test new config

dBildungsplattform · Sep 27, 2024 · ea0d48e · ea0d48e
1 parent 1adc952
commit ea0d48e
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 45 deletions.
diff --git a/.github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml b/.github/workflows/image-and-helm-publish-check-deploy-on-push-scheduled.yml
@@ -77,7 +77,7 @@ jobs:
       - branch_meta
       - create_branch_identifier
       - wait_for_helm_chart_to_get_published
-    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@5 
+    uses: dBildungsplattform/spsh-app-deploy/.github/workflows/deploy.yml@SPSH-1044
     with:
       dbildungs_iam_server_branch: ${{ needs.branch_meta.outputs.ticket }}
       schulportal_client_branch: ${{ needs.branch_meta.outputs.ticket }}

diff --git a/charts/dbildungs-iam-ldap/templates/configmap-config-script.yaml b/charts/dbildungs-iam-ldap/templates/configmap-config-script.yaml
@@ -21,29 +21,46 @@ data:
     ldapmodify -Y EXTERNAL -H ldapi:/// -f /ldap-configuration/modify/modify.ldif
     # no sure why this sleep is needed again - but it is
     sleep 10
-    # /bin/bash /script/02.sh
-    # ldapapply -Y EXTERNAL -H ldapi:/// -f /script/ucsmail.ldif
+
+    # Loading Schemas
+    if ! (ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=schema,cn=config" "(cn=*ucsMail)"); then
+      ldapadd -Y EXTERNAL -H ldapi:/// -f /opt/bitnami/openldap/etc/schema/ucsmail.ldif
+    else
+      echo "Entry for ucsMail Schema already exists. Nothing to add."
+    fi
+
+    # Adding Config Users
+    /bin/bash /script/02.sh /ldap-configuration/apply/apply.ldif true
+    # Adding other Configs
+    # /bin/bash /script/02.sh /ldap-configuration/extra/apply.ldif false
+    # /bin/bash /script/02.sh /ldap-configuration/extra/modify.ldif true
+
+    
 
 
   # this script is needed so that Helm Chart is stable if persistence is enabled
   # it applies changes if they are new, but modifies them if they already exist
   02.sh: |  
-    LDIF_FILE="/ldap-configuration/apply/apply.ldif"
+    LDIF_FILE="$1"
+    OVERWRITE="${2:-false}"
 
-    # Function to process each entry
     process_entry() {
       local entry_dn="$1"
       local entry_ldif="$2"
 
       # Check if entry exists
-      ldapsearch -Y External -H ldapi:/// -b "$entry_dn" -s base -LLL dn > /dev/null 2>&1
+      ldapsearch -Y EXTERNAL -H ldapi:/// -b "$entry_dn" -s base -LLL dn > /dev/null 2>&1
 
       if [ $? -eq 0 ]; then
-        echo "Entry already exists: $entry_dn, updating entry by running ldapmodify"
-        echo "$entry_ldif" | sed 's/^dn: .*/changetype: modify/' | ldapmodify -Y External -H ldapi:/// 
+        if [ "$OVERWRITE" = true ]; then
+          echo "Entry already exists: $entry_dn, updating entry by running ldapmodify"
+          echo "$entry_ldif" | sed 's/^dn: .*/changetype: modify/' | ldapmodify -Y EXTERNAL -H ldapi:/// 
+        else
+          echo "Entry already exists: $entry_dn, skipping ldapmodify"
+        fi
       else
         echo "Entry does not exist, adding entry: $entry_dn"
-        echo "$entry_ldif" | ldapadd -Y External -H ldapi:/// 
+        echo "$entry_ldif" | ldapadd -Y EXTERNAL -H ldapi:/// 
       fi
     }
 

diff --git a/charts/dbildungs-iam-ldap/templates/configmap-customfiles.yaml b/charts/dbildungs-iam-ldap/templates/configmap-customfiles.yaml
diff --git a/charts/dbildungs-iam-ldap/templates/configmap-customschema.yaml b/charts/dbildungs-iam-ldap/templates/configmap-customschema.yaml
@@ -1,6 +1,6 @@
 #
 # A ConfigMap spec for openldap slapd that map directly to files under
-# /opt/bitnami/openldap/etc/schema/custom
+# /opt/bitnami/openldap/etc/schema/
 #
 {{- if .Values.customSchemaFiles }}
 apiVersion: v1

diff --git a/charts/dbildungs-iam-ldap/templates/configmap-extraldif.yaml b/charts/dbildungs-iam-ldap/templates/configmap-extraldif.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "openldap.fullname" $ }}-extraldif
+  labels:
+    app: {{ template "openldap.name" $ }}
+    chart: {{ template "openldap.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+{{- if $.Values.extraLabels }}
+{{ toYaml $.Values.extraLabels | indent 4 }}
+{{- end }}
+data:
+  apply.ldif: |-
+    dn: cn=lehrer,dc=schule-sh,dc=de
+    cn: lehrer
+    objectclass: groupOfUniqueNames
+    objectclass: top
+
+    dn: cn=schueler,dc=schule-sh,dc=de
+    cn: schueler
+    objectclass: groupOfUniqueNames
+    objectclass: top
+
+    dn: ou=oeffentlicheSchulen,dc=schule-sh,dc=de
+    objectclass: organizationalUnit
+    objectclass: top
+    ou: oeffentlicheSchulen
+
+    dn: cn=mmusterschueler,ou=oeffentlicheSchulen,dc=schule-sh,dc=de
+    uid: mmusterschueler
+    cn: mmusterschueler
+    givenname: Moritz
+    objectclass: inetOrgPerson
+    objectclass: univentionMail
+    mailPrimaryAddress: [email protected]
+    mailAlternativeAddress: [email protected]
+    objectclass: top
+    sn: Muster-Schueler
+
+    dn: cn=ssuperadmin,ou=oeffentlicheSchulen,dc=schule-sh,dc=de
+    uid: ssuperadmin
+    cn: ssuperadmin
+    givenname: Susi
+    objectclass: inetOrgPerson
+    objectclass: univentionMail
+    mailPrimaryAddress: [email protected]
+    mailAlternativeAddress: [email protected]
+    objectclass: top
+    sn: Superadmin
+
+  modify.ldif: |-
+    # Group members
+    dn: cn=lehrer,dc=schule-sh,dc=de
+    add: uniquemember
+    uniquemember: cn=ssuperadmin,ou=oeffentlicheSchulen,dc=schule-sh,dc=de
+
+    dn: cn=schueler,dc=schule-sh,dc=de
+    add: uniquemember
+    uniquemember: cn=mmusterschueler,ou=oeffentlicheSchulen,dc=schule-sh,dc=de
diff --git a/charts/dbildungs-iam-ldap/templates/statefulset.yaml b/charts/dbildungs-iam-ldap/templates/statefulset.yaml
@@ -65,7 +65,6 @@ spec:
               fi
               cp /tmp-init-scripts/01.sh /script/01.sh &&
               cp /tmp-init-scripts/02.sh /script/02.sh &&
-              # cp /tmp-init-scripts/ucsmail.ldif /opt/bitnami/openldap/etc/schema/ucsmail.ldif
               chmod +x /script/01.sh
               chmod +x /script/02.sh
             {{- if .Values.global.existingSecret }}
@@ -87,6 +86,8 @@ spec:
               mountPath: /ldap-configuration/apply/
             - name: ldap-configuration-modify
               mountPath: /ldap-configuration/modify/
+            - name: ldap-configuration-extra
+              mountPath: /ldap-configuration/extra/
     {{- if .Values.customSchemaFiles }}
       {{- range $file := (include "openldap.customSchemaFiles" . | split ",") }}
             - name: cm-custom-schema-files
@@ -264,6 +265,8 @@ spec:
               mountPath: /ldap-configuration/apply
             - name: ldap-configuration-modify
               mountPath: /ldap-configuration/modify
+            - name: ldap-configuration-extra
+              mountPath: /ldap-configuration/extra
             - name: certs
               mountPath: /opt/bitnami/openldap/certs
             {{- range $file := (include "openldap.builtinSchemaFiles" . | split ",") }}
@@ -282,14 +285,6 @@ spec:
             - name: custom-ldif-files
               mountPath: /ldifs/
 {{- end }}
-{{- range .Values.customFileSets }}
-{{- $fs := . }}
-{{- range .files }}
-            - name: {{ $fs.name }}
-              mountPath: {{ $fs.targetPath }}/{{ .filename }}
-              subPath: {{ .filename }}
-{{- end }}
-{{- end }}
 {{- if .Values.extraVolumeMounts }}
 {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }}
 {{- end }}
@@ -317,6 +312,10 @@ spec:
           secret:
             # could make the secret name variable
             secretName: dbildungs-iam-ldap-config-modify
+        - name: ldap-configuration-extra
+          configMap:
+            # could make the secret name variable
+            name: {{ template "openldap.fullname" $ }}-extraldif
         - name: cm-replication
           configMap:
             name: {{ template "openldap.fullname" . }}-replication
@@ -358,11 +357,6 @@ spec:
         - name: secret-certs
           emptyDir:
             medium: Memory
-{{- end }}
-{{- range .Values.customFileSets }}
-        - name: {{ .name }}
-          configMap:
-            name: {{ template "openldap.fullname" $ }}-fs-{{ .name }}
 {{- end }}
         {{- if .Values.extraVolumes }}
         {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }}

diff --git a/charts/dbildungs-iam-ldap/values.yaml b/charts/dbildungs-iam-ldap/values.yaml
@@ -110,12 +110,14 @@ customSchemaFiles:
     olcObjectClasses: ( 1.3.6.1.4.1.10176.1010.2.1 NAME 'univentionMail' DESC 'Univention Mail Preferences' SUP top AUXILIARY MUST uid MAY ( univentionMailHomeServer $ mailPrimaryAddress $ mailAlternativeAddress $ mailGlobalSpamFolder $ univentionMailUserQuota $ mailForwardAddress $ mailForwardCopyToSelf ) )
 #   anothercustom.ldif: |-
 #     # another custom schema
+#     # adjust the configuration script configmap-config-script to make sure schema is always loaded 
 
 
 # Custom openldap configuration files used to override default settings
 # can not get loaded if TLS is required ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required
 # DO NOT FORGET to put the Root Organisation object as it won't be created while using customLdifFiles
-# Files that chage the general config or create ACL are not allowed here, insufficient permissions, they get hendled via the dbildungs-iam-ldap-configuration secret
+# Files that change the general config or create ACL are not allowed here, insufficient permissions, they get hendled via the dbildungs-iam-ldap-configuration secret
+# Only considered once in the initial setup
 customLdifFiles:
   00-root.ldif: |-
     dn: dc=schule-sh,dc=de