Allow using configmaps when deploying in kubernetes #161
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I think it would be nice to have some sort of integration test checking this, but I'm not sure how. It also seems like a lot of machinery for a small possibly infrequently used feature. |
|
From the Travis build - it fails for Go 1.11.x for what seems to be OSX. I unfortunately don't have access to an OSX machine, so this one is a little hard to fix :-( Any pointers kindly appreciated. |
|
I have just completed a local test - and verified that the changes work as intended. Still not sure about the OSX issue though :-/ |
|
hey, this makes sense. I updated your PR to go against |
|
@nwillems could you rebase your changes on |
added 2 commits
November 20, 2020 17:33
When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event.
aee45f7 to
8ce284c
Compare
|
Updated - awaiting build results |
|
Thx for your effort and sorry for letting you wait so long. Life happened. |
Merged
Fusion
added a commit
that referenced
this pull request
Feb 28, 2022
* use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 7, 2022
* Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 7, 2022
* Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
May 9, 2022
* Dev -> Master after v1/v2 cleanup (#261) * Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * SSH Keys support in database plugins Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com>
Fusion
added a commit
that referenced
this pull request
Nov 7, 2022
* Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Feature/dbsshkeys (#262) * Dev -> Master after v1/v2 cleanup (#261) * Reverse pull request from master to dev. Reverse pull request. * Fix/docker latest tag (#260) * Dev (#254) * use functional options pattern to inject logr (#124) * use functional options pattern to inject logr Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * cleanup log formatting Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * allow clean shutdown (#126) * fix owncloud posix query, log message and provisioning api results (#128) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't hardcode graphapi endpoint Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * add support for write handlers (#135) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * config: match shadowaccount objectlcass (#136) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Makefile compatiblility (#134) Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * update travis.yml (#154) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * check owncloud status code is ok (#153) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Bulid and push multiarch docker images (#142) Fix #141. With this change, a github action is added that builds a multiarch docker image on every commit, supporting x86_64, aarch64 and arm/v7. When the action is triggered on a release or tag, it also uploads the versioned image to github container image registry. Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> * don't mix graph and provisioning api (#157) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Reuse http client as much as possible and allow insecure transport (#160) * Allow using configmaps when deploying in kubernetes (#161) * Ensure config watcher also works in kubernetes When using configmaps in kubernetes, the file is a symlink, and then file-watcher is not opdated with a write event. Instead it receives a CHMOD and a REMOVE event. This change adds two things 1) Removal of the current wacther and adding of a new watcher for the same path 2) The do-reload conditional is updated to also include the remove event. * Align write and removed conditionals * Fix API server json formating (#163) (#164) * Update README.md (#167) Fixing bad port in quickstart * Use port 3893 with ldapsearch in example (#150) * feat: add flags for ldap listen addresses (#169) Signed-off-by: Mark Sagi-Kazar <mark.sagikazar@gmail.com> * Assets build fix. (#171) * Docker build fix. * Makefile fix. * update readme, config and deps (#170) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * Remove byanke's donation fields * Database plugins (#133) This commit actually covers a few items. In future commits, I will keep features distinct. This is only happening this time around due to how long it took to merge this branch. Covered: - Database plugins (at this time: SQLite, MySQL, Postgres) - Backends acting as middleware: added the [[Backends]] configuration directive while retaining backward compatibility with [Backend] - Schema introspection (root DSE query with base scope) - When proxying, insert queried attribute back in upstream response, if absent, so that the LDAP library does not filter out all entries - When chaining backends, any backend can be used to inject OTP value in password, before reaching a non-OTP-aware backend (currently guarded by a True statement in case we find an issue (I did thoroughly test but you never know)) - Handling of special "1.1" attributes filter meaning "I do not want attributes" (RFC 4511, 4.5.1.8) - Support for "want types only" queries, even when proxying * Mac M1 Support and LDAP Req Attributes (#192) * Mac M1 Support * Augmented root DSS and schema discovery based on content of schema directory * LDAP workaround where req. attribute gets injected in response now works with combined filters * SubSchema query can return a minimal set, freeipa or openldap's schemas * Feature/upgrade ldap library version (#194) * Stronger, salted paswords using bcrypt. (#195) * Fixed badges in README file and added a couple improvements (#196) * fix lock for ownCloud / graph backend (#198) Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de> * the config struct is only needed by the config backend (#199) * Variable "unixid" is now respectively "UIDNumber" and "GIDNumber" for… (#201) * fix: keep watch config file when changed,renamed,removed (#189) I will need to run `glauth.go` through `gofmt` myself but that is fine. * Returning when unable to start config watcher (#203) * Introducing goconvey testing and refactoring of config and ... (#204) * Introducing goconvey testing and refactoring of config and plugin backends. * gofmt, oops * Refactored re-insertion of requested attributes * Allow bind operations with no group provided (#205) * Support for userPrincipalName binding and browsing. (#206) * Support for userPrincipalName binding and browsing. * Fixed travis CI test for userprincipalname * fixing travis tests for more users * Rate limit after failed binds (#207) * Capabilities -- part 2 (#214) + do not dump config at startup * Attempting migration from Travis to Github Actions * Migration Step#2 * Migration Step#3 * Migration Step#4 * Migration Step#5 * Migration Step#6 * Migration Step#7 * Migration Step#8 * Migration Step#9 * Migration Step#9 * Migration dev... * Migration dev... * Migration dev... * Migration dev... * Docker with plugins, first step (#215) * Docker with plugins, first step * Build better docker images, including plugins * Merge back from dev to feature branch step #2 * Added capabilities to CI * - Now creating two docker images, including one with plugins - Moving from Travis CI to GitHub Actions * Plugins now run on distroless (#217) * Getting rid of Travis CI now that it doesn't support FOSS anymore. * Internal Stats -- performance view (#221) * Local merge * Update CI to forget about bindata * Forgot to cleanup the cleanup... * assets: use stdlib "embed" package (#200) This should make it easier to include GLAuth in other projects using `go get` * 'Airgapping' web assets for security and preventing breakage (#227) * v2 -- V2 hierarchy (#228) * Search refactoring, tree traversal and scope correctness (#229) Search refactoring, tree traversal and scope correctness. * Feature/multi cfg (#233) * Feature/custom attributes (#240) * Makefiles: platform releases (#241) * Feature/release script (#242) * Bug/fix docker build in v2 (#244) * Fix #246 and #252 Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Cleanup Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * SSH Keys support in database plugins Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> * Better plugin build for darwin * add link to documentation, only discovered it while perusing issues list (#276) * Plugin: Unix PAM Authentication (#263) (#277) * Plugin: Unix PAM Authentication (#263) * Add plugin using pam authentication Adds an additional plugin which us authenticating against the PAM unix backend and exposing users and groups local to the machine glauth is running on. This can be used to expose local users for authentication in other services which support ldap only. * plugins: pam: Rewrite Bind() to use ldapopshelper Modernizes the implementation of Bind() to make use of the helper functions provided by LDAPOpsHelper. In order to support custom authentication the existing config.User has received an additional PassAppCustom property which allows to specify a custom authentication callback for a user. In case of the PAM backend this will be used to authenticate against the local PAM database. * plugins: pam: Rewrite Search() to use ldapopshelper Modernizes the implementation of Search() to make use of the helper functions provided by LDAPOpsHelper. * plugins: pam: Capability through group membership Adds a configuration option which decides if a user gets the search capability or not based on the group memberships of a user. * plugins: pam: Apply formatting Runs gofmt and go get on all changes done earlier * plugins: pam: Address feedback from CodeClimate - reduce code similarity - document new exports - address casing of variables and functions - reduce complexity of FindPosixGroups() - reduce complexity of FindPosixAccounts() - fix else branch in ldapopshelper Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Updated README for pam plugin * Updated README for pam plugin Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de> * Removing db plugins * Changing plugind package * Remove main frmo plugin * Move plugins to their own repos (#283) * Plugins release build delegated to plugin Makefile * Build and push docker containers * README points to documentation * Shortened README * Prometheus exported (#284) * Prometheus exporter * Feature/zerolog (#285) * Zerolog * Adjusted logging levels * Structured logging including ldap library * Feature/check config (#286) Add config check `--check-config` * Removed last trace of old docker files Co-authored-by: Jörn Friedrich Dreyer <jfd@butonic.de> Co-authored-by: Zhou Wenzong <wenzong@users.noreply.github.com> Co-authored-by: Jairo Llopis <Yajo@users.noreply.github.com> Co-authored-by: Benedikt Kulmann <benedikt@kulmann.biz> Co-authored-by: Nicolai Willems <172633+nwillems@users.noreply.github.com> Co-authored-by: Thibault Soubiran <soubi.thibault@gmail.com> Co-authored-by: Clement JACOB <clems71@gmail.com> Co-authored-by: Lutz Horn <code@lhorn.de> Co-authored-by: Márk Sági-Kazár <sagikazarmark@users.noreply.github.com> Co-authored-by: Peter Heise <pheise@koprolalie.com> Co-authored-by: Ben Yanke <ben@benyanke.com> Co-authored-by: fanlix <fanlix@gmail.com> Co-authored-by: Hank Donnay <hdonnay@gmail.com> Co-authored-by: dlitster <davidlitster@gmail.com> Co-authored-by: Marius Zwicker <marius@mlba-team.de> Co-authored-by: Marius Zwicker <marius.zwicker@mlba-team.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi
The intent of this PR is to allow easier deployment using kubernetes. To me, a common way of doing this would be to configure glauth through a configmap or secret.
When running glauth in kubernetes, I discovered that glauth doesn't pickup changes made to a configmap. It seems that this is due to the fact that kubernetes symlinks the configmap-data into the right place - https://www.martensson.io/go-fsnotify-and-kubernetes-configmaps/
I made a small experiment and deployed to a local docker-desktop cluster and checked that when updating a configmap, an fsnotify watcher receives a chmod and remove event, hence this change reflects what I discovered.
I hope this PR aligns with the philosophy of glauth and that it is useful, I'm hoping to get some useful feedback from the CI system :-)
/Nicolai