From dbf87bb880a0488777ffe3b88161a902ebb2d400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Fri, 13 Sep 2024 15:14:06 +0200 Subject: [PATCH] fix ocm token MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- changelog/unreleased/fix-ocm-token.md | 5 +++++ services/ocm/pkg/config/config.go | 1 + services/ocm/pkg/config/defaults/defaultconfig.go | 8 ++++++++ services/ocm/pkg/config/reva.go | 6 ++++++ services/ocm/pkg/revaconfig/config.go | 1 + 5 files changed, 21 insertions(+) create mode 100644 changelog/unreleased/fix-ocm-token.md create mode 100644 services/ocm/pkg/config/reva.go diff --git a/changelog/unreleased/fix-ocm-token.md b/changelog/unreleased/fix-ocm-token.md new file mode 100644 index 00000000000..8d09a3baa97 --- /dev/null +++ b/changelog/unreleased/fix-ocm-token.md @@ -0,0 +1,5 @@ +Bugfix: Fixed the ocm tocken + +We now pass the JWT secret to the reva runtime. + +https://github.com/owncloud/ocis/pull/10050 diff --git a/services/ocm/pkg/config/config.go b/services/ocm/pkg/config/config.go index 4c81695d4eb..b41c6eaf007 100644 --- a/services/ocm/pkg/config/config.go +++ b/services/ocm/pkg/config/config.go @@ -27,6 +27,7 @@ type Config struct { ServiceAccount ServiceAccount `yaml:"service_account"` Events Events `yaml:"-"` + TokenManager *TokenManager `yaml:"token_manager"` Reva *shared.Reva `yaml:"reva"` OCMD OCMD `yaml:"ocmd"` ScienceMesh ScienceMesh `yaml:"sciencemesh"` diff --git a/services/ocm/pkg/config/defaults/defaultconfig.go b/services/ocm/pkg/config/defaults/defaultconfig.go index 311945edd52..1b4cdae30c5 100644 --- a/services/ocm/pkg/config/defaults/defaultconfig.go +++ b/services/ocm/pkg/config/defaults/defaultconfig.go @@ -165,6 +165,14 @@ func EnsureDefaults(cfg *config.Config) { cfg.Reva = structs.CopyOrZeroValue(cfg.Commons.Reva) } + if cfg.TokenManager == nil && cfg.Commons != nil && cfg.Commons.TokenManager != nil { + cfg.TokenManager = &config.TokenManager{ + JWTSecret: cfg.Commons.TokenManager.JWTSecret, + } + } else if cfg.TokenManager == nil { + cfg.TokenManager = &config.TokenManager{} + } + if cfg.GRPCClientTLS == nil && cfg.Commons != nil { cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS) } diff --git a/services/ocm/pkg/config/reva.go b/services/ocm/pkg/config/reva.go new file mode 100644 index 00000000000..0c7396b045b --- /dev/null +++ b/services/ocm/pkg/config/reva.go @@ -0,0 +1,6 @@ +package config + +// TokenManager is the config for using the reva token manager +type TokenManager struct { + JWTSecret string `yaml:"jwt_secret" env:"OCIS_JWT_SECRET;OCM_JWT_SECRET" desc:"The secret to mint and validate jwt tokens." introductionVersion:"pre5.0"` +} diff --git a/services/ocm/pkg/revaconfig/config.go b/services/ocm/pkg/revaconfig/config.go index f50c17bbc24..7a7231df21b 100644 --- a/services/ocm/pkg/revaconfig/config.go +++ b/services/ocm/pkg/revaconfig/config.go @@ -11,6 +11,7 @@ import ( func OCMConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]interface{} { return map[string]interface{}{ "shared": map[string]interface{}{ + "jwt_secret": cfg.TokenManager.JWTSecret, "gatewaysvc": cfg.Reva.Address, // Todo or address? "grpc_client_options": cfg.Reva.GetGRPCClientConfig(), },