From 972adafd290f20350b9c0662ee2a656f50b15ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 29 Feb 2024 11:19:01 +0100 Subject: [PATCH 1/2] verify all system accounts are set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- .vscode/launch.json | 6 +++++- ocis-pkg/shared/errors.go | 16 ++++++++++++++++ services/auth-service/pkg/config/parser/parse.go | 7 +++++++ services/clientlog/pkg/config/parser/parse.go | 7 +++++++ services/frontend/pkg/config/parser/parse.go | 7 +++++++ services/graph/pkg/config/parser/parse.go | 7 +++++++ .../notifications/pkg/config/parser/parse.go | 9 +++++++++ services/ocm/pkg/config/parser/parse.go | 8 ++++++++ services/proxy/pkg/config/parser/parse.go | 7 +++++++ services/search/pkg/config/parser/parse.go | 8 ++++++++ services/settings/pkg/config/parser/parse.go | 4 ++++ .../storage-users/pkg/config/parser/parse.go | 7 +++++++ services/userlog/pkg/config/parser/parse.go | 7 +++++++ 13 files changed, 99 insertions(+), 1 deletion(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 39cc02800e..aaf63a8c7a 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -65,7 +65,11 @@ "GATEWAY_STORAGE_USERS_MOUNT_ID": "storage-users-1", "STORAGE_USERS_MOUNT_ID": "storage-users-1", // graph application ID - "GRAPH_APPLICATION_ID": "application-1" + "GRAPH_APPLICATION_ID": "application-1", + + // service accounts + "OCIS_SERVICE_ACCOUNT_ID": "service-account-id", + "OCIS_SERVICE_ACCOUNT_SECRET": "service-account-secret" } } ] diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go index da5660b617..be681d6ec0 100644 --- a/ocis-pkg/shared/errors.go +++ b/ocis-pkg/shared/errors.go @@ -69,3 +69,19 @@ func MissingAdminUserID(service string) error { "the config/corresponding environment variable).", service, defaults.BaseConfigPath()) } + +func MissingServiceAccountID(service string) error { + return fmt.Errorf("The service account id has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingServiceAccountSecret(service string) error { + return fmt.Errorf("The service account secret has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} diff --git a/services/auth-service/pkg/config/parser/parse.go b/services/auth-service/pkg/config/parser/parse.go index 2bb6b66305..5e78330523 100644 --- a/services/auth-service/pkg/config/parser/parse.go +++ b/services/auth-service/pkg/config/parser/parse.go @@ -38,5 +38,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/clientlog/pkg/config/parser/parse.go b/services/clientlog/pkg/config/parser/parse.go index 99ad1d14cc..2006207e0e 100644 --- a/services/clientlog/pkg/config/parser/parse.go +++ b/services/clientlog/pkg/config/parser/parse.go @@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/frontend/pkg/config/parser/parse.go b/services/frontend/pkg/config/parser/parse.go index 66e6b87b79..121e033bb0 100644 --- a/services/frontend/pkg/config/parser/parse.go +++ b/services/frontend/pkg/config/parser/parse.go @@ -56,5 +56,12 @@ func Validate(cfg *config.Config) error { cfg.OCS.WriteablePublicShareMustHavePassword = true } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/graph/pkg/config/parser/parse.go b/services/graph/pkg/config/parser/parse.go index 893870f454..06813a7ce8 100644 --- a/services/graph/pkg/config/parser/parse.go +++ b/services/graph/pkg/config/parser/parse.go @@ -65,6 +65,13 @@ func Validate(cfg *config.Config) error { "graph", defaults2.BaseConfigPath()) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/notifications/pkg/config/parser/parse.go b/services/notifications/pkg/config/parser/parse.go index b174202839..127a26cc68 100644 --- a/services/notifications/pkg/config/parser/parse.go +++ b/services/notifications/pkg/config/parser/parse.go @@ -5,6 +5,7 @@ import ( "fmt" ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/notifications/pkg/config" "github.com/owncloud/ocis/v2/services/notifications/pkg/config/defaults" "github.com/owncloud/ocis/v2/services/notifications/pkg/logging" @@ -52,5 +53,13 @@ func Validate(cfg *config.Config) error { ) } } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/ocm/pkg/config/parser/parse.go b/services/ocm/pkg/config/parser/parse.go index 223df488b2..b13a2d4fbc 100644 --- a/services/ocm/pkg/config/parser/parse.go +++ b/services/ocm/pkg/config/parser/parse.go @@ -4,6 +4,7 @@ import ( "errors" ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/ocis-pkg/structs" "github.com/owncloud/ocis/v2/services/ocm/pkg/config" "github.com/owncloud/ocis/v2/services/ocm/pkg/config/defaults" @@ -39,5 +40,12 @@ func Validate(cfg *config.Config) error { cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS) } + if cfg.ServiceAccount.ID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.Secret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/proxy/pkg/config/parser/parse.go b/services/proxy/pkg/config/parser/parse.go index 3baa6491ad..af176ccf9f 100644 --- a/services/proxy/pkg/config/parser/parse.go +++ b/services/proxy/pkg/config/parser/parse.go @@ -53,5 +53,12 @@ func Validate(cfg *config.Config) error { ) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/search/pkg/config/parser/parse.go b/services/search/pkg/config/parser/parse.go index 70e7df5671..c16ccebac7 100644 --- a/services/search/pkg/config/parser/parse.go +++ b/services/search/pkg/config/parser/parse.go @@ -37,5 +37,13 @@ func Validate(cfg *config.Config) error { if cfg.TokenManager.JWTSecret == "" { return shared.MissingJWTTokenError(cfg.Service.Name) } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/settings/pkg/config/parser/parse.go b/services/settings/pkg/config/parser/parse.go index 02e253e277..bbfcd1175d 100644 --- a/services/settings/pkg/config/parser/parse.go +++ b/services/settings/pkg/config/parser/parse.go @@ -49,5 +49,9 @@ func Validate(cfg *config.Config) error { return shared.MissingAdminUserID(cfg.Service.Name) } + if len(cfg.ServiceAccountIDs) == 0 { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + return nil } diff --git a/services/storage-users/pkg/config/parser/parse.go b/services/storage-users/pkg/config/parser/parse.go index 9347c621e8..e9d69cc9e2 100644 --- a/services/storage-users/pkg/config/parser/parse.go +++ b/services/storage-users/pkg/config/parser/parse.go @@ -47,5 +47,12 @@ func Validate(cfg *config.Config) error { "the config/corresponding environment variable).", "storage-users", defaults2.BaseConfigPath()) } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } return nil } diff --git a/services/userlog/pkg/config/parser/parse.go b/services/userlog/pkg/config/parser/parse.go index 64e69ac91a..7cb43fb0f9 100644 --- a/services/userlog/pkg/config/parser/parse.go +++ b/services/userlog/pkg/config/parser/parse.go @@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } From d0f9471db42212851ce4fd7f147a5545233c1216 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 29 Feb 2024 17:01:10 +0100 Subject: [PATCH 2/2] fix ocm service account init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- ocis/pkg/init/init.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go index 32993ec0a4..70d6865cc1 100644 --- a/ocis/pkg/init/init.go +++ b/ocis/pkg/init/init.go @@ -83,6 +83,10 @@ type FrontendService struct { ServiceAccount ServiceAccount `yaml:"service_account"` } +type OcmService struct { + ServiceAccount ServiceAccount `yaml:"service_account"` +} + type AuthbasicService struct { AuthProviders LdapBasedService `yaml:"auth_providers"` } @@ -194,6 +198,7 @@ type OcisConfig struct { Users UsersAndGroupsService Groups UsersAndGroupsService Ocdav InsecureService + Ocm OcmService Thumbnails ThumbnailService Search Search Audit Audit @@ -393,6 +398,9 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin Frontend: FrontendService{ ServiceAccount: serviceAccount, }, + Ocm: OcmService{ + ServiceAccount: serviceAccount, + }, Clientlog: Clientlog{ ServiceAccount: serviceAccount, },