diff --git a/cmd/admin/initialise/init.go b/cmd/admin/initialise/init.go index 45b9f3a0e4..1f33f1ac9b 100644 --- a/cmd/admin/initialise/init.go +++ b/cmd/admin/initialise/init.go @@ -2,7 +2,6 @@ package initialise import ( _ "embed" - "fmt" "github.com/caos/logging" "github.com/spf13/cobra" @@ -13,16 +12,33 @@ import ( ) var ( - conn string + user string + password string + sslCert string + sslKey string +) + +const ( + userFlag = "user" + passwordFlag = "password" + sslCertFlag = "ssl-cert" + sslKeyFlag = "ssl-key" ) func New() *cobra.Command { cmd := &cobra.Command{ Use: "init", Short: "initialize ZITADEL instance", - Long: `init sets up the minimum requirements to start ZITADEL. + Long: `Sets up the minimum requirements to start ZITADEL. + Prereqesits: -- cockroachdb`, +- cockroachdb + +The user provided by flags needs priviledge to +- create the database if it does not exist +- see other users and create a new one if the user does not exist +- grant all rights of the ZITADEL database to the user created if not yet set +`, RunE: func(cmd *cobra.Command, args []string) error { config := new(Config) if err := viper.Unmarshal(config); err != nil { @@ -32,9 +48,11 @@ Prereqesits: }, } - // cmd.PersistentFlags().StringArrayVar(&configFiles, "config", nil, "path to config file to overwrite system defaults") - //TODO(hust): simplify to multiple flags - cmd.PersistentFlags().StringVar(&conn, "connection", "", "connection string to connect with a user which is allowed to create the database and user") + cmd.PersistentFlags().StringVar(&password, passwordFlag, "", "password of the the provided user") + cmd.PersistentFlags().StringVar(&sslCert, sslCertFlag, "", "ssl cert from the provided user") + cmd.PersistentFlags().StringVar(&sslKey, sslKeyFlag, "", "ssl key from the provided user") + cmd.PersistentFlags().StringVar(&user, userFlag, "", "(required) the user to check if the database, user and grants exists and create if not") + cmd.MarkPersistentFlagRequired(userFlag) return cmd } @@ -42,11 +60,7 @@ Prereqesits: func initialise(config *Config) error { logging.Info("initialization started") - if conn == "" { - return fmt.Errorf("connection not defined") - } - - if err := prepareDB(config.Database); err != nil { + if err := prepareDB(config.Database, user, password, sslCert, sslKey); err != nil { return err } diff --git a/cmd/admin/initialise/prepare_database.go b/cmd/admin/initialise/prepare_database.go index 326083efa8..a8f035c2c1 100644 --- a/cmd/admin/initialise/prepare_database.go +++ b/cmd/admin/initialise/prepare_database.go @@ -7,8 +7,14 @@ import ( "github.com/caos/zitadel/internal/database" ) -func prepareDB(config database.Config) error { - db, err := sql.Open("postgres", conn) +func prepareDB(config database.Config, user, password, sslCert, sslKey string) error { + adminConfig := config + adminConfig.User = user + adminConfig.Password = password + adminConfig.SSL.Cert = sslCert + adminConfig.SSL.Key = sslKey + + db, err := database.Connect(adminConfig) if err != nil { return err } diff --git a/internal/database/config.go b/internal/database/config.go index 0c22f9d32a..7a177da872 100644 --- a/internal/database/config.go +++ b/internal/database/config.go @@ -17,7 +17,7 @@ type Config struct { User string Password string Database string - SSL *ssl + SSL SSL MaxOpenConns uint32 MaxConnLifetime types.Duration MaxConnIdleTime types.Duration @@ -27,7 +27,7 @@ type Config struct { Options string } -type ssl struct { +type SSL struct { // type of connection security Mode string // RootCert Path to the CA certificate @@ -39,8 +39,8 @@ type ssl struct { } func (s *Config) checkSSL() { - if s.SSL == nil || s.SSL.Mode == sslDisabledMode || s.SSL.Mode == "" { - s.SSL = &ssl{Mode: sslDisabledMode} + if s.SSL.Mode == sslDisabledMode || s.SSL.Mode == "" { + s.SSL = SSL{Mode: sslDisabledMode} return } if s.SSL.RootCert == "" {