diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index d1ec9e96e22..b13c4c3a574 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -56,11 +56,11 @@ type Runtime struct { type Config struct { *shared.Commons `yaml:"shared"` - Tracing *shared.Tracing `yaml:"tracing"` - Log *shared.Log `yaml:"log"` - CacheStore *shared.CacheStore `yaml:"cache_store"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + Tracing *shared.Tracing `yaml:"tracing"` + Log *shared.Log `yaml:"log"` + CacheStore *shared.CacheStore `yaml:"cache_store"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *shared.GRPCServiceTLS `yaml:"grpc_service_tls"` Mode Mode // DEPRECATED File string diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go index 7c62c4c5903..3063de201b2 100644 --- a/ocis-pkg/config/parser/parse.go +++ b/ocis-pkg/config/parser/parse.go @@ -51,11 +51,11 @@ func EnsureDefaults(cfg *config.Config) { if cfg.CacheStore == nil { cfg.CacheStore = &shared.CacheStore{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} + if cfg.GRPCServiceTLS == nil { + cfg.GRPCServiceTLS = &shared.GRPCServiceTLS{} } } @@ -101,12 +101,12 @@ func EnsureCommons(cfg *config.Config) { cfg.Commons.CacheStore = &shared.CacheStore{} } - if cfg.MicroGRPCClient != nil { - cfg.Commons.MicroGRPCClient = cfg.MicroGRPCClient + if cfg.GRPCClientTLS != nil { + cfg.Commons.GRPCClientTLS = cfg.GRPCClientTLS } - if cfg.MicroGRPCService != nil { - cfg.Commons.MicroGRPCService = cfg.MicroGRPCService + if cfg.GRPCServiceTLS != nil { + cfg.Commons.GRPCServiceTLS = cfg.GRPCServiceTLS } // copy token manager to the commons part if set diff --git a/ocis-pkg/service/grpc/client.go b/ocis-pkg/service/grpc/client.go index 696b34c9c07..cee6a1fb2d8 100644 --- a/ocis-pkg/service/grpc/client.go +++ b/ocis-pkg/service/grpc/client.go @@ -92,10 +92,10 @@ func DefaultClient() client.Client { return defaultClient } -func GetClientOptions(mc *shared.MicroGRPCClient) []ClientOption { +func GetClientOptions(t *shared.GRPCClientTLS) []ClientOption { opts := []ClientOption{ - WithTLSMode(mc.TLSMode), - WithTLSCACert(mc.TLSCACert), + WithTLSMode(t.Mode), + WithTLSCACert(t.CACert), } return opts } diff --git a/ocis-pkg/shared/reva.go b/ocis-pkg/shared/reva.go index 4f43ca90875..cc38370903e 100644 --- a/ocis-pkg/shared/reva.go +++ b/ocis-pkg/shared/reva.go @@ -13,7 +13,7 @@ func DefaultRevaConfig() *Reva { } func (r *Reva) GetRevaOptions() []pool.Option { - tm, _ := pool.StringToTLSMode(r.TLSMode) + tm, _ := pool.StringToTLSMode(r.TLS.Mode) opts := []pool.Option{ pool.WithTLSMode(tm), } @@ -22,7 +22,7 @@ func (r *Reva) GetRevaOptions() []pool.Option { func (r *Reva) GetGRPCClientConfig() map[string]interface{} { return map[string]interface{}{ - "tls_mode": r.TLSMode, - "tls_cacert": r.TLSCACert, + "tls_mode": r.TLS.Mode, + "tls_cacert": r.TLS.CACert, } } diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index 5e01992747c..ea93eb3b690 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -31,20 +31,19 @@ type TokenManager struct { // Reva defines all available REVA client configuration. type Reva struct { - Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` - TLSMode string `yaml:"tls_mode" env:"REVA_GATEWAY_TLS_MODE" desc:"TLS mode for grpc connection to the CS3 gateway endpoint. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` - TLSCACert string `yaml:"tls_cacert" env:"REVA_GATEWAY_TLS_CACERT" desc:"The root CA certificate used to validate the gateway's TLS certificate."` + Address string `yaml:"address" env:"REVA_GATEWAY" desc:"The CS3 gateway endpoint."` + TLS GRPCClientTLS `yaml:"tls"` } -type MicroGRPCClient struct { - TLSMode string `yaml:"tls_mode" env:"OCIS_MICRO_GRPC_CLIENT_TLS_MODE" desc:"TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` - TLSCACert string `yaml:"tls_cacert env:"OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" desc:"The root CA certificate used to validate TLS server certificates of the go-micro based grpc services."` +type GRPCClientTLS struct { + Mode string `yaml:"mode" env:"OCIS_GRPC_CLIENT_TLS_MODE" desc:"TLS mode for grpc connection to the go-micro based grpc services. Possible values are 'off', 'insecure' and 'on'. 'off': disables transport security for the clients. 'insecure' allows to use transport security, but disables certificate verification (to be used with the autogenerated self-signed certificates). 'on' enables transport security, including server ceritificate verification."` + CACert string `yaml:"cacert env:"OCIS_GRPC_CLIENT_TLS_CACERT" desc:"The root CA certificate used to validate TLS server certificates of the go-micro based grpc services."` } -type MicroGRPCService struct { - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_MICRO_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_MICRO_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the go-micro based grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_MICRO_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the go-micro based grpc services."` +type GRPCServiceTLS struct { + Enabled bool `yaml:"enabled" env:"OCIS_GRPC_TLS_ENABLED" desc:"Activates TLS for the grpcs based services using the server certifcate and key configured via OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY. If OCIS_GRPC_TLS_CERTIFICATE is not set a temporary server certificate is generated - to be used with OCIS_GRPC_CLIENT_TLS_MODE=insecure."` + Cert string `yaml:"cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the grpc services."` + Key string `yaml:"key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate to use for the grpc services."` } type CacheStore struct { @@ -56,17 +55,17 @@ type CacheStore struct { // Commons holds configuration that are common to all extensions. Each extension can then decide whether // to overwrite its values. type Commons struct { - Log *Log `yaml:"log"` - Tracing *Tracing `yaml:"tracing"` - CacheStore *CacheStore `yaml:"cache_store"` - MicroGRPCClient *MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *MicroGRPCService `yaml:"micro_grpc_service"` - OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` - TokenManager *TokenManager `mask:"struct" yaml:"token_manager"` - Reva *Reva `yaml:"reva"` - MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` - TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` - SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."` - SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"` - AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."` + Log *Log `yaml:"log"` + Tracing *Tracing `yaml:"tracing"` + CacheStore *CacheStore `yaml:"cache_store"` + GRPCClientTLS *GRPCClientTLS `yaml:"grpc_client_tls"` + GRPCServiceTLS *GRPCServiceTLS `yaml:"grpc_service_tls"` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL" desc:"URL, where oCIS is reachable for users."` + TokenManager *TokenManager `mask:"struct" yaml:"token_manager"` + Reva *Reva `yaml:"reva"` + MachineAuthAPIKey string `mask:"password" yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` + TransferSecret string `mask:"password" yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"` + SystemUserID string `yaml:"system_user_id" env:"OCIS_SYSTEM_USER_ID" desc:"ID of the oCIS storage-system system user. Admins need to set the ID for the storage-system system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format."` + SystemUserAPIKey string `mask:"password" yaml:"system_user_api_key" env:"SYSTEM_USER_API_KEY"` + AdminUserID string `yaml:"admin_user_id" env:"OCIS_ADMIN_USER_ID" desc:"ID of a user, that should receive admin privileges."` } diff --git a/ocis/pkg/command/server.go b/ocis/pkg/command/server.go index d8c2ca95201..25057f58a08 100644 --- a/ocis/pkg/command/server.go +++ b/ocis/pkg/command/server.go @@ -23,7 +23,7 @@ func Server(cfg *config.Config) *cli.Command { Action: func(c *cli.Context) error { // Prefer the in-memory registry as the default when running in single-binary mode registry.Configure("memory") - err := grpc.Configure(grpc.GetClientOptions(cfg.MicroGRPCClient)...) + err := grpc.Configure(grpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/app-provider/pkg/config/config.go b/services/app-provider/pkg/config/config.go index 2b62c23280e..66e6003e38f 100644 --- a/services/app-provider/pkg/config/config.go +++ b/services/app-provider/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"APP_PROVIDER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_PROVIDER_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/app-provider/pkg/config/defaults/defaultconfig.go b/services/app-provider/pkg/config/defaults/defaultconfig.go index 92e000dc176..57a4be83433 100644 --- a/services/app-provider/pkg/config/defaults/defaultconfig.go +++ b/services/app-provider/pkg/config/defaults/defaultconfig.go @@ -65,9 +65,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -80,6 +79,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/app-provider/pkg/revaconfig/config.go b/services/app-provider/pkg/revaconfig/config.go index bf152659907..5cc523f5539 100644 --- a/services/app-provider/pkg/revaconfig/config.go +++ b/services/app-provider/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func AppProviderConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "appprovider": map[string]interface{}{ diff --git a/services/app-registry/pkg/config/config.go b/services/app-registry/pkg/config/config.go index b44287a19e5..1b502a1a345 100644 --- a/services/app-registry/pkg/config/config.go +++ b/services/app-registry/pkg/config/config.go @@ -50,12 +50,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"APP_REGISTRY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"APP_REGISTRY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AppRegistry struct { diff --git a/services/app-registry/pkg/config/defaults/defaultconfig.go b/services/app-registry/pkg/config/defaults/defaultconfig.go index 1efd04bcc9f..de7e019529f 100644 --- a/services/app-registry/pkg/config/defaults/defaultconfig.go +++ b/services/app-registry/pkg/config/defaults/defaultconfig.go @@ -130,9 +130,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -146,6 +145,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } // Sanitize the config diff --git a/services/app-registry/pkg/revaconfig/config.go b/services/app-registry/pkg/revaconfig/config.go index f3e0d5ae93f..6561e0c9aaa 100644 --- a/services/app-registry/pkg/revaconfig/config.go +++ b/services/app-registry/pkg/revaconfig/config.go @@ -25,9 +25,9 @@ func AppRegistryConfigFromStruct(cfg *config.Config, logger log.Logger) map[stri "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "appregistry": map[string]interface{}{ diff --git a/services/auth-basic/pkg/config/config.go b/services/auth-basic/pkg/config/config.go index 26aea8518c4..d9ed81ebb20 100644 --- a/services/auth-basic/pkg/config/config.go +++ b/services/auth-basic/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BASIC_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BASIC_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type AuthProviders struct { diff --git a/services/auth-basic/pkg/config/defaults/defaultconfig.go b/services/auth-basic/pkg/config/defaults/defaultconfig.go index a926b940822..630aec30b6a 100644 --- a/services/auth-basic/pkg/config/defaults/defaultconfig.go +++ b/services/auth-basic/pkg/config/defaults/defaultconfig.go @@ -104,9 +104,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -120,6 +119,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-basic/pkg/revaconfig/config.go b/services/auth-basic/pkg/revaconfig/config.go index f47f04bf494..f477f90d585 100644 --- a/services/auth-basic/pkg/revaconfig/config.go +++ b/services/auth-basic/pkg/revaconfig/config.go @@ -21,9 +21,9 @@ func AuthBasicConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/auth-bearer/pkg/config/config.go b/services/auth-bearer/pkg/config/config.go index d3bc9abe878..39c77ee2639 100644 --- a/services/auth-bearer/pkg/config/config.go +++ b/services/auth-bearer/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_BEARER_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_BEARER_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type OIDC struct { diff --git a/services/auth-bearer/pkg/config/defaults/defaultconfig.go b/services/auth-bearer/pkg/config/defaults/defaultconfig.go index 42117bc104b..e9a3eaf2da5 100644 --- a/services/auth-bearer/pkg/config/defaults/defaultconfig.go +++ b/services/auth-bearer/pkg/config/defaults/defaultconfig.go @@ -63,9 +63,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -78,6 +77,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-bearer/pkg/revaconfig/config.go b/services/auth-bearer/pkg/revaconfig/config.go index 1445fbab4d1..d51198b3c60 100644 --- a/services/auth-bearer/pkg/revaconfig/config.go +++ b/services/auth-bearer/pkg/revaconfig/config.go @@ -21,9 +21,9 @@ func AuthBearerConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/auth-machine/pkg/config/config.go b/services/auth-machine/pkg/config/config.go index 9989c7c35f0..431d46560e9 100644 --- a/services/auth-machine/pkg/config/config.go +++ b/services/auth-machine/pkg/config/config.go @@ -51,10 +51,8 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"AUTH_MACHINE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"AUTH_MACHINE_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/auth-machine/pkg/config/defaults/defaultconfig.go b/services/auth-machine/pkg/config/defaults/defaultconfig.go index 679e61a1fc1..242db54a57f 100644 --- a/services/auth-machine/pkg/config/defaults/defaultconfig.go +++ b/services/auth-machine/pkg/config/defaults/defaultconfig.go @@ -58,9 +58,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -77,6 +76,15 @@ func EnsureDefaults(cfg *config.Config) { if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/auth-machine/pkg/revaconfig/config.go b/services/auth-machine/pkg/revaconfig/config.go index a72300e47bf..e67b05485d4 100644 --- a/services/auth-machine/pkg/revaconfig/config.go +++ b/services/auth-machine/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func AuthMachineConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "authprovider": map[string]interface{}{ diff --git a/services/frontend/pkg/config/defaults/defaultconfig.go b/services/frontend/pkg/config/defaults/defaultconfig.go index 53d8f4e798e..9dfcb399e93 100644 --- a/services/frontend/pkg/config/defaults/defaultconfig.go +++ b/services/frontend/pkg/config/defaults/defaultconfig.go @@ -140,9 +140,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/gateway/pkg/config/config.go b/services/gateway/pkg/config/config.go index 46d37ecbcbe..4b27f67b73f 100644 --- a/services/gateway/pkg/config/config.go +++ b/services/gateway/pkg/config/config.go @@ -73,12 +73,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GATEWAY_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GATEWAY_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageRegistry struct { diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index a35b54dfefb..adf7a84226b 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -87,9 +87,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -106,6 +105,15 @@ func EnsureDefaults(cfg *config.Config) { if cfg.TransferSecret == "" && cfg.Commons != nil && cfg.Commons.TransferSecret != "" { cfg.TransferSecret = cfg.Commons.TransferSecret } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index 25ae057ca87..30d531f91b9 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -30,9 +30,9 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/graph/pkg/command/server.go b/services/graph/pkg/command/server.go index f326d4f03e9..e962eb29a2d 100644 --- a/services/graph/pkg/command/server.go +++ b/services/graph/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 637f9e6aef8..4d213407f2b 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -19,9 +19,9 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva *shared.Reva `yaml:"reva"` - TokenManager *TokenManager `yaml:"token_manager"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + Reva *shared.Reva `yaml:"reva"` + TokenManager *TokenManager `yaml:"token_manager"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Spaces Spaces `yaml:"spaces"` Identity Identity `yaml:"identity"` diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 4608ae33bb3..eb3ad18fd6e 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -114,11 +114,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/graph/pkg/service/v0/graph_test.go b/services/graph/pkg/service/v0/graph_test.go index f56e95a5d89..6eff1f2da10 100644 --- a/services/graph/pkg/service/v0/graph_test.go +++ b/services/graph/pkg/service/v0/graph_test.go @@ -42,9 +42,9 @@ var _ = Describe("Graph", func() { cfg.Identity.LDAP.CACert = "" // skip the startup checks, we don't use LDAP at all in this tests cfg.TokenManager.JWTSecret = "loremipsum" cfg.Commons = &shared.Commons{} - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} - _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) gatewayClient = &mocks.GatewayClient{} eventsPublisher = mocks.Publisher{} svc = service.NewService( diff --git a/services/groups/pkg/config/config.go b/services/groups/pkg/config/config.go index 8d9d962a661..ee6a903a692 100644 --- a/services/groups/pkg/config/config.go +++ b/services/groups/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"GROUPS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"GROUPS_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type Drivers struct { diff --git a/services/groups/pkg/config/defaults/defaultconfig.go b/services/groups/pkg/config/defaults/defaultconfig.go index 594f88518d8..62cfe0e4e95 100644 --- a/services/groups/pkg/config/defaults/defaultconfig.go +++ b/services/groups/pkg/config/defaults/defaultconfig.go @@ -105,9 +105,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -120,6 +119,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/groups/pkg/revaconfig/config.go b/services/groups/pkg/revaconfig/config.go index 2209e784b9f..f9bef1ddd7d 100644 --- a/services/groups/pkg/revaconfig/config.go +++ b/services/groups/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func GroupsConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/idp/pkg/config/defaults/defaultconfig.go b/services/idp/pkg/config/defaults/defaultconfig.go index 71ef857f55a..fbd928be42f 100644 --- a/services/idp/pkg/config/defaults/defaultconfig.go +++ b/services/idp/pkg/config/defaults/defaultconfig.go @@ -153,9 +153,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/notifications/pkg/channels/channels.go b/services/notifications/pkg/channels/channels.go index 0a27b1f14d5..7eaa7cb5a9d 100644 --- a/services/notifications/pkg/channels/channels.go +++ b/services/notifications/pkg/channels/channels.go @@ -27,13 +27,13 @@ type Channel interface { // NewMailChannel instantiates a new mail communication channel. func NewMailChannel(cfg config.Config, logger log.Logger) (Channel, error) { - tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode) if err != nil { logger.Error().Err(err).Msg("could not get gateway client tls mode") return nil, err } gc, err := pool.GetGatewayServiceClient(cfg.Notifications.RevaGateway, - pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/notifications/pkg/command/server.go b/services/notifications/pkg/command/server.go index b1902689933..e761f858817 100644 --- a/services/notifications/pkg/command/server.go +++ b/services/notifications/pkg/command/server.go @@ -77,13 +77,13 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - tm, err := pool.StringToTLSMode(cfg.Notifications.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(cfg.Notifications.GRPCClientTLS.Mode) if err != nil { return err } gwclient, err := pool.GetGatewayServiceClient( cfg.Notifications.RevaGateway, - pool.WithTLSCACert(cfg.Notifications.RevaGatewayTLSCACert), + pool.WithTLSCACert(cfg.Notifications.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/notifications/pkg/config/config.go b/services/notifications/pkg/config/config.go index 7d5fb3be0b2..fc3847236c3 100644 --- a/services/notifications/pkg/config/config.go +++ b/services/notifications/pkg/config/config.go @@ -22,13 +22,12 @@ type Config struct { // Notifications defines the config options for the notifications service. type Notifications struct { - SMTP SMTP `yaml:"SMTP"` - Events Events `yaml:"events"` - MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` - EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` - RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` + SMTP SMTP `yaml:"SMTP"` + Events Events `yaml:"events"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary to access resources from other services."` + EmailTemplatePath string `yaml:"email_template_path" env:"OCIS_EMAIL_TEMPLATE_PATH;NOTIFICATIONS_EMAIL_TEMPLATE_PATH" desc:"Path to Email notification templates overriding embedded ones."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` } // SMTP combines the smtp configuration options. diff --git a/services/notifications/pkg/config/defaults/defaultconfig.go b/services/notifications/pkg/config/defaults/defaultconfig.go index 552d9f560f8..fd61a028b46 100644 --- a/services/notifications/pkg/config/defaults/defaultconfig.go +++ b/services/notifications/pkg/config/defaults/defaultconfig.go @@ -37,9 +37,7 @@ func DefaultConfig() *config.Config { ConsumerGroup: "notifications", EnableTLS: false, }, - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + RevaGateway: shared.DefaultRevaConfig().Address, }, } } @@ -60,6 +58,12 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + if cfg.Notifications.GRPCClientTLS == nil { + cfg.Notifications.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.Notifications.GRPCClientTLS = cfg.Commons.GRPCClientTLS + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/ocdav/pkg/config/defaults/defaultconfig.go b/services/ocdav/pkg/config/defaults/defaultconfig.go index 8739f0cc975..ddfb0d5a993 100644 --- a/services/ocdav/pkg/config/defaults/defaultconfig.go +++ b/services/ocdav/pkg/config/defaults/defaultconfig.go @@ -80,9 +80,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} diff --git a/services/ocs/pkg/command/server.go b/services/ocs/pkg/command/server.go index bb70c59092e..6b6ab26a463 100644 --- a/services/ocs/pkg/command/server.go +++ b/services/ocs/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/ocs/pkg/config/config.go b/services/ocs/pkg/config/config.go index 0395f6c51da..e4130405447 100644 --- a/services/ocs/pkg/config/config.go +++ b/services/ocs/pkg/config/config.go @@ -19,9 +19,9 @@ type Config struct { HTTP HTTP `yaml:"http"` - TokenManager *TokenManager `yaml:"token_manager"` - Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + TokenManager *TokenManager `yaml:"token_manager"` + Reva *shared.Reva `yaml:"reva"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` IdentityManagement IdentityManagement `yaml:"identity_management"` diff --git a/services/ocs/pkg/config/defaults/defaultconfig.go b/services/ocs/pkg/config/defaults/defaultconfig.go index 95d4939a54d..7bbc0cafb8c 100644 --- a/services/ocs/pkg/config/defaults/defaultconfig.go +++ b/services/ocs/pkg/config/defaults/defaultconfig.go @@ -80,9 +80,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -100,11 +99,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/proxy/pkg/command/server.go b/services/proxy/pkg/command/server.go index 7ff29220191..cca24fd2b39 100644 --- a/services/proxy/pkg/command/server.go +++ b/services/proxy/pkg/command/server.go @@ -51,7 +51,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/proxy/pkg/config/config.go b/services/proxy/pkg/config/config.go index 7cf4ccd4d13..0e3ac4461d5 100644 --- a/services/proxy/pkg/config/config.go +++ b/services/proxy/pkg/config/config.go @@ -18,8 +18,8 @@ type Config struct { HTTP HTTP `yaml:"http"` - Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + Reva *shared.Reva `yaml:"reva"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Policies []Policy `yaml:"policies"` OIDC OIDC `yaml:"oidc"` diff --git a/services/proxy/pkg/config/defaults/defaultconfig.go b/services/proxy/pkg/config/defaults/defaultconfig.go index 1f8c81b305d..3f605bcb7b7 100644 --- a/services/proxy/pkg/config/defaults/defaultconfig.go +++ b/services/proxy/pkg/config/defaults/defaultconfig.go @@ -242,19 +242,18 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/search/pkg/command/server.go b/services/search/pkg/command/server.go index 3d019e3af2e..789964bd0f2 100644 --- a/services/search/pkg/command/server.go +++ b/services/search/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/search/pkg/config/config.go b/services/search/pkg/config/config.go index 841eafee294..f9cee19da9f 100644 --- a/services/search/pkg/config/config.go +++ b/services/search/pkg/config/config.go @@ -16,13 +16,12 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - GRPC GRPC `yaml:"grpc"` + GRPC GRPCConfig `yaml:"grpc"` - Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."` - Reva *shared.Reva `yaml:"reva"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` - Events Events `yaml:"events"` + Datapath string `yaml:"data_path" env:"SEARCH_DATA_PATH" desc:"The directory where the filesystem storage will store search data. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/search."` + Reva *shared.Reva `yaml:"reva"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` + Events Events `yaml:"events"` MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;SEARCH_MACHINE_AUTH_API_KEY" desc:"Machine auth API key used to validate internal requests necessary for the access to resources from other services."` diff --git a/services/search/pkg/config/defaults/defaultconfig.go b/services/search/pkg/config/defaults/defaultconfig.go index 6b523142b51..cfc9eb7014d 100644 --- a/services/search/pkg/config/defaults/defaultconfig.go +++ b/services/search/pkg/config/defaults/defaultconfig.go @@ -22,7 +22,7 @@ func DefaultConfig() *config.Config { Addr: "127.0.0.1:9224", Token: "", }, - GRPC: config.GRPC{ + GRPC: config.GRPCConfig{ Addr: "127.0.0.1:9220", Namespace: "com.owncloud.api", }, @@ -72,26 +72,25 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/search/pkg/config/grpc.go b/services/search/pkg/config/grpc.go index 51fd97212f3..5240c6d0018 100644 --- a/services/search/pkg/config/grpc.go +++ b/services/search/pkg/config/grpc.go @@ -1,7 +1,10 @@ package config -// GRPC defines the available grpc configuration. -type GRPC struct { - Addr string `ocisConfig:"addr" env:"SEARCH_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `ocisConfig:"-" yaml:"-"` +import "github.com/owncloud/ocis/v2/ocis-pkg/shared" + +// GRPCConfig defines the available grpc configuration. +type GRPCConfig struct { + Addr string `ocisConfig:"addr" env:"SEARCH_GRPC_ADDR" desc:"The bind address of the GRPC service."` + Namespace string `ocisConfig:"-" yaml:"-"` + TLS *shared.GRPCServiceTLS `yaml:"tls"` } diff --git a/services/search/pkg/server/grpc/server.go b/services/search/pkg/server/grpc/server.go index 8dfe3888a36..c152d47ef28 100644 --- a/services/search/pkg/server/grpc/server.go +++ b/services/search/pkg/server/grpc/server.go @@ -12,10 +12,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPC.TLS.Cert, + options.Config.GRPC.TLS.Key, ), grpc.Name(options.Config.Service.Name), grpc.Context(options.Context), diff --git a/services/settings/pkg/command/server.go b/services/settings/pkg/command/server.go index c059ad10ce9..0d989314eba 100644 --- a/services/settings/pkg/command/server.go +++ b/services/settings/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/settings/pkg/config/config.go b/services/settings/pkg/config/config.go index c14e340e330..c777d3b4571 100644 --- a/services/settings/pkg/config/config.go +++ b/services/settings/pkg/config/config.go @@ -16,11 +16,10 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - HTTP HTTP `yaml:"http"` - GRPC GRPC `yaml:"grpc"` + HTTP HTTP `yaml:"http"` + GRPC GRPCConfig `yaml:"grpc"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` StoreType string `yaml:"store_type" env:"SETTINGS_STORE_TYPE" desc:"Store type configures the persistency driver. Supported values are \"metadata\" and \"filesystem\"."` DataPath string `yaml:"data_path" env:"SETTINGS_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/settings."` diff --git a/services/settings/pkg/config/defaults/defaultconfig.go b/services/settings/pkg/config/defaults/defaultconfig.go index e183a2f3777..18a6ba4ad47 100644 --- a/services/settings/pkg/config/defaults/defaultconfig.go +++ b/services/settings/pkg/config/defaults/defaultconfig.go @@ -40,7 +40,7 @@ func DefaultConfig() *config.Config { AllowCredentials: true, }, }, - GRPC: config.GRPC{ + GRPC: config.GRPCConfig{ Addr: "127.0.0.1:9191", Namespace: "com.owncloud.api", }, @@ -102,19 +102,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.AdminUserID = cfg.Commons.AdminUserID } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/settings/pkg/config/grpc.go b/services/settings/pkg/config/grpc.go index 1acae9e3004..37ce9714c2e 100644 --- a/services/settings/pkg/config/grpc.go +++ b/services/settings/pkg/config/grpc.go @@ -1,7 +1,10 @@ package config -// GRPC defines the available grpc configuration. -type GRPC struct { - Addr string `yaml:"addr" env:"SETTINGS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` +import "github.com/owncloud/ocis/v2/ocis-pkg/shared" + +// GRPCConfig defines the available grpc configuration. +type GRPCConfig struct { + Addr string `yaml:"addr" env:"SETTINGS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + Namespace string `yaml:"-"` + TLS *shared.GRPCServiceTLS `yaml:"tls"` } diff --git a/services/settings/pkg/server/grpc/server.go b/services/settings/pkg/server/grpc/server.go index b70b7545e3a..7e448ee62dc 100644 --- a/services/settings/pkg/server/grpc/server.go +++ b/services/settings/pkg/server/grpc/server.go @@ -17,10 +17,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPC.TLS.Cert, + options.Config.GRPC.TLS.Key, ), grpc.Logger(options.Logger), grpc.Name(options.Name), diff --git a/services/sharing/pkg/config/config.go b/services/sharing/pkg/config/config.go index 83e11bb048e..475ad0f09d8 100644 --- a/services/sharing/pkg/config/config.go +++ b/services/sharing/pkg/config/config.go @@ -55,12 +55,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"SHARING_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"SHARING_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type UserSharingDrivers struct { diff --git a/services/sharing/pkg/config/defaults/defaultconfig.go b/services/sharing/pkg/config/defaults/defaultconfig.go index cbf0cd12201..5049e1d8eae 100644 --- a/services/sharing/pkg/config/defaults/defaultconfig.go +++ b/services/sharing/pkg/config/defaults/defaultconfig.go @@ -101,9 +101,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -117,6 +116,15 @@ func EnsureDefaults(cfg *config.Config) { cfg.TokenManager = &config.TokenManager{} } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } + if cfg.UserSharingDrivers.CS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" { cfg.UserSharingDrivers.CS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey } diff --git a/services/sharing/pkg/revaconfig/config.go b/services/sharing/pkg/revaconfig/config.go index cfef6b52040..eb24939c873 100644 --- a/services/sharing/pkg/revaconfig/config.go +++ b/services/sharing/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func SharingConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/storage-publiclink/pkg/config/config.go b/services/storage-publiclink/pkg/config/config.go index 34d9620c56d..7a01fc0b7ea 100644 --- a/services/storage-publiclink/pkg/config/config.go +++ b/services/storage-publiclink/pkg/config/config.go @@ -51,12 +51,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_PUBLICLINK_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_PUBLICLINK_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } type StorageProvider struct { diff --git a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go index cdd955b3945..9497a28ed0c 100644 --- a/services/storage-publiclink/pkg/config/defaults/defaultconfig.go +++ b/services/storage-publiclink/pkg/config/defaults/defaultconfig.go @@ -61,9 +61,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-publiclink/pkg/revaconfig/config.go b/services/storage-publiclink/pkg/revaconfig/config.go index af366d76301..084195426b3 100644 --- a/services/storage-publiclink/pkg/revaconfig/config.go +++ b/services/storage-publiclink/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StoragePublicLinkConfigFromStruct(cfg *config.Config) map[string]interface{ "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "interceptors": map[string]interface{}{ "log": map[string]interface{}{}, diff --git a/services/storage-shares/pkg/config/config.go b/services/storage-shares/pkg/config/config.go index 5e5c7d23e6c..cd73f6241e8 100644 --- a/services/storage-shares/pkg/config/config.go +++ b/services/storage-shares/pkg/config/config.go @@ -53,10 +53,8 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` + Addr string `yaml:"addr" env:"STORAGE_SHARES_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SHARES_GRPC_PROTOCOL" desc:"The transport protocol of the GRPC service."` } diff --git a/services/storage-shares/pkg/config/defaults/defaultconfig.go b/services/storage-shares/pkg/config/defaults/defaultconfig.go index 0b8836200d1..dcc1d3c4f57 100644 --- a/services/storage-shares/pkg/config/defaults/defaultconfig.go +++ b/services/storage-shares/pkg/config/defaults/defaultconfig.go @@ -61,9 +61,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -76,6 +75,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-shares/pkg/revaconfig/config.go b/services/storage-shares/pkg/revaconfig/config.go index cb9f9dd5c72..e230e6bc7b2 100644 --- a/services/storage-shares/pkg/revaconfig/config.go +++ b/services/storage-shares/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StorageSharesConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "sharesstorageprovider": map[string]interface{}{ diff --git a/services/storage-system/pkg/config/config.go b/services/storage-system/pkg/config/config.go index eae54daec5f..65366cdc8ab 100644 --- a/services/storage-system/pkg/config/config.go +++ b/services/storage-system/pkg/config/config.go @@ -56,12 +56,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_SYSTEM_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_SYSTEM_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-system/pkg/config/defaults/defaultconfig.go b/services/storage-system/pkg/config/defaults/defaultconfig.go index c8738826160..9b420bdbfc1 100644 --- a/services/storage-system/pkg/config/defaults/defaultconfig.go +++ b/services/storage-system/pkg/config/defaults/defaultconfig.go @@ -73,9 +73,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -97,6 +96,15 @@ func EnsureDefaults(cfg *config.Config) { cfg.SystemUserID = cfg.Commons.SystemUserID } + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } + } func Sanitize(cfg *config.Config) { diff --git a/services/storage-system/pkg/revaconfig/config.go b/services/storage-system/pkg/revaconfig/config.go index 56534c54263..82b6a0ad3a9 100644 --- a/services/storage-system/pkg/revaconfig/config.go +++ b/services/storage-system/pkg/revaconfig/config.go @@ -24,9 +24,9 @@ func StorageSystemFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, "services": map[string]interface{}{ "gateway": map[string]interface{}{ diff --git a/services/storage-users/pkg/config/config.go b/services/storage-users/pkg/config/config.go index e348a76351e..c98c4b0944f 100644 --- a/services/storage-users/pkg/config/config.go +++ b/services/storage-users/pkg/config/config.go @@ -60,12 +60,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"STORAGE_USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"STORAGE_USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type HTTPConfig struct { diff --git a/services/storage-users/pkg/config/defaults/defaultconfig.go b/services/storage-users/pkg/config/defaults/defaultconfig.go index fa0796d288f..9fbd3e0fa14 100644 --- a/services/storage-users/pkg/config/defaults/defaultconfig.go +++ b/services/storage-users/pkg/config/defaults/defaultconfig.go @@ -111,9 +111,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -126,6 +125,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/storage-users/pkg/revaconfig/config.go b/services/storage-users/pkg/revaconfig/config.go index 81d542fd180..fa225fd7d6f 100644 --- a/services/storage-users/pkg/revaconfig/config.go +++ b/services/storage-users/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func StorageUsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/storage-users/pkg/revaconfig/user.go b/services/storage-users/pkg/revaconfig/user.go index de932193e9a..1d1899f3050 100644 --- a/services/storage-users/pkg/revaconfig/user.go +++ b/services/storage-users/pkg/revaconfig/user.go @@ -95,7 +95,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.OCIS.PermissionsEndpoint, - "permissionssvc_tls_mode": cfg.Commons.MicroGRPCClient.TLSMode, + "permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode, }, "s3": map[string]interface{}{ "enable_home": false, @@ -115,7 +115,7 @@ func UserDrivers(cfg *config.Config) map[string]interface{} { "treetime_accounting": true, "treesize_accounting": true, "permissionssvc": cfg.Drivers.S3NG.PermissionsEndpoint, - "permissionssvc_tls_mode": cfg.Commons.MicroGRPCClient.TLSMode, + "permissionssvc_tls_mode": cfg.Commons.GRPCClientTLS.Mode, "s3.region": cfg.Drivers.S3NG.Region, "s3.access_key": cfg.Drivers.S3NG.AccessKey, "s3.secret_key": cfg.Drivers.S3NG.SecretKey, diff --git a/services/store/pkg/command/server.go b/services/store/pkg/command/server.go index f6004a8e0ca..bf8da8f4634 100644 --- a/services/store/pkg/command/server.go +++ b/services/store/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/store/pkg/config/config.go b/services/store/pkg/config/config.go index 2e4517e16a5..740e3b23e51 100644 --- a/services/store/pkg/config/config.go +++ b/services/store/pkg/config/config.go @@ -16,10 +16,9 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - GRPC GRPC `yaml:"grpc"` + GRPC GRPCConfig `yaml:"grpc"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Datapath string `yaml:"data_path" env:"STORE_DATA_PATH" desc:"The directory where the filesystem storage will store ocis settings. If not definied, the root directory derives from $OCIS_BASE_DATA_PATH:/store."` diff --git a/services/store/pkg/config/defaults/defaultconfig.go b/services/store/pkg/config/defaults/defaultconfig.go index ec747798c29..ffd1dc0ad3c 100644 --- a/services/store/pkg/config/defaults/defaultconfig.go +++ b/services/store/pkg/config/defaults/defaultconfig.go @@ -23,7 +23,7 @@ func DefaultConfig() *config.Config { Pprof: false, Zpages: false, }, - GRPC: config.GRPC{ + GRPC: config.GRPCConfig{ Addr: "127.0.0.1:9460", Namespace: "com.owncloud.api", }, @@ -58,19 +58,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/store/pkg/config/grpc.go b/services/store/pkg/config/grpc.go index 1d145619fc8..db708919349 100644 --- a/services/store/pkg/config/grpc.go +++ b/services/store/pkg/config/grpc.go @@ -1,7 +1,10 @@ package config -// GRPC defines the available grpc configuration. -type GRPC struct { - Addr string `yaml:"addr" env:"STORE_GRPC_ADDR" desc:"The bind address of the GRPC service."` - Namespace string `yaml:"-"` +import "github.com/owncloud/ocis/v2/ocis-pkg/shared" + +// GRPCConfig defines the available grpc configuration. +type GRPCConfig struct { + Addr string `yaml:"addr" env:"STORE_GRPC_ADDR" desc:"The bind address of the GRPC service."` + Namespace string `yaml:"-"` + TLS *shared.GRPCServiceTLS `yaml:"tls"` } diff --git a/services/store/pkg/server/grpc/server.go b/services/store/pkg/server/grpc/server.go index 7ff1e0d99fa..73783385e2d 100644 --- a/services/store/pkg/server/grpc/server.go +++ b/services/store/pkg/server/grpc/server.go @@ -12,10 +12,10 @@ func Server(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPC.TLS.Cert, + options.Config.GRPC.TLS.Key, ), grpc.Namespace(options.Config.GRPC.Namespace), grpc.Name(options.Config.Service.Name), diff --git a/services/thumbnails/pkg/command/server.go b/services/thumbnails/pkg/command/server.go index 72081f77981..b61d351c8ad 100644 --- a/services/thumbnails/pkg/command/server.go +++ b/services/thumbnails/pkg/command/server.go @@ -34,7 +34,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/thumbnails/pkg/config/config.go b/services/thumbnails/pkg/config/config.go index af1504b005e..76d038236d7 100644 --- a/services/thumbnails/pkg/config/config.go +++ b/services/thumbnails/pkg/config/config.go @@ -16,11 +16,10 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - GRPC GRPC `yaml:"grpc"` - HTTP HTTP `yaml:"http"` + GRPC GRPCConfig `yaml:"grpc"` + HTTP HTTP `yaml:"http"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` - MicroGRPCService *shared.MicroGRPCService `yaml:"micro_grpc_service"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` Thumbnail Thumbnail `yaml:"thumbnail"` @@ -34,14 +33,12 @@ type FileSystemStorage struct { // Thumbnail defines the available thumbnail related configuration. type Thumbnail struct { - Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` - FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` - WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` - CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` - RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` - RevaGatewayTLSMode string `yaml:"reva_gateway_tls_mode" env:"REVA_GATEWAY_TLS_MODE"` - RevaGatewayTLSCACert string `yaml:"reva_gateway_tls_cacert" env:"REVA_GATEWAY_TLS_CACERT"` - FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` - TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` - DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` + Resolutions []string `yaml:"resolutions" env:"THUMBNAILS_RESOLUTIONS" desc:"The supported target resolutions in the format WidthxHeight e.g. 32x32. You can define any resolution as required and separate multiple resolutions by blank or comma."` + FileSystemStorage FileSystemStorage `yaml:"filesystem_storage"` + WebdavAllowInsecure bool `yaml:"webdav_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_WEBDAVSOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the webdav source."` + CS3AllowInsecure bool `yaml:"cs3_allow_insecure" env:"OCIS_INSECURE;THUMBNAILS_CS3SOURCE_INSECURE" desc:"Ignore untrusted SSL certificates when connecting to the CS3 source."` + RevaGateway string `yaml:"reva_gateway" env:"REVA_GATEWAY" desc:"CS3 gateway used to look up user metadata"` + FontMapFile string `yaml:"font_map_file" env:"THUMBNAILS_TXT_FONTMAP_FILE" desc:"The path to a font file for txt thumbnails."` + TransferSecret string `yaml:"transfer_secret" env:"THUMBNAILS_TRANSFER_TOKEN" desc:"The secret to sign JWT to download the actual thumbnail file."` + DataEndpoint string `yaml:"data_endpoint" env:"THUMBNAILS_DATA_ENDPOINT" desc:"The HTTP endpoint where the actual thumbnail file can be downloaded."` } diff --git a/services/thumbnails/pkg/config/defaults/defaultconfig.go b/services/thumbnails/pkg/config/defaults/defaultconfig.go index 26496d65d09..5ec4ed848fe 100644 --- a/services/thumbnails/pkg/config/defaults/defaultconfig.go +++ b/services/thumbnails/pkg/config/defaults/defaultconfig.go @@ -24,7 +24,7 @@ func DefaultConfig() *config.Config { Pprof: false, Zpages: false, }, - GRPC: config.GRPC{ + GRPC: config.GRPCConfig{ Addr: "127.0.0.1:9185", Namespace: "com.owncloud.api", }, @@ -41,12 +41,10 @@ func DefaultConfig() *config.Config { FileSystemStorage: config.FileSystemStorage{ RootDirectory: path.Join(defaults.BaseDataPath(), "thumbnails"), }, - WebdavAllowInsecure: false, - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, - CS3AllowInsecure: false, - DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", + WebdavAllowInsecure: false, + RevaGateway: shared.DefaultRevaConfig().Address, + CS3AllowInsecure: false, + DataEndpoint: "http://127.0.0.1:9186/thumbnails/data", }, } } @@ -75,19 +73,19 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } - if cfg.MicroGRPCService == nil { - cfg.MicroGRPCService = &shared.MicroGRPCService{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCService != nil { - cfg.MicroGRPCService.TLSEnabled = cfg.Commons.MicroGRPCService.TLSEnabled - cfg.MicroGRPCService.TLSCert = cfg.Commons.MicroGRPCService.TLSCert - cfg.MicroGRPCService.TLSKey = cfg.Commons.MicroGRPCService.TLSKey + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key } } } diff --git a/services/thumbnails/pkg/config/grpc.go b/services/thumbnails/pkg/config/grpc.go index 6852c0eb8c7..3b075e102d2 100644 --- a/services/thumbnails/pkg/config/grpc.go +++ b/services/thumbnails/pkg/config/grpc.go @@ -1,7 +1,10 @@ package config -// GRPC defines the available grpc configuration. -type GRPC struct { - Addr string `yaml:"addr" env:"THUMBNAILS_GRPC_ADDR" desc:"The address off the grpc service."` - Namespace string `yaml:"-"` +import "github.com/owncloud/ocis/v2/ocis-pkg/shared" + +// GRPCConfig defines the available grpc configuration. +type GRPCConfig struct { + Addr string `yaml:"addr" env:"THUMBNAILS_GRPC_ADDR" desc:"The address off the grpc service."` + Namespace string `yaml:"-"` + TLS *shared.GRPCServiceTLS `yaml:"tls"` } diff --git a/services/thumbnails/pkg/server/grpc/server.go b/services/thumbnails/pkg/server/grpc/server.go index 5f1519ec13b..a783d18fa67 100644 --- a/services/thumbnails/pkg/server/grpc/server.go +++ b/services/thumbnails/pkg/server/grpc/server.go @@ -16,10 +16,10 @@ func NewService(opts ...Option) grpc.Service { options := newOptions(opts...) service, err := grpc.NewService( - grpc.TLSEnabled(options.Config.MicroGRPCService.TLSEnabled), + grpc.TLSEnabled(options.Config.GRPC.TLS.Enabled), grpc.TLSCert( - options.Config.MicroGRPCService.TLSCert, - options.Config.MicroGRPCService.TLSKey, + options.Config.GRPC.TLS.Cert, + options.Config.GRPC.TLS.Key, ), grpc.Logger(options.Logger), grpc.Namespace(options.Namespace), @@ -36,13 +36,13 @@ func NewService(opts ...Option) grpc.Service { } tconf := options.Config.Thumbnail - tm, err := pool.StringToTLSMode(tconf.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(options.Config.GRPCClientTLS.Mode) if err != nil { options.Logger.Error().Err(err).Msg("could not get gateway client tls mode") return grpc.Service{} } gc, err := pool.GetGatewayServiceClient(tconf.RevaGateway, - pool.WithTLSCACert(tconf.RevaGatewayTLSCACert), + pool.WithTLSCACert(options.Config.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil { diff --git a/services/users/pkg/config/config.go b/services/users/pkg/config/config.go index 829b82c39e8..f109c43737d 100644 --- a/services/users/pkg/config/config.go +++ b/services/users/pkg/config/config.go @@ -52,12 +52,10 @@ type Debug struct { } type GRPCConfig struct { - Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` - TLSEnabled bool `yaml:"tls_enabled" env:"OCIS_GRPC_TLS_ENABLED"` - TLSCert string `yaml:"tls_cert" env:"OCIS_GRPC_TLS_CERTIFICATE" desc:"Path/File name of the TLS server certificate (in PEM format) for the reva grpc services."` - TLSKey string `yaml:"tls_key" env:"OCIS_GRPC_TLS_KEY" desc:"Path/File name for the TLS certificate key (in PEM format) for the server certificate."` - Namespace string `yaml:"-"` - Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` + Addr string `yaml:"addr" env:"USERS_GRPC_ADDR" desc:"The bind address of the GRPC service."` + TLS *shared.GRPCServiceTLS `yaml:"tls"` + Namespace string `yaml:"-"` + Protocol string `yaml:"protocol" env:"USERS_GRPC_PROTOCOL" desc:"The transport protocol of the GPRC service."` } type Drivers struct { diff --git a/services/users/pkg/config/defaults/defaultconfig.go b/services/users/pkg/config/defaults/defaultconfig.go index 615e3091312..1fe0ee094c3 100644 --- a/services/users/pkg/config/defaults/defaultconfig.go +++ b/services/users/pkg/config/defaults/defaultconfig.go @@ -106,9 +106,8 @@ func EnsureDefaults(cfg *config.Config) { if cfg.Reva == nil && cfg.Commons != nil && cfg.Commons.Reva != nil { cfg.Reva = &shared.Reva{ - Address: cfg.Commons.Reva.Address, - TLSMode: cfg.Commons.Reva.TLSMode, - TLSCACert: cfg.Commons.Reva.TLSCACert, + Address: cfg.Commons.Reva.Address, + TLS: cfg.Commons.Reva.TLS, } } else if cfg.Reva == nil { cfg.Reva = &shared.Reva{} @@ -121,6 +120,15 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.TokenManager == nil { cfg.TokenManager = &config.TokenManager{} } + + if cfg.GRPC.TLS == nil { + cfg.GRPC.TLS = &shared.GRPCServiceTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCServiceTLS != nil { + cfg.GRPC.TLS.Enabled = cfg.Commons.GRPCServiceTLS.Enabled + cfg.GRPC.TLS.Cert = cfg.Commons.GRPCServiceTLS.Cert + cfg.GRPC.TLS.Key = cfg.Commons.GRPCServiceTLS.Key + } + } } func Sanitize(cfg *config.Config) { diff --git a/services/users/pkg/revaconfig/config.go b/services/users/pkg/revaconfig/config.go index 27c7af7bd0c..aefa92432ef 100644 --- a/services/users/pkg/revaconfig/config.go +++ b/services/users/pkg/revaconfig/config.go @@ -23,9 +23,9 @@ func UsersConfigFromStruct(cfg *config.Config) map[string]interface{} { "network": cfg.GRPC.Protocol, "address": cfg.GRPC.Addr, "tls_settings": map[string]interface{}{ - "enabled": cfg.GRPC.TLSEnabled, - "certificate": cfg.GRPC.TLSCert, - "key": cfg.GRPC.TLSKey, + "enabled": cfg.GRPC.TLS.Enabled, + "certificate": cfg.GRPC.TLS.Cert, + "key": cfg.GRPC.TLS.Key, }, // TODO build services dynamically "services": map[string]interface{}{ diff --git a/services/webdav/pkg/command/server.go b/services/webdav/pkg/command/server.go index 3427fd8e7c8..dcd4d99cec1 100644 --- a/services/webdav/pkg/command/server.go +++ b/services/webdav/pkg/command/server.go @@ -33,7 +33,7 @@ func Server(cfg *config.Config) *cli.Command { if err != nil { return err } - err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.MicroGRPCClient)...) + err = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) if err != nil { return err } diff --git a/services/webdav/pkg/config/config.go b/services/webdav/pkg/config/config.go index 0c6e73416b4..e002f9dcec2 100644 --- a/services/webdav/pkg/config/config.go +++ b/services/webdav/pkg/config/config.go @@ -16,7 +16,7 @@ type Config struct { Log *Log `yaml:"log"` Debug Debug `yaml:"debug"` - MicroGRPCClient *shared.MicroGRPCClient `yaml:"micro_grpc_client"` + GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` HTTP HTTP `yaml:"http"` diff --git a/services/webdav/pkg/config/defaults/defaultconfig.go b/services/webdav/pkg/config/defaults/defaultconfig.go index 32e1499a984..5c6c46742a8 100644 --- a/services/webdav/pkg/config/defaults/defaultconfig.go +++ b/services/webdav/pkg/config/defaults/defaultconfig.go @@ -36,11 +36,9 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "webdav", }, - OcisPublicURL: "https://127.0.0.1:9200", - WebdavNamespace: "/users/{{.Id.OpaqueId}}", - RevaGateway: shared.DefaultRevaConfig().Address, - RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode, - RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert, + OcisPublicURL: "https://127.0.0.1:9200", + WebdavNamespace: "/users/{{.Id.OpaqueId}}", + RevaGateway: shared.DefaultRevaConfig().Address, } } @@ -68,11 +66,11 @@ func EnsureDefaults(cfg *config.Config) { cfg.Tracing = &config.Tracing{} } - if cfg.MicroGRPCClient == nil { - cfg.MicroGRPCClient = &shared.MicroGRPCClient{} - if cfg.Commons != nil && cfg.Commons.MicroGRPCClient != nil { - cfg.MicroGRPCClient.TLSMode = cfg.Commons.MicroGRPCClient.TLSMode - cfg.MicroGRPCClient.TLSCACert = cfg.Commons.MicroGRPCClient.TLSCACert + if cfg.GRPCClientTLS == nil { + cfg.GRPCClientTLS = &shared.GRPCClientTLS{} + if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil { + cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode + cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert } } } diff --git a/services/webdav/pkg/service/v0/service.go b/services/webdav/pkg/service/v0/service.go index ccd5bfe960d..1d51ad1ea6d 100644 --- a/services/webdav/pkg/service/v0/service.go +++ b/services/webdav/pkg/service/v0/service.go @@ -60,12 +60,12 @@ func NewService(opts ...Option) (Service, error) { // chi.RegisterMethod("REPORT") m.Use(options.Middleware...) - tm, err := pool.StringToTLSMode(conf.RevaGatewayTLSMode) + tm, err := pool.StringToTLSMode(conf.GRPCClientTLS.Mode) if err != nil { return nil, err } gwc, err := pool.GetGatewayServiceClient(conf.RevaGateway, - pool.WithTLSCACert(conf.RevaGatewayTLSCACert), + pool.WithTLSCACert(conf.GRPCClientTLS.CACert), pool.WithTLSMode(tm), ) if err != nil {