] Unify TLS configuration for all grpc services All grpc service (whether they're based on reva) or go-micro use the same set of config vars now. TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED, OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables. TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables. There are no individual per service config vars currently. If really needed, per service tls configurations can be specified via config file. --- ocis-pkg/config/config.go | 10 ++--- ocis-pkg/config/parser/parse.go | 16 +++---- ocis-pkg/service/grpc/client.go | 6 +-- ocis-pkg/shared/reva.go | 6 +-- ocis-pkg/shared/shared_types.go | 45 +++++++++---------- ocis/pkg/command/server.go | 2 +- services/app-provider/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../app-provider/pkg/revaconfig/config.go | 6 +-- services/app-registry/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 11 ++++- .../app-registry/pkg/revaconfig/config.go | 6 +-- services/auth-basic/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 11 ++++- services/auth-basic/pkg/revaconfig/config.go | 6 +-- services/auth-bearer/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- services/auth-bearer/pkg/revaconfig/config.go | 6 +-- services/auth-machine/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../auth-machine/pkg/revaconfig/config.go | 6 +-- .../pkg/config/defaults/defaultconfig.go | 3 +- services/gateway/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- services/gateway/pkg/revaconfig/config.go | 6 +-- services/graph/pkg/command/server.go | 2 +- services/graph/pkg/config/config.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 10 ++--- services/graph/pkg/service/v0/graph_test.go | 4 +- services/groups/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- services/groups/pkg/revaconfig/config.go | 6 +-- .../idp/pkg/config/defaults/defaultconfig.go | 3 +- .../notifications/pkg/channels/channels.go | 4 +- services/notifications/pkg/command/server.go | 4 +- services/notifications/pkg/config/config.go | 13 +++--- .../pkg/config/defaults/defaultconfig.go | 10 +++-- .../pkg/config/defaults/defaultconfig.go | 3 +- services/ocs/pkg/command/server.go | 2 +- services/ocs/pkg/config/config.go | 2 +- .../ocs/pkg/config/defaults/defaultconfig.go | 13 +++--- services/proxy/pkg/command/server.go | 2 +- services/proxy/pkg/config/config.go | 2 +- .../pkg/config/defaults/defaultconfig.go | 13 +++--- services/search/pkg/command/server.go | 2 +- services/search/pkg/config/config.go | 4 +- .../pkg/config/defaults/defaultconfig.go | 25 +++++------ services/search/pkg/server/grpc/server.go | 6 +-- services/settings/pkg/command/server.go | 2 +- services/settings/pkg/config/config.go | 4 +- .../pkg/config/defaults/defaultconfig.go | 22 ++++----- services/settings/pkg/server/grpc/server.go | 6 +-- services/sharing/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- services/sharing/pkg/revaconfig/config.go | 6 +-- .../storage-publiclink/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../pkg/revaconfig/config.go | 6 +-- services/storage-shares/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../storage-shares/pkg/revaconfig/config.go | 6 +-- services/storage-system/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../storage-system/pkg/revaconfig/config.go | 6 +-- services/storage-users/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- .../storage-users/pkg/revaconfig/config.go | 6 +-- services/storage-users/pkg/revaconfig/user.go | 4 +- services/store/pkg/command/server.go | 2 +- services/store/pkg/config/config.go | 4 +- .../pkg/config/defaults/defaultconfig.go | 22 ++++----- services/store/pkg/server/grpc/server.go | 6 +-- services/thumbnails/pkg/command/server.go | 2 +- services/thumbnails/pkg/config/config.go | 22 +++++---- .../pkg/config/defaults/defaultconfig.go | 32 +++++++------ services/thumbnails/pkg/server/grpc/server.go | 10 ++--- services/users/pkg/config/config.go | 10 ++--- .../pkg/config/defaults/defaultconfig.go | 12 ++++- services/users/pkg/revaconfig/config.go | 6 +-- services/webdav/pkg/command/server.go | 2 +- services/webdav/pkg/config/config.go | 12 +++-- .../pkg/config/defaults/defaultconfig.go | 18 ++++---- services/webdav/pkg/service/v0/service.go | 4 +- 83 files changed, 407 insertions(+), 343 deletions(-) diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index d1ec9e96e22..287efb3411a 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -56,11 +56,11 @@ type Runtime struct { type Config struct { *shared.Commons `yaml:"shared"` - Tracing *shared.Tracing `yaml:"tracing"` - Log *shared.Log `yaml:"log"` - CacheStore *shared.CacheStore `yaml:"cache_store"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + Tracing *shared.Tracing `yaml:"tracing"` + Log *shared.Log `yaml:"log"` + CacheStore *shared.CacheStore `yaml:"cache_store"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` Mode Mode // DEPRECATED File string diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go index 7c62c4c5903..3063de201b2 100644 --- a/ocis-pkg/config/parser/parse.go +++ b/ocis-pkg/config/parser/parse.go @@ -51,11 +51,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.CacheStore == nil { cfg.CacheStore = &shared.CacheStore{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} } } @@ -101,12 +101,12 @@ func EnsureCommons(cfg *config.Config) { cfg.Commons.CacheStore = &shared.CacheStore{} } - if cfg.MicroGRPCClient != nil { - cfg.Commons.MicroGRPCClient = cfg.MicroGRPCClient + if cfg.GRPCClientTLS != nil { + cfg.Commons.GRPCClientTLS = cfg.GRPCClientTLS } - if cfg.MicroGRPCService != nil { - cfg.Commons.MicroGRPCService = cfg.MicroGRPCService + if cfg.GRPCServiceTLS != nil { + cfg.Commons.GRPCServiceTLS = cfg.GRPCServiceTLS } // copy token manager to the commons part if set diff --git a/ocis-pkg/service/grpc/client.go b/ocis-pkg/service/grpc/client.go index 37c86fdc092..97bf94b9a2a 100644 --- a/ocis-pkg/service/grpc/client.go +++ b/ocis-pkg/service/grpc/client.go @@ -91,10 +91,10 @@ func DefaultClient() client.Client { return defaultClient } -func GetClientOptions(mc *shared.MicroGRPCClient) []ClientOption { +func GetClientOptions(t *shared.GRPCClientTLS) []ClientOption { opts := []ClientOption{ - WithTLSMode(mc.TLSMode), - WithTLSCACert(mc.TLSCACert), + WithTLSMode(t.Mode), + WithTLSCACert(t.CACert), } return opts } diff --git a/ocis-pkg/shared/reva.go b/ocis-pkg/shared/reva.go index 4f43ca90875..cc38370903e 100644 --- a/ocis-pkg/shared/reva.go +++ b/ocis-pkg/shared/reva.go @@ -13,7 +13,7 @@ func DefaultRevaConfig() *Reva { } func (r *Reva) GetRevaOptions() []pool.Option { - tm, _ := pool.StringToTLSMode(r.TLSMode) + tm, _ := pool.StringToTLSMode(r.TLS.Mode) opts := []pool.Option{ pool.WithTLSMode(tm), } @@ -22,7 +22,7 @@ func (r *Reva) GetRevaOptions() []pool.Option { func (r *Reva) GetGRPCClientConfig() map[string]interface{} { return map[string]interface{}{ - "tls_mode": r.TLSMode, - "tls_cacert": r.TLSCACert, + "tls_mode": r.TLS.Mode, + "tls_cacert": r.TLS.CACert, } } diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index 5e01992747c..e2282ece150 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -31,20 +31,19 @@ type TokenManager struct { // Reva defines all available REVA client configuration. type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` - TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` - TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` + Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + TLS GRPCClientTLS `yaml:"tls"` } -type MicroGRPCClient struct { - TLSMode string `yaml:"tls_mode" env:"OCIS_MICRO_GRPC_CLIENT_TLS_MODE" desc:"TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` - TLSCACert string `yaml:"tls_cacert env:"OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" desc:"The root CA certificate used to validate TLS server certificates of the go-micro based grpc services."` +type GRPCClientTLS struct { + Mode string `yaml:"tls_mode" env:"OCIS_GRPC_CLIENT_TLS_MODE" desc:"TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` + CACert string `yaml:"tls_cacert env:"OCIS_GRPC_CLIENT_TLS_CACERT" desc:"The root CA certificate used to validate TLS server certificates of the go-micro based grpc services."` } -type MicroGRPCService struct { - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_MICRO_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_MICRO_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the go-micro based grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_MICRO_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the go-micro based grpc services."` +type GRPCServiceTLS struct { + Enabled bool `yaml:"enabled" env:"OCIS_GRPC_TLS_ENABLED"` + Cert string `yaml:"cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the grpc services."` + Key string `yaml:"key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services."` } type CacheStore struct { @@ -56,17 +55,17 @@ type CacheStore struct { // Commons holds configuration that are common to all extensions. Each extension can then decide whether // to overwrite its values. type Commons struct { - Log *Log `yaml:"log"` - Tracing *Tracing `yaml:"tracing"` - CacheStore *CacheStore `yaml:"cache_store"` - MicroGRPCClient *MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *MicroGRPCService `yaml:"micro_grpc_service"` - OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` - TokenManager *TokenManager `mask:"struct" yaml:"token_manager"` - Reva *Reva `yaml:"reva"` - MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` - TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` - SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."` - SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"` - AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."` + Log *Log `yaml:"log"` + Tracing *Tracing `yaml:"tracing"` + CacheStore *CacheStore `yaml:"cache_store"` + GRPCClientTLS *GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *GRPCServiceTLS `yaml:"grpc_service_tls"` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` + TokenManager *TokenManager `mask:"struct" yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` + TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` + SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."` + SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"` + AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."` } diff --git a/ocis/pkg/command/server.go b/ocis/pkg/command/server.go index d8c2ca95201..25057f58a08 100644 --- a/ocis/pkg/command/server.go +++ b/ocis/pkg/command/server.go @@ -23,7 +23,7 @@ func Server(cfg *config.Config) *cli.Command { Action: func(c *cli.Context) error { // Prefer the in-memory registry as the default when running in single-binary mode registry.Configure("memory") - err := grpc.Configure(grpc.GetClientOptions(cfg.MicroGRPCClient)...) + err := grpc.Configure(grpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index 2b62c23280e..66e6003e38f 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 92e000dc176..c9605d04738 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -66,8 +66,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -80,6 +79,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/app-provider/pkg/revaconfig/config.go b/services/app-provider/pkg/revaconfig/config.go index bf152659907..5cc523f5539 100644 --- a/services/app-provider/pkg/revaconfig/config.go +++ b/services/app-provider/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "appprovider": map[string]interface{}{ diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index b44287a19e5..1b502a1a345 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -50,12 +50,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AppRegistry struct { diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index 1efd04bcc9f..b898eb0e3da 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -131,8 +131,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -146,6 +145,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } // Sanitize the config diff --git a/services/app-registry/pkg/revaconfig/config.go b/services/app-registry/pkg/revaconfig/config.go index f3e0d5ae93f..6561e0c9aaa 100644 --- a/services/app-registry/pkg/revaconfig/config.go +++ b/services/app-registry/pkg/revaconfig/config.go @@ -25,9 +25,9 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "appregistry": map[string]interface{}{ diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index 26aea8518c4..d9ed81ebb20 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AuthProviders struct { diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index a926b940822..fd715c8550b 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -105,8 +105,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -120,6 +119,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-basic/pkg/revaconfig/config.go b/services/auth-basic/pkg/revaconfig/config.go index f47f04bf494..f477f90d585 100644 --- a/services/auth-basic/pkg/revaconfig/config.go +++ b/services/auth-basic/pkg/revaconfig/config.go @@ -21,9 +21,9 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index d3bc9abe878..39c77ee2639 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type OIDC struct { diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 42117bc104b..8179820a404 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -64,8 +64,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -78,6 +77,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-bearer/pkg/revaconfig/config.go b/services/auth-bearer/pkg/revaconfig/config.go index 1445fbab4d1..d51198b3c60 100644 --- a/services/auth-bearer/pkg/revaconfig/config.go +++ b/services/auth-bearer/pkg/revaconfig/config.go @@ -21,9 +21,9 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index 9989c7c35f0..431d46560e9 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -51,10 +51,8 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index 679e61a1fc1..6c986143cf9 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -59,8 +59,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -77,6 +76,15 @@ func EnsureDefaults(cfg *config.Config) { if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-machine/pkg/revaconfig/config.go b/services/auth-machine/pkg/revaconfig/config.go index a72300e47bf..e67b05485d4 100644 --- a/services/auth-machine/pkg/revaconfig/config.go +++ b/services/auth-machine/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 49b8a58dc52..8ea2e8375c3 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -98,8 +98,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 46d37ecbcbe..4b27f67b73f 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -73,12 +73,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageRegistry struct { diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index a35b54dfefb..3aa2e3b0b01 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -88,8 +88,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -106,6 +105,15 @@ func EnsureDefaults(cfg *config.Config) { if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" { cfg.TransferSecret = cfg.Commons.TransferSecret } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index 25ae057ca87..30d531f91b9 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -30,9 +30,9 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/graph/pkg/command/server.go b/services/graph/pkg/command/server.go index f326d4f03e9..e962eb29a2d 100644 --- a/services/graph/pkg/command/server.go +++ b/services/graph/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 637f9e6aef8..82d54b4bf14 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -21,7 +21,7 @@ type Config struct { Reva *shared.Reva `yaml:"reva"` TokenManager *TokenManager `yaml:"token_manager"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Spaces Spaces `yaml:"spaces"` Identity Identity `yaml:"identity"` diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 4608ae33bb3..eb3ad18fd6e 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -114,11 +114,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/graph/pkg/service/v0/graph_test.go b/services/graph/pkg/service/v0/graph_test.go index f56e95a5d89..6eff1f2da10 100644 --- a/services/graph/pkg/service/v0/graph_test.go +++ b/services/graph/pkg/service/v0/graph_test.go @@ -42,9 +42,9 @@ var _ = Describe("Graph", func() { cfg.Identity.LDAP.CACert = "" // skip the startup checks, we don't use LDAP at all in this tests cfg.TokenManager.JWTSecret = "loremipsum" cfg.Commons = &shared.Commons{} - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} - _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) gatewayClient = &mocks.GatewayClient{} eventsPublisher = mocks.Publisher{} svc = service.NewService( diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 8d9d962a661..ee6a903a692 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type Drivers struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 594f88518d8..dcc0ddc5b79 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -106,8 +106,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -120,6 +119,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 2209e784b9f..f9bef1ddd7d 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 71ef857f55a..65e6eed7e12 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -154,8 +154,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index 0a27b1f14d5..7eaa7cb5a9d 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,13 +27,13 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode) if err != nil { logger.Error().Err(err).Msg("could not get gateway client tls mode") return nil, err } gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway, - pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index b1902689933..e761f858817 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,13 +77,13 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode) if err != nil { return err } gwclient, err := pool.GetGatewayServiceClient( cfg.Notifications.RevaGateway, - pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/notifications/pkg/config/config.go b/services/notifications/pkg/config/config.go index 7d5fb3be0b2..fc3847236c3 100644 --- a/services/notifications/pkg/config/config.go +++ b/services/notifications/pkg/config/config.go @@ -22,13 +22,12 @@ type Config struct { // Notifications defines the config options for the notifications service. type Notifications struct { - SMTP SMTP `yaml:"SMTP"` - Events Events `yaml:"events"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` - EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` - RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + SMTP SMTP `yaml:"SMTP"` + Events Events `yaml:"events"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` + EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` } // SMTP combines the smtp configuration options. diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 552d9f560f8..fd61a028b46 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + RevaGateway: shared.DefaultRevaConfig().Address, }, } } @@ -60,6 +58,12 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + if cfg.Notifications.GRPCClientTLS == nil { + cfg.Notifications.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.Notifications.GRPCClientTLS = cfg.Commons.GRPCClientTLS + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 8739f0cc975..121b3f35fbf 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -81,8 +81,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/command/server.go b/services/ocs/pkg/command/server.go index bb70c59092e..6b6ab26a463 100644 --- a/services/ocs/pkg/command/server.go +++ b/services/ocs/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/ocs/pkg/config/config.go b/services/ocs/pkg/config/config.go index 0395f6c51da..1020982184e 100644 --- a/services/ocs/pkg/config/config.go +++ b/services/ocs/pkg/config/config.go @@ -21,7 +21,7 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` IdentityManagement IdentityManagement `yaml:"identity_management"` diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 95d4939a54d..0301a04d576 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -81,8 +81,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -100,11 +99,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 7ff29220191..cca24fd2b39 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -51,7 +51,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/proxy/pkg/config/config.go b/services/proxy/pkg/config/config.go index 916b6bf64f9..995af47cd00 100644 --- a/services/proxy/pkg/config/config.go +++ b/services/proxy/pkg/config/config.go @@ -19,7 +19,7 @@ type Config struct { HTTP HTTP `yaml:"http"` Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Policies []Policy `yaml:"policies"` OIDC OIDC `yaml:"oidc"` diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 1f8c81b305d..615ca4ce2f4 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -243,18 +243,17 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/search/pkg/command/server.go b/services/search/pkg/command/server.go index 3d019e3af2e..789964bd0f2 100644 --- a/services/search/pkg/command/server.go +++ b/services/search/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/search/pkg/config/config.go b/services/search/pkg/config/config.go index 841eafee294..b940c482b36 100644 --- a/services/search/pkg/config/config.go +++ b/services/search/pkg/config/config.go @@ -20,8 +20,8 @@ type Config struct { Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."` Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` Events Events `yaml:"events"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;SEARCH_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index 6b523142b51..7b660a7f1fb 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -73,25 +73,24 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPCServiceTLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPCServiceTLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPCServiceTLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/search/pkg/server/grpc/server.go b/services/search/pkg/server/grpc/server.go index 8dfe3888a36..ac736483c43 100644 --- a/services/search/pkg/server/grpc/server.go +++ b/services/search/pkg/server/grpc/server.go @@ -12,10 +12,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPCServiceTLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPCServiceTLS.Cert, + options.Config.GRPCServiceTLS.Key, ), grpc.Name(options.Config.Service.Name), grpc.Context(options.Context), diff --git a/services/settings/pkg/command/server.go b/services/settings/pkg/command/server.go index c059ad10ce9..0d989314eba 100644 --- a/services/settings/pkg/command/server.go +++ b/services/settings/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/settings/pkg/config/config.go b/services/settings/pkg/config/config.go index c14e340e330..26bfdb38269 100644 --- a/services/settings/pkg/config/config.go +++ b/services/settings/pkg/config/config.go @@ -19,8 +19,8 @@ type Config struct { HTTP HTTP `yaml:"http"` GRPC GRPC `yaml:"grpc"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` StoreType string `yaml:"store_type" env:"SETTINGS_STORE_TYPE" desc:"Store type configures the persistency driver. Supported values are \"metadata\" and \"filesystem\"."` DataPath string `yaml:"data_path" env:"SETTINGS_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings."` diff --git a/services/settings/pkg/config/defaults/defaultconfig.go b/services/settings/pkg/config/defaults/defaultconfig.go index e183a2f3777..7b490bced0e 100644 --- a/services/settings/pkg/config/defaults/defaultconfig.go +++ b/services/settings/pkg/config/defaults/defaultconfig.go @@ -102,19 +102,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.AdminUserID = cfg.Commons.AdminUserID } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPCServiceTLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPCServiceTLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPCServiceTLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/settings/pkg/server/grpc/server.go b/services/settings/pkg/server/grpc/server.go index b70b7545e3a..a10d49a2dea 100644 --- a/services/settings/pkg/server/grpc/server.go +++ b/services/settings/pkg/server/grpc/server.go @@ -17,10 +17,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPCServiceTLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPCServiceTLS.Cert, + options.Config.GRPCServiceTLS.Key, ), grpc.Logger(options.Logger), grpc.Name(options.Name), diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 83e11bb048e..475ad0f09d8 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -55,12 +55,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type UserSharingDrivers struct { diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index cbf0cd12201..2fbe6926a60 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -102,8 +102,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -117,6 +116,15 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } + if cfg.UserSharingDrivers.CS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" { cfg.UserSharingDrivers.CS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey } diff --git a/services/sharing/pkg/revaconfig/config.go b/services/sharing/pkg/revaconfig/config.go index cfef6b52040..eb24939c873 100644 --- a/services/sharing/pkg/revaconfig/config.go +++ b/services/sharing/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 34d9620c56d..7a01fc0b7ea 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageProvider struct { diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index cdd955b3945..e32ecaa2ae2 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -62,8 +62,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-publiclink/pkg/revaconfig/config.go b/services/storage-publiclink/pkg/revaconfig/config.go index af366d76301..084195426b3 100644 --- a/services/storage-publiclink/pkg/revaconfig/config.go +++ b/services/storage-publiclink/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "interceptors": map[string]interface{}{ "log": map[string]interface{}{}, diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 5e5c7d23e6c..cd73f6241e8 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -53,10 +53,8 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index 0b8836200d1..6226cbdfe4d 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -62,8 +62,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-shares/pkg/revaconfig/config.go b/services/storage-shares/pkg/revaconfig/config.go index cb9f9dd5c72..e230e6bc7b2 100644 --- a/services/storage-shares/pkg/revaconfig/config.go +++ b/services/storage-shares/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "sharesstorageprovider": map[string]interface{}{ diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index eae54daec5f..65366cdc8ab 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -56,12 +56,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index c8738826160..01070f17020 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -74,8 +74,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -97,6 +96,15 @@ func EnsureDefaults(cfg *config.Config) { cfg.SystemUserID = cfg.Commons.SystemUserID } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } + } func Sanitize(cfg *config.Config) { diff --git a/services/storage-system/pkg/revaconfig/config.go b/services/storage-system/pkg/revaconfig/config.go index 56534c54263..82b6a0ad3a9 100644 --- a/services/storage-system/pkg/revaconfig/config.go +++ b/services/storage-system/pkg/revaconfig/config.go @@ -24,9 +24,9 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "gateway": map[string]interface{}{ diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index e348a76351e..c98c4b0944f 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -60,12 +60,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index fa0796d288f..9b447ad027d 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -112,8 +112,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -126,6 +125,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-users/pkg/revaconfig/config.go b/services/storage-users/pkg/revaconfig/config.go index 81d542fd180..fa225fd7d6f 100644 --- a/services/storage-users/pkg/revaconfig/config.go +++ b/services/storage-users/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/storage-users/pkg/revaconfig/user.go b/services/storage-users/pkg/revaconfig/user.go index de932193e9a..1d1899f3050 100644 --- a/services/storage-users/pkg/revaconfig/user.go +++ b/services/storage-users/pkg/revaconfig/user.go @@ -95,7 +95,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.OCIS.PermissionsEndpoint, - "permissionssvc_tls_mode": cfg.Commons.MicroGRPCClient.TLSMode, + "permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode, }, "s3": map[string]interface{}{ "enable_home": false, @@ -115,7 +115,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.S3NG.PermissionsEndpoint, - "permissionssvc_tls_mode": cfg.Commons.MicroGRPCClient.TLSMode, + "permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode, "s3.region": cfg.Drivers.S3NG.Region, "s3.access_key": cfg.Drivers.S3NG.AccessKey, "s3.secret_key": cfg.Drivers.S3NG.SecretKey, diff --git a/services/store/pkg/command/server.go b/services/store/pkg/command/server.go index f6004a8e0ca..bf8da8f4634 100644 --- a/services/store/pkg/command/server.go +++ b/services/store/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/store/pkg/config/config.go b/services/store/pkg/config/config.go index 2e4517e16a5..13f319a2719 100644 --- a/services/store/pkg/config/config.go +++ b/services/store/pkg/config/config.go @@ -18,8 +18,8 @@ type Config struct { GRPC GRPC `yaml:"grpc"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` Datapath string `yaml:"data_path" env:"STORE_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/store."` diff --git a/services/store/pkg/config/defaults/defaultconfig.go b/services/store/pkg/config/defaults/defaultconfig.go index ec747798c29..afc4db4a0ea 100644 --- a/services/store/pkg/config/defaults/defaultconfig.go +++ b/services/store/pkg/config/defaults/defaultconfig.go @@ -58,19 +58,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPCServiceTLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPCServiceTLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPCServiceTLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/store/pkg/server/grpc/server.go b/services/store/pkg/server/grpc/server.go index 7ff1e0d99fa..f1df7de6f69 100644 --- a/services/store/pkg/server/grpc/server.go +++ b/services/store/pkg/server/grpc/server.go @@ -12,10 +12,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPCServiceTLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPCServiceTLS.Cert, + options.Config.GRPCServiceTLS.Key, ), grpc.Namespace(options.Config.GRPC.Namespace), grpc.Name(options.Config.Service.Name), diff --git a/services/thumbnails/pkg/command/server.go b/services/thumbnails/pkg/command/server.go index 72081f77981..b61d351c8ad 100644 --- a/services/thumbnails/pkg/command/server.go +++ b/services/thumbnails/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/thumbnails/pkg/config/config.go b/services/thumbnails/pkg/config/config.go index af1504b005e..81b6ef09cef 100644 --- a/services/thumbnails/pkg/config/config.go +++ b/services/thumbnails/pkg/config/config.go @@ -19,8 +19,8 @@ type Config struct { GRPC GRPC `yaml:"grpc"` HTTP HTTP `yaml:"http"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` Thumbnail Thumbnail `yaml:"thumbnail"` @@ -34,14 +34,12 @@ type FileSystemStorage struct { // Thumbnail defines the available thumbnail related configuration. type Thumbnail struct { - Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` - FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` - WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` - CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` - RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` - FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` - TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` - DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` + Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` + FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` + WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` + CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` + TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` + DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` } diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index 26496d65d09..17fc46ab00e 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -41,12 +41,10 @@ func DefaultConfig() *config.Config { FileSystemStorage: config.FileSystemStorage{ RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, - WebdavAllowInsecure: false, - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + WebdavAllowInsecure: false, + RevaGateway: shared.DefaultRevaConfig().Address, + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } @@ -75,19 +73,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPCServiceTLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPCServiceTLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPCServiceTLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index 5f1519ec13b..68e5114610c 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -16,10 +16,10 @@ func NewService(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPCServiceTLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPCServiceTLS.Cert, + options.Config.GRPCServiceTLS.Key, ), grpc.Logger(options.Logger), grpc.Namespace(options.Namespace), @@ -36,13 +36,13 @@ func NewService(opts ...Option) grpc.Service { } tconf := options.Config.Thumbnail - tm, err := pool.StringToTLSMode(tconf.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(options.Config.GRPCClientTLS.Mode) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client tls mode") return grpc.Service{} } gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway, - pool.WithTLSCACert(tconf.RevaGatewayTLSCACert), + pool.WithTLSCACert(options.Config.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 829b82c39e8..f109c43737d 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 615e3091312..ea3e824a7c0 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -107,8 +107,7 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -121,6 +120,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index 27c7af7bd0c..aefa92432ef 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/webdav/pkg/command/server.go b/services/webdav/pkg/command/server.go index 3427fd8e7c8..dcd4d99cec1 100644 --- a/services/webdav/pkg/command/server.go +++ b/services/webdav/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/webdav/pkg/config/config.go b/services/webdav/pkg/config/config.go index fd21835971c..ec08c985f82 100644 --- a/services/webdav/pkg/config/config.go +++ b/services/webdav/pkg/config/config.go @@ -16,14 +16,12 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` HTTP HTTP `yaml:"http"` - OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` - WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` - RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` - Context context.Context `yaml:"-"` + OcisPublicURL string `yaml:"ocis_public_url" env:"OCIS_URL;OCIS_PUBLIC_URL" desc:"URL, where oCIS is reachable for users."` + WebdavNamespace string `yaml:"webdav_namespace" env:"WEBDAV_WEBDAV_NAMESPACE" desc:"CS3 path layout to use when forwarding /webdav requests"` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + Context context.Context `yaml:"-"` } diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 32e1499a984..5c6c46742a8 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -36,11 +36,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "webdav", }, - OcisPublicURL: "https://127.0.0.1:9200", - WebdavNamespace: "/users/{{.Id.OpaqueId}}", - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + OcisPublicURL: "https://127.0.0.1:9200", + WebdavNamespace: "/users/{{.Id.OpaqueId}}", + RevaGateway: shared.DefaultRevaConfig().Address, } } @@ -68,11 +66,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index ccd5bfe960d..1d51ad1ea6d 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,12 +60,12 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - tm, err := pool.StringToTLSMode(conf.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(conf.GRPCClientTLS.Mode) if err != nil { return nil, err } gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway, - pool.WithTLSCACert(conf.RevaGatewayTLSCACert), + pool.WithTLSCACert(conf.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil {