volker.raschek/helm-gitea
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rewrite init script (#178)

Browse Source 
These changes rewrite the init script to be error aware, informative and have a bit more security awareness.

During rewrite several hidden bugs could be identified and fixed, such as:

- LDAP configuration options interpreted by the shell before passed to command
- Finding multiple ldap ids instead of one during lookup when their names are almost identical
e.g. `_my-ldap-auth` and `my-ldap-auth`
- Properly filter auth sources by their types to prevent unintended type converting attempts that fail

In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.

Helps for: #149

Reviewed-on: https://gitea.com/gitea/helm-chart/pulls/178
Reviewed-by: luhahn <luhahn@noreply.gitea.io>
Reviewed-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: justusbunsi <justusbunsi@noreply.gitea.io>
Co-committed-by: justusbunsi <justusbunsi@noreply.gitea.io>
This commit is contained in:
justusbunsi
2021-06-30 04:09:16 +08:00
committed by techknowlogick
parent 6a6eb35106
commit 9059229acb
4 changed files with 130 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
templates/_helpers.tpl
View File

@ -116,6 +116,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- $_ := set .Values.gitea.ldap "bindPassword" "" -}}
{{- end -}}
{{- $flags := list "not-active" "skip-tls-verify" "allow-deactivate-all" "synchronize-users" "attributes-in-bind" -}}
{{- range $key, $val := .Values.gitea.ldap -}}
{{- if and (ne $key "enabled") (ne $key "existingSecret") -}}
{{- if eq ($key | kebabcase) "bind-dn" -}}
@ -124,8 +125,10 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- printf "--%s %s " ($key | kebabcase) ("${GITEA_LDAP_PASSWORD}" | quote ) -}}
{{- else if eq $key "port" -}}
{{- printf "--%s %d " ($key | kebabcase) ($val | int) -}}
{{- else if (has ($key | kebabcase) $flags) -}}
{{- printf "--%s " ($key | kebabcase) -}}
{{- else -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}}
{{- end -}}
{{- end -}}
{{- end -}}
@ -134,7 +137,7 @@ app.kubernetes.io/instance: {{ .Release.Name }}
{{- define "gitea.oauth_settings" -}}
{{- range $key, $val := .Values.gitea.oauth -}}
{{- if ne $key "enabled" -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}}
{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}}
{{- end -}}
{{- end -}}
{{- end -}}