hswaw/ldapweb: bump app, simplify config

Change-Id: Ia1a0097c097c8d75b7123088b89b51b4cf5ab46c
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1632
Reviewed-by: informatic <informatic@hackerspace.pl>
This commit is contained in:
radex 2023-09-23 18:34:02 +02:00
parent 69957c346f
commit d60a68d4f3

View file

@ -8,7 +8,7 @@ local kube = import "../../kube/kube.libsonnet";
name: 'ldapweb',
namespace: 'ldapweb',
domain: 'profile.hackerspace.pl',
image: 'registry.k0.hswaw.net/radex/ldap-web:1695415920',
image: 'registry.k0.hswaw.net/radex/ldap-web:1695486391',
},
ns: kube.Namespace(cfg.namespace),
@ -18,9 +18,6 @@ local kube = import "../../kube/kube.libsonnet";
replicas: 1,
template+: {
spec+: {
volumes_: {
config: kube.ConfigMapVolume(top.configmap),
},
containers_: {
default: kube.Container("default") {
image: cfg.image,
@ -31,8 +28,9 @@ local kube = import "../../kube/kube.libsonnet";
ports_: {
http: { containerPort: 8000 },
},
volumeMounts_: {
config: { mountPath: '/app/webapp/config.py', subPath: 'config.py' },
env_: {
LDAPWEB_ADMIN_GROUPS: 'ldap-admin,staff,zarzad',
LDAPWEB_ACTIVE_GROUPS: 'fatty,starving,potato',
}
},
},
@ -67,101 +65,4 @@ local kube = import "../../kube/kube.libsonnet";
],
},
},
configmap: top.ns.Contain(kube.ConfigMap(cfg.name + "-config")) {
data: {
"config.py": |||
import flask_wtf
import wtforms
import secrets
secret_key = secrets.token_hex(32)
ldap_url = 'ldap://ldap.hackerspace.pl'
dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
ldap_base = 'dc=hackerspace,dc=pl'
ldap_people = 'ou=People,dc=hackerspace,dc=pl'
admin_groups = {
'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
}
admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
admin_pw = 'unused'
hackerspace_name = 'Warsaw Hackerspace'
readable_names = {
'commonname': u'Common Name',
'givenname': u'Given Name',
'gecos': u'GECOS (public name)',
'surname': u'Surname',
'loginshell': u'Shell',
'telephonenumber': 'Phone Number',
'mobiletelephonenumber': 'Mobile Number',
'sshpublickey': 'SSH Public Key',
'mifareidhash': 'MIFARE ID Hash',
}
full_name = {
'cn': 'commonname',
'gecos': 'gecos',
'sn': 'surname',
'mobile': 'mobiletelephonenumber',
'l': 'locality',
}
can_add = set([
'telephonenumber',
'mobiletelephonenumber',
'sshpublickey',
'mifareidhash',
])
can_delete = can_add
can_modify = can_add | set([
'givenname', 'surname', 'commonname', 'gecos',
])
can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
admin_required = set()
perm_errors = {
'add': 'You cannot add this attribute!',
'mod': 'You cannot change this attribute!',
'del': 'You cannot delete this attribute!',
}
std_templates = {
'add': 'ops/add.html',
'mod': 'ops/mod.html',
'del': 'ops/del.html',
}
default_field = (wtforms.fields.StringField, {})
fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
kadmin_passwd = True
kadmin_principal_map = "{}@HACKERSPACE.PL"
TOKEN_LENGTH = 32
|||,
},
},
admins: top.ns.Contain(kube.RoleBinding("admins")) {
roleRef: {
apiGroup: "rbac.authorization.k8s.io",
kind: "ClusterRole",
name: "system:admin-namespace",
},
subjects: [
kube.User("radex@hackerspace.pl"),
],
},
}