From 3bac6f0b41b3d9abebe4e9365611146cfee51018 Mon Sep 17 00:00:00 2001 From: nathanmartinszup <63246935+nathanmartinszup@users.noreply.github.com> Date: Wed, 8 Dec 2021 12:59:47 -0300 Subject: [PATCH] helm:bugfix - added auth ldap env vars and fixed nindent error (#462) Signed-off-by: Nathan Martins - Added missing ldap envs in auth helm files, it only be used if the auth type is ldap, otherwise will be ignored. - Fixed error with auth extra env nindent. --- .../templates/deployments/auth.yaml | 30 ++++++++++++++++++- deployments/helm/horusec-platform/values.yaml | 22 +++++++++++++- 2 files changed, 50 insertions(+), 2 deletions(-) diff --git a/deployments/helm/horusec-platform/templates/deployments/auth.yaml b/deployments/helm/horusec-platform/templates/deployments/auth.yaml index 3394d22f0..2fce62e1e 100644 --- a/deployments/helm/horusec-platform/templates/deployments/auth.yaml +++ b/deployments/helm/horusec-platform/templates/deployments/auth.yaml @@ -106,9 +106,37 @@ spec: - name: HORUSEC_KEYCLOAK_OTP value: {{ .Values.global.keycloak.otp | quote }} {{- end }} + {{- if eq .Values.components.auth.type "ldap" }} + - name: HORUSEC_LDAP_HOST + value: {{ required "A valid global.ldap.host is required!" .Values.global.ldap.host | quote }} + - name: HORUSEC_LDAP_BASE + valueFrom: + secretKeyRef: + {{- toYaml .Values.global.ldap.base.secretKeyRef | nindent 16 }} + - name: HORUSEC_LDAP_PORT + value: {{ required "A valid global.ldap.port is required!" .Values.global.ldap.port | quote }} + - name: HORUSEC_LDAP_USESSL + value: {{ .Values.global.ldap.ssl | quote }} + - name: HORUSEC_LDAP_SKIP_TLS + value: {{ .Values.global.ldap.tls | quote }} + - name: HORUSEC_LDAP_INSECURE_SKIP_VERIFY + value: {{ .Values.global.ldap.skipVerify | quote }} + - name: HORUSEC_LDAP_BINDDN + valueFrom: + secretKeyRef: + {{- toYaml .Values.global.ldap.bindDn.secretKeyRef | nindent 16 }} + - name: HORUSEC_LDAP_BINDPASSWORD + valueFrom: + secretKeyRef: + {{- toYaml .Values.global.ldap.bindPassword.secretKeyRef | nindent 16 }} + - name: HORUSEC_LDAP_USERFILTER + value: {{ .Values.global.ldap.userFilter | quote }} + - name: HORUSEC_LDAP_ADMIN_GROUP + value: {{ .Values.global.ldap.adminGroup | quote }} + {{- end }} {{- if .Values.components.auth.extraEnv }} # Extra environment variables - {{- toYaml .Values.components.auth.extraEnv | nindent 12 }} + {{- toYaml .Values.components.auth.extraEnv | nindent 10 }} {{- end }} image: "{{ template "auth.image" . }}" imagePullPolicy: {{ .Values.components.auth.container.image.pullPolicy | quote }} diff --git a/deployments/helm/horusec-platform/values.yaml b/deployments/helm/horusec-platform/values.yaml index 59402b4eb..ed109dd83 100644 --- a/deployments/helm/horusec-platform/values.yaml +++ b/deployments/helm/horusec-platform/values.yaml @@ -403,4 +403,24 @@ global: ingress: certManager: true annotations: {} - # kubernetes.io/ingress.class: "nginx" \ No newline at end of file + # kubernetes.io/ingress.class: "nginx" + ldap: + base: + secretKeyRef: + key: base + name: ldap + host: "" + port: "" + ssl: false + tls: true + skipVerify: true + bindDn: + secretKeyRef: + key: bind-dn + name: ldap + bindPassword: + secretKeyRef: + key: bind-password + name: ldap + userFilter: "(sAMAccountName=%s)" + adminGroup: ""