config and tls

Signed-off-by: jkoberg <jkoberg@owncloud.com>
2026-04-28 19:28:19 -04:00 · 2022-12-08 11:41:31 +01:00
parent 1b032c7617
commit daad94a332
4 changed files with 61 additions and 13 deletions
--- a/services/postprocessing/pkg/command/server.go
+++ b/services/postprocessing/pkg/command/server.go
@@ -34,24 +34,28 @@ func Server(cfg *config.Config) *cli.Command {
 			logger := logging.Configure(cfg.Service.Name, cfg.Log)

 			evtsCfg := cfg.Postprocessing.Events
-			var rootCAPool *x509.CertPool
-			if evtsCfg.TLSRootCACertificate != "" {
-				rootCrtFile, err := os.Open(evtsCfg.TLSRootCACertificate)
-				if err != nil {
-					return err
+			var tlsConf *tls.Config
+
+			if !evtsCfg.TLSInsecure {
+				var rootCAPool *x509.CertPool
+				if evtsCfg.TLSRootCACertificate != "" {
+					rootCrtFile, err := os.Open(evtsCfg.TLSRootCACertificate)
+					if err != nil {
+						return err
+					}
+
+					rootCAPool, err = ociscrypto.NewCertPoolFromPEM(rootCrtFile)
+					if err != nil {
+						return err
+					}
+					evtsCfg.TLSInsecure = false
 				}

-				rootCAPool, err = ociscrypto.NewCertPoolFromPEM(rootCrtFile)
-				if err != nil {
-					return err
+				tlsConf = &tls.Config{
+					RootCAs: rootCAPool,
 				}
-				evtsCfg.TLSInsecure = false
 			}

-			tlsConf := &tls.Config{
-				InsecureSkipVerify: evtsCfg.TLSInsecure, //nolint:gosec
-				RootCAs:            rootCAPool,
-			}
 			bus, err := server.NewNatsStream(
 				natsjs.TLSConfig(tlsConf),
 				natsjs.Address(evtsCfg.Endpoint),
--- a/services/storage-users/pkg/config/config.go
+++ b/services/storage-users/pkg/config/config.go
@@ -24,6 +24,8 @@ type Config struct {
 	Driver           string  `yaml:"driver" env:"STORAGE_USERS_DRIVER" desc:"The storage driver which should be used by the service"`
 	Drivers          Drivers `yaml:"drivers"`
 	DataServerURL    string  `yaml:"data_server_url" env:"STORAGE_USERS_DATA_SERVER_URL" desc:"URL of the data server, needs to be reachable by the data gateway provided by the frontend service or the user if directly exposed."`
+	DataGatewayURL   string  `yaml:"data_gateway_url" env:"STORAGE_USERS_DATA_GATEWAY_URL" desc:"URL of the data gateway server"`
+	TransferExpires  int64   `yaml:"transfer_expires" env:"STORAGE_USERS_TRANSFER_EXPIRES" desc:"the time after which the token for upload postprocessing expires"`
 	Events           Events  `yaml:"events"`
 	Cache            Cache   `yaml:"cache"`
 	MountID          string  `yaml:"mount_id" env:"STORAGE_USERS_MOUNT_ID" desc:"Mount ID of this storage."`
@@ -98,6 +100,7 @@ type OCISDriver struct {
 	ShareFolder             string `yaml:"share_folder" env:"STORAGE_USERS_OCIS_SHARE_FOLDER" desc:"Name of the folder jailing all shares."`
 	MaxAcquireLockCycles    int    `yaml:"max_acquire_lock_cycles" env:"STORAGE_USERS_OCIS_MAX_ACQUIRE_LOCK_CYCLES" desc:"When trying to lock files, ocis will try this amount of times to acquire the lock before failing. After each try it will wait for an increasing amount of time. Values of 0 or below will be ignored and the default value of 20 will be used."`
 	LockCycleDurationFactor int    `yaml:"lock_cycle_duration_factor" env:"STORAGE_USERS_OCIS_LOCK_CYCLE_DURATION_FACTOR" desc:"When trying to lock files, ocis will multiply the cycle with this factor and use it as a millisecond timeout. Values of 0 or below will be ignored and the default value of 30 will be used."`
+	AsyncUploads            bool   `yaml:"async_uploads" env:"STORAGE_USERS_OCIS_ASYNC_UPLOADS" desc:"Enable asynchronous file uploads."`
 }

 type S3NGDriver struct {
@@ -143,6 +146,7 @@ type Events struct {
 	TLSInsecure       bool   `yaml:"tls_insecure" env:"OCIS_INSECURE;STORAGE_USERS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates."`
 	TLSRootCaCertPath string `yaml:"tls_root_ca_cert_path" env:"STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERT" desc:"The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false."`
 	EnableTLS         bool   `yaml:"enable_tls" env:"OCIS_EVENTS_ENABLE_TLS;STORAGE_USERS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the ocis service which receives and delivers events between the services.."`
+	NumConsumers      int    `yaml:"num_consumers" env:"STORAGE_USERS_EVENTS_NUM_CONSUMERS" desc:"The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the STORAGE_USERS_OCIS_ASYNC_UPLOADS is set to false. The default and minimum value is 1."`
 }

 // Cache holds cache config
--- a/services/storage-users/pkg/config/defaults/defaultconfig.go
+++ b/services/storage-users/pkg/config/defaults/defaultconfig.go
@@ -39,6 +39,8 @@ func DefaultConfig() *config.Config {
 		},
 		Reva:             shared.DefaultRevaConfig(),
 		DataServerURL:    "http://localhost:9158/data",
+		DataGatewayURL:   "https://localhost:9200/data",
+		TransferExpires:  86400,
 		UploadExpiration: 24 * 60 * 60,
 		Driver:           "ocis",
 		Drivers: config.Drivers{
--- a/services/storage-users/pkg/revaconfig/user.go
+++ b/services/storage-users/pkg/revaconfig/user.go
@@ -98,6 +98,25 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
 			"permissionssvc_tls_mode":     cfg.Commons.GRPCClientTLS.Mode,
 			"max_acquire_lock_cycles":     cfg.Drivers.OCIS.MaxAcquireLockCycles,
 			"lock_cycle_duration_factor":  cfg.Drivers.OCIS.LockCycleDurationFactor,
+			"asyncfileuploads":            cfg.Drivers.OCIS.AsyncUploads,
+			"statcache": map[string]interface{}{
+				"cache_store":    cfg.Cache.Store,
+				"cache_nodes":    cfg.Cache.Nodes,
+				"cache_database": cfg.Cache.Database,
+			},
+			"events": map[string]interface{}{
+				"natsaddress":          cfg.Events.Addr,
+				"natsclusterid":        cfg.Events.ClusterID,
+				"tlsinsecure":          cfg.Events.TLSInsecure,
+				"tlsrootcacertificate": cfg.Events.TLSRootCaCertPath,
+				"numconsumers":         cfg.Events.NumConsumers,
+			},
+			"tokens": map[string]interface{}{
+				"transfer_shared_secret": cfg.Commons.TransferSecret,
+				"transfer_expires":       cfg.TransferExpires,
+				"download_endpoint":      cfg.DataServerURL,
+				"datagateway_endpoint":   cfg.DataGatewayURL,
+			},
 		},
 		"s3": map[string]interface{}{
 			"enable_home": false,
@@ -125,6 +144,25 @@ func UserDrivers(cfg *config.Config) map[string]interface{} {
 			"s3.bucket":                   cfg.Drivers.S3NG.Bucket,
 			"max_acquire_lock_cycles":     cfg.Drivers.S3NG.MaxAcquireLockCycles,
 			"lock_cycle_duration_factor":  cfg.Drivers.S3NG.LockCycleDurationFactor,
+			"asyncfileuploads":            cfg.Drivers.OCIS.AsyncUploads,
+			"statcache": map[string]interface{}{
+				"cache_store":    cfg.Cache.Store,
+				"cache_nodes":    cfg.Cache.Nodes,
+				"cache_database": cfg.Cache.Database,
+			},
+			"events": map[string]interface{}{
+				"natsaddress":          cfg.Events.Addr,
+				"natsclusterid":        cfg.Events.ClusterID,
+				"tlsinsecure":          cfg.Events.TLSInsecure,
+				"tlsrootcacertificate": cfg.Events.TLSRootCaCertPath,
+				"numconsumers":         cfg.Events.NumConsumers,
+			},
+			"tokens": map[string]interface{}{
+				"transfer_shared_secret": cfg.Commons.TransferSecret,
+				"transfer_expires":       cfg.TransferExpires,
+				"download_endpoint":      cfg.DataServerURL,
+				"datagateway_endpoint":   cfg.DataGatewayURL,
+			},
 		},
 	}
 }