From 4b69f20704989f154bb2bb6aaea58264962f044f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <t.maat@famedly.com>
Date: Wed, 15 Jan 2025 18:47:20 +0800
Subject: [PATCH 1/3] fix(doc): Update file paths in documentation

In #78 we overlooked renaming the path our various example files use
for the docker container.
---
 README.md                              | 2 +-
 docker-compose.yaml                    | 2 +-
 ldap-sync-cronjob.yaml                 | 2 +-
 sample-configs/csv-config.sample.yaml  | 2 +-
 sample-configs/ldap-config.sample.yaml | 2 +-
 sample-configs/ukt-config.sample.yaml  | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index e9b8616..51c7251 100644
--- a/README.md
+++ b/README.md
@@ -121,7 +121,7 @@ docker compose up
 Or alternatively, without `docker compose`:
 
 ```
-docker run --rm -it --network host --volume ./opt:/opt/famedly-sync-agent docker-oss.nexus.famedly.de/famedly-sync-agent:latest
+docker run --rm -it --network host --volume ./opt:/opt/famedly-sync docker-oss.nexus.famedly.de/famedly-sync-agent:latest
 ```
 
 ### Kubernetes Deployment
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 3b9f0ab..74b4c58 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -4,5 +4,5 @@ services:
     volumes:
       - type: bind
         source: ./opt
-        target: /opt/famedly-sync-agent
+        target: /opt/famedly-sync
     network_mode: host
diff --git a/ldap-sync-cronjob.yaml b/ldap-sync-cronjob.yaml
index 966c77e..4ff6e49 100644
--- a/ldap-sync-cronjob.yaml
+++ b/ldap-sync-cronjob.yaml
@@ -14,7 +14,7 @@ spec:
               image: docker-oss.nexus.famedly.de/famedly-sync-agent:v0.4.0
               imagePullPolicy: IfNotPresent
               volumeMounts:
-                - mountPath: /opt/famedly-sync-agent/
+                - mountPath: /opt/famedly-sync/
                   name: famedly-sync-config
           restartPolicy: OnFailure
           volumes:
diff --git a/sample-configs/csv-config.sample.yaml b/sample-configs/csv-config.sample.yaml
index bbba672..24ad662 100644
--- a/sample-configs/csv-config.sample.yaml
+++ b/sample-configs/csv-config.sample.yaml
@@ -3,7 +3,7 @@ zitadel:
   # The Famedly user endpoint to sync to.
   url: https://auth.famedly.de
   # The Famedly-provided service user credentials.
-  key_file: /opt/famedly-sync-agent/service-user.json
+  key_file: /opt/famedly-sync/service-user.json
   # The organization whose users to sync.
   organization_id: 278274756195721220
   # The project to grant users access to.
diff --git a/sample-configs/ldap-config.sample.yaml b/sample-configs/ldap-config.sample.yaml
index 679ccfb..65669af 100644
--- a/sample-configs/ldap-config.sample.yaml
+++ b/sample-configs/ldap-config.sample.yaml
@@ -3,7 +3,7 @@ zitadel:
   # The Famedly user endpoint to sync to.
   url: https://auth.famedly.de
   # The Famedly-provided service user credentials.
-  key_file: /opt/famedly-sync-agent/service-user.json
+  key_file: /opt/famedly-sync/service-user.json
   # The organization whose users to sync.
   organization_id: 278274756195721220
   # The project to grant users access to.
diff --git a/sample-configs/ukt-config.sample.yaml b/sample-configs/ukt-config.sample.yaml
index 64458ca..f04902e 100644
--- a/sample-configs/ukt-config.sample.yaml
+++ b/sample-configs/ukt-config.sample.yaml
@@ -3,7 +3,7 @@ zitadel:
   # The Famedly user endpoint to sync to.
   url: https://auth.famedly.de
   # The Famedly-provided service user credentials.
-  key_file: /opt/famedly-sync-agent/service-user.json
+  key_file: /opt/famedly-sync/service-user.json
   # The organization whose users to sync.
   organization_id: 278274756195721220
   # The project to grant users access to.

From e4af74df63aca03def41174f604c31080e8e9795 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <t.maat@famedly.com>
Date: Wed, 15 Jan 2025 18:48:40 +0800
Subject: [PATCH 2/3] doc: Add warning about service user scopes

---
 README.md                              | 6 ++++++
 sample-configs/csv-config.sample.yaml  | 4 ++++
 sample-configs/ldap-config.sample.yaml | 4 ++++
 sample-configs/ukt-config.sample.yaml  | 4 ++++
 4 files changed, 18 insertions(+)

diff --git a/README.md b/README.md
index 51c7251..cbe6d57 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,12 @@ Currently supported sources:
 
 ## Configuration
 
+> [!WARNING]
+>
+> When creating a service user, limit them to the specific project and
+> organization scope that they are intended to sync. `famedly-sync`
+> currently does not separately limit the scope of the sync, see #103.
+
 The tool expects a configuration file located at `./config.yaml`. See example configuration at [config.sample.yaml](./config.sample.yaml).
 
 The default path can be changed by setting the new path to the environment variable `FAMEDLY_SYNC_CONFIG`.
diff --git a/sample-configs/csv-config.sample.yaml b/sample-configs/csv-config.sample.yaml
index 24ad662..b1c5066 100644
--- a/sample-configs/csv-config.sample.yaml
+++ b/sample-configs/csv-config.sample.yaml
@@ -9,6 +9,10 @@ zitadel:
   # The project to grant users access to.
   project_id: 278274945274880004
   # The identity provider ID to enable SSO login for
+  #
+  # WARNING: This user *must* be scoped to the specific org/project,
+  # as famedly-sync does not limit syncs to the configured org/project
+  # by itself.
   idp_id: 281430143275106308
 
 feature_flags:
diff --git a/sample-configs/ldap-config.sample.yaml b/sample-configs/ldap-config.sample.yaml
index 65669af..76486c3 100644
--- a/sample-configs/ldap-config.sample.yaml
+++ b/sample-configs/ldap-config.sample.yaml
@@ -9,6 +9,10 @@ zitadel:
   # The project to grant users access to.
   project_id: 278274945274880004
   # The identity provider ID to enable SSO login for
+  #
+  # WARNING: This user *must* be scoped to the specific org/project,
+  # as famedly-sync does not limit syncs to the configured org/project
+  # by itself.
   idp_id: 281430143275106308
 
 feature_flags:
diff --git a/sample-configs/ukt-config.sample.yaml b/sample-configs/ukt-config.sample.yaml
index f04902e..412cd9f 100644
--- a/sample-configs/ukt-config.sample.yaml
+++ b/sample-configs/ukt-config.sample.yaml
@@ -9,6 +9,10 @@ zitadel:
   # The project to grant users access to.
   project_id: 278274945274880004
   # The identity provider ID to enable SSO login for
+  #
+  # WARNING: This user *must* be scoped to the specific org/project,
+  # as famedly-sync does not limit syncs to the configured org/project
+  # by itself.
   idp_id: 281430143275106308
 
 feature_flags:

From 5ab1845064a1a2db7bfccdae104238da8d8ad4fe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= <t.maat@famedly.com>
Date: Wed, 15 Jan 2025 18:54:01 +0800
Subject: [PATCH 3/3] fix(doc): Update sample configuration path

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cbe6d57..c56fc11 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Currently supported sources:
 > organization scope that they are intended to sync. `famedly-sync`
 > currently does not separately limit the scope of the sync, see #103.
 
-The tool expects a configuration file located at `./config.yaml`. See example configuration at [config.sample.yaml](./config.sample.yaml).
+The tool expects a configuration file located at `./config.yaml`. See example configuration files in [./sample-configs/](./sample-configs/).
 
 The default path can be changed by setting the new path to the environment variable `FAMEDLY_SYNC_CONFIG`.