Add support for bootstrapping users

djjudas21 · Apr 1, 2024 · c21d571 · c21d571
1 parent b7c87fe
commit c21d571
Show file tree

Hide file tree

Showing 5 changed files with 118 additions and 3 deletions.
diff --git a/charts/lldap/Chart.yaml b/charts/lldap/Chart.yaml
@@ -8,7 +8,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.3
+version: 0.3.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
@@ -45,4 +45,4 @@ maintainers:
 annotations:
   artifacthub.io/changes: |-
     - kind: changed
-      description: Fix bugs in chart
+      description: Add support for bootstrapping users
diff --git a/charts/lldap/templates/bootstrap-groups.yaml b/charts/lldap/templates/bootstrap-groups.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.bootstrap.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "lldap.fullname" . }}-groups
+data:
+  groups.json: |-
+    {{- range .Values.bootstrap.groups }}
+    {
+      "name": {{ . | quote }}
+    }
+    {{- end }}
+{{- end }}
diff --git a/charts/lldap/templates/bootstrap-job.yaml b/charts/lldap/templates/bootstrap-job.yaml
@@ -0,0 +1,47 @@
+{{- if .Values.bootstrap.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "lldap.fullname" . }}-bootstrap
+  # Next annotations are required if the job managed by Argo CD,
+  # so Argo CD can relaunch the job on every app sync action
+  annotations: 
+    argocd.argoproj.io/hook: PostSync
+    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
+spec:
+  template:
+    spec:
+      restartPolicy: OnFailure
+      containers:
+        - name: bootstrap
+          image: "{{ .Values.image.repository }}:2024-04-01"
+          command:
+            - ./bootstrap.sh
+          env:
+            - name: LLDAP_URL
+              value: "http://{{ include "lldap.fullname" . }}-http:{{ .Values.service.http.port }}"
+            - name: LLDAP_ADMIN_USERNAME
+              value: "{{ .Values.lldap.ldapUserDN }}"
+            - name: LLDAP_ADMIN_PASSWORD
+              valueFrom: 
+                secretKeyRef: 
+                  name: {{ include "lldap.fullname" . }}-credentials
+                  key: ldapUserPass
+            - name: DO_CLEANUP
+              value: "{{ .Values.bootstrap.cleanup }}"
+          volumeMounts:
+            - name: user-configs
+              mountPath: /user-configs
+              readOnly: true
+            - name: group-configs
+              mountPath: /group-configs
+              readOnly: true
+
+      volumes:
+        - name: user-configs
+          configMap:
+            name: {{ include "lldap.fullname" . }}-users
+        - name: group-configs
+          configMap:
+            name: {{ include "lldap.fullname" . }}-groups
+{{- end }}
diff --git a/charts/lldap/templates/bootstrap-users.yaml b/charts/lldap/templates/bootstrap-users.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.bootstrap.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "lldap.fullname" . }}-users
+data:
+  {{ .Values.lldap.ldapUserDN }}.json: |-
+    {
+      "id": {{ .Values.lldap.ldapUserDN | quote }},
+      "password": {{ .Values.lldap.ldapUserPass | quote }},
+      "displayName": "Administrator",
+      "groups": ["lldap_admin"]
+    }
+  {{- range .Values.bootstrap.users }}
+  {{ .id }}.json: |-
+    {
+      "id": "{{ .id }}",
+      "email": "{{ .email }}",
+      "password": "{{ .password }}",
+      "displayName": "{{ .displayName }}",
+      "firstName": "{{ .firstName }}",
+      "lastName": "{{ .lastName }}",
+      "avatar_file": "{{ .avatar_file }}",
+      "avatar_url": "{{ .avatar_url }}",
+      "gravatar_avatar": "{{ .gravatar_avatar }}",
+      "weserv_avatar": "{{ .weserv_avatar }}",
+      "groups": {{ .groups | toJson }}
+    }
+  {{- end }}
+{{- end }}
diff --git a/charts/lldap/values.yaml b/charts/lldap/values.yaml
@@ -222,4 +222,29 @@ mariadb:
     persistence:
       enabled: false
       size: 1Gi
-      # storageClass: ""
+      # storageClass: ""
+
+# Bootstrap (i.e. create) users and groups automatically
+# It is safe to run the bootstrap multiple times, however the one-shot
+# Kubernetes job will be created on the first deployment, and the job
+# will not be executed on subsequent deployments unless the job is deleted.
+bootstrap:
+  enabled: false
+  # Remove redundant users and groups which are not in the config below
+  cleanup: false
+  groups:
+    - group1
+    - group2
+  users:
+    - id: "username"
+      email: "[email protected]"
+      password: "changeme"
+      displayName: "Display Name"
+      firstName: "First"
+      lastName: "Last"
+      avatar_url: "https://i.imgur.com/nbCxk3z.jpg"
+      gravatar_avatar: "false"
+      weserv_avatar: "false"
+      groups:
+        - group1
+        - group2