Include bind_dn field in secet (#13)
All checks were successful
Build and deploy / Build container and manifests (push) Successful in 7m8s
All checks were successful
Build and deploy / Build container and manifests (push) Successful in 7m8s
This commit is contained in:
@@ -10,10 +10,16 @@ pub struct Context {
|
||||
pub lldap_config: LldapConfig,
|
||||
pub controller_name: String,
|
||||
pub recorder: Recorder,
|
||||
pub bind_dn_template: String,
|
||||
}
|
||||
|
||||
impl Context {
|
||||
pub fn new(controller_name: &str, client: kube::Client, lldap_config: LldapConfig) -> Self {
|
||||
pub fn new(
|
||||
controller_name: &str,
|
||||
client: kube::Client,
|
||||
lldap_config: LldapConfig,
|
||||
bind_dn_template: impl Into<String>,
|
||||
) -> Self {
|
||||
let reporter: Reporter = controller_name.into();
|
||||
let recorder = Recorder::new(client.clone(), reporter);
|
||||
|
||||
@@ -22,6 +28,7 @@ impl Context {
|
||||
lldap_config,
|
||||
controller_name: controller_name.into(),
|
||||
recorder,
|
||||
bind_dn_template: bind_dn_template.into(),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
use std::sync::Arc;
|
||||
use std::time::Duration;
|
||||
|
||||
use color_eyre::eyre::Context as _;
|
||||
use dotenvy::dotenv;
|
||||
use futures::StreamExt;
|
||||
use k8s_openapi::api::core::v1::Secret;
|
||||
@@ -54,12 +55,15 @@ async fn main() -> color_eyre::Result<()> {
|
||||
|
||||
info!(version = VERSION, "Starting");
|
||||
|
||||
let bind_dn_template = std::env::var("LLDAP_BIND_DN").wrap_err("LLDAP_BIND_DN is not set")?;
|
||||
|
||||
let client = KubeClient::try_default().await?;
|
||||
|
||||
let data = Context::new(
|
||||
"lldap.huizinga.dev",
|
||||
client.clone(),
|
||||
LldapConfig::try_from_env()?,
|
||||
bind_dn_template,
|
||||
);
|
||||
|
||||
let secrets = Api::<Secret>::all(client.clone());
|
||||
|
||||
@@ -9,6 +9,7 @@ use k8s_openapi::apimachinery::pkg::apis::meta::v1::OwnerReference;
|
||||
use kube::api::{ObjectMeta, Patch, PatchParams, PostParams};
|
||||
use kube::runtime::controller::Action;
|
||||
use kube::{Api, CustomResource, Resource};
|
||||
use leon::{Template, vals};
|
||||
use passwords::PasswordGenerator;
|
||||
use schemars::JsonSchema;
|
||||
use serde::{Deserialize, Serialize};
|
||||
@@ -113,6 +114,31 @@ impl Reconcile for ServiceUser {
|
||||
debug!(name, secret_name, "Generating new secret");
|
||||
|
||||
new_secret(&username, oref)
|
||||
})
|
||||
.and_modify(|secret| {
|
||||
let bind_dn_template = match Template::parse(&ctx.bind_dn_template) {
|
||||
Ok(template) => template,
|
||||
Err(err) => {
|
||||
warn!("Invalid bind_dn template: {err}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
let bind_dn = match bind_dn_template.render(&&vals(|key| match key {
|
||||
"username" => Some(username.clone().into()),
|
||||
_ => None,
|
||||
})) {
|
||||
Ok(bind_dn) => bind_dn,
|
||||
Err(err) => {
|
||||
warn!("Failed to render bind_dn template: {err}");
|
||||
return;
|
||||
}
|
||||
};
|
||||
|
||||
secret
|
||||
.string_data
|
||||
.get_or_insert_default()
|
||||
.insert("bind_dn".into(), bind_dn);
|
||||
});
|
||||
|
||||
trace!(name, "Committing secret");
|
||||
|
||||
Reference in New Issue
Block a user