Expose configuration for the reva archiver

[jvillafanez]

Description

Expose the reva archiver configuration

Related Issue

#2507

Motivation and Context

How Has This Been Tested?

1. Access ocis with the admin user
2. Create folder "zzz" and upload some files there
3. Connect to the archiver service:
   1. Assuming you've started a basic ocis installation with ocis server
   2. In the same host

root@f13b05e8714d:/# curl -v -u admin:admin -JO http://localhost:9140/archiver?dir=/home/zzz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 127.0.0.1:9140...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9140 (#0)
* Server auth using Basic with user 'admin'
> GET /archiver?dir=/home/zzz HTTP/1.1
> Host: localhost:9140
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.68.0
> Accept: */*
> 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Disposition: attachment; filename="zzz.tar"
< Content-Transfer-Encoding: binary
< Vary: Origin
< X-Access-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjMxNzk4NDYxLCJpYXQiOjE2MzE3MTIwNjEsImlzcyI6Imh0dHBzOi8vb2Npcy5qcC5zb2xpZGdlYXIucHJ2IiwidXNlciI6eyJpZCI6eyJpZHAiOiJodHRwczovL29jaXMuanAuc29saWRnZWFyLnBydiIsIm9wYXF1ZV9pZCI6ImRkYzIwMDRjLTA5NzctMTFlYi05ZDNmLWE3OTM4ODhjZDBmOCIsInR5cGUiOjF9LCJ1c2VybmFtZSI6ImFkbWluIiwibWFpbCI6ImFkbWluQGV4YW1wbGUub3JnIiwiZGlzcGxheV9uYW1lIjoiQWRtaW4iLCJ1aWRfbnVtYmVyIjoyMDAwNCwiZ2lkX251bWJlciI6MzAwMDB9LCJzY29wZSI6eyJ1c2VyIjp7InJlc291cmNlIjp7ImRlY29kZXIiOiJqc29uIiwidmFsdWUiOiJleUp3WVhSb0lqb2lMeUo5In0sInJvbGUiOjF9fX0.jf3Fxy5FGRLLKLss_gi8yxZ1MVof2-S3g17z4xtL_KA
< Date: Wed, 15 Sep 2021 13:21:02 GMT
< Content-Type: application/octet-stream
< Transfer-Encoding: chunked
< 
{ [3248 bytes data]
100 6782k    0 6782k    0     0  9566k      0 --:--:-- --:--:-- --:--:-- 9552k
* Connection #0 to host localhost left intact
curl: Saved to filename 'zzz.tar'

The tar file is downloaded and contains the files that were present in the folder.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

[update-docs]

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

[wkloucek]

@jvillafanez this should also need some proxy configuration, so that oC Web can use this endpoint. Probably we also should add an capability @kulmann ?

[ownclouders]

💥 Acceptance tests Web-Tests-ocis-ocis-storage-1 failed. The build is cancelled...

[butonic]

there is already a capability, see https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go#L105 and https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/data/capabilities.go#L110

but it seems we are not setting it https://github.com/owncloud/ocis/blob/master/storage/pkg/command/frontend.go#L66-L72 @jvillafanez you could try setting it in the filesCfg.

[jvillafanez]

there is already a capability, see https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go#L105 and https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/data/capabilities.go#L110

Wrong context? The links point to "favorites", and I don't see any reference to the archiver there. The PR in reva implementing the archiver doesn't have any change around capabilities neither.

[jvillafanez]

Default route to the archiver added to the proxy.

$ curl -u admin:admin -k -OJ -v 'https://my.ocis.server/archiver/archiver?dir=/home/zzz'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.0.2.27:443...
* TCP_NODELAY set
* Connected to my.ocis.server(10.0.2.27) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [6 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [836 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Sep 16 09:46:40 2021 GMT
*  expire date: Sep 16 09:46:40 2022 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user 'admin'
} [5 bytes data]
> GET /archiver/archiver?dir=/home/zzz HTTP/1.1
> Host: my.ocis.server
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.68.0
> Accept: */*
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [146 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Content-Disposition: attachment; filename="zzz.tar"
< Content-Transfer-Encoding: binary
< Content-Type: application/octet-stream
< Date: Thu, 16 Sep 2021 09:56:51 GMT
< Vary: Origin
< X-Access-Token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJyZXZhIiwiZXhwIjoxNjMxODcyNjExLCJpYXQiOjE2MzE3ODYyMTEsImlzcyI6Imh0dHBzOi8vb2Npcy5qcC5zb2xpZGdlYXIucHJ2IiwidXNlciI6eyJpZCI6eyJpZHAiOiJodHRwczovL29jaXMuanAuc29saWRnZWFyLnBydiIsIm9wYXF1ZV9pZCI6ImRkYzIwMDRjLTA5NzctMTFlYi05ZDNmLWE3OTM4ODhjZDBmOCIsInR5cGUiOjF9LCJ1c2VybmFtZSI6ImFkbWluIiwibWFpbCI6ImFkbWluQGV4YW1wbGUub3JnIiwiZGlzcGxheV9uYW1lIjoiQWRtaW4iLCJ1aWRfbnVtYmVyIjoyMDAwNCwiZ2lkX251bWJlciI6MzAwMDB9LCJzY29wZSI6eyJ1c2VyIjp7InJlc291cmNlIjp7ImRlY29kZXIiOiJqc29uIiwidmFsdWUiOiJleUp3WVhSb0lqb2lMeUo5In0sInJvbGUiOjF9fX0.odeEizJVYCPzJX1uHhl-fmUxEx1NNahGNr_En3GoU7o
< Transfer-Encoding: chunked
< 
{ [5 bytes data]
100 3428k    0 3428k    0     0  5879k      0 --:--:-- --:--:-- --:--:-- 5890k
* Connection #0 to host my.ocis.server left intact
curl: Saved to filename 'zzz.tar'

[butonic]

there is already a capability, see https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go#L105 and https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/data/capabilities.go#L110

Wrong context? The links point to "favorites", and I don't see any reference to the archiver there. The PR in reva implementing the archiver doesn't have any change around capabilities neither.

urgh yes ... sorry I was confused. I think a new files capability archives makes sense. But I would strongly prefer a url endpoint value that can be used to tell clients chere to go without having to hardcode it in the clients. For example

+							"archiver": map[string]interface{}{
+								"endpoint": "https://localhost:9200/archiver",
+								"max_num_files": 5000,
+								"max_size":      1000000,
+							},

[butonic]

If it is a path, then it is on the same host as the capabilities. But it could be on a dedicated host, eg https://archiver.owncloud.com.

Suggested change

	"prefix": cfg.Reva.Frontend.ArchiverPrefix,
	"url": cfg.Reva.Frontend.ArchiverURL,

[pascalwengerter]

there is already a capability, see https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/handlers/cloud/capabilities/capabilities.go#L105 and https://github.com/cs3org/reva/blob/master/internal/http/services/owncloud/ocs/data/capabilities.go#L110

Wrong context? The links point to "favorites", and I don't see any reference to the archiver there. The PR in reva implementing the archiver doesn't have any change around capabilities neither.

urgh yes ... sorry I was confused. I think a new files capability archives makes sense. But I would strongly prefer a url endpoint value that can be used to tell clients chere to go without having to hardcode it in the clients. For example

+							"archiver": map[string]interface{}{
+								"endpoint": "https://localhost:9200/archiver",
+								"max_num_files": 5000,
+								"max_size":      1000000,
+							},

Probably the endpoint should be a relative path only? We get the backend URL from a config file already (at least in web client). This way you'd go for something like archiverUrl = config.server + capabilities.files.archiver.endpoint in the frontend? @kulmann

[jvillafanez]

But it should be possible for the rest of the services (datagateway, appprovider, etc) to do the same... so I think we should prioritize consistency in this case.

We could add a comment to rise awareness or adjust the usage string in the command line, although we might need to adjust the strings of the rest of the services.

[kulmann]

No preference from my side. Whatever is easier (not only for implementation, but also for admin who needs to configure it). In the web ui we have both situations already - e.g. the downloadURL comes as absolute URL form the backend while we do most API requests via relative URLS with the server URL from the config.

[butonic]

the capabilities, like the /.well-known/openid-configuration endpoint should allow clients to configure themselves. I agree with @jvillafanez regarding consistency. All endpoints should be URLs. That includes relative URLs like just a path: /archiver as well as https://otherhost.test/archiver.

This allows the server to configure clients to use custom implementations of services. All clients should be able to handle absolute and relative URLs.

[wkloucek]

The prefix is just a "namespace" for the handlers. There is no full URL in that case...

https://github.com/cs3org/reva/blob/e96fa872a8f569451d1d81d7ddefb6129c6dbd68/pkg/rhttp/rhttp.go#L204-L207

In the capabilities, you will be able to add a full URL, see #2529

[wkloucek]

capabilities will be tackled in cs3org/reva#2088

[wkloucek]

@jvillafanez I made the proxy route also match /archiver so that we can use curl -u einstein:relativity -k 'https://localhost:9200/archiver?dir=/home/Foo' --output Foo.tar

[jvillafanez]

That's ok for me, although I don't know if we have plans to add additional actions against the archiver service at some point.

For example, if we want to archive huge folder, we might want to provide async actions such as /archiver/async?dir=folder to create the request, /archiver/async/{id}/state to check the state (queued, archiving fileA, ready...), /archiver/async/{id} to download the archive if finished.
This allows more flexibility since we wouldn't need to touch the routing.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

100.0% Coverage
0.0% Duplication

[wkloucek]

The prefix is just a "namespace" for the handlers. There is no full URL in that case...

https://github.com/cs3org/reva/blob/e96fa872a8f569451d1d81d7ddefb6129c6dbd68/pkg/rhttp/rhttp.go#L204-L207

In the capabilities, you will be able to add a full URL, see #2529

Change the full URL is possible via Capabilities, not in the http handler in the archiver service

[phil-davis]

Note for future readers. The API endpoint in cs3org/reva seems to be download_archive cs3org/reva#2066

The API endpoint here in oCIS is archiver