WIP: tracing + refactor + gateway service. #165
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
labkode
changed the title
golangcibot
reviewed
Jul 30, 2019
golangcibot
reviewed
Jul 30, 2019
Codecov Report
@@ Coverage Diff @@
## master #165 +/- ##
=====================================
Coverage 75% 75%
=====================================
Files 2 2
Lines 40 40
=====================================
Hits 30 30
Misses 5 5
Partials 5 5
Continue to review full report at Codecov.
|
golangcibot
reviewed
Aug 8, 2019
golangcibot
reviewed
Aug 8, 2019
golangcibot
reviewed
Aug 8, 2019
butonic
requested changes
Aug 9, 2019
golangcibot
reviewed
Aug 12, 2019
cmd/revad/svcs/grpcsvcs/storageprovidersvc/storageprovidersvc.go
Outdated
Show resolved
Hide resolved
golangcibot
reviewed
Aug 12, 2019
butonic
reviewed
Aug 13, 2019
|
ok I got that you use |
butonic
approved these changes
Aug 13, 2019
There was a problem hiding this comment.
Ok, cool I have this working for basic auth using this gateway config:
# This config file will start a reva gateway that:
# - handles incoming HTTP requests
# - forwards GRPC requests to the backend
[core]
log_file = "stderr"
log_mode = "dev"
max_cpus = "100%"
#tracing_enabled = true
[log]
level = "debug"
mode = "console"
# What http services should be started?
[http]
network = "tcp"
address = "0.0.0.0:9998"
enabled_services = ["appregistrysvc", "ocdavsvc", "ocssvc", "datasvc", "preferencessvc", "prometheussvc"]
enabled_middlewares = ["cors", "auth"]
# HTTP middlewares
[http.middlewares.auth]
# directly talk to the backend for authentication to save a grpc request
gatewaysvc = "0.0.0.0:9999"
credential_strategy = "basic"
token_strategy = "header"
token_writer = "header"
token_manager = "jwt"
skip_methods = ["/status.php", "/metrics"]
[http.middlewares.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
# HTTP services
[http.services.appregistrysvc]
prefix = "appregistry"
gatewaysvc = "localhost:10000"
[http.services.preferencessvc]
prefix = "preferences"
gatewaysvc = "localhost:10000"
[http.services.iframeuisvc]
prefix = "iframe"
[http.services.webuisvc]
prefix = "ui"
[http.services.ocdavsvc]
prefix = ""
gatewaysvc = "localhost:10000"
chunk_folder = "/var/tmp/owncloud/chunks"
enable_cors = true
[http.services.ocssvc]
prefix = "ocs"
gatewaysvc = "localhost:10000"
# the list of share recipients is taken fro the user.json file
user_manager = "json"
[http.services.ocssvc.user_managers.json]
users = "/data/users.json"
[http.services.ocssvc.config]
version = "1.8"
website = "nexus"
host = "https://localhost:9998"
contact = "admin@localhost"
ssl = "true"
[http.services.ocssvc.capabilities.capabilities.core]
poll_interval = 60
webdav_root = "remote.php/webdav"
[http.services.ocssvc.capabilities.capabilities.core.status]
installed = true
maintenance = false
needsDbUpgrade = false
version = "10.0.9.5"
versionstring = "10.0.9"
edition = "community"
productname = "reva"
hostname = ""
[http.services.ocssvc.capabilities.capabilities.checksums]
supported_types = ["SHA256"]
preferred_upload_type = "SHA256"
[http.services.ocssvc.capabilities.capabilities.files]
private_links = true
bigfilechunking = true
blacklisted_files = ["foo"]
undelete = true
versioning = true
[http.services.ocssvc.capabilities.capabilities.dav]
chunking = "1.0"
[http.services.ocssvc.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
share_with_membership_groups_only = true
default_permissions = 22
search_min_length = 3
[http.services.ocssvc.capabilities.capabilities.files_sharing.public]
enabled = true
send_mail = true
social_share = true
upload = true
multiple = true
supports_upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password]
enforced = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password.enforced_for]
read_only = true
read_write = true
upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.expire_date]
enabled = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user]
send_mail = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user_enumeration]
enabled = true
group_members_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.federation]
outgoing = true
incoming = true
[http.services.ocssvc.capabilities.capabilities.notifications]
endpoints = ["list", "get", "delete"]
[http.services.ocssvc.capabilities.version]
edition = "nexus"
major = 10
minor = 0
micro = 11
string = "10.0.11"
[http.services.datasvc]
driver = "local"
prefix = "data"
temp_folder = "/var/tmp/"
[http.services.datasvc.drivers.local]
root = "/data"
# also start the grpc gateway for other cs3 services so we have one frontend process
[grpc]
network = "tcp"
address = "0.0.0.0:10000"
enabled_services = ["gatewaysvc"]
[grpc.services.gatewaysvc]
storageregistrysvc = "localhost:9999"
authsvc = "localhost:9999"
usershareprovidersvc = "localhost:9999"
appregistrysvc = "localhost:9999"
preferencessvc = "localhost:9999"and this backend config
# This config file will start a reva grpc service backend that:
# - stores files in the local storage
# - reads users from users.json
# - uses basic authentication to authenticate requests
[core]
log_file = "stderr"
log_mode = "dev"
max_cpus = "2"
tracing_enabled = true
disable_http = true
[log]
level = "debug"
mode = "console"
# What grpc services should be started?
[grpc]
network = "tcp"
address = "0.0.0.0:9999"
enabled_services = ["storageprovidersvc", "authsvc", "storageregistrysvc", "appregistrysvc", "appprovidersvc", "preferencessvc", "usershareprovidersvc"]
enabled_interceptors = ["auth"]
# Order and configuration of grpc interceptors
# GRPC interceptors
[grpc.interceptors.auth]
# keys for grpc metadata are always lowercase, so interceptors headers need to use lowercase.
token_manager = "jwt"
# GenerateAccessToken contains the credentials in the payload. Skip auth, otherwise services cannot obtain a token.
skip_methods = ["/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"]
[grpc.interceptors.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
# GRPC services
## The authentication service
[grpc.services.authsvc]
token_manager = "jwt"
# users are authorized by checking their password matches the one in the users.json file
auth_manager = "json"
# user info is read from the user.json file
user_manager = "json"
[grpc.services.authsvc.auth_managers.json]
users = "/data/users.json"
[grpc.services.authsvc.user_managers.json]
users = "/data/users.json"
[grpc.services.authsvc.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
## The storage registry service
[grpc.services.storageregistrysvc]
driver = "static"
[grpc.services.storageregistrysvc.drivers.static.rules]
"/" = "localhost:9999"
"123e4567-e89b-12d3-a456-426655440000" = "localhost:9999"
## The storage provider service
[grpc.services.appregistrysvc]
driver = "static"
[grpc.services.appregistrysvc.static.rules]
".txt" = "localhost:9999"
"text/plain" = "localhost:9999"
[grpc.services.appprovidersvc]
driver = "demo"
[grpc.services.appprovidersvc.demo]
iframe_ui_provider = "http://localhost:9998/iframeuisvc"
[grpc.services.storageprovidersvc]
driver = "local"
mount_path = "/"
mount_id = "123e4567-e89b-12d3-a456-426655440000"
data_server_url = "http://127.0.0.1:9998/data"
[grpc.services.storageprovidersvc.available_checksums]
md5 = 100
unset = 1000
[grpc.services.storageprovidersvc.drivers.local]
root = "/data"
## The user share provider service
[grpc.services.usershareprovidersvc]
driver = "memory"
The basic config files revad.toml and gateway.toml should give you that already, minus the owncloud specific config, does it work with Phoenix? |
|
and oidc works as well with this gateway: # This config file will start a reva gateway that:
# - handles incoming HTTP requests
# - forwards GRPC requests to the backend
[core]
log_file = "stderr"
log_mode = "dev"
max_cpus = "100%"
#tracing_enabled = true
[log]
level = "debug"
mode = "console"
# What http services should be started?
[http]
network = "tcp"
address = "0.0.0.0:9998"
enabled_services = [
"appregistrysvc",
"ocdavsvc",
"ocssvc",
"datasvc",
"preferencessvc",
"prometheussvc",
"oidcprovider",
"wellknown"
]
enabled_middlewares = ["cors", "auth"]
# HTTP middlewares
[http.middlewares.auth]
priority = 200
# directly talk to the backend for authentication to save a grpc request
gatewaysvc = "0.0.0.0:9999"
credential_strategy = "oidc"
token_strategy = "header"
token_writer = "header"
token_manager = "jwt"
skip_methods = [
"/status.php",
"/oauth2",
"/oauth2/auth",
"/oauth2/token",
"/oauth2/introspect",
"/oauth2/userinfo",
"/oauth2/sessions",
"/.well-known/openid-configuration",
"/metrics"
]
[http.middlewares.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
[http.middlewares.cors]
priority = 100
allowed_origins = ["*"]
allow_credentials = true
allowed_methods = ["OPTIONS", "GET", "PUT", "POST", "DELETE", "MKCOL", "PROPFIND", "PROPPATCH", "MOVE", "COPY", "REPORT", "SEARCH"]
allowed_headers = ["Origin", "Accept", "Content-Type", "X-Requested-With", "Authorization", "Ocs-Apirequest"]
options_passthrough = true
# HTTP services
[http.services.appregistrysvc]
prefix = "appregistry"
gatewaysvc = "localhost:10000"
[http.services.preferencessvc]
prefix = "preferences"
gatewaysvc = "localhost:10000"
[http.services.iframeuisvc]
prefix = "iframe"
[http.services.webuisvc]
prefix = "ui"
[http.services.ocdavsvc]
prefix = ""
gatewaysvc = "localhost:10000"
chunk_folder = "/var/tmp/owncloud/chunks"
[http.services.ocssvc]
prefix = "ocs"
gatewaysvc = "localhost:10000"
# the list of share recipients is taken fro the user.json file
user_manager = "json"
[http.services.ocssvc.user_managers.json]
users = "/data/users.json"
[http.services.ocssvc.config]
version = "1.8"
website = "nexus"
host = "https://localhost:9998"
contact = "admin@localhost"
ssl = "true"
[http.services.ocssvc.capabilities.capabilities.core]
poll_interval = 60
webdav_root = "remote.php/webdav"
[http.services.ocssvc.capabilities.capabilities.core.status]
installed = true
maintenance = false
needsDbUpgrade = false
version = "10.0.9.5"
versionstring = "10.0.9"
edition = "community"
productname = "reva"
hostname = ""
[http.services.ocssvc.capabilities.capabilities.checksums]
supported_types = ["SHA256"]
preferred_upload_type = "SHA256"
[http.services.ocssvc.capabilities.capabilities.files]
private_links = true
bigfilechunking = true
blacklisted_files = ["foo"]
undelete = true
versioning = true
[http.services.ocssvc.capabilities.capabilities.dav]
chunking = "1.0"
[http.services.ocssvc.capabilities.capabilities.files_sharing]
api_enabled = true
resharing = true
group_sharing = true
auto_accept_share = true
share_with_group_members_only = true
share_with_membership_groups_only = true
default_permissions = 22
search_min_length = 3
[http.services.ocssvc.capabilities.capabilities.files_sharing.public]
enabled = true
send_mail = true
social_share = true
upload = true
multiple = true
supports_upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password]
enforced = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.password.enforced_for]
read_only = true
read_write = true
upload_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.public.expire_date]
enabled = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user]
send_mail = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.user_enumeration]
enabled = true
group_members_only = true
[http.services.ocssvc.capabilities.capabilities.files_sharing.federation]
outgoing = true
incoming = true
[http.services.ocssvc.capabilities.capabilities.notifications]
endpoints = ["list", "get", "delete"]
[http.services.ocssvc.capabilities.version]
edition = "nexus"
major = 10
minor = 0
micro = 11
string = "10.0.11"
[http.services.datasvc]
driver = "local"
prefix = "data"
temp_folder = "/var/tmp/"
[http.services.datasvc.drivers.local]
root = "/data"
[http.services.oidcprovider]
prefix = "oauth2"
[http.services.wellknown]
prefix = ".well-known"
# also start the grpc gateway for other cs3 services so we have one frontend process
[grpc]
network = "tcp"
address = "0.0.0.0:10000"
enabled_services = ["gatewaysvc"]
[grpc.services.gatewaysvc]
storageregistrysvc = "localhost:9999"
authsvc = "localhost:9999"
usershareprovidersvc = "localhost:9999"
appregistrysvc = "localhost:9999"
preferencessvc = "localhost:9999"this backend: # This config file will start a reva grpc service backend that:
# - stores files in the local storage
# - reads users from users.json
# - uses basic authentication to authenticate requests
[core]
log_file = "stderr"
log_mode = "dev"
max_cpus = "2"
tracing_enabled = true
disable_http = true
[log]
level = "debug"
mode = "console"
# What grpc services should be started?
[grpc]
network = "tcp"
address = "0.0.0.0:9999"
enabled_services = ["storageprovidersvc", "authsvc", "storageregistrysvc", "appregistrysvc", "appprovidersvc", "preferencessvc", "usershareprovidersvc"]
enabled_interceptors = ["auth"]
# Order and configuration of grpc interceptors
# GRPC interceptors
[grpc.interceptors.auth]
# keys for grpc metadata are always lowercase, so interceptors headers need to use lowercase.
token_manager = "jwt"
# GenerateAccessToken contains the credentials in the payload. Skip auth, otherwise services cannot obtain a token.
skip_methods = ["/cs3.authv0alpha.AuthService/GenerateAccessToken", "/cs3.authv0alpha.AuthService/WhoAmI"]
[grpc.interceptors.auth.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
# GRPC services
## The authentication service
[grpc.services.authsvc]
token_manager = "jwt"
# users are authorized by checking their password matches the one in the users.json file
auth_manager = "oidc"
# user info is read from the user.json file
user_manager = "oidc"
[grpc.services.authsvc.auth_managers.oidc]
provider = "http://localhost:9998"
insecure = true
# the client credentials for the token introspection beckchannel
client_id = "phoenix"
client_secret = "foobar"
[grpc.services.authsvc.token_managers.jwt]
secret = "Uv38ByGCZU8WP18PmmIdcpVmx00QA3xN"
## The storage registry service
[grpc.services.storageregistrysvc]
driver = "static"
[grpc.services.storageregistrysvc.drivers.static.rules]
"/" = "localhost:9999"
"123e4567-e89b-12d3-a456-426655440000" = "localhost:9999"
## The storage provider service
[grpc.services.appregistrysvc]
driver = "static"
[grpc.services.appregistrysvc.static.rules]
".txt" = "localhost:9999"
"text/plain" = "localhost:9999"
[grpc.services.appprovidersvc]
driver = "demo"
[grpc.services.appprovidersvc.demo]
iframe_ui_provider = "http://localhost:9998/iframeuisvc"
[grpc.services.storageprovidersvc]
driver = "local"
mount_path = "/"
mount_id = "123e4567-e89b-12d3-a456-426655440000"
data_server_url = "http://127.0.0.1:9998/data"
[grpc.services.storageprovidersvc.available_checksums]
md5 = 100
unset = 1000
[grpc.services.storageprovidersvc.drivers.local]
root = "/data"
## The user share provider service
[grpc.services.usershareprovidersvc]
driver = "memory"this config.json for phoenix: {
"server" : "http://localhost:9998",
"theme": "owncloud",
"version": "0.1.0",
"openIdConnect": {
"authority": "http://localhost:9998",
"metadataUrl": "http://localhost:9998/.well-known/openid-configuration",
"client_id": "phoenix",
"client_secret": "foobar",
"response_type": "code",
"scope": "openid profile email",
"extraQueryParams": {
"claims": "{\"userinfo\":{\"name\":{\"essential\":true},\"preferred_username\":{\"essential\":true},\"email\":{\"essential\":true},\"email_verified\":{\"essential\":true},\"picture\":null}}"
}
},
"apps" : [
"files", "markdown-editor","pdf-viewer"
]
}start with yarn watch-all or using docker: and finally, the users.json needs to contain the id property: [
{
"id": {
"idp": "localhost:9998",
"opaque_id": "aaliyah_abernathy"
},
"subject": "c6e5995d6c7fa1986b830b78b478e6c2",
"issuer": "localhost:9998",
"username": "aaliyah_abernathy",
"secret": "secret",
"mail": "[email protected]",
"display_name": "Aaliyah Abernathy"
},
{
"id": {
"idp": "localhost:9998",
"opaque_id": "aaliyah_adams"
},
"subject": "9fb5f8d212cbf3fc55f1bf67d97ed05d",
"issuer": "localhost:9998",
"username": "aaliyah_adams",
"secret": "secret",
"mail": "[email protected]",
"display_name": "Aaliyah Adams"
},
{
"id": {
"idp": "localhost:9998",
"opaque_id": "aaliyah_anderson"
},
"subject": "a84075b398fe6a0aee1155f8ead13331",
"issuer": "localhost:9998",
"username": "aaliyah_anderson",
"secret": "secret",
"mail": "[email protected]",
"display_name": "Aaliyah Anderson"
}
] |
labkode
changed the title
|
Closes #162 |
This was referenced Aug 14, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.