fix(univention-management-stack): Use global secrets to set store-dav related passwords

2025-12-08 16:28:36 +01:00 · 2023-09-04 12:04:14 +02:00
parent 4835a2beec
commit 90019e3ef6
4 changed files with 8 additions and 14 deletions
--- a/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.gotmpl
@@ -7,10 +7,8 @@ portalListener:
  adminGroup: "cn=Domain Admins,cn=groups,dc=univention-organization,dc=intranet"
  environment: "staging"
  debugLevel: "4"
-  # TODO: using this in server without the pending slash, fix
+  assetsRoot: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-assets/"
-  # ucsInternalUrl: "http://portal-listener:univention@store-dav/portal-data/"
+  ucsInternalUrl: "http://portal-listener:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}@ums-store-dav/portal-data/"
  assetsRoot: "http://portal-listener:univention@ums-store-dav/portal-assets/"
  ucsInternalUrl: "http://portal-listener:univention@ums-store-dav/portal-data/"
  umcGetUrl: "http://ums-umc-server/get"
  umcSessionUrl: "http://ums-umc-server/get/session-info"
--- a/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-server.gotmpl
@@ -9,7 +9,7 @@ portalServer:
  environment: "staging"
  editable: "true"
  logLevel: "DEBUG"
-  ucsInternalUrl: "http://portal-server:univention@ums-store-dav/portal-data"
+  ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
  umcGetUrl: "http://ums-umc-server/get"
  umcSessionUrl: "http://ums-umc-server/get/session-info"
--- a/helmfile/apps/univention-management-stack/values-store-dav.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-store-dav.gotmpl
@@ -6,10 +6,8 @@ SPDX-License-Identifier: Apache-2.0
 storeDav:
  auth:
    basicAuth:
-      # TODO: Secrets management
+      portal-listener: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalListener }}"
-      portal-server: "univention"
+      portal-server: "{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}"
      portal-listener: "univention"
 image:
  registry: "{{ .Values.global.imageRegistry }}"
  repository: "{{ .Values.images.umsStoreDav.repository }}"
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -26,11 +26,9 @@ secrets:
  univentionManagementStack:
    # TODO: Use "derivePassword"
    ldapSecret: "univention"
-    # TODO: Use "derivePassword" and leave processing to the Helm chart
+    storeDavUsers:
-    # Example, password set to "univention"
+      portalServer: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum) }}
-    storeDavAuthHtpasswd: |
+      portalListener: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum) }}
      portal-server:$apr1$yruGWANI$75Soiqs3hEmezu.g/r3VW/
      portal-listener:$apr1$6kadQ4Ji$hHriD5fpBJyf00SIy.NG41
  postgresql:
    postgresUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum) }}
    keycloakUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum) }}