Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use service accounts on next branch #390

Closed
wkloucek opened this issue Sep 5, 2023 · 8 comments
Closed

use service accounts on next branch #390

wkloucek opened this issue Sep 5, 2023 · 8 comments
Assignees
@kobergj
Labels
Category:Enhancement Add new functionality Priority:p2-high Escalation, on top of current planning, release blocker

Comments

@wkloucek
Copy link
Contributor

wkloucek commented Sep 5, 2023
edited
Loading

when service accounts arrived in oCIS we should use them on a next branch of this Helm Chart for:

  • trashbin cleanup job
  • proxy

This needs at least the new "auth-service" (https://github.com/owncloud/ocis/tree/master/services/auth-service)
@wkloucek wkloucek added the Category:Enhancement Add new functionality label Sep 5, 2023
@wkloucek
Copy link
Contributor Author

@kobergj do you already have information / documentation about how to use the service accounts feature for the trashbin cleanup job?

Do I need to set STORAGE_USERS_PURGE_TRASH_BIN_USER_ID to some special ID ? https://github.com/owncloud/ocis/tree/master/services/auth-service mentions only OCIS_SERVICE_ACCOUNT_ID and OCIS_SERVICE_ACCOUNT_SECRET

@wkloucek wkloucek changed the title use service account for trashbin cleanup job use service accounts Sep 12, 2023
@wkloucek
Copy link
Contributor Author

Proxy for oCIS latest needs it: https://github.com/owncloud/ocis/pull/7240/files#diff-d4152e936556fd4b52296d3d6bab0aad4cbb24107c03224c1a9a2383a450f7e4

@wkloucek wkloucek added the Priority:p2-high Escalation, on top of current planning, release blocker label Sep 12, 2023
@wkloucek wkloucek changed the title use service accounts use service accounts on next branch Sep 12, 2023
@kobergj
Copy link
Contributor

kobergj commented Sep 13, 2023
edited
Loading

storage-users service needs OCIS_SERVICE_ACCOUNT_ID and OCIS_SERVICE_ACCOUNT_SECRET set. (or ocis init needs to be run on a fresh system)

There are a lot of services who need this envvars now:

  • graph
  • storage-users
  • userlog
  • auth-service
  • search
  • notifications
  • frontend
  • clientlog
  • proxy
  • settings (needs only OCIS_SERVICE_ACCOUNT_ID)

There might come more in the future

@wkloucek
Copy link
Contributor Author

storage-users service needs OCIS_SERVICE_ACCOUNT_ID and OCIS_SERVICE_ACCOUNT_SECRET set. (or ocis init needs to be run on a fresh system)

And STORAGE_USERS_PURGE_TRASH_BIN_USER_ID should be left empty? Because that one still exists

@kobergj
Copy link
Contributor

kobergj commented Sep 14, 2023

Yes not needed any more. I'll remove it

@kobergj kobergj self-assigned this Sep 25, 2023
@wkloucek
Copy link
Contributor Author

Switch to service auth was done in #401 but STORAGE_USERS_PURGE_TRASH_BIN_USER_ID is still used

@kobergj
Copy link
Contributor

kobergj commented Oct 11, 2023

Good find 👍 Fix here: #405

@wkloucek wkloucek mentioned this issue Oct 11, 2023
Closed
12 tasks
@wkloucek
Copy link
Contributor Author

#405 was merged

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kobergj kobergj

Labels
Category:Enhancement Add new functionality Priority:p2-high Escalation, on top of current planning, release blocker
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kobergj @wkloucek