eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-25 17:25:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

[full-ci] Introduce TLS Settings for go-micro based grpc services and clients (#4901)

Browse Source 
* Introduce TLS Settings for go-micro based grpc services and clients

TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED"
"OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY"
enviroment variables.

TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE"
and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables.

By default TLS is disabled.

Co-authored-by: Martin <github@diemattels.at>

* Unify TLS configuration for all grpc services

All grpc service (whether they're based on reva) or go-micro use the
same set of config vars now.

TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED,
OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables.

TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE
and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables.

There are no individual per service config vars currently. If really
needed, per service tls configurations can be specified via config file.

Co-authored-by: Martin <github@diemattels.at>

Co-authored-by: Martin <github@diemattels.at>
This commit is contained in:
Ralf Haferkamp
2022-11-03 10:17:08 +01:00
committed by GitHub
parent b7482e5410
commit ee974afebf
91 changed files with 746 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/notifications/pkg/config/defaults/defaultconfig.go
View File

@@ -37,9 +37,7 @@ func DefaultConfig() *config.Config {
ConsumerGroup: "notifications",
EnableTLS: false,
},
RevaGateway: shared.DefaultRevaConfig().Address,
RevaGatewayTLSMode: shared.DefaultRevaConfig().TLSMode,
RevaGatewayTLSCACert: shared.DefaultRevaConfig().TLSCACert,
RevaGateway: shared.DefaultRevaConfig().Address,
},
}
}
@@ -60,6 +58,12 @@ func EnsureDefaults(cfg *config.Config) {
if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
}
if cfg.Notifications.GRPCClientTLS == nil {
cfg.Notifications.GRPCClientTLS = &shared.GRPCClientTLS{}
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
cfg.Notifications.GRPCClientTLS = cfg.Commons.GRPCClientTLS
}
}
}
func Sanitize(cfg *config.Config) {