Dreaded_X/lldap-controller
1
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Dreaded_X:41efea3a98acce98a09d172e70c17f5c754d7b55
Branches Tags
Dreaded_X:master
...
compare: Dreaded_X:30b789e44343dd6eaf33638e2135aa8822cc6c0f
Branches Tags
Dreaded_X:master

3 Commits
41efea3a98 ... 30b789e443

Author SHA1 Message Date
Dreaded_X
30b789e443
Include bind_dn field in secet
Some checks failed
Build and deploy / Build container and manifests (push) Has been cancelled
Details
2025-04-22 00:22:57 +02:00
Dreaded_X
58bb0b312a
Added dotenvy to make development a bit easier 2025-04-22 00:22:32 +02:00
Dreaded_X
46ea8e2cd7
Switched from anyhow to color_eyre 2025-04-22 00:22:30 +02:00
7 changed files with 180 additions and 31 deletions
Show Stats Expand all files Collapse all files

144
Cargo.lock generated
View File

@ -4,18 +4,18 @@ version = 4
[[package]] [[package]]
name = "addr2line" name = "addr2line"
version = "0.24.2" version = "0.21.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dfbe277e56a376000877090da837660b4427aad530e3028d44e0bffe4f89a1c1" checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
dependencies = [ dependencies = [
"gimli", "gimli",
] ]
[[package]] [[package]]
name = "adler2" name = "adler"
version = "2.0.0" version = "1.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "512761e0bb2578dd7380c6baaa0f4ce03e84f95e960231d1dec8bf4d7d6e2627" checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
[[package]] [[package]]
name = "ahash" name = "ahash"
@ -66,12 +66,6 @@ dependencies = [
"libc", "libc",
] ]
[[package]]
name = "anyhow"
version = "1.0.97"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f"
[[package]] [[package]]
name = "arrayref" name = "arrayref"
version = "0.3.9" version = "0.3.9"
@ -148,17 +142,17 @@ dependencies = [
[[package]] [[package]]
name = "backtrace" name = "backtrace"
version = "0.3.74" version = "0.3.71"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a" checksum = "26b05800d2e817c8b3b4b54abd461726265fa9789ae34330622f2db9ee696f9d"
dependencies = [ dependencies = [
"addr2line", "addr2line",
"cc",
"cfg-if", "cfg-if",
"libc", "libc",
"miniz_oxide", "miniz_oxide",
"object", "object",
"rustc-demangle", "rustc-demangle",
"windows-targets 0.52.6",
] ]
[[package]] [[package]]
@ -274,6 +268,33 @@ dependencies = [
"windows-link", "windows-link",
] ]
[[package]]
name = "color-eyre"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "55146f5e46f237f7423d74111267d4597b59b0dad0ffaf7303bce9945d843ad5"
dependencies = [
"backtrace",
"color-spantrace",
"eyre",
"indenter",
"once_cell",
"owo-colors",
"tracing-error",
]
[[package]]
name = "color-spantrace"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "cd6be1b2a7e382e2b98b43b2adcca6bb0e465af0bdd38123873ae61eb17a72c2"
dependencies = [
"once_cell",
"owo-colors",
"tracing-core",
"tracing-error",
]
[[package]] [[package]]
name = "concurrent-queue" name = "concurrent-queue"
version = "2.5.0" version = "2.5.0"
@ -528,6 +549,12 @@ dependencies = [
"syn 2.0.100", "syn 2.0.100",
] ]
[[package]]
name = "dotenvy"
version = "0.15.7"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
[[package]] [[package]]
name = "dyn-clone" name = "dyn-clone"
version = "1.0.19" version = "1.0.19"
@ -605,6 +632,16 @@ dependencies = [
"pin-project-lite", "pin-project-lite",
] ]
[[package]]
name = "eyre"
version = "0.6.12"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7cd915d99f24784cdc19fd37ef22b97e3ff0ae756c7e492e9fbfe897d61e2aec"
dependencies = [
"indenter",
"once_cell",
]
[[package]] [[package]]
name = "fastrand" name = "fastrand"
version = "2.3.0" version = "2.3.0"
@ -781,9 +818,9 @@ dependencies = [
[[package]] [[package]]
name = "gimli" name = "gimli"
version = "0.31.1" version = "0.28.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" checksum = "4271d37baee1b8c7e4b708028c57d816cf9d2434acb33a549475f78c181f6253"
[[package]] [[package]]
name = "git-version" name = "git-version"
@ -1203,6 +1240,12 @@ dependencies = [
"icu_properties", "icu_properties",
] ]
[[package]]
name = "indenter"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ce23b50ad8242c51a442f3ff322d56b02f08852c77e4c0b4d3fd684abc89c683"
[[package]] [[package]]
name = "indexmap" name = "indexmap"
version = "2.8.0" version = "2.8.0"
@ -1422,6 +1465,16 @@ version = "1.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
[[package]]
name = "leon"
version = "3.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "42a865ffec5587961f5afc6d365bccb304f4feaa1928f4fe94c91c9d210d7310"
dependencies = [
"miette",
"thiserror 2.0.12",
]
[[package]] [[package]]
name = "libc" name = "libc"
version = "0.2.171" version = "0.2.171"
@ -1444,14 +1497,16 @@ checksum = "23fb14cb19457329c82206317a5663005a4d404783dc74f4252769b0d5f42856"
name = "lldap-controller" name = "lldap-controller"
version = "0.1.0" version = "0.1.0"
dependencies = [ dependencies = [
"anyhow",
"chrono", "chrono",
"color-eyre",
"cynic", "cynic",
"dotenvy",
"futures", "futures",
"git-version", "git-version",
"insta", "insta",
"k8s-openapi", "k8s-openapi",
"kube", "kube",
"leon",
"lldap_auth", "lldap_auth",
"passwords", "passwords",
"queries", "queries",
@ -1550,6 +1605,29 @@ version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
[[package]]
name = "miette"
version = "7.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a955165f87b37fd1862df2a59547ac542c77ef6d17c666f619d1ad22dd89484"
dependencies = [
"cfg-if",
"miette-derive",
"thiserror 1.0.69",
"unicode-width",
]
[[package]]
name = "miette-derive"
version = "7.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "bf45bf44ab49be92fd1227a3be6fc6f617f1a337c06af54981048574d8783147"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.100",
]
[[package]] [[package]]
name = "mime" name = "mime"
version = "0.3.17" version = "0.3.17"
@ -1558,11 +1636,11 @@ checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a"
[[package]] [[package]]
name = "miniz_oxide" name = "miniz_oxide"
version = "0.8.5" version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8e3e04debbb59698c15bacbb6d93584a8c0ca9cc3213cb423d31f760d8843ce5" checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08"
dependencies = [ dependencies = [
"adler2", "adler",
] ]
[[package]] [[package]]
@ -1597,9 +1675,9 @@ dependencies = [
[[package]] [[package]]
name = "object" name = "object"
version = "0.36.7" version = "0.32.2"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "62948e14d923ea95ea2c7c86c71013138b66525b86bdc08d2dcc262bdb497b87" checksum = "a6a622008b6e321afc04970976f62ee297fdbaa6f95318ca343e3eebb9648441"
dependencies = [ dependencies = [
"memchr", "memchr",
] ]
@ -1682,6 +1760,12 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39"
[[package]]
name = "owo-colors"
version = "3.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1b04fb49957986fdce4d6ee7a65027d55d4b6d2265e5848bbb507b58ccfdb6f"
[[package]] [[package]]
name = "parking" name = "parking"
version = "2.2.1" version = "2.2.1"
@ -2795,6 +2879,16 @@ dependencies = [
"valuable", "valuable",
] ]
[[package]]
name = "tracing-error"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b1581020d7a273442f5b45074a6a57d5757ad0a47dac0e9f0bd57b81936f3db"
dependencies = [
"tracing",
"tracing-subscriber",
]
[[package]] [[package]]
name = "tracing-log" name = "tracing-log"
version = "0.2.0" version = "0.2.0"
@ -2861,6 +2955,12 @@ version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
[[package]]
name = "unicode-width"
version = "0.1.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7dd6e30e90baa6f72411720665d41d89b9a3d039dc45b8faea1ddd07f617f6af"
[[package]] [[package]]
name = "unicode-xid" name = "unicode-xid"
version = "0.2.6" version = "0.2.6"

4
Cargo.toml
View File

@ -13,7 +13,6 @@ insta = { version = "1.42.2", features = ["yaml"] }
[dependencies] [dependencies]
queries = { path = "./queries" } queries = { path = "./queries" }
anyhow = "1.0.97"
lldap_auth = { git = "https://github.com/lldap/lldap" } lldap_auth = { git = "https://github.com/lldap/lldap" }
rand = { version = "0.8.5" } rand = { version = "0.8.5" }
serde_json = "1.0.140" serde_json = "1.0.140"
@ -35,6 +34,9 @@ reqwest = { version = "0.12.14", default-features = false, features = [
"rustls-tls", "rustls-tls",
] } ] }
git-version = "0.3.9" git-version = "0.3.9"
color-eyre = "0.6.3"
dotenvy = "0.15.7"
leon = "3.0.2"
[dev-dependencies] [dev-dependencies]
insta = { workspace = true } insta = { workspace = true }

2
manifests/deployment.yaml
View File

@ -43,3 +43,5 @@ spec:
secretKeyRef: secretKeyRef:
name: lldap-credentials name: lldap-credentials
key: lldap-ldap-user-pass key: lldap-ldap-user-pass
- name: BIND_DN_TEMPLATE
value: uid={username},ou=people,dc=huizinga,dc=dev

9
src/context.rs
View File

@ -10,10 +10,16 @@ pub struct Context {
pub lldap_config: LldapConfig, pub lldap_config: LldapConfig,
pub controller_name: String, pub controller_name: String,
pub recorder: Recorder, pub recorder: Recorder,
pub bind_dn_template: String,
} }
impl Context { impl Context {
pub fn new(controller_name: &str, client: kube::Client, lldap_config: LldapConfig) -> Self { pub fn new(
controller_name: &str,
client: kube::Client,
lldap_config: LldapConfig,
bind_dn_template: impl Into<String>,
) -> Self {
let reporter: Reporter = controller_name.into(); let reporter: Reporter = controller_name.into();
let recorder = Recorder::new(client.clone(), reporter); let recorder = Recorder::new(client.clone(), reporter);
@ -22,6 +28,7 @@ impl Context {
lldap_config, lldap_config,
controller_name: controller_name.into(), controller_name: controller_name.into(),
recorder, recorder,
bind_dn_template: bind_dn_template.into(),
} }
} }
} }

11
src/lldap.rs
View File

@ -1,6 +1,6 @@
use std::time::Duration; use std::time::Duration;
use anyhow::Context; use color_eyre::eyre::Context;
use cynic::http::{CynicReqwestError, ReqwestExt}; use cynic::http::{CynicReqwestError, ReqwestExt};
use cynic::{GraphQlError, GraphQlResponse, MutationBuilder, QueryBuilder}; use cynic::{GraphQlError, GraphQlResponse, MutationBuilder, QueryBuilder};
use lldap_auth::login::{ClientSimpleLoginRequest, ServerLoginResponse}; use lldap_auth::login::{ClientSimpleLoginRequest, ServerLoginResponse};
@ -53,14 +53,13 @@ pub struct LldapConfig {
} }
impl LldapConfig { impl LldapConfig {
pub fn try_from_env() -> anyhow::Result<Self> { pub fn try_from_env() -> color_eyre::Result<Self> {
Ok(Self { Ok(Self {
username: std::env::var("LLDAP_USERNAME") username: std::env::var("LLDAP_USERNAME")
.context("Variable 'LLDAP_USERNAME' is not set or invalid")?, .wrap_err("Variable 'LLDAP_USERNAME' is not set")?,
password: std::env::var("LLDAP_PASSWORD") password: std::env::var("LLDAP_PASSWORD")
.context("Variable 'LLDAP_PASSWORD' is not set or invalid")?, .wrap_err("Variable 'LLDAP_PASSWORD' is not set")?,
url: std::env::var("LLDAP_URL") url: std::env::var("LLDAP_URL").wrap_err("Variable 'LLDAP_URL' is not set")?,
.context("Variable 'LLDAP_URL' is not set or invalid")?,
}) })
} }

11
src/main.rs
View File

@ -1,6 +1,8 @@
use std::sync::Arc; use std::sync::Arc;
use std::time::Duration; use std::time::Duration;
use color_eyre::eyre::Context as _;
use dotenvy::dotenv;
use futures::StreamExt; use futures::StreamExt;
use k8s_openapi::api::core::v1::Secret; use k8s_openapi::api::core::v1::Secret;
use kube::runtime::controller::{self, Action}; use kube::runtime::controller::{self, Action};
@ -35,7 +37,10 @@ async fn log_status<T>(
} }
#[tokio::main] #[tokio::main]
async fn main() -> anyhow::Result<()> { async fn main() -> color_eyre::Result<()> {
color_eyre::install()?;
dotenv().ok();
let env_filter = EnvFilter::try_from_default_env() let env_filter = EnvFilter::try_from_default_env()
.or_else(|_| EnvFilter::try_new("info")) .or_else(|_| EnvFilter::try_new("info"))
.expect("Fallback should be valid"); .expect("Fallback should be valid");
@ -50,12 +55,16 @@ async fn main() -> anyhow::Result<()> {
info!(version = VERSION, "Starting"); info!(version = VERSION, "Starting");
let bind_dn_template =
std::env::var("BIND_DN_TEMPLATE").wrap_err("BIND_DN_TEMPLATE is not set")?;
let client = KubeClient::try_default().await?; let client = KubeClient::try_default().await?;
let data = Context::new( let data = Context::new(
"lldap.huizinga.dev", "lldap.huizinga.dev",
client.clone(), client.clone(),
LldapConfig::try_from_env()?, LldapConfig::try_from_env()?,
bind_dn_template,
); );
let secrets = Api::<Secret>::all(client.clone()); let secrets = Api::<Secret>::all(client.clone());

30
src/resources/service_user.rs
View File

@ -9,6 +9,7 @@ use k8s_openapi::apimachinery::pkg::apis::meta::v1::OwnerReference;
use kube::api::{ObjectMeta, Patch, PatchParams, PostParams}; use kube::api::{ObjectMeta, Patch, PatchParams, PostParams};
use kube::runtime::controller::Action; use kube::runtime::controller::Action;
use kube::{Api, CustomResource, Resource}; use kube::{Api, CustomResource, Resource};
use leon::{Template, vals};
use passwords::PasswordGenerator; use passwords::PasswordGenerator;
use schemars::JsonSchema; use schemars::JsonSchema;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -113,6 +114,35 @@ impl Reconcile for ServiceUser {
debug!(name, secret_name, "Generating new secret"); debug!(name, secret_name, "Generating new secret");
new_secret(&username, oref) new_secret(&username, oref)
})
.and_modify(|secret| {
let bind_dn_template = match Template::parse(&ctx.bind_dn_template) {
Ok(template) => template,
Err(err) => {
warn!("Invalid bind_dn template: {err}");
return;
}
};
let bind_dn = match bind_dn_template.render(&&vals(|key| {
if key == "username" {
Some(username.clone().into())
} else {
warn!("Invalid bind_dn template key: {key}");
None
}
})) {
Ok(bind_dn) => bind_dn,
Err(err) => {
warn!("Failed to render bind_dn template: {err}");
return;
}
};
secret
.string_data
.get_or_insert_default()
.insert("bind_dn".into(), bind_dn);
}); });
trace!(name, "Committing secret"); trace!(name, "Committing secret");