hswaw: add ldap-web
Change-Id: I49602ecf6001150491aae3e5fe024fb0ee7a9367
diff --git a/hswaw/kube/hswaw.jsonnet b/hswaw/kube/hswaw.jsonnet
index fc92a93..89bd32b 100644
--- a/hswaw/kube/hswaw.jsonnet
+++ b/hswaw/kube/hswaw.jsonnet
@@ -14,6 +14,12 @@
image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9",
webhookFQDN: error "webhookFQDN must be set",
},
+ ldapweb: {
+ # Manually built from code.hackerspace.pl/q3k/ldap-web-public.
+ image: "registry.k0.hswaw.net/q3k/ldap-web:1571402374",
+
+ webFQDN: error "webFQDN must be set",
+ },
},
components: {
@@ -85,6 +91,101 @@
piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"),
}
},
+
+ ldapweb: mirko.Component(env, "ldapweb") {
+ local ldapweb = self,
+ cfg+: {
+ image: cfg.ldapweb.image,
+ volumes+: {
+ config: kube.ConfigMapVolume(ldapweb.configmap),
+ },
+ container: ldapweb.Container("main") {
+ # Starts by default on port 8000.
+ volumeMounts_+: {
+ config: { mountPath: "/app/webapp/config.py", subPath: "config.py", },
+ },
+ },
+ ports+: {
+ publicHTTP: {
+ web: {
+ port: 8000,
+ dns: env.cfg.ldapweb.webFQDN,
+ },
+ },
+ },
+ },
+
+ configmap: kube.ConfigMap(ldapweb.makeName("config")) {
+ metadata+: ldapweb.metadata,
+ data: {
+ "config.py": |||
+ # -*- coding: utf-8 -*-
+ import flask_wtf
+ import wtforms
+ ldap_url = 'ldap://ldap.hackerspace.pl'
+ dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
+
+ admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
+ admin_pw = 'unused'
+
+ hackerspace_name = 'Warsaw Hackerspace'
+
+ readable_names = {
+ 'commonname': u'Common Name',
+ 'givenname': u'Given Name',
+ 'gecos': u'GECOS (public name)',
+ 'surname': u'Surname',
+ 'loginshell': u'Shell',
+ 'telephonenumber': 'Phone Number',
+ 'mobiletelephonenumber': 'Mobile Number',
+ 'sshpublickey': 'SSH Public Key',
+ }
+
+ full_name = {
+ 'cn': 'commonname',
+ 'gecos': 'gecos',
+ 'sn': 'surname',
+ 'mobile': 'mobiletelephonenumber',
+ 'l': 'locality',
+ }
+
+ can_add = set([
+ 'telephonenumber',
+ 'mobiletelephonenumber',
+ 'sshpublickey',
+ ])
+ can_delete = can_add
+ can_modify = can_add | set([
+ 'givenname', 'surname', 'commonname', 'gecos',
+ ])
+ can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
+ admin_required = set()
+
+
+ perm_errors = {
+ 'add': 'You cannot add this attribute!',
+ 'mod': 'You cannot change this attribute!',
+ 'del': 'You cannot delete this attribute!',
+ }
+ std_templates = {
+ 'add': 'ops/add.html',
+ 'mod': 'ops/mod.html',
+ 'del': 'ops/del.html',
+ }
+
+
+
+ default_field = (wtforms.fields.StringField, {})
+ fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
+
+ kadmin_passwd = True
+ kadmin_principal_map = "{}@HACKERSPACE.PL"
+
+ TOKEN_LENGTH = 32
+ |||,
+ },
+ },
+ },
},
},
@@ -95,7 +196,10 @@
twilio_token: std.base64(std.split(importstr "secrets/plain/prod-twilio-token", "\n")[0]),
},
webhookFQDN: "smsgw-webhook-prod.hswaw.net",
- }
+ },
+ ldapweb+: {
+ webFQDN: "ldap.hackerspace.pl",
+ },
},
},
}