simplify config

cs3org · Jan 14, 2020 · d97cc7c · d97cc7c
1 parent 042ce53
commit d97cc7c
Show file tree

Hide file tree

Showing 21 changed files with 253 additions and 192 deletions.
diff --git a/cmd/revad/runtime/runtime.go b/cmd/revad/runtime/runtime.go
@@ -33,6 +33,7 @@ import (
 	"github.com/cs3org/reva/pkg/logger"
 	"github.com/cs3org/reva/pkg/rgrpc"
 	"github.com/cs3org/reva/pkg/rhttp"
+	"github.com/cs3org/reva/pkg/sharedconf"
 	"github.com/mitchellh/mapstructure"
 	"github.com/pkg/errors"
 	"github.com/rs/zerolog"
@@ -44,6 +45,7 @@ import (
 
 // Run runs a reva server with the given config file and pid file.
 func Run(mainConf map[string]interface{}, pidFile string) {
+	parseSharedConfOrDie(mainConf["shared"])
 	coreConf := parseCoreConfOrDie(mainConf["core"])
 	logConf := parseLogConfOrDie(mainConf["log"])
 
@@ -333,6 +335,13 @@ func parseCoreConfOrDie(v interface{}) *coreConf {
 	return c
 }
 
+func parseSharedConfOrDie(v interface{}) {
+	if err := sharedconf.Decode(v); err != nil {
+		fmt.Fprintf(os.Stderr, "error decoding shared config: %s\n", err.Error())
+		os.Exit(1)
+	}
+}
+
 func parseLogConfOrDie(v interface{}) *logConf {
 	c := &logConf{}
 	if err := mapstructure.Decode(v, c); err != nil {

diff --git a/examples/separate/frontend.toml b/examples/separate/frontend.toml
@@ -1,3 +1,7 @@
+[shared]
+jwt_secret = "Pive-Fumkiu4"
+gatewaysvc = "localhost:19000"
+
 # This frontend.toml config file will start a reva service that:
 # - serves as the entrypoint for owncloud APIs.
 # - serves http endpoints on port 20080
@@ -14,60 +18,15 @@ address = "0.0.0.0:20099"
 [grpc.services.authprovider]
 auth_manager = "oidc"
 
-[grpc.services.authprovider.auth_managers.oidc]
 # If you want to use your own openid provider change this config
+[grpc.services.authprovider.auth_managers.oidc]
 issuer = "http://localhost:20080"
 
-[grpc.interceptors.auth]
-token_manager = "jwt"
-
-[grpc.interceptors.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
-
 [http]
 address = "0.0.0.0:20080"
 
-[http.middlewares.auth]
-gateway = "localhost:19000"
-credential_chain = ["basic", "bearer"]
-token_strategy = "header"
-token_writer = "header"
-token_manager = "jwt"
-
-[http.middlewares.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
-
 [http.middlewares.cors]
-allowed_origins = ["*"]
-allowed_methods = [
-	"OPTIONS",
-	"GET",
-	"PUT",
-	"POST",
-	"DELETE",
-	"MKCOL",
-	"PROPFIND",
-	"PROPPATCH",
-	"MOVE",
-	"COPY",
-	"REPORT",
-	"SEARCH"
-]
-allowed_headers = [
-	"Origin",
-	"Accept",
-	"Depth",
-	"Content-Type",
-	"X-Requested-With",
-	"Authorization",
-	"Ocs-Apirequest",
-	"If-Match",
-	"If-None-Match",
-	"Destination",
-	"Overwrite"
-]
 allow_credentials = true
-options_passthrough = false
 
 [http.services.wellknown]
 issuer = "http://localhost:20080"
@@ -81,7 +40,6 @@ userinfo_endpoint = "http://localhost:20080/oauth2/userinfo"
 
 [http.services.oidcprovider]
 prefix = "oauth2"
-gateway = "localhost:19000"
 issuer = "http://localhost:20080"
 
 [http.services.oidcprovider.clients.phoenix]
@@ -97,14 +55,12 @@ public = true # force PKCS for public clients
 prefix = ""
 chunk_folder = "/var/tmp/reva/chunks"
 # for user lookups
-gateway = "localhost:19000"
 # prefix the path of requests to /dav/files with this namespace
 # While owncloud has only listed usernames at this endpoint CERN has
 # been exposing more than just usernames. For owncloud deployments we
 # can prefix the path to jail the requests to the correct CS3 namespace.
 # In this deployment we mounted the owncloud storage provider at /oc. It
 # expects a username as the first path segment.
-files_namespace = "/oc"
 # currently, only the desktop client will use this endpoint, but only if
 # the dav.chunking capability is available
 # TODO implement a path wrapper that rewrites `<username>` into the path
@@ -113,23 +69,18 @@ files_namespace = "/oc"
 # for eos we need to rewrite the path
 # TODO strip the username from the path so the CS3 namespace can be mounted
 # at the files/<username> endpoint? what about migration? separate reva instance
+files_namespace = "/oc"
 
 # similar to the dav/files endpoint we can configure a prefix for the old webdav endpoint
 # we use the old webdav endpoint to present the cs3 namespace
-webdav_namespace = "/home"
 # note: this changes the tree that is rendered at remote.php/webdav from the users home to the cs3 namespace
 # use webdav_namespace = "/home" to use the old namespace that only exposes the users files
 # this endpoint should not affect the desktop client sync but will present different folders for the other clients:
 # - the desktop clients use a hardcoded remote.php/dav/files/<username> if the dav.chunkung capability is present
 # - the ios ios uses the core.webdav-root capability which points to remote.php/webdav in oc10
 # - the oc js sdk is hardcoded to the remote.php/webdav so it will see the new tree
 # - TODO android? no sync ... but will see different tree
-
-[http.services.ocs]
-# prefix = "ocs"
-# for user lookups and sharing
-gateway = "localhost:19000"
-
+webdav_namespace = "/home"
 
 # options for the /ocs/v1.php/config endpoint
 [http.services.ocs.config]
@@ -143,6 +94,7 @@ ssl = "false"
 [http.services.ocs.capabilities.capabilities.core]
 poll_interval = 60
 webdav_root = "remote.php/webdav"
+
 [http.services.ocs.capabilities.capabilities.core.status]
 installed = true
 maintenance = false
@@ -152,17 +104,21 @@ versionstring = "10.1.0"
 edition = "community"
 productname = "reva"
 hostname = ""
+
 [http.services.ocs.capabilities.capabilities.checksums]
 supported_types = ["SHA256"]
 preferred_upload_type = "SHA256"
+
 [http.services.ocs.capabilities.capabilities.files]
 private_links = false
 bigfilechunking = false
 blacklisted_files = []
 undelete = true
 versioning = true
+
 [http.services.ocs.capabilities.capabilities.dav]
 chunking = "1.0"
+
 [http.services.ocs.capabilities.capabilities.files_sharing]
 api_enabled = true
 resharing = true
@@ -172,31 +128,40 @@ share_with_group_members_only = true
 share_with_membership_groups_only = true
 default_permissions = 22
 search_min_length = 3
+
 [http.services.ocs.capabilities.capabilities.files_sharing.public]
 enabled = true
 send_mail = true
 social_share = true
 upload = true
 multiple = true
 supports_upload_only = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.public.password]
 enforced = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.public.password.enforced_for]
 read_only = true
 read_write = true
 upload_only = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.public.expire_date]
 enabled = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.user]
 send_mail = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.user_enumeration]
 enabled = true
 group_members_only = true
+
 [http.services.ocs.capabilities.capabilities.files_sharing.federation]
 outgoing = true
 incoming = true
+
 [http.services.ocs.capabilities.capabilities.notifications]
 endpoints = ["list", "get", "delete"]
+
 [http.services.ocs.capabilities.version]
 edition = "reva"
 major = 10

diff --git a/examples/separate/gateway.toml b/examples/separate/gateway.toml
@@ -1,3 +1,7 @@
+[shared]
+jwt_secret = "Pive-Fumkiu4"
+gatewaysvc = "localhost:19000"
+
 # This gateway.toml config file will start a reva service that:
 # - serves as a gateway for all requests
 # - looks up the storageprovider using a storageregistry
@@ -8,12 +12,6 @@
 [grpc]
 address = "0.0.0.0:19000"
 
-[grpc.interceptors.auth]
-token_manager = "jwt"
-
-[grpc.interceptors.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
-
 [grpc.services.gateway]
 # registries
 authregistrysvc = "localhost:19000"
@@ -31,20 +29,14 @@ commit_share_to_storage_grant = true
 datagateway = "http://localhost:19001/data"
 transfer_shared_secret = "replace-me-with-a-transfer-secret" # for direct uploads
 transfer_expires = 6 # give it a moment
-token_manager = "jwt"
 #disable_home_creation_on_login = true
 
-[grpc.services.gateway.token_managers.jwt]
-secret = "Pive-Fumkiu4"
-
 [grpc.services.authregistry]
 driver = "static"
 
 [grpc.services.authregistry.drivers.static.rules]
-# started with the users.toml
-basic = "localhost:18000"
-# started with the frontend.toml
-bearer = "localhost:20099"
+basic = "localhost:18000" # started with the users.toml
+bearer = "localhost:20099" # started with the frontend.toml
 
 [grpc.services.storageregistry]
 driver = "static"
@@ -57,26 +49,13 @@ home_provider = "/home"
 # to jail users into their home dir
 "/home" = "localhost:12000"
 
-# mount a storage provider without a path wrapper for direct access to files
+# mount a storage provider without a path wrapper for direct access to users.
 "/oc" = "localhost:11000"
 "123e4567-e89b-12d3-a456-426655440000" = "localhost:11000"
-
 # another mount point might be "/projects/" 
 
 [http]
 address = "0.0.0.0:19001"
 
 [http.services.datagateway]
-prefix = "data"
-gateway = "" # TODO not needed?
 transfer_shared_secret = "replace-me-with-a-transfer-secret"
-
-[http.middlewares.auth]
-gatewaysvc = "0.0.0.0:19000"
-credential_chain = ["basic", "bearer"]
-token_strategy = "header"
-token_writer = "header"
-token_manager = "jwt"
-
-[http.middlewares.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
diff --git a/examples/separate/shares.toml b/examples/separate/shares.toml
@@ -1,17 +1,13 @@
+[shared]
+jwt_secret = "Pive-Fumkiu4"
+
 # GRPC:
 # - serves user and public link shares
 [grpc]
 address = "0.0.0.0:17000"
 
-[grpc.interceptors.auth]
-token_manager = "jwt"
-
 [grpc.services.usershareprovider]
 driver = "memory"
 
 [grpc.services.publicshareprovider]
 driver = "memory"
-
-
-[grpc.interceptors.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
diff --git a/examples/separate/storage-home.toml b/examples/separate/storage-home.toml
@@ -1,4 +1,8 @@
 # This storage-home.toml config file will start a reva service that:
+[shared]
+jwt_secret = "Pive-Fumkiu4"
+gatewaysvc = "localhost:19000"
+
 # - authenticates grpc storage provider requests using the internal jwt token
 # - authenticates http upload and download requests requests using basic auth
 # - serves the home storage provider on grpc port 12000
@@ -9,55 +13,34 @@
 # their home directory
 
 [grpc]
-network = "tcp"
 address = "0.0.0.0:12000"
 
-[grpc.interceptors.auth]
-token_manager = "jwt"
-
 [grpc.interceptors.auth.token_managers.jwt]
 secret = "Pive-Fumkiu4"
 
 # This is a storage proider that grants direct acces to the wrapped storage
+# TODO same storage id as the /oc/ storage provider
+# if we have an id, we can directly go to that storage, no need to wrap paths
+# we have a locally running dataprovider
+# this is where clients can find it
+# the context path wrapper reads tho username from the context and prefixes the relative storage path with it
 [grpc.services.storageprovider]
 driver = "owncloud"
-# the context path wrapper reads tho username from the context and prefixes the relative storage path with it
-path_wrapper = "context"
 mount_path = "/home"
-# TODO same storage id as the /oc/ storage provider
-# if we have an id, we can directly go to that storage, no need to wrap paths
 mount_id = "123e4567-e89b-12d3-a456-426655440000"
-# we have a locally running dataprovider
 expose_data_server = true
-# this is where clients can find it
+path_wrapper = "context"
 data_server_url = "http://localhost:12001/data"
-
-[grpc.services.storageprovider.available_checksums]
-md5   = 100
-unset = 1000
+enable_home_creation = true
 
 [grpc.services.storageprovider.drivers.owncloud]
 datadirectory = "/var/tmp/reva/data"
 
-[grpc.services.storageprovider.path_wrappers.context]
-prefix = ""
-
 [http]
 address = "0.0.0.0:12001"
 
-[http.middlewares.auth]
-gatewaysvc = "localhost:19000"
-credential_chain = ["basic", "bearer"]
-token_strategy = "header"
-token_writer = "header"
-token_manager = "jwt"
-
-[http.middlewares.auth.token_managers.jwt]
-secret = "Pive-Fumkiu4"
-
 [http.services.dataprovider]
 driver = "owncloud"
-prefix = "data"
 temp_folder = "/var/tmp/"
 
 [http.services.dataprovider.drivers.owncloud]