roll application uuid on init

Signed-off-by: Jörn Friedrich Dreyer <[email protected]>
owncloud · Jan 10, 2023 · 554b502 · 554b502
1 parent 2967333
commit 554b502
Show file tree

Hide file tree

Showing 9 changed files with 37 additions and 31 deletions.
diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go
@@ -50,11 +50,15 @@ type LdapBasedService struct {
 type Events struct {
 	TLSInsecure bool `yaml:"tls_insecure"`
 }
+type GraphApplication struct {
+	ID string `yaml:"id"`
+}
 
 type GraphService struct {
-	Events   Events
-	Spaces   InsecureService
-	Identity LdapBasedService
+	Application GraphApplication
+	Events      Events
+	Spaces      InsecureService
+	Identity    LdapBasedService
 }
 
 type ServiceUserPasswordsSettings struct {
@@ -219,6 +223,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 
 	systemUserID := uuid.Must(uuid.NewV4()).String()
 	adminUserID := uuid.Must(uuid.NewV4()).String()
+	graphApplicationID := uuid.Must(uuid.NewV4()).String()
 	storageUsersMountID := uuid.Must(uuid.NewV4()).String()
 
 	idmServicePassword, err := generators.GenerateRandomPassword(passwordLength)
@@ -306,6 +311,9 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin
 			},
 		},
 		Graph: GraphService{
+			Application: GraphApplication{
+				ID: graphApplicationID,
+			},
 			Identity: LdapBasedService{
 				Ldap: LdapSettings{
 					BindPassword: idmServicePassword,

diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go
@@ -23,9 +23,10 @@ type Config struct {
 	TokenManager  *TokenManager         `yaml:"token_manager"`
 	GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"`
 
-	Spaces   Spaces   `yaml:"spaces"`
-	Identity Identity `yaml:"identity"`
-	Events   Events   `yaml:"events"`
+	Application Application `yaml:"application"`
+	Spaces      Spaces      `yaml:"spaces"`
+	Identity    Identity    `yaml:"identity"`
+	Events      Events      `yaml:"events"`
 
 	Context context.Context `yaml:"-"`
 }

diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go
@@ -29,9 +29,9 @@ func DefaultConfig() *config.Config {
 		},
 		Service: config.Service{
 			Name: "graph",
-			// TODO ApplicationID should be randomized on install with init
-			ApplicationID:          "14bc9a84-a974-41a6-a948-b19d0a9d7f11",
-			ApplicationDisplayName: "ownCloud Infinite Scale",
+		},
+		Application: config.Application{
+			DisplayName: "ownCloud Infinite Scale",
 		},
 		Reva: shared.DefaultRevaConfig(),
 		Spaces: config.Spaces{

diff --git a/services/graph/pkg/config/service.go b/services/graph/pkg/config/service.go
@@ -3,7 +3,4 @@ package config
 // Service defines the available service configuration.
 type Service struct {
 	Name string `yaml:"-"`
-
-	ApplicationID          string `yaml:"application_id" env:"GRAPH_APPLICATION_ID" desc:"The ocis web application id"` // TODO actually this is the application id for ocis web, and ocis web also needs to know it
-	ApplicationDisplayName string `yaml:"application_displayname" env:"GRAPH_APPLICATION_DISPLAYNAME" desc:"The ocis web application name"`
 }
diff --git a/services/graph/pkg/service/v0/application.go b/services/graph/pkg/service/v0/application.go
@@ -30,8 +30,8 @@ func (g Graph) ListApplications(w http.ResponseWriter, r *http.Request) {
 		roles = append(roles, *role)
 	}
 
-	application := libregraph.NewApplication(g.config.Service.ApplicationID)
-	application.SetDisplayName(g.config.Service.ApplicationDisplayName)
+	application := libregraph.NewApplication(g.config.Application.ID)
+	application.SetDisplayName(g.config.Application.DisplayName)
 	application.SetAppRoles(roles)
 
 	applications := []*libregraph.Application{
@@ -49,8 +49,8 @@ func (g Graph) GetApplication(w http.ResponseWriter, r *http.Request) {
 
 	applicationID := chi.URLParam(r, "applicationID")
 
-	if applicationID != g.config.Service.ApplicationID {
-		errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, fmt.Sprintf("resource id %s does not match expected application id %v", applicationID, g.config.Service.ApplicationID))
+	if applicationID != g.config.Application.ID {
+		errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, fmt.Sprintf("resource id %s does not match expected application id %v", applicationID, g.config.Application.ID))
 		return
 	}
 
@@ -69,7 +69,7 @@ func (g Graph) GetApplication(w http.ResponseWriter, r *http.Request) {
 	}
 
 	application := libregraph.NewApplication(applicationID)
-	application.SetDisplayName(g.config.Service.ApplicationDisplayName)
+	application.SetDisplayName(g.config.Application.DisplayName)
 	application.SetAppRoles(roles)
 
 	render.Status(r, http.StatusOK)

diff --git a/services/graph/pkg/service/v0/application_test.go b/services/graph/pkg/service/v0/application_test.go
@@ -56,7 +56,7 @@ var _ = Describe("Applications", func() {
 		cfg.TokenManager.JWTSecret = "loremipsum"
 		cfg.Commons = &shared.Commons{}
 		cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
-		cfg.Service.ApplicationID = "some-application-ID"
+		cfg.Application.ID = "some-application-ID"
 
 		_ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
 		svc = service.NewService(
@@ -92,7 +92,7 @@ var _ = Describe("Applications", func() {
 			err = json.Unmarshal(data, &responseList)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(len(responseList.Value)).To(Equal(1))
-			Expect(responseList.Value[0].Id).To(Equal(cfg.Service.ApplicationID))
+			Expect(responseList.Value[0].Id).To(Equal(cfg.Application.ID))
 			Expect(len(responseList.Value[0].GetAppRoles())).To(Equal(1))
 			Expect(responseList.Value[0].GetAppRoles()[0].GetId()).To(Equal("some-appRole-ID"))
 			Expect(responseList.Value[0].GetAppRoles()[0].GetDisplayName()).To(Equal("A human readable name for a role"))
@@ -113,7 +113,7 @@ var _ = Describe("Applications", func() {
 
 			r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/applications/some-application-ID", nil)
 			rctx := chi.NewRouteContext()
-			rctx.URLParams.Add("applicationID", cfg.Service.ApplicationID)
+			rctx.URLParams.Add("applicationID", cfg.Application.ID)
 			r = r.WithContext(context.WithValue(ctx, chi.RouteCtxKey, rctx))
 			svc.GetApplication(rr, r)
 
@@ -125,7 +125,7 @@ var _ = Describe("Applications", func() {
 			application := libregraph.Application{}
 			err = json.Unmarshal(data, &application)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(application.Id).To(Equal(cfg.Service.ApplicationID))
+			Expect(application.Id).To(Equal(cfg.Application.ID))
 			Expect(len(application.GetAppRoles())).To(Equal(1))
 			Expect(application.GetAppRoles()[0].GetId()).To(Equal("some-appRole-ID"))
 			Expect(application.GetAppRoles()[0].GetDisplayName()).To(Equal("A human readable name for a role"))

diff --git a/services/graph/pkg/service/v0/approleassignments.go b/services/graph/pkg/service/v0/approleassignments.go
@@ -58,8 +58,8 @@ func (g Graph) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) {
 		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("user id %s does not match principal id %v", userID, appRoleAssignment.GetPrincipalId()))
 		return
 	}
-	if appRoleAssignment.GetResourceId() != g.config.Service.ApplicationID {
-		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("resource id %s does not match expected application id %v", userID, g.config.Service.ApplicationID))
+	if appRoleAssignment.GetResourceId() != g.config.Application.ID {
+		errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("resource id %s does not match expected application id %v", userID, g.config.Application.ID))
 		return
 	}
 
@@ -121,8 +121,8 @@ func (g Graph) assignmentToAppRoleAssignment(assignment *settingsmsg.UserRoleAss
 	appRoleAssignment.SetId(assignment.Id)
 	appRoleAssignment.SetAppRoleId(assignment.RoleId)
 	appRoleAssignment.SetPrincipalType(principalTypeUser) // currently always assigned to the user
-	appRoleAssignment.SetResourceId(g.config.Service.ApplicationID)
-	appRoleAssignment.SetResourceDisplayName(g.config.Service.ApplicationDisplayName)
+	appRoleAssignment.SetResourceId(g.config.Application.ID)
+	appRoleAssignment.SetResourceDisplayName(g.config.Application.DisplayName)
 	appRoleAssignment.SetPrincipalId(assignment.AccountUuid)
 	// appRoleAssignment.SetPrincipalDisplayName() // TODO fetch and cache
 	return *appRoleAssignment

diff --git a/services/graph/pkg/service/v0/approleassignments_test.go b/services/graph/pkg/service/v0/approleassignments_test.go
@@ -66,7 +66,7 @@ var _ = Describe("AppRoleAssignments", func() {
 		cfg.TokenManager.JWTSecret = "loremipsum"
 		cfg.Commons = &shared.Commons{}
 		cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
-		cfg.Service.ApplicationID = "some-application-ID"
+		cfg.Application.ID = "some-application-ID"
 
 		_ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
 		svc = service.NewService(
@@ -110,7 +110,7 @@ var _ = Describe("AppRoleAssignments", func() {
 			Expect(responseList.Value[0].GetId()).ToNot(BeEmpty())
 			Expect(responseList.Value[0].GetAppRoleId()).To(Equal("some-appRole-ID"))
 			Expect(responseList.Value[0].GetPrincipalId()).To(Equal(user.GetId()))
-			Expect(responseList.Value[0].GetResourceId()).To(Equal(cfg.Service.ApplicationID))
+			Expect(responseList.Value[0].GetResourceId()).To(Equal(cfg.Application.ID))
 
 		})
 
@@ -131,7 +131,7 @@ var _ = Describe("AppRoleAssignments", func() {
 			ara := libregraph.NewAppRoleAssignmentWithDefaults()
 			ara.SetAppRoleId("some-appRole-ID")
 			ara.SetPrincipalId(user.GetId())
-			ara.SetResourceId(cfg.Service.ApplicationID)
+			ara.SetResourceId(cfg.Application.ID)
 
 			araJson, err := json.Marshal(ara)
 			Expect(err).ToNot(HaveOccurred())
@@ -153,7 +153,7 @@ var _ = Describe("AppRoleAssignments", func() {
 			Expect(assignment.GetId()).ToNot(BeEmpty())
 			Expect(assignment.GetAppRoleId()).To(Equal("some-appRole-ID"))
 			Expect(assignment.GetPrincipalId()).To(Equal("user1"))
-			Expect(assignment.GetResourceId()).To(Equal(cfg.Service.ApplicationID))
+			Expect(assignment.GetResourceId()).To(Equal(cfg.Application.ID))
 		})
 
 	})
@@ -178,7 +178,7 @@ var _ = Describe("AppRoleAssignments", func() {
 			ara := libregraph.NewAppRoleAssignmentWithDefaults()
 			ara.SetAppRoleId("some-appRole-ID")
 			ara.SetPrincipalId(user.GetId())
-			ara.SetResourceId(cfg.Service.ApplicationID)
+			ara.SetResourceId(cfg.Application.ID)
 
 			araJson, err := json.Marshal(ara)
 			Expect(err).ToNot(HaveOccurred())

diff --git a/services/graph/pkg/service/v0/users_test.go b/services/graph/pkg/service/v0/users_test.go
@@ -69,7 +69,7 @@ var _ = Describe("Users", func() {
 		cfg.TokenManager.JWTSecret = "loremipsum"
 		cfg.Commons = &shared.Commons{}
 		cfg.GRPCClientTLS = &shared.GRPCClientTLS{}
-		cfg.Service.ApplicationID = "some-application-ID"
+		cfg.Application.ID = "some-application-ID"
 
 		_ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...)
 		svc = service.NewService(