sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 00:11:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(univention-management-stack): Use global secrets to set store-dav related passwords

Browse Source
This commit is contained in:
Johannes Bornhold
2023-09-04 12:04:14 +02:00
parent 4835a2beec
commit 90019e3ef6
4 changed files with 8 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
View File

@@ -7,10 +7,8 @@ portalListener:
adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
environment: "staging"
debugLevel: "4"
# TODO: using this in server without the pending slash, fix
# ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/"
assetsRoot: "http://portal-listener:univention@ums-store-dav/portal-assets/"
ucsInternalUrl: "http://portal-listener:univention@ums-store-dav/portal-data/"
assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
ucsInternalUrl: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-data/"
umcGetUrl: "http://ums-umc-server/get"
umcSessionUrl: "http://ums-umc-server/get/session-info"

2
helmfile/apps/univention-management-stack/values-portal-server.gotmpl
View File

@@ -9,7 +9,7 @@ portalServer:
environment: "staging"
editable: "true"
logLevel: "DEBUG"
ucsInternalUrl: "http://portal-server:univention@ums-store-dav/portal-data"
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
umcGetUrl: "http://ums-umc-server/get"
umcSessionUrl: "http://ums-umc-server/get/session-info"

6
helmfile/apps/univention-management-stack/values-store-dav.gotmpl
View File

@@ -6,10 +6,8 @@ SPDX-License-Identifier: Apache-2.0
storeDav:
auth:
basicAuth:
# TODO: Secrets management
portal-server: "univention"
portal-listener: "univention"
portal-listener: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}"
portal-server: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}"
image:
registry: "{{ .Values.global.imageRegistry }}"
repository: "{{ .Values.images.umsStoreDav.repository }}"

8
helmfile/environments/default/secrets.gotmpl
View File

@@ -26,11 +26,9 @@ secrets:
univentionManagementStack:
# TODO: Use "derivePassword"
ldapSecret: "univention"
# TODO: Use "derivePassword" and leave processing to the Helm chart
# Example, password set to "univention"
storeDavAuthHtpasswd: |
portal-server:$apr1$yruGWANI$75Soiqs3hEmezu.g/r3VW/
portal-listener:$apr1$6kadQ4Ji$hHriD5fpBJyf00SIy.NG41
storeDavUsers:
portalServer: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum) }}
portalListener: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum) }}
postgresql:
postgresUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum) }}
keycloakUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum) }}