matthew/helm-chart
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5bb91510df
helm-chart/templates/gitea/init.yaml

131 lines
4.5 KiB
YAML
Raw Normal View History

Move all password related data to secrets (#28) Bump Chart version Move all password related data to secrets Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/28 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-25 08:37:55 -05:00
apiVersion: v1
kind: Secret
metadata:
name: {{ include "gitea.fullname" . }}-init
labels:
{{- include "gitea.labels" . | nindent 4 }}
type: Opaque
stringData:
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
init_directory_structure.sh: |-
#!/usr/bin/env bash
set -euo pipefail
enhancements to support postgres client-cert authentication (#47) This PR adds a few new chart features which adds to the flexibility of the chart. - allow extra volumes to be mounted (such as secrets): 2f862c5a48 - pass environment variables also to the init-container: 7044049478 - allow a preparation script to be "injected" into the init-container: 6125a69345 As a concrete example of how this can be used, I use is to configure Gitea to use client certificate authentication against an external Postgres database. That could be accomplished by having a `gitea-postgres-ssl` secret: ``` apiVersion: v1 kind: Secret type: Opaque metadata: name: gitea-postgres-ssl data: postgresql.crt: <base64...> postgresql.key: <base64...> root.crt: <base64...> ``` and then mounting this as a volume in Gitea using: ``` extraVolumes: - name: postgres-ssl-vol secret: secretName: gitea-postgres-ssl extraVolumeMounts: - name: postgres-ssl-vol readOnly: true mountPath: "/pg-ssl" ``` To get the right permissions on the credentials, we'd use the `initPreScript`: ``` initPreScript: | # copy postgres client and CA cert from mount and # give proper permissions mkdir -p /data/git/.postgresql cp /pg-ssl/* /data/git/.postgresql/ chown -R git:git /data/git/.postgresql/ chmod 400 /data/git/.postgresql/postgresql.key ``` and to make sure that Gitea uses the certificate we need to pass the proper postgres environment variables (both to the init container and the "main" container): ``` statefulset: env: - name: "PGSSLCERT" value: "/data/git/.postgresql/postgresql.crt" - name: "PGSSLKEY" value: "/data/git/.postgresql/postgresql.key" - name: "PGSSLROOTCERT" value: "/data/git/.postgresql/root.crt" ``` Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/47 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: petergardfjall <petergardfjall@noreply.gitea.io> Co-committed-by: petergardfjall <petergardfjall@noreply.gitea.io>
2021-01-20 05:28:39 -06:00
{{- if .Values.initPreScript }}
# BEGIN: initPreScript
{{- with .Values.initPreScript -}}
{{ . | nindent 4}}
{{- end -}}
# END: initPreScript
{{- end }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
set -x
Add check on chown in init container (#165) The chown in the init container will fail in the rootles image. Checking if the image is rootless or not will prevent this error noise. Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/165 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-06-09 06:42:49 -05:00
{{- if not .Values.image.rootless }}
Fix permissions on external mounts (#144) Co-authored-by: luhahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/144 Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-04-19 07:30:02 -05:00
chown 1000:1000 /data
Add check on chown in init container (#165) The chown in the init container will fail in the rootles image. Checking if the image is rootless or not will prevent this error noise. Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/165 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-06-09 06:42:49 -05:00
{{- end }}
Move all password related data to secrets (#28) Bump Chart version Move all password related data to secrets Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/28 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-25 08:37:55 -05:00
mkdir -p /data/git/.ssh
chmod -R 700 /data/git/.ssh
fix: Only create conf directoy if not exists (#211) Only create conf directory if not yet exists fixes #210 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/211 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: Michael Kriese <michael.kriese@visualon.de> Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2021-08-15 07:43:51 -05:00
[ ! -d /data/gitea ] && mkdir -p /data/gitea/conf
gitea-1.14.x-updates (#148) This PR includes the changes from: - https://gitea.com/gitea/helm-chart/pulls/129 - https://gitea.com/gitea/helm-chart/pulls/140 In addition it adds the possibility to include secrets via environment variables as mentioned in #60 Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com> Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io> Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-04-29 04:12:48 -05:00
Fix regression for creating repositories in root-based containers (#172) Due to #160 it was no longer possible to create repositories in root-based containers. This was caused by the missing `/tmp/gitea` directory in that image. It was dynamically created by Gitea internal functionality with less privileges than necessary. Explicitly creating the directory and set proper permissions fix this. Fixes: #171 Co-authored-by: JustusBunsi <sk.bunsenbrenner@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/172 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: 6543 <6543@obermui.de> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-09 09:35:50 -05:00
# prepare temp directory structure
mkdir -p "${GITEA_TEMP}"
chown 1000:1000 "${GITEA_TEMP}"
chmod ug+rwx "${GITEA_TEMP}"
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
configure_gitea.sh: |-
#!/usr/bin/env bash
set -euo pipefail
Make the chart work with a sqlite3 database (#124) There are currently 2 issues that prevent using this chart to deploy gitea with a SQLite3 database. 1) The value from *gitea.config.database.HOST* is used to set *db.servicename* when all the databases under *gitea.database.buildIn* are not enabled. This causes a type error during the template processing: `Error: UPGRADE FAILED: template: gitea/templates/gitea/init.yaml:24:20: executing "gitea/templates/gitea/init.yaml" at <include "db.servicename" .>: error calling include: template: gitea/templates/_helpers.tpl:64:31: executing "db.servicename" at <.Values.gitea.config.database.HOST>: wrong type for value; expected string; got interface {}` 2) In *init_gitea.sh*, we use the value *db.servicename* and *db.port* to ping the database. If this database responds to ping, we proceed with the init. The problem here is that *db.port* is not set when all the databases under *gitea.database.buildIn* are disabled. In turn, this raises an error from busybox's *nc*, because no parameter is passed for *PORT*. This causes the init container to go in *CrashLoopBackOff* forever. The simple fix that is proposed in this PR is to check wether or not *.Values.gitea.config.database.DB_TYPE* is set to determine the value *db.servicename*. If *DB_TYPE* is *'sqlite3'*, leave *db.servicename* empty and use that to bypass the database ping. Co-authored-by: Baptiste Covolato <b.covolato@gmail.com> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/124 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: lafriks <lafriks@noreply.gitea.io> Reviewed-by: luhahn <luhahn@noreply.gitea.io> Co-authored-by: Nakrez <nakrez@noreply.gitea.io> Co-committed-by: Nakrez <nakrez@noreply.gitea.io>
2021-03-04 02:43:52 -06:00
{{- if include "db.servicename" . }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
# Connection retry inspired by https://gist.github.com/dublx/e99ea94858c07d2ca6de
function test_db_connection() {
local RETRY=0
local MAX=30
echo 'Wait for database to become avialable...'
until [ "${RETRY}" -ge "${MAX}" ]; do
nc -vz -w2 {{ include "db.servicename" . }} {{ include "db.port" . }} && break
RETRY=$[${RETRY}+1]
echo "...not ready yet (${RETRY}/${MAX})"
done
if [ "${RETRY}" -ge "${MAX}" ]; then
echo "Database not reachable after '${MAX}' attempts!"
exit 1
fi
}
test_db_connection
gitea-1.14.x-updates (#148) This PR includes the changes from: - https://gitea.com/gitea/helm-chart/pulls/129 - https://gitea.com/gitea/helm-chart/pulls/140 In addition it adds the possibility to include secrets via environment variables as mentioned in #60 Co-authored-by: Hans Kristian Flaatten <hans.flaatten@evry.com> Co-authored-by: flavio.prado <flavio.prado@noreply.gitea.io> Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/148 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-04-29 04:12:48 -05:00
{{- end }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
echo '==== BEGIN GITEA CONFIGURATION ===='
gitea migrate
Fix admin + ldap configuration (#183) This fixes several flaws introduced by commits for #169 (see c49dc047a498973920e6743fa6c330fd2f81dd47). - Respect kebab-case ldap bind inline definition - Prevent camelCase ldap bind inline definition from being overridden by empty string - Create admin account when `existingSecret` is used Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/183 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: luhahn <luhahn@noreply.gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-21 08:28:18 -05:00
{{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
function configure_admin_user() {
local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}")
if [[ -z "${ACCOUNT_ID}" ]]; then
echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..."
gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false
echo '...created.'
else
echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..."
gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}"
echo '...password sync done.'
fi
}
configure_admin_user
Move all password related data to secrets (#28) Bump Chart version Move all password related data to secrets Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/28 Reviewed-by: techknowlogick <techknowlogick@gitea.io> Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-25 08:37:55 -05:00
{{- end }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
function configure_ldap() {
Add multiple LDAP sources (#222) Add multiple add sources. Instead of a single entry for ldap configuration we now would have a dictionary for ldap config. This would be a breaking change for those working with the ldap config. fixes: #190 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: pat-s <pat-s@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 07:16:24 -05:00
{{- if .Values.gitea.ldap }}
{{- range $idx, $value := .Values.gitea.ldap }}
local LDAP_NAME={{ (printf "%s" $value.name) | squote }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${GITEA_AUTH_ID}" ]]; then
echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..."
Add multiple LDAP sources (#222) Add multiple add sources. Instead of a single entry for ldap configuration we now would have a dictionary for ldap config. This would be a breaking change for those working with the ldap config. fixes: #190 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: pat-s <pat-s@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 07:16:24 -05:00
gitea admin auth add-ldap {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
echo '...installed.'
else
echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..."
Add multiple LDAP sources (#222) Add multiple add sources. Instead of a single entry for ldap configuration we now would have a dictionary for ldap config. This would be a breaking change for those working with the ldap config. fixes: #190 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: pat-s <pat-s@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 07:16:24 -05:00
gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
echo '...sync settings done.'
fi
Add multiple LDAP sources (#222) Add multiple add sources. Instead of a single entry for ldap configuration we now would have a dictionary for ldap config. This would be a breaking change for those working with the ldap config. fixes: #190 Co-authored-by: Lucas Hahn <lucas.hahn@novum-rgi.de> Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/222 Reviewed-by: Andrew Thornton <art27@cantab.net> Reviewed-by: pat-s <pat-s@noreply.gitea.io> Reviewed-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-authored-by: luhahn <luhahn@noreply.gitea.io> Co-committed-by: luhahn <luhahn@noreply.gitea.io>
2021-10-08 07:16:24 -05:00
{{- end }}
{{- else }}
echo 'no ldap configuration... skipping.'
{{- end }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
}
configure_ldap
function configure_oauth() {
Rework OAuth sources (#244) This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 08:43:55 -06:00
{{- if .Values.gitea.oauth }}
{{- range $idx, $value := .Values.gitea.oauth }}
local OAUTH_NAME={{ (printf "%s" $value.name) | squote }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}")
if [[ -z "${AUTH_ID}" ]]; then
echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..."
Rework OAuth sources (#244) This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 08:43:55 -06:00
gitea admin auth add-oauth {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
echo '...installed.'
else
echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..."
Rework OAuth sources (#244) This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 08:43:55 -06:00
gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
echo '...sync settings done.'
fi
Rework OAuth sources (#244) This change request includes two different things to improve OAuth source handling: - Allow multiple OAuth source configuration (Fixes: #191) - Support reading sensitive OAuth configuration data from Kubernetes secrets (Closes: #242) ⚠️ BREAKING ⚠️ --- Users need to migrate their `gitea.oauth` configuration. Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/244 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: Andrew Thornton <art27@cantab.net> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-12-20 08:43:55 -06:00
{{- end }}
{{- else }}
echo 'no oauth configuration... skipping.'
{{- end }}
Rewrite init script (#178) These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149 Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178 Reviewed-by: luhahn <luhahn@noreply.gitea.io> Reviewed-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io> Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
2021-06-29 15:09:16 -05:00
}
configure_oauth
echo '==== END GITEA CONFIGURATION ===='
Reference in New Issue Copy Permalink