Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / a7c36ed9f32e4a32493fde0bb3c0f1db7d5a0455 / . / hswaw / kube / ldapweb.libsonnet
blob: 2cc94323643be271219da0815ac3ae58ac5d84d5 [file] [log] [blame]
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]1local mirko = import "../../kube/mirko.libsonnet";
2local kube = import "../../kube/kube.libsonnet";
3
4{
5 cfg:: {
Piotr Dobrowolski9a893432021-10-16 18:28:48 +0200[diff] [blame]6 # Manually built from code.hackerspace.pl/informatic/ldap-web-public.
radexa7c36ed2023-09-22 23:05:46 +0200[diff] [blame^]7 image: "registry.k0.hswaw.net/radex/ldap-web:1695415920",
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]8 webFQDN: error "webFQDN must be set!",
9 },
10
11 component(cfg, env): mirko.Component(env, "ldapweb") {
12 local ldapweb = self,
13 cfg+: {
14 image: cfg.image,
15 volumes+: {
16 config: kube.ConfigMapVolume(ldapweb.configmap),
17 },
18 container: ldapweb.Container("main") {
19 # Starts by default on port 8000.
20 volumeMounts_+: {
21 config: { mountPath: "/app/webapp/config.py", subPath: "config.py", },
22 },
23 },
24 ports+: {
25 publicHTTP: {
26 web: {
27 port: 8000,
28 dns: cfg.webFQDN,
29 },
30 },
31 },
32 },
33
34 configmap: kube.ConfigMap(ldapweb.makeName("config")) {
35 metadata+: ldapweb.metadata,
36 data: {
37 "config.py": |||
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]38 import flask_wtf
39 import wtforms
Piotr Dobrowolski9a893432021-10-16 18:28:48 +0200[diff] [blame]40 import secrets
41
42 secret_key = secrets.token_hex(32)
43
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]44 ldap_url = 'ldap://ldap.hackerspace.pl'
radexa7c36ed2023-09-22 23:05:46 +0200[diff] [blame^]45 dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl"
46
47 ldapweb_admin_group = 'cn=zarzad,ou=Group,dc=hackerspace,dc=pl'
48
49 ldap_base = 'dc=hackerspace,dc=pl'
50 ldap_people = 'ou=People,dc=hackerspace,dc=pl'
51 admin_groups = {
52 'Fatty': 'cn=fatty,ou=Group,dc=hackerspace,dc=pl',
53 'Starving': 'cn=starving,ou=Group,dc=hackerspace,dc=pl',
54 'Potato': 'cn=potato,ou=Group,dc=hackerspace,dc=pl',
55 }
56
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]57 admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl'
58 admin_pw = 'unused'
59
60 hackerspace_name = 'Warsaw Hackerspace'
61
62 readable_names = {
63 'commonname': u'Common Name',
64 'givenname': u'Given Name',
65 'gecos': u'GECOS (public name)',
66 'surname': u'Surname',
67 'loginshell': u'Shell',
68 'telephonenumber': 'Phone Number',
69 'mobiletelephonenumber': 'Mobile Number',
70 'sshpublickey': 'SSH Public Key',
radexa7c36ed2023-09-22 23:05:46 +0200[diff] [blame^]71 'mifareidhash': 'MIFARE ID Hash',
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]72 }
73
74 full_name = {
75 'cn': 'commonname',
76 'gecos': 'gecos',
77 'sn': 'surname',
78 'mobile': 'mobiletelephonenumber',
79 'l': 'locality',
80 }
81
82 can_add = set([
83 'telephonenumber',
84 'mobiletelephonenumber',
85 'sshpublickey',
radexa7c36ed2023-09-22 23:05:46 +0200[diff] [blame^]86 'mifareidhash',
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]87 ])
radexa7c36ed2023-09-22 23:05:46 +0200[diff] [blame^]88 can_delete = can_add
Sergiusz Bazanskid0ec2c62019-11-21 00:08:52 +0100[diff] [blame]89 can_modify = can_add | set([
90 'givenname', 'surname', 'commonname', 'gecos',
91 ])
92 can = { 'add':can_add, 'mod':can_modify, 'del':can_delete }
93 admin_required = set()
94
95
96 perm_errors = {
97 'add': 'You cannot add this attribute!',
98 'mod': 'You cannot change this attribute!',
99 'del': 'You cannot delete this attribute!',
100 }
101 std_templates = {
102 'add': 'ops/add.html',
103 'mod': 'ops/mod.html',
104 'del': 'ops/del.html',
105 }
106
107
108
109 default_field = (wtforms.fields.StringField, {})
110 fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})}
111
112 kadmin_passwd = True
113 kadmin_principal_map = "{}@HACKERSPACE.PL"
114
115 TOKEN_LENGTH = 32
116 |||,
117 },
118 },
119 },
120}