Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[tests-only] CERNBox setup for ScienceMesh tests #4391

Merged
merged 10 commits into from
Dec 20, 2023
6 changes: 6 additions & 0 deletions changelog/unreleased/sm-cernbox.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
Enhancement: CERNBox setup for ScienceMesh tests

This PR includes a bundled CERNBox-like web UI and backend
to test the ScienceMesh workflows with OC10 and NC

https://github.com/cs3org/reva/pull/4391
Binary file removed examples/cernbox/cernbox-extensions-bundle.tgz
Binary file not shown.
34 changes: 26 additions & 8 deletions examples/cernbox/cernbox.toml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ level = "debug"

[shared]
gatewaysvc = "{{ vars.internal_gateway }}:19000"
jwt_secret = "reva-secret"

[grpc.services.gateway]
address = ":19000"
Expand All @@ -29,6 +30,7 @@ storageregistrysvc = "{{ grpc.services.storageregistry.address }}"
preferencessvc = "{{ grpc.services.userprovider.address }}"
userprovidersvc = "{{ grpc.services.userprovider.address }}"
usershareprovidersvc = "{{ grpc.services.usershareprovider.address }}"
publicshareprovidersvc = "{{ grpc.services.publicshareprovider.address }}"
ocmcoresvc = "{{ grpc.services.ocmcore.address }}"
ocmshareprovidersvc = "{{ grpc.services.ocmshareprovider.address }}"
ocminvitemanagersvc = "{{ grpc.services.ocminvitemanager.address }}"
Expand Down Expand Up @@ -84,13 +86,14 @@ app_int_url = "http://collabora.docker:9980"
# app_int_url = "https://codimd.docker"


### AUTH PROVIDERS ###
### AUTH ###

[grpc.services.authregistry]
driver = "static"

[grpc.services.authregistry.drivers.static.rules]
basic = "{{ grpc.services.authprovider[0].address }}"
bearer = "{{ grpc.services.authprovider[0].address }}"
machine = "{{ grpc.services.authprovider[1].address }}"
ocmshares = "{{ grpc.services.authprovider[2].address }}"

Expand All @@ -117,16 +120,16 @@ gateway_addr = "{{ vars.internal_gateway }}:19000"
auth_manager = "ocmshares"


### STORAGE PROVIDERS ###
### STORAGE ###

[grpc.services.storageregistry]
driver = "static"

[grpc.services.storageregistry.drivers.static]
home_provider = "/home"
home_provider = "/"

[grpc.services.storageregistry.drivers.static.rules]
"/home" = {"address" = "{{ grpc.services.storageprovider[0].address }}"}
"/" = {"address" = "{{ grpc.services.storageprovider[0].address }}"}
"localhome" = {"address" = "{{ grpc.services.storageprovider[0].address }}"}
"/ocm" = {"address" = "{{ grpc.services.storageprovider[1].address }}"}
"ocm" = {"address" = "{{ grpc.services.storageprovider[1].address }}"}
Expand All @@ -135,11 +138,11 @@ home_provider = "/home"

[[grpc.services.storageprovider]]
driver = "localhome"
mount_path = "/home"
mount_path = "/"
mount_id = "localhome"
expose_data_server = true
data_server_url = "https://localhost:{{ http.services.dataprovider[0].address.port }}/data"
enable_home_creation = false
enable_home_creation = true

[grpc.services.storageprovider.drivers.localhome]
user_layout = "{{.Username}}"
Expand Down Expand Up @@ -172,6 +175,8 @@ driver = "memory"
[grpc.services.publicshareprovider]
driver = "memory"

[grpc.services.preferences]

[grpc.services.ocmcore]
driver = "json"

Expand Down Expand Up @@ -233,9 +238,15 @@ file = ""

### HTTP ENDPOINTS ###

[http.middlewares.auth]
credential_chain = ["publicshares", "basic", "bearer"]
token_strategy_chain = ["bearer", "header"]

[http.middlewares.auth.credentials_by_user_agent]
"mirall" = "basic"

[http.services.appprovider]
address = ":443"
insecure = true

[http.services.datagateway]
address = ":443"
Expand All @@ -259,7 +270,7 @@ driver = "ocmreceived"
[http.services.sciencemesh]
address = ":443"
provider_domain = "{{ vars.provider_domain }}"
mesh_directory_url = "https://sciencemesh.cesnet.cz/iop/meshdir"
mesh_directory_url = "https:/meshdir.docker/meshdir"
ocm_mount_point = "/sciencemesh"

[http.services.sciencemesh.smtp_credentials]
Expand Down Expand Up @@ -376,6 +387,7 @@ string = "10.0.11"

[http.services.ocdav]
address = ":443"
insecure = true

[http.services.prometheus]
address = ":443"
Expand All @@ -386,4 +398,10 @@ address = ":443"
#address = ":443"

[http.middlewares.cors]
allowed_origins = ["*"]
allowed_methods = ["OPTIONS", "LOCK", "GET", "HEAD", "POST", "DELETE", "PROPPATCH", "COPY", "MOVE", "UNLOCK", "PROPFIND", "MKCOL", "REPORT", "SEARCH", "PUT"]
allowed_headers = ["Accept", "Accept-Language", "Authorization", "Content-Language", "Content-Type", "Depth", "OCS-APIREQUEST", "Referer", "sec-ch-ua", "sec-ch-ua-mobile", "sec-ch-ua-platform", "User-Agent", "X-Requested-With"]
debug = true
exposed_headers = []

[http.middlewares.log]
3 changes: 0 additions & 3 deletions examples/cernbox/custom-mime-types-demo.json

This file was deleted.

13 changes: 8 additions & 5 deletions examples/cernbox/keycloak/cernbox.json
Original file line number Diff line number Diff line change
Expand Up @@ -636,7 +636,9 @@
"redirectUris": [
"/realms/cernbox/account/*"
],
"webOrigins": [],
"webOrigins": [
"*"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
Expand Down Expand Up @@ -680,7 +682,9 @@
"redirectUris": [
"/realms/cernbox/account/*"
],
"webOrigins": [],
"webOrigins": [
"*"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
Expand Down Expand Up @@ -815,8 +819,7 @@
"https://cernbox2.docker/*"
],
"webOrigins": [
"https://cernbox1.docker/*",
"https://cernbox2.docker/*"
"*"
],
"notBefore": 0,
"bearerOnly": false,
Expand Down Expand Up @@ -903,7 +906,7 @@
"/admin/cernbox/console/*"
],
"webOrigins": [
"+"
"*"
],
"notBefore": 0,
"bearerOnly": false,
Expand Down
10 changes: 8 additions & 2 deletions examples/cernbox/nginx/nginx.conf
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,10 @@ http {
proxy_set_header Host $host;
}

location ^~ /otg {
return 204;
}

location ^~ /app/ {
proxy_pass https://revad;
proxy_set_header Host $host;
Expand Down Expand Up @@ -139,7 +143,9 @@ http {
}

location ^~ /cernbox {
root /var/www/cernbox;
root /var/www;
add_header Cache-Control "no-cache";
add_header Access-Control-Allow-Origin "https://idp.docker:8443" always;
etag off;
gzip_static on;
}
Expand All @@ -148,7 +154,7 @@ http {
root /var/www/web;
add_header Cache-Control "no-cache";
add_header Access-Control-Allow-Origin "https://idp.docker:8443" always;
etag on;
etag off;
gzip_static on;
try_files $uri /index.html;
}
Expand Down
26 changes: 0 additions & 26 deletions examples/cernbox/providers.testnet.json

This file was deleted.

Binary file added examples/cernbox/web-bundle.tgz
Binary file not shown.
3 changes: 1 addition & 2 deletions examples/cernbox/web.json
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,10 @@
"options": {
"contextHelpers": true,
"enableAdvancedTable": true,
"runningOnEos": true,
"cernFeatures": true,
"hoverableQuickActions": true,
"disableFeedbackLink": true,
"homeFolder": "/home/{{.Id}}",
"homeFolder": "/{{.Id}}",
"previewFileMimeTypes" : [
"image/gif",
"image/png",
Expand Down
22 changes: 15 additions & 7 deletions examples/sciencemesh/providers.testnet.json
Original file line number Diff line number Diff line change
@@ -1,26 +1,34 @@
[
{ "domain": "revad1.docker", "services": [
{ "domain": "revad1.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revad1.docker/ocm/" }, "host": "revad1.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://revad1.docker/remote.php/webdav/" }, "host": "revad1.docker" }
] },
{ "domain": "revad2.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revad2.docker/ocm/" }, "host": "revad2.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://revad2.docker/remote.php/webdav/" }, "host": "revad2.docker" }
] },
{ "domain": "revanextcloud1.docker", "services": [
{ "domain": "revanextcloud1.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revanextcloud1.docker/ocm/" }, "host": "revanextcloud1.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://nc1.docker/remote.php/webdav/" }, "host": "nc1.docker" }
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://nc1.docker/remote.php/webdav/" }, "host": "nextcloud1.docker" }
] },
{ "domain": "revanextcloud2.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revanextcloud2.docker/ocm/" }, "host": "revanextcloud2.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://nc2.docker/remote.php/webdav/" }, "host": "nc2.docker" }
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://nc2.docker/remote.php/webdav/" }, "host": "nextcloud2.docker" }
] },
{ "domain": "revaowncloud1.docker", "services": [
{ "domain": "revaowncloud1.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revaowncloud1.docker/ocm/" }, "host": "revaowncloud1.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://oc1.docker/remote.php/webdav/" }, "host": "oc1.docker" }
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://owncloud1.docker/remote.php/webdav/" }, "host": "owncloud1.docker" }
] },
{ "domain": "revaowncloud2.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revaowncloud2.docker/ocm/" }, "host": "revaowncloud2.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://oc2.docker/remote.php/webdav/" }, "host": "oc2.docker" }
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://owncloud2.docker/remote.php/dav/" }, "host": "owncloud2.docker" }
] },
{ "domain": "revacernbox1.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revacernbox1.docker/ocm/" }, "host": "revacernbox1.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://cernbox1.docker/remote.php/dav/" }, "host": "cernbox1.docker" }
] },
{ "domain": "revacernbox2.docker", "services": [
{ "endpoint": { "type": { "name": "OCM" }, "path": "https://revacernbox2.docker/ocm/" }, "host": "revacernbox2.docker" },
{ "endpoint": { "type": { "name": "Webdav" }, "path": "https://cernbox2.docker/remote.php/dav/" }, "host": "cernbox2.docker" }
] }
]
3 changes: 1 addition & 2 deletions examples/sciencemesh/sciencemesh.toml
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,7 @@ driver = "nextcloud"
provider_domain = "{{ vars.provider_domain }}"
webdav_endpoint = "{{ vars.external_reva_endpoint }}"
webdav_prefix = "{{ vars.external_reva_endpoint }}/remote.php/dav/files"
# TODO the following should become {{ vars.external_reva_endpoint }}/external/{{.Token}}/...
webapp_template = "https://your.revad.org/external/sciencemesh/{{.Token}}/{relative-path-to-shared-resource}"
webapp_template = "{{ vars.external_reva_endpoint }}/external/sciencemesh/{{.Token}}/{relative-path-to-shared-resource}"

[grpc.services.ocmshareprovider.drivers.nextcloud]
webdav_host = "{{ vars.external_reva_endpoint }}"
Expand Down
4 changes: 2 additions & 2 deletions pkg/ocm/provider/authorizer/json/json.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,10 +130,10 @@ func (a *authorizer) IsProviderAllowed(ctx context.Context, pi *ocmprovider.Prov
}

switch {
case !providerAuthorized:
return errtypes.NotFound(pi.GetDomain())
case !a.conf.VerifyRequestHostname:
return nil
case !providerAuthorized:
return errtypes.NotFound(pi.GetDomain())
case len(pi.Services) == 0:
return errtypes.NotSupported("No IP provided")
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/ocm/provider/authorizer/mentix/mentix.go
Original file line number Diff line number Diff line change
Expand Up @@ -185,10 +185,10 @@ func (a *authorizer) IsProviderAllowed(ctx context.Context, pi *ocmprovider.Prov
}

switch {
case !providerAuthorized:
return errtypes.NotFound(pi.GetDomain())
case !a.conf.VerifyRequestHostname:
return nil
case !providerAuthorized:
return errtypes.NotFound(pi.GetDomain())
case len(pi.Services) == 0:
return errtypes.NotSupported(
fmt.Sprintf("mentix: provider %s has no supported services", pi.GetDomain()))
Expand Down
49 changes: 26 additions & 23 deletions tests/sciencemesh/init.sh
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@ BRANCH_NEXTCLOUD_APP=nextcloud
REPO_OWNCLOUD_APP=https://github.com/sciencemesh/nc-sciencemesh
BRANCH_OWNCLOUD_APP=owncloud

# TODO will be dropped in favour of Reva directly serving the UI
CBOX_WEB=https://github.com/cernbox/web-release/releases/latest/download

REPO_WOPISERVER=https://github.com/cs3org/wopiserver
TAG_WOPISERVER=master

Expand Down Expand Up @@ -45,27 +42,33 @@ TAG_WOPISERVER=master
pondersource/dev-stock-owncloud-sciencemesh \
composer install

# CERNBox web and extensions sources: uid=101 is nginx in the nginx container.
# TODO the extensions are temporarily extracted from a tgz
[ ! -d "cernbox-web-sciencemesh" ] && \
mkdir -p temp/cernbox-1-conf temp/cernbox-2-conf && \
cp cernbox/nginx/* temp/cernbox-1-conf && \
cp cernbox/nginx/* temp/cernbox-2-conf && \
# CERNBox web bundle (temporary, to be served by Reva in the future):
# uid=101 is 'nginx' in the nginx container.
[ ! -d "cernbox-web-sciencemesh" ] &&
mkdir cernbox-web-sciencemesh && \
cd cernbox-web-sciencemesh &&
mkdir -p ./web && mkdir -p ./cernbox && \
wget ${CBOX_WEB}/web.tar.gz && \
tar xf web.tar.gz -C ./web --strip-components=1 && \
rm -rf web.tar.gz && \
tar xf ../cernbox/cernbox-extensions-bundle.tgz && \
cd cernbox-web-sciencemesh && \
tar xf ../cernbox/web-bundle.tgz && \
cd web/js && sed -i "s|sciencemesh\.cesnet\.cz\/iop|meshdir\.docker|" \
web-app-science*mjs && \
rm web-app-science*mjs.gz && gzip web-app-science*mjs && \
cd ../.. && \
chmod -R 755 ./* && chown -R 101:101 ./* && \
cd -
cd ..

# wopiserver source code for the config.
[ ! -d "wopi-sciencemesh" ] && \
git clone --branch ${TAG_WOPISERVER} ${REPO_WOPISERVER} wopi-sciencemesh && \
mkdir -p temp/wopi-1-conf temp/wopi-2-conf && \
cp wopi-sciencemesh/wopiserver.conf temp/wopi-1-conf/wopiserver.defaults.conf && \
echo "shared-secret-2" > temp/wopi-1-conf/iopsecret && \
echo "wopisecret" > temp/wopi-1-conf/wopisecret && \
cp temp/wopi-1-conf/* temp/wopi-2-conf/
[ ! -d "wopi-sciencemesh" ] && \
git clone --branch ${TAG_WOPISERVER} ${REPO_WOPISERVER} wopi-sciencemesh \

# Runtime configurations for WOPI and CERNBox.
[ ! -d "temp" ] && \
mkdir -p temp/cernbox-1-conf temp/cernbox-2-conf && \
cp cernbox/nginx/* temp/cernbox-1-conf && \
cp cernbox/nginx/* temp/cernbox-2-conf && \
mkdir -p temp/wopi-1-conf temp/wopi-2-conf && \
cp wopi-sciencemesh/wopiserver.conf \
temp/wopi-1-conf/wopiserver.defaults.conf && \
echo "shared-secret-2" > temp/wopi-1-conf/iopsecret && \
echo "wopisecret" > temp/wopi-1-conf/wopisecret && \
cp temp/wopi-1-conf/* temp/wopi-2-conf/ && \
echo "temp folder for runtime configurations created"

2 changes: 2 additions & 0 deletions tests/sciencemesh/scripts/build-reva.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,7 @@ set -e
git config --global --add safe.directory /reva
# go mod tidy
go mod vendor
#make gaia
#gaia build --with github.com/cernbox/reva-ocweb-plugin --with github.com/cs3org/reva=$(shell pwd) -o ./cmd/revad/revad
make revad
make reva
Loading