From 1c35ca67ce0673e1b2f9a350bd07c82c22a05354 Mon Sep 17 00:00:00 2001
From: Johannes Bornhold <johannes.bornhold.extern@univention.de>
Date: Tue, 28 Nov 2023 18:55:04 +0100
Subject: [PATCH] fix(univention-management-stack): Quote all composed strings

---
 .../values-common.gotmpl                           |  2 +-
 .../values-portal-listener.gotmpl                  | 10 +++++-----
 .../values-portal-server.gotmpl                    |  4 ++--
 .../values-stack-data-swp.gotmpl                   | 14 +++++++-------
 .../values-stack-data-ums.gotmpl                   | 12 +++++-------
 .../values-ums-stack-gateway.gotmpl                |  4 ++--
 6 files changed, 22 insertions(+), 24 deletions(-)

diff --git a/helmfile/apps/univention-management-stack/values-common.gotmpl b/helmfile/apps/univention-management-stack/values-common.gotmpl
index 652b07c0..7483f350 100644
--- a/helmfile/apps/univention-management-stack/values-common.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-common.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 ingress:
-  host: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  host: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
 
 ...
diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
index 4f77b688..c4bb6e8e 100644
--- a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
@@ -4,17 +4,17 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalListener:
-  adminGroup: "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
-  assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
-  ucsInternalUrl: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-data/"
+  adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }}
+  assetsRoot: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-assets/" | quote }}
+  ucsInternalUrl: {{ printf "%s%s%s" "http://portal-listener:" .Values.secrets.univentionManagementStack.storeDavUsers.portalListener "@ums-store-dav/portal-data/" | quote }}
 
   ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
   ldapHost: {{ .Values.ldap.host | quote }}
-  ldapHostDn: "cn=admin,{{ .Values.ldap.baseDn }}"
+  ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
   ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
   machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
   notifierServer: {{ .Values.ldap.notifierHost | quote }}
-  portalDefaultDn: "cn=domain,cn=portal,cn=portals,cn=univention,{{ .Values.ldap.baseDn }}"
+  portalDefaultDn: {{ printf "%s,%s" "cn=domain,cn=portal,cn=portals,cn=univention" .Values.ldap.baseDn | quote }}
   udmApiUrl: "http://ums-udm-rest-api/udm/"
   udmApiUsername: "cn=admin"
 
diff --git a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
index e03c89b6..6f5f305f 100644
--- a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
@@ -4,8 +4,8 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 portalServer:
-  adminGroup: "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
-  ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
+  adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }}
+  ucsInternalUrl: {{ printf "%s%s%s" "http://portal-server:" .Values.secrets.univentionManagementStack.storeDavUsers.portalServer "@ums-store-dav/portal-data" | quote }}
   centralNavigation:
     authenticatorSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
 
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
index b3417ebe..9a376c2e 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.gotmpl
@@ -11,18 +11,18 @@ stackDataContext:
     {{- range $username, $password := .Values.secrets.univentionCorporateServer.ldapSearch }}
     - username: {{ printf "ldapsearch_%s" $username | quote }}
       password: {{ $password | quote }}
-      lastname: {{ "LDAP-Search-User" }}
+      lastname: "LDAP-Search-User"
     {{- end }}
 
   externalDomainName: {{ .Values.global.domain | quote }}
   externalMailDomain: {{ .Values.global.domain | quote }}
 
-  portalGroupwareLinkBase: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
-  portalFileshareLinkBase: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
-  portalRealtimeCollaborationLinkBase: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
-  portalRealtimeVideoconferenceLinkBase: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}"
-  portalManagementProjectLinkBase: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
-  portalManagementKnowledgeLinkBase: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
+  portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.istio.domain | quote }}
+  portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
+  portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain | quote }}
+  portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain | quote }}
+  portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain | quote }}
+  portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain | quote }}
 
   smtpHost: {{ .Values.smtp.host | quote }}
   smtpPort: {{ .Values.smtp.port | quote }}
diff --git a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
index 29f9f6db..bfea9ed1 100644
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.gotmpl
@@ -12,14 +12,12 @@ stackDataContext:
   hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
   ldapHost: {{ .Values.ldap.host | quote }}
   ldapBase: {{ .Values.ldap.baseDn | quote }}
-  # TODO: This should not be required, the machine account is not there
-  # ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
-  ldapHostDn: "cn=admin,{{ .Values.ldap.baseDn }}"
+  ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
 
-  idpSamlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
-  umcSamlSpFqdn: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
-  idpFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
-  ldapSamlSpUrls: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
+  idpSamlMetadataUrl: {{ printf "https://%s.%s%s" .Values.global.hosts.keycloak .Values.global.domain "/realms/souvap/protocol/saml/descriptor" | quote }}
+  umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
+  idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
+  ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
 
   initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }}
 
diff --git a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl
index 9ac6581d..c9be1c28 100644
--- a/helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-ums-stack-gateway.gotmpl
@@ -4,9 +4,9 @@
 
 ingress:
   enabled: {{ .Values.ingress.enabled }}
-  hostname: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  hostname: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
   ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
   extraTls:
     - hosts:
-        - "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+        - {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
       secretName: {{ .Values.ingress.tls.secretName | quote }}