Skip to content
This repository has been archived by the owner on Jan 18, 2021. It is now read-only.

Commit

Permalink
new ocis config
Browse files Browse the repository at this point in the history
Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
  • Loading branch information
butonic committed Mar 17, 2020
1 parent 37972e9 commit 20bf573
Show file tree
Hide file tree
Showing 8 changed files with 32 additions and 43 deletions.
5 changes: 5 additions & 0 deletions changelog/unreleased/fix-typos.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
Bugfix: we fixed a typo in the `REVA_LDAP_SCHEMA_MAIL` environment variable.

It was misspelled as `REVA_LDAP_SCHEMA_Mail`.

https://github.com/owncloud/ocis-reva/pull/xxx
2 changes: 1 addition & 1 deletion changelog/unreleased/issue-6.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,6 @@ Change: start multiple services with dedicated commands

The initial version would only allow us to use a set of reva configurations to start multiple services.
We use a more opinionated set of commands to start dedicated services that allows us to configure them individually.
It allowcs us to switch eg. the user backend to LDAP and fully it on the cli.
It allows us to switch eg. the user backend to LDAP and fully use it on the cli.

https://github.com/owncloud/ocis-reva/issues/6
10 changes: 10 additions & 0 deletions changelog/unreleased/new-ocis-config.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
Change: default to running behind ocis-proxy

We changed the default configuration to integrate better with ocis.

- We use ocis-glauth as the default ldap server on port 9125 with base `dc=example,dc=org`.
- We use a dedicated technical `reva` user to make ldap binds
- Clients are supposed to use the ocis-proxy endpoint `https://localhost:9200`
- We removed unneeded ocis configuration from the frontend which no longer serves an oidc provider.

https://github.com/owncloud/ocis-reva/pull/xxx
12 changes: 6 additions & 6 deletions pkg/flagset/authbasic.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {

&cli.StringFlag{
Name: "users-driver",
Value: "demo",
Value: "ldap",
Usage: "user driver: 'demo', 'json' or 'ldap'",
EnvVars: []string{"REVA_USERS_DRIVER"},
Destination: &cfg.Reva.Users.Driver,
Expand All @@ -110,14 +110,14 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
},
&cli.IntFlag{
Name: "ldap-port",
Value: 636,
Value: 9125,
Usage: "LDAP port",
EnvVars: []string{"REVA_LDAP_PORT"},
Destination: &cfg.Reva.LDAP.Port,
},
&cli.StringFlag{
Name: "ldap-base-dn",
Value: "dc=owncloud,dc=com",
Value: "dc=example,dc=org",
Usage: "LDAP basedn",
EnvVars: []string{"REVA_LDAP_BASE_DN"},
Destination: &cfg.Reva.LDAP.BaseDN,
Expand All @@ -138,14 +138,14 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
},
&cli.StringFlag{
Name: "ldap-bind-dn",
Value: "cn=admin,dc=owncloud,dc=com",
Value: "cn=reva,ou=sysusers,dc=example,dc=org",
Usage: "LDAP bind dn",
EnvVars: []string{"REVA_LDAP_BIND_DN"},
Destination: &cfg.Reva.LDAP.BindDN,
},
&cli.StringFlag{
Name: "ldap-bind-password",
Value: "admin",
Value: "reva",
Usage: "LDAP bind password",
EnvVars: []string{"REVA_LDAP_BIND_PASSWORD"},
Destination: &cfg.Reva.LDAP.BindPassword,
Expand All @@ -162,7 +162,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
Name: "ldap-schema-mail",
Value: "mail",
Usage: "LDAP schema mail",
EnvVars: []string{"REVA_LDAP_SCHEMA_Mail"},
EnvVars: []string{"REVA_LDAP_SCHEMA_MAIL"},
Destination: &cfg.Reva.LDAP.Schema.Mail,
},
&cli.StringFlag{
Expand Down
2 changes: 1 addition & 1 deletion pkg/flagset/authbearer.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {

&cli.StringFlag{
Name: "oidc-issuer",
Value: "https://localhost:9130",
Value: "https://localhost:9200",
Usage: "OIDC issuer",
EnvVars: []string{"REVA_OIDC_ISSUER"},
Destination: &cfg.Reva.OIDC.Issuer,
Expand Down
30 changes: 2 additions & 28 deletions pkg/flagset/frontend.go
Original file line number Diff line number Diff line change
Expand Up @@ -109,32 +109,6 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
Destination: &cfg.Reva.OCDav.DavFilesNamespace,
},

// OIDC

&cli.StringFlag{
Name: "oidc-issuer",
Value: "https://localhost:9130",
Usage: "OIDC issuer",
EnvVars: []string{"REVA_OIDC_ISSUER"},
Destination: &cfg.Reva.OIDC.Issuer,
},
&cli.BoolFlag{
Name: "oidc-insecure",
Value: true,
Usage: "OIDC allow insecure communication",
EnvVars: []string{"REVA_OIDC_INSECURE"},
Destination: &cfg.Reva.OIDC.Insecure,
},
&cli.StringFlag{
Name: "oidc-id-claim",
Value: "sub", // sub is stable and defined as unique. the user manager needs to take care of the sub to user metadata lookup
Usage: "OIDC id claim",
EnvVars: []string{"REVA_OIDC_ID_CLAIM"},
Destination: &cfg.Reva.OIDC.IDClaim,
},

// TODO allow configuring clients

// Services

// Frontend
Expand Down Expand Up @@ -169,8 +143,8 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag {
},
&cli.StringSliceFlag{
Name: "service",
Value: cli.NewStringSlice("datagateway", "wellknown", "oidcprovider", "ocdav", "ocs"),
Usage: "--service datagateway [--service wellknown]",
Value: cli.NewStringSlice("datagateway", "ocdav", "ocs"),
Usage: "--service ocdav [--service ocs]",
EnvVars: []string{"REVA_FRONTEND_SERVICES"},
},

Expand Down
4 changes: 2 additions & 2 deletions pkg/flagset/storageoc.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,8 @@ func StorageOCWithConfig(cfg *config.Config) []cli.Flag {
Name: "enable-home-creation",
// Value: true, // TODO jfd we may need to default to true here so the new webdav endpoint will autocreate user homes as well
Usage: "if enabled home dirs will be automatically created",
EnvVars: []string{"REVA_STORAGE_HOME_ENABLE_HOME_CREATION"},
Destination: &cfg.Reva.StorageHome.EnableHomeCreation,
EnvVars: []string{"REVA_STORAGE_OC_ENABLE_HOME_CREATION"},
Destination: &cfg.Reva.StorageOC.EnableHomeCreation,
},

// Storage drivers
Expand Down
10 changes: 5 additions & 5 deletions pkg/flagset/users.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,14 +93,14 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
},
&cli.IntFlag{
Name: "ldap-port",
Value: 636,
Value: 9125,
Usage: "LDAP port",
EnvVars: []string{"REVA_LDAP_PORT"},
Destination: &cfg.Reva.LDAP.Port,
},
&cli.StringFlag{
Name: "ldap-base-dn",
Value: "dc=owncloud,dc=com",
Value: "dc=example,dc=org",
Usage: "LDAP basedn",
EnvVars: []string{"REVA_LDAP_BASE_DN"},
Destination: &cfg.Reva.LDAP.BaseDN,
Expand All @@ -121,14 +121,14 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
},
&cli.StringFlag{
Name: "ldap-bind-dn",
Value: "cn=admin,dc=owncloud,dc=com",
Value: "cn=reva,ou=sysusers,dc=example,dc=org",
Usage: "LDAP bind dn",
EnvVars: []string{"REVA_LDAP_BIND_DN"},
Destination: &cfg.Reva.LDAP.BindDN,
},
&cli.StringFlag{
Name: "ldap-bind-password",
Value: "admin",
Value: "reva",
Usage: "LDAP bind password",
EnvVars: []string{"REVA_LDAP_BIND_PASSWORD"},
Destination: &cfg.Reva.LDAP.BindPassword,
Expand Down Expand Up @@ -204,7 +204,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {

&cli.StringFlag{
Name: "driver",
Value: "demo",
Value: "ldap",
Usage: "user driver: 'demo', 'json' or 'ldap'",
EnvVars: []string{"REVA_USERS_DRIVER"},
Destination: &cfg.Reva.Users.Driver,
Expand Down

0 comments on commit 20bf573

Please sign in to comment.