From 972adafd290f20350b9c0662ee2a656f50b15ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= Date: Thu, 29 Feb 2024 11:19:01 +0100 Subject: [PATCH] verify all system accounts are set MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jörn Friedrich Dreyer --- .vscode/launch.json | 6 +++++- ocis-pkg/shared/errors.go | 16 ++++++++++++++++ services/auth-service/pkg/config/parser/parse.go | 7 +++++++ services/clientlog/pkg/config/parser/parse.go | 7 +++++++ services/frontend/pkg/config/parser/parse.go | 7 +++++++ services/graph/pkg/config/parser/parse.go | 7 +++++++ .../notifications/pkg/config/parser/parse.go | 9 +++++++++ services/ocm/pkg/config/parser/parse.go | 8 ++++++++ services/proxy/pkg/config/parser/parse.go | 7 +++++++ services/search/pkg/config/parser/parse.go | 8 ++++++++ services/settings/pkg/config/parser/parse.go | 4 ++++ .../storage-users/pkg/config/parser/parse.go | 7 +++++++ services/userlog/pkg/config/parser/parse.go | 7 +++++++ 13 files changed, 99 insertions(+), 1 deletion(-) diff --git a/.vscode/launch.json b/.vscode/launch.json index 39cc02800e3..aaf63a8c7a2 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -65,7 +65,11 @@ "GATEWAY_STORAGE_USERS_MOUNT_ID": "storage-users-1", "STORAGE_USERS_MOUNT_ID": "storage-users-1", // graph application ID - "GRAPH_APPLICATION_ID": "application-1" + "GRAPH_APPLICATION_ID": "application-1", + + // service accounts + "OCIS_SERVICE_ACCOUNT_ID": "service-account-id", + "OCIS_SERVICE_ACCOUNT_SECRET": "service-account-secret" } } ] diff --git a/ocis-pkg/shared/errors.go b/ocis-pkg/shared/errors.go index da5660b6171..be681d6ec02 100644 --- a/ocis-pkg/shared/errors.go +++ b/ocis-pkg/shared/errors.go @@ -69,3 +69,19 @@ func MissingAdminUserID(service string) error { "the config/corresponding environment variable).", service, defaults.BaseConfigPath()) } + +func MissingServiceAccountID(service string) error { + return fmt.Errorf("The service account id has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} + +func MissingServiceAccountSecret(service string) error { + return fmt.Errorf("The service account secret has not been configured for %s. "+ + "Make sure your %s config contains the proper values "+ + "(e.g. by running ocis init or setting it manually in "+ + "the config/corresponding environment variable).", + service, defaults.BaseConfigPath()) +} diff --git a/services/auth-service/pkg/config/parser/parse.go b/services/auth-service/pkg/config/parser/parse.go index 2bb6b66305a..5e783305232 100644 --- a/services/auth-service/pkg/config/parser/parse.go +++ b/services/auth-service/pkg/config/parser/parse.go @@ -38,5 +38,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/clientlog/pkg/config/parser/parse.go b/services/clientlog/pkg/config/parser/parse.go index 99ad1d14cc9..2006207e0e0 100644 --- a/services/clientlog/pkg/config/parser/parse.go +++ b/services/clientlog/pkg/config/parser/parse.go @@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/frontend/pkg/config/parser/parse.go b/services/frontend/pkg/config/parser/parse.go index 66e6b87b796..121e033bb0e 100644 --- a/services/frontend/pkg/config/parser/parse.go +++ b/services/frontend/pkg/config/parser/parse.go @@ -56,5 +56,12 @@ func Validate(cfg *config.Config) error { cfg.OCS.WriteablePublicShareMustHavePassword = true } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/graph/pkg/config/parser/parse.go b/services/graph/pkg/config/parser/parse.go index 893870f4543..06813a7ce8d 100644 --- a/services/graph/pkg/config/parser/parse.go +++ b/services/graph/pkg/config/parser/parse.go @@ -65,6 +65,13 @@ func Validate(cfg *config.Config) error { "graph", defaults2.BaseConfigPath()) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/notifications/pkg/config/parser/parse.go b/services/notifications/pkg/config/parser/parse.go index b1742028397..127a26cc688 100644 --- a/services/notifications/pkg/config/parser/parse.go +++ b/services/notifications/pkg/config/parser/parse.go @@ -5,6 +5,7 @@ import ( "fmt" ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/services/notifications/pkg/config" "github.com/owncloud/ocis/v2/services/notifications/pkg/config/defaults" "github.com/owncloud/ocis/v2/services/notifications/pkg/logging" @@ -52,5 +53,13 @@ func Validate(cfg *config.Config) error { ) } } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/ocm/pkg/config/parser/parse.go b/services/ocm/pkg/config/parser/parse.go index 223df488b29..b13a2d4fbcd 100644 --- a/services/ocm/pkg/config/parser/parse.go +++ b/services/ocm/pkg/config/parser/parse.go @@ -4,6 +4,7 @@ import ( "errors" ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config" + "github.com/owncloud/ocis/v2/ocis-pkg/shared" "github.com/owncloud/ocis/v2/ocis-pkg/structs" "github.com/owncloud/ocis/v2/services/ocm/pkg/config" "github.com/owncloud/ocis/v2/services/ocm/pkg/config/defaults" @@ -39,5 +40,12 @@ func Validate(cfg *config.Config) error { cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS) } + if cfg.ServiceAccount.ID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.Secret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/proxy/pkg/config/parser/parse.go b/services/proxy/pkg/config/parser/parse.go index 3baa6491ad4..af176ccf9f1 100644 --- a/services/proxy/pkg/config/parser/parse.go +++ b/services/proxy/pkg/config/parser/parse.go @@ -53,5 +53,12 @@ func Validate(cfg *config.Config) error { ) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/search/pkg/config/parser/parse.go b/services/search/pkg/config/parser/parse.go index 70e7df56711..c16ccebac70 100644 --- a/services/search/pkg/config/parser/parse.go +++ b/services/search/pkg/config/parser/parse.go @@ -37,5 +37,13 @@ func Validate(cfg *config.Config) error { if cfg.TokenManager.JWTSecret == "" { return shared.MissingJWTTokenError(cfg.Service.Name) } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil } diff --git a/services/settings/pkg/config/parser/parse.go b/services/settings/pkg/config/parser/parse.go index 02e253e2772..bbfcd1175dc 100644 --- a/services/settings/pkg/config/parser/parse.go +++ b/services/settings/pkg/config/parser/parse.go @@ -49,5 +49,9 @@ func Validate(cfg *config.Config) error { return shared.MissingAdminUserID(cfg.Service.Name) } + if len(cfg.ServiceAccountIDs) == 0 { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + return nil } diff --git a/services/storage-users/pkg/config/parser/parse.go b/services/storage-users/pkg/config/parser/parse.go index 9347c621e8e..e9d69cc9e2c 100644 --- a/services/storage-users/pkg/config/parser/parse.go +++ b/services/storage-users/pkg/config/parser/parse.go @@ -47,5 +47,12 @@ func Validate(cfg *config.Config) error { "the config/corresponding environment variable).", "storage-users", defaults2.BaseConfigPath()) } + + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } return nil } diff --git a/services/userlog/pkg/config/parser/parse.go b/services/userlog/pkg/config/parser/parse.go index 64e69ac91ae..7cb43fb0f92 100644 --- a/services/userlog/pkg/config/parser/parse.go +++ b/services/userlog/pkg/config/parser/parse.go @@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error { return shared.MissingJWTTokenError(cfg.Service.Name) } + if cfg.ServiceAccount.ServiceAccountID == "" { + return shared.MissingServiceAccountID(cfg.Service.Name) + } + if cfg.ServiceAccount.ServiceAccountSecret == "" { + return shared.MissingServiceAccountSecret(cfg.Service.Name) + } + return nil }