mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-27 00:00:49 -05:00
37609e52df
This is required for allowing the web office to download images to insert into documents. The secret is generated by `opencloud init` and the server refuses to start now without a secret being set. (Breaking Change) Also the setting is now moved to the shared options as all involved services need the same secret to work properly. Related: https://github.com/opencloud-eu/web/issues/704
70 lines
2.0 KiB
Go
70 lines
2.0 KiB
Go
package parser
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
occfg "github.com/opencloud-eu/opencloud/pkg/config"
|
|
"github.com/opencloud-eu/opencloud/pkg/shared"
|
|
"github.com/opencloud-eu/opencloud/services/proxy/pkg/config"
|
|
"github.com/opencloud-eu/opencloud/services/proxy/pkg/config/defaults"
|
|
|
|
"github.com/opencloud-eu/opencloud/pkg/config/envdecode"
|
|
)
|
|
|
|
// ParseConfig loads configuration from known paths.
|
|
func ParseConfig(cfg *config.Config) error {
|
|
err := occfg.BindSourcesToStructs(cfg.Service.Name, cfg)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defaults.EnsureDefaults(cfg)
|
|
// load all env variables relevant to the config in the current context.
|
|
if err := envdecode.Decode(cfg); err != nil {
|
|
// no environment variable set for this config is an expected "error"
|
|
if !errors.Is(err, envdecode.ErrNoTargetFieldsAreSet) {
|
|
return err
|
|
}
|
|
}
|
|
|
|
defaults.Sanitize(cfg)
|
|
|
|
return Validate(cfg)
|
|
}
|
|
|
|
func Validate(cfg *config.Config) error {
|
|
if cfg.MachineAuthAPIKey == "" {
|
|
return shared.MissingMachineAuthApiKeyError(cfg.Service.Name)
|
|
}
|
|
|
|
if cfg.OIDC.AccessTokenVerifyMethod != config.AccessTokenVerificationNone &&
|
|
cfg.OIDC.AccessTokenVerifyMethod != config.AccessTokenVerificationJWT {
|
|
return fmt.Errorf(
|
|
"Invalid value '%s' for 'access_token_verify_method' in service %s. Possible values are: '%s' or '%s'.",
|
|
cfg.OIDC.AccessTokenVerifyMethod, cfg.Service.Name,
|
|
config.AccessTokenVerificationJWT, config.AccessTokenVerificationNone,
|
|
)
|
|
}
|
|
if cfg.OIDC.AccessTokenVerifyMethod == "none" && cfg.OIDC.SkipUserInfo {
|
|
return fmt.Errorf(
|
|
"Incompatible value '%t' for 'skip_user_info' in service %s. Must be false when 'access_token_verify_method' is 'none'.",
|
|
cfg.OIDC.SkipUserInfo, cfg.Service.Name,
|
|
)
|
|
}
|
|
|
|
if cfg.ServiceAccount.ServiceAccountID == "" {
|
|
return shared.MissingServiceAccountID(cfg.Service.Name)
|
|
}
|
|
|
|
if cfg.ServiceAccount.ServiceAccountSecret == "" {
|
|
return shared.MissingServiceAccountSecret(cfg.Service.Name)
|
|
}
|
|
|
|
if cfg.Commons.URLSigningSecret == "" {
|
|
return shared.MissingURLSigningSecret(cfg.Service.Name)
|
|
}
|
|
|
|
return nil
|
|
}
|