diff --git a/.drone.star b/.drone.star index 101f46a0da..c44acf50e5 100644 --- a/.drone.star +++ b/.drone.star @@ -571,7 +571,7 @@ def litmusOcisOldWebdav(): "/drone/src/cmd/revad/revad -c frontend.toml &", "/drone/src/cmd/revad/revad -c gateway.toml &", "/drone/src/cmd/revad/revad -c storage-home-ocis.toml &", - "/drone/src/cmd/revad/revad -c storage-oc-ocis.toml &", + "/drone/src/cmd/revad/revad -c storage-users-ocis.toml &", "/drone/src/cmd/revad/revad -c users.toml", ], }, @@ -624,7 +624,7 @@ def litmusOcisNewWebdav(): "/drone/src/cmd/revad/revad -c frontend.toml &", "/drone/src/cmd/revad/revad -c gateway.toml &", "/drone/src/cmd/revad/revad -c storage-home-ocis.toml &", - "/drone/src/cmd/revad/revad -c storage-oc-ocis.toml &", + "/drone/src/cmd/revad/revad -c storage-users-ocis.toml &", "/drone/src/cmd/revad/revad -c users.toml", ] }, @@ -678,7 +678,7 @@ def litmusOcisSpacesDav(): "/drone/src/cmd/revad/revad -c frontend.toml &", "/drone/src/cmd/revad/revad -c gateway.toml &", "/drone/src/cmd/revad/revad -c storage-home-ocis.toml &", - "/drone/src/cmd/revad/revad -c storage-oc-ocis.toml &", + "/drone/src/cmd/revad/revad -c storage-users-ocis.toml &", "/drone/src/cmd/revad/revad -c users.toml", ] }, @@ -744,8 +744,8 @@ def ocisIntegrationTests(parallelRuns, skipExceptParts = []): "/drone/src/cmd/revad/revad -c gateway.toml &", "/drone/src/cmd/revad/revad -c shares.toml &", "/drone/src/cmd/revad/revad -c storage-home-ocis.toml &", - "/drone/src/cmd/revad/revad -c storage-oc-ocis.toml &", - "/drone/src/cmd/revad/revad -c storage-publiclink-ocis.toml &", + "/drone/src/cmd/revad/revad -c storage-users-ocis.toml &", + "/drone/src/cmd/revad/revad -c storage-publiclink.toml &", "/drone/src/cmd/revad/revad -c ldap-users.toml", ], }, @@ -819,8 +819,8 @@ def s3ngIntegrationTests(parallelRuns, skipExceptParts = []): "/drone/src/cmd/revad/revad -c gateway.toml &", "/drone/src/cmd/revad/revad -c shares.toml &", "/drone/src/cmd/revad/revad -c storage-home-s3ng.toml &", - "/drone/src/cmd/revad/revad -c storage-oc-s3ng.toml &", - "/drone/src/cmd/revad/revad -c storage-publiclink-s3ng.toml &", + "/drone/src/cmd/revad/revad -c storage-users-s3ng.toml &", + "/drone/src/cmd/revad/revad -c storage-publiclink.toml &", "/drone/src/cmd/revad/revad -c ldap-users.toml", ], }, diff --git a/changelog/unreleased/toml-cleanup.md b/changelog/unreleased/toml-cleanup.md new file mode 100644 index 0000000000..8d58bdb56c --- /dev/null +++ b/changelog/unreleased/toml-cleanup.md @@ -0,0 +1,5 @@ +Enhancement: update toml configs + +We updated the local and drone configurations, cleanad up the example configs and removed the reva gen subcommand which was generating outdated config. + +https://github.com/cs3org/reva/pull/2239 \ No newline at end of file diff --git a/cmd/reva/completer.go b/cmd/reva/completer.go index d39dee6a26..0b0bd90657 100644 --- a/cmd/reva/completer.go +++ b/cmd/reva/completer.go @@ -79,15 +79,7 @@ func (c *Completer) argumentCompleter(args ...string) []prompt.Suggest { return []prompt.Suggest{} } - var suggests []prompt.Suggest - switch args[0] { - case "gen": - suggests = convertCmdToSuggests([]*command{ - genConfigSubCommand(), - genUsersSubCommand(), - }) - return prompt.FilterHasPrefix(suggests, args[1], true) case "login": if len(args) == 2 { diff --git a/cmd/reva/gen-config.go b/cmd/reva/gen-config.go deleted file mode 100644 index a0ba669cfb..0000000000 --- a/cmd/reva/gen-config.go +++ /dev/null @@ -1,79 +0,0 @@ -// Copyright 2018-2021 CERN -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// In applying this license, CERN does not waive the privileges and immunities -// granted to it by virtue of its status as an Intergovernmental Organization -// or submit itself to any jurisdiction. - -package main - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/cs3org/reva/cmd/reva/gen" - "github.com/pkg/errors" -) - -var genConfigSubCommand = func() *command { - cmd := newCommand("config") - cmd.Description = func() string { return "will create a revad.toml file" } - cmd.Usage = func() string { return "Usage: gen config [-flags]" } - - forceFlag := cmd.Bool("f", false, "force") - configFlag := cmd.String("c", "./revad.toml", "path to the config file") - credentialsStrategyFlag := cmd.String("cs", "basic", "when initializing the config, choose 'basic' or 'oidc' credentials strategy") - dataDriverFlag := cmd.String("dd", "local", "'local' or 'owncloud', ('s3' or 'eos' are supported when providing a custom config)") - dataPathFlag := cmd.String("dp", "./data", "path to the data folder") - - cmd.ResetFlags = func() { - *forceFlag, *configFlag, *credentialsStrategyFlag = false, "./revad.toml", "basic" - *dataDriverFlag, *dataPathFlag = "local", "./data" - } - - cmd.Action = func(w ...io.Writer) error { - if !*forceFlag { - if _, err := os.Stat(*configFlag); err == nil { - // file exists, overwrite? - fmt.Fprintf(os.Stdout, "%s exists, overwrite (y/N)? ", *configFlag) - var r string - _, err := fmt.Scanln(&r) - if err != nil || "y" != strings.ToLower(r[:1]) { - return err - } - } else if !os.IsNotExist(err) { - return err - } - } - if *credentialsStrategyFlag != "basic" && *credentialsStrategyFlag != "oidc" { - return errors.New(fmt.Sprintf("unknown credentials strategy %s\n", *credentialsStrategyFlag)) - } - if *dataDriverFlag == "local" || *dataDriverFlag == "owncloud" { - gen.WriteConfig(*configFlag, *credentialsStrategyFlag, *dataDriverFlag, *dataPathFlag) - if *credentialsStrategyFlag == "oidc" { - fmt.Fprintf(os.Stdout, "make sure to serve phoenix on http://localhost:8300\n") - } - if *dataDriverFlag == "owncloud" { - fmt.Fprintf(os.Stdout, "make sure to start a local redis server\n") - } - return nil - } else if *dataDriverFlag == "eos" || *dataDriverFlag == "s3" { - return errors.New(fmt.Sprintf("initializing %s configuration is not yet implemented\n", *dataDriverFlag)) - } - return errors.New(fmt.Sprintf("unknown data driver %s\n", *dataDriverFlag)) - } - return cmd -} diff --git a/cmd/reva/gen-users.go b/cmd/reva/gen-users.go deleted file mode 100644 index 74d2cd4a20..0000000000 --- a/cmd/reva/gen-users.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2018-2021 CERN -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// In applying this license, CERN does not waive the privileges and immunities -// granted to it by virtue of its status as an Intergovernmental Organization -// or submit itself to any jurisdiction. - -package main - -import ( - "fmt" - "io" - "os" - "strings" - - "github.com/cs3org/reva/cmd/reva/gen" -) - -var genUsersSubCommand = func() *command { - cmd := newCommand("users") - cmd.Description = func() string { return "will create a users.json file with demo users" } - cmd.Usage = func() string { return "Usage: gen users [-flags]" } - - forceFlag := cmd.Bool("f", false, "force") - usersFlag := cmd.String("c", "./users.json", "path to the usersfile") - - cmd.ResetFlags = func() { - *forceFlag, *usersFlag = false, "./users.json" - } - - cmd.Action = func(w ...io.Writer) error { - if !*forceFlag { - if _, err := os.Stat(*usersFlag); err == nil { - // file exists, overwrite? - fmt.Fprintf(os.Stdout, "%s exists, overwrite (y/N)? ", *usersFlag) - var r string - _, err := fmt.Scanln(&r) - if err != nil || "y" != strings.ToLower(r[:1]) { - return err - } - } else if !os.IsNotExist(err) { - return err - } - } - if _, err := os.Stat(*usersFlag); os.IsNotExist(err) { - gen.WriteUsers(*usersFlag, nil) - } - return nil - } - return cmd -} diff --git a/cmd/reva/gen.go b/cmd/reva/gen.go deleted file mode 100644 index e0acc89859..0000000000 --- a/cmd/reva/gen.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright 2018-2021 CERN -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// In applying this license, CERN does not waive the privileges and immunities -// granted to it by virtue of its status as an Intergovernmental Organization -// or submit itself to any jurisdiction. - -package main - -import ( - "fmt" - "io" - "strings" - - "github.com/pkg/errors" -) - -var genCommand = func() *command { - cmd := newCommand("gen") - cmd.Description = func() string { return "generates files for configuration" } - cmd.Usage = func() string { return "Usage: gen " } - - subcmds := []*command{ - genConfigSubCommand(), - genUsersSubCommand(), - } - - cmd.Action = func(w ...io.Writer) error { - // Verify that a subcommand has been provided - // cmd.Args()[0] is the subcommand command - // cmd.Args()[1] will be the subcommands arguments - if len(cmd.Args()) < 1 { - return errors.New("Invalid arguments. " + createGenUsage(subcmds)) - } - subcommand := cmd.Args()[0] - for _, v := range subcmds { - if v.Name == subcommand { - err := v.Parse(cmd.Args()[1:]) - if err != nil { - return err - } - return v.Action() - } - } - return errors.New("Invalid arguments. " + cmd.Usage()) - } - return cmd -} - -func createGenUsage(cmds []*command) string { - n := 0 - for _, cmd := range cmds { - l := len(cmd.Name) - if l > n { - n = l - } - } - - usage := "Available sub commands:\n\n" - for _, cmd := range cmds { - usage += fmt.Sprintf("gen %s%s%s\n", cmd.Name, strings.Repeat(" ", 4+(n-len(cmd.Name))), cmd.Description()) - } - return usage -} diff --git a/cmd/reva/gen/gen.go b/cmd/reva/gen/gen.go deleted file mode 100644 index 582837150e..0000000000 --- a/cmd/reva/gen/gen.go +++ /dev/null @@ -1,471 +0,0 @@ -// Copyright 2018-2021 CERN -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -// In applying this license, CERN does not waive the privileges and immunities -// granted to it by virtue of its status as an Intergovernmental Organization -// or submit itself to any jurisdiction. - -package gen - -import ( - "crypto/md5" - "crypto/rand" - "encoding/base64" - "encoding/hex" - "fmt" - "os" - "text/template" - - userpb "github.com/cs3org/go-cs3apis/cs3/identity/user/v1beta1" -) - -var baseTemplate = `# This config file will start a reva instance that: -# - stores files in the local storage -# - reads users from users.json -# - uses basic authentication to authenticate requests - -# basic setup - -[core] -max_cpus = "2" - -[log] -output = "stdout" -mode = "dev" -level = "debug" - -# What services, http middlewares and grpc interceptors should be started? - -[http] -enabled_services = ["datasvc", "ocdav", "ocssvc"{{if eq .CredentialStrategy "oidc"}}, "oidcprovider", "wellknown"{{end}}] -enabled_middlewares = ["log", "trace", "auth"{{if eq .CredentialStrategy "oidc"}}, "cors"{{end}}] -network = "tcp" -address = "0.0.0.0:9998" - -[grpc] -enabled_services = ["authsvc", "usershareprovidersvc", "storageregistrysvc", "storageprovidersvc"] -enabled_interceptors = ["auth", "prometheus", "log", "trace"] -network = "tcp" -address = "0.0.0.0:9999" -access_log = "stderr" - -# Order and configuration of http middleware any grpc interceptors - -# HTTP middlewares - -[http.middlewares.trace] -priority = 100 -header = "x-trace" - -[http.middlewares.log] -priority = 200 - -[http.middlewares.auth] -priority = 300 -authsvc = "127.0.0.1:9999" -credential_strategy = "{{.CredentialStrategy}}" -token_strategy = "header" -token_writer = "header" -token_manager = "jwt" -{{if eq .CredentialStrategy "oidc"}} -skip_methods = [ - "/status.php", - "/oauth2", - "/oauth2/auth", - "/oauth2/token", - "/oauth2/introspect", - "/oauth2/userinfo", - "/oauth2/sessions", - "/.well-known/openid-configuration" -] - -[http.middlewares.cors] -priority = 400 -allowed_origins = ["*"] -allow_credentials = true -allowed_methods = ["OPTIONS", "GET", "PUT", "POST", "DELETE", "MKCOL", "PROPFIND", "PROPPATCH", "MOVE", "COPY", "REPORT", "SEARCH"] -allowed_headers = ["Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Ocs-Apirequest"] -options_passthrough = true -{{else}} -skip_methods = ["/status.php"] -{{end}} - -[http.middlewares.auth.token_managers.jwt] -secret = "{{.TokenSecret}}" - -# GRPC interceptors - -[grpc.interceptors.trace] -priority = 100 -header = "x-trace" - -[grpc.interceptors.log] -priority = 200 - -[grpc.interceptors.prometheus] -priority = 300 - -[grpc.interceptors.auth] -priority = 400 -# keys for grpc metadata are always lowercase, so interceptors headers need to use lowercase. -token_strategy = "header" -token_manager = "jwt" -# GenerateAccessToken contains the credentials in the payload. Skip auth, otherwise services cannot obtain a token. -skip_methods = ["/cs3.authproviderv1beta1.AuthService/GenerateAccessToken"] - -[grpc.interceptors.auth.token_managers.jwt] -secret = "{{.TokenSecret}}" - -# HTTP services - -[http.services.ocdav] -prefix = "" -chunk_folder = "/var/tmp/owncloud/chunks" -storageregistrysvc = "127.0.0.1:9999" -storageprovidersvc = "127.0.0.1:9999" - -[http.services.ocssvc] -prefix = "ocs" -usershareprovidersvc = "127.0.0.1:9999" -storageprovidersvc = "127.0.0.1:9999" -# the list of share recipients is taken fro the user.json file -user_manager = "json" - -[http.services.ocssvc.user_managers.json] -users = "users.json" - -[http.services.ocssvc.config] -version = "1.8" -website = "nexus" -host = "https://localhost:9998" -contact = "admin@localhost" -ssl = "true" -[http.services.ocssvc.capabilities.capabilities.core] -poll_interval = 60 -webdav_root = "remote.php/webdav" -[http.services.ocssvc.capabilities.capabilities.core.status] -installed = true -maintenance = false -needsDbUpgrade = false -version = "10.0.9.5" -versionstring = "10.0.9" -edition = "community" -productname = "reva" -hostname = "" -[http.services.ocssvc.capabilities.capabilities.checksums] -supported_types = ["SHA256"] -preferred_upload_type = "SHA256" -[http.services.ocssvc.capabilities.capabilities.files] -private_links = true -bigfilechunking = true -blacklisted_files = ["foo"] -undelete = true -versioning = true -[http.services.ocssvc.capabilities.capabilities.files.tus_support] -version = "1.0.0" -resumable = "1.0.0" -extension = "creation,creation-with-upload" -http_method_override = "" -max_chunk_size = 0 -[http.services.ocssvc.capabilities.capabilities.dav] -chunking = "" # set to "1.0" for experimental support -[http.services.ocssvc.capabilities.capabilities.files_sharing] -api_enabled = true -resharing = true -group_sharing = true -auto_accept_share = true -share_with_group_members_only = true -share_with_membership_groups_only = true -default_permissions = 22 -search_min_length = 3 -[http.services.ocssvc.capabilities.capabilities.files_sharing.public] -enabled = true -send_mail = true -social_share = true -upload = true -multiple = true -supports_upload_only = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password] -enforced = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password.enforced_for] -read_only = true -read_write = true -upload_only = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.public.expire_date] -enabled = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.user] -send_mail = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.user_enumeration] -enabled = true -group_members_only = true -[http.services.ocssvc.capabilities.capabilities.files_sharing.federation] -outgoing = true -incoming = true -[http.services.ocssvc.capabilities.capabilities.notifications] -endpoints = ["list", "get", "delete"] -[http.services.ocssvc.capabilities.version] -edition = "nexus" -major = 10 -minor = 0 -micro = 11 -string = "10.0.11" - -[http.services.datasvc] -driver = "{{.DataDriver}}" -prefix = "data" -temp_folder = "/var/tmp/" - -{{if eq .DataDriver "local"}} -[http.services.datasvc.drivers.local] -root = "{{.DataPath}}" -{{end}} -{{if eq .DataDriver "owncloud"}} -[http.services.datasvc.drivers.owncloud] -datadirectory = "{{.DataPath}}" -{{end}} - -{{if eq .CredentialStrategy "oidc"}} -[http.services.wellknown] -prefix = ".well-known" - -[http.services.oidcprovider] -prefix = "oauth2" -{{end}} - -# GRPC services - -## The authentication service - -[grpc.services.authsvc] -token_manager = "jwt" -{{if eq .CredentialStrategy "oidc"}} -# users are authorized by inspecting oidc tokens -auth_manager = "oidc" -# user info is read from the oidc userinfo endpoint -user_manager = "oidc" - -[grpc.services.authsvc.auth_managers.oidc] -provider = "http://localhost:9998" -insecure = true -# the client credentials for the token introspection backchannel -client_id = "reva" -client_secret = "foobar" -{{else}} -# users are authorized by checking their password matches the one in the users.json file -auth_manager = "json" -# user info is read from the user.json file -user_manager = "json" - -[grpc.services.authsvc.auth_managers.json] -users = "users.json" - -[grpc.services.authsvc.user_managers.json] -users = "users.json" -{{end}} - -[grpc.services.authsvc.token_managers.jwt] -secret = "{{.TokenSecret}}" - -## The storage registry service - -[grpc.services.storageregistrysvc] -driver = "static" - -[grpc.services.storageregistrysvc.drivers.static.rules] -"/" = "127.0.0.1:9999" -"123e4567-e89b-12d3-a456-426655440000" = "127.0.0.1:9999" - -## The storage provider service - -[grpc.services.storageprovidersvc] -driver = "{{.DataDriver}}" -mount_path = "/" -mount_id = "123e4567-e89b-12d3-a456-426655440000" -data_server_url = "http://127.0.0.1:9998/data" - -[grpc.services.storageprovidersvc.available_checksums] -md5 = 100 -unset = 1000 - -{{if eq .DataDriver "local"}} -[grpc.services.storageprovidersvc.drivers.local] -root = "{{.DataPath}}" -{{end}} -{{if eq .DataDriver "owncloud"}} -[grpc.services.storageprovidersvc.drivers.owncloud] -datadirectory = "{{.DataPath}}" -{{end}} - -## The user share provider service - -[grpc.services.usershareprovidersvc] -driver = "{{.DataDriver}}" - -{{if eq .DataDriver "local"}} -[grpc.services.usershareprovidersvc.drivers.local] -root = "{{.DataPath}}" -{{end}} -{{if eq .DataDriver "owncloud"}} -[grpc.services.usershareprovidersvc.drivers.owncloud] -datadirectory = "{{.DataPath}}" -{{end}} -` - -// Variables that will be used to render the template -type Variables struct { - CredentialStrategy string - TokenSecret string - DataDriver string - DataPath string -} - -func genSecret(l int) string { - buff := make([]byte, l) - _, err := rand.Read(buff) - if err != nil { - fmt.Fprintf(os.Stderr, "error reading random: %v\n", err) - return "" - } - return base64.StdEncoding.EncodeToString(buff)[:l] - -} - -// WriteConfig writes a basic auth protected reva.toml file to the given path -func WriteConfig(p string, cs string, dd string, dp string) { - - v := &Variables{ - CredentialStrategy: cs, - TokenSecret: genSecret(32), - DataDriver: dd, - DataPath: dp, - } - - tmpl, err := template.New("config").Parse(baseTemplate) - if err != nil { - fmt.Fprintf(os.Stderr, "error parsing config template: %v\n", err) - return - } - f, err := os.Create(p) - if err != nil { - fmt.Fprintf(os.Stderr, "error creating config file: %v\n", err) - return - } - if err := tmpl.Execute(f, v); err != nil { - fmt.Fprintf(os.Stderr, "error writing config file: %v\n", err) - return - } - fmt.Fprintf(os.Stdout, "wrote %s\n", p) -} - -var usersTemplate = `[{{range $i, $e := .}}{{if $i}},{{end}} - { - "id": { - "idp": "{{$e.Iss}}", - "opaque_id": "{{$e.Sub}}", - }, - "username": "{{$e.Username}}", - "secret": "{{$e.Secret}}", - "mail": "{{$e.Mail}}", - "display_name": "{{$e.Displayname}}" - }{{end}} -] -` - -// UserVars that will be used to render users -type UserVars struct { - Sub string - Iss string - Username string - Secret string - Mail string - Displayname string - // TODO groups -} - -// WriteUsers writes a basic auth protected reva.toml file to the given path -func WriteUsers(p string, users []*userpb.User) { - - var uservars []*UserVars - - if users == nil { - uservars = []*UserVars{ - { - Sub: "c6e5995d6c7fa1986b830b78b478e6c2", - Iss: "localhost:9998", - Username: "einstein", - Secret: "relativity", - Mail: "einstein@example.org", - Displayname: "Albert Einstein", - }, - { - Sub: "9fb5f8d212cbf3fc55f1bf67d97ed05d", - Iss: "localhost:9998", - Username: "marie", - Secret: "radioactivity", - Mail: "marie@example.org", - Displayname: "Marie Curie", - }, - { - Sub: "a84075b398fe6a0aee1155f8ead13331", - Iss: "localhost:9998", - Username: "richard", - Secret: "superfluidity", - Mail: "richard@example.org", - Displayname: "Richard Feynman", - }, - } - } else { - hasher := md5.New() - uservars = []*UserVars{} - for _, user := range users { - // TODO this could be parameterized to create an admin account? - u := &UserVars{ - Username: user.Username, - Secret: genSecret(12), - Mail: user.Mail, - Displayname: user.DisplayName, - } - if user.Id != nil { - u.Sub = user.Id.OpaqueId - u.Iss = user.Id.Idp - } - // fall back to hashing a username if no sub is provided - if u.Sub == "" { - _, err := hasher.Write([]byte(user.Username)) - if err != nil { - fmt.Fprintf(os.Stderr, "error hashing username: %v\n", err) - return - } - u.Sub = hex.EncodeToString(hasher.Sum(nil)) - } - uservars = append(uservars, u) - } - } - - tmpl, err := template.New("users").Parse(usersTemplate) - if err != nil { - fmt.Fprintf(os.Stderr, "error parsing config template: %v\n", err) - return - } - f, err := os.Create(p) - if err != nil { - fmt.Fprintf(os.Stderr, "error creating config file: %v\n", err) - return - } - if err := tmpl.Execute(f, uservars); err != nil { - fmt.Fprintf(os.Stderr, "error writing config file: %v\n", err) - return - } - fmt.Fprintf(os.Stdout, "wrote %s\n", p) -} diff --git a/cmd/reva/main.go b/cmd/reva/main.go index 3968ba4088..a77df4b34f 100644 --- a/cmd/reva/main.go +++ b/cmd/reva/main.go @@ -66,7 +66,6 @@ var ( ocmShareUpdateReceivedCommand(), openInAppCommand(), preferencesCommand(), - genCommand(), publicShareCreateCommand(), publicShareListCommand(), publicShareRemoveCommand(), diff --git a/docs/content/en/docs/config/grpc/_index.md b/docs/content/en/docs/config/grpc/_index.md index daa17c12dd..b60b2f6aa3 100644 --- a/docs/content/en/docs/config/grpc/_index.md +++ b/docs/content/en/docs/config/grpc/_index.md @@ -21,19 +21,3 @@ Specifies the bind address interface. address = "0.0.0.0:9999" {{< /highlight >}} {{% /dir %}} - -{{% dir name="enabled_services" type="[string]" default="[]" %}} -List of GRPC services to be enabled. -{{< highlight toml >}} -[grpc] -enabled_services = ["helloworld"] -{{< /highlight >}} -{{% /dir %}} - -{{% dir name="enabled_middlewares" type="[string]" default="[]" %}} -List of GRPC middlewares to be enabled. -{{< highlight toml >}} -[grpc] -enabled_interceptors = ["auth"] -{{< /highlight >}} -{{% /dir %}} diff --git a/docs/content/en/docs/config/http/_index.md b/docs/content/en/docs/config/http/_index.md index 4fa0615bc2..d2f5bf5c33 100644 --- a/docs/content/en/docs/config/http/_index.md +++ b/docs/content/en/docs/config/http/_index.md @@ -29,11 +29,3 @@ List of HTTP services to be enabled. enabled_services = ["helloworld"] {{< /highlight >}} {{% /dir %}} - -{{% dir name="enabled_middlewares" type="[string]" default="[]" %}} -List of HTTP middlewares to be enabled. -{{< highlight toml >}} -[http] -enabled_middlewares = ["cors"] -{{< /highlight >}} -{{% /dir %}} diff --git a/examples/ocmd/ocmd-server-1.toml b/examples/ocmd/ocmd-server-1.toml index 4902f18fbe..dad77ce087 100644 --- a/examples/ocmd/ocmd-server-1.toml +++ b/examples/ocmd/ocmd-server-1.toml @@ -116,8 +116,6 @@ driver = "json" users = "users.demo.json" [http] -enabled_services = ["ocmd"] -enabled_middlewares = ["providerauthorizer", "cors"] address = "0.0.0.0:19001" [http.services.dataprovider] diff --git a/examples/ocmd/ocmd-server-2.toml b/examples/ocmd/ocmd-server-2.toml index 61b1cc54f0..9a945c64e4 100644 --- a/examples/ocmd/ocmd-server-2.toml +++ b/examples/ocmd/ocmd-server-2.toml @@ -87,8 +87,6 @@ driver = "json" users = "users.demo.json" [http] -enabled_services = ["ocmd"] -enabled_middlewares = ["providerauthorizer", "cors"] address = "0.0.0.0:17001" [http.services.dataprovider] diff --git a/tests/oc-integration-tests/drone/frontend-global.toml b/tests/oc-integration-tests/drone/frontend-global.toml index 3b47aa9efb..12d5a2bc92 100644 --- a/tests/oc-integration-tests/drone/frontend-global.toml +++ b/tests/oc-integration-tests/drone/frontend-global.toml @@ -1,26 +1,13 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# This frontend-global.toml config file will start a reva service that: +# This config file will start a reva service that: # - serves as the entrypoint for owncloud APIs but with a globally accessible namespace. # - serves http endpoints on port 20180 # - / --------------- ocdav # - /ocs ------------ ocs -# - /oauth2 --------- oidcprovider -# - /.well-known ---- wellknown service to announce openid-configuration # - TODO(diocas): ocm -# - authenticates requests using oidc bearer auth and basic auth as fallback -# - serves the grpc services on port 20199 -[grpc] -address = "0.0.0.0:20199" - -[grpc.services.authprovider] -auth_manager = "oidc" -# If you want to use your own openid provider change this config -[grpc.services.authprovider.auth_managers.oidc] -issuer = "http://localhost:20180" +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" [http] address = "0.0.0.0:20180" @@ -115,3 +102,13 @@ resumable = "1.0.0" extension = "creation,creation-with-upload" http_method_override = "" max_chunk_size = 0 + +# serve /ocm +[http.services.ocmd] +prefix = "ocm" + +[http.middlewares.providerauthorizer] +driver = "json" + +[http.middlewares.providerauthorizer.drivers.json] +providers = "providers.demo.json" \ No newline at end of file diff --git a/tests/oc-integration-tests/drone/frontend.toml b/tests/oc-integration-tests/drone/frontend.toml index 13fbba77dc..84ed3b43f7 100644 --- a/tests/oc-integration-tests/drone/frontend.toml +++ b/tests/oc-integration-tests/drone/frontend.toml @@ -1,17 +1,15 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# This frontend.toml config file will start a reva service that: +# This config file will start a reva service that: # - serves as the entrypoint for owncloud APIs. +# - jails users into their home folder as in owncloud classic # - serves http endpoints on port 20080 # - / --------------- ocdav # - /ocs ------------ ocs -# - /oauth2 --------- oidcprovider -# - /.well-known ---- wellknown service to announce openid-configuration # - TODO(diocas): ocm -# - authenticates requests using oidc bearer auth and basic auth as fallback -# - serves the grpc services on port 20099 + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + [grpc] address = "0.0.0.0:20099" @@ -115,3 +113,13 @@ resumable = "1.0.0" extension = "creation,creation-with-upload" http_method_override = "" max_chunk_size = 0 + +# serve /ocm +[http.services.ocmd] +prefix = "ocm" + +[http.middlewares.providerauthorizer] +driver = "json" + +[http.middlewares.providerauthorizer.drivers.json] +providers = "providers.demo.json" \ No newline at end of file diff --git a/tests/oc-integration-tests/drone/gateway.toml b/tests/oc-integration-tests/drone/gateway.toml index 6d2577c2ca..5b7d4199af 100644 --- a/tests/oc-integration-tests/drone/gateway.toml +++ b/tests/oc-integration-tests/drone/gateway.toml @@ -1,21 +1,15 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -#[[registry.services.storagehome]] -#name = 'authregistry' -# -#[[registry.services.storagehome.nodes]] -#id = '65ad3270-9e87-11eb-a1aa-0fcc1edaa55e' -#address = '0.0.0.0:9142' - -# This gateway.toml config file will start a reva service that: -# - serves as a gateway for all requests +# This config file will start a reva service that: +# - serves as a gateway for all CS3 requests # - looks up the storageprovider using a storageregistry # - looks up the authprovider using an authregistry # - serves the gateway on grpc port 19000 # - serves http datagateway on port 19001 # - /data - datagateway: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + [grpc] address = "0.0.0.0:19000" @@ -32,10 +26,10 @@ groupprovidersvc = "localhost:18000" usershareprovidersvc = "localhost:17000" publicshareprovidersvc = "localhost:17000" # ocm -ocmcoresvc = "localhost:13000" -ocmshareprovidersvc = "localhost:13000" -ocminvitemanagersvc = "localhost:13000" -ocmproviderauthorizersvc = "localhost:13000" +ocmcoresvc = "localhost:14000" +ocmshareprovidersvc = "localhost:14000" +ocminvitemanagersvc = "localhost:14000" +ocmproviderauthorizersvc = "localhost:14000" # other commit_share_to_storage_grant = true commit_share_to_storage_ref = true @@ -52,7 +46,6 @@ driver = "static" [grpc.services.authregistry.drivers.static.rules] publicshares = "localhost:17000" # started with the shares.toml basic = "localhost:18000" # started with the users.toml -bearer = "localhost:20099" # started with the frontend.toml [grpc.services.storageregistry] driver = "static" diff --git a/tests/oc-integration-tests/drone/ldap-users.toml b/tests/oc-integration-tests/drone/ldap-users.toml index 7bb96e0c9a..0cd4f47dab 100644 --- a/tests/oc-integration-tests/drone/ldap-users.toml +++ b/tests/oc-integration-tests/drone/ldap-users.toml @@ -1,9 +1,10 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 18000 + [shared] jwt_secret = "Pive-Fumkiu4" -# This users.toml config file will start a reva service that: -# - handles user metadata and user preferences -# - serves the grpc services on port 18000 [grpc] address = "0.0.0.0:18000" diff --git a/tests/oc-integration-tests/drone/ocmd.toml b/tests/oc-integration-tests/drone/ocmd.toml new file mode 100644 index 0000000000..0439d83856 --- /dev/null +++ b/tests/oc-integration-tests/drone/ocmd.toml @@ -0,0 +1,30 @@ +# This config file will start a reva service that: +# - serves user and public link shares + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:14000" + +[grpc.services.ocmcore] +driver = "json" + +# Note that ocmcore and ocmshareprovider should use the same file for storing the shares. +[grpc.services.ocmcore.drivers.json] +file = "/drone/src/var/tmp/reva/shares_server_1.json" + +[grpc.services.ocminvitemanager] +driver = "json" + +[grpc.services.ocmshareprovider] +driver = "json" + +[grpc.services.ocmshareprovider.drivers.json] +file = "/drone/src/var/tmp/reva/shares_server_1.json" + +[grpc.services.ocmproviderauthorizer] +driver = "json" + +[grpc.services.ocmproviderauthorizer.drivers.json] +providers = "providers.demo.json" diff --git a/tests/oc-integration-tests/drone/providers.demo.json b/tests/oc-integration-tests/drone/providers.demo.json new file mode 100644 index 0000000000..c7d93d7283 --- /dev/null +++ b/tests/oc-integration-tests/drone/providers.demo.json @@ -0,0 +1,100 @@ +[ + { + "name": "local", + "full_name": "ownCloud@Example", + "organization": "Example", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example Open Cloud Mesh API" + }, + "name": "Example - OCM API", + "path": "http://127.0.0.1:20080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example Webdav API" + }, + "name": "Example - Webdav API", + "path": "http://127.0.0.1:20080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example GRPC Gateway" + }, + "name": "Example - GRPC Gateway", + "path": "127.0.0.1:19000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:19000" + } + ] + }, + { + "name": "local-mesh", + "full_name": "ownCloud@Example2", + "organization": "Example 2", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage 2.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example 2 Open Cloud Mesh API" + }, + "name": "Example 2 - OCM API", + "path": "http://127.0.0.1:40080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example 2 Webdav API" + }, + "name": "Example 2 - Webdav API", + "path": "http://127.0.0.1:40080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example 2 GRPC Gateway" + }, + "name": "Example 2 - GRPC Gateway", + "path": "127.0.0.1:39000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:39000" + } + ] + } +] diff --git a/tests/oc-integration-tests/drone/shares.toml b/tests/oc-integration-tests/drone/shares.toml index 1088993cc4..34f5cf2c16 100644 --- a/tests/oc-integration-tests/drone/shares.toml +++ b/tests/oc-integration-tests/drone/shares.toml @@ -1,8 +1,9 @@ +# This config file will start a reva service that: +# - serves user and public link shares + [shared] jwt_secret = "Pive-Fumkiu4" -# GRPC: -# - serves user and public link shares [grpc] address = "0.0.0.0:17000" diff --git a/tests/oc-integration-tests/drone/storage-home-ocis.toml b/tests/oc-integration-tests/drone/storage-home-ocis.toml index 661de2a4ea..dbc0748f0a 100644 --- a/tests/oc-integration-tests/drone/storage-home-ocis.toml +++ b/tests/oc-integration-tests/drone/storage-home-ocis.toml @@ -1,17 +1,5 @@ -# This storage-home.toml config file will start a reva service that: -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -#[[registry.services.storagehome]] -#name = 'storage-home' -# -#[[registry.services.storagehome.nodes]] -#id = '130e0018-9e86-11eb-8634-336624ad2203' -#address = '0.0.0.0:9154' - -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth +# This config file will start a reva service that: +# - uses the ocis driver to serve users, jailed into their home (/home) # - serves the home storage provider on grpc port 12000 # - serves http dataprovider for this storage on port 12001 # - /data - dataprovider: file up and download @@ -19,6 +7,10 @@ gatewaysvc = "localhost:19000" # The home storage will inject the username into the path and jail users into # their home directory +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + [grpc] address = "0.0.0.0:12000" diff --git a/tests/oc-integration-tests/drone/storage-home-s3ng.toml b/tests/oc-integration-tests/drone/storage-home-s3ng.toml index 298775be93..dfd784b567 100644 --- a/tests/oc-integration-tests/drone/storage-home-s3ng.toml +++ b/tests/oc-integration-tests/drone/storage-home-s3ng.toml @@ -1,10 +1,5 @@ -# This storage-home.toml config file will start a reva service that: -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth +# This config file will start a reva service that: +# - uses the s3ng driver to serve users, jailed into their home (/home) # - serves the home storage provider on grpc port 12000 # - serves http dataprovider for this storage on port 12001 # - /data - dataprovider: file up and download @@ -12,6 +7,10 @@ gatewaysvc = "localhost:19000" # The home storage will inject the username into the path and jail users into # their home directory +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + [grpc] address = "0.0.0.0:12000" diff --git a/tests/oc-integration-tests/drone/storage-local-1.toml b/tests/oc-integration-tests/drone/storage-local-1.toml index 1ff744ab35..3b7d166d87 100644 --- a/tests/oc-integration-tests/drone/storage-local-1.toml +++ b/tests/oc-integration-tests/drone/storage-local-1.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[a-k]) +# - serves the storage provider on grpc port 11100 +# - serves http dataprovider for this storage on port 11101 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11100" diff --git a/tests/oc-integration-tests/drone/storage-local-2.toml b/tests/oc-integration-tests/drone/storage-local-2.toml index 9b689acfbe..db3e79fe5f 100644 --- a/tests/oc-integration-tests/drone/storage-local-2.toml +++ b/tests/oc-integration-tests/drone/storage-local-2.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[l-z]) +# - serves the storage provider on grpc port 11110 +# - serves http dataprovider for this storage on port 11111 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11110" diff --git a/tests/oc-integration-tests/drone/storage-publiclink-s3ng.toml b/tests/oc-integration-tests/drone/storage-publiclink-s3ng.toml deleted file mode 100644 index 7404dc7a8d..0000000000 --- a/tests/oc-integration-tests/drone/storage-publiclink-s3ng.toml +++ /dev/null @@ -1,29 +0,0 @@ -# This storage.toml config file will start a reva service that: -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -[grpc] -address = "0.0.0.0:13000" - -# This is a storage provider that grants direct access to the wrapped storage -# we have a locally running dataprovider -[grpc.services.publicstorageprovider] -driver = "s3ng" -mount_path = "/public/" -mount_id = "e1a73ede-549b-4226-abdf-40e69ca8230d" -expose_data_server = true -data_server_url = "http://revad-services:13001/data" -gateway_addr = "0.0.0.0:19000" -enable_home_creation = true - -[grpc.services.publicstorageprovider.drivers.s3ng] -root = "/drone/src/tmp/reva/data" -treetime_accounting = true -treesize_accounting = true -enable_home = true -"s3.endpoint" = "http://ceph:8080" -"s3.region" = "default" -"s3.bucket" = "test" -"s3.access_key" = "test" -"s3.secret_key" = "test" \ No newline at end of file diff --git a/tests/oc-integration-tests/drone/storage-publiclink-ocis.toml b/tests/oc-integration-tests/drone/storage-publiclink.toml similarity index 53% rename from tests/oc-integration-tests/drone/storage-publiclink-ocis.toml rename to tests/oc-integration-tests/drone/storage-publiclink.toml index 055b7b7ddd..78b9afc6b3 100644 --- a/tests/oc-integration-tests/drone/storage-publiclink-ocis.toml +++ b/tests/oc-integration-tests/drone/storage-publiclink.toml @@ -1,4 +1,6 @@ # This storage.toml config file will start a reva service that: +# - serves the public storage provider on grpc port 13000 + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" @@ -9,16 +11,6 @@ address = "0.0.0.0:13000" # This is a storage provider that grants direct access to the wrapped storage # we have a locally running dataprovider [grpc.services.publicstorageprovider] -driver = "ocis" mount_path = "/public/" -mount_id = "e1a73ede-549b-4226-abdf-40e69ca8230d" -expose_data_server = true -data_server_url = "http://revad-services:13001/data" gateway_addr = "0.0.0.0:19000" -enable_home_creation = true -[grpc.services.publicstorageprovider.drivers.ocis] -root = "/drone/src/tmp/reva/data" -treetime_accounting = true -treesize_accounting = true -enable_home = true diff --git a/tests/oc-integration-tests/drone/storage-oc-ocis.toml b/tests/oc-integration-tests/drone/storage-users-ocis.toml similarity index 82% rename from tests/oc-integration-tests/drone/storage-oc-ocis.toml rename to tests/oc-integration-tests/drone/storage-users-ocis.toml index b1ceacb68b..2d6ef8fc2d 100644 --- a/tests/oc-integration-tests/drone/storage-oc-ocis.toml +++ b/tests/oc-integration-tests/drone/storage-users-ocis.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve users (/users) +# - serves the storage provider on grpc port 11000 +# - serves http dataprovider for this storage on port 11001 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11000" diff --git a/tests/oc-integration-tests/drone/storage-oc-s3ng.toml b/tests/oc-integration-tests/drone/storage-users-s3ng.toml similarity index 85% rename from tests/oc-integration-tests/drone/storage-oc-s3ng.toml rename to tests/oc-integration-tests/drone/storage-users-s3ng.toml index 51c5edc215..63073c9585 100644 --- a/tests/oc-integration-tests/drone/storage-oc-s3ng.toml +++ b/tests/oc-integration-tests/drone/storage-users-s3ng.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the s3ng driver to serve users (/users) +# - serves the storage provider on grpc port 11000 +# - serves http dataprovider for this storage on port 11001 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11000" diff --git a/tests/oc-integration-tests/drone/users.toml b/tests/oc-integration-tests/drone/users.toml index 7b24885c56..6f849bf6a8 100644 --- a/tests/oc-integration-tests/drone/users.toml +++ b/tests/oc-integration-tests/drone/users.toml @@ -1,9 +1,10 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 18000 + [shared] jwt_secret = "Pive-Fumkiu4" -# This users.toml config file will start a reva service that: -# - handles user metadata and user preferences -# - serves the grpc services on port 18000 [grpc] address = "0.0.0.0:18000" diff --git a/tests/oc-integration-tests/local-mesh/Readme.md b/tests/oc-integration-tests/local-mesh/Readme.md new file mode 100644 index 0000000000..4756c4bb2c --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/Readme.md @@ -0,0 +1,7 @@ +# Local deployment of reva + +## Notable Services +`frontend-global.toml` serves all HTTP services on 20180 with a global namespace on the `/webdav` and `/dav/users/{username}` endpoints. This mimics the cernbox deployment. +`frontend.toml` serves all HTTP services on 20080, jailing users into their home on the `/webdav` and `/dav/users/{username}` endpoints. This mimics the classic ownCloud. + +Use either `users.toml` or `users-ldap.toml`. You cannot use both at the same time. \ No newline at end of file diff --git a/tests/oc-integration-tests/local-mesh/frontend-global.toml b/tests/oc-integration-tests/local-mesh/frontend-global.toml new file mode 100644 index 0000000000..3803e870d3 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/frontend-global.toml @@ -0,0 +1,104 @@ +# This config file will start a reva service that: +# - serves as the entrypoint for owncloud APIs but with a globally accessible namespace. +# - serves http endpoints on port 20180 +# - / --------------- ocdav +# - /ocs ------------ ocs +# - TODO(diocas): ocm + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[http] +address = "0.0.0.0:40180" + +[http.middlewares.cors] +allow_credentials = true + +[http.services.ocdav] +# serve ocdav on the root path +prefix = "" +chunk_folder = "/var/tmp/reva/chunks" +# for user lookups +# prefix the path of requests to /dav/files with this namespace +# While owncloud has only listed usernames at this endpoint CERN has +# been exposing more than just usernames. For owncloud deployments we +# can prefix the path to jail the requests to the correct CS3 namespace. +# In this deployment we mounted the owncloud storage provider at /users. It +# expects a username as the first path segment. +# currently, only the desktop client will use this endpoint, but only if +# the dav.chunking capability is available +# TODO implement a path wrapper that rewrites `` into the path +# layout for the users home? +# no, use GetHome? +# for eos we need to rewrite the path +# TODO strip the username from the path so the CS3 namespace can be mounted +# at the files/ endpoint? what about migration? separate reva instance +files_namespace = "/" + +# similar to the dav/files endpoint we can configure a prefix for the old webdav endpoint +# we use the old webdav endpoint to present the cs3 namespace +# note: this changes the tree that is rendered at remote.php/webdav from the users home to the cs3 namespace +# use webdav_namespace = "/home" to use the old namespace that only exposes the users files +# this endpoint should not affect the desktop client sync but will present different folders for the other clients: +# - the desktop clients use a hardcoded remote.php/dav/files/ if the dav.chunkung capability is present +# - the ios ios uses the core.webdav-root capability which points to remote.php/webdav in oc10 +# - the oc js sdk is hardcoded to the remote.php/webdav so it will see the new tree +# - TODO android? no sync ... but will see different tree +webdav_namespace = "/" + +[http.services.ocs] + +[http.services.ocs.capabilities.capabilities.core.status] +version = "10.0.11.5" +versionstring = "10.0.11" + +[http.services.ocs.capabilities.capabilities.files_sharing] +api_enabled = true +resharing = true +group_sharing = true +auto_accept_share = true +share_with_group_members_only = true +share_with_membership_groups_only = true +default_permissions = 22 +search_min_length = 3 + +[http.services.ocs.capabilities.capabilities.files_sharing.public] +enabled = true +send_mail = true +social_share = true +upload = true +multiple = true +supports_upload_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.password] +enforced = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.password.enforced_for] +read_only = true +read_write = true +upload_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.expire_date] +enabled = true + +[http.services.ocs.capabilities.capabilities.files_sharing.user] +send_mail = true + +[http.services.ocs.capabilities.capabilities.files_sharing.user_enumeration] +enabled = true +group_members_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.federation] +outgoing = true +incoming = true + +[http.services.ocs.capabilities.capabilities.notifications] +endpoints = [] + +[http.services.ocs.capabilities.capabilities.files.tus_support] +version = "1.0.0" +resumable = "1.0.0" +extension = "creation,creation-with-upload" +http_method_override = "" +max_chunk_size = 0 diff --git a/tests/oc-integration-tests/local-mesh/frontend.toml b/tests/oc-integration-tests/local-mesh/frontend.toml new file mode 100644 index 0000000000..ee8b53ff04 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/frontend.toml @@ -0,0 +1,116 @@ +# This config file will start a reva service that: +# - serves as the entrypoint for owncloud APIs. +# - jails users into their home folder as in owncloud classic +# - serves http endpoints on port 20080 +# - / --------------- ocdav +# - /ocs ------------ ocs +# - TODO(diocas): ocm + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[http] +address = "0.0.0.0:40080" + +[http.middlewares.cors] +allow_credentials = true + +[http.services.ocdav] +# serve ocdav on the root path +prefix = "" +chunk_folder = "/var/tmp/reva/chunks" +# for user lookups +# prefix the path of requests to /dav/files with this namespace +# While owncloud has only listed usernames at this endpoint CERN has +# been exposing more than just usernames. For owncloud deployments we +# can prefix the path to jail the requests to the correct CS3 namespace. +# In this deployment we mounted the owncloud storage provider at /users. It +# expects a username as the first path segment. +# currently, only the desktop client will use this endpoint, but only if +# the dav.chunking capability is available +# TODO implement a path wrapper that rewrites `` into the path +# layout for the users home? +# no, use GetHome? +# for eos we need to rewrite the path +# TODO strip the username from the path so the CS3 namespace can be mounted +# at the files/ endpoint? what about migration? separate reva instance +files_namespace = "/users" + +# similar to the dav/files endpoint we can configure a prefix for the old webdav endpoint +# we use the old webdav endpoint to present the cs3 namespace +# note: this changes the tree that is rendered at remote.php/webdav from the users home to the cs3 namespace +# use webdav_namespace = "/home" to use the old namespace that only exposes the users files +# this endpoint should not affect the desktop client sync but will present different folders for the other clients: +# - the desktop clients use a hardcoded remote.php/dav/files/ if the dav.chunkung capability is present +# - the ios ios uses the core.webdav-root capability which points to remote.php/webdav in oc10 +# - the oc js sdk is hardcoded to the remote.php/webdav so it will see the new tree +# - TODO android? no sync ... but will see different tree +webdav_namespace = "/home" + +# serve /ocs which contains the sharing and user provisioning api of owncloud classic +[http.services.ocs] + +[http.services.ocs.capabilities.capabilities.core.status] +version = "10.0.11.5" +versionstring = "10.0.11" + +[http.services.ocs.capabilities.capabilities.files_sharing] +api_enabled = true +resharing = true +group_sharing = true +auto_accept_share = true +share_with_group_members_only = true +share_with_membership_groups_only = true +default_permissions = 22 +search_min_length = 3 + +[http.services.ocs.capabilities.capabilities.files_sharing.public] +enabled = true +send_mail = true +social_share = true +upload = true +multiple = true +supports_upload_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.password] +enforced = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.password.enforced_for] +read_only = true +read_write = true +upload_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.public.expire_date] +enabled = true + +[http.services.ocs.capabilities.capabilities.files_sharing.user] +send_mail = true + +[http.services.ocs.capabilities.capabilities.files_sharing.user_enumeration] +enabled = true +group_members_only = true + +[http.services.ocs.capabilities.capabilities.files_sharing.federation] +outgoing = true +incoming = true + +[http.services.ocs.capabilities.capabilities.notifications] +endpoints = [] + +[http.services.ocs.capabilities.capabilities.files.tus_support] +version = "1.0.0" +resumable = "1.0.0" +extension = "creation,creation-with-upload" +http_method_override = "" +max_chunk_size = 0 + +# serve /ocm +[http.services.ocmd] +prefix = "ocm" + +[http.middlewares.providerauthorizer] +driver = "json" + +[http.middlewares.providerauthorizer.drivers.json] +providers = "providers.demo.json" \ No newline at end of file diff --git a/tests/oc-integration-tests/local-mesh/gateway.toml b/tests/oc-integration-tests/local-mesh/gateway.toml new file mode 100644 index 0000000000..0d774e0c72 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/gateway.toml @@ -0,0 +1,80 @@ +# This config file will start a reva service that: +# - serves as a gateway for all CS3 requests +# - looks up the storageprovider using a storageregistry +# - looks up the authprovider using an authregistry +# - serves the gateway on grpc port 19000 +# - serves http datagateway on port 19001 +# - /data - datagateway: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[grpc] +address = "0.0.0.0:39000" + +[grpc.services.gateway] +# registries +authregistrysvc = "localhost:39000" +storageregistrysvc = "localhost:39000" +# user metadata +preferencessvc = "localhost:38000" +userprovidersvc = "localhost:38000" +groupprovidersvc = "localhost:38000" +# an approvider lives on "localhost:38000" as well, see users.toml +# sharing +usershareprovidersvc = "localhost:37000" +publicshareprovidersvc = "localhost:37000" +# ocm +ocmcoresvc = "localhost:34000" +ocmshareprovidersvc = "localhost:34000" +ocminvitemanagersvc = "localhost:34000" +ocmproviderauthorizersvc = "localhost:34000" +# other +commit_share_to_storage_grant = true +commit_share_to_storage_ref = true +share_folder = "Shares" +datagateway = "http://localhost:39001/data" +transfer_shared_secret = "replace-me-with-a-transfer-secret" # for direct uploads +transfer_expires = 6 # give it a moment +#disable_home_creation_on_login = true +link_grants_file = "/var/tmp/reva/link_grants_file.json" + +[grpc.services.authregistry] +driver = "static" + +[grpc.services.authregistry.drivers.static.rules] +publicshares = "localhost:37000" # started with the shares.toml +basic = "localhost:38000" # started with the users.toml + +[grpc.services.storageregistry] +driver = "static" + +[grpc.services.storageregistry.drivers.static] +home_provider = "/home" + +[grpc.services.storageregistry.drivers.static.rules] + +# mount a home storage provider that uses a context based path wrapper +# to jail users into their home dir +"/home" = {"address" = "localhost:32000"} + +# mount a storage provider without a path wrapper for direct access to users. +"/users" = {"address" = "localhost:31000"} +"123e4567-e89b-12d3-a456-426655440000" = {"address" = "localhost:31000"} + +# the /virtual namespace is only accessible via the frontend-global service +"/virtual/[a-k]" = {"address" = "localhost:31100"} +"virtual-a-k" = {"address" = "localhost:31100"} +"/virtual/[l-z]" = {"address" = "localhost:31110"} +"virtual-l-z" = {"address" = "localhost:31110"} + +# another mount point might be "/projects/" + +"/public" = {"address" = "localhost:33000"} + +[http] +address = "0.0.0.0:39001" + +[http.services.datagateway] +transfer_shared_secret = "replace-me-with-a-transfer-secret" diff --git a/tests/oc-integration-tests/local-mesh/ldap-users.toml b/tests/oc-integration-tests/local-mesh/ldap-users.toml new file mode 100644 index 0000000000..5d68fc7f62 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/ldap-users.toml @@ -0,0 +1,72 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 18000 + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:38000" + +[grpc.services.authprovider] +auth_manager = "ldap" + +[grpc.services.authprovider.auth_managers.ldap] +hostname="localhost" +port=636 +insecure=true +base_dn="dc=owncloud,dc=com" +loginfilter="(&(objectclass=posixAccount)(|(cn={{login}}))(uid={{login}}))" +bind_username="cn=admin,dc=owncloud,dc=com" +bind_password="admin" +idp="http://localhost:40080" + +[grpc.services.authprovider.auth_managers.ldap.schema] +uid="uid" +displayName="displayName" +dn="dn" +cn="cn" + +[grpc.services.userprovider] +driver = "ldap" + +[grpc.services.userprovider.drivers.ldap] +hostname="localhost" +port=636 +insecure=true +base_dn="dc=owncloud,dc=com" +userfilter="(&(objectclass=posixAccount)(|(uid={{.OpaqueId}})(cn={{.OpaqueId}})))" +findfilter="(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))" +attributefilter="(&(objectclass=posixAccount)({{attr}}={{value}}))" +groupfilter="(&(objectclass=posixGroup)(cn=*)(memberuid={{.OpaqueId}}))" +bind_username="cn=admin,dc=owncloud,dc=com" +bind_password="admin" +idp="http://localhost:40080" + +[grpc.services.userprovider.drivers.ldap.schema] +uid="uid" +displayName="displayName" +dn="dn" +cn="cn" + +[grpc.services.groupprovider] +driver = "ldap" + +[grpc.services.groupprovider.drivers.ldap] +hostname="localhost" +port=636 +insecure=true +base_dn="dc=owncloud,dc=com" +groupfilter="(&(objectclass=posixGroup)(|(gid={{.OpaqueId}})(cn={{.OpaqueId}})))" +findfilter="(&(objectclass=posixGroup)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))" +attributefilter="(&(objectclass=posixGroup)({{attr}}={{value}}))" +memberfilter="(&(objectclass=posixAccount)(cn={{.OpaqueId}}))" +bind_username="cn=admin,dc=owncloud,dc=com" +bind_password="admin" +idp="http://localhost:40080" + +[grpc.services.groupprovider.drivers.ldap.schema] +gid="cn" +displayName="cn" +dn="dn" +cn="cn" diff --git a/tests/oc-integration-tests/local-mesh/ocmd.toml b/tests/oc-integration-tests/local-mesh/ocmd.toml new file mode 100644 index 0000000000..6ba13403e6 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/ocmd.toml @@ -0,0 +1,30 @@ +# This config file will start a reva service that: +# - serves user and public link shares + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:34000" + +[grpc.services.ocmcore] +driver = "json" + +# Note that ocmcore and ocmshareprovider should use the same file for storing the shares. +[grpc.services.ocmcore.drivers.json] +file = "/var/tmp/reva/shares_server_2.json" + +[grpc.services.ocminvitemanager] +driver = "json" + +[grpc.services.ocmshareprovider] +driver = "json" + +[grpc.services.ocmshareprovider.drivers.json] +file = "/var/tmp/reva/shares_server_2.json" + +[grpc.services.ocmproviderauthorizer] +driver = "json" + +[grpc.services.ocmproviderauthorizer.drivers.json] +providers = "providers.demo.json" diff --git a/tests/oc-integration-tests/local-mesh/providers.demo.json b/tests/oc-integration-tests/local-mesh/providers.demo.json new file mode 100644 index 0000000000..c7d93d7283 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/providers.demo.json @@ -0,0 +1,100 @@ +[ + { + "name": "local", + "full_name": "ownCloud@Example", + "organization": "Example", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example Open Cloud Mesh API" + }, + "name": "Example - OCM API", + "path": "http://127.0.0.1:20080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example Webdav API" + }, + "name": "Example - Webdav API", + "path": "http://127.0.0.1:20080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example GRPC Gateway" + }, + "name": "Example - GRPC Gateway", + "path": "127.0.0.1:19000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:19000" + } + ] + }, + { + "name": "local-mesh", + "full_name": "ownCloud@Example2", + "organization": "Example 2", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage 2.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example 2 Open Cloud Mesh API" + }, + "name": "Example 2 - OCM API", + "path": "http://127.0.0.1:40080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example 2 Webdav API" + }, + "name": "Example 2 - Webdav API", + "path": "http://127.0.0.1:40080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example 2 GRPC Gateway" + }, + "name": "Example 2 - GRPC Gateway", + "path": "127.0.0.1:39000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:39000" + } + ] + } +] diff --git a/tests/oc-integration-tests/local-mesh/shares.toml b/tests/oc-integration-tests/local-mesh/shares.toml new file mode 100644 index 0000000000..29114c0ef1 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/shares.toml @@ -0,0 +1,20 @@ +# This config file will start a reva service that: +# - serves user and public link shares + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:37000" + +[grpc.services.usershareprovider] +driver = "memory" + +[grpc.services.authprovider] +auth_manager = "publicshares" + +[grpc.services.authprovider.auth_managers.publicshares] +gateway_addr = "0.0.0.0:39000" + +[grpc.services.publicshareprovider.drivers.json] +file = "/var/tmp/reva/publicshares.json" diff --git a/tests/oc-integration-tests/local-mesh/storage-home.toml b/tests/oc-integration-tests/local-mesh/storage-home.toml new file mode 100644 index 0000000000..52234be435 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/storage-home.toml @@ -0,0 +1,50 @@ +# This config file will start a reva service that: +# - uses the ocis driver to serve users, jailed into their home (/home) +# - serves the home storage provider on grpc port 12000 +# - serves http dataprovider for this storage on port 12001 +# - /data - dataprovider: file up and download +# +# The home storage will inject the username into the path and jail users into +# their home directory + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + + +[grpc] +address = "0.0.0.0:32000" + +# This is a storage provider that grants direct access to the wrapped storage +# the context path wrapper reads the username from the context and prefixes the relative storage path with it +[grpc.services.storageprovider] +driver = "ocis" +mount_path = "/home" +mount_id = "123e4567-e89b-12d3-a456-426655440000" +expose_data_server = true +data_server_url = "http://localhost:12001/data" +enable_home_creation = true + +[grpc.services.storageprovider.drivers.ocis] +root = "/var/tmp/reva/data" +enable_home = true +treetime_accounting = true +treesize_accounting = true +#user_layout = +# do we need owner for users? +#owner = 95cb8724-03b2-11eb-a0a6-c33ef8ef53ad + + +# we have a locally running dataprovider +[http] +address = "0.0.0.0:32001" + +[http.services.dataprovider] +driver = "ocis" +temp_folder = "/var/tmp/reva/tmp" + +[http.services.dataprovider.drivers.ocis] +root = "/var/tmp/reva/data" +enable_home = true +treetime_accounting = true +treesize_accounting = true diff --git a/tests/oc-integration-tests/local-mesh/storage-local-1.toml b/tests/oc-integration-tests/local-mesh/storage-local-1.toml new file mode 100644 index 0000000000..630e6ebc01 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/storage-local-1.toml @@ -0,0 +1,46 @@ +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[a-k]) +# - serves the storage provider on grpc port 11100 +# - serves http dataprovider for this storage on port 11101 +# - /data - dataprovider: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[grpc] +address = "0.0.0.0:31100" + +# This is a storage provider that grants direct access to the wrapped storage +# we have a locally running dataprovider +[grpc.services.storageprovider] +driver = "ocis" +mount_path = "/virtual" +mount_id = "virtual-a-k" +expose_data_server = true +data_server_url = "http://localhost:31101/data" + +[grpc.services.storageprovider.drivers.ocis] +root = "/var/tmp/reva/data-local-1" +owner = "4c510ada-c86b-4815-8820-42cdf82c3d51" +owner_idp = "http://localhost:40080" +owner_type = "USER_TYPE_PRIMARY" +enable_home = false +treetime_accounting = true +treesize_accounting = true + +[http] +address = "0.0.0.0:31101" + +[http.services.dataprovider] +driver = "ocis" +temp_folder = "/var/tmp/reva/tmp" + +[http.services.dataprovider.drivers.ocis] +root = "/var/tmp/reva/data-local-1" +owner = "4c510ada-c86b-4815-8820-42cdf82c3d51" +owner_idp = "http://localhost:40080" +owner_type = "USER_TYPE_PRIMARY" +enable_home = false +treetime_accounting = true +treesize_accounting = true diff --git a/tests/oc-integration-tests/local-mesh/storage-local-2.toml b/tests/oc-integration-tests/local-mesh/storage-local-2.toml new file mode 100644 index 0000000000..f2de3a3642 --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/storage-local-2.toml @@ -0,0 +1,46 @@ +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[l-z]) +# - serves the storage provider on grpc port 11110 +# - serves http dataprovider for this storage on port 11111 +# - /data - dataprovider: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[grpc] +address = "0.0.0.0:31110" + +# This is a storage provider that grants direct access to the wrapped storage +# we have a locally running dataprovider +[grpc.services.storageprovider] +driver = "ocis" +mount_path = "/virtual" +mount_id = "virtual-l-z" +expose_data_server = true +data_server_url = "http://localhost:31111/data" + +[grpc.services.storageprovider.drivers.ocis] +root = "/var/tmp/reva/data-local-2" +owner = "4c510ada-c86b-4815-8820-42cdf82c3d51" +owner_idp = "http://localhost:40080" +owner_type = "USER_TYPE_PRIMARY" +enable_home = false +treetime_accounting = true +treesize_accounting = true + +[http] +address = "0.0.0.0:31111" + +[http.services.dataprovider] +driver = "ocis" +temp_folder = "/var/tmp/reva/tmp" + +[http.services.dataprovider.drivers.ocis] +root = "/var/tmp/reva/data-local-2" +owner = "4c510ada-c86b-4815-8820-42cdf82c3d51" +owner_idp = "http://localhost:40080" +owner_type = "USER_TYPE_PRIMARY" +enable_home = false +treetime_accounting = true +treesize_accounting = true diff --git a/tests/oc-integration-tests/local-mesh/storage-publiclink.toml b/tests/oc-integration-tests/local-mesh/storage-publiclink.toml new file mode 100644 index 0000000000..835508719c --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/storage-publiclink.toml @@ -0,0 +1,15 @@ +# This config file will start a reva service that: +# - serves the public storage provider on grpc port 13000 + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + +[grpc] +address = "0.0.0.0:33000" + +# This is a storage provider that grants direct access to the wrapped storage +# we have a locally running dataprovider +[grpc.services.publicstorageprovider] +mount_path = "/public/" +gateway_addr = "0.0.0.0:39000" diff --git a/tests/oc-integration-tests/local-mesh/storage-users.toml b/tests/oc-integration-tests/local-mesh/storage-users.toml new file mode 100644 index 0000000000..ad8f997bfa --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/storage-users.toml @@ -0,0 +1,40 @@ +# This config file will start a reva service that: +# - uses the ocis driver to serve users (/users) +# - serves the storage provider on grpc port 11000 +# - serves http dataprovider for this storage on port 11001 +# - /data - dataprovider: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:39000" + +[grpc] +address = "0.0.0.0:31000" + +# This is a storage provider that grants direct access to the wrapped storage +# we have a locally running dataprovider +[grpc.services.storageprovider] +driver = "ocis" +mount_path = "/users" +mount_id = "123e4567-e89b-12d3-a456-426655440000" +expose_data_server = true +data_server_url = "http://localhost:31001/data" + +[grpc.services.storageprovider.drivers.ocis] +root = "/var/tmp/reva/data" +enable_home = false +treetime_accounting = true +treesize_accounting = true + +[http] +address = "0.0.0.0:31001" + +[http.services.dataprovider] +driver = "ocis" +temp_folder = "/var/tmp/reva/tmp" + +[http.services.dataprovider.drivers.ocis] +root = "/var/tmp/reva/data" +enable_home = false +treetime_accounting = true +treesize_accounting = true diff --git a/tests/oc-integration-tests/local-mesh/users.demo.json b/tests/oc-integration-tests/local-mesh/users.demo.json new file mode 100644 index 0000000000..8e1d2f09dc --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/users.demo.json @@ -0,0 +1,38 @@ +[ + { + "id": { + "opaque_id": "4c510ada-c86b-4815-8820-42cdf82c3d51", + "idp": "http://localhost:40080", + "type": 1 + }, + "username": "einstein", + "secret": "relativity", + "mail": "einstein@example.org", + "display_name": "Albert Einstein", + "groups": ["sailing-lovers", "violin-haters", "physics-lovers"] + }, + { + "id": { + "opaque_id": "f7fbf8c8-139b-4376-b307-cf0a8c2d0d9c", + "idp": "http://localhost:40080", + "type": 1 + }, + "username": "marie", + "secret": "radioactivity", + "mail": "marie@example.org", + "display_name": "Marie Curie", + "groups": ["radium-lovers", "polonium-lovers", "physics-lovers"] + }, + { + "id": { + "opaque_id": "932b4540-8d16-481e-8ef4-588e4b6b151c", + "idp": "http://localhost:40080", + "type": 1 + }, + "username": "richard", + "secret": "superfluidity", + "mail": "richard@example.org", + "display_name": "Richard Feynman", + "groups": ["quantum-lovers", "philosophy-haters", "physics-lovers"] + } +] diff --git a/tests/oc-integration-tests/local-mesh/users.toml b/tests/oc-integration-tests/local-mesh/users.toml new file mode 100644 index 0000000000..f6b6c5acdc --- /dev/null +++ b/tests/oc-integration-tests/local-mesh/users.toml @@ -0,0 +1,21 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 38000 + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:38000" + +[grpc.services.authprovider] +auth_manager = "json" + +[grpc.services.authprovider.auth_managers.json] +users = "users.demo.json" + +[grpc.services.userprovider] +driver = "json" + +[grpc.services.userprovider.drivers.json] +users = "users.demo.json" diff --git a/tests/oc-integration-tests/local/Readme.md b/tests/oc-integration-tests/local/Readme.md new file mode 100644 index 0000000000..4756c4bb2c --- /dev/null +++ b/tests/oc-integration-tests/local/Readme.md @@ -0,0 +1,7 @@ +# Local deployment of reva + +## Notable Services +`frontend-global.toml` serves all HTTP services on 20180 with a global namespace on the `/webdav` and `/dav/users/{username}` endpoints. This mimics the cernbox deployment. +`frontend.toml` serves all HTTP services on 20080, jailing users into their home on the `/webdav` and `/dav/users/{username}` endpoints. This mimics the classic ownCloud. + +Use either `users.toml` or `users-ldap.toml`. You cannot use both at the same time. \ No newline at end of file diff --git a/tests/oc-integration-tests/local/frontend-global.toml b/tests/oc-integration-tests/local/frontend-global.toml index f6a68a090c..2cff52525d 100644 --- a/tests/oc-integration-tests/local/frontend-global.toml +++ b/tests/oc-integration-tests/local/frontend-global.toml @@ -1,26 +1,13 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# This frontend-global.toml config file will start a reva service that: +# This config file will start a reva service that: # - serves as the entrypoint for owncloud APIs but with a globally accessible namespace. # - serves http endpoints on port 20180 # - / --------------- ocdav # - /ocs ------------ ocs -# - /oauth2 --------- oidcprovider -# - /.well-known ---- wellknown service to announce openid-configuration # - TODO(diocas): ocm -# - authenticates requests using oidc bearer auth and basic auth as fallback -# - serves the grpc services on port 20199 -[grpc] -address = "0.0.0.0:20199" - -[grpc.services.authprovider] -auth_manager = "oidc" -# If you want to use your own openid provider change this config -[grpc.services.authprovider.auth_managers.oidc] -issuer = "http://localhost:20180" +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" [http] address = "0.0.0.0:20180" @@ -115,3 +102,13 @@ resumable = "1.0.0" extension = "creation,creation-with-upload" http_method_override = "" max_chunk_size = 0 + +# serve /ocm +[http.services.ocmd] +prefix = "ocm" + +[http.middlewares.providerauthorizer] +driver = "json" + +[http.middlewares.providerauthorizer.drivers.json] +providers = "providers.demo.json" \ No newline at end of file diff --git a/tests/oc-integration-tests/local/frontend.toml b/tests/oc-integration-tests/local/frontend.toml index 7350e7b2a9..97536ddd71 100644 --- a/tests/oc-integration-tests/local/frontend.toml +++ b/tests/oc-integration-tests/local/frontend.toml @@ -1,26 +1,14 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# This frontend.toml config file will start a reva service that: +# This config file will start a reva service that: # - serves as the entrypoint for owncloud APIs. +# - jails users into their home folder as in owncloud classic # - serves http endpoints on port 20080 # - / --------------- ocdav # - /ocs ------------ ocs -# - /oauth2 --------- oidcprovider -# - /.well-known ---- wellknown service to announce openid-configuration # - TODO(diocas): ocm -# - authenticates requests using oidc bearer auth and basic auth as fallback -# - serves the grpc services on port 20099 -[grpc] -address = "0.0.0.0:20099" - -[grpc.services.authprovider] -auth_manager = "oidc" -# If you want to use your own openid provider change this config -[grpc.services.authprovider.auth_managers.oidc] -issuer = "http://localhost:20080" +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" [http] address = "0.0.0.0:20080" @@ -60,6 +48,7 @@ files_namespace = "/users" # - TODO android? no sync ... but will see different tree webdav_namespace = "/home" +# serve /ocs which contains the sharing and user provisioning api of owncloud classic [http.services.ocs] [http.services.ocs.capabilities.capabilities.core.status] @@ -115,3 +104,13 @@ resumable = "1.0.0" extension = "creation,creation-with-upload" http_method_override = "" max_chunk_size = 0 + +# serve /ocm +[http.services.ocmd] +prefix = "ocm" + +[http.middlewares.providerauthorizer] +driver = "json" + +[http.middlewares.providerauthorizer.drivers.json] +providers = "providers.demo.json" \ No newline at end of file diff --git a/tests/oc-integration-tests/local/gateway.toml b/tests/oc-integration-tests/local/gateway.toml index 717bc766ca..bdd0e33566 100644 --- a/tests/oc-integration-tests/local/gateway.toml +++ b/tests/oc-integration-tests/local/gateway.toml @@ -1,14 +1,15 @@ -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# This gateway.toml config file will start a reva service that: -# - serves as a gateway for all requests +# This config file will start a reva service that: +# - serves as a gateway for all CS3 requests # - looks up the storageprovider using a storageregistry # - looks up the authprovider using an authregistry # - serves the gateway on grpc port 19000 # - serves http datagateway on port 19001 # - /data - datagateway: file up and download + +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + [grpc] address = "0.0.0.0:19000" @@ -25,10 +26,10 @@ groupprovidersvc = "localhost:18000" usershareprovidersvc = "localhost:17000" publicshareprovidersvc = "localhost:17000" # ocm -ocmcoresvc = "localhost:13000" -ocmshareprovidersvc = "localhost:13000" -ocminvitemanagersvc = "localhost:13000" -ocmproviderauthorizersvc = "localhost:13000" +ocmcoresvc = "localhost:14000" +ocmshareprovidersvc = "localhost:14000" +ocminvitemanagersvc = "localhost:14000" +ocmproviderauthorizersvc = "localhost:14000" # other commit_share_to_storage_grant = true commit_share_to_storage_ref = true @@ -45,7 +46,6 @@ driver = "static" [grpc.services.authregistry.drivers.static.rules] publicshares = "localhost:17000" # started with the shares.toml basic = "localhost:18000" # started with the users.toml -bearer = "localhost:20099" # started with the frontend.toml [grpc.services.storageregistry] driver = "static" diff --git a/tests/oc-integration-tests/local/ldap-users.toml b/tests/oc-integration-tests/local/ldap-users.toml index d068a0eaca..8d4fb9a5e5 100644 --- a/tests/oc-integration-tests/local/ldap-users.toml +++ b/tests/oc-integration-tests/local/ldap-users.toml @@ -1,9 +1,10 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 18000 + [shared] jwt_secret = "Pive-Fumkiu4" -# This users.toml config file will start a reva service that: -# - handles user metadata and user preferences -# - serves the grpc services on port 18000 [grpc] address = "0.0.0.0:18000" @@ -18,7 +19,7 @@ base_dn="dc=owncloud,dc=com" loginfilter="(&(objectclass=posixAccount)(|(cn={{login}}))(uid={{login}}))" bind_username="cn=admin,dc=owncloud,dc=com" bind_password="admin" -idp="http://localhost:18000" +idp="http://localhost:20080" [grpc.services.authprovider.auth_managers.ldap.schema] uid="uid" displayName="displayName" @@ -39,7 +40,7 @@ attributefilter="(&(objectclass=posixAccount)({{attr}}={{value}}))" groupfilter="(&(objectclass=posixGroup)(cn=*)(memberuid={{.OpaqueId}}))" bind_username="cn=admin,dc=owncloud,dc=com" bind_password="admin" -idp="http://localhost:18000" +idp="http://localhost:20080" [grpc.services.userprovider.drivers.ldap.schema] uid="uid" @@ -61,7 +62,7 @@ attributefilter="(&(objectclass=posixGroup)({{attr}}={{value}}))" memberfilter="(&(objectclass=posixAccount)(cn={{.OpaqueId}}))" bind_username="cn=admin,dc=owncloud,dc=com" bind_password="admin" -idp="http://localhost:18000" +idp="http://localhost:20080" [grpc.services.groupprovider.drivers.ldap.schema] gid="cn" diff --git a/tests/oc-integration-tests/local/ocmd.toml b/tests/oc-integration-tests/local/ocmd.toml new file mode 100644 index 0000000000..b89d23318d --- /dev/null +++ b/tests/oc-integration-tests/local/ocmd.toml @@ -0,0 +1,30 @@ +# This config file will start a reva service that: +# - serves user and public link shares + +[shared] +jwt_secret = "Pive-Fumkiu4" + +[grpc] +address = "0.0.0.0:14000" + +[grpc.services.ocmcore] +driver = "json" + +# Note that ocmcore and ocmshareprovider should use the same file for storing the shares. +[grpc.services.ocmcore.drivers.json] +file = "/var/tmp/reva/shares_server_1.json" + +[grpc.services.ocminvitemanager] +driver = "json" + +[grpc.services.ocmshareprovider] +driver = "json" + +[grpc.services.ocmshareprovider.drivers.json] +file = "/var/tmp/reva/shares_server_1.json" + +[grpc.services.ocmproviderauthorizer] +driver = "json" + +[grpc.services.ocmproviderauthorizer.drivers.json] +providers = "providers.demo.json" diff --git a/tests/oc-integration-tests/local/providers.demo.json b/tests/oc-integration-tests/local/providers.demo.json new file mode 100644 index 0000000000..c7d93d7283 --- /dev/null +++ b/tests/oc-integration-tests/local/providers.demo.json @@ -0,0 +1,100 @@ +[ + { + "name": "local", + "full_name": "ownCloud@Example", + "organization": "Example", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example Open Cloud Mesh API" + }, + "name": "Example - OCM API", + "path": "http://127.0.0.1:20080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example Webdav API" + }, + "name": "Example - Webdav API", + "path": "http://127.0.0.1:20080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:20080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example GRPC Gateway" + }, + "name": "Example - GRPC Gateway", + "path": "127.0.0.1:19000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:19000" + } + ] + }, + { + "name": "local-mesh", + "full_name": "ownCloud@Example2", + "organization": "Example 2", + "domain": "example.org", + "homepage": "http://example.org", + "description": "Example cloud storage 2.", + "services": [ + { + "endpoint": { + "type": { + "name": "OCM", + "description": "Example 2 Open Cloud Mesh API" + }, + "name": "Example 2 - OCM API", + "path": "http://127.0.0.1:40080/ocm/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Webdav", + "description": "Example 2 Webdav API" + }, + "name": "Example 2 - Webdav API", + "path": "http://127.0.0.1:40080/remote.php/webdav/", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "http://127.0.0.1:40080/" + }, + { + "endpoint": { + "type": { + "name": "Gateway", + "description": "Example 2 GRPC Gateway" + }, + "name": "Example 2 - GRPC Gateway", + "path": "127.0.0.1:39000", + "is_monitored": true + }, + "api_version": "0.0.1", + "host": "127.0.0.1:39000" + } + ] + } +] diff --git a/tests/oc-integration-tests/local/shares.toml b/tests/oc-integration-tests/local/shares.toml index c06cd186ee..46778cf4e0 100644 --- a/tests/oc-integration-tests/local/shares.toml +++ b/tests/oc-integration-tests/local/shares.toml @@ -1,8 +1,9 @@ +# This config file will start a reva service that: +# - serves user and public link shares + [shared] jwt_secret = "Pive-Fumkiu4" -# GRPC: -# - serves user and public link shares [grpc] address = "0.0.0.0:17000" diff --git a/tests/oc-integration-tests/local/storage-home.toml b/tests/oc-integration-tests/local/storage-home.toml index 394892536d..03b4d6ab6f 100644 --- a/tests/oc-integration-tests/local/storage-home.toml +++ b/tests/oc-integration-tests/local/storage-home.toml @@ -1,10 +1,5 @@ -# This storage-home.toml config file will start a reva service that: -[shared] -jwt_secret = "Pive-Fumkiu4" -gatewaysvc = "localhost:19000" - -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth +# This config file will start a reva service that: +# - uses the ocis driver to serve users, jailed into their home (/home) # - serves the home storage provider on grpc port 12000 # - serves http dataprovider for this storage on port 12001 # - /data - dataprovider: file up and download @@ -12,6 +7,11 @@ gatewaysvc = "localhost:19000" # The home storage will inject the username into the path and jail users into # their home directory +[shared] +jwt_secret = "Pive-Fumkiu4" +gatewaysvc = "localhost:19000" + + [grpc] address = "0.0.0.0:12000" diff --git a/tests/oc-integration-tests/local/storage-local-1.toml b/tests/oc-integration-tests/local/storage-local-1.toml index 6e688e1a19..1da9f21830 100644 --- a/tests/oc-integration-tests/local/storage-local-1.toml +++ b/tests/oc-integration-tests/local/storage-local-1.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[a-k]) +# - serves the storage provider on grpc port 11100 +# - serves http dataprovider for this storage on port 11101 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11100" diff --git a/tests/oc-integration-tests/local/storage-local-2.toml b/tests/oc-integration-tests/local/storage-local-2.toml index fb1e035c8c..80ffeee065 100644 --- a/tests/oc-integration-tests/local/storage-local-2.toml +++ b/tests/oc-integration-tests/local/storage-local-2.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve one half of a virtual view folder (/virtual/[l-z]) +# - serves the storage provider on grpc port 11110 +# - serves http dataprovider for this storage on port 11111 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11110" diff --git a/tests/oc-integration-tests/local/storage-publiclink.toml b/tests/oc-integration-tests/local/storage-publiclink.toml index 7914b773c6..07696c826b 100644 --- a/tests/oc-integration-tests/local/storage-publiclink.toml +++ b/tests/oc-integration-tests/local/storage-publiclink.toml @@ -1,4 +1,6 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - serves the public storage provider on grpc port 13000 + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" diff --git a/tests/oc-integration-tests/local/storage-users.toml b/tests/oc-integration-tests/local/storage-users.toml index c2d4d0abf4..d2023fc72a 100644 --- a/tests/oc-integration-tests/local/storage-users.toml +++ b/tests/oc-integration-tests/local/storage-users.toml @@ -1,13 +1,13 @@ -# This storage.toml config file will start a reva service that: +# This config file will start a reva service that: +# - uses the ocis driver to serve users (/users) +# - serves the storage provider on grpc port 11000 +# - serves http dataprovider for this storage on port 11001 +# - /data - dataprovider: file up and download + [shared] jwt_secret = "Pive-Fumkiu4" gatewaysvc = "localhost:19000" -# - authenticates grpc storage provider requests using the internal jwt token -# - authenticates http upload and download requests requests using basic auth -# - serves the storage provider on grpc port 11000 -# - serves http dataprovider for this storage on port 11001 -# - /data - dataprovider: file up and download [grpc] address = "0.0.0.0:11000" diff --git a/tests/oc-integration-tests/local/users.toml b/tests/oc-integration-tests/local/users.toml index 7b24885c56..6f849bf6a8 100644 --- a/tests/oc-integration-tests/local/users.toml +++ b/tests/oc-integration-tests/local/users.toml @@ -1,9 +1,10 @@ +# This config file will start a reva service that: +# - handles user metadata and user preferences +# - serves the grpc services on port 18000 + [shared] jwt_secret = "Pive-Fumkiu4" -# This users.toml config file will start a reva service that: -# - handles user metadata and user preferences -# - serves the grpc services on port 18000 [grpc] address = "0.0.0.0:18000"