verify all system accounts are set

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
2025-12-30 17:00:57 -06:00 · 2024-02-29 11:19:01 +01:00
parent 23eafebf24
commit 972adafd29
13 changed files with 99 additions and 1 deletions
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -65,7 +65,11 @@
                "GATEWAY_STORAGE_USERS_MOUNT_ID": "storage-users-1",
                "STORAGE_USERS_MOUNT_ID": "storage-users-1",
                // graph application ID
-                "GRAPH_APPLICATION_ID": "application-1"
+                "GRAPH_APPLICATION_ID": "application-1",
+
+                // service accounts
+                "OCIS_SERVICE_ACCOUNT_ID": "service-account-id",
+                "OCIS_SERVICE_ACCOUNT_SECRET": "service-account-secret"
            }
        }
    ]
--- a/ocis-pkg/shared/errors.go
+++ b/ocis-pkg/shared/errors.go
@@ -69,3 +69,19 @@ func MissingAdminUserID(service string) error {
 		"the config/corresponding environment variable).",
 		service, defaults.BaseConfigPath())
 }
+
+func MissingServiceAccountID(service string) error {
+	return fmt.Errorf("The service account id has not been configured for %s. "+
+		"Make sure your %s config contains the proper values "+
+		"(e.g. by running ocis init or setting it manually in "+
+		"the config/corresponding environment variable).",
+		service, defaults.BaseConfigPath())
+}
+
+func MissingServiceAccountSecret(service string) error {
+	return fmt.Errorf("The service account secret has not been configured for %s. "+
+		"Make sure your %s config contains the proper values "+
+		"(e.g. by running ocis init or setting it manually in "+
+		"the config/corresponding environment variable).",
+		service, defaults.BaseConfigPath())
+}
--- a/services/auth-service/pkg/config/parser/parse.go
+++ b/services/auth-service/pkg/config/parser/parse.go
@@ -38,5 +38,12 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingJWTTokenError(cfg.Service.Name)
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/clientlog/pkg/config/parser/parse.go
+++ b/services/clientlog/pkg/config/parser/parse.go
@@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingJWTTokenError(cfg.Service.Name)
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/frontend/pkg/config/parser/parse.go
+++ b/services/frontend/pkg/config/parser/parse.go
@@ -56,5 +56,12 @@ func Validate(cfg *config.Config) error {
 		cfg.OCS.WriteablePublicShareMustHavePassword = true
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/graph/pkg/config/parser/parse.go
+++ b/services/graph/pkg/config/parser/parse.go
@@ -65,6 +65,13 @@ func Validate(cfg *config.Config) error {
 			"graph", defaults2.BaseConfigPath())
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }

--- a/services/notifications/pkg/config/parser/parse.go
+++ b/services/notifications/pkg/config/parser/parse.go
@@ -5,6 +5,7 @@ import (
 	"fmt"

 	ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
 	"github.com/owncloud/ocis/v2/services/notifications/pkg/config"
 	"github.com/owncloud/ocis/v2/services/notifications/pkg/config/defaults"
 	"github.com/owncloud/ocis/v2/services/notifications/pkg/logging"
@@ -52,5 +53,13 @@ func Validate(cfg *config.Config) error {
 			)
 		}
 	}
+
+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/ocm/pkg/config/parser/parse.go
+++ b/services/ocm/pkg/config/parser/parse.go
@@ -4,6 +4,7 @@ import (
 	"errors"

 	ociscfg "github.com/owncloud/ocis/v2/ocis-pkg/config"
+	"github.com/owncloud/ocis/v2/ocis-pkg/shared"
 	"github.com/owncloud/ocis/v2/ocis-pkg/structs"
 	"github.com/owncloud/ocis/v2/services/ocm/pkg/config"
 	"github.com/owncloud/ocis/v2/services/ocm/pkg/config/defaults"
@@ -39,5 +40,12 @@ func Validate(cfg *config.Config) error {
 		cfg.GRPCClientTLS = structs.CopyOrZeroValue(cfg.Commons.GRPCClientTLS)
 	}

+	if cfg.ServiceAccount.ID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.Secret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/proxy/pkg/config/parser/parse.go
+++ b/services/proxy/pkg/config/parser/parse.go
@@ -53,5 +53,12 @@ func Validate(cfg *config.Config) error {
 		)
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/search/pkg/config/parser/parse.go
+++ b/services/search/pkg/config/parser/parse.go
@@ -37,5 +37,13 @@ func Validate(cfg *config.Config) error {
 	if cfg.TokenManager.JWTSecret == "" {
 		return shared.MissingJWTTokenError(cfg.Service.Name)
 	}
+
+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/settings/pkg/config/parser/parse.go
+++ b/services/settings/pkg/config/parser/parse.go
@@ -49,5 +49,9 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingAdminUserID(cfg.Service.Name)
 	}

+	if len(cfg.ServiceAccountIDs) == 0 {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+
 	return nil
 }
--- a/services/storage-users/pkg/config/parser/parse.go
+++ b/services/storage-users/pkg/config/parser/parse.go
@@ -47,5 +47,12 @@ func Validate(cfg *config.Config) error {
 			"the config/corresponding environment variable).",
 			"storage-users", defaults2.BaseConfigPath())
 	}
+
+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
 	return nil
 }
--- a/services/userlog/pkg/config/parser/parse.go
+++ b/services/userlog/pkg/config/parser/parse.go
@@ -39,5 +39,12 @@ func Validate(cfg *config.Config) error {
 		return shared.MissingJWTTokenError(cfg.Service.Name)
 	}

+	if cfg.ServiceAccount.ServiceAccountID == "" {
+		return shared.MissingServiceAccountID(cfg.Service.Name)
+	}
+	if cfg.ServiceAccount.ServiceAccountSecret == "" {
+		return shared.MissingServiceAccountSecret(cfg.Service.Name)
+	}
+
 	return nil
 }