Rewrite init script #178

Merged

justusbunsi merged 1 commits from refs/pull/178/head into master 2021-06-29 20:09:16 +00:00

Conversation 7 Commits 1 Files Changed 2 +11

justusbunsi commented 2021-06-12 18:32:57 +00:00 (Migrated from gitea.com)

Copy Link

These changes rewrite the init script to be error aware, informative and have a bit more security awareness.

During rewrite several hidden bugs could be identified and fixed, such as:

• LDAP configuration options interpreted by the shell before passed to command
• Finding multiple ldap ids instead of one during lookup when their names are almost identical
  e.g. _my-ldap-auth and my-ldap-auth
• Properly filter auth sources by their types to prevent unintended type converting attempts that fail

In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution.

Helps for: #149

These changes rewrite the init script to be error aware, informative and have a bit more security awareness. During rewrite several hidden bugs could be identified and fixed, such as: - LDAP configuration options interpreted by the shell before passed to command - Finding multiple ldap ids instead of one during lookup when their names are almost identical e.g. `_my-ldap-auth` and `my-ldap-auth` - Properly filter auth sources by their types to prevent unintended type converting attempts that fail In addition to that the script is a bit cleaner. Some commands do not exist anymore and would cause false-positive errors during script execution. Helps for: #149

justusbunsi commented 2021-06-12 18:35:51 +00:00 (Migrated from gitea.com)

Copy Link

I've tested all changes for every possibility I could think of (probably not all ?). Even switching between both available images (root, rootless) to verify interoperability.

Some things (not really related to my changes) didn't work (properly):

Using not-active, skip-tls-verify, allow-deactivate-all, synchronize-users and attributes-in-bind for LDAP configuration. They are boolean values and would be passed like --not-active '' which breaks the command for some reason.
Same for use-custom-urls for OAuth command. (Edit: incorrect statement)

Should I open separate issues for this or do we fix boolean option passing in this PR as well since they would break the init script? (Edit: Yes, fix in this PR as well.)

I've tested all changes for every possibility I could think of (probably not all ?). Even switching between both available images (root, rootless) to verify interoperability. Some things (not really related to my changes) didn't work (properly): Using _not-active_, _skip-tls-verify_, _allow-deactivate-all_, _synchronize-users_ and _attributes-in-bind_ for LDAP configuration. They are boolean values and would be passed like `--not-active ''` which breaks the command for some reason. ~~Same for `use-custom-urls` for OAuth command.~~ (Edit: incorrect statement) ~~Should I open separate issues for this or do we fix boolean option passing in this PR as well since they would break the init script?~~ (Edit: Yes, fix in this PR as well.)

justusbunsi (Migrated from gitea.com) reviewed 2021-06-12 18:37:38 +00:00

justusbunsi commented 2021-06-14 17:06:40 +00:00 (Migrated from gitea.com)

Copy Link

I just re-read the issue #149 and am sure that this PR will not fully fix it. The repeated failure on init container due to unavailable db is done and the script is more verbose. But right now no credentials are used for the db check.

I just re-read the issue #149 and am sure that this PR will not fully fix it. The repeated failure on init container due to unavailable db is done and the script is more verbose. But right now no credentials are used for the db check.

luhahn commented 2021-06-15 20:30:17 +00:00 (Migrated from gitea.com)

Copy Link

really like what you did here, will test this in a few days

really like what you did here, will test this in a few days

luhahn (Migrated from gitea.com) approved these changes 2021-06-29 08:22:34 +00:00

luhahn (Migrated from gitea.com) left a comment

Copy Link

Tested this PR in different clusters, with existing PVCs and new PVCs.
Looks good :)

Tested this PR in different clusters, with existing PVCs and new PVCs. Looks good :)

justusbunsi commented 2021-06-29 18:50:58 +00:00 (Migrated from gitea.com)

Copy Link

@luhahn Done. Ready for another review.

@luhahn Done. Ready for another review.

techknowlogick (Migrated from gitea.com) approved these changes 2021-06-29 20:09:08 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

luhahn

techknowlogick

Labels

Clear labels

has/backport

in progress

invalid

kind/breaking

kind/bug

kind/build

kind/dependency

kind/deployment

kind/docs

kind/enhancement

kind/feature

kind/lint

kind/proposal

kind/question

kind/refactor

kind/security

kind/testing

kind/translation

kind/ui

need/backport

priority/critical

priority/low

priority/maybe

priority/medium

reviewed/duplicate

reviewed/invalid

reviewed/wontfix

skip-changelog

status/blocked

status/needs-feedback

status/needs-reviews

status/wip

upstream/gitea

upstream/other

No Label

kind/enhancement

kind/refactor

Milestone

No items

No Milestone Release 4.0.0

Projects

Clear projects

No project

Assignees

Clear assignees

lunny

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: lunny/helm-chart#178

No description provided.