From aff8edbde2150763d6a36f97b9403c8c67e51fab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorsten=20Ro=C3=9Fner?= Date: Wed, 5 Feb 2025 15:13:56 +0100 Subject: [PATCH] fix(nubus): Support for custom UDM commands --- helmfile/apps/element/values-synapse-admin.yaml.gotmpl | 4 ++-- .../apps/element/values-synapse-groupsync.yaml.gotmpl | 8 ++++---- helmfile/apps/nubus/values-nubus.yaml.gotmpl | 7 ++++++- helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl | 4 ++-- .../values-openxchange-contact-picker.yaml.gotmpl | 2 +- helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl | 4 ++-- helmfile/apps/openproject/values.yaml.gotmpl | 6 +++--- helmfile/apps/xwiki/values.yaml.gotmpl | 8 ++++---- helmfile/environments/default/images.yaml.gotmpl | 2 +- 9 files changed, 25 insertions(+), 20 deletions(-) diff --git a/helmfile/apps/element/values-synapse-admin.yaml.gotmpl b/helmfile/apps/element/values-synapse-admin.yaml.gotmpl index e5774fd6..e2fec038 100644 --- a/helmfile/apps/element/values-synapse-admin.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse-admin.yaml.gotmpl @@ -48,9 +48,9 @@ configuration: serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }} ldap: base: {{ .Values.ldap.baseDn | quote }} - bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal" + bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}" bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }} - filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal)" + filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }})" uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }} cron: image: diff --git a/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl b/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl index 178c822c..345de870 100644 --- a/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl @@ -24,21 +24,21 @@ configuration: name: "description" uid: "uid" base: {{ .Values.ldap.baseDn | quote }} - bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal" + bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}" bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }} check_interval_seconds: 60 type: mapped-ldap uri: "ldap://ums-ldap-server:389" spaces: - groups: - - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal" + - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}" powerLevel: 50 - - externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,dc=swp-ldap,dc=internal" + - externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}" id: "c3122e32-4e05-4bf8-8a5d-66679076ed36" name: "openDesk" subspaces: - groups: - - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal" + - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}" powerLevel: 50 id: "e7889d96-5baa-4e21-be6e-12c66b2e9565" name: "openDesk Element Admins" diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index 042cc015..635221e9 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -1119,7 +1119,6 @@ nubusStackDataUms: portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}" portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }} portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }} - oxDefaultContext: "1" ldapSearchUsers: {{- range $username, $password := .Values.secrets.nubus.ldapSearch }} @@ -1159,6 +1158,12 @@ nubusStackDataUms: {{- else }} deployDate: false {{- end }} + # executes a list of UDM commands as step `03-custom-initializer.yaml` of the opendesk-nubus customization + # Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader + udmCustomInitializer: [] + # executes a list of UDM commands as step `97-custom-finalizer.yaml` of the opendesk-nubus customization + # Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader + udmCustomFinalizer: [] nubusUmcServer: additionalAnnotations: diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index 360873ff..00e9a810 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -23,8 +23,8 @@ dovecot: enabled: true host: {{ .Values.ldap.host | quote }} port: 389 - base: "dc=swp-ldap,dc=internal" - dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" + base: "{{ .Values.ldap.baseDn }}" + dn: "uid=ldapsearch_dovecot,cn=users,{{ .Values.ldap.baseDn }}" password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }} oidc: enabled: true diff --git a/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl index 8bb50727..2a03857f 100644 --- a/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange-contact-picker.yaml.gotmpl @@ -25,7 +25,7 @@ appsuite: auth: type: "adminDN" adminDN: - dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" + dn: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}" password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} uiSettings: diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 29579f67..e8a3c82f 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -330,8 +330,8 @@ appsuite: /opt/open-xchange/etc/system.properties: SERVER_NAME: "oxserver" /opt/open-xchange/etc/ldapauth.properties: - java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal" - bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" + java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/{{ .Values.ldap.baseDn }}" + bindDN: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}" bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} bindOnly: "false" /opt/open-xchange/etc/antivirus.properties: diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index 30453edf..775fa8eb 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -56,8 +56,8 @@ environment: OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389" OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap" - OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal" - OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal" + OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,{{ .Values.ldap.baseDn }}" + OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "{{ .Values.ldap.baseDn }}" OPENPROJECT_SEED_LDAP_OPENDESK_FILTER: "(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))" OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true" @@ -66,7 +66,7 @@ environment: OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn" OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress" OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin" - OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal" + OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "{{ .Values.ldap.baseDn }}" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER: "(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))" OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true" diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index 665fb075..67754072 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -76,10 +76,10 @@ customConfigs: xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }} xwiki.authentication.ldap.port: 389 ## Authentication to the LDAP server - xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" + xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,{{ .Values.ldap.baseDn }}" xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }} ## Base DN used for searching for users - xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" + xwiki.authentication.ldap.base_DN: "{{ .Values.ldap.baseDn }}" ## Allow short update cycles of the LDAP group cache xwiki.authentication.ldap.groupcache_expiration: 300 ## Mapping for XWiki attributes to the respective LDAP attributes @@ -162,7 +162,7 @@ properties: "property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443 ## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping. - "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal" + "property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,{{ .Values.ldap.baseDn }}" ## SMTP settings "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}" "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} @@ -202,7 +202,7 @@ properties: 1 ## Base DN under which groups should be searched for "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN": - "dc=swp-ldap,dc=internal" + "{{ .Values.ldap.baseDn }}" ## LDAP filter to only synchronize some groups "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter": "(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 202fb321..852ce30b 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -528,7 +528,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus" - tag: "1.10.0@sha256:b8df7c3f2257316f95945c8af53d0023e937c7295b8e5a4f73d6679c4df6c93e" + tag: "1.11.0@sha256:738f41b5faaeb79ac5300d8c2230e0e8ec88c3e1f43eb34e27787b152c5cebe1" nubusOpenPolicyAgent: # providerCategory: "Supplier" # providerResponsible: "Univention"