Proxy accesstoken cache store

[butonic]

This PR changes the cache implementations in ocis to the micro store interface.

• it makes the in memory user info cache in the proxy as a micro store
• it introduces the redis-sentinel type
• it aligns all configurations for micro store
• it introduces global OCIS_PERSISTENT_STORE_* options that are used for the userlog and eventhistory service
• it corrects the usage of store database and table (which are used to build a prefix for in memory stores)

partly adresses #5781 by harmonizing the basic store options: type, adresses/nodes, database, table, size and ttl.

• rename the userlog RecordExpiry option to ttl? before a release?

• the graph service uses three in memory caches that still need to use a micro store, maybe in a subsequent PR?

• make caches really optional. when setting OCIS_CACHE_STORE_TYPE=redis without having a local redis running the decomposedfs fails to create u user home becouse it cannot create a connection. We should log an error but continue, which is what I did in this PR for the proxy userinfo cache

• The userinfo cache cannot directly be invalidated with the sid from a backchannel logout. For that a separate session id -> tokenhash cache should be used.

• A 10 second userinfo cache TTL is probably too low. espesially when we have a backchannel logout and we actually use the expiration claim of access of tokens to set a TTL for the cache store.

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[ownclouders]

E2E tests failed: https://drone.owncloud.com/owncloud/ocis/20678/66/1

💥 To see the trace, please open the link in the console ...

npx playwright show-trace https://cache.owncloud.com/public/owncloud/ocis/20678/tracing/multiple-spaces-can-be-managed-at-once-in-the-admin-settings-via-the-batch-actions-alice-2023-3-22-12-19-50.zip

npx playwright show-trace https://cache.owncloud.com/public/owncloud/ocis/20678/tracing/unstructured-collection-of-testable-space-interactions-alice-2023-3-22-12-30-12.zip

npx playwright show-trace https://cache.owncloud.com/public/owncloud/ocis/20678/tracing/users-can-navigate-web-via-tiles-alice-2023-3-22-12-31-59.zip

[kobergj]

Some questions

[butonic]

I need to dig into the failing e2e tests. At around 700s there seems to be a ~30sec timeout:

2023/03/15 16:01:22 http: TLS handshake error from 192.168.94.3:57696: remote error: tls: unknown certificate
2023/03/15 16:01:25 http: proxy error: context canceled
{"level":"error","service":"storage-users","pkg":"rgrpc","traceid":"00000000000000000000000000000000","error":"error: not found: space 945938d8-c8e0-41cd-8af8-cdf17d9bbd6f not found","status":{"code":6,"message":"not found when listing spaces","trace":"00000000000000000000000000000000"},"filters":[{"type":2,"Term":{"Id":{"opaque_id":"9816d9f2-c620-44a2-a5fb-135e0ca31465$945938d8-c8e0-41cd-8af8-cdf17d9bbd6f!945938d8-c8e0-41cd-8af8-cdf17d9bbd6f"}}},{"type":4,"Term":{"SpaceType":"+grant"}}],"time":"2023-03-15T16:01:25.231133587Z","message":"failed to list storage spaces"}
2023/03/15 16:01:25 http: TLS handshake error from 192.168.94.3:59386: remote error: tls: unknown certificate

🤔

[butonic]

faling tests unrelated to this PR: owncloud/web#8633 fixes the flaky test

[kobergj]

Still some questions

[butonic]

@kobergj @mmattel another naming mismatch I see in all the cache config is address vs adresses vs nodes.

Should I align that with the micro interface and use nodes everywhere? We can fallback to the old env var names, but in some places it is even the yaml tag that needs to change.

[mmattel]

Should I align that with the micro interface and use nodes everywhere

This is just my personal opinion and though this creates possible a bit more work for you, I fully agree to harmonize stuff now and get rid of legacies.

[butonic]

urgh reva is importing ocis-pkg/store/etcd ... 😞

[mmattel]

As written in issue: #5781, there are also some services who offer redis authentication. This either needs harmonisation over all services or to be removed.

[kobergj]

LGTM but e2e tests are red

[mmattel]

Following topics:

• There is no comment or change on redis user/pwd envvar, example:
  FRONTEND_OCS_RESOURCE_INFO_CACHE_REDIS_PASSWORD
  = one service uses this, others not...
• Not part of this PR, but post merging we need:
  • changes in readme's and admin docs - I will take care to spare your time
• We do not use deprecation - is this intended?
  Yes, some envvars are quite new and there it is not an issue, but some of them exist since 2.0.0 and there it could be an issue. Deprecation is easy to implement, see the link.

[mmattel]

FIXME redis plugin does not support redis cluster or ring

Q: this is docs relevant or?
I could add this to the common text descriptions in readme/admin docs

[ScharfViktor]

to unlock your PR I added waiting 50 millisecond. It's not good I know but main problem is that tests are very fast. It leads to aborting requests sometimes. We as QA team try to define each place where we add (wait for button appears, wait for response)

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
6 Code Smells

7.1% Coverage
3.4% Duplication

[ScharfViktor]

e2e is green. no failed/flaky test. difference 2m 34 sec. I think we can afford it.