From a4d7696232b3f050076a801e47b1fe3d3c660b73 Mon Sep 17 00:00:00 2001 From: Christian Richter Date: Tue, 26 Apr 2022 10:18:12 +0200 Subject: [PATCH] Move machine-auth-api-key to shared.Commons Signed-off-by: Christian Richter --- .../notifications/pkg/channels/channels.go | 2 +- extensions/notifications/pkg/command/root.go | 2 +- extensions/notifications/pkg/config/config.go | 3 ++- .../pkg/config/defaults/defaultconfig.go | 15 ++++++++++--- .../ocs/pkg/config/defaults/defaultconfig.go | 8 ++++++- .../pkg/config/defaults/defaultconfig.go | 8 ++++++- .../pkg/config/defaults/defaultconfig.go | 16 +++++++++----- .../pkg/config/defaults/defaultconfig.go | 4 +--- ocis-pkg/config/config.go | 7 +++--- ocis-pkg/config/parser/parse.go | 7 ++++++ ocis-pkg/shared/shared_types.go | 9 ++++---- ocis/pkg/command/init.go | 22 ++++++++----------- ocis/pkg/command/server.go | 7 ------ 13 files changed, 67 insertions(+), 43 deletions(-) diff --git a/extensions/notifications/pkg/channels/channels.go b/extensions/notifications/pkg/channels/channels.go index 2d6d9203ecd..956ee692dfc 100644 --- a/extensions/notifications/pkg/channels/channels.go +++ b/extensions/notifications/pkg/channels/channels.go @@ -86,7 +86,7 @@ func (m Mail) getReceiverAddresses(receivers []string) ([]string, error) { res, err := m.gatewayClient.Authenticate(context.Background(), &gateway.AuthenticateRequest{ Type: "machine", ClientId: "userid:" + id, - ClientSecret: m.conf.Notifications.MachineAuthSecret, + ClientSecret: m.conf.Notifications.MachineAuthAPIKey, }) if err != nil { return nil, err diff --git a/extensions/notifications/pkg/command/root.go b/extensions/notifications/pkg/command/root.go index 7a38a24d4f0..e2534e15a61 100644 --- a/extensions/notifications/pkg/command/root.go +++ b/extensions/notifications/pkg/command/root.go @@ -48,7 +48,7 @@ type SutureService struct { // NewSutureService creates a new notifications.SutureService func NewSutureService(cfg *ociscfg.Config) suture.Service { - cfg.Settings.Commons = cfg.Commons + cfg.Notifications.Commons = cfg.Commons return SutureService{ cfg: cfg.Notifications, } diff --git a/extensions/notifications/pkg/config/config.go b/extensions/notifications/pkg/config/config.go index d20818252e0..103d5acdc19 100644 --- a/extensions/notifications/pkg/config/config.go +++ b/extensions/notifications/pkg/config/config.go @@ -22,10 +22,11 @@ type Config struct { // Notifications definces the config options for the notifications service. type Notifications struct { + *shared.Commons `yaml:"-"` SMTP SMTP `yaml:"SMTP,omitempty"` Events Events `yaml:"events,omitempty"` RevaGateway string `yaml:"reva_gateway,omitempty" env:"REVA_GATEWAY;NOTIFICATIONS_REVA_GATEWAY"` - MachineAuthSecret string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"` } // SMTP combines the smtp configuration options. diff --git a/extensions/notifications/pkg/config/defaults/defaultconfig.go b/extensions/notifications/pkg/config/defaults/defaultconfig.go index 19c3cc2df8e..835612a9212 100644 --- a/extensions/notifications/pkg/config/defaults/defaultconfig.go +++ b/extensions/notifications/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,10 @@ package defaults -import "github.com/owncloud/ocis/extensions/notifications/pkg/config" +import ( + "log" + + "github.com/owncloud/ocis/extensions/notifications/pkg/config" +) func FullDefaultConfig() *config.Config { cfg := DefaultConfig() @@ -31,8 +35,7 @@ func DefaultConfig() *config.Config { Cluster: "ocis-cluster", ConsumerGroup: "notifications", }, - RevaGateway: "127.0.0.1:9142", - MachineAuthSecret: "change-me-please", + RevaGateway: "127.0.0.1:9142", }, } } @@ -49,6 +52,12 @@ func EnsureDefaults(cfg *config.Config) { } else if cfg.Log == nil { cfg.Log = &config.Log{} } + + if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } else { + log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name) + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/ocs/pkg/config/defaults/defaultconfig.go b/extensions/ocs/pkg/config/defaults/defaultconfig.go index bcbd7dce10a..74c76d39335 100644 --- a/extensions/ocs/pkg/config/defaults/defaultconfig.go +++ b/extensions/ocs/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "log" "strings" "github.com/owncloud/ocis/extensions/ocs/pkg/config" @@ -44,7 +45,6 @@ func DefaultConfig() *config.Config { Address: "127.0.0.1:9142", }, StorageUsersDriver: "ocis", - MachineAuthAPIKey: "change-me-please", IdentityManagement: config.IdentityManagement{ Address: "https://localhost:9200", }, @@ -82,6 +82,12 @@ func EnsureDefaults(cfg *config.Config) { } else { cfg.TokenManager = &shared.TokenManager{} } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } else { + log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name) + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/proxy/pkg/config/defaults/defaultconfig.go b/extensions/proxy/pkg/config/defaults/defaultconfig.go index 893b2ca2f85..6144197c6be 100644 --- a/extensions/proxy/pkg/config/defaults/defaultconfig.go +++ b/extensions/proxy/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "log" "path" "strings" @@ -45,7 +46,6 @@ func DefaultConfig() *config.Config { AccountBackend: "accounts", UserOIDCClaim: "email", UserCS3Claim: "mail", - MachineAuthAPIKey: "change-me-please", AutoprovisionAccounts: false, EnableBasicAuth: false, InsecureBackends: false, @@ -185,6 +185,12 @@ func EnsureDefaults(cfg *config.Config) { } else { cfg.TokenManager = &config.TokenManager{} } + + if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } else { + log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name) + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/settings/pkg/config/defaults/defaultconfig.go b/extensions/settings/pkg/config/defaults/defaultconfig.go index 2437810da60..bc4faba048f 100644 --- a/extensions/settings/pkg/config/defaults/defaultconfig.go +++ b/extensions/settings/pkg/config/defaults/defaultconfig.go @@ -1,6 +1,7 @@ package defaults import ( + "log" "path" "strings" @@ -53,11 +54,10 @@ func DefaultConfig() *config.Config { }, Metadata: config.Metadata{ - GatewayAddress: "127.0.0.1:9142", - StorageAddress: "127.0.0.1:9215", - ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", - ServiceUserIDP: "https://localhost:9200", - MachineAuthAPIKey: "change-me-please", + GatewayAddress: "127.0.0.1:9142", + StorageAddress: "127.0.0.1:9215", + ServiceUserID: "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad", + ServiceUserIDP: "https://localhost:9200", }, } } @@ -93,6 +93,12 @@ func EnsureDefaults(cfg *config.Config) { } else { cfg.TokenManager = &shared.TokenManager{} } + + if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" { + cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey + } else { + log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name) + } } func Sanitize(cfg *config.Config) { diff --git a/extensions/storage/pkg/config/defaults/defaultconfig.go b/extensions/storage/pkg/config/defaults/defaultconfig.go index 95cc5c6cd2f..d922393eac0 100644 --- a/extensions/storage/pkg/config/defaults/defaultconfig.go +++ b/extensions/storage/pkg/config/defaults/defaultconfig.go @@ -328,9 +328,7 @@ func DefaultConfig() *config.Config { Services: []string{"authprovider"}, Endpoint: "localhost:9166", }, - AuthMachineConfig: config.AuthMachineConfig{ - MachineAuthAPIKey: "change-me-please", - }, + AuthMachineConfig: config.AuthMachineConfig{}, Sharing: config.Sharing{ Port: config.Port{ Endpoint: "localhost:9150", diff --git a/ocis-pkg/config/config.go b/ocis-pkg/config/config.go index befc2d25740..57a2448e179 100644 --- a/ocis-pkg/config/config.go +++ b/ocis-pkg/config/config.go @@ -55,9 +55,10 @@ type Config struct { File string `yaml:",omitempty"` OcisURL string `yaml:"ocis_url,omitempty"` - Registry string `yaml:"registry,omitempty"` - TokenManager *shared.TokenManager `yaml:"token_manager,omitempty"` - Runtime Runtime `yaml:"runtime,omitempty"` + Registry string `yaml:"registry,omitempty"` + TokenManager *shared.TokenManager `yaml:"token_manager,omitempty"` + MachineAuthAPIKey string + Runtime Runtime `yaml:"runtime,omitempty"` Audit *audit.Config `yaml:"audit,omitempty"` Accounts *accounts.Config `yaml:"accounts,omitempty"` diff --git a/ocis-pkg/config/parser/parse.go b/ocis-pkg/config/parser/parse.go index 09bb76dfb41..e77f7986b69 100644 --- a/ocis-pkg/config/parser/parse.go +++ b/ocis-pkg/config/parser/parse.go @@ -2,6 +2,7 @@ package parser import ( "errors" + "log" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/envdecode" @@ -50,6 +51,12 @@ func ParseConfig(cfg *config.Config) error { cfg.TokenManager = cfg.Commons.TokenManager } + if cfg.MachineAuthAPIKey != "" { + cfg.Commons.MachineAuthAPIKey = cfg.MachineAuthAPIKey + } else { + log.Fatalf("machine auth api key is not set up properly, bailing out (ocis)") + } + // load all env variables relevant to the config in the current context. if err := envdecode.Decode(cfg); err != nil { // no environment variable set for this config is an expected "error" diff --git a/ocis-pkg/shared/shared_types.go b/ocis-pkg/shared/shared_types.go index 9439bfcce0c..437e6d0d342 100644 --- a/ocis-pkg/shared/shared_types.go +++ b/ocis-pkg/shared/shared_types.go @@ -32,8 +32,9 @@ type TokenManager struct { // Commons holds configuration that are common to all extensions. Each extension can then decide whether // to overwrite its values. type Commons struct { - Log *Log `yaml:"log"` - Tracing *Tracing `yaml:"tracing"` - OcisURL string `yaml:"ocis_url" env:"OCIS_URL"` - TokenManager *TokenManager `yaml:"token_manager"` + Log *Log `yaml:"log"` + Tracing *Tracing `yaml:"tracing"` + OcisURL string `yaml:"ocis_url" env:"OCIS_URL"` + TokenManager *TokenManager `yaml:"token_manager"` + MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"` } diff --git a/ocis/pkg/command/init.go b/ocis/pkg/command/init.go index 4f991fbd9a9..efd1d67de6a 100644 --- a/ocis/pkg/command/init.go +++ b/ocis/pkg/command/init.go @@ -17,10 +17,7 @@ import ( "gopkg.in/yaml.v3" idm "github.com/owncloud/ocis/extensions/idm/pkg/config" - notifications "github.com/owncloud/ocis/extensions/notifications/pkg/config" - ocs "github.com/owncloud/ocis/extensions/ocs/pkg/config" proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config" - settings "github.com/owncloud/ocis/extensions/settings/pkg/config" storage "github.com/owncloud/ocis/extensions/storage/pkg/config" thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config" ) @@ -109,10 +106,10 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error { IDM: &idm.Config{}, //IDP: &idp.Config{}, //Nats: &nats.Config{}, - Notifications: ¬ifications.Config{}, + //Notifications: ¬ifications.Config{}, //Proxy: &proxy.Config{}, - OCS: &ocs.Config{}, - Settings: &settings.Config{}, + //OCS: &ocs.Config{}, + //Settings: &settings.Config{}, Storage: &storage.Config{}, Thumbnails: &thumbnails.Config{}, //Web: &web.Config{}, @@ -144,7 +141,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error { if err != nil { return fmt.Errorf("Could not generate random password for tokenmanager: %s", err) } - machineAuthSecret, err := generators.GenerateRandomPassword(passwordLength) + machineAuthApiKey, err := generators.GenerateRandomPassword(passwordLength) if err != nil { return fmt.Errorf("Could not generate random password for machineauthsecret: %s", err) } @@ -158,10 +155,9 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error { // TODO: graph needs IDM password configured // TODO: add missing insecure occurences // TODO: search for missing transfer secrets - // TODO: move TokenManager for all extensions to shared - // TODO: move machineauthsecret for all extensions to shared // TODO: move transfersecret for all extensions to shared + cfg.MachineAuthAPIKey = machineAuthApiKey cfg.TokenManager.JWTSecret = tokenManagerJwtSecret //cfg.Commons.TokenManager.JWTSecret = tokenManagerJwtSecret //cfg.Accounts.TokenManager.JWTSecret = tokenManagerJwtSecret @@ -171,12 +167,12 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error { cfg.IDM.ServiceUserPasswords.Idp = idpServicePassword cfg.IDM.ServiceUserPasswords.OcisAdmin = ocisAdminServicePassword cfg.IDM.ServiceUserPasswords.Reva = revaServicePassword - cfg.Notifications.Notifications.MachineAuthSecret = machineAuthSecret - cfg.OCS.MachineAuthAPIKey = machineAuthSecret + //cfg.Notifications.Notifications.MachineAuthAPIKey = machineAuthSecret + //cfg.OCS.MachineAuthAPIKey = machineAuthSecret //cfg.Proxy.TokenManager.JWTSecret = tokenManagerJwtSecret //fmt.Printf("%v\n", cfg.Proxy.TokenManager) - cfg.Proxy.MachineAuthAPIKey = machineAuthSecret - cfg.Settings.Metadata.MachineAuthAPIKey = machineAuthSecret + //cfg.Proxy.MachineAuthAPIKey = machineAuthSecret + //cfg.Settings.Metadata.MachineAuthAPIKey = machineAuthSecret //cfg.Settings.TokenManager.JWTSecret = tokenManagerJwtSecret cfg.Storage.Reva.JWTSecret = tokenManagerJwtSecret cfg.Storage.OCDav.JWTSecret = tokenManagerJwtSecret diff --git a/ocis/pkg/command/server.go b/ocis/pkg/command/server.go index 7bc6d653065..f623a2497f4 100644 --- a/ocis/pkg/command/server.go +++ b/ocis/pkg/command/server.go @@ -3,7 +3,6 @@ package command import ( "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/parser" - "github.com/owncloud/ocis/ocis-pkg/shared" "github.com/owncloud/ocis/ocis/pkg/register" "github.com/owncloud/ocis/ocis/pkg/runtime" "github.com/urfave/cli/v2" @@ -20,12 +19,6 @@ func Server(cfg *config.Config) *cli.Command { }, Action: func(c *cli.Context) error { - cfg.Commons = &shared.Commons{ - Log: cfg.Log, - Tracing: cfg.Tracing, - TokenManager: cfg.TokenManager, - } - r := runtime.New(cfg) return r.Start() },