From 0c6101eadeeaa721b8f628bb5ff7a63b034f18e6 Mon Sep 17 00:00:00 2001 From: Michael Barz Date: Wed, 6 Dec 2023 17:02:46 +0100 Subject: [PATCH 1/5] add sharing config --- charts/ocis/templates/sharing/config.yaml | 15 +++++++++++++++ charts/ocis/templates/sharing/deployment.yaml | 19 ++++++++++++++++--- 2 files changed, 31 insertions(+), 3 deletions(-) create mode 100644 charts/ocis/templates/sharing/config.yaml diff --git a/charts/ocis/templates/sharing/config.yaml b/charts/ocis/templates/sharing/config.yaml new file mode 100644 index 000000000..7ec0376dc --- /dev/null +++ b/charts/ocis/templates/sharing/config.yaml @@ -0,0 +1,15 @@ +{{- include "ocis.basicServiceTemplates" (dict "scope" . "appName" "appNameSharing" "appNameSuffix" "") -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: sharing-banned-passwords + namespace: {{ template "ocis.namespace" . }} + labels: + {{- include "ocis.labels" . | nindent 4 }} +data: + sharing-banned-passwords.txt: |- + {{- with .Values.features.sharing.passwordPolicies.bannedPasswords -}} + {{- range . -}} + {{- . | nindent 4 }} + {{- end -}} + {{- end -}} diff --git a/charts/ocis/templates/sharing/deployment.yaml b/charts/ocis/templates/sharing/deployment.yaml index 7822dd7fe..64e19066e 100644 --- a/charts/ocis/templates/sharing/deployment.yaml +++ b/charts/ocis/templates/sharing/deployment.yaml @@ -78,9 +78,22 @@ spec: - name: SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD value: {{ .Values.features.sharing.publiclink.writeableShareMustHavePassword | quote }} - # TODO: does not exist currently. Probably should be there because we also have SHARING_PUBLIC_WRITEABLE_SHARE_MUST_HAVE_PASSWORD!? - # - name: SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD - # value: {{ .Values.features.sharing.publiclink.shareMustHavePassword | quote }} + - name: SHARING_PUBLIC_SHARE_MUST_HAVE_PASSWORD + value: {{ .Values.features.sharing.publiclink.shareMustHavePassword | quote }} + + # password policies + - name: SHARING_PASSWORD_POLICY_MIN_CHARACTERS + value: {{ .Values.features.sharing.passwordPolicies.minCharacters | quote }} + - name: SHARING_PASSWORD_POLICY_MIN_LOWERCASE_CHARACTERS + value: {{ .Values.features.sharing.passwordPolicies.minLowerCharacters | quote }} + - name: SHARING_PASSWORD_POLICY_MIN_UPPERCASE_CHARACTERS + value: {{ .Values.features.sharing.passwordPolicies.minUpperCharacters | quote }} + - name: SHARING_PASSWORD_POLICY_MIN_DIGITS + value: {{ .Values.features.sharing.passwordPolicies.minDigits | quote }} + - name: SHARING_PASSWORD_POLICY_MIN_SPECIAL_CHARACTERS + value: {{ .Values.features.sharing.passwordPolicies.minSpecialCharacters | quote }} + - name: SHARING_PASSWORD_POLICY_BANNED_PASSWORDS_LIST + value: /etc/ocis/sharing-banned-passwords.txt # user sharing - name: SHARING_USER_DRIVER From f362c97b23581ee7e7e769d3cf90cf679829ce53 Mon Sep 17 00:00:00 2001 From: Dennis Sieben Date: Thu, 7 Dec 2023 15:04:03 +0100 Subject: [PATCH 2/5] - added configMap mounts --- charts/ocis/templates/sharing/deployment.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/charts/ocis/templates/sharing/deployment.yaml b/charts/ocis/templates/sharing/deployment.yaml index 64e19066e..ae5dc6a9c 100644 --- a/charts/ocis/templates/sharing/deployment.yaml +++ b/charts/ocis/templates/sharing/deployment.yaml @@ -141,6 +141,8 @@ spec: - name: messaging-system-ca mountPath: /etc/ocis/messaging-system-ca readOnly: true + - name: configs + mountPath: /etc/ocis {{- include "ocis.imagePullSecrets" $ | nindent 6 }} volumes: @@ -155,3 +157,6 @@ spec: {{ else }} emptyDir: {} {{ end }} + - name: configs + configMap: + name: sharing-banned-passwords From 1d38363b3358545c7d3e683762a099704dd2ac8e Mon Sep 17 00:00:00 2001 From: Dennis Sieben Date: Thu, 7 Dec 2023 17:33:32 +0100 Subject: [PATCH 3/5] - removed doubled /etc/ocis --- charts/ocis/templates/sharing/deployment.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/ocis/templates/sharing/deployment.yaml b/charts/ocis/templates/sharing/deployment.yaml index ae5dc6a9c..2dc91da24 100644 --- a/charts/ocis/templates/sharing/deployment.yaml +++ b/charts/ocis/templates/sharing/deployment.yaml @@ -136,8 +136,6 @@ spec: volumeMounts: - name: tmp-volume mountPath: /tmp - - name: ocis-config-tmp - mountPath: /etc/ocis # we mount that volume only to apply fsGroup to that path - name: messaging-system-ca mountPath: /etc/ocis/messaging-system-ca readOnly: true From af8882c9c3c4813fb8630844c97b9cc259a5887a Mon Sep 17 00:00:00 2001 From: Dennis Sieben <102977884+d7oc@users.noreply.github.com> Date: Fri, 8 Dec 2023 10:24:48 +0100 Subject: [PATCH 4/5] Solution for double ConfigMaps (#448) * - added app name to ConfigMap to avoid name clash with frontend * use `sharing-banned-passwords-{{ .appName }}` also for the frontend service --------- Co-authored-by: Willy Kloucek --- charts/ocis/templates/frontend/config.yaml | 2 +- charts/ocis/templates/frontend/deployment.yaml | 2 +- charts/ocis/templates/sharing/config.yaml | 2 +- charts/ocis/templates/sharing/deployment.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/ocis/templates/frontend/config.yaml b/charts/ocis/templates/frontend/config.yaml index f591ff453..23fd93a15 100644 --- a/charts/ocis/templates/frontend/config.yaml +++ b/charts/ocis/templates/frontend/config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: sharing-banned-passwords + name: sharing-banned-passwords-{{ .appName }} namespace: {{ template "ocis.namespace" . }} labels: {{- include "ocis.labels" . | nindent 4 }} diff --git a/charts/ocis/templates/frontend/deployment.yaml b/charts/ocis/templates/frontend/deployment.yaml index d0f9f78ae..88c1ccfd5 100644 --- a/charts/ocis/templates/frontend/deployment.yaml +++ b/charts/ocis/templates/frontend/deployment.yaml @@ -189,4 +189,4 @@ spec: emptyDir: {} - name: configs configMap: - name: sharing-banned-passwords + name: sharing-banned-passwords-{{ .appName }} diff --git a/charts/ocis/templates/sharing/config.yaml b/charts/ocis/templates/sharing/config.yaml index 7ec0376dc..9019362cd 100644 --- a/charts/ocis/templates/sharing/config.yaml +++ b/charts/ocis/templates/sharing/config.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: sharing-banned-passwords + name: sharing-banned-passwords-{{ .appName }} namespace: {{ template "ocis.namespace" . }} labels: {{- include "ocis.labels" . | nindent 4 }} diff --git a/charts/ocis/templates/sharing/deployment.yaml b/charts/ocis/templates/sharing/deployment.yaml index 2dc91da24..d59a06cce 100644 --- a/charts/ocis/templates/sharing/deployment.yaml +++ b/charts/ocis/templates/sharing/deployment.yaml @@ -157,4 +157,4 @@ spec: {{ end }} - name: configs configMap: - name: sharing-banned-passwords + name: sharing-banned-passwords-{{ .appName }} From d972ab88a26484d897a100b9a7c9d6f88df8fb2c Mon Sep 17 00:00:00 2001 From: Willy Kloucek Date: Mon, 11 Dec 2023 09:22:25 +0100 Subject: [PATCH 5/5] switch to 5.0.0-alpha.6 --- charts/ocis/Chart.yaml | 2 +- charts/ocis/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/ocis/Chart.yaml b/charts/ocis/Chart.yaml index f3d3f34c2..4c4f9afff 100644 --- a/charts/ocis/Chart.yaml +++ b/charts/ocis/Chart.yaml @@ -10,7 +10,7 @@ maintainers: url: https://owncloud.com type: application version: 0.5.0 -appVersion: 5.0.0-alpha.5 +appVersion: 5.0.0-alpha.6 kubeVersion: "" # please see https://doc.owncloud.com/ocis/next/deployment/container/orchestration/orchestration.html#get-the-chart for compatible Kubernetes versions sources: - https://github.com/owncloud/ocis-charts diff --git a/charts/ocis/README.md b/charts/ocis/README.md index 9fe3f1cf4..2ddd921f0 100644 --- a/charts/ocis/README.md +++ b/charts/ocis/README.md @@ -2,7 +2,7 @@ [comment]: # (DONT EDIT THIS FILE, it is autogenerated. Instead you need to edit README.md.gotmpl) # ownCloud Infinite Scale (oCIS) Helm chart -![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0-alpha.5](https://img.shields.io/badge/AppVersion-5.0.0--alpha.5-informational?style=flat-square) +![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.0.0-alpha.6](https://img.shields.io/badge/AppVersion-5.0.0--alpha.6-informational?style=flat-square) Installs [ownCloud Infinite Scale](https://doc.owncloud.com/ocis/next/).