chg: [nextcloud] change to admin password are supported

Signed-off-by: Valentin Lab <valentin.lab@kalysto.org>
5 years ago · 0d592e8690
4 changed files with 115 additions and 48 deletions
--- a/nextcloud/actions/occ
+++ b/nextcloud/actions/occ
@ -6,33 +6,7 @@ if [ -z "$SERVICE_DATASTORE" ]; then
 fi


-export COMPOSE_IGNORE_ORPHANS=True
+. "$CHARM_PATH/lib/common"


-if ! [ -e "$SERVICE_DATASTORE/var/www/html/occ" ]; then
-    ## Here we use a nasty trick to launch only the initialisation
-    ## part of the ``entrypoint.sh``. By setting 'apache' as first
-    ## call argument, we satisfy the big first 'if' condition
-    ## triggering the installation if necessary, and will fail to
-    ## launch any apache
-
-    ## Last, we do not want the relation web-proxy to run in this
-    ## bare-minimum nextcloud run AND we will use occ to set some info
-    ## in this very same relation.
-    compose --debug --without-relation="$SERVICE_NAME":web-proxy run \
-            --rm --entrypoint /entrypoint.sh "$SERVICE_NAME" apache >&2 || true
-    if ! [ -e "$SERVICE_DATASTORE/var/www/html/occ" ]; then
-        err "Expected last command to create /var/www/html/occ"
-        exit 1
-    fi
-fi
-
-
-## occ.batch will require /var/www/html to be populated ('occ' is
-## supposed to exist). For that we need to make sure nextcloud have
-## be ran and setup prior to running this next command.
-compose -q --no-init --no-relations run \
-        -v "$HOST_CHARM_STORE/${CHARM_REL_PATH#${CHARM_STORE}/}/src/occ.batch:/var/www/html/occ.batch" \
-        -T --rm -u www-data "$SERVICE_NAME" /var/www/html/occ.batch "$@" | cat
-
-exit "${PIPESTATUS[0]}"
+occ "$@"
--- a/nextcloud/hooks/init
+++ b/nextcloud/hooks/init
@ -19,12 +19,27 @@ admin_user=$(options-get admin.user 2>&1) || {
    admin_user="admin"
 }

-admin_password=$(options-get admin.password 2>&1) || {
-    err "Please specify an ${WHITE}admin.password${NORMAL} option" \
-        "in ${DARKYELLOW}$SERVICE_NAME${NORMAL} service."
-    exit 1
+read-0 current_user current_password < <(get_admin_user_password) || {
+    info "Probably no admin user and password set before."
 }

+admin_password=$(options-get admin.password 2>&1) ||
+admin_password=$(options-get admin-password 2>&1) || {
+    if [ "$current_password" ]; then
+        admin_password="$current_password"
+    else
+        info "Generating ${DARKYELLOW}$MASTER_BASE_SERVICE_NAME${NORMAL}'s"\
+             "admin password"
+        admin_password=$(gen_password)
+    fi
+}
+if [ "$current_password" != "$admin_password" ] ||
+       [ "$current_user" != "$admin_user" ]; then
+    set_admin_user_password "$admin_user" "$admin_password" || {
+        err "Failed to set admin user and password."
+        exit 2
+    }
+fi

 ## XXXvlab: the directory here for datadir violates DRY as it is also
 ## in ``metadata.yml``
--- a/nextcloud/hooks/postgres_database-relation-joined
+++ b/nextcloud/hooks/postgres_database-relation-joined
@ -7,17 +7,6 @@ set -e
 PASSWORD="$(relation-get password)"
 USER="$(relation-get user)"
 DBNAME="$(relation-get dbname)"
-ADMIN_PASSWORD=$(relation-base-compose-get admin-password 2>/dev/null) || {
-    if [ -e "$CONFIG" ]; then
-        ADMIN_PASSWORD=$(grep ^admin_passwd "$CONFIG" | sed -r 's/^admin_passwd\s+=\s+(.+)$/\1/g')
-    fi
-    if [ -z "$ADMIN_PASSWORD" ]; then
-        info "Generating odoo admin password"
-        ADMIN_PASSWORD=$(gen_password)
-    fi
-}
-
-# control=$(echo -en "$USER\0$DBNAME\0$PASSWORD\0$ADMIN_PASSWORD" | md5_compat)

 config-add "\
 services:
@ -29,9 +18,4 @@ services:
      POSTGRES_USER: $USER
 "

-# [ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0
-
-
-# relation-set control "$control"
-
 info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access."
--- a/nextcloud/lib/common
+++ b/nextcloud/lib/common
@ -1,3 +1,97 @@
 # -*- mode: shell-script -*-

+## This place is not accessible from container on purpose: container
+## don't need that. This should be stored in /var/lib/compose/ in a
+## project, service directory a little like relation data.
+PASSWORD_FILE="$SERVICE_CONFIGSTORE/etc/$SERVICE_NAME/pass"
+
+
+has_user() {
+    local user="$1"
+    if ! out=$(occ user:info "$user"); then
+        if [ "$out" == "user not found" ]; then
+            return 1
+        else
+            err "Command 'occ user:info $user' failed:"
+            echo "OUT: '$out'" | prefix "  | " >&2
+            return 2
+        fi
+    fi
+    return 0
+}
+
+
+set_admin_user_password() {
+    local user="$1" password="$2"
+
+    [ -z "$password" ] && {
+        err "Refusing to set admin user an empty password."
+        return 3
+    }
+
+    if ! has_user "$user"; then
+        info "User $user not found. Creating it in default 'admin' group."
+        (
+            occ_docker_run_opts=("-e" "OC_PASS=$password")
+            occ user:add --group=admin --password-from-env --display-name="$user" "$user"
+        )
+    else
+        (
+            occ_docker_run_opts=("-e" "OC_PASS=$password")
+            occ user:resetpassword "$user" "--password-from-env"
+        )
+    fi
+    mkdir -p "$(dirname "$PASSWORD_FILE")"
+    p0 "$user" "$password" > "$PASSWORD_FILE"
+}
+
+
+get_admin_user_password() {
+    if [ -e "$PASSWORD_FILE" ]; then
+        cat "$PASSWORD_FILE"
+    else
+        return 1
+    fi
+}
+
+
+create_occ_if_not_exists() {
+
+    if ! [ -e "$SERVICE_DATASTORE/var/www/html/occ" ]; then
+        ## Here we use a nasty trick to launch only the initialisation
+        ## part of the ``entrypoint.sh``. By setting 'apache' as first
+        ## call argument, we satisfy the big first 'if' condition
+        ## triggering the installation if necessary, and will fail to
+        ## launch any apache
+
+        ## Last, we do not want the relation web-proxy to run in this
+        ## bare-minimum nextcloud run AND we will use occ to set some info
+        ## in this very same relation.
+        export COMPOSE_IGNORE_ORPHANS=true
+        compose --debug --without-relation="$SERVICE_NAME":web-proxy run \
+                --rm --entrypoint /entrypoint.sh "$SERVICE_NAME" apache >&2 || true
+        if ! [ -e "$SERVICE_DATASTORE/var/www/html/occ" ]; then
+            err "Expected last command to create /var/www/html/occ"
+            return 1
+        fi
+    fi
+}
+
+
+occ() {
+
+    create_occ_if_not_exists
+
+    ## occ.batch will require /var/www/html to be populated ('occ' is
+    ## supposed to exist). For that we need to make sure nextcloud have
+    ## be ran and setup prior to running this next command.
+    export COMPOSE_IGNORE_ORPHANS=true
+    compose --debug -q --no-init --no-relations run \
+           "${occ_docker_run_opts[@]}" \
+            -v "$HOST_CHARM_STORE/${CHARM_REL_PATH#${CHARM_STORE}/}/src/occ.batch:/var/www/html/occ.batch" \
+            -T --rm -u www-data "$SERVICE_NAME" /var/www/html/occ.batch "$@" | cat
+
+    return "${PIPESTATUS[0]}"
+}
+