From f88c000bacbd3d31e95c86a577928033b473449c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Mon, 2 May 2022 12:36:30 +0000
Subject: [PATCH] generate metadata user id
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 .../settings/pkg/config/defaults/defaultconfig.go      |  5 ++++-
 .../sharing/pkg/config/defaults/defaultconfig.go       | 10 ++++++++--
 extensions/sharing/pkg/config/parser/parse.go          |  8 ++++++++
 extensions/storage-metadata/pkg/command/command.go     |  2 +-
 extensions/storage-metadata/pkg/config/config.go       |  3 ++-
 .../pkg/config/defaults/defaultconfig.go               |  5 +++++
 extensions/storage-metadata/pkg/config/parser/parse.go |  4 ++++
 ocis-pkg/config/config.go                              |  1 +
 ocis-pkg/config/parser/parse.go                        |  8 ++++++++
 ocis-pkg/shared/errors.go                              |  8 ++++++++
 ocis-pkg/shared/shared_types.go                        |  1 +
 ocis/pkg/init/init.go                                  |  5 +++++
 12 files changed, 55 insertions(+), 5 deletions(-)

diff --git a/extensions/settings/pkg/config/defaults/defaultconfig.go b/extensions/settings/pkg/config/defaults/defaultconfig.go
index 29cc21d03a..5e87d0702b 100644
--- a/extensions/settings/pkg/config/defaults/defaultconfig.go
+++ b/extensions/settings/pkg/config/defaults/defaultconfig.go
@@ -52,7 +52,6 @@ func DefaultConfig() *config.Config {
 		Metadata: config.Metadata{
 			GatewayAddress: "127.0.0.1:9215", // metadata storage
 			StorageAddress: "127.0.0.1:9215",
-			ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
 			ServiceUserIDP: "internal",
 		},
 	}
@@ -93,6 +92,10 @@ func EnsureDefaults(cfg *config.Config) {
 	if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
 		cfg.Metadata.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
+
+	if cfg.Metadata.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
+		cfg.Metadata.ServiceUserID = cfg.Commons.MetadataUserID
+	}
 }
 
 func Sanitize(cfg *config.Config) {
diff --git a/extensions/sharing/pkg/config/defaults/defaultconfig.go b/extensions/sharing/pkg/config/defaults/defaultconfig.go
index 04868d9b6c..924e432288 100644
--- a/extensions/sharing/pkg/config/defaults/defaultconfig.go
+++ b/extensions/sharing/pkg/config/defaults/defaultconfig.go
@@ -49,7 +49,6 @@ func DefaultConfig() *config.Config {
 			},
 			CS3: config.UserSharingCS3Driver{
 				ProviderAddr:   "127.0.0.1:9215", // metadata storage
-				ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
 				ServiceUserIDP: "internal",
 			},
 		},
@@ -70,7 +69,6 @@ func DefaultConfig() *config.Config {
 			},
 			CS3: config.PublicSharingCS3Driver{
 				ProviderAddr:   "127.0.0.1:9215", // metadata storage
-				ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
 				ServiceUserIDP: "internal",
 			},
 		},
@@ -125,9 +123,17 @@ func EnsureDefaults(cfg *config.Config) {
 		cfg.UserSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
 
+	if cfg.UserSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
+		cfg.UserSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID
+	}
+
 	if cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
 		cfg.PublicSharingDrivers.CS3.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
+
+	if cfg.PublicSharingDrivers.CS3.ServiceUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
+		cfg.PublicSharingDrivers.CS3.ServiceUserID = cfg.Commons.MetadataUserID
+	}
 }
 
 func Sanitize(cfg *config.Config) {
diff --git a/extensions/sharing/pkg/config/parser/parse.go b/extensions/sharing/pkg/config/parser/parse.go
index a8a7b00e2a..afc4d88b8e 100644
--- a/extensions/sharing/pkg/config/parser/parse.go
+++ b/extensions/sharing/pkg/config/parser/parse.go
@@ -42,9 +42,17 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
 	}
 
+	if cfg.PublicSharingDriver == "cs3" && cfg.PublicSharingDrivers.CS3.ServiceUserID == "" {
+		return shared.MissingMetadataUserID(cfg.Service.Name)
+	}
+
 	if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.MachineAuthAPIKey == "" {
 		return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
 	}
 
+	if cfg.UserSharingDriver == "cs3" && cfg.UserSharingDrivers.CS3.ServiceUserID == "" {
+		return shared.MissingMetadataUserID(cfg.Service.Name)
+	}
+
 	return nil
 }
diff --git a/extensions/storage-metadata/pkg/command/command.go b/extensions/storage-metadata/pkg/command/command.go
index c9e5e09323..54eff79d45 100644
--- a/extensions/storage-metadata/pkg/command/command.go
+++ b/extensions/storage-metadata/pkg/command/command.go
@@ -160,7 +160,7 @@ func storageMetadataFromStruct(c *cli.Context, cfg *config.Config) map[string]in
 							"users": map[string]interface{}{
 								"serviceuser": map[string]interface{}{
 									"id": map[string]interface{}{
-										"opaqueId": "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", // FIXME generate service user id
+										"opaqueId": cfg.MetadataUserID,
 										"idp":      "internal",
 										"type":     userpb.UserType_USER_TYPE_PRIMARY,
 									},
diff --git a/extensions/storage-metadata/pkg/config/config.go b/extensions/storage-metadata/pkg/config/config.go
index 2d8869eacb..8c4475600f 100644
--- a/extensions/storage-metadata/pkg/config/config.go
+++ b/extensions/storage-metadata/pkg/config/config.go
@@ -21,7 +21,8 @@ type Config struct {
 
 	TokenManager      *TokenManager `yaml:"token_manager"`
 	Reva              *Reva         `yaml:"reva"`
-	MachineAuthAPIKey string        `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;STORAGE_METADATA_MACHINE_AUTH_API_KEY"`
+	MachineAuthAPIKey string        `yaml:"machine_auth_api_key" env:"STORAGE_METADATA_MACHINE_AUTH_API_KEY"`
+	MetadataUserID    string        `yaml:"metadata_user_id"`
 
 	SkipUserGroupsInToken bool    `yaml:"skip_user_groups_in_token"`
 	Driver                string  `yaml:"driver" env:"STORAGE_METADATA_DRIVER" desc:"The driver which should be used by the service"`
diff --git a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go
index 2b3d84f42a..4f274aa0ca 100644
--- a/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go
+++ b/extensions/storage-metadata/pkg/config/defaults/defaultconfig.go
@@ -125,6 +125,11 @@ func EnsureDefaults(cfg *config.Config) {
 	if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
 		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
 	}
+
+	if cfg.MetadataUserID == "" && cfg.Commons != nil && cfg.Commons.MetadataUserID != "" {
+		cfg.MetadataUserID = cfg.Commons.MetadataUserID
+	}
+
 }
 
 func Sanitize(cfg *config.Config) {
diff --git a/extensions/storage-metadata/pkg/config/parser/parse.go b/extensions/storage-metadata/pkg/config/parser/parse.go
index 019438ab26..413bbd52c5 100644
--- a/extensions/storage-metadata/pkg/config/parser/parse.go
+++ b/extensions/storage-metadata/pkg/config/parser/parse.go
@@ -41,5 +41,9 @@ func Validate(cfg *config.Config) error {
 	if cfg.MachineAuthAPIKey == "" {
 		return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
 	}
+
+	if cfg.MetadataUserID == "" {
+		return shared.MissingMetadataUserID(cfg.Service.Name)
+	}
 	return nil
 }
diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go
index 33b9645d2e..edd2d49772 100644
--- a/ocis-pkg/config/config.go
+++ b/ocis-pkg/config/config.go
@@ -67,6 +67,7 @@ type Config struct {
 	TokenManager      *shared.TokenManager `yaml:"token_manager"`
 	MachineAuthAPIKey string               `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
 	TransferSecret    string               `yaml:"transfer_secret" env:"STORAGE_TRANSFER_SECRET"`
+	MetadataUserID    string               `yaml:"metadata_user_id"`
 	Runtime           Runtime              `yaml:"runtime"`
 
 	Audit             *audit.Config           `yaml:"audit"`
diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go
index 3c4939a23a..cd5f8ab32b 100644
--- a/ocis-pkg/config/parser/parse.go
+++ b/ocis-pkg/config/parser/parse.go
@@ -94,6 +94,10 @@ func EnsureCommons(cfg *config.Config) {
 		cfg.Commons.TransferSecret = cfg.TransferSecret
 	}
 
+	// copy metadata user id to the commons part if set
+	if cfg.MetadataUserID != "" {
+		cfg.Commons.MetadataUserID = cfg.MetadataUserID
+	}
 }
 
 func Validate(cfg *config.Config) error {
@@ -109,5 +113,9 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingMachineAuthApiKeyError("ocis")
 	}
 
+	if cfg.MetadataUserID == "" {
+		return shared.MissingMetadataUserID("ocis")
+	}
+
 	return nil
 }
diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go
index bb4b5f4ec7..de1ed5a825 100644
--- a/ocis-pkg/shared/errors.go
+++ b/ocis-pkg/shared/errors.go
@@ -45,3 +45,11 @@ func MissingServiceUserPassword(service, serviceUser string) error {
 		"the config/corresponding environment variable).",
 		serviceUser, service, defaults.BaseConfigPath())
 }
+
+func MissingMetadataUserID(service string) error {
+	return fmt.Errorf("The metadata user ID has not been configured for %s. "+
+		"Make sure your %s config contains the proper values "+
+		"(e.g. by running ocis init or setting it manually in "+
+		"the config/corresponding environment variable).",
+		service, defaults.BaseConfigPath())
+}
diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go
index f4cf19fc0b..3497bed611 100644
--- a/ocis-pkg/shared/shared_types.go
+++ b/ocis-pkg/shared/shared_types.go
@@ -44,4 +44,5 @@ type Commons struct {
 	Reva              *Reva         `yaml:"reva"`
 	MachineAuthAPIKey string        `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
 	TransferSecret    string        `yaml:"transfer_secret,omitempty" env:"REVA_TRANSFER_SECRET"`
+	MetadataUserID    string        `yaml:"metadata_user_id" env:"METADATA_USER_ID"`
 }
diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go
index 8b2ca85bf0..5cce91746c 100644
--- a/ocis/pkg/init/init.go
+++ b/ocis/pkg/init/init.go
@@ -9,6 +9,7 @@ import (
 	"path"
 	"time"
 
+	"github.com/gofrs/uuid"
 	"github.com/owncloud/ocis/ocis-pkg/generators"
 	"gopkg.in/yaml.v2"
 )
@@ -99,6 +100,7 @@ type OcisConfig struct {
 	TokenManager      TokenManager `yaml:"token_manager"`
 	MachineAuthApiKey string       `yaml:"machine_auth_api_key"`
 	TransferSecret    string       `yaml:"transfer_secret"`
+	MetadataUserID    string       `yaml:"metadata_user_id"`
 	Graph             GraphExtension
 	Idp               LdapBasedExtension
 	Idm               IdmExtension
@@ -160,6 +162,8 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 		return err
 	}
 
+	metadataUserID := uuid.Must(uuid.NewV4()).String()
+
 	idmServicePassword, err := generators.GenerateRandomPassword(passwordLength)
 	if err != nil {
 		return fmt.Errorf("could not generate random password for idm: %s", err)
@@ -199,6 +203,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 		},
 		MachineAuthApiKey: machineAuthApiKey,
 		TransferSecret:    revaTransferSecret,
+		MetadataUserID:    metadataUserID,
 		Idm: IdmExtension{
 			ServiceUserPasswords: ServiceUserPasswordsSettings{
 				AdminPassword: ocisAdminServicePassword,