mirror of
https://github.com/owncloud/ocis
synced 2026-04-26 01:35:25 +02:00
ee974afebf
* Introduce TLS Settings for go-micro based grpc services and clients TLS for the services can be configure by setting the OCIS_MICRO_GRPC_TLS_ENABLED" "OCIS_MICRO_GRPC_TLS_CERTIFICATE" and "OCIS_MICRO_GRPC_TLS_KEY" enviroment variables. TLS for the clients can configured by setting the "OCIS_MICRO_GRPC_CLIENT_TLS_MODE" and "OCIS_MICRO_GRPC_CLIENT_TLS_CACERT" variables. By default TLS is disabled. Co-authored-by: Martin <github@diemattels.at> * Unify TLS configuration for all grpc services All grpc service (whether they're based on reva) or go-micro use the same set of config vars now. TLS for the services can be configure by setting the OCIS_GRPC_TLS_ENABLED, OCIS_GRPC_TLS_CERTIFICATE and OCIS_GRPC_TLS_KEY enviroment variables. TLS for the clients can configured by setting the OCIS_GRPC_CLIENT_TLS_MODE and OCIS_MICRO_GRPC_CLIENT_TLS_CACERT variables. There are no individual per service config vars currently. If really needed, per service tls configurations can be specified via config file. Co-authored-by: Martin <github@diemattels.at> Co-authored-by: Martin <github@diemattels.at>
132 lines
3.9 KiB
Go
132 lines
3.9 KiB
Go
package defaults
|
|
|
|
import (
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/config/defaults"
|
|
"github.com/owncloud/ocis/v2/ocis-pkg/shared"
|
|
"github.com/owncloud/ocis/v2/services/graph/pkg/config"
|
|
)
|
|
|
|
func FullDefaultConfig() *config.Config {
|
|
cfg := DefaultConfig()
|
|
EnsureDefaults(cfg)
|
|
Sanitize(cfg)
|
|
return cfg
|
|
}
|
|
|
|
func DefaultConfig() *config.Config {
|
|
return &config.Config{
|
|
Debug: config.Debug{
|
|
Addr: "127.0.0.1:9124",
|
|
Token: "",
|
|
},
|
|
HTTP: config.HTTP{
|
|
Addr: "127.0.0.1:9120",
|
|
Namespace: "com.owncloud.graph",
|
|
Root: "/graph",
|
|
},
|
|
Service: config.Service{
|
|
Name: "graph",
|
|
},
|
|
Reva: shared.DefaultRevaConfig(),
|
|
Spaces: config.Spaces{
|
|
WebDavBase: "https://localhost:9200",
|
|
WebDavPath: "/dav/spaces/",
|
|
DefaultQuota: "1000000000",
|
|
},
|
|
Identity: config.Identity{
|
|
Backend: "ldap",
|
|
LDAP: config.LDAP{
|
|
URI: "ldaps://localhost:9235",
|
|
Insecure: false,
|
|
CACert: path.Join(defaults.BaseDataPath(), "idm", "ldap.crt"),
|
|
BindDN: "uid=libregraph,ou=sysusers,o=libregraph-idm",
|
|
UseServerUUID: false,
|
|
UsePasswordModExOp: true,
|
|
WriteEnabled: true,
|
|
UserBaseDN: "ou=users,o=libregraph-idm",
|
|
UserSearchScope: "sub",
|
|
UserFilter: "",
|
|
UserObjectClass: "inetOrgPerson",
|
|
UserEmailAttribute: "mail",
|
|
UserDisplayNameAttribute: "displayName",
|
|
UserNameAttribute: "uid",
|
|
// FIXME: switch this to some more widely available attribute by default
|
|
// ideally this needs to be constant for the lifetime of a users
|
|
UserIDAttribute: "owncloudUUID",
|
|
GroupBaseDN: "ou=groups,o=libregraph-idm",
|
|
GroupSearchScope: "sub",
|
|
GroupFilter: "",
|
|
GroupObjectClass: "groupOfNames",
|
|
GroupNameAttribute: "cn",
|
|
GroupIDAttribute: "owncloudUUID",
|
|
},
|
|
},
|
|
Events: config.Events{
|
|
Endpoint: "127.0.0.1:9233",
|
|
Cluster: "ocis-cluster",
|
|
EnableTLS: false,
|
|
},
|
|
}
|
|
}
|
|
|
|
func EnsureDefaults(cfg *config.Config) {
|
|
// provide with defaults for shared logging, since we need a valid destination address for "envdecode".
|
|
if cfg.Log == nil && cfg.Commons != nil && cfg.Commons.Log != nil {
|
|
cfg.Log = &config.Log{
|
|
Level: cfg.Commons.Log.Level,
|
|
Pretty: cfg.Commons.Log.Pretty,
|
|
Color: cfg.Commons.Log.Color,
|
|
File: cfg.Commons.Log.File,
|
|
}
|
|
} else if cfg.Log == nil {
|
|
cfg.Log = &config.Log{}
|
|
}
|
|
// provide with defaults for shared tracing, since we need a valid destination address for "envdecode".
|
|
if cfg.Tracing == nil && cfg.Commons != nil && cfg.Commons.Tracing != nil {
|
|
cfg.Tracing = &config.Tracing{
|
|
Enabled: cfg.Commons.Tracing.Enabled,
|
|
Type: cfg.Commons.Tracing.Type,
|
|
Endpoint: cfg.Commons.Tracing.Endpoint,
|
|
Collector: cfg.Commons.Tracing.Collector,
|
|
}
|
|
} else if cfg.Tracing == nil {
|
|
cfg.Tracing = &config.Tracing{}
|
|
}
|
|
|
|
if cfg.CacheStore == nil && cfg.Commons != nil && cfg.Commons.CacheStore != nil {
|
|
cfg.CacheStore = &config.CacheStore{
|
|
Type: cfg.Commons.CacheStore.Type,
|
|
Address: cfg.Commons.CacheStore.Address,
|
|
Size: cfg.Commons.CacheStore.Size,
|
|
}
|
|
} else if cfg.CacheStore == nil {
|
|
cfg.CacheStore = &config.CacheStore{}
|
|
}
|
|
|
|
if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil {
|
|
cfg.TokenManager = &config.TokenManager{
|
|
JWTSecret: cfg.Commons.TokenManager.JWTSecret,
|
|
}
|
|
} else if cfg.TokenManager == nil {
|
|
cfg.TokenManager = &config.TokenManager{}
|
|
}
|
|
|
|
if cfg.GRPCClientTLS == nil {
|
|
cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
|
|
if cfg.Commons != nil && cfg.Commons.GRPCClientTLS != nil {
|
|
cfg.GRPCClientTLS.Mode = cfg.Commons.GRPCClientTLS.Mode
|
|
cfg.GRPCClientTLS.CACert = cfg.Commons.GRPCClientTLS.CACert
|
|
}
|
|
}
|
|
}
|
|
|
|
func Sanitize(cfg *config.Config) {
|
|
// sanitize config
|
|
if cfg.HTTP.Root != "/" {
|
|
cfg.HTTP.Root = strings.TrimSuffix(cfg.HTTP.Root, "/")
|
|
}
|
|
}
|