Update chart structure and use latest release. (#6)

Author: gburd

.bin/disableLdapPort.yaml

@@ -0,0 +1,19 @@
+logLevel: debug
+resources:
+  limits:
+    cpu: "128m"
+    memory: "64Mi"
+replicaCount: 3
+customLdifFiles:
+  00-root.ldif: |-
+    # Root creation
+    dn: dc=example,dc=org
+    objectClass: dcObject
+    objectClass: organization
+    o: Example, Inc
+service:
+  enableLdapPort: false
+  sslLdapPortNodePort: 30636
+  type: NodePort
+initTLSSecret:
+  tls_enabled: true

.bin/ldif2json

@@ -107,8 +107,8 @@ BEGIN {
                         printf(",\n%s:{%s}", json_dict_key, join(json_record, ","))
                     }
                 } else {
-                    printf "\n\nKey %s was not found in parsed LDIF record\n\n", key
-                    for (a in attrs) printf "- %s -- %s\n", a, attrs[a][1]
+                    #printf "\n\nKey %s was not found in parsed LDIF record\n\n", key
+                    #for (a in attrs) printf "- %s -- %s\n", a, attrs[a][1]
                 }
 
                 break

.bin/ldif2json.awk

@@ -0,0 +1,95 @@
+#!/usr/bin/env -S gawk -f
+
+# Convert LDIF into JSON
+
+# MIT License
+# Copyright (c) 2017 Christopher Harrison
+
+function json_string(str) {
+  # Convert backslashes to double-backslashes
+  str = gensub("\\\\", "\\\\\\\\", "g", str)
+  # Convert a string into an escaped JSON string, with enclosing quotes
+  return "\"" gensub(/"/, "\\\\\"", "g", str) "\""
+}
+
+BEGIN {
+  FS = "::? "
+  ORS = ""
+
+  in_dn = 0
+  first_dn = 0
+
+  # Array of results
+  print "["
+}
+
+/^#/ || $1 == "version" || $1 == "search" || $1 == "result" {
+  # Skip comments, version and ldapsearch result entities
+  next
+}
+
+$1 == "dn" {
+  # We've found an entity
+  if (first_dn) print ","
+  print "{"
+
+  in_dn = 1
+  first_dn = 1
+
+  # Reset attributes
+  delete attributes
+}
+
+in_dn {
+  if (NF == 2) {
+    # New attribute
+    last_attr = $1
+    attr_index = 1
+    if (last_attr in attributes) attr_index = length(attributes[last_attr]) + 1
+    value = $2
+
+  } else {
+    # Continuation of previous attribute
+    attr_index = length(attributes[last_attr])
+    value = attributes[last_attr][attr_index] gensub(/^ /, "", 1)
+  }
+
+  attributes[last_attr][attr_index] = value
+}
+
+in_dn && /^$/ {
+  # Write attributes
+  first_attr = 0
+  for (attr in attributes) {
+    if (first_attr) print ","
+    print json_string(attr) ":"
+    first_attr = 1
+
+    if (length(attributes[attr]) == 1) {
+      # Scalar attribute
+      print json_string(attributes[attr][1])
+
+    } else {
+      # Array attribute
+      print "["
+
+      first_arr = 0
+      for (i in attributes[attr]) {
+        if (first_arr) print ","
+        print json_string(attributes[attr][i])
+        first_arr = 1
+      }
+
+      print "]"
+    }
+  }
+
+  # End of entity
+  print "}"
+  in_dn = 0
+}
+
+END {
+  # End of array
+  print "]"
+}

.bin/local-test.sh

@@ -36,7 +36,7 @@ if ! kind get clusters -q | grep -q $KIND_CLUSTER_NAME; then
     # https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
     # See: https://github.com/containerd/containerd/blob/main/docs/hosts.md
     info "Creating a Kind/Kubernetes cluster"
-    cat <<EOF | kind create cluster --name $KIND_CLUSTER_NAME --image=kindest/node:v1.28.0@sha256:9f3ff58f19dcf1a0611d11e8ac989fdb30a28f40f236f59f0bea31fb956ccf5c --config=-
+    cat <<EOF | kind create cluster --name $KIND_CLUSTER_NAME --image=kindest/node:v1.29.4@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8 --config=-
 kind: Cluster
 apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
@@ -127,25 +127,29 @@ if ! kubectl get namespace | grep -q projectcontour; then
     # https://tanzu.vmware.com/developer/guides/service-routing-contour-refarch/
     kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
     # https://kind.sigs.k8s.io/docs/user/ingress/
-    kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/control-plane","operator":"Equal","effect":"NoSchedule"},{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'
+    kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"}}}}}'
     info "waiting for resource deployment to finish..."
     kubectl --namespace projectcontour rollout status deployments
 fi
 
 if ! kubectl get namespace | grep -q chaos-mesh; then
-    info "Installing Chaos Mesh to enable fault simulation within K8S"
-    curl -sSL https://mirrors.chaos-mesh.org/v2.6.2/install.sh  | bash -s -- --local kind
+    # see: https://chaos-mesh.org/
+    helm repo add chaos-mesh https://charts.chaos-mesh.org
+    kubectl create ns chaos-mesh
+    helm install chaos-mesh chaos-mesh/chaos-mesh -n=chaos-mesh --set chaosDaemon.runtime=containerd --set chaosDaemon.socketPath=/run/k3s/containerd/containerd.sock --version 2.6.3
+
     info "waiting for resource deployment to finish..."
     kubectl --namespace chaos-mesh rollout status deployments
+    kubectl --namespace chaos-mesh get po
 fi
 
 if kubectl get namespace | grep -q "${NAMESPACE}"; then
-    info "Remove any lingering persistent volume claims in the ${NAMESPACE}"
-    kubectl --namespace ${NAMESPACE} delete pvc --all
-    if helm list --namespace ds --no-headers --short | grep -q openldap; then
+    if helm list --namespace ${NAMESPACE} --no-headers --short | grep -q openldap; then
         info "Uninstall previous deployment of OpenLDAP chart"
-        helm -n ds uninstall openldap
+        helm -n ${NAMESPACE} uninstall openldap
     fi
+    info "Remove any lingering persistent volume claims in the ${NAMESPACE}"
+    kubectl --namespace ${NAMESPACE} delete pvc --all
     info "Removing namespace ${NAMESPACE}"
     kubectl delete namespace ${NAMESPACE}
 fi
@@ -154,28 +158,31 @@ kubectl create namespace ${NAMESPACE}
 
 #kubectl delete jobs --all-namespaces --field-selector status.successful=1
 
-if ! kubectl --namespace $NAMESPACE get secret custom-cert > /dev/null 2>&1; then
+if ! kubectl --namespace ${NAMESPACE} get secret myval-certs > /dev/null 2>&1; then
     if [ -f "${CERT_DIR}/tls.crt" ] && [ -f "${CERT_DIR}/tls.key" ] && [ -f "${CERT_DIR}/ca.crt" ]
     then :
     else
         ! [ -d "${CERT_DIR}" ] && mkdir -p "${CERT_DIR}"
-        # For "customTLS" we need to provide a certificate, so make one now.
+        # For "initTLSSecret" we need to provide a certificate, so make one now.
         info "Creating TLS certs in ${CERT_DIR}"
-        openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.com' -keyout "${CERT_DIR}"/tls.key -out "${CERT_DIR}"/tls.crt -days 365 > /dev/null 2>&1
+        openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.org' -keyout "${CERT_DIR}"/tls.key -out "${CERT_DIR}"/tls.crt -days 365 > /dev/null 2>&1
         cp "${CERT_DIR}"/tls.crt "${CERT_DIR}"/ca.crt
     fi
 
-    info "Installing certificate materials into the Kubernets cluster as secrets named 'custom-cert' which we use in the 'myval.yaml' values file."
-    kubectl --namespace "${NAMESPACE}" create secret generic custom-cert --from-file="${CERT_DIR}"/tls.crt --from-file="${CERT_DIR}"/tls.key --from-file="${CERT_DIR}"/ca.crt
+    info "Installing certificate materials into the Kubernets cluster as secrets named 'myval-certs' which we use in the 'myval.yaml' values file."
+    kubectl --namespace "${NAMESPACE}" create secret generic myval-certs --from-file="${CERT_DIR}"/tls.crt --from-file="${CERT_DIR}"/tls.key --from-file="${CERT_DIR}"/ca.crt
+    # kubectl get secret myval-certs -n "${NAMESPACE}" -o yaml
 fi
 
 if ! helm --namespace "${NAMESPACE}" list | grep -q openldap; then
     info "Install openldap chart with 'myval.yaml' testing config"
-    helm install --namespace "${NAMESPACE}" openldap -f .bin/myval.yaml openldap
+    helm install --namespace "${NAMESPACE}" --values .bin/myval.yaml openldap .
+    #kubectl --namespace ds create secret generic my-super-secret --from-literal=LDAP_ADMIN_PASSWORD=Not@SecurePassw0rd --from-literal=LDAP_CONFIG_ADMIN_PASSWORD=Not@SecurePassw0rd
+    #helm install --namespace "${NAMESPACE}" --values .bin/singleNode.yaml openldap .
     info "waiting for helm deployment to finish..."
-    # kubectl --namespace ds get events --watch &
-    # ( kubectl --namespace ${NAMESPACE} wait --for=condition=Ready --timeout=30s pod/openldap-0 || \
-    #   kubectl --namespace ${NAMESPACE} logs -l app.kubernetes.io/name=openldap --all-containers=true --timestamps=true --prefix=true --tail=-1 --ignore-errors --follow ) &
+     kubectl --namespace ${NAMESPACE} get events --watch &
+     ( kubectl --namespace ${NAMESPACE} wait --for=condition=Ready --timeout=30s pod/openldap-0 || \
+       kubectl --namespace ${NAMESPACE} logs -l app.kubernetes.io/name=openldap --all-containers=true --timestamps=true --prefix=true --tail=-1 --ignore-errors --follow ) &
     kubectl --namespace "${NAMESPACE}" rollout status sts openldap
 fi
 

.bin/myval.yaml

@@ -1,40 +1,48 @@
-logLevel: debug
-env:
- LDAP_LOGLEVEL: "16640"
-# LDAP_LOGLEVEL: "-1"
- SYMAS_DEBUG: "true"
- SYMAS_DEBUG_SETUP: "false"
 image:
   # From repository https://hub.docker.com/r/symas/openldap/
   repository: symas/openldap
 #  repository: localhost:5001/openldap
-  tag: 2.6.6-debian-11-r19
+  tag: 2.6.8
 #  tag: test
   pullPolicy: Always
+logLevel: debug
+env:
+ LDAP_LOGLEVEL: "16640"
+# LDAP_LOGLEVEL: "-1"
+ SYMAS_DEBUG: "true"
+ SYMAS_DEBUG_SETUP: "false"
 resources:
   limits:
     cpu: "128m"
     memory: "64Mi"
 replicaCount: 3
-service:
-  ldapPortNodePort: 30389
-  sslLdapPortNodePort: 30636
-  type: NodePort
 ltb-passwd:
-  enabled: true
   ingress:
     hosts:
     - "ssl-ldap2.example"
 phpldapadmin:
-  enabled: true
   ingress:
     hosts:
     - "phpldapadmin.example"
-customTLS:
-  enabled: true
-  secret: "custom-cert"
 customSchemaFiles:
+  00-memberof.ldif: |-
+    # Load memberof module
+    dn: cn=module,cn=config
+    cn: module
+    objectClass: olcModuleList
+    olcModuleLoad: memberof
+    olcModulePath: /opt/bitnami/openldap/lib/openldap
+
+    dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
+    changetype: add
+    objectClass: olcOverlayConfig
+    objectClass: olcMemberOf
+    olcOverlay: memberof
+    olcMemberOfRefint: TRUE
   10_owncloud_schema.ldif: |-
+    # This LDIF files describes the ownCloud schema and can be used to
+    # add two optional attributes: ownCloudQuota and ownCloudUUID
+    # The ownCloudUUID is used to store a unique, non-reassignable, persistent identifier for users and groups
     dn: cn=owncloud,cn=schema,cn=config
     objectClass: olcSchemaConfig
     cn: owncloud
@@ -55,6 +63,7 @@ customSchemaFiles:
       MAY ( ownCloudQuota $ ownCloudUUID ) )
 customLdifFiles:
   00-root.ldif: |-
+    # Root creation
     dn: dc=example,dc=org
     objectClass: dcObject
     objectClass: organization
@@ -79,3 +88,32 @@ customLdifFiles:
     uid: jdupond
     uidnumber: 1000
     userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
+  03-test-memberof.ldif: |-
+    dn: ou=Group,dc=example,dc=org
+    objectclass: organizationalUnit
+    ou: Group
+
+    dn: ou=People,dc=example,dc=org
+    objectclass: organizationalUnit
+    ou: People
+
+    dn: uid=test1,ou=People,dc=example,dc=org
+    objectclass: account
+    uid: test1
+
+    dn: cn=testgroup,ou=Group,dc=example,dc=org
+    objectclass: groupOfNames
+    cn: testgroup
+    member: uid=test1,ou=People,dc=example,dc=org
+service:
+  ldapPortNodePort: 30389
+  sslLdapPortNodePort: 30636
+  type: NodePort
+initTLSSecret:
+  tls_enabled: true
+  image:
+    registry: docker.io
+    repository: alpine/openssl
+    tag: latest
+    pullPolicy: IfNotPresent
+  secret: "myval-certs"

.bin/randomUser.ldif

@@ -0,0 +1,12 @@
+dn: cn=John Doe,dc=example,dc=org
+cn: John Doe
+gidnumber: 400
+givenname: John
+homedirectory: /home/users/jdoe
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: Doe
+uid: jdoe
+uidnumber: 9001
+userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==

.bin/simpleUser.ldif

@@ -0,0 +1,12 @@
+dn: cn=Jean Dupond,dc=example,dc=org
+cn: Jean Dupond
+gidnumber: 500
+givenname: Jean
+homedirectory: /home/users/jdupond
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: Dupond
+uid: jdupond
+uidnumber: 1000
+userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==

.bin/singleNode.yaml

@@ -1,14 +1,20 @@
 logLevel: debug
 env:
  LDAP_LOGLEVEL: "16640"
+# LDAP_LOGLEVEL: "-1"
  SYMAS_DEBUG: "true"
- SYMAS_SETUP_DEBUG: "false"
+ SYMAS_DEBUG_SETUP: "false"
 image:
   # From repository https://hub.docker.com/r/symas/openldap/
   repository: symas/openldap
-  tag: 2.6.6-debian-11
+#  repository: localhost:5001/openldap
+  tag: 2.6.8
+#  tag: test
   pullPolicy: Always
   pullSecrets: []
+global:
+  ldapDomain: "singlenode.org"
+  existingSecret: "my-super-secret"
 resources:
   limits:
     cpu: "128m"
@@ -21,12 +27,14 @@ ltb-passwd:
     hosts:
     - "ssl-ldap2.example"
 phpldapadmin:
-  ingress:
-    hosts:
-    - "phpldapadmin.example"
-customTLS:
   enabled: false
+  readinessProbe:
+    enabled: false
+  livenessProbe:
+    enabled: false
 service:
-  ldapPortNodePort: 30389
+  enableLdapPort: false
   sslLdapPortNodePort: 30636
   type: NodePort
+initTLSSecret:
+  tls_enabled: true