Skip to content

Commit

Permalink
feat(feedbacksystem): add new ldap configuration (#38)
Browse files Browse the repository at this point in the history
* feat(feedbacksystem): add ldap configuration

* docs(feedbacksystem): document ldap configuration

* feat: add .gitignore to prevent commit of chart dependencies

* chore(feedbacksystem): bump version to 0.7.0
  • Loading branch information
Zitrone44 authored Feb 9, 2023
1 parent e878878 commit 57cbf71
Show file tree
Hide file tree
Showing 7 changed files with 155 additions and 17 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
charts/*/charts
2 changes: 1 addition & 1 deletion charts/feedbacksystem/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sources:
- https://github.com/thm-mni-ii/feedbacksystem
home: https://github.com/thm-mni-ii/feedbacksystem
type: application
version: 0.6.3
version: 0.7.0
# renovate: image=thmmniii/fbs-core
appVersion: v1.5.1
dependencies:
Expand Down
19 changes: 19 additions & 0 deletions charts/feedbacksystem/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,25 @@ There is a [Deno](https://deno.land) script to generate the configuration file f
| core.enabled | Should the Container be Enabled | true |
| core.config.jwtSecret | The Used JWT Secret | 2edb8793d987389e1626918e0ec1dbee |

#### LDAP

| Parameter | Description | Default |
| ------------------------------------ | ------------------------------------------------------- | ------------ |
| core.config.ldap.enabled | Should ldap be enabled | false |
| core.config.ldap.allowLogn | Allow authentication using ldap | false |
| core.config.ldap.baseDn | The base dn of the ldap server | |
| core.config.ldap.url | The url of the ldap server | |
| core.config.ldap.startTls | Allow startTls when connecting to ldap | |
| core.config.ldap.filter | The filter to use to locate a user in ldap | (uid={user}) |
| core.config.ldap.timeout | The timeout for ldap requests | 5000 |
| core.config.ldap.bind.enabled | Use bind authentication for ldap queries | false |
| core.config.ldap.bind.dn | The dn to bind to | "" |
| core.config.ldap.bind.password | The password to bind to | "" |
| core.config.ldap.attributeNames.uid | The name of the ldap attribute to use as the user id | uid |
| core.config.ldap.attributeNames.sn | The name of the ldap attribute to use as the last name | sn |
| core.config.ldap.attributeNames.name | The name of the ldap attribute to use as the first name | givenName |
| core.config.ldap.attributeNames.mail | The name of the ldap attribute to use as the user mail | mail |

#### Runner

| Parameter | Description | Default |
Expand Down
45 changes: 45 additions & 0 deletions charts/feedbacksystem/templates/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
{{ if .Values.runner.sqlChecker.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-sql-checker
data:
mongoDatabase: {{ .Values.checkerMongodb.auth.database | quote }}
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ .Release.Name }}-sql-checker
data:
mongodbUri: {{ print "mongodb://" .Values.checkerMongodb.auth.username ":" .Values.checkerMongodb.auth.password "@" .Release.Name "-checker-mongodb" ":27017/" .Values.checkerMongodb.auth.database | b64enc }}
{{ end }}
{{ if .Values.core.config.ldap.enabled }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-ldap
data:
enabled: {{ .Values.core.config.ldap.enabled | quote }}
allowLogin: {{ .Values.core.config.ldap.allowLogin | quote }}
baseDn: {{ .Values.core.config.ldap.baseDn | quote }}
url: {{ .Values.core.config.ldap.url | quote }}
startTls: {{ .Values.core.config.ldap.startTls | quote }}
filter: {{ .Values.core.config.ldap.filter | quote }}
timeout: {{ .Values.core.config.ldap.timeout | quote }}
bind_enabled: {{ .Values.core.config.ldap.bind.enabled | quote }}
bind_dn: {{ .Values.core.config.ldap.bind.dn | quote }}
attribute_uid: {{ .Values.core.config.ldap.attributeNames.uid | quote }}
attribute_sn: {{ .Values.core.config.ldap.attributeNames.sn | quote }}
attribute_name: {{ .Values.core.config.ldap.attributeNames.name | quote }}
attribute_mail: {{ .Values.core.config.ldap.attributeNames.mail | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-ldap
data:
bind_password: {{ .Values.core.config.ldap.bind.password | b64enc | quote }}
{{ end }}
72 changes: 72 additions & 0 deletions charts/feedbacksystem/templates/core.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,78 @@ spec:
{{ end }}
- name: SELF_URL
value: https://{{ .Release.Name }}-core
{{ if .Values.core.config.ldap.enabled }}
- name: LDAP_ENABLED
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: enabled
- name: LDAP_ALLOW_LOGIN
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: allowLogin
- name: LDAP_BASE_DN
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: baseDn
- name: LDAP_URL
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: url
- name: LDAP_START_TLS
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: startTls
- name: LDAP_FILTER
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: filter
- name: LDAP_TIMEOUT
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: timeout
- name: LDAP_BIND_ENABLED
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: bind_enabled
- name: LDAP_BIND_DN
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: bind_dn
- name: LDAP_BIND_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-ldap
key: bind_password
- name: LDAP_ATTRIBUTE_NAMES_UID
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: attribute_uid
- name: LDAP_ATTRIBUTE_NAMES_SN
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: attribute_sn
- name: LDAP_ATTRIBUTE_NAMES_NAME
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: attribute_name
- name: LDAP_ATTRIBUTE_NAMES_MAIL
valueFrom:
configMapKeyRef:
name: {{ .Release.Name }}-ldap
key: attribute_mail
{{ end }}
resources:
requests:
cpu: {{ .Values.core.resources.cpu.request }}
Expand Down
16 changes: 0 additions & 16 deletions charts/feedbacksystem/templates/sql-checker.yaml

This file was deleted.

17 changes: 17 additions & 0 deletions charts/feedbacksystem/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,23 @@ core:
limit: "4Gi"
config:
jwtSecret: "2edb8793d987389e1626918e0ec1dbee" # CHANGE ME
ldap:
enabled: false
allowLogin: false
baseDn: ""
url: ""
startTls: true
filter: "(uid={user})"
timeout: 5000
bind:
enabled: false
dn: ""
password: ""
attributeNames:
uid: "uid"
sn: "sn"
name: "givenName"
mail: "mail"
ingress:
enabled: true

Expand Down

0 comments on commit 57cbf71

Please sign in to comment.