WIP: Working on new lldap bootstrap script

2025-01-30 01:15:02 +01:00 · 2025-01-30 01:15:02 +01:00 · c964951309
commit c964951309
parent ba5c9e11d1
3 changed files with 25 additions and 1 deletions
--- a/apps/authelia/release.yaml
+++ b/apps/authelia/release.yaml
@ -1,4 +1,3 @@
-apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: authelia
@ -36,6 +35,7 @@ spec:
      authentication_backend:
        ldap:
          enabled: true
+          # TODO: Use lldap implementation, see docs
          implementation: custom
          address: ldap://lldap.lldap.svc.cluster.local:3890
          base_dn: dc=huizinga,dc=dev
--- a/apps/lldap/bootstrap/bootstrap-job.yaml
+++ b/apps/lldap/bootstrap/bootstrap-job.yaml
@ -45,6 +45,10 @@ spec:
              mountPath: /bootstrap/group-configs
              readOnly: true

+            - name: system-users
+              mountPath: /bootstrap/system-users
+              readOnly: true
+
      volumes:
        - name: bootstrap
          configMap:
@ -73,6 +77,20 @@ spec:
                    - key: user-configs.json
                      path: grafana-configs.json

+        - name: system-users
+          projected:
+            sources:
+              - secret:
+                  name: authelia-lldap
+                  items:
+                    - key: password
+                      path: authelia
+              - secret:
+                  name: grafana-lldap
+                  items:
+                    - key: password
+                      path: grafana
+
        - name: group-configs
          projected:
            sources:
--- a/apps/lldap/bootstrap/bootstrap.sh
+++ b/apps/lldap/bootstrap/bootstrap.sh
@ -7,6 +7,7 @@ LLDAP_URL="${LLDAP_URL:-http://localhost:17170}"
 LLDAP_ADMIN_USERNAME="${LLDAP_ADMIN_USERNAME:-admin}"
 LLDAP_ADMIN_PASSWORD="${LLDAP_ADMIN_PASSWORD:-password}"
 USER_SCHEMAS_DIR="${USER_SCHEMAS_DIR:-/bootstrap/user-schemas}"
+SYSTEM_USERS_DIR="${SYSTEM_USERS_DIR:-/bootstrap/system-users}"
 GROUP_SCHEMAS_DIR="${GROUP_SCHEMAS_DIR:-/bootstrap/group-schemas}"
 USER_CONFIGS_DIR="${USER_CONFIGS_DIR:-/bootstrap/user-configs}"
 GROUP_CONFIGS_DIR="${GROUP_CONFIGS_DIR:-/bootstrap/group-configs}"
@ -481,6 +482,11 @@ main() {
  [[ -d "$GROUP_SCHEMAS_DIR" ]] && for file in "${GROUP_SCHEMAS_DIR}"/*.json; do
    group_schema_files+=("$file")
  done
+  [[ -d "$SYSTEM_USERS_DIR" ]] && for file in "${SYSTEM_USERS_DIR}"/*; do
+	  printf -- "$(basename $file) => $(cat $file)\n"
+  done
+  create_user_schema_property "managed" "integer" "false" "false" "false"
+

  if ! check_configs_validity "${group_config_files[@]}" "${user_config_files[@]}" "${group_schema_files[@]}" "${user_schema_files[@]}"; then
    exit 1