Move machine-auth-api-key to shared.Commons

Signed-off-by: Christian Richter <crichter@owncloud.com>

extensions/notifications/pkg/channels/channels.go

@@ -86,7 +86,7 @@ func (m Mail) getReceiverAddresses(receivers []string) ([]string, error) {
 		res, err := m.gatewayClient.Authenticate(context.Background(), &gateway.AuthenticateRequest{
 			Type:         "machine",
 			ClientId:     "userid:" + id,
-			ClientSecret: m.conf.Notifications.MachineAuthSecret,
+			ClientSecret: m.conf.Notifications.MachineAuthAPIKey,
 		})
 		if err != nil {
 			return nil, err

extensions/notifications/pkg/command/root.go

@@ -48,7 +48,7 @@ type SutureService struct {
 
 // NewSutureService creates a new notifications.SutureService
 func NewSutureService(cfg *ociscfg.Config) suture.Service {
-	cfg.Settings.Commons = cfg.Commons
+	cfg.Notifications.Commons = cfg.Commons
 	return SutureService{
 		cfg: cfg.Notifications,
 	}

extensions/notifications/pkg/config/config.go

@@ -22,10 +22,11 @@ type Config struct {
 
 // Notifications definces the config options for the notifications service.
 type Notifications struct {
+	*shared.Commons   `yaml:"-"`
 	SMTP              SMTP   `yaml:"SMTP,omitempty"`
 	Events            Events `yaml:"events,omitempty"`
 	RevaGateway       string `yaml:"reva_gateway,omitempty" env:"REVA_GATEWAY;NOTIFICATIONS_REVA_GATEWAY"`
-	MachineAuthSecret string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"`
+	MachineAuthAPIKey string `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY;NOTIFICATIONS_MACHINE_AUTH_API_KEY"`
 }
 
 // SMTP combines the smtp configuration options.

extensions/notifications/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,10 @@
 package defaults
 
-import "github.com/owncloud/ocis/extensions/notifications/pkg/config"
+import (
+	"log"
+
+	"github.com/owncloud/ocis/extensions/notifications/pkg/config"
+)
 
 func FullDefaultConfig() *config.Config {
 	cfg := DefaultConfig()
@@ -31,8 +35,7 @@ func DefaultConfig() *config.Config {
 				Cluster:       "ocis-cluster",
 				ConsumerGroup: "notifications",
 			},
-			RevaGateway:       "127.0.0.1:9142",
-			MachineAuthSecret: "change-me-please",
+			RevaGateway: "127.0.0.1:9142",
 		},
 	}
 }
@@ -49,6 +52,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else if cfg.Log == nil {
 		cfg.Log = &config.Log{}
 	}
+
+	if cfg.Notifications.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.Notifications.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	} else {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }
 
 func Sanitize(cfg *config.Config) {

extensions/ocs/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,7 @@
 package defaults
 
 import (
+	"log"
 	"strings"
 
 	"github.com/owncloud/ocis/extensions/ocs/pkg/config"
@@ -44,7 +45,6 @@ func DefaultConfig() *config.Config {
 			Address: "127.0.0.1:9142",
 		},
 		StorageUsersDriver: "ocis",
-		MachineAuthAPIKey:  "change-me-please",
 		IdentityManagement: config.IdentityManagement{
 			Address: "https://localhost:9200",
 		},
@@ -82,6 +82,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else {
 		cfg.TokenManager = &shared.TokenManager{}
 	}
+
+	if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	} else {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }
 
 func Sanitize(cfg *config.Config) {

extensions/proxy/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,7 @@
 package defaults
 
 import (
+	"log"
 	"path"
 	"strings"
 
@@ -45,7 +46,6 @@ func DefaultConfig() *config.Config {
 		AccountBackend:        "accounts",
 		UserOIDCClaim:         "email",
 		UserCS3Claim:          "mail",
-		MachineAuthAPIKey:     "change-me-please",
 		AutoprovisionAccounts: false,
 		EnableBasicAuth:       false,
 		InsecureBackends:      false,
@@ -185,6 +185,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else {
 		cfg.TokenManager = &config.TokenManager{}
 	}
+
+	if cfg.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	} else {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }
 
 func Sanitize(cfg *config.Config) {

extensions/settings/pkg/config/defaults/defaultconfig.go

@@ -1,6 +1,7 @@
 package defaults
 
 import (
+	"log"
 	"path"
 	"strings"
 
@@ -53,11 +54,10 @@ func DefaultConfig() *config.Config {
 		},
 
 		Metadata: config.Metadata{
-			GatewayAddress:    "127.0.0.1:9142",
-			StorageAddress:    "127.0.0.1:9215",
-			ServiceUserID:     "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
-			ServiceUserIDP:    "https://localhost:9200",
-			MachineAuthAPIKey: "change-me-please",
+			GatewayAddress: "127.0.0.1:9142",
+			StorageAddress: "127.0.0.1:9215",
+			ServiceUserID:  "95cb8724-03b2-11eb-a0a6-c33ef8ef53ad",
+			ServiceUserIDP: "https://localhost:9200",
 		},
 	}
 }
@@ -93,6 +93,12 @@ func EnsureDefaults(cfg *config.Config) {
 	} else {
 		cfg.TokenManager = &shared.TokenManager{}
 	}
+
+	if cfg.Metadata.MachineAuthAPIKey == "" && cfg.Commons != nil && cfg.Commons.MachineAuthAPIKey != "" {
+		cfg.MachineAuthAPIKey = cfg.Commons.MachineAuthAPIKey
+	} else {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (%s)", cfg.Service.Name)
+	}
 }
 
 func Sanitize(cfg *config.Config) {

extensions/storage/pkg/config/defaults/defaultconfig.go

@@ -328,9 +328,7 @@ func DefaultConfig() *config.Config {
 				Services:    []string{"authprovider"},
 				Endpoint:    "localhost:9166",
 			},
-			AuthMachineConfig: config.AuthMachineConfig{
-				MachineAuthAPIKey: "change-me-please",
-			},
+			AuthMachineConfig: config.AuthMachineConfig{},
 			Sharing: config.Sharing{
 				Port: config.Port{
 					Endpoint:    "localhost:9150",

ocis-pkg/config/config.go

@@ -55,9 +55,10 @@ type Config struct {
 	File    string `yaml:",omitempty"`
 	OcisURL string `yaml:"ocis_url,omitempty"`
 
-	Registry     string               `yaml:"registry,omitempty"`
-	TokenManager *shared.TokenManager `yaml:"token_manager,omitempty"`
-	Runtime      Runtime              `yaml:"runtime,omitempty"`
+	Registry          string               `yaml:"registry,omitempty"`
+	TokenManager      *shared.TokenManager `yaml:"token_manager,omitempty"`
+	MachineAuthAPIKey string
+	Runtime           Runtime `yaml:"runtime,omitempty"`
 
 	Audit         *audit.Config         `yaml:"audit,omitempty"`
 	Accounts      *accounts.Config      `yaml:"accounts,omitempty"`

ocis-pkg/config/parser/parse.go

@@ -2,6 +2,7 @@ package parser
 
 import (
 	"errors"
+	"log"
 
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis-pkg/config/envdecode"
@@ -50,6 +51,12 @@ func ParseConfig(cfg *config.Config) error {
 		cfg.TokenManager = cfg.Commons.TokenManager
 	}
 
+	if cfg.MachineAuthAPIKey != "" {
+		cfg.Commons.MachineAuthAPIKey = cfg.MachineAuthAPIKey
+	} else {
+		log.Fatalf("machine auth api key is not set up properly, bailing out (ocis)")
+	}
+
 	// load all env variables relevant to the config in the current context.
 	if err := envdecode.Decode(cfg); err != nil {
 		// no environment variable set for this config is an expected "error"

ocis-pkg/shared/shared_types.go

@@ -32,8 +32,9 @@ type TokenManager struct {
 // Commons holds configuration that are common to all extensions. Each extension can then decide whether
 // to overwrite its values.
 type Commons struct {
-	Log          *Log          `yaml:"log"`
-	Tracing      *Tracing      `yaml:"tracing"`
-	OcisURL      string        `yaml:"ocis_url" env:"OCIS_URL"`
-	TokenManager *TokenManager `yaml:"token_manager"`
+	Log               *Log          `yaml:"log"`
+	Tracing           *Tracing      `yaml:"tracing"`
+	OcisURL           string        `yaml:"ocis_url" env:"OCIS_URL"`
+	TokenManager      *TokenManager `yaml:"token_manager"`
+	MachineAuthAPIKey string        `yaml:"machine_auth_api_key" env:"OCIS_MACHINE_AUTH_API_KEY"`
 }

ocis/pkg/command/init.go

@@ -17,10 +17,7 @@ import (
 	"gopkg.in/yaml.v3"
 
 	idm "github.com/owncloud/ocis/extensions/idm/pkg/config"
-	notifications "github.com/owncloud/ocis/extensions/notifications/pkg/config"
-	ocs "github.com/owncloud/ocis/extensions/ocs/pkg/config"
 	proxy "github.com/owncloud/ocis/extensions/proxy/pkg/config"
-	settings "github.com/owncloud/ocis/extensions/settings/pkg/config"
 	storage "github.com/owncloud/ocis/extensions/storage/pkg/config"
 	thumbnails "github.com/owncloud/ocis/extensions/thumbnails/pkg/config"
 )
@@ -109,10 +106,10 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 		IDM: &idm.Config{},
 		//IDP:           &idp.Config{},
 		//Nats:          &nats.Config{},
-		Notifications: &notifications.Config{},
+		//Notifications: &notifications.Config{},
 		//Proxy:         &proxy.Config{},
-		OCS:        &ocs.Config{},
-		Settings:   &settings.Config{},
+		//OCS:        &ocs.Config{},
+		//Settings:   &settings.Config{},
 		Storage:    &storage.Config{},
 		Thumbnails: &thumbnails.Config{},
 		//Web:           &web.Config{},
@@ -144,7 +141,7 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	if err != nil {
 		return fmt.Errorf("Could not generate random password for tokenmanager: %s", err)
 	}
-	machineAuthSecret, err := generators.GenerateRandomPassword(passwordLength)
+	machineAuthApiKey, err := generators.GenerateRandomPassword(passwordLength)
 	if err != nil {
 		return fmt.Errorf("Could not generate random password for machineauthsecret: %s", err)
 	}
@@ -158,10 +155,9 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	// TODO: graph needs IDM password configured
 	// TODO: add missing insecure occurences
 	// TODO: search for missing transfer secrets
-	// TODO: move TokenManager for all extensions to shared
-	// TODO: move machineauthsecret for all extensions to shared
 	// TODO: move transfersecret for all extensions to shared
 
+	cfg.MachineAuthAPIKey = machineAuthApiKey
 	cfg.TokenManager.JWTSecret = tokenManagerJwtSecret
 	//cfg.Commons.TokenManager.JWTSecret = tokenManagerJwtSecret
 	//cfg.Accounts.TokenManager.JWTSecret = tokenManagerJwtSecret
@@ -171,12 +167,12 @@ func createConfig(insecure, forceOverwrite bool, configPath string) error {
 	cfg.IDM.ServiceUserPasswords.Idp = idpServicePassword
 	cfg.IDM.ServiceUserPasswords.OcisAdmin = ocisAdminServicePassword
 	cfg.IDM.ServiceUserPasswords.Reva = revaServicePassword
-	cfg.Notifications.Notifications.MachineAuthSecret = machineAuthSecret
-	cfg.OCS.MachineAuthAPIKey = machineAuthSecret
+	//cfg.Notifications.Notifications.MachineAuthAPIKey = machineAuthSecret
+	//cfg.OCS.MachineAuthAPIKey = machineAuthSecret
 	//cfg.Proxy.TokenManager.JWTSecret = tokenManagerJwtSecret
 	//fmt.Printf("%v\n", cfg.Proxy.TokenManager)
-	cfg.Proxy.MachineAuthAPIKey = machineAuthSecret
-	cfg.Settings.Metadata.MachineAuthAPIKey = machineAuthSecret
+	//cfg.Proxy.MachineAuthAPIKey = machineAuthSecret
+	//cfg.Settings.Metadata.MachineAuthAPIKey = machineAuthSecret
 	//cfg.Settings.TokenManager.JWTSecret = tokenManagerJwtSecret
 	cfg.Storage.Reva.JWTSecret = tokenManagerJwtSecret
 	cfg.Storage.OCDav.JWTSecret = tokenManagerJwtSecret

ocis/pkg/command/server.go

@@ -3,7 +3,6 @@ package command
 import (
 	"github.com/owncloud/ocis/ocis-pkg/config"
 	"github.com/owncloud/ocis/ocis-pkg/config/parser"
-	"github.com/owncloud/ocis/ocis-pkg/shared"
 	"github.com/owncloud/ocis/ocis/pkg/register"
 	"github.com/owncloud/ocis/ocis/pkg/runtime"
 	"github.com/urfave/cli/v2"
@@ -20,12 +19,6 @@ func Server(cfg *config.Config) *cli.Command {
 		},
 		Action: func(c *cli.Context) error {
 
-			cfg.Commons = &shared.Commons{
-				Log:          cfg.Log,
-				Tracing:      cfg.Tracing,
-				TokenManager: cfg.TokenManager,
-			}
-
 			r := runtime.New(cfg)
 			return r.Start()
 		},