From 20bf573b8f8d0e95fec9d5ad41b01ba8bb75a2da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Tue, 17 Mar 2020 18:27:45 +0100 Subject: [PATCH] new ocis config MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/fix-typos.md | 5 +++++ changelog/unreleased/issue-6.md | 2 +- changelog/unreleased/new-ocis-config.md | 10 +++++++++ pkg/flagset/authbasic.go | 12 +++++----- pkg/flagset/authbearer.go | 2 +- pkg/flagset/frontend.go | 30 ++----------------------- pkg/flagset/storageoc.go | 4 ++-- pkg/flagset/users.go | 10 ++++----- 8 files changed, 32 insertions(+), 43 deletions(-) create mode 100644 changelog/unreleased/fix-typos.md create mode 100644 changelog/unreleased/new-ocis-config.md diff --git a/changelog/unreleased/fix-typos.md b/changelog/unreleased/fix-typos.md new file mode 100644 index 0000000..6e7cdf2 --- /dev/null +++ b/changelog/unreleased/fix-typos.md @@ -0,0 +1,5 @@ +Bugfix: we fixed a typo in the `REVA_LDAP_SCHEMA_MAIL` environment variable. + +It was misspelled as `REVA_LDAP_SCHEMA_Mail`. + +https://github.com/owncloud/ocis-reva/pull/xxx diff --git a/changelog/unreleased/issue-6.md b/changelog/unreleased/issue-6.md index 99aff1a..567c4b3 100644 --- a/changelog/unreleased/issue-6.md +++ b/changelog/unreleased/issue-6.md @@ -2,6 +2,6 @@ Change: start multiple services with dedicated commands The initial version would only allow us to use a set of reva configurations to start multiple services. We use a more opinionated set of commands to start dedicated services that allows us to configure them individually. -It allowcs us to switch eg. the user backend to LDAP and fully it on the cli. +It allows us to switch eg. the user backend to LDAP and fully use it on the cli. https://github.com/owncloud/ocis-reva/issues/6 \ No newline at end of file diff --git a/changelog/unreleased/new-ocis-config.md b/changelog/unreleased/new-ocis-config.md new file mode 100644 index 0000000..d64c39c --- /dev/null +++ b/changelog/unreleased/new-ocis-config.md @@ -0,0 +1,10 @@ +Change: default to running behind ocis-proxy + +We changed the default configuration to integrate better with ocis. + +- We use ocis-glauth as the default ldap server on port 9125 with base `dc=example,dc=org`. +- We use a dedicated technical `reva` user to make ldap binds +- Clients are supposed to use the ocis-proxy endpoint `https://localhost:9200` +- We removed unneeded ocis configuration from the frontend which no longer serves an oidc provider. + +https://github.com/owncloud/ocis-reva/pull/xxx diff --git a/pkg/flagset/authbasic.go b/pkg/flagset/authbasic.go index 8d43865..5a9e2d8 100644 --- a/pkg/flagset/authbasic.go +++ b/pkg/flagset/authbasic.go @@ -86,7 +86,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "users-driver", - Value: "demo", + Value: "ldap", Usage: "user driver: 'demo', 'json' or 'ldap'", EnvVars: []string{"REVA_USERS_DRIVER"}, Destination: &cfg.Reva.Users.Driver, @@ -110,14 +110,14 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { }, &cli.IntFlag{ Name: "ldap-port", - Value: 636, + Value: 9125, Usage: "LDAP port", EnvVars: []string{"REVA_LDAP_PORT"}, Destination: &cfg.Reva.LDAP.Port, }, &cli.StringFlag{ Name: "ldap-base-dn", - Value: "dc=owncloud,dc=com", + Value: "dc=example,dc=org", Usage: "LDAP basedn", EnvVars: []string{"REVA_LDAP_BASE_DN"}, Destination: &cfg.Reva.LDAP.BaseDN, @@ -138,14 +138,14 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringFlag{ Name: "ldap-bind-dn", - Value: "cn=admin,dc=owncloud,dc=com", + Value: "cn=reva,ou=sysusers,dc=example,dc=org", Usage: "LDAP bind dn", EnvVars: []string{"REVA_LDAP_BIND_DN"}, Destination: &cfg.Reva.LDAP.BindDN, }, &cli.StringFlag{ Name: "ldap-bind-password", - Value: "admin", + Value: "reva", Usage: "LDAP bind password", EnvVars: []string{"REVA_LDAP_BIND_PASSWORD"}, Destination: &cfg.Reva.LDAP.BindPassword, @@ -162,7 +162,7 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag { Name: "ldap-schema-mail", Value: "mail", Usage: "LDAP schema mail", - EnvVars: []string{"REVA_LDAP_SCHEMA_Mail"}, + EnvVars: []string{"REVA_LDAP_SCHEMA_MAIL"}, Destination: &cfg.Reva.LDAP.Schema.Mail, }, &cli.StringFlag{ diff --git a/pkg/flagset/authbearer.go b/pkg/flagset/authbearer.go index 51180ce..ebcd80c 100644 --- a/pkg/flagset/authbearer.go +++ b/pkg/flagset/authbearer.go @@ -86,7 +86,7 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "oidc-issuer", - Value: "https://localhost:9130", + Value: "https://localhost:9200", Usage: "OIDC issuer", EnvVars: []string{"REVA_OIDC_ISSUER"}, Destination: &cfg.Reva.OIDC.Issuer, diff --git a/pkg/flagset/frontend.go b/pkg/flagset/frontend.go index 4d47511..ac660f3 100644 --- a/pkg/flagset/frontend.go +++ b/pkg/flagset/frontend.go @@ -109,32 +109,6 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { Destination: &cfg.Reva.OCDav.DavFilesNamespace, }, - // OIDC - - &cli.StringFlag{ - Name: "oidc-issuer", - Value: "https://localhost:9130", - Usage: "OIDC issuer", - EnvVars: []string{"REVA_OIDC_ISSUER"}, - Destination: &cfg.Reva.OIDC.Issuer, - }, - &cli.BoolFlag{ - Name: "oidc-insecure", - Value: true, - Usage: "OIDC allow insecure communication", - EnvVars: []string{"REVA_OIDC_INSECURE"}, - Destination: &cfg.Reva.OIDC.Insecure, - }, - &cli.StringFlag{ - Name: "oidc-id-claim", - Value: "sub", // sub is stable and defined as unique. the user manager needs to take care of the sub to user metadata lookup - Usage: "OIDC id claim", - EnvVars: []string{"REVA_OIDC_ID_CLAIM"}, - Destination: &cfg.Reva.OIDC.IDClaim, - }, - - // TODO allow configuring clients - // Services // Frontend @@ -169,8 +143,8 @@ func FrontendWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringSliceFlag{ Name: "service", - Value: cli.NewStringSlice("datagateway", "wellknown", "oidcprovider", "ocdav", "ocs"), - Usage: "--service datagateway [--service wellknown]", + Value: cli.NewStringSlice("datagateway", "ocdav", "ocs"), + Usage: "--service ocdav [--service ocs]", EnvVars: []string{"REVA_FRONTEND_SERVICES"}, }, diff --git a/pkg/flagset/storageoc.go b/pkg/flagset/storageoc.go index 95d5f87..0c90747 100644 --- a/pkg/flagset/storageoc.go +++ b/pkg/flagset/storageoc.go @@ -176,8 +176,8 @@ func StorageOCWithConfig(cfg *config.Config) []cli.Flag { Name: "enable-home-creation", // Value: true, // TODO jfd we may need to default to true here so the new webdav endpoint will autocreate user homes as well Usage: "if enabled home dirs will be automatically created", - EnvVars: []string{"REVA_STORAGE_HOME_ENABLE_HOME_CREATION"}, - Destination: &cfg.Reva.StorageHome.EnableHomeCreation, + EnvVars: []string{"REVA_STORAGE_OC_ENABLE_HOME_CREATION"}, + Destination: &cfg.Reva.StorageOC.EnableHomeCreation, }, // Storage drivers diff --git a/pkg/flagset/users.go b/pkg/flagset/users.go index 7d5cebb..68e74ce 100644 --- a/pkg/flagset/users.go +++ b/pkg/flagset/users.go @@ -93,14 +93,14 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { }, &cli.IntFlag{ Name: "ldap-port", - Value: 636, + Value: 9125, Usage: "LDAP port", EnvVars: []string{"REVA_LDAP_PORT"}, Destination: &cfg.Reva.LDAP.Port, }, &cli.StringFlag{ Name: "ldap-base-dn", - Value: "dc=owncloud,dc=com", + Value: "dc=example,dc=org", Usage: "LDAP basedn", EnvVars: []string{"REVA_LDAP_BASE_DN"}, Destination: &cfg.Reva.LDAP.BaseDN, @@ -121,14 +121,14 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { }, &cli.StringFlag{ Name: "ldap-bind-dn", - Value: "cn=admin,dc=owncloud,dc=com", + Value: "cn=reva,ou=sysusers,dc=example,dc=org", Usage: "LDAP bind dn", EnvVars: []string{"REVA_LDAP_BIND_DN"}, Destination: &cfg.Reva.LDAP.BindDN, }, &cli.StringFlag{ Name: "ldap-bind-password", - Value: "admin", + Value: "reva", Usage: "LDAP bind password", EnvVars: []string{"REVA_LDAP_BIND_PASSWORD"}, Destination: &cfg.Reva.LDAP.BindPassword, @@ -204,7 +204,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag { &cli.StringFlag{ Name: "driver", - Value: "demo", + Value: "ldap", Usage: "user driver: 'demo', 'json' or 'ldap'", EnvVars: []string{"REVA_USERS_DRIVER"}, Destination: &cfg.Reva.Users.Driver,