commit d542b734b96290e10786e3936af01b7e379b3814
author Giorgi Lekveishvili <giolekva@gmail.com> Mon Mar 25 18:17:39 2024 +0400
committer GitHub <noreply@github.com> Mon Mar 25 18:17:39 2024 +0400
tree 7bcd7b68cff4005bcf29d795ebe3bab8502cf82d
parent 942c76164eae4f82ea9cfcbe363fa57966c56331

welcome: init group memberships for first create (#115)

* rename createAdminAccount to createAccount

* welcome: call memberships init on first user

* auth: add http endpoints to allowed return addresses

* memberships: make init user member of groups as well

---------

Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>

core/installer/tasks/infra.go

diff --git a/core/installer/tasks/infra.go b/core/installer/tasks/infra.go
index c7e6f9e..6fbd55d 100644
--- a/core/installer/tasks/infra.go
+++ b/core/installer/tasks/infra.go
@@ -4,12 +4,15 @@
 	"fmt"
 	"net"
 	"net/netip"
+	"strings"
 
 	"github.com/miekg/dns"
 
 	"github.com/giolekva/pcloud/core/installer"
 )
 
+var initGroups = []string{"admin"}
+
 func SetupInfra(env Env, startIP net.IP, st *state) []Task {
 	t := newLeafTask("Create client", func() error {
 		repo, err := st.ssClient.GetRepo("config")
@@ -29,6 +32,7 @@
 	})
 	return []Task{
 		CommitEnvironmentConfiguration(env, st),
+		ConfigureFirstAccount(env, st),
 		&t,
 		newConcurrentParentTask(
 			"Core services",
@@ -103,6 +107,27 @@
 	return &t
 }
 
+type firstAccount struct {
+	Created bool     `json:"created"`
+	Groups  []string `json:"groups"`
+}
+
+func ConfigureFirstAccount(env Env, st *state) Task {
+	t := newLeafTask("Configure first account settings", func() error {
+		repo, err := st.ssClient.GetRepo("config")
+		if err != nil {
+			return err
+		}
+		r := installer.NewRepoIO(repo, st.ssClient.Signer)
+		fa := firstAccount{false, initGroups}
+		if err := r.WriteYaml("first-account.yaml", fa); err != nil {
+			return err
+		}
+		return r.CommitAndPush("first account membership configuration")
+	})
+	return &t
+}
+
 func SetupNetwork(env Env, startIP net.IP, st *state) Task {
 	t := newLeafTask("Setup network", func() error {
 		startAddr, err := netip.ParseAddr(startIP.String())
@@ -236,7 +261,9 @@
 		if err != nil {
 			return err
 		}
-		if err := st.appManager.Install(app, st.nsGen, st.emptySuffixGen, map[string]any{}); err != nil {
+		if err := st.appManager.Install(app, st.nsGen, st.emptySuffixGen, map[string]any{
+			"authGroups": strings.Join(initGroups, ","),
+		}); err != nil {
 			return err
 		}
 		return nil