airship/charts
Code Issues Proposed changes

Merge "feat(ldap): adds LDAP group to project membership"

Browse Source
This commit is contained in:
Zuul 2021-03-04 18:56:04 +00:00 committed by Gerrit Code Review
commit 590bd37001
4 changed files with 58 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
charts/jarvis-project/templates/Job-project.yaml
View File

@ -36,6 +36,16 @@ spec:
value: "https://{{ .Values.params.gerrit.host }}"
- name: HARBOR_URL
value: "https://{{ .Values.params.harbor.host }}"
- name: PROJECT_LDAP_DN
valueFrom:
secretKeyRef:
name: {{ template "helpers.labels.fullname" . }}
key: harbor-project-ldap-dn
- name: STAGING_LDAP_DN
valueFrom:
secretKeyRef:
name: {{ template "helpers.labels.fullname" . }}
key: harbor-staging-ldap-dn
command:
- sh
- -cex
@ -78,10 +88,30 @@ spec:
esac
done
}
add_ldap_member_to_project(){
project_name=$1
ldap_dn=$2
project_json=$(curl -sSL --netrc-file /run/jarvis/harbor-netrc/harbor-netrc -X GET \
-H "Accept: application/json" \
${HARBOR_URL}/api/v2.0/projects?name=${project_name})
project_id=$(echo $project_json | grep -o '"project_id":[[:digit:]]*' | head -1 | awk -F':' '{print $2}')
curl -sSL -D - --netrc-file /run/jarvis/harbor-netrc/harbor-netrc -X POST \
-H "Content-Type: application/json" \
--data-raw '{
"role_id": 2,
"member_group": {
"group_name": "'${project_name}'-users-group",
"ldap_group_dn": "'${ldap_dn}'",
"group_type": 1
}
}' ${HARBOR_URL}/api/v2.0/projects/${project_id}/members
}
# Add project and staging project in harbor
project_in_harbor "${JARVIS_PROJECT_NAME}" "${JARVIS_PROJECT_NAME}-staging"
add_ldap_member_to_project "${JARVIS_PROJECT_NAME}" "${PROJECT_LDAP_DN}"
add_ldap_member_to_project "${JARVIS_PROJECT_NAME}-staging" "${STAGING_LDAP_DN}"
volumeMounts:
- name: gerrit-creds
mountPath: /run/jarvis/gerrit-authfile

4
charts/jarvis-project/templates/Secret-project.yaml
View File

@ -9,6 +9,8 @@ data:
gerrit-username: "{{ b64enc .Values.params.gerrit.user }}"
gerrit-authfile: "{{ b64enc ( printf "%s:%s" .Values.params.gerrit.user .Values.params.gerrit.password ) }}"
gerrit-ssh-key: "{{ b64enc ( .Values.params.gerrit.ssh_key ) }}"
harbor-project-ldap-dn: "{{ b64enc ( .Values.params.harbor.member_ldap_dn.project ) }}"
harbor-staging-ldap-dn: "{{ b64enc ( .Values.params.harbor.member_ldap_dn.staging ) }}"
...
{{- end -}}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-project" ) }}
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "Secret-project" ) }}

4
charts/jarvis-project/values.yaml
View File

@ -26,6 +26,9 @@ params:
host: gerrit.jarvis.local
harbor:
host: harbor-core.jarvis.local
member_ldap_dn:
project: ""
staging: ""
endpoints:
hostname: localhost
tls:
@ -40,4 +43,3 @@ config:
test:
ldap_username: jarvis
ldap_password: password

28
tools/gate/jarvis/800-deploy-jarvis-projects.sh
View File

@ -27,16 +27,28 @@ for jarvis_project in `find ./tools/gate/jarvis/5G-SA-core -maxdepth 1 -mindepth
voting_ci="false"
fi
project_override=$(mktemp --suffix=.yaml)
tee ${project_override} <<EOF
config:
ci:
verify: ${voting_ci}
params:
harbor:
member_ldap_dn:
project: cn=${jarvis_project}-harbor-users-group,ou=Groups,dc=jarvis,dc=local
staging: cn=${jarvis_project}-harbor-staging-users-group,ou=Groups,dc=jarvis,dc=local
EOF
# shellcheck disable=SC2046
helm upgrade \
--create-namespace \
--install \
--namespace=jarvis-projects \
"${jarvis_project}" \
"./charts/jarvis-project" \
--values="${gerrit_creds_override}" \
--set config.ci.verify="$voting_ci" \
$(./tools/deployment/common/get-values-overrides.sh jarvis-project)
--create-namespace \
--install \
--namespace=jarvis-projects \
"${jarvis_project}" \
"./charts/jarvis-project" \
--values="${gerrit_creds_override}" \
--values="${project_override}" \
$(./tools/deployment/common/get-values-overrides.sh jarvis-project)
./tools/deployment/common/wait-for-pods.sh jarvis-projects