diff --git a/.drone.star b/.drone.star index d9d3742548a..233af39339f 100644 --- a/.drone.star +++ b/.drone.star @@ -1943,7 +1943,7 @@ def ocisServer(storage, accounts_hash_difficulty = 4, volumes = [], depends_on = "SHARING_USER_OWNCLOUDSQL_DB_NAME": "owncloud", # General oCIS config # OCIS_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services - "OCIS_RUN_SERVICES": "app-registry,app-provider,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav", + "OCIS_RUN_SERVICES": "app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav", "OCIS_LOG_LEVEL": "info", "OCIS_URL": OCIS_URL, "OCIS_BASE_DATA_PATH": "/mnt/data/ocis", diff --git a/.vscode/launch.json b/.vscode/launch.json index 7eae3242115..144562162e8 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -27,7 +27,7 @@ // demo users "IDM_CREATE_DEMO_USERS": "true", // OCIS_RUN_SERVICES allows to start a subset of services even in the supervised mode - //"OCIS_RUN_SERVICES": "settings,storage-system,graph,graph-explorer,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,auth-bearer,storage-authmachine,storage-users,storage-shares,storage-publiclink,storage-system,app-provider,sharing,proxy,ocdav", + //"OCIS_RUN_SERVICES": "settings,storage-system,graph,graph-explorer,idp,idm,ocs,store,thumbnails,web,webdav,frontend,gateway,users,groups,auth-basic,storage-authmachine,storage-users,storage-shares,storage-publiclink,storage-system,app-provider,sharing,proxy,ocdav", /* * Keep secrets and passwords in one block to allow easy uncommenting diff --git a/changelog/unreleased/fix-no-auth-bearer.md b/changelog/unreleased/fix-no-auth-bearer.md new file mode 100644 index 00000000000..e39f741e669 --- /dev/null +++ b/changelog/unreleased/fix-no-auth-bearer.md @@ -0,0 +1,8 @@ +Bugfix: Don't run auth-bearer service by default + +We no longer start the auth-bearer service by default. This service is +currently unused and not required to run ocis. The equivalent functionality +to verify OpenID connect tokens and to mint reva tokes for OIDC authenticated +clients is currently implemented inside the oidc-auth middleware of the proxy. + +https://github.com/owncloud/ocis/issues/4692 diff --git a/deployments/examples/oc10_ocis_parallel/docker-compose.yml b/deployments/examples/oc10_ocis_parallel/docker-compose.yml index c24ad7a6d2b..79a8c880bf5 100644 --- a/deployments/examples/oc10_ocis_parallel/docker-compose.yml +++ b/deployments/examples/oc10_ocis_parallel/docker-compose.yml @@ -111,7 +111,7 @@ services: OCIS_STORAGE_READ_ONLY: "false" # TODO: conflict with OWNCLOUDSQL -> https://github.com/owncloud/ocis/issues/2303 # General oCIS config # OCIS_RUN_SERVICES specifies to start all fullstack services except idm and idp. These are replaced by external services - OCIS_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav + OCIS_RUN_SERVICES: app-registry,app-provider,auth-basic,auth-machine,frontend,gateway,graph,graph-explorer,groups,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose OCIS_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" OCIS_URL: https://${CLOUD_DOMAIN:-cloud.owncloud.test} diff --git a/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/oc10_ocis_parallel/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_hello/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_individual_services/docker-compose.yml b/deployments/examples/ocis_individual_services/docker-compose.yml index 872e927d1f9..401dfa17095 100644 --- a/deployments/examples/ocis_individual_services/docker-compose.yml +++ b/deployments/examples/ocis_individual_services/docker-compose.yml @@ -625,31 +625,6 @@ services: driver: "local" restart: always - auth-bearer: - image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} - deploy: - replicas: ${OCIS_SCALE:-1} - networks: - ocis-net: - entrypoint: - - ocis - - auth-bearer - - server - environment: - AUTH_BEARER_LOG_LEVEL: "${OCIS_LOG_LEVEL:-error}" - AUTH_BEARER_LOG_COLOR: "${OCIS_LOG_COLOR:-false}" - AUTH_BEARER_LOG_PRETTY: "${OCIS_LOG_PRETTY:-false}" - - AUTH_BEARER_GRPC_ADDR: 0.0.0.0:9148 - - AUTH_BEARER_JWT_SECRET: ${OCIS_JWT_SECRET} - REVA_GATEWAY: gateway:9142 - AUTH_BEARER_OIDC_ISSUER: https://${OCIS_DOMAIN} - - logging: - driver: "local" - restart: always - storage-shares: image: owncloud/ocis:${OCIS_DOCKER_TAG:-latest} deploy: @@ -873,8 +848,6 @@ services: GATEWAY_USERS_ENDPOINT: users:9144 GATEWAY_GROUPS_ENDPOINT: groups:9160 GATEWAY_AUTH_BASIC_ENDPOINT: auth-basic:9146 - GATEWAY_AUTH_BEARER_ENDPOINT: auth-bearer:9148 - GATEWAY_AUTH_MACHINE_ENDPOINT: auth-machine:9166 GATEWAY_PERMISSIONS_ENDPOINT: settings:9191 GATEWAY_SHARING_ENDPOINT: sharing:9150 GATEWAY_STORAGE_PUBLIC_LINK_ENDPOINT: storage-publiclink:9178 diff --git a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml index f71de80a20f..56f7102b26e 100644 --- a/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_individual_services/monitoring_tracing/docker-compose-additions.yml @@ -115,14 +115,6 @@ services: OCIS_TRACING_ENDPOINT: jaeger-agent:6831 # metrics STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 - storage-authbearer: - environment: - # tracing - OCIS_TRACING_ENABLED: "true" - OCIS_TRACING_TYPE: jaeger - OCIS_TRACING_ENDPOINT: jaeger-agent:6831 - # metrics - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 storage-shares: environment: # tracing diff --git a/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_keycloak/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_ldap/docker-compose.yml b/deployments/examples/ocis_ldap/docker-compose.yml index 4fdf99e9cbf..ee7b166314d 100644 --- a/deployments/examples/ocis_ldap/docker-compose.yml +++ b/deployments/examples/ocis_ldap/docker-compose.yml @@ -74,7 +74,7 @@ services: IDP_LDAP_UUID_ATTRIBUTE_TYPE: binary GRAPH_LDAP_SERVER_WRITE_ENABLED: "false" # assuming the external ldap is readonly # OCIS_RUN_SERVICES specifies to start all services except glauth, idm and accounts. These are replaced by external services - OCIS_RUN_SERVICES: app-registry,app-provider,audit,auth-basic,auth-bearer,auth-machine,frontend,gateway,graph,graph-explorer,groups,idp,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav + OCIS_RUN_SERVICES: app-registry,app-provider,audit,auth-basic,auth-machine,frontend,gateway,graph,graph-explorer,groups,idp,nats,notifications,ocdav,ocs,proxy,search,settings,sharing,storage-system,storage-publiclink,storage-shares,storage-users,store,thumbnails,users,web,webdav # General oCIS config OCIS_URL: https://${OCIS_DOMAIN:-ocis.owncloud.test} OCIS_LOG_LEVEL: ${OCIS_LOG_LEVEL:-error} # make oCIS less verbose diff --git a/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_ldap/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_s3/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_s3/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_s3/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_s3/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_traefik/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml b/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml index cc8618faedd..f693971d5cd 100644 --- a/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml +++ b/deployments/examples/ocis_wopi/monitoring_tracing/docker-compose-additions.yml @@ -18,7 +18,6 @@ services: PROXY_DEBUG_ADDR: 0.0.0.0:9205 SETTINGS_DEBUG_ADDR: 0.0.0.0:9194 STORAGE_AUTH_BASIC_DEBUG_ADDR: 0.0.0.0:9147 - STORAGE_AUTH_BEARER_DEBUG_ADDR: 0.0.0.0:9149 STORAGE_AUTH_MACHINE_DEBUG_ADDR: 0.0.0.0:9167 STORAGE_FRONTEND_DEBUG_ADDR: 0.0.0.0:9141 STORAGE_GATEWAY_DEBUG_ADDR: 0.0.0.0:9143 diff --git a/ocis/pkg/runtime/service/service.go b/ocis/pkg/runtime/service/service.go index 7083ba7838c..99623d89183 100644 --- a/ocis/pkg/runtime/service/service.go +++ b/ocis/pkg/runtime/service/service.go @@ -23,7 +23,6 @@ import ( appProvider "github.com/owncloud/ocis/v2/services/app-provider/pkg/command" appRegistry "github.com/owncloud/ocis/v2/services/app-registry/pkg/command" authbasic "github.com/owncloud/ocis/v2/services/auth-basic/pkg/command" - authbearer "github.com/owncloud/ocis/v2/services/auth-bearer/pkg/command" authmachine "github.com/owncloud/ocis/v2/services/auth-machine/pkg/command" frontend "github.com/owncloud/ocis/v2/services/frontend/pkg/command" gateway "github.com/owncloud/ocis/v2/services/gateway/pkg/command" @@ -121,7 +120,6 @@ func NewService(options ...Option) (*Service, error) { s.ServicesRegistry[opts.Config.Users.Service.Name] = users.NewSutureService s.ServicesRegistry[opts.Config.Groups.Service.Name] = groups.NewSutureService s.ServicesRegistry[opts.Config.AuthBasic.Service.Name] = authbasic.NewSutureService - s.ServicesRegistry[opts.Config.AuthBearer.Service.Name] = authbearer.NewSutureService s.ServicesRegistry[opts.Config.AuthMachine.Service.Name] = authmachine.NewSutureService s.ServicesRegistry[opts.Config.StorageUsers.Service.Name] = storageusers.NewSutureService s.ServicesRegistry[opts.Config.StorageShares.Service.Name] = storageshares.NewSutureService diff --git a/services/gateway/pkg/config/defaults/defaultconfig.go b/services/gateway/pkg/config/defaults/defaultconfig.go index ca8b81d7f1b..94b9b32ace2 100644 --- a/services/gateway/pkg/config/defaults/defaultconfig.go +++ b/services/gateway/pkg/config/defaults/defaultconfig.go @@ -47,7 +47,6 @@ func DefaultConfig() *config.Config { AppRegistryEndpoint: "localhost:9242", AuthBasicEndpoint: "localhost:9146", - AuthBearerEndpoint: "localhost:9148", AuthMachineEndpoint: "localhost:9166", GroupsEndpoint: "localhost:9160", PermissionsEndpoint: "localhost:9191", diff --git a/services/gateway/pkg/revaconfig/config.go b/services/gateway/pkg/revaconfig/config.go index c0f4a21c5af..4f9f0378547 100644 --- a/services/gateway/pkg/revaconfig/config.go +++ b/services/gateway/pkg/revaconfig/config.go @@ -65,7 +65,6 @@ func GatewayConfigFromStruct(cfg *config.Config, logger log.Logger) map[string]i "static": map[string]interface{}{ "rules": map[string]interface{}{ "basic": cfg.AuthBasicEndpoint, - "bearer": cfg.AuthBearerEndpoint, "machine": cfg.AuthMachineEndpoint, "publicshares": cfg.StoragePublicLinkEndpoint, },