diff --git a/ocis/pkg/command/init.go b/ocis/pkg/command/init.go index af6e44d48e..24d82821ac 100644 --- a/ocis/pkg/command/init.go +++ b/ocis/pkg/command/init.go @@ -3,111 +3,17 @@ package command import ( "bufio" "fmt" - "io" - "io/ioutil" "log" "os" - "path" "strings" - "time" "github.com/owncloud/ocis/ocis-pkg/config" "github.com/owncloud/ocis/ocis-pkg/config/defaults" - "github.com/owncloud/ocis/ocis-pkg/generators" + ocisinit "github.com/owncloud/ocis/ocis/pkg/init" "github.com/owncloud/ocis/ocis/pkg/register" cli "github.com/urfave/cli/v2" - "gopkg.in/yaml.v3" ) -const configFilename string = "ocis.yaml" // TODO: use also a constant for reading this file -const passwordLength int = 32 - -type tokenManager struct { - JWT_Secret string -} - -type insecureExtension struct { - Insecure bool -} - -type insecureProxyExtension struct { - Insecure_backends bool -} - -type dataProviderInsecureSettings struct { - Data_provider_insecure bool -} - -type ldapSettings struct { - Bind_password string -} -type ldapBasedExtension struct { - Ldap ldapSettings -} - -type graphExtension struct { - Spaces insecureExtension - Identity ldapBasedExtension -} - -type serviceUserPasswordsSettings struct { - Admin_password string - Idm_password string - Reva_password string - Idp_password string -} -type idmExtension struct { - Service_user_Passwords serviceUserPasswordsSettings -} - -type frontendExtension struct { - Archiver insecureExtension - App_provider insecureExtension -} - -type authbasicExtension struct { - Auth_providers ldapBasedExtension -} - -type authProviderSettings struct { - Oidc insecureExtension -} -type authbearerExtension struct { - Auth_providers authProviderSettings -} - -type userAndGroupExtension struct { - Drivers ldapBasedExtension -} - -type thumbnailSettings struct { - Webdav_allow_insecure bool - Cs3_allow_insecure bool -} - -type thumbNailExtension struct { - Thumbnail thumbnailSettings -} - -type ocisConfig struct { - Token_manager tokenManager - Machine_auth_api_key string - Transfer_secret string - Graph graphExtension - Idp ldapBasedExtension - Idm idmExtension - Proxy insecureProxyExtension - Frontend frontendExtension - Auth_basic authbasicExtension - Auth_bearer authbearerExtension - User userAndGroupExtension - Group userAndGroupExtension - Storage_metadata dataProviderInsecureSettings - Storage_users dataProviderInsecureSettings - Ocdav insecureExtension - Thumbnails thumbNailExtension -} - // InitCommand is the entrypoint for the init command func InitCommand(cfg *config.Config) *cli.Command { return &cli.Command{ @@ -142,7 +48,7 @@ func InitCommand(cfg *config.Config) *cli.Command { } else if insecureFlag == "true" { insecure = true } - err := createConfig(insecure, c.Bool("force-overwrite"), c.String("config-path")) + err := ocisinit.CreateConfig(insecure, c.Bool("force-overwrite"), c.String("config-path")) if err != nil { log.Fatalf("Could not create config: %s", err) } @@ -155,194 +61,6 @@ func init() { register.AddCommand(InitCommand) } -func checkConfigPath(configPath string) error { - targetPath := path.Join(configPath, configFilename) - if _, err := os.Stat(targetPath); err == nil { - return fmt.Errorf("config in %s already exists", targetPath) - } - return nil -} - -func backupOcisConfigFile(configPath string) (string, error) { - sourceConfig := path.Join(configPath, configFilename) - targetBackupConfig := path.Join(configPath, configFilename+"."+time.Now().Format("2006-01-02-15-04-05")+".backup") - source, err := os.Open(sourceConfig) - if err != nil { - log.Fatalf("Could not read %s (%s)", sourceConfig, err) - } - defer source.Close() - target, err := os.Create(targetBackupConfig) - if err != nil { - log.Fatalf("Could not generate backup %s (%s)", targetBackupConfig, err) - } - defer target.Close() - _, err = io.Copy(target, source) - if err != nil { - log.Fatalf("Could not write backup %s (%s)", targetBackupConfig, err) - } - return targetBackupConfig, nil -} - -func createConfig(insecure, forceOverwrite bool, configPath string) error { - err := checkConfigPath(configPath) - targetBackupConfig := "" - if err != nil && !forceOverwrite { - return err - } else if forceOverwrite { - targetBackupConfig, err = backupOcisConfigFile(configPath) - if err != nil { - return err - } else { - - } - } - err = os.MkdirAll(configPath, 0700) - if err != nil { - return err - } - - idmServicePassword, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for idm: %s", err) - } - idpServicePassword, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for idp: %s", err) - } - ocisAdminServicePassword, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for ocis admin: %s", err) - } - revaServicePassword, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for reva: %s", err) - } - tokenManagerJwtSecret, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for tokenmanager: %s", err) - } - machineAuthApiKey, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) - } - revaTransferSecret, err := generators.GenerateRandomPassword(passwordLength) - if err != nil { - return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) - } - - cfg := ocisConfig{ - Token_manager: tokenManager{ - JWT_Secret: tokenManagerJwtSecret, - }, - Machine_auth_api_key: machineAuthApiKey, - Transfer_secret: revaTransferSecret, - Idm: idmExtension{ - Service_user_Passwords: serviceUserPasswordsSettings{ - Admin_password: ocisAdminServicePassword, - Idp_password: idpServicePassword, - Reva_password: revaServicePassword, - Idm_password: idmServicePassword, - }, - }, - Idp: ldapBasedExtension{ - Ldap: ldapSettings{ - Bind_password: idpServicePassword, - }, - }, - Auth_basic: authbasicExtension{ - Auth_providers: ldapBasedExtension{ - Ldap: ldapSettings{ - Bind_password: revaServicePassword, - }, - }, - }, - Group: userAndGroupExtension{ - Drivers: ldapBasedExtension{ - Ldap: ldapSettings{ - Bind_password: revaServicePassword, - }, - }, - }, - User: userAndGroupExtension{ - Drivers: ldapBasedExtension{ - Ldap: ldapSettings{ - Bind_password: revaServicePassword, - }, - }, - }, - Graph: graphExtension{ - Identity: ldapBasedExtension{ - Ldap: ldapSettings{ - Bind_password: idmServicePassword, - }, - }, - }, - } - - if insecure { - cfg.Auth_bearer = authbearerExtension{ - Auth_providers: authProviderSettings{ - Oidc: insecureExtension{ - Insecure: true, - }, - }, - } - cfg.Frontend = frontendExtension{ - App_provider: insecureExtension{ - Insecure: true, - }, - Archiver: insecureExtension{ - Insecure: true, - }, - } - cfg.Graph.Spaces = insecureExtension{ - Insecure: true, - } - cfg.Ocdav = insecureExtension{ - Insecure: true, - } - cfg.Proxy = insecureProxyExtension{ - Insecure_backends: true, - } - cfg.Storage_metadata = dataProviderInsecureSettings{ - Data_provider_insecure: true, - } - cfg.Storage_users = dataProviderInsecureSettings{ - Data_provider_insecure: true, - } - cfg.Thumbnails = thumbNailExtension{ - Thumbnail: thumbnailSettings{ - Webdav_allow_insecure: true, - Cs3_allow_insecure: true, - }, - } - } - - yamlOutput, err := yaml.Marshal(cfg) - if err != nil { - return fmt.Errorf("could not marshall config into yaml: %s", err) - } - targetPath := path.Join(configPath, configFilename) - err = ioutil.WriteFile(targetPath, yamlOutput, 0600) - if err != nil { - return err - } - fmt.Printf( - "\n\n=========================================\n"+ - " generated OCIS Config\n"+ - "=========================================\n"+ - " configpath : %s\n"+ - " user : admin\n"+ - " password : %s\n\n", - targetPath, ocisAdminServicePassword) - if targetBackupConfig != "" { - fmt.Printf("\n=========================================\n"+ - "An older config file has been backuped to\n %s\n\n", - targetBackupConfig) - } - return nil -} - func stringPrompt(label string) string { input := "" reader := bufio.NewReader(os.Stdin) diff --git a/ocis/pkg/init/init.go b/ocis/pkg/init/init.go new file mode 100644 index 0000000000..22a7940061 --- /dev/null +++ b/ocis/pkg/init/init.go @@ -0,0 +1,291 @@ +package init + +import ( + "fmt" + "io" + "io/ioutil" + "log" + "os" + "path" + "time" + + "github.com/owncloud/ocis/ocis-pkg/generators" + "gopkg.in/yaml.v2" +) + +const configFilename string = "ocis.yaml" // TODO: use also a constant for reading this file +const passwordLength int = 32 + +type TokenManager struct { + JWT_Secret string +} + +type InsecureExtension struct { + Insecure bool +} + +type InsecureProxyExtension struct { + Insecure_backends bool +} + +type DataProviderInsecureSettings struct { + Data_provider_insecure bool +} + +type LdapSettings struct { + Bindpassword string +} +type LdapBasedExtension struct { + Ldap LdapSettings +} + +type GraphExtension struct { + Spaces InsecureExtension + Identity LdapBasedExtension +} + +type ServiceUserPasswordsSettings struct { + Admin_password string + Idm_password string + Reva_password string + Idp_password string +} +type IdmExtension struct { + Service_user_Passwords ServiceUserPasswordsSettings +} + +type FrontendExtension struct { + Archiver InsecureExtension + App_provider InsecureExtension +} + +type AuthbasicExtension struct { + Auth_providers LdapBasedExtension +} + +type AuthProviderSettings struct { + Oidc InsecureExtension +} +type AuthbearerExtension struct { + Auth_providers AuthProviderSettings +} + +type UserAndGroupExtension struct { + Drivers LdapBasedExtension +} + +type ThumbnailSettings struct { + Webdav_allow_insecure bool + Cs3_allow_insecure bool +} + +type ThumbNailExtension struct { + Thumbnail ThumbnailSettings +} + +type OcisConfig struct { + Token_manager TokenManager + Machine_auth_api_key string + Transfer_secret string + Graph GraphExtension + Idp LdapBasedExtension + Idm IdmExtension + Proxy InsecureProxyExtension + Frontend FrontendExtension + Auth_basic AuthbasicExtension + Auth_bearer AuthbearerExtension + User UserAndGroupExtension + Group UserAndGroupExtension + Storage_metadata DataProviderInsecureSettings + Storage_users DataProviderInsecureSettings + Ocdav InsecureExtension + Thumbnails ThumbNailExtension +} + +func checkConfigPath(configPath string) error { + targetPath := path.Join(configPath, configFilename) + if _, err := os.Stat(targetPath); err == nil { + return fmt.Errorf("config in %s already exists", targetPath) + } + return nil +} + +func backupOcisConfigFile(configPath string) (string, error) { + sourceConfig := path.Join(configPath, configFilename) + targetBackupConfig := path.Join(configPath, configFilename+"."+time.Now().Format("2006-01-02-15-04-05")+".backup") + source, err := os.Open(sourceConfig) + if err != nil { + log.Fatalf("Could not read %s (%s)", sourceConfig, err) + } + defer source.Close() + target, err := os.Create(targetBackupConfig) + if err != nil { + log.Fatalf("Could not generate backup %s (%s)", targetBackupConfig, err) + } + defer target.Close() + _, err = io.Copy(target, source) + if err != nil { + log.Fatalf("Could not write backup %s (%s)", targetBackupConfig, err) + } + return targetBackupConfig, nil +} + +func CreateConfig(insecure, forceOverwrite bool, configPath string) error { + err := checkConfigPath(configPath) + targetBackupConfig := "" + if err != nil && !forceOverwrite { + return err + } else if forceOverwrite { + targetBackupConfig, err = backupOcisConfigFile(configPath) + if err != nil { + return err + } else { + + } + } + err = os.MkdirAll(configPath, 0700) + if err != nil { + return err + } + + idmServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for idm: %s", err) + } + idpServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for idp: %s", err) + } + ocisAdminServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for ocis admin: %s", err) + } + revaServicePassword, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for reva: %s", err) + } + tokenManagerJwtSecret, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for tokenmanager: %s", err) + } + machineAuthApiKey, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) + } + revaTransferSecret, err := generators.GenerateRandomPassword(passwordLength) + if err != nil { + return fmt.Errorf("could not generate random password for machineauthsecret: %s", err) + } + + cfg := OcisConfig{ + Token_manager: TokenManager{ + JWT_Secret: tokenManagerJwtSecret, + }, + Machine_auth_api_key: machineAuthApiKey, + Transfer_secret: revaTransferSecret, + Idm: IdmExtension{ + Service_user_Passwords: ServiceUserPasswordsSettings{ + Admin_password: ocisAdminServicePassword, + Idp_password: idpServicePassword, + Reva_password: revaServicePassword, + Idm_password: idmServicePassword, + }, + }, + Idp: LdapBasedExtension{ + Ldap: LdapSettings{ + Bindpassword: idpServicePassword, + }, + }, + Auth_basic: AuthbasicExtension{ + Auth_providers: LdapBasedExtension{ + Ldap: LdapSettings{ + Bindpassword: revaServicePassword, + }, + }, + }, + Group: UserAndGroupExtension{ + Drivers: LdapBasedExtension{ + Ldap: LdapSettings{ + Bindpassword: revaServicePassword, + }, + }, + }, + User: UserAndGroupExtension{ + Drivers: LdapBasedExtension{ + Ldap: LdapSettings{ + Bindpassword: revaServicePassword, + }, + }, + }, + Graph: GraphExtension{ + Identity: LdapBasedExtension{ + Ldap: LdapSettings{ + Bindpassword: idmServicePassword, + }, + }, + }, + } + + if insecure { + cfg.Auth_bearer = AuthbearerExtension{ + Auth_providers: AuthProviderSettings{ + Oidc: InsecureExtension{ + Insecure: true, + }, + }, + } + cfg.Frontend = FrontendExtension{ + App_provider: InsecureExtension{ + Insecure: true, + }, + Archiver: InsecureExtension{ + Insecure: true, + }, + } + cfg.Graph.Spaces = InsecureExtension{ + Insecure: true, + } + cfg.Ocdav = InsecureExtension{ + Insecure: true, + } + cfg.Proxy = InsecureProxyExtension{ + Insecure_backends: true, + } + cfg.Storage_metadata = DataProviderInsecureSettings{ + Data_provider_insecure: true, + } + cfg.Storage_users = DataProviderInsecureSettings{ + Data_provider_insecure: true, + } + cfg.Thumbnails = ThumbNailExtension{ + Thumbnail: ThumbnailSettings{ + Webdav_allow_insecure: true, + Cs3_allow_insecure: true, + }, + } + } + + yamlOutput, err := yaml.Marshal(cfg) + if err != nil { + return fmt.Errorf("could not marshall config into yaml: %s", err) + } + targetPath := path.Join(configPath, configFilename) + err = ioutil.WriteFile(targetPath, yamlOutput, 0600) + if err != nil { + return err + } + fmt.Printf( + "\n\n=========================================\n"+ + " generated OCIS Config\n"+ + "=========================================\n"+ + " configpath : %s\n"+ + " user : admin\n"+ + " password : %s\n\n", + targetPath, ocisAdminServicePassword) + if targetBackupConfig != "" { + fmt.Printf("\n=========================================\n"+ + "An older config file has been backuped to\n %s\n\n", + targetBackupConfig) + } + return nil +}