From 2692c7dbf854c400bd6ef8dfe80a48546a0f0980 Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Tue, 5 Oct 2021 14:25:25 +0200 Subject: [PATCH] document machine auth api key --- deployments/examples/cs3_users_ocis/.env | 3 ++- deployments/examples/cs3_users_ocis/docker-compose.yml | 1 + deployments/examples/oc10_ocis_parallel/.env | 2 ++ deployments/examples/oc10_ocis_parallel/docker-compose.yml | 1 + deployments/examples/ocis_hello/.env | 2 ++ deployments/examples/ocis_hello/docker-compose.yml | 1 + deployments/examples/ocis_keycloak/.env | 2 ++ deployments/examples/ocis_keycloak/docker-compose.yml | 1 + deployments/examples/ocis_s3/.env | 2 ++ deployments/examples/ocis_s3/docker-compose.yml | 1 + deployments/examples/ocis_traefik/.env | 2 ++ deployments/examples/ocis_traefik/docker-compose.yml | 1 + deployments/examples/ocis_wopi/.env | 2 ++ deployments/examples/ocis_wopi/docker-compose.yml | 2 ++ docs/ocis/deployment/_index.md | 3 +++ docs/ocis/deployment/oc10_ocis_parallel.md | 2 ++ docs/ocis/deployment/ocis_hello.md | 2 ++ docs/ocis/deployment/ocis_keycloak.md | 2 ++ docs/ocis/deployment/ocis_s3.md | 2 ++ docs/ocis/deployment/ocis_traefik.md | 2 ++ docs/ocis/deployment/ocis_wopi.md | 2 ++ 21 files changed, 37 insertions(+), 1 deletion(-) diff --git a/deployments/examples/cs3_users_ocis/.env b/deployments/examples/cs3_users_ocis/.env index 71fa7afe38..c998544fd8 100644 --- a/deployments/examples/cs3_users_ocis/.env +++ b/deployments/examples/cs3_users_ocis/.env @@ -21,7 +21,8 @@ OCIS_DOMAIN= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= - +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### LDAP server settings ### # Password of LDAP user "cn=admin,dc=owncloud,dc=com". Defaults to "admin" diff --git a/deployments/examples/cs3_users_ocis/docker-compose.yml b/deployments/examples/cs3_users_ocis/docker-compose.yml index 89c01cc7f6..d296e8a01f 100644 --- a/deployments/examples/cs3_users_ocis/docker-compose.yml +++ b/deployments/examples/cs3_users_ocis/docker-compose.yml @@ -84,6 +84,7 @@ services: # change default secrets OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/web-config.dist.json:/config/web-config.dist.json diff --git a/deployments/examples/oc10_ocis_parallel/.env b/deployments/examples/oc10_ocis_parallel/.env index f7a43e3a45..59ac1d5447 100644 --- a/deployments/examples/oc10_ocis_parallel/.env +++ b/deployments/examples/oc10_ocis_parallel/.env @@ -24,6 +24,8 @@ OCIS_DOCKER_TAG= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### oCIS settings ### # oC10 version. Defaults to "latest" diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml index 1684003ef4..4678b7faed 100644 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml @@ -115,6 +115,7 @@ services: # change default secrets OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ./config/ocis/proxy-config.dist.json:/config/proxy-config.dist.json diff --git a/deployments/examples/ocis_hello/.env b/deployments/examples/ocis_hello/.env index f6dbbab346..cdd83740ef 100644 --- a/deployments/examples/ocis_hello/.env +++ b/deployments/examples/ocis_hello/.env @@ -25,6 +25,8 @@ STORAGE_LDAP_BIND_PASSWORD= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### oCIS Hello settings ### # oCIS Hello version. Defaults to "latest" diff --git a/deployments/examples/ocis_hello/docker-compose.yml b/deployments/examples/ocis_hello/docker-compose.yml index edf39182e5..82d2a8728d 100644 --- a/deployments/examples/ocis_hello/docker-compose.yml +++ b/deployments/examples/ocis_hello/docker-compose.yml @@ -60,6 +60,7 @@ services: STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # web ui WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json" # proxy diff --git a/deployments/examples/ocis_keycloak/.env b/deployments/examples/ocis_keycloak/.env index 4b6dc69739..64fb4117c6 100644 --- a/deployments/examples/ocis_keycloak/.env +++ b/deployments/examples/ocis_keycloak/.env @@ -27,6 +27,8 @@ STORAGE_LDAP_BIND_PASSWORD= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### Keycloak ### # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" diff --git a/deployments/examples/ocis_keycloak/docker-compose.yml b/deployments/examples/ocis_keycloak/docker-compose.yml index 92f15404e8..2be550a661 100644 --- a/deployments/examples/ocis_keycloak/docker-compose.yml +++ b/deployments/examples/ocis_keycloak/docker-compose.yml @@ -69,6 +69,7 @@ services: STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_s3/.env b/deployments/examples/ocis_s3/.env index 4d728a47a3..b05103cfc2 100644 --- a/deployments/examples/ocis_s3/.env +++ b/deployments/examples/ocis_s3/.env @@ -25,6 +25,8 @@ STORAGE_LDAP_BIND_PASSWORD= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### MINIO / S3 settings ### # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". diff --git a/deployments/examples/ocis_s3/docker-compose.yml b/deployments/examples/ocis_s3/docker-compose.yml index 3a97e790ba..5ac5a0916d 100644 --- a/deployments/examples/ocis_s3/docker-compose.yml +++ b/deployments/examples/ocis_s3/docker-compose.yml @@ -59,6 +59,7 @@ services: STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} # activate s3ng storage driver STORAGE_HOME_DRIVER: s3ng STORAGE_USERS_DRIVER: s3ng diff --git a/deployments/examples/ocis_traefik/.env b/deployments/examples/ocis_traefik/.env index 6480c26e70..90b69b5f23 100644 --- a/deployments/examples/ocis_traefik/.env +++ b/deployments/examples/ocis_traefik/.env @@ -25,6 +25,8 @@ STORAGE_LDAP_BIND_PASSWORD= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= # If you want to use debugging and tracing with this stack, # you need uncomment following line. Please see documentation at diff --git a/deployments/examples/ocis_traefik/docker-compose.yml b/deployments/examples/ocis_traefik/docker-compose.yml index 1713c10dee..c01e4e1a6e 100644 --- a/deployments/examples/ocis_traefik/docker-compose.yml +++ b/deployments/examples/ocis_traefik/docker-compose.yml @@ -59,6 +59,7 @@ services: STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} volumes: - ./config/ocis/entrypoint-override.sh:/entrypoint-override.sh - ocis-data:/var/tmp/ocis diff --git a/deployments/examples/ocis_wopi/.env b/deployments/examples/ocis_wopi/.env index 9b3f23936d..72c75988e5 100644 --- a/deployments/examples/ocis_wopi/.env +++ b/deployments/examples/ocis_wopi/.env @@ -25,6 +25,8 @@ STORAGE_LDAP_BIND_PASSWORD= OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= +# Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" +OCIS_MACHINE_AUTH_API_KEY= ### Wopi server settings ### # oCIS Wopi server version. Defaults to "latest" diff --git a/deployments/examples/ocis_wopi/docker-compose.yml b/deployments/examples/ocis_wopi/docker-compose.yml index 5717c68f92..6abe641783 100644 --- a/deployments/examples/ocis_wopi/docker-compose.yml +++ b/deployments/examples/ocis_wopi/docker-compose.yml @@ -61,6 +61,7 @@ services: IDP_LDAP_BIND_PASSWORD: ${IDP_LDAP_BIND_PASSWORD:-idp} STORAGE_LDAP_BIND_PASSWORD: ${STORAGE_LDAP_BIND_PASSWORD:-reva} OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} STORAGE_TRANSFER_SECRET: ${STORAGE_TRANSFER_SECRET:-replace-me-with-a-transfer-secret} # web ui WEB_UI_CONFIG: "/var/tmp/ocis/.config/web-config.json" @@ -98,6 +99,7 @@ services: OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose WOPISERVER_REVA_GATEWAY_ADDR: ocis:9142 OCIS_JWT_SECRET: ${OCIS_JWT_SECRET:-Pive-Fumkiu4} + OCIS_MACHINE_AUTH_API_KEY: ${OCIS_MACHINE_AUTH_API_KEY:-change-me-please} logging: driver: "local" restart: always diff --git a/docs/ocis/deployment/_index.md b/docs/ocis/deployment/_index.md index c42f5a9a7c..29e8bb2517 100644 --- a/docs/ocis/deployment/_index.md +++ b/docs/ocis/deployment/_index.md @@ -42,6 +42,9 @@ You can change it by setting the `OCIS_JWT_SECRET` environment variable for oCIS Another is used secret for singing JWT tokens for uploads and downloads, which also needs to be changed by the user. You can change it by setting the `STORAGE_TRANSFER_SECRET` environment variable for oCIS to a random string. +One more secret is used for machine auth, so that external applications can authenticate with an API key. +You can change it by setting the `OCIS_MACHINE_AUTH_API_KEY` environment variable for oCIS to a random string. + ### Delete demo users {{< hint info >}} diff --git a/docs/ocis/deployment/oc10_ocis_parallel.md b/docs/ocis/deployment/oc10_ocis_parallel.md index 42c46c2744..fca3a8de1f 100644 --- a/docs/ocis/deployment/oc10_ocis_parallel.md +++ b/docs/ocis/deployment/oc10_ocis_parallel.md @@ -84,6 +84,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ### oCIS settings ### # oC10 version. Defaults to "latest" diff --git a/docs/ocis/deployment/ocis_hello.md b/docs/ocis/deployment/ocis_hello.md index ceed83ca37..6449ce47a7 100644 --- a/docs/ocis/deployment/ocis_hello.md +++ b/docs/ocis/deployment/ocis_hello.md @@ -75,6 +75,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ### oCIS Hello settings ### # oCIS Hello version. Defaults to "latest" diff --git a/docs/ocis/deployment/ocis_keycloak.md b/docs/ocis/deployment/ocis_keycloak.md index eb1c03e575..300b725e81 100644 --- a/docs/ocis/deployment/ocis_keycloak.md +++ b/docs/ocis/deployment/ocis_keycloak.md @@ -78,6 +78,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ### Keycloak ### # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test" diff --git a/docs/ocis/deployment/ocis_s3.md b/docs/ocis/deployment/ocis_s3.md index 788858e0e1..e353a7617d 100644 --- a/docs/ocis/deployment/ocis_s3.md +++ b/docs/ocis/deployment/ocis_s3.md @@ -77,6 +77,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ### MINIO / S3 settings ### # Domain of MinIO where the Web UI is accessible. Defaults to "minio.owncloud.test". diff --git a/docs/ocis/deployment/ocis_traefik.md b/docs/ocis/deployment/ocis_traefik.md index 5c9558ea69..035b233a49 100644 --- a/docs/ocis/deployment/ocis_traefik.md +++ b/docs/ocis/deployment/ocis_traefik.md @@ -72,6 +72,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ``` You are installing oCIS on a server and Traefik will obtain valid certificates for you so please remove `INSECURE=true` or set it to `false`. diff --git a/docs/ocis/deployment/ocis_wopi.md b/docs/ocis/deployment/ocis_wopi.md index be69f9f844..50aeff1226 100644 --- a/docs/ocis/deployment/ocis_wopi.md +++ b/docs/ocis/deployment/ocis_wopi.md @@ -80,6 +80,8 @@ See also [example server setup]({{< ref "preparing_server" >}}) OCIS_JWT_SECRET= # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret" STORAGE_TRANSFER_SECRET= + # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please" + OCIS_MACHINE_AUTH_API_KEY= ### Wopi server settings ### # oCIS Wopi server version. Defaults to "latest"