diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go index 3663172a0ec..560af63144d 100644 --- a/ocis/pkg/init/init.go +++ b/ocis/pkg/init/init.go @@ -50,11 +50,15 @@ type LdapBasedService struct { type Events struct { TLSInsecure bool `yaml:"tls_insecure"` } +type GraphApplication struct { + ID string `yaml:"id"` +} type GraphService struct { - Events Events - Spaces InsecureService - Identity LdapBasedService + Application GraphApplication + Events Events + Spaces InsecureService + Identity LdapBasedService } type ServiceUserPasswordsSettings struct { @@ -219,6 +223,7 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin systemUserID := uuid.Must(uuid.NewV4()).String() adminUserID := uuid.Must(uuid.NewV4()).String() + graphApplicationID := uuid.Must(uuid.NewV4()).String() storageUsersMountID := uuid.Must(uuid.NewV4()).String() idmServicePassword, err := generators.GenerateRandomPassword(passwordLength) @@ -306,6 +311,9 @@ func CreateConfig(insecure, forceOverwrite bool, configPath, adminPassword strin }, }, Graph: GraphService{ + Application: GraphApplication{ + ID: graphApplicationID, + }, Identity: LdapBasedService{ Ldap: LdapSettings{ BindPassword: idmServicePassword, diff --git a/services/graph/pkg/config/config.go b/services/graph/pkg/config/config.go index 79d18268a9a..5907b9ed08f 100644 --- a/services/graph/pkg/config/config.go +++ b/services/graph/pkg/config/config.go @@ -23,9 +23,10 @@ type Config struct { TokenManager *TokenManager `yaml:"token_manager"` GRPCClientTLS *shared.GRPCClientTLS `yaml:"grpc_client_tls"` - Spaces Spaces `yaml:"spaces"` - Identity Identity `yaml:"identity"` - Events Events `yaml:"events"` + Application Application `yaml:"application"` + Spaces Spaces `yaml:"spaces"` + Identity Identity `yaml:"identity"` + Events Events `yaml:"events"` Context context.Context `yaml:"-"` } diff --git a/services/graph/pkg/config/defaults/defaultconfig.go b/services/graph/pkg/config/defaults/defaultconfig.go index 0195c92a855..7a1e2aa008e 100644 --- a/services/graph/pkg/config/defaults/defaultconfig.go +++ b/services/graph/pkg/config/defaults/defaultconfig.go @@ -29,9 +29,9 @@ func DefaultConfig() *config.Config { }, Service: config.Service{ Name: "graph", - // TODO ApplicationID should be randomized on install with init - ApplicationID: "14bc9a84-a974-41a6-a948-b19d0a9d7f11", - ApplicationDisplayName: "ownCloud Infinite Scale", + }, + Application: config.Application{ + DisplayName: "ownCloud Infinite Scale", }, Reva: shared.DefaultRevaConfig(), Spaces: config.Spaces{ diff --git a/services/graph/pkg/config/service.go b/services/graph/pkg/config/service.go index 7ffe9bc2e16..d1eac383f0b 100644 --- a/services/graph/pkg/config/service.go +++ b/services/graph/pkg/config/service.go @@ -3,7 +3,4 @@ package config // Service defines the available service configuration. type Service struct { Name string `yaml:"-"` - - ApplicationID string `yaml:"application_id" env:"GRAPH_APPLICATION_ID" desc:"The ocis web application id"` // TODO actually this is the application id for ocis web, and ocis web also needs to know it - ApplicationDisplayName string `yaml:"application_displayname" env:"GRAPH_APPLICATION_DISPLAYNAME" desc:"The ocis web application name"` } diff --git a/services/graph/pkg/service/v0/application.go b/services/graph/pkg/service/v0/application.go index 607e3e52194..58a188155ad 100644 --- a/services/graph/pkg/service/v0/application.go +++ b/services/graph/pkg/service/v0/application.go @@ -30,8 +30,8 @@ func (g Graph) ListApplications(w http.ResponseWriter, r *http.Request) { roles = append(roles, *role) } - application := libregraph.NewApplication(g.config.Service.ApplicationID) - application.SetDisplayName(g.config.Service.ApplicationDisplayName) + application := libregraph.NewApplication(g.config.Application.ID) + application.SetDisplayName(g.config.Application.DisplayName) application.SetAppRoles(roles) applications := []*libregraph.Application{ @@ -49,8 +49,8 @@ func (g Graph) GetApplication(w http.ResponseWriter, r *http.Request) { applicationID := chi.URLParam(r, "applicationID") - if applicationID != g.config.Service.ApplicationID { - errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, fmt.Sprintf("resource id %s does not match expected application id %v", applicationID, g.config.Service.ApplicationID)) + if applicationID != g.config.Application.ID { + errorcode.ItemNotFound.Render(w, r, http.StatusNotFound, fmt.Sprintf("resource id %s does not match expected application id %v", applicationID, g.config.Application.ID)) return } @@ -69,7 +69,7 @@ func (g Graph) GetApplication(w http.ResponseWriter, r *http.Request) { } application := libregraph.NewApplication(applicationID) - application.SetDisplayName(g.config.Service.ApplicationDisplayName) + application.SetDisplayName(g.config.Application.DisplayName) application.SetAppRoles(roles) render.Status(r, http.StatusOK) diff --git a/services/graph/pkg/service/v0/application_test.go b/services/graph/pkg/service/v0/application_test.go index 0bccb5e32ff..4961c0ea173 100644 --- a/services/graph/pkg/service/v0/application_test.go +++ b/services/graph/pkg/service/v0/application_test.go @@ -56,7 +56,7 @@ var _ = Describe("Applications", func() { cfg.TokenManager.JWTSecret = "loremipsum" cfg.Commons = &shared.Commons{} cfg.GRPCClientTLS = &shared.GRPCClientTLS{} - cfg.Service.ApplicationID = "some-application-ID" + cfg.Application.ID = "some-application-ID" _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) svc = service.NewService( @@ -92,7 +92,7 @@ var _ = Describe("Applications", func() { err = json.Unmarshal(data, &responseList) Expect(err).ToNot(HaveOccurred()) Expect(len(responseList.Value)).To(Equal(1)) - Expect(responseList.Value[0].Id).To(Equal(cfg.Service.ApplicationID)) + Expect(responseList.Value[0].Id).To(Equal(cfg.Application.ID)) Expect(len(responseList.Value[0].GetAppRoles())).To(Equal(1)) Expect(responseList.Value[0].GetAppRoles()[0].GetId()).To(Equal("some-appRole-ID")) Expect(responseList.Value[0].GetAppRoles()[0].GetDisplayName()).To(Equal("A human readable name for a role")) @@ -113,7 +113,7 @@ var _ = Describe("Applications", func() { r := httptest.NewRequest(http.MethodGet, "/graph/v1.0/applications/some-application-ID", nil) rctx := chi.NewRouteContext() - rctx.URLParams.Add("applicationID", cfg.Service.ApplicationID) + rctx.URLParams.Add("applicationID", cfg.Application.ID) r = r.WithContext(context.WithValue(ctx, chi.RouteCtxKey, rctx)) svc.GetApplication(rr, r) @@ -125,7 +125,7 @@ var _ = Describe("Applications", func() { application := libregraph.Application{} err = json.Unmarshal(data, &application) Expect(err).ToNot(HaveOccurred()) - Expect(application.Id).To(Equal(cfg.Service.ApplicationID)) + Expect(application.Id).To(Equal(cfg.Application.ID)) Expect(len(application.GetAppRoles())).To(Equal(1)) Expect(application.GetAppRoles()[0].GetId()).To(Equal("some-appRole-ID")) Expect(application.GetAppRoles()[0].GetDisplayName()).To(Equal("A human readable name for a role")) diff --git a/services/graph/pkg/service/v0/approleassignments.go b/services/graph/pkg/service/v0/approleassignments.go index 134e125373e..849193cd61b 100644 --- a/services/graph/pkg/service/v0/approleassignments.go +++ b/services/graph/pkg/service/v0/approleassignments.go @@ -58,8 +58,8 @@ func (g Graph) CreateAppRoleAssignment(w http.ResponseWriter, r *http.Request) { errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("user id %s does not match principal id %v", userID, appRoleAssignment.GetPrincipalId())) return } - if appRoleAssignment.GetResourceId() != g.config.Service.ApplicationID { - errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("resource id %s does not match expected application id %v", userID, g.config.Service.ApplicationID)) + if appRoleAssignment.GetResourceId() != g.config.Application.ID { + errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, fmt.Sprintf("resource id %s does not match expected application id %v", userID, g.config.Application.ID)) return } @@ -121,8 +121,8 @@ func (g Graph) assignmentToAppRoleAssignment(assignment *settingsmsg.UserRoleAss appRoleAssignment.SetId(assignment.Id) appRoleAssignment.SetAppRoleId(assignment.RoleId) appRoleAssignment.SetPrincipalType(principalTypeUser) // currently always assigned to the user - appRoleAssignment.SetResourceId(g.config.Service.ApplicationID) - appRoleAssignment.SetResourceDisplayName(g.config.Service.ApplicationDisplayName) + appRoleAssignment.SetResourceId(g.config.Application.ID) + appRoleAssignment.SetResourceDisplayName(g.config.Application.DisplayName) appRoleAssignment.SetPrincipalId(assignment.AccountUuid) // appRoleAssignment.SetPrincipalDisplayName() // TODO fetch and cache return *appRoleAssignment diff --git a/services/graph/pkg/service/v0/approleassignments_test.go b/services/graph/pkg/service/v0/approleassignments_test.go index 83f3ae98743..480063fd16f 100644 --- a/services/graph/pkg/service/v0/approleassignments_test.go +++ b/services/graph/pkg/service/v0/approleassignments_test.go @@ -66,7 +66,7 @@ var _ = Describe("AppRoleAssignments", func() { cfg.TokenManager.JWTSecret = "loremipsum" cfg.Commons = &shared.Commons{} cfg.GRPCClientTLS = &shared.GRPCClientTLS{} - cfg.Service.ApplicationID = "some-application-ID" + cfg.Application.ID = "some-application-ID" _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) svc = service.NewService( @@ -110,7 +110,7 @@ var _ = Describe("AppRoleAssignments", func() { Expect(responseList.Value[0].GetId()).ToNot(BeEmpty()) Expect(responseList.Value[0].GetAppRoleId()).To(Equal("some-appRole-ID")) Expect(responseList.Value[0].GetPrincipalId()).To(Equal(user.GetId())) - Expect(responseList.Value[0].GetResourceId()).To(Equal(cfg.Service.ApplicationID)) + Expect(responseList.Value[0].GetResourceId()).To(Equal(cfg.Application.ID)) }) @@ -131,7 +131,7 @@ var _ = Describe("AppRoleAssignments", func() { ara := libregraph.NewAppRoleAssignmentWithDefaults() ara.SetAppRoleId("some-appRole-ID") ara.SetPrincipalId(user.GetId()) - ara.SetResourceId(cfg.Service.ApplicationID) + ara.SetResourceId(cfg.Application.ID) araJson, err := json.Marshal(ara) Expect(err).ToNot(HaveOccurred()) @@ -153,7 +153,7 @@ var _ = Describe("AppRoleAssignments", func() { Expect(assignment.GetId()).ToNot(BeEmpty()) Expect(assignment.GetAppRoleId()).To(Equal("some-appRole-ID")) Expect(assignment.GetPrincipalId()).To(Equal("user1")) - Expect(assignment.GetResourceId()).To(Equal(cfg.Service.ApplicationID)) + Expect(assignment.GetResourceId()).To(Equal(cfg.Application.ID)) }) }) @@ -178,7 +178,7 @@ var _ = Describe("AppRoleAssignments", func() { ara := libregraph.NewAppRoleAssignmentWithDefaults() ara.SetAppRoleId("some-appRole-ID") ara.SetPrincipalId(user.GetId()) - ara.SetResourceId(cfg.Service.ApplicationID) + ara.SetResourceId(cfg.Application.ID) araJson, err := json.Marshal(ara) Expect(err).ToNot(HaveOccurred()) diff --git a/services/graph/pkg/service/v0/users_test.go b/services/graph/pkg/service/v0/users_test.go index 378caf6f1c2..42e108b0098 100644 --- a/services/graph/pkg/service/v0/users_test.go +++ b/services/graph/pkg/service/v0/users_test.go @@ -69,7 +69,7 @@ var _ = Describe("Users", func() { cfg.TokenManager.JWTSecret = "loremipsum" cfg.Commons = &shared.Commons{} cfg.GRPCClientTLS = &shared.GRPCClientTLS{} - cfg.Service.ApplicationID = "some-application-ID" + cfg.Application.ID = "some-application-ID" _ = ogrpc.Configure(ogrpc.GetClientOptions(cfg.GRPCClientTLS)...) svc = service.NewService(