Separate user and auth providers, add config for rest user (#412)

2026-06-22 23:09:38 -04:00 · 2020-08-26 17:15:20 +02:00
parent 82cda1ac52
commit fed4d133b0
8 changed files with 139 additions and 14 deletions
--- a/changelog/unreleased/separate-auth-user-providers.md
+++ b/changelog/unreleased/separate-auth-user-providers.md
@@ -0,0 +1,9 @@
+Enhancement: Separate user and auth providers, add config for rest user
+
+Previously, the auth and user provider services used to have the same driver,
+which restricted using separate drivers and configs for both. This PR separates
+the two and adds the config for the rest user driver and the gatewaysvc
+parameter to EOS fs.
+
+https://github.com/owncloud/ocis-reva/pull/412
+https://github.com/cs3org/reva/pull/995
--- a/pkg/command/authbasic.go
+++ b/pkg/command/authbasic.go
@@ -88,10 +88,10 @@ func AuthBasic(cfg *config.Config) *cli.Command {
 						// TODO build services dynamically
 						"services": map[string]interface{}{
 							"authprovider": map[string]interface{}{
-								"auth_manager": cfg.Reva.Users.Driver,
+								"auth_manager": cfg.Reva.AuthProvider.Driver,
 								"auth_managers": map[string]interface{}{
 									"json": map[string]interface{}{
-										"users": cfg.Reva.Users.JSON,
+										"users": cfg.Reva.AuthProvider.JSON,
 									},
 									"ldap": map[string]interface{}{
 										"hostname":      cfg.Reva.LDAP.Hostname,
--- a/pkg/command/authbearer.go
+++ b/pkg/command/authbearer.go
@@ -91,9 +91,11 @@ func AuthBearer(cfg *config.Config) *cli.Command {
 								"auth_manager": "oidc",
 								"auth_managers": map[string]interface{}{
 									"oidc": map[string]interface{}{
-										"issuer":   cfg.Reva.OIDC.Issuer,
-										"insecure": cfg.Reva.OIDC.Insecure,
-										"id_claim": cfg.Reva.OIDC.IDClaim,
+										"issuer":    cfg.Reva.OIDC.Issuer,
+										"insecure":  cfg.Reva.OIDC.Insecure,
+										"id_claim":  cfg.Reva.OIDC.IDClaim,
+										"uid_claim": cfg.Reva.OIDC.UIDClaim,
+										"gid_claim": cfg.Reva.OIDC.GIDClaim,
 									},
 								},
 							},
--- a/pkg/command/users.go
+++ b/pkg/command/users.go
@@ -113,6 +113,18 @@ func Users(cfg *config.Config) *cli.Command {
 											"gidNumber":   cfg.Reva.LDAP.Schema.GIDNumber,
 										},
 									},
+									"rest": map[string]interface{}{
+										"client_id":                    cfg.Reva.UserRest.ClientID,
+										"client_secret":                cfg.Reva.UserRest.ClientSecret,
+										"redis_address":                cfg.Reva.UserRest.RedisAddress,
+										"redis_username":               cfg.Reva.UserRest.RedisUsername,
+										"redis_password":               cfg.Reva.UserRest.RedisPassword,
+										"user_groups_cache_expiration": cfg.Reva.UserRest.UserGroupsCacheExpiration,
+										"id_provider":                  cfg.Reva.UserRest.IDProvider,
+										"api_base_url":                 cfg.Reva.UserRest.APIBaseURL,
+										"oidc_token_endpoint":          cfg.Reva.UserRest.OIDCTokenEndpoint,
+										"target_api":                   cfg.Reva.UserRest.TargetAPI,
+									},
 								},
 							},
 						},
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -202,6 +202,8 @@ type OIDC struct {
 	Issuer   string
 	Insecure bool
 	IDClaim  string
+	UIDClaim string
+	GIDClaim string
 }

 // LDAP defines the available ldap configuration.
@@ -220,6 +222,20 @@ type LDAP struct {
 	Schema          LDAPSchema
 }

+// UserRest defines the user REST driver specification.
+type UserRest struct {
+	ClientID                  string
+	ClientSecret              string
+	RedisAddress              string
+	RedisUsername             string
+	RedisPassword             string
+	IDProvider                string
+	APIBaseURL                string
+	OIDCTokenEndpoint         string
+	TargetAPI                 string
+	UserGroupsCacheExpiration int
+}
+
 // LDAPSchema defines the available ldap schema configuration.
 type LDAPSchema struct {
 	UID         string
@@ -244,6 +260,7 @@ type Reva struct {
 	TransferExpires int
 	OIDC            OIDC
 	LDAP            LDAP
+	UserRest        UserRest
 	OCDav           OCDav
 	Storages        StorageConfig
 	// Ports are used to configure which services to start on which port
@@ -251,6 +268,7 @@ type Reva struct {
 	DataGateway       Port
 	Gateway           Gateway
 	Users             Users
+	AuthProvider      Users
 	AuthBasic         Port
 	AuthBearer        Port
 	Sharing           Sharing
--- a/pkg/flagset/authbasic.go
+++ b/pkg/flagset/authbasic.go
@@ -82,21 +82,21 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
 			Destination: &cfg.Reva.JWTSecret,
 		},

-		// Users
+		// Auth

 		&cli.StringFlag{
-			Name:        "users-driver",
+			Name:        "auth-driver",
 			Value:       "ldap",
-			Usage:       "user driver: 'demo', 'json' or 'ldap'",
-			EnvVars:     []string{"REVA_USERS_DRIVER"},
-			Destination: &cfg.Reva.Users.Driver,
+			Usage:       "auth driver: 'demo', 'json' or 'ldap'",
+			EnvVars:     []string{"REVA_AUTH_DRIVER"},
+			Destination: &cfg.Reva.AuthProvider.Driver,
 		},
 		&cli.StringFlag{
-			Name:        "users-json",
+			Name:        "auth-json",
 			Value:       "",
 			Usage:       "Path to users.json file",
-			EnvVars:     []string{"REVA_USERS_JSON"},
-			Destination: &cfg.Reva.Users.JSON,
+			EnvVars:     []string{"REVA_AUTH_JSON"},
+			Destination: &cfg.Reva.AuthProvider.JSON,
 		},

 		// LDAP
--- a/pkg/flagset/authbearer.go
+++ b/pkg/flagset/authbearer.go
@@ -111,6 +111,20 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_OIDC_ID_CLAIM"},
 			Destination: &cfg.Reva.OIDC.IDClaim,
 		},
+		&cli.StringFlag{
+			Name: "oidc-uid-claim",
+			Value:       "",
+			Usage:       "OIDC uid claim",
+			EnvVars:     []string{"REVA_OIDC_UID_CLAIM"},
+			Destination: &cfg.Reva.OIDC.UIDClaim,
+		},
+		&cli.StringFlag{
+			Name: "oidc-gid-claim",
+			Value:       "",
+			Usage:       "OIDC gid claim",
+			EnvVars:     []string{"REVA_OIDC_GID_CLAIM"},
+			Destination: &cfg.Reva.OIDC.GIDClaim,
+		},

 		// Services

--- a/pkg/flagset/users.go
+++ b/pkg/flagset/users.go
@@ -199,6 +199,76 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_LDAP_SCHEMA_GIDNUMBER"},
 			Destination: &cfg.Reva.LDAP.Schema.GIDNumber,
 		},
+		&cli.StringFlag{
+			Name:        "rest-client-id",
+			Value:       "",
+			Usage:       "User rest driver Client ID",
+			EnvVars:     []string{"REVA_REST_CLIENT_ID"},
+			Destination: &cfg.Reva.UserRest.ClientID,
+		},
+		&cli.StringFlag{
+			Name:        "rest-client-secret",
+			Value:       "",
+			Usage:       "User rest driver Client Secret",
+			EnvVars:     []string{"REVA_REST_CLIENT_SECRET"},
+			Destination: &cfg.Reva.UserRest.ClientSecret,
+		},
+		&cli.StringFlag{
+			Name:        "rest-redis-address",
+			Value:       "localhost:6379",
+			Usage:       "Address for redis server",
+			EnvVars:     []string{"REVA_REST_REDIS_ADDRESS"},
+			Destination: &cfg.Reva.UserRest.RedisAddress,
+		},
+		&cli.StringFlag{
+			Name:        "rest-redis-username",
+			Value:       "",
+			Usage:       "Username for redis server",
+			EnvVars:     []string{"REVA_REST_REDIS_USERNAME"},
+			Destination: &cfg.Reva.UserRest.RedisUsername,
+		},
+		&cli.StringFlag{
+			Name:        "rest-redis-password",
+			Value:       "",
+			Usage:       "Password for redis server",
+			EnvVars:     []string{"REVA_REST_REDIS_PASSWORD"},
+			Destination: &cfg.Reva.UserRest.RedisPassword,
+		},
+		&cli.IntFlag{
+			Name:        "rest-user-groups-cache-expiration",
+			Value:       5,
+			Usage:       "Time in minutes for redis cache expiration.",
+			EnvVars:     []string{"REVA_REST_CACHE_EXPIRATION"},
+			Destination: &cfg.Reva.UserRest.UserGroupsCacheExpiration,
+		},
+		&cli.StringFlag{
+			Name:        "rest-id-provider",
+			Value:       "",
+			Usage:       "The OIDC Provider",
+			EnvVars:     []string{"REVA_REST_ID_PROVIDER"},
+			Destination: &cfg.Reva.UserRest.IDProvider,
+		},
+		&cli.StringFlag{
+			Name:        "rest-api-base-url",
+			Value:       "",
+			Usage:       "Base API Endpoint",
+			EnvVars:     []string{"REVA_REST_API_BASE_URL"},
+			Destination: &cfg.Reva.UserRest.APIBaseURL,
+		},
+		&cli.StringFlag{
+			Name:        "rest-oidc-token-endpoint",
+			Value:       "",
+			Usage:       "Endpoint to generate token to access the API",
+			EnvVars:     []string{"REVA_REST_OIDC_TOKEN_ENDPOINT"},
+			Destination: &cfg.Reva.UserRest.OIDCTokenEndpoint,
+		},
+		&cli.StringFlag{
+			Name:        "rest-target-api",
+			Value:       "",
+			Usage:       "The target application",
+			EnvVars:     []string{"REVA_REST_TARGET_API"},
+			Destination: &cfg.Reva.UserRest.TargetAPI,
+		},

 		// Services

@@ -242,7 +312,7 @@ func UsersWithConfig(cfg *config.Config) []cli.Flag {
 		&cli.StringFlag{
 			Name:        "driver",
 			Value:       "ldap",
-			Usage:       "user driver: 'demo', 'json' or 'ldap'",
+			Usage:       "user driver: 'demo', 'json', 'ldap', or 'rest'",
 			EnvVars:     []string{"REVA_USERS_DRIVER"},
 			Destination: &cfg.Reva.Users.Driver,
 		},