diff --git a/services/auth-app/pkg/config/config.go b/services/auth-app/pkg/config/config.go index 4c65596752..656f0a4087 100644 --- a/services/auth-app/pkg/config/config.go +++ b/services/auth-app/pkg/config/config.go @@ -28,9 +28,40 @@ type Config struct { AllowImpersonation bool `yaml:"allow_impersonation" env:"AUTH_APP_ENABLE_IMPERSONATION" desc:"Allows admins to create app tokens for other users. Used for migration. Do NOT use in productive deployments." introductionVersion:"1.0.0"` + StorageDriver string `yaml:"storage_driver" env:"AUTH_APP_STORAGE_DRIVER" desc:"Driver to be used to persist the app tokes . Supported values are 'jsoncs3', 'json'." introductionVersion:"%%NEXT%%"` + StorageDrivers StorageDrivers `yaml:"storage_drivers"` + Context context.Context `yaml:"-"` } +type StorageDrivers struct { + JSONCS3 JSONCS3Driver `yaml:"jsoncs3"` +} + +type JSONCS3Driver struct { + ProviderAddr string `yaml:"provider_addr" env:"AUTH_APP_JSONCS3_PROVIDER_ADDR" desc:"GRPC address of the STORAGE-SYSTEM service." introductionVersion:"%%NEXT%%"` + SystemUserID string `yaml:"system_user_id" env:"OC_SYSTEM_USER_ID;AUTH_APP_JSONCS3_SYSTEM_USER_ID" desc:"ID of the OpenCloud STORAGE-SYSTEM system user. Admins need to set the ID for the STORAGE-SYSTEM system user in this config option which is then used to reference the user. Any reasonable long string is possible, preferably this would be an UUIDv4 format." introductionVersion:"%%NEXT%%"` + SystemUserIDP string `yaml:"system_user_idp" env:"OC_SYSTEM_USER_IDP;AUTH_APP_JSONCS3_SYSTEM_USER_IDP" desc:"IDP of the OpenCloud STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"` + SystemUserAPIKey string `yaml:"system_user_api_key" env:"OC_SYSTEM_USER_API_KEY;AUTH_APP_JSONCS3_SYSTEM_USER_API_KEY" desc:"API key for the STORAGE-SYSTEM system user." introductionVersion:"%%NEXT%%"` + PasswordGenerator string `yaml:"password_generator" env:"AUTH_APP_JSONCS3_PASSWORD_GENERATOR" desc:"The password generator that should be used for generating app tokens. Supported values are: 'diceware' and 'random'." introductionVersion:"%%NEXT%%"` + PasswordGeneratorOptions PasswordGeneratorOptions `yaml:"password_generator_options"` +} + +type PasswordGeneratorOptions struct { + DicewareOptions DicewareOptions `yaml:"diceware"` + RandPWOpts RandPWOpts `yaml:"randon"` +} + +// DicewareOptions defines the config options for the "diceware" password generator +type DicewareOptions struct { + NumberOfWords int `yaml:"number_of_words" env:"AUTH_APP_JSONCS3_DICEWARE_NUMBER_OF_WORDS" desc:"The number of words the generated passphrase will have." introductionVersion:"%%NEXT%%"` +} + +// RandPWOpts defines the config options for the "random" password generator +type RandPWOpts struct { + PasswordLength int `yaml:"password_length" env:"AUTH_APP_JSONCS3_RANDOM_PASSWORD_LENGTH" desc:"The number of charactors the generated passwords will have." introductionVersion:"%%NEXT%%"` +} + // Log defines the loging configuration type Log struct { Level string `yaml:"level" env:"OC_LOG_LEVEL;AUTH_APP_LOG_LEVEL" desc:"The log level. Valid values are: 'panic', 'fatal', 'error', 'warn', 'info', 'debug', 'trace'." introductionVersion:"1.0.0"` diff --git a/services/auth-app/pkg/config/defaults/defaultconfig.go b/services/auth-app/pkg/config/defaults/defaultconfig.go index 0c726b05a3..d083dcdca0 100644 --- a/services/auth-app/pkg/config/defaults/defaultconfig.go +++ b/services/auth-app/pkg/config/defaults/defaultconfig.go @@ -44,6 +44,19 @@ func DefaultConfig() *config.Config { Service: config.Service{ Name: "auth-app", }, + StorageDriver: "jsoncs3", + StorageDrivers: config.StorageDrivers{ + JSONCS3: config.JSONCS3Driver{ + ProviderAddr: "eu.opencloud.api.storage-system", + SystemUserIDP: "internal", + PasswordGenerator: "diceware", + PasswordGeneratorOptions: config.PasswordGeneratorOptions{ + DicewareOptions: config.DicewareOptions{ + NumberOfWords: 6, + }, + }, + }, + }, Reva: shared.DefaultRevaConfig(), } } @@ -85,6 +98,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey } + if cfg.StorageDrivers.JSONCS3.SystemUserAPIKey == "" && cfg.Commons != nil && cfg.Commons.SystemUserAPIKey != "" { + cfg.StorageDrivers.JSONCS3.SystemUserAPIKey = cfg.Commons.SystemUserAPIKey + } + + if cfg.StorageDrivers.JSONCS3.SystemUserID == "" && cfg.Commons != nil && cfg.Commons.SystemUserID != "" { + cfg.StorageDrivers.JSONCS3.SystemUserID = cfg.Commons.SystemUserID + } + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { cfg.TokenManager = &config.TokenManager{ JWTSecret: cfg.Commons.TokenManager.JWTSecret, diff --git a/services/auth-app/pkg/revaconfig/config.go b/services/auth-app/pkg/revaconfig/config.go index 325e222b8f..9ee5386bb7 100644 --- a/services/auth-app/pkg/revaconfig/config.go +++ b/services/auth-app/pkg/revaconfig/config.go @@ -11,6 +11,14 @@ import ( func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} { appAuthJSON := filepath.Join(defaults.BaseDataPath(), "appauth.json") + jsonCS3pwGenOpt := map[string]any{} + switch cfg.StorageDrivers.JSONCS3.PasswordGenerator { + case "random": + jsonCS3pwGenOpt["token_strength"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.RandPWOpts.PasswordLength + case "diceware": + jsonCS3pwGenOpt["number_of_words"] = cfg.StorageDrivers.JSONCS3.PasswordGeneratorOptions.DicewareOptions.NumberOfWords + } + rcfg := map[string]interface{}{ "shared": map[string]interface{}{ "jwt_secret": cfg.TokenManager.JWTSecret, @@ -36,11 +44,19 @@ func AuthAppConfigFromStruct(cfg *config.Config) map[string]interface{} { }, }, "applicationauth": map[string]interface{}{ - "driver": "json", + "driver": cfg.StorageDriver, "drivers": map[string]interface{}{ "json": map[string]interface{}{ "file": appAuthJSON, }, + "jsoncs3": map[string]interface{}{ + "provider_addr": cfg.StorageDrivers.JSONCS3.ProviderAddr, + "service_user_id": cfg.StorageDrivers.JSONCS3.SystemUserID, + "service_user_idp": cfg.StorageDrivers.JSONCS3.SystemUserIDP, + "machine_auth_apikey": cfg.StorageDrivers.JSONCS3.SystemUserAPIKey, + "password_generator": cfg.StorageDrivers.JSONCS3.PasswordGenerator, + "generator_config": jsonCS3pwGenOpt, + }, }, }, },